[capableweb]

> So they're name dropping Google in the title for clickbait

No, Hutchinson found the documents by searching on Google for the meeting minutes. The website might have protected the place where you found the link to the meeting minutes, but the meeting minutes themselves were hosted in a directory that not only was publicly accessible if you had the URL, but also allowed Google's crawler to access it and store it.

There is a slippery slope here, either way (if he gets free or if he gets sentenced), but none the less, Google is relevant to the case.

[mattmanser]

Police statement from the article:

He was taken into custody and later released under investigation. Following a review of all available evidence, it was determined no offences had been committed and no further action was taken

So they already dropped it.

[jzb]

“already dropped it”

That doesn’t make it okay. Being taken into custody is something I’d consider an overreaction and frightening for a person to endure. They should’ve looked into it before moving to pick them up in the first place. If the shoe was on the other foot- an activist claiming a developer broke in to obtain info- I bet police would’ve done more research.

[filoleg]

>That doesn’t make it okay. Being taken into custody is something I’d consider an overreaction and frightening for a person to endure.

Fully agreed. And not just that, the law enforcement officers seized his personal devices (phone + laptop) for 4 weeks and went through them.

Note: I am not sure if both phone+laptop were taken away for 4 weeks, but the article states that both were seized at one point, and explicitly mentions that the laptop was held for 4 weeks before being returned.

[TechBro8615]

I don’t know mate, even if there is only the potential for a dangerous crime, we need to keep these criminals off our communication infrastructure until we know for certain. Perhaps a better idea is a public/private partnership between all the big search engines, social media companies and police organizations who want to join and can pay dues.

Information sharing between members of the federation would reduce crime and spread of violent content. For example, when Google links a visitor to a harmful website, they can ping the local police with basic metadata about that user (could reuse the code from GDPR export). Google can lend its AI to categorize the alerts so local police know to be on the lookout for e.g. support for “The Big Lie” or local militia groups.

This way, the officers can stay aware of any potential threats to the safety of the children in their town, but maintain the ability to act proportionally and in context. Continuing with the example of a violent Google search, the alert might be a “P0”, but the police live in the same community as the suspect. If they’re not familiar with the data subject yet, they can use the alert to get a warrant for more information from Google. Or maybe they know the alert is a false alarm because the suspect is actually a government worker researching misinformation networks, so they instruct the AI to ignore alerts like it in the future.

We need to be on alert. With the proliferation of encryption, protecting citizens from harmful and increasingly dangerous information has never been more critical.

[zaphod4prez]

A Modest Proposal indeed, and so commonsensical it's a wonder it hasn't been implemented already!

[lenkite]

Would you still hold this opinion if all your personal computing devices are held for multiple weeks based on any arbitrary allegation and the record of your false arrest is available to all future employers ?

[rualca]

> Would you still hold this opinion (...)

I'm sure the post reads as satire.

https://en.wikipedia.org/wiki/A_Modest_Proposal

[TechBro8615]

I’m delighted to learn this is a genre of writing that even exists. Perhaps there is hope for us after all.

[mattmanser]

I personally think it's fair enough, the company probably claimed it was secure, therefore he must have hacked them. The police reacted, but when he could show it clearly wasn't secure and exposed to the public, they dropped it. And hopefully gave the company a private ticking off about wasting police time.

In the UK, an arrest under reasonable suspicion gives them the right to search your property for evidence, and to be honest they had reasonable suspicion, he had private company documents.

It's not like that company can cry wolf again, the police will be far more skeptical next time of their claims, having dealt with them before.

[trhway]

>I personally think it's fair enough, the company claimed it was secure, therefore he hacked them. The police reacted, but when he could show it clearly

it is absolutely not fair. The fair would be if the company had to show before the arrest that it was minimally secure. I mean they for sure had the HTTP transaction in their own logs - like GET document, response 200. They couldn't have reasonably in good faith claim "secure" and "hacking". What the company did is bordering on the false police report, and it would be fair if there were a recourse for the falsely arrested to use against the company.

[mattmanser]

Firstly, all those logs can be easily falsified and you're got absolutely no clue at all what that company showed to the police to convince them.

So get off your extremely manufactured high horse.

Secondly, even if you could somehow wave a magic wand and know the logs were real, you're approaching this as an expert and not as a layman.

A crime was reported, it was followed up, an arrest was made (maybe that means something different in America? It's just an arrest). No charges were levied, now the company that reported it look like fools in national news.

They'll not be pulling this shit again.

[perl4ever]

>maybe that means something different in America? It's just an arrest

From what I see on Wikipedia, there is restricted access to someone's criminal record in the UK, but on the other hand, you can't get a complete version of your own record, and arrests may be obtainable by prospective employers in some circumstances.

"Arrests that do not lead to an official finding of guilt, i.e. a conviction or the acceptance of a caution, are not considered part of a person's criminal record and are not typically disclosed as part of the process. However, an enhanced disclosure may include such additional information, which is supplied at the chief police officer's discretion. Enhanced disclosures are typically used to screen applicants for positions such as police officer, social worker, and teacher, which involve contact with vulnerable groups and children.

Individuals and the self-employed cannot apply for a DBS check of their own criminal record, as they cannot ask an exempted question (a valid request for a person to reveal their full criminal history, including spent convictions) of themselves. Only organisations registered with the DBS can ask an exempted question and submit applications for criminal records checks. There are two types of registered organisation: a registered body, which is the employer; and an umbrella body, a registered body that processes criminal record checks for non-registered organisations who can ask the exempted question."

https://en.wikipedia.org/wiki/Criminal_record

[trhway]

>maybe that means something different in America? It's just an arrest

an arrest record searchable by all the prospective employers (until you spend an effort/money to seal it in jurisdictions where it is possible, and even then you still would have to disclose it any time you deal with federals). Good luck finding a job anywhere where computers are present with an arrest for hacking.

[StanislavPetrov]

>It's just an arrest

I wonder how many people who say, "just an arrest" have actually been through being arrested.

[rualca]

> So they already dropped it.

Don't you agree that's totally irrelevant? Being arrested for downloading a random doc from the internet is a real problem, so as monitoring dissidents to persecute them for any reason at all.

[corobo]

Yeah but the title makes it sound like Google Drive or something grassed him up. They weren't downloaded from Google, they were found using it

[seba_dos1]

...but that means Google has downloaded it earlier to index it. I guess Google should get raided as well.

[tehwebguy]

Google is super relevant to the case if they identified someone who downloaded a non-protected file in response to a police request. Not sure there is any slope left to slip on, this is basically the worst case scenario already I think.

Edit: Whoops, all of my assumptions were wrong!

[denton-scratch]

I beg to differ. I don't think Google is relevant.

As far as I can see, Google provided a search-result, which eventually (after Google's batted it around internally a few times) turns into an HTTP request to the CBS website, which resulted in password-free access to a public document.

So that will show up in the CBS webserver's access log; that's how they got the IP address. Nothing to do with Google.

Getting from the IP address to the person is messier; websearches, requests to ISPs, and presumably searches of activist databases the cops no doubt maintain might all have played a part.

My guess is the cops knew there was no case against him, because they tried the URL, and saw that there was no password challenge; but charged him anyway, because he was an activist, and they wanted to intimidate him.

[ChrisKnott]

He wasn't charged.

[denton-scratch]

You're right, he wasn't charged. He was "just" arrested.

[Maxburn]

I did not get that impression. The defendant said he used google to find these things, google did not snitch on him. He was in turn discovered by sharing them on social media.

[jsnell]

But we know from the article that's not how he was identified. Instead it was from the access logs of the company that he downloaded the file from.

> Hutchinson said his identification by Leathermarket and subsequent arrest raised questions in his mind, saying police confirmed to him that the company had handed over an access log containing IP addresses: