The password was handed over under duress. Contracts signed under duress are legally invalid, so I would think that the implied permission given by the student under duress is also invalid.

There's no evidence that the student thought that what she posted was _private_. However, its reasonable to believe that only the people you've authorised to see to post are going to see the original post (doesn't stop one of those people copying and pasting it elsewhere though). I don't think it's reasonable to expect that someone is going to extract your password under duress to see a facebook post though (and the fact that they had to extract the password clearly shows that the post wasn't public...)

Well that depends. When you sign up to a commercial service then you agree to a contract, which usually includes a privacy policy. And in the case of Facebook, they include privacy controls. It is reasonable to expect the commercial service to comply with the contract to protect your data - and indeed, if they don't then you can sue them for any damages it causes.

Assuming you've given one or more other people permission to see the post, then you can't make any guarantees about what _they_ will do with it - nothing stopping them making a copy of the post and redistributing it (although this may be covered under copyright law). However, that is no different to sending that post to those people in any other way - doing it on facebook makes no difference. If you sent a hand written message to a bunch of people via the postal service, you're in the same boat - nothing stopping one of those people redistributing the message.

However, all of that is irrelevant - the school didn't get to see the post because the student was careless and put it somewhere public, the school got to see it because they performed an illegal search of somewhere the school would not normally have access to. Doesn't matter whether they illegally searched the student's facebook account, bag, home, etc., the result is the same.

If you don't use the hand brake to assist with your hill-starts, you will probably fail the driving test here in the UK. So when you say "it can be used in that fashion", what you really mean is "it should be used in that fashion", given that that is what a professional driving instructor will teach you to do.

Which further reenforces the point that a parking brake is pretty much worthless as an emergency backup for the primary brakes - its purpose is to hold the car stationary while parked and to assist with hill-starts. Furthermore, if your parking brake is not able to provide enough braking force to hold your car on a hill, your car is not roadworthy (it is one of the MoT checks - it is illegal to drive your car on a public road without passing the MoT).

All that said, every car I've driven with manual transmission since the introduction of electronic ignition has been able to hold itself on the clutch with no throttle input on all but the steepest hills, since the ECU will tend to automatically inject more fuel if the revs drop. So even without using the hand brake, I would expect to be able to hill-start without rolling back into the car behind.

I never figured out WTF was wrong with having a hand brake... A recent trip to Canada saw me having to use a torch to actually find the foot operated parking brake every time I needed to operate the damned thing!

ISTR that the idea of cockpit voice recorders was originally rejected because it was seen as an invasion of pilots' privacy. CVRs were eventually accepted after they were equipped with an erase button that the pilot would press at the end of a successful flight (although I assume modern CVRs don't have an erase button, and as it is non-trivial to play them back I guess the pilots aren't too worried these days). I imagine some people would have privacy concerns with being constantly recorded and that recording automatically transmitted to their employer. (But I will agree that it seems completely nuts for a modern digital CVR to be able to record for less time than the plane can fly on a tank of fuel)

Can you not see the difference between a member of the public happenning to see what you're doing while they're going about their own business, vs. you having all your activities recorded, stored indefinitely and automatically analysed?

I don't buy the "people use $foo instead of Office because $foo is free" - we've had plenty of free alternatives to office for years and whilest the likes of OpenOffice are used by indiciduals, they seem rarely used by schools and businesses.

In fact, I can cite a couple of examples: a (teacher) friend of mine started using OpenOffice to teach kids how to use a word processor. His reason was that the community he works in is pretty poor and running OpenOffice on some old hardware is more within the financial grasp of those families. Once the local authority found out about it he was very quickly made to stop and use MS Office instead. (One wonders *why* he was made to stop - you could suggest that it was just jobsworths not wanting anyone to do anything "non-standard". Cynically I suspect the authority get a cut of MS licence fees and didn't liek the idea of losing that money).

A second example: the utterly pointless "european computer driving licence" doesn't actually mandate any specific software. However, the exam boards do: most of the "computer driving licence" courses *require* the students to be using Exchange (and I've seen a number of schools migrate from perfectly functional non-Microsoft mail systems to Exchange simply because that course requires it).

My personal opinion is that if any kind of IT course requires people to use a *specific* piece of software, rather than simply any software with certain capabilities, then there's something terribly wrong with the course. I don't think its any good for society to teach people by rote how to use a specific bit of software rather than giving them the skills to figure out any bit of software that is put in front of them.

In a world where criminals get free life extension while the rest of us are left to die after a normal life, I can see a lot of people committing crimes towards the end of their natural life... (A few years locked up sounds preferable to nonexistance to me)

A patent holder can sue *anyone* who's using their patent. Whether that be the company who implemented the infringing device, the company bundling that infringing device into their product, the company reselling that product, or the consumer of the product. Apple have chosen to sue Samsung, presumably because they think they stand more chance of getting what they want by doing that. They could equally sue Google, the local supermarket who are reselling the phones, or you - the end user of the phone.

Valid or not, if the patenter can threaten you with it until you have to spend millions or billions in patent lawyer fees to get it _declared_ invalid by a court then that's pretty good protection in its own right.

The original iPhone wasn't exactly running "real apps" - it ran a fixed set of software that Apple shipped with it. There was no iTunes store, no third party software. Official support for third party software only came around after people started rooting the devices in order to write software for them. Conversely, the likes of Symbian, PalmOS, etc. were doing third party apps *years* before the iPhone appeared - I certainly wouldn't have called the original iPhone a "smartphone" since it lacked most of the features that made Smartphones Smartphones. Also, at the time the iPhone was being developed, a number of other vendors were developing similar devices - Apple just happened to get to market slightly before everyone else and did their usual job at marketing (Apple are *really* good at marketing).

So really, the current line of phones is pretty much a natural progression. Patenting a natural progression of technology just because you happened to sell first what everyone else already had in the works seems pretty bogus.

If you participate in a BYOD scheme then you can expect the network owner to take steps to keep their network secure (whether you're at a school or an employer). This may well include installing certificates so that they can filter web content for malware, etc. If you don't like it, then don't agree to the BYOD scheme and use your own internet connection.

I also struggle to believe that the school didn't have an internet usage policy that would have been signed by either the student or their parents (if they were a minor), which would have said that the school reserves the right to monitor the internet traffic.

You won't get a simple ssh session out through an intercepting proxy. However, you're missing the point here - this isn't about implementing a system that can't be circumvented (this is impossible) - it is about implementing a system that automatically filters _normal_ traffic without breaking too much stuff (whether that filtering be for malware or porn or whatever). Circumventing these systems is always possible, and when staff find a student has gone to lengths to circumvent these systems then they will discipline the student for breaking the internet usage policy.

Also, when Little Johnny came into school with a Playboy, that was clearly not the school's fault. If the school is providing internet access without any kind of filtering then that is seen as the school's fault when the kids start downloading porn over it. (Kids downloading porn over their personal 3G connections in school time is another matter).

In the submitter's case, he's talking about BYOD where the kids are going to be using their own devices (phones, tablets, etc) rather than classroom computers and are therefore going to be doing it in situations where there is no teacher supervision, so the whole "pay attention to what the kids are doing when they're using the Internet" thing isn't going to work unless you employ a *lot* of teachers and ensure they keep all the kids in sight at all times, or you cut off Internet access for the kids most of the day (which I would argue is counterproductive).

And that's ignoring stuff like virus scanning, work to prevent e-bullying, etc.

It used to be that *most* web sites were unencrypted and you could get away with just blocking all but a few encrypted websites. The tide has turned and now there are a huge number of encrypted sites that need to be allowed. It's unfeasible to whitelist all those sites and provide no further filtering on them, so intercepting SSL streams is the future, I'm afraid.

Sounds counterproductive to me. The world we live in today requires people to know how to use the internet in their day to day lives, both for work and pleasure. If you refuse to let people use this valuable resource except for the 1-2 hours a week where they have an IT lesson then you're really screwing with their education. Its pretty much the equivalent of banning people from reading books outside of English lessons for fear that they might read something a bit too "explicit" - the answer, of course, is to ensure there are no explicit books in the school library, not ban reading altogether.

(Disclaimer: I run a business that provides web filtering systems for schools)

In fact, SSL is becoming quite common place on a lot of sites where you'd traditionally not consider security to be a big deal. For example, Google does searches over https(*). For a long time we resisted intercepting HTTPS streams, instead choosing to only whitelist certain sites. However, over the last few years, the number of sites using HTTPS has massively increased, and it's simply not feasible to allow them all through without any kind of automated content inspection. So these days, our filtering systems do perform a MITM attack on all HTTPS sites that aren't whitelisted - as far as we're concerned, there's no other way to reliably filter web traffic now.

I should take this opportunity to point out that I'm specifically talking about schools, where there is a need for some amount of filtering. I'm of the opinion that performing any kind of web filtering in a normal workplace is counter productive: you'll end up blocking stuff your employees need to access in order to do their jobs, you'll end up pissing your employees off and at the end of the day, if your employees aren't responsible adults, why the hell are you employing them?

(* Google HTTPS searches can be disabled on a network-wide basis; although it could be argued that MITMing these connections at the proxy is better than disabling encryption entirely since the MITM method only introduces one weak point instead of weakening the entire path).

Who you gonna sue if the company has been wound up? Hell, even if they had said "we insure these funds", you still can't do much if the company has gone. The only sensible thing to trust is if they said "we have a *third party* insure these funds for you", so their bankruptcey doesn't absolve the third party of paying out your insurance money.

1. Steal currency
2. Convert into another currency
3. Time passes
4. People realise that a theft has occurred
5. Currency devalues
6. Theives don't care because they already cashed out in (2).