Hacker News new | past | comments | ask | show | jobs | submit login

True when you say that there can be data left out in public by mistake without public access authorization. However it is not the responsibility of the accessing entity to preserve this data private.

An analogy is if your bank left your money easily accessible on a table in front of the bank without security. We are used to the idea of ownership, but this issue is a matter of blame. Here AT&T is the one to blame for the lack of security, not someone who saw that AT&T lacks security.

Back to the bank analogy, it is not the public's duty to guard your money for the bank. Nor should someone else be jailed for money literally left outside on the table.




This is, literally, an argument that if you stumble across a text file full of credit card numbers, expiration dates, and CVV codes, it should be lawful for you to put it up on Pastebin.


What law would cover that, some implied duty to help protect something that could be intended to be kept secret? I'm pretty sure that duty doesn't exist.


Wire fraud, for one. That's pretty much a textbook example of it.


Can you explain how Weev's acts reach wire fraud? I can see the wire, but the fraud eludes me.


I was referring to tptacek's statement:

"This is, literally, an argument that if you stumble across a text file full of credit card numbers, expiration dates, and CVV codes, it should be lawful for you to put it up on Pastebin."

Which, when carders are caught on forums doing the above, they are charged with wire fraud.

I agree with you completely that I don't think Weev's acts were wire fraud.


My impression is that the Pastebin'ed CC# example does not provide the charge, but evidence that helps prosecute the fraud through which they were acquired.


I'll walk back calling it a "textbook example" (because I suppose ultimately it's probably up to the quality of the lawyers involved), but the part of 18 USC 1343 that I think would be argued by the prosecution in the "pastebin cc numbers example" is:

"...or promises, transmits or causes to be transmitted by means of wire, radio, or television communication in interstate or foreign commerce, any writings, signs, signals, pictures, or sounds for the purpose of executing such scheme or artifice..."

I think the government would have a relatively easy time arguing that posting people's credit card information (specifically all the data necessary to make use of that person's funds) is a scheme for "obtaining money or property by means of false or fraudulent pretenses".

The defendant's attorney might argue that just posting the information isn't itself a scheme (in the same way that say, listing the home addresses of members of rival ethnic groups over the radio in Rwanda isn't an incitement to violence), but if I were that defendant, I wouldn't be sleeping easy.


OK, so how does it reach Weev again?


It doesn't. That wasn't the point.


I think that should be lawful, yes.

We already have laws to prosecute people who misuse credit card numbers for gain. Either attack the edge (ppl who use the cc nums for fraud) or the root (the people who posted them on the public web).


That analogy falls over, because in it weev actually saw the money and went over and took it. That'd be a crime off the bat.


Yeah but I was trying to show that the true problem was AT&T's negligence and not Weev pointing it out to the people. Probably not the most perfect analogy, but analogies have limits of expression.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: