19-Year-Old Archivist Charged For Downloading Freedom-of-Information Releases (www.cbc.ca) 422
Ichijo writes: According to CBC News, a Canadian teen "has been charged with 'unauthorized use of a computer,' which carries a possible 10-year prison sentence, for downloading approximately 7,000 freedom-of-information releases. The provincial government says about 250 of those contain Nova Scotians' sensitive personal information."
"When he was around eight [...] his Grade 3 class adopted an animal at a shelter, receiving an electronic adoption certificate," reports CBC. "That lead to a discovery on the classroom computer. 'The website had a number at the end, and I was able to change the last digit of the number to a different number and was able to see a certificate for someone else's animal that they adopted,' he said. 'I thought that was interesting.' The teenager's current troubles arose because he used the same trick on Nova Scotia's freedom-of-information portal, downloading about 7,000 freedom-of-information requests." The teen is estimated to have around 30 terabytes of online data on his hard drives, which equates to "millions" of webpages. "He usually copies online forums such as 4chan and Reddit, where posts are either quickly erased or can become difficult to locate."
"When he was around eight [...] his Grade 3 class adopted an animal at a shelter, receiving an electronic adoption certificate," reports CBC. "That lead to a discovery on the classroom computer. 'The website had a number at the end, and I was able to change the last digit of the number to a different number and was able to see a certificate for someone else's animal that they adopted,' he said. 'I thought that was interesting.' The teenager's current troubles arose because he used the same trick on Nova Scotia's freedom-of-information portal, downloading about 7,000 freedom-of-information requests." The teen is estimated to have around 30 terabytes of online data on his hard drives, which equates to "millions" of webpages. "He usually copies online forums such as 4chan and Reddit, where posts are either quickly erased or can become difficult to locate."
Government guilty! (Score:5, Informative)
...of criminal stupidity.
I'm from Luxembourg and my chamber of representatives used the same 'security system' (people can't possibly guess numbers) and was also breached, obviously, since this 'problem' is known since 1991 or so, when the worldwide web was invented.
Re: (Score:3, Funny)
Comment removed (Score:4, Informative)
Re:Government guilty! (Score:5, Insightful)
That's great, but you can also just do this with curl
curl example.com/[1-1000000].html
The range functionality is built right into curl. In fact it's even in the opening examples of the man page.
Re:Government guilty! (Score:5, Funny)
... In fact it's even in the opening examples of the man page.
That's exactly why we need more women in tech!
Re:Government guilty! (Score:5, Informative)
I agree, but man pages have nothing to do with gender. It's called a man page because it's short for manual. The command was called man most likely because so many commands were shortened back then to 2 or 3 letters. There were a few women working on Unix at Bell labs in the 70s, one was Lorinda Cherry and among other things she helped write programs like the 'bc' and 'dc' commands.
Re:Government guilty! (Score:5, Funny)
I agree, but man pages have nothing to do with gender. It's called a man page because it's short for manual. The command was called man most likely because so many commands were shortened back then to 2 or 3 letters.
Is this an example of "man splaining" ?
Re: (Score:3)
You must be a blast at parties
Re: (Score:3)
And as everyone knows, women don't come with manuals.
Re: (Score:3)
I err on the side of ignorance.
Then you will never fail.
Re:Government guilty! No. Kid is insane. (Score:3)
What I want to know is that did he use a script to (or curl feature) download 7,000 documents or did he just edit the URL 6,999 times?
And where is he storing 30TB of data? Yes that is actually affordable (say 4 drives about $250 each) but who spends that kind of pocket money for something so nearly unusable?
Try doing a grep -r for some string on a mounted USB drive holding 1TB of data and see how long it takes. So what good is that?
Maybe he scrolls through all those documents one by one. For what. An
Re:Government guilty! (Score:5, Interesting)
...of criminal stupidity.
I'm from Luxembourg and my chamber of representatives used the same 'security system' (people can't possibly guess numbers) and was also breached, obviously, since this 'problem' is known since 1991 or so, when the worldwide web was invented.
Yes, Data Protection Acts like the EU GDPR are there to ensure that PII (Personally Identifiable Information) aren't released publicly. However this doesn't mean it wont accidentally be or cant be released. The Canadian govt was silly to let this information to be released under FOI requests (I work with FOI requests in the UK, you're supposed to ensure any PII stripped out, GDPR/DPA trumps FOI and there are strict penalties for non-compliance) but if that fails that doesn't give you carte blanche to copy it, data protection laws still apply.
/. Mah Freeedums nutters but it will be more accurate, this will go to court, the Canadian will explain why he was doing what he was doing and the judge will order him to delete the records that contain PII and that will be the end of it. No jail, no fines, just a Canadian judge ordering a Canadian to adhere to the Canadian laws. chances are the guy didn't even know that the PII was there before he started.
However I'm going to make a prediction that wont be popular with the
Re:Government guilty! (Score:5, Insightful)
"The kid was criminally stupid in not reporting the vulnerability through the responsible disclosure contact"
Neither he, you nor I are under any such obligation and how he accessed the data was neither vulnerability nor crime.
"The kid was criminally stupid in archiving the data instead of working towards fixing the problem"
The problem is not his to "fix" and archiving the data is not a crime which could have been done by any number of spiders and bots incl The Wayback Machine.
Stop being an apologist for the criminally stupid authorities and their heavyhanded overreach
Re:Government guilty! (Score:4, Insightful)
Re: (Score:3)
Re: (Score:3)
Why is this criminal and not civil? What economic damages are there to reclaim in said civil suit?
Ah. No standing. Case dismissed!
Re:Government guilty! (Score:5, Informative)
This case will be dismissed if it ever makes it that far. The law they charged him under does not cover accessing public facing documents.
Re:Government guilty! (Score:5, Interesting)
The government was in breach of PIPEDA, though I'm not a lawyer, so I don't know if the law applies to them. The documents are called "Freedom of Information" requests. If you find one through the search function, you can download it. A reasonable person would have concluded this was public information. The documents being numbered sequentially does reinforce this impression.
There was no obvious way for him to know that some of the "Freedom of Information" requests were intended to be restricted. You can't report something you don't know is wrong. Nobody wants to be the collateral damage from some larger party externalizing its incompetence or laziness. This is that, and it's wrong.
Re:Government guilty! (Score:5, Informative)
Re:Government guilty! (Score:5, Insightful)
The kid was has been quoted as saying he thought that the records were public and he didn't know he wasn't supposed to be able to do that.
By any measure these files were public. They were published online with a URL without any access control system. The question is whether they should have been made public or not. And apparently the government unintentionally published just 250 documents that contained information that was somehow privileged in the batch of 7000.
So 96.4% of the documents were supposed to be available to the public.
Any reasonable person would have looked at a freedom of information website and assume that the published documents were intended to be public as the vast majority of the documents were. The government made a mistake, overreached and is at fault for putting this person through this ordeal. Charges should be dropped with apology.
Re: (Score:3)
This is what I think is more likely.
Suit#1: Someone found a design flaw in the public documents portal that makes us look completely incompetent, and downloaded our data.
Suit#2: Who?
Suit#1: Some kid, who happens to be Canadian.
Suit#2: Well, he's within our reach then. So let's make an example of him, instead of the usual cover up. Let's put on a show by raiding his home with a battalion of officers, and drag him to court under trumped up charges. We'll exaggerate the crime so much that we don't appe
Re: (Score:3)
Re:Government guilty! (Score:5, Interesting)
The kid was criminally stupid in archiving the data instead of working towards fixing the problem
This tripe got modded to 5?! fixing the problem wasn't his responsibility and while his actions might've been distasteful, thinking them to be "criminal" either requires:
A) A complete lack of understanding of digital communications, or...
B) You to be a gov't shill, or...C) An utter fucking moron.
Re:Government guilty! (Score:4, Insightful)
The kid was criminally stupid in archiving the data instead of working towards fixing the problem
Edit Address Line Is Not Hacking (Score:5, Insightful)
Lets be clear, editing the address line is not hacking, not in any way, shape or form. A user name and password request and getting past that is. Editing your address line on your computer and the distant server allowing it, is a fault of that distant server. A request for access was made and it as legally given, the government is screwed and a penalty should be applied for false prosecution. Strictly their fuckup, they made that information publicly accesible without any restriction and they are fucking liars and fraudsters trying to pin their incompetance on someone else. It is not a crime to edit you address bar, it is strictly their fuck up that caused it. No user name, password request and your web site is public facing, that data is free to download, you just gave it away free from all encumbrances. No different to randomly running IP addresses to download what ever you want. No layer of security, no fucking crime, they are cunts blaming someone else for their incompetence and the victim should sue the crap out of them after this is over.
Re: (Score:3, Informative)
You entirely miss the point. If this was a government fuckup, then someone in government is responsible. Someone senior, whose job it was to make sure these things don't happen. Someone who was given an adequate amount of money for the task. There might need to be an audit to see how this money was spent, and this must never be allowed to happen.
If this is classed as a security breach, this official's career (and everyone's career she has a mentor relationship with) is in danger. However, if it was a d
Re: (Score:2)
Re: (Score:2)
Try typing random URLs ending in /.. and see how long it takes the internet police to be called on you.
Re: (Score:2)
However, download terabytes of data instead of reporting the problem is an issue.
Re: (Score:2)
Re: (Score:2)
Why would you report it as an issue if it appears to be the intended behaviour?
Re: (Score:2)
Re: (Score:2)
Of course it's hacking. It's using software in a way in which it was not intended for your own purposes, what else do you call it? What it isn't is cracking. He didn't defeat any protection, because there was no protection. It's the difference between trespass, and breaking and entering. In the first, you're just someplace you're not supposed to be. In the second, you defeated a protection device to get there. This is equivalent to trespass, not B&E.
The appropriate harshness of the punishment is a separ
Re: (Score:2)
Of course it's hacking. It's using software in a way in which it was not intended for your own purposes....
He was using the site EXACTLY as it was intended to be used: ask the system to provide information associated with some number at the end. This was not exploiting some unintended consequence to make the system behave in an unusual or unforeseen manner. This was making the computer system act in EXACTLY the manner the developer(s) intended.
If the Government wants to keep information private, the Government should place some form of security in front of it. As it is, there was (is?) NO security in front of
Should developer intent matter? (Score:2)
He was using the site EXACTLY as it was intended to be used: ask the system to provide information associated with some number at the end. This was not exploiting some unintended consequence to make the system behave in an unusual or unforeseen manner. This was making the computer system act in EXACTLY the manner the developer(s) intended.
By that logic you could claim any penetration of a system was merely the system behaving exactly as intended because that was how the developer programmed it. I understand where you are going with your argument but it's perhaps a bit more fraught than you realize? After all, how are we as users to know what the developer intended and why should that even matter? It's an interesting question.
The real question here is when does the system cross the line from no security to bad security from a legal stan
Re: (Score:2)
Where is the line between bad and no security? (Score:2)
Lets be clear, editing the address line is not hacking, not in any way, shape or form.
It is hacking if the government defines it to be hacking. Not disagreeing with you just pointing out that we're talking about the fact that the people who make the laws are the ones we're dealing with here. The scary bit is that they can define something quite innocuous to be against the law. Any time you go against the folks that make the rules things tend to get dicey for the defendant.
A request for access was made and it as legally given, the government is screwed and a penalty should be applied for false prosecution.
Again I don't disagree but do you really expect the government to admit fault like that?
The interesting question is wh
Re: (Score:2)
Lets be clear, editing the address line is not hacking, not in any way, shape or form.
Well, to be annoyingly pedantic, there's a line somewhere - for example, you can (though certainly shouldn't) have a session key in a URL, for example ...
This situation in TFA is, of course (or should be, anyway), far far on the legal side of the line.
Re:Edit Address Line Is Not Hacking (Score:5, Insightful)
No layer of security, no fucking crime
My leaving my front door unlocked does not mean you aren't guilty if breaking and entering if you open the door, walk in, and take something that isn't yours.
Idiot.
Web servers do not work that way.
You don't go into the web server and take something. The web server sends it to you.
The more apt analogy would be that I asked for something I didn't own and you mail it to me. It can't be stolen since you honored the request to send it to me.
What are you going to compare it to next? rape? Someone getting unsecured files from a server is like raping you in the ass?
Re: (Score:2)
No this was a good description of the post he (?) responded to.
This is like a library. You ask for help to locate a book and get directed to a certain shelf and a number on that shelf. You read that book and then see that there are books beside it. You read them too. No crime have been committed. Nothing is stolen. That someone included sensitive information in some books aren't your doing and not your responsibility. You aren't legally required (though perhaps morally so) to inform the librarians that sens
Re: (Score:2)
Canada has pretty strong privacy laws. It may be your responsibility to delete and possibly report protected data that have come into your possession.
Re: (Score:2)
Canada has laughable privacy "principles" they aren't even strictly laws. Harper introduced so many changes to communication laws which now include something along the lines of "except for the purposes of gathering evidence" that the government can invade your privacy pretty much whenever they want.
The Privacy Act for government protecting your privacy is more of a tool to protect the government from disclosure of documents it doesn't wish to disclose.
Re: (Score:2)
Re: (Score:2)
Re:Edit Address Line Is Not Hacking (Score:5, Insightful)
Am I hacking the system if I use my remote control to sequentially access channels on my DirecTV system instead of using the DirecTV directory?
Am I hacking the system if I conduct a (legitimate) telephone survey by progressing through the phone numbers for a given area code/prefix sequentially instead of using a telephone directory organized by name that translates to a telephone number?
Am I hacking the system if I go trick-or-treating by house number up and down the block instead of using the HOA directory to find people in my neighborhood by name then go to their their address?
The individual in question didn't evade any controls on the access to the information. He scanned the information that was made freely available by sequentially stepping through the information addresses rather than going through a central directory. The idea that the mere existence of a central directory makes it illegal to scan publicly available addresses directly to access unsecured information is ridiculous. The URL address system is a well-known public interface for accessing information. If the URL address system contains an obvious regular pattern, it is well within reasonable expectations that a) individuals will notice this regular pattern, and b) use the regular pattern to optimize their access to the information. The fact that every single web browser exposes the URL and allows direct manipulation of the URL suggests that URLs are not only capable of being used in this way, but that the original protocol designers and implementors intended for it to be used in this way.
Re: (Score:3, Insightful)
Actually yes, if you discovered such a flaw and exploited it to get lots of free coke, you likely would be prosecuted for theft.
You know, like how fraud is still fraud even if the victim agreed to it.
Re: Edit Address Line Is Not Hacking (Score:3)
No security does not mean no crime, but it also does not indicate that a crime occured.
How can one break a law which does not exist? For a law to be broken there has to be some indicator of an attempt to bypass restrictions. Accessing publicly available information in accordance with previous means supplied (the URL), does not indicate an attempt to bypass or circumvent restrictions. The situation here would be like saying finding a library book by using its letter of the alphabet
Re: (Score:2)
take something that isn't yours.
He didn't do that. He downloaded articles on a public facing web server.
Re: (Score:2)
after connecting a computer to the MIT network in an unmarked and unlocked closet,
How is that the same as downloading from a public facing web server ?
Re: (Score:2)
Which TOS exactly ?
Re: (Score:2)
And war is peace.
Re: (Score:2)
Which is a breech of contract, a civil offence.
Re: (Score:2, Insightful)
And then only if the contract doesn't contradict the law. For example if a TOS says you have to give them your first born, that doesn't mean they can make you do that.
Re: (Score:2)
Unless your conduct then rises to a level of "unauthorized access," because the TOS is what gave you authorization and by breaking it, you were no longer authorized. Rightly or wrongly, there are laws [wikipedia.org] that make this kinds of conduct criminal offense, which is why I said what the "archivist" did was at least very stupid (no lawyer would have advised him to do what he did, at least not without hiding his tracks).
Re: (Score:2)
But it's not breaking and entering if the open door belongs to a store. Unlocked store doors usually are an invitation to enter and look around. Publishing something on the internet is usually more comparable to an open store door than an unlocked house door. In general
However, here the knew that those documents were not there for public availability, so I don't mind if he gets sued and sentenced. However, whoever left the documents with personal data out in the open should feel severe consequences, too. Ju
Re: (Score:3)
The law over here states that 'unauthorized use of a computer' means that one knowingly accesses a computer system without permission, and that means that in many cases (such as on a public web service) privileged information h
Re: (Score:2)
here the knew that those documents were not there for public availability
He may have found it odd that they were publicly available.
ACTUALLY.... My guess is he never actually looked at any of these documents. Just a guess, but given the size of this kid's archive, I'm guessing he had a bot doing most of the collecting and never actually took the time to read everything he was fetching and in a programming short cut his bot generated URL's to fetch by modifying known good URL's.
They forgot to take the 'take one free' sign down. (Score:5, Insightful)
Items placed on an open server without a login are made available for public download. Whether you meant to offer them for public download isn't relevant - you did.
He went to the server and asked politely, "Can I take one of these?" The server said, "Sure, here it is", and then tossed it to him.
Re: (Score:2)
It's basically like going to a library and pulling your book. And then there's another whole row of books right next to yours and you look at them that just so happens to be "FORBIDDEN KNOWLEDGE!@#!1111".
Re: (Score:2)
Also, re. manually editing a link, how does one know that url isn’t linked to from elsewhere? Ie. it was published for all, and all you did was shortcut straight to it?
Re: (Score:3, Insightful)
Your analogy is broken in so many ways I don't know where to start.
Here's a better one:
You display a public anoncement by scribbling it on the top sheet of a flipover pad you have lying around.
You nail the whole thing to your wall, and don't even try to secure the bottom corners.
A passer-by peeks at the next sheet.
No crime.
Move along.
Re:Edit Address Line Is Not Hacking (Score:5, Insightful)
He did no Hacking. (Score:3)
Except he did not walk in the door.
What he did is the equivalent of walking up to the public documents window (just dream that such a thing exists..) as saying 'could I please have the FOI request number 1' then saying 'could I please have the FOI request number 2'.... until he had 7000 of them.
The fault in that case, and quite obviously in this, would be in the person (or server) that GAVE HIM THE DOCUMENTS WITHOUT ANY ATTEMPT TO VERIFY THAT HE WAS AUTHORISED TO RECEIVE THEM.
Remember, he didnt falsify ANY
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Actually, in many (if not most) places, it does mean exactly that. Illegal entry you may have done. Theft, petty or not so petty, likewise. The "Breaking" part? Nope. That has a legal meaning, and walking into an open front door does NOT count....
Re: (Score:2)
No layer of security, no fucking crime
My leaving my front door unlocked does not mean you aren't guilty if breaking and entering if you open the door, walk in, and take something that isn't yours.
Unauthorised entry maybe, breaking and entering? Nope, you left your front door open after all. Besides the actual crime there is the theft, someone could just walk in look around and leave, or make copies of your shit and leave the original or any number of things that the lack of security enabled, which is essentially why we have security. Picking something that is not yours up off the street is a lot different to breaking into a vault.
Re: (Score:2)
Your front door is property designated private.
A server openly offering files is more like reading your browser history after it became stapled to the town noticeboard. Whether you "accidentally" stapled it or another actor did is also immaterial.
GP went too far in assuming that no security = no designation = morally in the wild. I would accept that a "this document is restricted to [dept] eyes only" stamp qualifies. But that's my moral opinion - an insurance policy could accuse you of having effectively re
Re: (Score:3)
But if you are a public government office and the front door is unlocked, people may assume that they are free to enter. And if you then have documents sitting there right on a table that says "public information" when people come in, people may assume that they can read them.
Now, how about a car analogy?
Re:Edit Address Line Is Not Hacking (Score:5, Insightful)
I think the door analogy would go something like this: I go into a public government building and the information I need is in open door A and then I see open doors B, C, D, E, etc and go "huh, I wonder what's behind this open door in a public building (with no warning/forbidden signs) and then someone tries to arrest me for breaking and entering.
Re:Edit Address Line Is Not Hacking (Score:5, Insightful)
What a pile of shite.
As one of the ACs in the thread above pointed out this is the wrong analogy. The server authorized the request and sent the data. A more accurate analogy would be: "I go into a public government building and ask the clerk for document #252, he says sure and hands it over. I then ask him for every other number that I can think of and he keeps saying sure, and handing them over". Your attempt at an analogy removes agency, but the web server server was configured to make the information publically available.
Re: (Score:2)
"The server authorized the request"
When you anthropomorphize the server, you describe a circumstance that does not exist. The server didn't 'authorize' as you or I might, it responded to the request as programmed, delivering data as expected given the nature of the well-crafted request.
A better analogy might be that you are given a number and are waiting in line to be assisted. You have two questions, however, and since you see no one in line, you offer the next number also, and so get a second answer. And
Re: (Score:2)
Okay, but what if you find stacks of other people's personal data behind those doors, and it is obvious that it is not supposed to be available to just anyone?
If you reported the mistake you would be fine. If you went systematically through every door and make copies of other people's personal data for your own "archive"... Well, at best you could argue that you didn't realize the privacy law implications and thought that those documents were public records. And then it's down to if anyone believes you.
In t
Re: (Score:3)
Re: (Score:3)
Re:Edit Address Line Is Not Hacking (Score:4, Informative)
Except, here in Belgium it is also illegal to leave your car behind unlocked.
Yes, misuse should be punished, but negligence as well...
And in my state it is illegal to start your car and let it warm up in the driveway unless you sit inside it. It can be -20F and covered in ice, but you can be fined for "puffing" your car. Just because something is illegal, doesn't mean it should be illegal.
Re: (Score:3)
Except, there was no authentication required and no attempt to scramble the addresses on a public facing server. Therefore, the data was open for public viewing and likely indexed on Google if anyone wanted to do a search. Yes, the government didn't intend for it to be public view but, that's their fuckup. It's time to stop trying to prosecute people for other people's mistakes because "we're the government."
Wow, I see a huge countersuit coming... (Score:5, Insightful)
I am trying to understand what he did that was illegal?
He downloaded documents that the government posted on the internet, by simply "guessing" the URL, which incrementally increased from the URL that he was given by the government?
Yup, looks like a case of the government trying to offset blame to me!
Freedom of Information Data access request (Score:2)
If I seek information under 'Freedom of Information' legislation, I am getting data that the government holds about the world in general.
If I carry out a 'data access request', I am asking for the data that the government owns on me.
It appears that Nova Scotia operated a 'data access request' system that held the personal resulting from data access requests on a poorly protected server, which our guy proceeded to access. As such this isn't a freedom of information issue, though it will probably be used as s
Re: (Score:2)
The problem is that here in Canada, we have stringent privacy laws. He's in the wrong because he got information that wasn't redacted as it was supposed to be by the law. The NS government itself is in breach of the privacy laws because they're not supposed to store personal information like this. Government agencies that handle this stuff have a PIO that scrubs information out for FOI requests. Likely, nothing will happen to him in the end or he'll be given a suspended sentence(meaning no criminal reco
The information was published (Score:2)
Blame the kid! (Score:3)
Yeah, sure. Blame the kid. Don't talk about how you fucked up your security so bad that even a kid can bypass it. No, focus on how you were done wrong.
Seriously, if a small kid can bypass your security, you deserve to be 'hacked'. No mercy for incompetence!
We're talking Nova Scotia here (Score:2)
We appear to have a classic example of government ineptitude in an obscure part of Canada, where it will be very hard to find competent IT staff. We should not be surprised at the cockup...
Re: (Score:2)
Translation (Score:2)
If your government is too stupid to secure their databases, you go to jail.
Re: (Score:2)
This is where Canada is going? (Score:5, Interesting)
As an Atlantic Canadian this makes me unbelievably sad.
They just traumatized a family because the government was incompetent. Is this truly where we're going?
They fucking interrogated his 13 year old sister?! I mean the documentation was fucking public; THIS IS HOW THEY CHOOSE TO HANDLE THEIR INCOMPENTENCY?
PM is outright saying he stole sensitive information; 15 officers raided the house.
Atlantic Canada is a pretty quiet place, and there's already enough sketchiness about how the general population feels about our police force; they're really not helping their case. I swear if they (Gov. & police force, RCMP I presume) don't get any repercussions for this I'll be legitimately scared of continuing to live in this country. This is beyond fucking ridiculous. I mean 10 fucking years in prison??
Yeah; I'm fucking angry, sorry.
Re: (Score:3)
Re:This is where Canada is going? (Score:5, Funny)
Yeah; I'm fucking angry, sorry.
That's the most Canadian thing I've ever read.
If you put it on a public web server... (Score:3)
...expect that people will find it. This is not hacking, this is shoddy practices by the people running the FOI site and they're blaming the public. Of course, it would require a modicum of technical understanding to not blame someone else.
Information hoarder (Score:3)
"He usually copies online forums such as 4chan and Reddit, where posts are either quickly erased or can become difficult to locate."
I thought that only porn hoarders existed, but this guy was hoarding 4chan's shitposts.
In My Backyard (Score:5, Informative)
So I live in Nova Scotia; i.e. this is happening in my backyard. This is absolutely about the provincial government trying to cover its a**. The mistake was discovered internally when a government employee did basically the same thing and accidentally put in a wrong URL... and instead of getting a 404 got documents that shouldn't have been public-facing (including docs with personal info, SINs and the like). Rather than owning up to the mistake and dealing with the consequences, the provincial government kept it quiet for 7 weeks, and are now using this kid as a scapegoat ("EVIL HACKERS, CLUTCH YOUR PEARLS!!!!"). It's absolutely disgusting, and I hope the court of public opinion judges them (the gov) harshly.
Public information (Score:3)
Freedom-of-information not itself free?.. (Score:4, Insightful)
I'm confused... Shouldn't the freedom-of-information releases themselves be freely available to the general public?
Archivist (Score:3)
"Archivist"? A 19 year old.... archivist? What kind of bullshit made up term is...
The teen is estimated to have around 30 terabytes of online data on his hard drives
...Well alright then. I'm not even mad. Props to the archivist.
Will do wonders for the bureaucracy's budget (Score:2)
When the IT department of the province goes to the assembly, it will be able to use this to demand a big rise in their budget. Hog heaven for top managers who can avoid the blame!!
Re: (Score:2)
They got lucky because he's in the same country and they can actually charge him. If he had been a, say, Russian hacker...
Ok, then we would probably not even hear about it because then they'd have to admit they fucked up and there's nothing they can blame but themselves for criminal neglect.
In other words, who says it didn't already happen exactly that way, too?
Re: (Score:2)
Government prosecutors actually think Hollywood produces documentaries.
Part of my job is to help law enforcement with computer related crimes. I really, really wish I could make at least half of the utter stupidity that drools out of some of the requests public.
Re: (Score:2)
Which is a pity, considering that he's more computer savvy and qualified for the job than the useless cunt that created the system. Who is, by the way, the one who should be thrown in the slammer and forbidden to ever come closer than a lightyear to a computer.
Re: (Score:2)