Hacker News new | past | comments | ask | show | jobs | submit login

The expectation of privacy covers the company, not the hacker who downloads the information. What differentiates hooking up an insecure, password-authentication-based system to the Internet, and leaving a plaintext copy of the data on a hard drive on a park bench somewhere? Holding companies responsible, and more responsible than hackers, would improve the state of computer security in short order (to everyone's benefit).



I would hold both responsible quite happily and independently of each other. AT&T obviously did not heed the user's expectation of privacy in this case - they could've done so using a challenge-response authentication system with the response algorithm protected by DRM on the iPad - but in addition, Weev could reasonably be expected to understand that this was not supposed to be public data.

Additionally, the expectation of privacy, in my opinion, covers the data owners (the people who gave the company the data), not the company who is merely holding and processing the data. Although the US has rather messed up data laws compared to the EU, so I am not sure whether this would be true over there.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: