Forgot your password?
typodupeerror
Iphone Security Apple

Punishing Security Breaches 151

Posted by CmdrTaco
from the it-has-to-happen dept.
Schneier has a story on his blog this morning about punishing security breaches. This one is in response to the tale of Gray Powell, the Apple engineer who left an important bit of technology in a bar recently. You might have heard of it. You also might have been on either the breacher or the corporate side. I'd hate to be in either position myself.
This discussion has been archived. No new comments can be posted.

Punishing Security Breaches

Comments Filter:
  • by eldavojohn (898314) * <eldavojohn@@@gmail...com> on Monday April 26, 2010 @11:10AM (#31984604) Journal
    I caught a an article on NY Times [nytimes.com] that outlines the San Mateo police's options for prosecuting Gizmodo for purchasing the leaked iPhone. From the article:

    California law prohibits the sale of stolen goods and states that a person who uses someone else’s lost property without permission may be guilty of theft.

    And since it's over $950, it's a felony. Even if they didn't know it was stolen, they could face a lesser charge of "misappropriation of lost property" which is a crime but not theft. Charges haven't been pressed yet but the police say they're investigating the options.

  • by Sandbags (964742) on Monday April 26, 2010 @11:47AM (#31985078) Journal

    I'm not an expert in CA's version of this law, but here, it;s only stolen property if its REPORTED stolen, or if the owner comes to claim it and wishes to prosecute. Apple admitted they're not interested in filing criminal charges against Gizmodo (they could not buy publicity like they got, even if they didn't want it on that day). Since there's noone to make the charge, the police can not act on their own. Cops can't bust you for unreported crimes unless they're under certain statuates.

  • by SharpFang (651121) on Monday April 26, 2010 @11:50AM (#31985134) Homepage Journal

    The seller spent a pretty long time in the bar asking the patrons and the barman about the phone. He made it pretty certain this was a found item, not a stolen one and went to quite a bit of lengths to find the owner, and has a bunch of witnesses to confirm it.

  • by stonewallred (1465497) on Monday April 26, 2010 @12:20PM (#31985504)
    Which ever one that allows the DA to charge you with a felony. Unless of course you are connected, then it is which ever one that allows the DA to charge you with a misdemeanor which he'll drop under a prayer for judgment. The amount of leeway a DA has is what makes the US legal system appear to be so uncorrupted when compared to the rest of the world. But the corruption lies within the system, at the level of discretion the DA and judges have.
  • by xeoron (639412) on Monday April 26, 2010 @12:27PM (#31985580) Homepage
    I, Cringely [cringely.com], has a post saying it that this was a calculated Apple PR stunt. The only way to prove this would be if the engineer gets fired or Apple files charges against one or more parties.
  • Meh.. in most cases I would agree with you, but Gizmodo made it known that they had the property (after the finder himself tried to contact Apple), and returned it to the rightful owner when asked.

    After disassembling it, and posting the disassembly photos on their website, earning a huge wad of cash from advertisers in the process.

    Purchasing the property may have been an offense within the letter of the law, but it's a very weak chain of events for claiming damages when the property was promptly returned.

    Actually, the letter of the law prohibits the user from any use (I believe the statute says 'realizing benefits from') of the solen property as well. If they purchased the iPhone in order to funnel it directly to Apple to preserve their confidentiality, you would be right. However, they made money off the prototype, putting them clearly in violation of the law.

    That said, I doubt Apple will press charges, but it seems they are clearly within their rights to do so.

  • by zerofoo (262795) on Monday April 26, 2010 @01:34PM (#31986272)

    Long ago we decided that if anyone in our company breaches security by losing an access card, or sharing a password, we would not punish the person responsible if they came forward immediately.

    This policy encourages a quick resolution to the security breach. A lost security card or password can be disabled or reset thereby limiting the damage the mistake caused.

    Persecuting people that make mistakes only delays the notification process, and then delays the fix - putting more people/things at risk.

    People make mistakes, they happen, and there is nothing you can do to prevent them.

    -ted

  • by Jawn98685 (687784) on Monday April 26, 2010 @01:49PM (#31986446)

    The question is: will they simply pay a fine, or will someone actually get to face a criminal charge? All too often (in the US) people get off free because the offense is blamed on the Corporation® and not the individual acting on behalf of the corporation. If this is knowingly purchasing stolen goods, then it should be treated like any other case of the same.

    You don't understand. The Supreme Court of the United States has determined that corporations (e.g. "big business") get to enjoy all the benefits of citizenship with none of those annoying responsibilities (paying taxes, obeying the law, etc.). If you think that''s wrong, you must be some kind of socialist.

"Out of register space (ugh)" -- vi

Working...