[tptacek]

She committed a crime. This wasn't a civil suit.

Once again we see the phenomenon where technology makes everything easier, including criminal acts, resulting in shock and dismay when the consequences and penalties of those acts are not themselves mitigated by technology.

[Natsu]

Yes, she did, but I can't say that it merits 6 months in jail.

Charging $193,000 for what someone here estimated was about 90GB of data is, itself, highway robbery. But that's Telstra's fault, not the power company's.

[tptacek]

It might be highway robbery in the service model of iPhones downloading movies. That doesn't make it highway robbery in the context of access cards provisioned within the requirements and fee structure of a utility smart meter deployment. It does not all add up to the same thing.

[usedtolurk]

90GB of data was stolen - nobody is defending that. Some of us have trouble believing that 90GB of data is actually worth the $193,000 as determined by the Telstra contract.

The actual "damage" seems pretty small when compared to crimes which carry similar sentences. If Telstra had a fairer billing system, then a more appropriate sentence would have been more likely.

[georgieporgie]

You're right, it probably adds up to less. A utility company's meter likely doesn't demand the low latency that an iPhone user does. So, it's probably not even worth $80.

[tungwaiyip]

I agree. This is robbery! Completely anti-consumer! No sensible consumer or business could have pay this kind of service charge. Telstra could have easily block access to any individual with excessive network activity. The judge should reject this bill and ask arbitrator to come up with reasonable payment plan. Automatically upgrade her to unlimited plan and then add a small penalty should be a reasonable resolution.

Law maker should ban telco from excessive charge, say more than $1000 a month, unless authorized by the customer.

[tptacek]

Basically what you're saying is that Telstra should come up with a product to support people who steal the SIM cards out of utility smart meters.

[nagrom]

And what you are saying is that there is no possibility that such a feature network-wide (Email to main account holder: "Your phone bill has risen above $1,000 this month. Please make sure that this is not accidental.") would be useful to anyone else, ever.

Which is funny, because it's more or less standard in the UK, and most of the EU.

[tptacek]

What phone? The devices being billed aren't phones. There are no "phone bills" involved here.

[Natsu]

As far as the phone company is concerned, I'm sure that they can break the charges down by SIM. They'd never have discovered which person was the culprit if they couldn't do that, after all.

[nagrom]

I cannot help but think that you are willfully misinterpreting my comment.

Substitute 'account' for 'phone' if you like. They can obviously break it down by SIM because otherwise they couldn't figure that this woman 'caused' these charges, right?

[hboon]

This reminds me of a little adventure when I travelled to Malaysia for a sales call. It was terrible but funny (it involved a business partner dropping my USB HSDPA modem into his glass of water). A subplot of it was I let him use my modem while roaming. In the same afternoon, while I was having tea (I mean a meeting/discussion), I got a call from my carrier, on my main cell phone number, who asked if I was the one who used the service in the morning. I said yes and I asked how much it was. The answer was in the range of US$400.

I suppose they would have offered to suspend the line immediately if I had said no.

[Natsu]

This sort of thing also happens to people who do not steal SIM cards. It is all too common, sadly:

http://abclocal.go.com/wjrt/story?section=news/bizarre&i...

$22,000 bill because son's data use wasn't covered in family cell phone plan.

http://www.switched.com/2007/12/14/man-gets-slapped-with-85-...

$85,000 phone bill. "It turns out that he was being charged on a per-kilobyte basis because his unlimited browsing plan didn't cover using the phone as a modem. As a "goodwill" gesture, Bell Mobility has dropped the bill to measly $3,243."

Finally, here's one from Telstra:

http://www.blackberryforums.com.au/forums/general-bis-discus...

"I have recently signed my BB 8800 up on a Telstra $39.95/mth plan which I understood was for unlimited email and internet browsing. I got the shock of my life when I checked my data usage online and saw a bill for $250+ after only a couple of days. On examining further I note that I have not been charged for blackberry.net connections but heavily charged for wap.telstra."

[tptacek]

I do not accept the notion that these are remotely comparable situations.

I agree with you that b2c MNO fee structures are predatory.

I do not agree that the fee structure arranged between two giant corporations can be described as "predatory" when it happens to bite the ass of someone who breaks into their network and uses it to steal connectivity.

[Natsu]

> I do not accept the notion that these are remotely comparable situations.

So you don't think that the power company got screwed here? We both know that it's unlikely that some random woman is going to be able to pay back a sum like that.

Would it really be so reasonable to expect the phone company to do something to at least warn people, whether businesses or private citizens, who are suddenly racking up over a hundred thousand dollars in charges from one phone so that they can do something about the bill?

[usedtolurk]

In Australia, all the mobile phone and data plans have massive penalties for exceeding your quota by even small amounts. My provider (and I suspect, all the others) deliberately obfiscates both the billing details and the plan rules to make it practically impossible to see how close to your limit your are.

To avoid crippling surprises, people to upgrade to plans they really don't need.

In the banking industry, banks are not allowed to profit from penalty fees (just recoup their losses). I think a similar approach in telecoms would be a good thing.

[tungwaiyip]

I say is telecom should not be allow to gouge consumers. They should not charge consumer an amount that is clearly not agreed upon.

If you have misconfigured an app on your phone and it run up $10,000 network charge in month. Will you hand over your $10,000 to the phone company? Do you think this is a fair charge?

Cap the telco off how much they can charge unless authorized. I think this is most fair for both party. Telco can cut off access, but no to gouge consumer.

[tptacek]

The person who rips the SIM card out of their smart meter and uses to download stuff off the Internet isn't a consumer.

[Natsu]

Indeed. They're talking about informing the power company that someone is misusing one of their SIMs.

You know, so that they can discover the theft a bit faster than they did in this case, where it took them from November 19, 2009 until February 9, 2010. A lot less would have been stolen from the power company were that the case.

[tungwaiyip]

tptacek, in the scenario that I've construct, if you misconfigured an app that result in an astronomical bill, we you pay it without contest? Will you do it if you have to sell your house to pay off the phone company?

[stoney]

Maybe highway robbery, but pretty standard in Australia - mobile phones are expensive here. As someone pointed out in another comment, Telstra's standard price for off plan data is $2/Mb (for a consumer mobile, not a b2b contract which is presumably what the power company had). For 90Gb of data that works out at $180,000, so pretty consistent with the reported cost.

[Natsu]

Indeed. In spite of living on roughly the other side of the planet from them, I've heard many complaints about Telstra.

[samwise]

Let me pose this question.

If the damages were $2 and not $200,000 would you still think an 18 month sentence is justified ?

I would guess that most people would think not.

So the true cost of the damage is a significant factor in assessing the appropriate punishment

[tptacek]

I don't understand this argument. Neither 1 day nor 10,000 days in jail repays damages to the utility; meanwhile, neither 1% nor 100% of damages serves society's goal of deterring crime. What is the point you are trying to make? That people should either be punished for crimes, or required to repay damages?

From what I can tell, virtually every crime against property has a process for settling damages irrespective of the amount of time served in prison. "10-15 months in jail AND a fine not to exceed $50,000", and so on.

[_delirium]

The amount calculated as damages affects the kind of crime that it's categorized as though, which is why it's relevant. In the U.S. at least, if you cause $50 of damage, that's a different crime than if you cause $50,000 of damage, with different sentence ranges (same with theft, which has various categories based on dollar thresholds, and can actually switch it between a misdemeanor and felony).

That might not be the right way to do it, but it's the way it's currently done, anyway, which means that courts have to inquire into the "true" damages sustained in order to determine what crime the person should be charged with.

A solution could be not to take damages into account in cases like this, so the crime would just be "stealing a meter's SIM card and using it", which would be the same crime regardless of how much money that cost the utility.

[tptacek]

It doesn't look to me like the detention time involved here was computed from the damages. The two issues are orthogonal. We appear to agree on this point.

[ovi256]

They are not orthogonal. Amount of estimated damages differentiates between kinds of theft (petty larceny vs grand) and is pretty much directly used to calculate imprisonnement duration in hacking cases. Some 30000 USD/year, IIRC. That's why companies always inflate their damage reports. Severe abuse of justice for the defendant and the company risks pretty much nothing.

[tptacek]

Companies "always" inflate their damage reports... but in this instance, the number cited came directly from their upstream billing. Can you square that circle for me?

[nitrogen]

...meanwhile, neither 1% nor 100% of damages serves society's goal of deterring crime.

I would tend to disagree with this. Having to repay damages removes the benefit associated with the crime, so for ordinary sane people, it would act as a deterrent. In my opinion, jail is more appropriate for crimes where the criminal is likely to be an ongoing danger to society and no other option (probation, mandatory classes, etc.) would have the desired effect.

[archangel_one]

It's not much of a deterrent if you only pay the damages (assuming a reasonable definition of damages, which apparently doesn't exist here). You have a nonzero chance of getting away with the crime, in which case you don't pay - so your expected return for the crime is higher than for not committing it. This is exactly the kind of thing that higher deterrents are supposed to prevent.

[JoachimSchipper]

I can understand being surprised, though - I can see how one would expect $100-$1000 (in actual damages, not deterrence), not ~$200 000. Theft is still theft, of course, but technology is a surprisingly powerful lever.

[tptacek]

You're right, and I often sound like I'm blaming people for being surprised. People are right to be surprised. It's a reason, among many others, to be wary of the impact technology has on our life.

"Surprisingly powerful lever for criminality" is as good a summation of my thoughts on this as any I've heard; thanks!

[Jun8]

Your rational argument would better apply, I think, to a black-hat hacker (say geohot, not totally blackhat but is a recent example) rather than poor, uneducated woman with bipolar disorder with a history of abuse.

[tptacek]

That's a smokescreen. You will not find many people on HN who who think sentencing shouldn't be modified due to mitigating factors. I certainly don't think that.

But the arguments on this thread aren't only about going easy on someone simply because they're poor. They're also about how it's "highway robbery" for someone to go to jail and pay six figures for stealing a SIM card.

[Jun8]

I think everybody here agrees that she committed a crime. The discussion is whether the punishment is fair or not.

[tptacek]

I'm sorry, I wasn't clear. I was accusing the commenter upthread of framing this as if it was a civil matter.

[MarketingMuppet]

MAYBE an energy company shouldn't use unlocked 3G cards to insecurely transmit data and allow anyone who gets their hands on a card to rack up $200k? Just saying.