Hacker News new | past | comments | ask | show | jobs | submit login

I would hold both responsible quite happily and independently of each other. AT&T obviously did not heed the user's expectation of privacy in this case - they could've done so using a challenge-response authentication system with the response algorithm protected by DRM on the iPad - but in addition, Weev could reasonably be expected to understand that this was not supposed to be public data.

Additionally, the expectation of privacy, in my opinion, covers the data owners (the people who gave the company the data), not the company who is merely holding and processing the data. Although the US has rather messed up data laws compared to the EU, so I am not sure whether this would be true over there.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: