|
|
|
|
|
|
by TheFinalDraw
2022 days ago
|
|
|
I get your points, but I disagree with your contention that the fact that all users of the system used a shared username and password doesn’t complicate the case. We’ve established that an IP address is not strong evidence for identifying an individual. IP address != authentication. What _could_ have established strong evidence tying the alleged unauthorized access to an individual’s identity would have been _actual_ authentication of the _specific_ user. But they don’t have that, either, since they shared one set of credentials. You said, “they have an IP address which points to a specific one of those users,” but that’s not actually the case. They have an IP address which has somehow been related to the accused (though how is unclear to me since you note above there’s no linkage of IP/customer/date) — maybe they know she sent an email from that IP address at some point around the time of alleged crimes. But in any case, without providing evidence that the IP address is _only_ associated with the accused, and _not_ with any others with similar opportunity and motive (for example, any others with access to the shared username and password who might want to access the data for similar reasons, or wanted to frame the accused for hacking and put an end to the her very public/politicized efforts), then they don’t really have strong evidence of anything - basically only enough _not_ to rule the accused out of the probably large pool of possible suspects. How many other current or former employees had access to the shared username and password? When were they last changed? How many others who _weren’t_ ever authorized to access the system but could have compromised/gained access to these credentials since then? How many times have they been written down and left on a sticky note in some public or semi-public place? Do they ever have controls in place to prevent guessing/brute forcing the credentials (with one login for shared between all users, automatic account lockouts or resets seems very unlikely). |
|
|
Well no, we haven't. There's one standard of evidence for conviction and another for a search warrant. You'd never get a conviction on that alone though.
> in any case, without providing evidence that the IP address is _only_ associated with the accused, and _not_ with any others with similar opportunity and motive
Because no other fired employee lives at her address? But that's not relevant because they got a warrant to search her address, not simply her person.
> I disagree with your contention that the fact that all users of the system used a shared username and password doesn’t complicate the case.
I do agree that it's not open and shut, but I don't think that the specific fact of the password being shared will complicate this case further.
Having the IP provides the linkage to her that is otherwise lacking because of the shared account.
> for example, any others with access to the shared username and password who might want to access the data for similar reasons, or wanted to frame the accused for hacking and put an end to the her very public/politicized efforts
There's even less evidence from which to come up with conspiracy theories than simply to blame the accused. Sure, it could have gone down in some complex and unlikely way, but why are we discussing zebras instead of horses?
And, any investigation of a conspiracy to frame her would necessarily start with the only clue - that the communication came from her IP.