The War On Computing: What Happens When Authorities Don't Understand Technology

from the here-we-go dept

The facts: AT&T admitted, at trial, that they “published” this data. Their words. Public-facing, programmatic accesses of APIs happen upwards of a trillion times per day. Twitter broke 13 billion on their API ages ago. This is something that happens more than the entire population of Earth, daily. The government has no problem with this up until you transform the output into something offensive to important people. People with “disruptive” startups, this is your fair warning: They are coming for you next.



The other one of my prosecutors, Zach Intrater, said that a comment I made about Goatse Security, my information security working group, starting a certification process to declare systems “goatse tight” was evidence of my intent to personally profit. For those not in on the joke: Goatse is an Internet meme referencing a man holding open his anus very widely. The mind reels.



I can’t survive like this. I am happy to be hitting a prison cell soon. They ruined my business. The feds get approval of who I can work for or with: they rejected one company because the CEO had a social network profile with an occupation listed as “hacker.” They prohibit me from touching any computer that isn’t federally monitored. I do my best to slang Perl code on an Android device to comply with my bail conditions. It isn’t pretty.

“It was Edouard Taza, the president of Skytech. He said that this was the second time they had seen me in their logs, and what I was doing was a cyber attack. I apologized, repeatedly, and explained that I was one of the people who discovered the vulnerability earlier that week and was just testing to make sure it was fixed. He told me that I could go to jail for six to twelve months for what I had just done and if I didn’t agree to meet with him and sign a non-disclosure agreement he was going to call the RCMP and have me arrested. So I signed the agreement.”

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

We've obviously been covering a lot about Aaron Swartz lately, but his case is really just one of many similar cases involving people in positions of authority who simply don't understand basic technology, butthat something must be illegal because they try to overlay an analog view on a digital world. In the Swartz case, Carmen Ortiz famously used the incredibly misguided and misleading "stealing is stealing" concept. However, as Cory Doctorow has been fond of pointing out lately, we're entering a war on general purpose computing, and this is just one battle front.Two other recent skirmishes show the same sorts of things happening in slightly different contexts. A few months ago, we wrote about the case of Andrew Auernheimer , the security researcher who's been convicted and likely to face a long period of time in jail for exposing a blatant security hole from AT&T that allowed him (and) to gather personal data on the owners of any iOS device. Remember, AT&T set up some stupid security, making all of this data public via its own API. Now about to be sentenced, Auernheimer was asked to write up a "statement of responsibility" for the court, and chose to do a blog post in which he calls out what a farce the whole situation is Meanwhile, up in Canada, there's been a fair bit of talk about how Dawson College computer science student Ahmed Al-Khabaz was expelled for discovering a security hole in a system used across many Canadian colleges to store personal data of students. In his case, part of the problem was that, after alerting people to the hole, he went back a few days later to run a script to see if they had closed the hole. This caused the company that managed the system to accuse him of criminal activity:Even with the signed agreement, Dawson expelled him. While Dawson stands by its decision, the company Skytech says that it's now offered to hire him part time Yes, in all three of these cases you can make a case that what the individual did went further than others would go. Some might call it discourteous. Swartz downloaded a lot more than the system intended, even though the network was open and the terms allowed for unlimited downloads. Auernheimer didn't just find the hole, but he scraped a bunch of data and sent some of it off to a reporter. Al-Khabaz didn't just find the security hole, but he also went back and probed the system again later. But, in the context of someone who lives in this kind of world and understands technology, all three represent. If the technology allows it,probe the system and see what comes out? It's the natural curiosity of a young and insightful mind, looking to see what information is there. When it's made available, how do youthen seek to access it?But there is a fundamental disconnect between an older, non-digital generation who doesn't get this. They think in terms of walls and locks, and clear delineations. The younger generation, the digital native, net savvy generation looks at all of this as information that is available and accessible. The limitation is merely what they can reach with their computer. But this isn't a bad thing -- this is how we discover new things and build and learn. Treating that asbehavior is insane and backwards. It's trying to apply an analog concept to a digital world, and then criminalizing exactly what the system allows and what we should be encouraging people to do -- to push the network, to explore, to learn and to access information.This is a culture clash, of sorts, but it represents a real problem, when we're criminalizing the most curious and adept computer savvy folks out there.

Filed Under: aaron swartz, access, ahmed al-khabaz, andrew auernheimer, apis, data, hacking, information, war on computing