Hacker News new | ask | show | jobs
A "GET" request can land you in Jail
10 points by narayanb 4841 days ago
After reading through the judgment of Andrew Auernheimer case, I feel really taken aback and scared! How could calling 'public' GET API be unauthorized action? How could the judgment be passed so fast and carelessly? And why aren't the AT&T 'subscribers' suing them for keeping their private information insecure?

Frankly, now as a developer every time I make a "GET" request, I have this fear of getting jailed!
2 comments
beryllium 4841 days ago
It's a bit absurd. A chilling effect, even; now, instead of responsible disclosure (which weev seemed to think meant scraping 100K examples of the data and giving it to a Gawker reporter), we'll be left with irresponsible disclosure (anonymously reporting it or selling it on the black market).

That said, I don't think AT&T would necessarily have reacted well to an attempt at real responsible disclosure.

For an example of the ideal scenario for how this should be handled, there's the Steam data leak that Ars Technica found: http://www.gibsonindex.org/blog/2013/02/06/steam-leak/ - I rated it as a Level Zero event on my cyber attack ranking blog, because of the proper resolution.

I agree that the blame in this case lies mostly with AT&T. It's their responsibility to protect the data. They build the program so that if anyone asked it for anyone else's info, it went "OK, sounds good, here you go."

Weev was the one who asked. AT&T should be on the hook for answering.

link
narayanb 4841 days ago
But from a pure legal standpoint, any API developer can face jail term if they suddenly change their terms/conditions.
link
anywhichway 4841 days ago
I'm not a lawyer, but violating terms, conditions, or other contacts in non malicious ways generally aren't going to be criminal offenses. They are civil offenses for which the main recourse is only for the company to sue.
link
logn 4841 days ago
It's concerning. But I honestly think this had everything to do with his image and little with his actions. He's well known for trolling with offensive messages and being affiliated with grey hat hacking. Neither of these are necessarily wrong/illegal/immoral, and I'm not saying this is karma at all, but he's the type of person the FBI wants to see in jail one way or another.

But yeah I've spent many years in web scraping and this type of reaction is always in the back of my mind. If you're really that worried, keep good company.

Anyhow, we should do what we can to inform non-technical people about these issues so they're not so mysterious and scary. How do you think gay rights are so mainstream? Years of people being vocal about what's right.

link