Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment "infinitesimally precise location data " my arse (Score 1) 104

Everyone knows that a GPS like TomTom doesn't rely on the GPS coordinates it's given. Instead it assumes that it is on a road, assuming slightly stronger that it is on the road it's supposed to be on than on a nearby road, and corrects it's position.

A TomTom would not be able to recognise for example that you are driving on the wrong side of the motorway. It would find your rough position (GPS is "rough" with an error of a few meters if you're lucky), detects your motion vector, the figures out the location on its map where you are most likely to be.

Comment Re:confusion about self-incrimination (Score 1) 230

I think that is what has actually happened in court cases: If the police doesn't have actual evidence that you know the password, then giving the password is quite obviously proof that you know it. And if the fact that you know the password is incriminating evidence, then giving the password is self incriminating.

On the other hand, if the police has evidence that the computer or phone is yours, and that you have repeatedly used the password to unlock it, then giving the password is not self incriminating.

Comment Re:just $1067.76 in damages? (Score 1) 115

$1067.76 per copy sounds a bit low compared to the typical damages per copied mp3.

That's because the law about statutory damages leads to strange consequences.

Statutory damages are up to $150,000 _per infringed work_. If you make one copy of a CD with 20 songs illegally, that's 20 infringed works - up to $3,000,000 damages for ocpying a CD, which is ridiculous. If you make 10 million copies of a CD with 20 songs illegally and sell them, that's 20 infringed works. $3,000,000 for 10 million CDs sold, not bad. If you make 500,000 copies as is claimed here for software that is sold for $1076 per copy, that's _one_ infringed work. $150,000 maximum instead of buying the software for $500 million total, that's a bargain.

Comment Re:A question of definitions? (Score 4, Insightful) 165

Uh.. you'd have a pretty hard time arguing I wasn't authorized to enter your home if you gave me a key. By virtue of giving me the key you've authorized me to enter your home.

Absolutely not. I can give my neighbours my house keys when I go on holiday, so they can enter if there is an emergency. That doesn't give them authority to enter without reason. I had my neighbour's key with authorisation to enter the kitchen to feed the cats while she was on holiday; that didn't give me authorisation to enter her living room or bedroom.

If you are renting, the landlord may have a key, the caretaker may have a key, they both have no authority to enter your home in most situations.

Comment Re:A question of definitions? (Score 1) 165

No. If 1) your company IT policy strictly prohibits sharing your password with anyone, including IT support staff (like many policies do), and 2) you access a database using a co-worker's credentials, then it should be crystal clear to you that this access is unauthorized.

Sorry, but if you are authorized to access the computer, and you were stupid and forgot the password, then you are still authorised to access the computer. And using a co-workers password wouldn't take that authorisation away. It's correct that it doesn't give you authorisation either. The authorisation comes from elsewhere.

Comment Re:No one (Score 2) 165

Considering he wasn't an employee anymore, it doesn't really matter.

Of course it matters. We know the person in question committed crimes (stealing trade secrets), the question is whether charges of "computer hacking" aka unauthorized access to a computer with the intent blah blah blah can be added to the charges.

The same thing with authorized access would have still been "stealing trade secrets" but without the additional charge.

Comment Re:A question of definitions? (Score 1) 165

What about an anonymous FTP server? It could be argued it's like an open restaurant, or it could be argued it's like a private home with the door left open, so if you apply the "trespassing" analogy it's not clear at all whether you are "authorized" or not.

The arguing what it's like would be pointless. What counts is whether you have authorisation or not. And whether you have authorisation would depend on the circumstances. For example, if you went to Apple's website and found a page titled "Downloads" you would be authorised. If you found a page titled "Downloads - Employees only" you wouldn't be authorised if you are not an employee.

Comment Re:'Unauthorized Access' Is Too Broad (Score 2) 165

Many websites have in their EULA somewhere that using someone else's account is prohibited, or that signing up for a second account, or new account if you've been banned, are prohibited. Doing any of these prohibited things could be legally considered 'unauthorized access', even for a normally public website that anyone is welcome to use (Facebook etc.)

Read the court decision. These things could be considered "unauthorised access" by the company, but not legally by the court.

Comment Re:Whose authorization? (Score 1) 165

What I worry about with laws like this is where they end. It's fairly common to password-share between employees to get some damn work done, and it's not unheard of to share social site passwords, and I don't think we want these cases to be against the CFAA.

You should read the court decision, and it is might quite clear. First, it's not just unauthorised access, it's unauthorised access plus causing some kind of damage. So the employees trying to get their job done are fine. (Legally. If the employer made absolutely clear that no passwords are to be shared under any circumstances then they could be fired). The same would apply to the social site password. And violating the terms of service of a website doesn't make access unauthorized.

Likewise, the court decision also explains things about "exceeding authorisation". Say a bank manager has authorisation to access the bank's computer to give loans to people. And he gives himself a $1,000,000 loan, repayable at $1 a week. He is surely exceeding his authorisation to give loans, but he isn't exceeding his authorisation to access the computer. He uses his authorised access to the computer to commit what is likely a crime; that doesn't make the computer access unauthorised.

Comment Re:So... (Score 2) 165

Sharing a password is a federal crime for you or I.

As the court made clear, no, if by sharing you mean "handing over your password to an unauthorised outsider". It may get you fired, but it is not a crime.

Being given a shared password doesn't give you authorisation. Not when the person giving you the password didn't want to give you authorisation, or didn't have the authority to give you authorisation. Using a shared password to gain unauthorised access can of course be a federal crime. Any means to gain unauthorised access can be a federal crime.

Comment Re:A question of definitions? (Score 1) 165

Couldn't one argue that authorization was granted by the database when a valid login/password pair was provided?

One could argue so, but one would be laughed out of court. Databases are not authorities who can give or deny authorisation. They are not people, they are not employees of the company, and they are not employees high enough up the ladder in the company to give or take away authorisation.

Comment Obvious to most people (Score 4, Insightful) 165

A password doesn't give you authorisation. You get authorisation from your boss, or from your company, to access a computer to do your job. A password is only a means to help keeping unauthorised people out.

If you lose your job, or your position where you need to access the computer, you lost the authorisation. If the company forgets to remove your password, or you find someone else's password, or a password is shared with you, that doesn't give you authorisation. In this case, everything is absolutely clear.

Where this law is abused in some cases is in situations where someone had the authority to access the computer, but abused the authority to commit a crime. Say a bank manager with authorisation to access computers moving money into his own bank account, or a police officer with access to a license plate database abusing his position by finding out the address of his ex's new boyfriend. That's when authorities try to add "computer hacking" to the list of crimes.

Comment Re:FUD (Score 1) 197

Fear Uncertainty Doubt The campaign to turn people's opinion has started. It seems that the good people of Britain took by surprise some very powerful goups.

It also took by surprise the likes of lying coward Boris Johnson and lying Gove. These two shit stirrers wanted to gain political points by getting the government in trouble. They were shitting themselves when their campaign was more successful when they thought. They were shitting themselves even more when Cameron stepped back and said "you got us into this shit, now you try to get out of it".

Slashdot Top Deals

I had the rare misfortune of being one of the first people to try and implement a PL/1 compiler. -- T. Cheatham