1. 20
  1.  

  2. 10

    Don’t leave unsecured public servers and then go blaming people when they access them. The fault here is squarely with people mismanaging the server.

    1. 7

      That article links to this one: http://www.cbc.ca/news/canada/nova-scotia/concerns-teen-being-railroaded-in-privacy-breach-to-cover-government-slip-1.4616972 …which, from my point of view in the USA, seems to take place in some sort of sincerer alternative reality…

      [Evan D’Entremont, software engineer,] said [that] what police and the province say is a crime in this case is something he’s done “a hundred times” himself.

      And

      [The] province says an employee found the problem by accidentally doing the same thing.

      He’s referring to using a script to slurp up all the documentID=1, documentID=2, ... documentID=7000 URLs from a server.

      1. 15

        Yes, well put. I remember when, in the US, we used to debate after every one of these cases whether what the person did was really wrong, and whether the entity whose lack of security was revealed should have any liability.

        That was, of course, a glitch in the general principle that the law protects the interests of capital. It was a historical anomaly that the discussion could happen at all. These days, the conversations are much shorter, and most of the cases never get publicized, because it’s already well-established that if you make a wealthy entity look bad in a way that involves computers, you’re going to jail.

        Sorry for the bleak tone. I know I’m exaggerating slightly, but I don’t have much hope on this topic anymore.

        1. 3

          You’re not exaggerating, but look at Canada and retain/regain hope!

          1. 2

            I’m a Canadian and we’re not any better in this regard.

            Not that it’s directly related, the person quoted in GP seems to be illegally calling themselves a software engineer. Which is obviously bogus, but Canadian law is bogus.

            1. 1

              I don’t want to rhetorically put the burden of saving the world on Canada… that would be abdicating the responsibility I still feel that everyone in the US has towards their own country. These struggles parallel each other, but they do have to proceed independently.

              1. 1

                I saw it as ‘if cyber law and environs is more or less maddening depending on locale, then maddening cyber law isn’t necessarily inevitable”.

                1. 1

                  That’s a totally fair view. :)

        2. 2

          law tag, since it’s a law issue.