@betterunix-- seriously? It's OK with you if they get your private data, no matter how they acquire it? Spoken like someone who has never had exposure of private data used as a THREAT... something weev is known for. If someone uses illegal means to obtain your private data, they can exploit/weaponize that acquisition without having to then use the private data to commit a different crime. (different from the crime -- usually fraud -- in how they obtained it).
Weev has taught many of us that acquiring your private data is enough to make you wonder when, exactly, he will decide to use it. Or in my case, to publish it and encourage the whole WORLD to use it. And don't get me started on medical records... If you honestly believe that acquiring private data shouldn't be illegal until it is used in a crime, you have obviously never been threatened with exposure from someone who did just that. (but again, I don't think this applies to the AT&T case) -- Kathy Sierra
Blackmail and harassment are both crimes, you know. If someone is threatening to expose your private data, it makes no difference how they acquired it -- it is a crime regardless of whether or not they were authorized to have it.
The problem with charging hackers for having information they are not supposed to have is that it takes the responsibility to keep data secure away from those who are entrusted with it. Take medical records as an example. Yes, we want them to be kept private, but that should be the responsibility of hospitals, doctors, etc. If some hacker downloads those files, the hospital should be punished for their failure to keep the files secure. If we want to believe that hackers are magicians and that any Internet-connected system can be compromised, don't connect systems with medical records to the Internet.
What is wrong with making it the responsibility of anyone who has private information to keep that information private? If a hacker downloads a hospital's records, I think it is fair to expect that hacker to keep those records private, and to prosecute the hacker if they are revealed to anyone for any reason (even if the hacker is himself a victim of another hacker).
People should not have to be afraid to run a web crawler out of their own house. Yes, a web crawler is going to find private information that was not properly secured. That should not make the person running the crawler a criminal.
Weev has taught many of us that acquiring your private data is enough to make you wonder when, exactly, he will decide to use it. Or in my case, to publish it and encourage the whole WORLD to use it. And don't get me started on medical records... If you honestly believe that acquiring private data shouldn't be illegal until it is used in a crime, you have obviously never been threatened with exposure from someone who did just that. (but again, I don't think this applies to the AT&T case) -- Kathy Sierra