[Buttons840]

> “If somebody picks your lock on your house — for whatever reason, it’s not a good lock, it’s a cheap lock or whatever problem you might have — they do not have the right to go into your house and take anything that belongs to you,” Parson said.

The reporter did the equivalent of noticing a lock was rusted through and barely hanging on. He poked the lock and it crumbled to pieces. He didn't take anything, he reported the problem to the government and later to the public. He didn't take the personal data just because his eyes saw it in passing.

If the reporter compiled a database of every teachers personal information, that's another thing. That's not what happened, the reporter looked at 3 teachers to establish the pattern and then reported it.

[jrockway]

Locks are a terrible analogy for what's going on here. This would be like the government publishing a newsletter, and then writing a bunch of teachers' social security numbers on it in invisible ink. Someone then noticed that you can still read the invisible ink, and then wrote an article about how incompetently the government managed the data.

This is a simple case of an egotistical politician who wishes he was King tussling with the media that is rightfully making him look incompetent. "Anyone who disagrees with me is a criminal" is a common pattern for wannabe dictators. Vote against him at the next opportunity.

[SauciestGNU]

I'd say even invisible ink is taking the analogy too far. It's like the government published a newsletter, printed the PII on the back of the paper, and now wants to prosecute the first person to look at the back of the page.

[lkxijlewlf]

I commented below that I think it is like opening a CSV in notepad++ vs Excel. Same data, Excel just hides the commas. The commas are still there, though!

[jrockway]

Yeah, that's fair. Comments are a little bit like invisible ink; they look like they're not there because the rendering engine doesn't display them, but they're still sent with every copy of the information.

It would be better if the SSNs were white text on a white background and we were here because someone highlighted the text, though.

[hoppla]

The absence of locks is a good analogy. But I think a fruit welcome basket is a better one. Not only because they handed PII over to all visitors, but because the epilogue is fruity

[nulbyte]

> The reporter did the equivalent of noticing a lock was rusted through and barely hanging on. He poked the lock and it crumbled to pieces.

No. The reporter did the equivalent of opening a book available to be read by the public and having the audacity to try and figure out what the words on the pages meant.

[ljm]

I'm not sure the lock analogy works at all.

The reporter asked for a page of information, it contained information that wasn't supposed to be there, and he's being blamed as if his eyes manifested it into existence.

Seems more akin to shining a UV light on a piece of paper. (Interesting how the sibling comment came to a similar example with invisible ink.)

[tschwimmer]

I actually like the paper analogy a lot, let's extend it: Say the journalist was instead freely handed a redacted government document on sheets of paper. The reporter notes that it was redacted poorly and the redacting can be peeled off or a bright light can be shined on it to reveal the text underneath. By doing this, is the reporter committing a crime? I have no idea. My intuition says probably not, but I think interestingly it's not a "definitely not" because 1) it's apparent to the reporter that the redacted information is intended to be private and 2) the reporter took some steps to uncover that information.

It's still not a perfect metaphor. It's not immediately clear that 1) is true here (the reporter probably was not trolling for private information) and it's highly questionable if 2) is true as it seems that this info was being sent along in HTTP responses. What is obvious to me is that that this guy had no malicious intent, took steps to do responsible disclosure (they didn't publish the article until the issue was fixed) and is being targeted by the political establishment as retribution for embarrassing them. Shameful stuff.

[TT-392]

If it was just in the html the website served to you, and it just basically has it written in a way that tells the browser to not display that part of the html. Wouldn't that be closer to handing a journalist a government document with some text, then a line saying: "don't read the stuff below this line", and then a bunch of sensitive stuff below that in plain text?

[Buttons840]

All analogies are flawed. My main point was that, in terms of the Governor's own analogy, and also literally, the reporter didn't "take" anything.

All analogies aside, intent matters, and the reporters intent was to report a vulnerability and then to report the Government's actions to the public once the vulnerability was fixed. Neither of which are illegal.

[bart_spoon]

No, because there is a difference between “being displayed by default” and “explicitly forbidden from being viewed”. It’s closer to requesting information, and in response being handed a bunch of material, some of which is in a stack of papers and some of which is enclosed in an unsealed, unmarked envelope. It isn’t displayed by default, but it’s there, and with the most minimal of effort it’s viewable, there is nothing explaining it shouldn’t be viewed, and it’s not absurd to assume that if it was included in the bundle of information you received in response to a question, it’s fine to view.

The onus is on the person providing the information to not include it in what they provide, not the viewer to not look at information provided.

[philistine]

With your redacting example, we don't even need to decide if looking at the paper with a light is illegal. The reporters discovered the poor redaction, and immediately informed the State that it was poorly implemented. They did not disclose this was a problem until the problem was fixed, and new papers were handed out without this flaw. How can you argue someone did something illegal in this case!

[paulhart]

There have been many instances where PDFs have been "redacted" by painting black rectangles over the text, but keeping the text intact. I can't think of anyone who has been prosecuted for unredacting those documents - the people who did their jobs poorly are considered liable.

[OJFord]

A barebones PDF reader implementation would/could not render that 'layer' anyway, so I can't imagine you'd actually lose such a case. (As distinct from not having the will/funds to fight it long enough...)

[908B64B197]

At least the invisible ink is an attempt at hiding the information. A comically bad attempt but still an attempt.

A better analogy would be that the state sent the journalist a document with everything readable in regular light, and a separate sheet that tells him which words he must redact. There was no attempt to conceal information, and worse, the redaction list would have been promptly ignored by anyone using a screen reader or other accessibility devices.

[jdavis703]

This lock analogy is terrible. It’s like a business putting the wrong price tag on a product and then claiming people who bought a smartphone for $1 instead of $500 were stealing because they didn’t halt the transaction for what’s obviously a bogus price.

[andrewflnr]

There was no lock. The door was open with an "open house" sign and the owners were just hoping you wouldn't notice the sensitive documents lying on the table.

[ozfive]

The sensitive documents were paid bare on the porch. He just walked up to the door and looked down.

[vineyardmike]

A better example is that you wrote a snail-mail letter to the government asking for some info (HTTP Request) and the written mail response (HTTP Response) included a sticky note stuck to it with secret info. Confused, you write another 2 letters and get another 2 sticky note (now you confirm its a problem). Realizing something is wrong, you tell the gov and they move the pile of sticky-noted confidential info away from the letter processing desk.

[dead_alchemy]

I think a better analogy would be if someone looked through your window and saw something that shouldn’t be out in plain sight, called you to hide it, and then you prosecute them because they looked into your house.

[hitpointdrew]

Exactly! It's like if someone was not trespassing (they are on a public road/sidewalk) and looked in your windows and saw you standing there naked. Then you get upset and demand they be arrested. It's YOUR responsibility to draw the shades, or only walk around naked in front of windows that do not have a clear view to a public space.

[tshaddox]

Another reason the lock analogy is ridiculous is that it’s illegal to trespass on or burglarize property even if there wasn’t a lock.

[CPLX]

A better analogy would be if you sent a letter asking the government for specific public personnel records and they just Xeroxed their entire private file and sent it to you without reading it.

[brandonmenc]

We need to stop with the analogies.

What's actually happening is: someone is broadcasting the data. End of story.

Now I'm going to ignore my own advice: it's like displaying the data on a big screen in the town square and then trying to arrest people for turning their head to look at it.

[tyingq]

I'd say it's like you left one piece of paper, from a pad, that was just under a handwritten "secret document" out on a table in a public park.

Then a reporter came along and rubbed a pencil on it, revealing the writing from the sheet above it.

[anigbrowl]

In general, it's a mistake to operate with the metaphor chosen by someone with whom you have a strenuous disagreement, because the second image rarely has the same cognitive/emotional impact as the first. In this case, a better rejoinder might be 'the door was not locked, and there is no crime in looking through an open door.'