[trhway]

>I personally think it's fair enough, the company claimed it was secure, therefore he hacked them. The police reacted, but when he could show it clearly

it is absolutely not fair. The fair would be if the company had to show before the arrest that it was minimally secure. I mean they for sure had the HTTP transaction in their own logs - like GET document, response 200. They couldn't have reasonably in good faith claim "secure" and "hacking". What the company did is bordering on the false police report, and it would be fair if there were a recourse for the falsely arrested to use against the company.

[mattmanser]

Firstly, all those logs can be easily falsified and you're got absolutely no clue at all what that company showed to the police to convince them.

So get off your extremely manufactured high horse.

Secondly, even if you could somehow wave a magic wand and know the logs were real, you're approaching this as an expert and not as a layman.

A crime was reported, it was followed up, an arrest was made (maybe that means something different in America? It's just an arrest). No charges were levied, now the company that reported it look like fools in national news.

They'll not be pulling this shit again.

[perl4ever]

>maybe that means something different in America? It's just an arrest

From what I see on Wikipedia, there is restricted access to someone's criminal record in the UK, but on the other hand, you can't get a complete version of your own record, and arrests may be obtainable by prospective employers in some circumstances.

"Arrests that do not lead to an official finding of guilt, i.e. a conviction or the acceptance of a caution, are not considered part of a person's criminal record and are not typically disclosed as part of the process. However, an enhanced disclosure may include such additional information, which is supplied at the chief police officer's discretion. Enhanced disclosures are typically used to screen applicants for positions such as police officer, social worker, and teacher, which involve contact with vulnerable groups and children.

Individuals and the self-employed cannot apply for a DBS check of their own criminal record, as they cannot ask an exempted question (a valid request for a person to reveal their full criminal history, including spent convictions) of themselves. Only organisations registered with the DBS can ask an exempted question and submit applications for criminal records checks. There are two types of registered organisation: a registered body, which is the employer; and an umbrella body, a registered body that processes criminal record checks for non-registered organisations who can ask the exempted question."

https://en.wikipedia.org/wiki/Criminal_record

[trhway]

>maybe that means something different in America? It's just an arrest

an arrest record searchable by all the prospective employers (until you spend an effort/money to seal it in jurisdictions where it is possible, and even then you still would have to disclose it any time you deal with federals). Good luck finding a job anywhere where computers are present with an arrest for hacking.

[zaarn]

I don't believe you can get arrest records for a background screening on a employee like that in the UK (or the rest of Europe). You'd need a damn good reason why you want one so thorough and last I checked, in my country that means you're going for teacher, social worker, government office, etc. And even then this wouldn't be reason for denial if the arrest is not related to your job or you can reasonably explain the matter.

[StanislavPetrov]

>It's just an arrest

I wonder how many people who say, "just an arrest" have actually been through being arrested.