
Is it legal to use data from data leaks? - jamesmurray
So, to what degree, if any, am I allowed to use data that is leaked or stolen?<p>Obviously, it&#x27;s wrong to sell stolen information or exploit it to harm other people. It&#x27;s also wrong to release personally identifiable information that could harm an individual.<p>However, wouldn&#x27;t it be reasonable to use the stolen info to say, use the dataset to get aggregate statistics, and figure out how many migrants there were in a metropolitan area? Couldn&#x27;t this be used in the public interest?<p>If this is not reasonable, here&#x27;s a list of questions:<p>- Why isn&#x27;t this reasonable?
- When the NYTimes releases emails from leakers or hackers, why is it reasonable? It doesn&#x27;t seem like anyone goes to jail for this.
======
wahern
In the U.S. if the data has leaked to the public then the First Amendment
protects you unless or until there's some intervening obligation, like for
people who have government security clearances. But if there's any serious
doubt about whether its already public then you should ask a lawyer. Unless
it's already been disclosed by major media then you may want to at least think
twice.

There are obvious analogies to stolen goods, but you have to be careful there.
You could distinguish data similar to how the law distinguishes money. If a
bank robber uses a $20 bill at the 7-Eleven for a 6-pack of beer, the 7-Eleven
is NOT in possession of stolen property and therefore doesn't have to worry
about the government seizing the $20.

Similar considerations can be made regarding data, especially on First
Amendment grounds. Certainly journalists have some protection in this regard.
But in general I think the law is rather murky in this area so either seek
legal counsel or caveat emptor. Certainly if you could be considered to have
any relationship to the person who stole the data or to whom it was stolen you
would want to steer clear.

------
yulaow
It depends on the legislation, but in general: NOPE.

You have to treat stolen data as a stolen object. Even if you get them by
legal means (eg a robber sold you a "you didn't know" stolen object with a
legal contract) it still remains a stolen object and as soon as you
discover/know it is stolen you must return it to authorities or the
proprietary.

In EU for the data you must get the consent even in third party "reselling"
even if you already had it for your own use.

If stolen there is no way you could use that data legally because the property
is both of the users and of the company/entity from which they were stolen and
you are not authorized to treat it in any way.

It is different if the data is public domain/interest (eg for the case of the
journals, they just release data that authorities made public). But, indeed,
an authority must decide so

------
LinuxBender
Shouldnt the title include "Ask HN: "?

I am not a lawyer, nor do I play one on TV.

If you obtained something that is stolen, would you feel comfortable
explaining to law enforcement or a judge why you have it and how you obtained
it? Do you have the time and resources to deal with the hassle? Newspapers
have plenty resources and experience in this area.

I would consult a few lawyers prior to handling information that was intended
to be private.

------
pravula
IANAL, but an example of someone using leaked/stolen datasets:
[https://haveibeenpwned.com/Passwords](https://haveibeenpwned.com/Passwords)

