This is different than someone stealing a stereo. This is you tape the security code for your front door onto the door and then your mad at the manufacturer of the door's lock. You want the manufacturer to give any information about the person who broke into your house.
The manufacturer digitally stores the fingerprints of anyone who uses the lock. You want the manufacturer to give you a copy of the fingerprints to help you identify the person who broke into your house.
> ...and then your [sic] mad at the manufacturer of the door's lock.
No,Uber is fishing for data they don't need. They have an IP address of the intruder. Instead of demanding all the access logs for a months long period, why not compel Github to answer the question "Did this IP address access the Gist in question? If so, what are the timestamps?"
Instead Uber wants all github's access log data for the gist in question which sounds like more incompetence and desperation on Uber's part.
Or they believe the attacker likely accessed the information in the gist from several IP addresses; they want more trails to follow if the one bit of data (we are aware of) that they have proves cold. It's a sensible reason to subpoena, and it's also a fishing expedition so it's sensible for Github to not hand the data over without a court order.
incompetence, desperation, and a great way to shift some blame onto GitHub, in the eyes of people who know absolutely nothing about how this stuff works.
which could be the audience they're most concerned about.
Are any of the people who know absolutely nothing about how this stuff works following the story on the register? Would anybody even know if the register hadn't decided to make a story out of it? Doesn't seem like a particularly effective blame shifting strategy to me.
it's also on VentureBeat, Slashdot, and a bunch of other places. google "GitHub Uber subpoena." it'll probably show up on TechCrunch and Valleywag by the end of the day.
The victim here is not Uber, but the Uber drivers whose data was lost. Uber is partly guilty here, because of their negligence.
Your analogy is wrong. It's more like asking someone to protect the key of your locked door. And they make copies and leave them in random places with the address attached.
The entity responsible is being punished. They're paying for identity protection for a year and taking yet another public image hit. The hacker? Whoever it was did society a favor by exposing yet another careless company giving away your data because they don't value security.
I partly agree with parfe in principle. Uber is as responsible for this breach with their carelessness as the person who exposed it. That does not change the fact that there were 50,000 victims in the disclosure.