Hacker News new | ask | show | jobs
by dragontamer 1990 days ago
IANAL, but... I expect the hackers to be subject to federal crimes.

As I discussed elsewhere: opening mail addressed to someone else is a federal crime, because mail has an expectation of privacy. It doesn't matter how easy it is to open an envelope, all that legally matters is the assumed intent.

If one party clearly wanted a message to be private, it is illegal to open that message.

------

In contrast, a Postcard has no expectation of privacy. And therefore, it is perfectly legal to read a postcard.
3 comments
nwsm 1990 days ago
Were these posts private? I've never been on Parler so I have no idea, but I'm not reading anything that suggests they were direct messages or "private" accounts making the posts.
link
dragontamer 1990 days ago
They were marked "deleted".

Which means the privacy question is a bit ambiguous. They were public at one point, but at the time they were leaked out, they had a deleted flag and clearly were meant to be private.

IANAL, but I'd expect it to be illegal to grab data marked "deleted". If you were a few hours earlier and archived them before they were deleted, that probably would be legal.

link
gknoy 1990 days ago
If I walk up to someone's house and say, "Hey can I have a copy of the seventh book in the third drawer of your nightstand" (e.g. `/api/books/03/07`), and you say "Sure here you go", it seems like it should be hard to argue that you have any expectation of privacy (for things that you are giving out freely) -- even if that book was something like your diary. HTTP codes for denying access exist specifically for this reason.

Of course, the iteration of accounts that Weev was convicted of was nearly exactly this, so we know that this doesn't always hold true, but it really is baffling why.

link
webinvest 1989 days ago
> IANAL, but... I expect the hackers to be subject to federal crimes.

Only if they’re in the USA based on their IP address or online testimony.

link
inkeddeveloper 1990 days ago
if you're accessing a public api, you're not a hacker.
link
dragontamer 1990 days ago
A lot of web-infrastructure is public API these days. If someone misconfigures their S3 instances and allows the public to access it... accessing internal S3 data (despite being from a public API) is considered hacking IIRC.

The law doesn't care about how easy or hard it is to perform the hack. All it cares is about intent.

link