
Porn at work = felony hacking? - knieveltech
http://www.wired.com/threatlevel/2009/05/court-upholds-hacking-conviction-of-man-for-uploading-porn-pics-from-work-computer/
======
briansmith
This is a huge deal. If your company has an acceptable use policy then you
could be convicted of a felony for something as benign as checking Facebook or
Twittering. That is insane.

You might say "my company has no official policy, so it can't happen to me."
Wrong. Accroding to this ruling, you are a felon for doing _anything_ on _any_
computer, unless you were expressly authorized to perform that action on that
computer. From the article:

'He added that the city had never actually disseminated a policy regarding
internet usage to tell workers what was inappropriate.

'"They had crafted one but they hadn’t published it," he said. "So there was
in effect no policy and no protections on the computer--no password protection
or filtering of any kind--so basically anybody could access anything on the
internet through the city’s computer."'

~~~
knieveltech
We can only hope some sanity will be injected into this process as the case
proceeds through the higher courts.

~~~
gustavo_duarte
I'm not sure. In this case the law itself is insane, so the remedy may have to
be legislative rather than judicial.

~~~
anigbrowl
And uploading 700 kinky pictures of yourself _from work_ is sane?

~~~
gustavo_duarte
It's not, and nobody has claimed it is, but I don't expect every city employee
to behave sanely.

I do have an expectation of sanity from the law however, which is broken when
porn surfing becomes a felony under a law aimed at computer breakins.

~~~
anigbrowl
But if you read the text of the law in question, it covers a variety of
offences _including_ computer breakins. Your perception is that hacking is the
focus of the law and it's been misinterpreted to include this other activity,
but in fact hacking is only one of several things covered by it.

It's Ohio revised code 2913.04.b: 'Unauthorized use of property - computer,
cable, or telecommunication property' and is available here:
<http://codes.ohio.gov/orc/2913.04>

Am I the only person here who took the trouble go and read it?

------
old-gregg
Back in late 90s I knew a guy who hated his job so much that instead of
programming enterprise apps in Java he started running his own porn site on
company servers.

When IT finally discovered this, they shot it down immediately and reported
the incident to HR. The dude, however, was so ignorant that he called internal
(!) IT support and complained that one of his servers in company data center
wasn't responding.

He got fired.

That allowed him to work full time on his new business and he advanced to
moving to California and opening his own production studio. Here's another
entrepreneurial story for you all.

------
gustavo_duarte
Incredible. From his appeal:

 _"one count of unauthorized access to a computer, with a specification that
the value of the property or services stolen was more than $500 and less than
$5000, in violation of R.C. 2913.04(B), a fifth degree felony;"_

I'm not sure how they calculate the 'value of property or services stolen'.
One could buy a laptop for under $500 and surf the web, no?

The appeal also quotes the law he supposedly broke, R.C. §2913.04:

 _"No person shall knowingly use or operate the property of another without
the consent of the owner or person authorized to give consent."_ and

 _"No person, in any manner and by any means (...) shall knowingly gain access
to (...) any computer, computer system, computer network, (...) without the
consent of, or beyond the scope of the express or implied consent of, the
owner of the computer, computer system, computer network (...)"_

As briansmith points out, you could be a felon for twittering from a work
computer based on this law plus the wacky damage assessment.

Of course, the reason this guy was nailed so hard is because he was using
Adult Friend Finder. If he'd been on a cross stitching site or on ebay, he
would not have been prosecuted this hard or convicted of hacking by a jury.

~~~
dkokelley
_I'm not sure how they calculate the 'value of property or services stolen'.
One could buy a laptop for under $500 and surf the web, no?_

The services stolen in this case are the employee's paid for time. By surfing
porn on city time he was depriving the city of $500-$5,000 worth ($2400, it
looks like) of their employee's time. Ridiculous, I know.

From the article: _"...theft of services in office (essentially for depriving
the city of his paid services while he conducted the unauthorized activities
on a city computer on city time)"_

~~~
gustavo_duarte
His stolen time is under a separate charge of 'theft in office'. So this $500,
afaics, is specifically for the computer/network.

------
wmf
This has been going on for 15 years, but it's not clear to me what to do about
it.

<http://www.lightlink.com/spacenka/fors/>

------
mynameishere
The best practice is to remote into your home computer.

~~~
jonursenbach
Not really, you're still using your computer for things that you shouldn't be
using it for.

~~~
mynameishere
I think it's understood that only serious misuse is going to wind up in court.
What are they going to do with an encrypted stream?

~~~
jonursenbach
The fact that you're tunneling into an encrypted stream to a computer offsite
is not going to help your case if they find out.

~~~
mynameishere
No, seriously. This gets at the whole point of encryption. When this guy went
into court, they showed the jury all of this bdsm porno, pictures of the guy
naked, showed that he was committing other crimes like solicitation, etc, and
that's why he's going to jail. A bunch of random bits don't have the same
impact, especially if the defense implies that he was checking up on his ebay
auctions.

~~~
jrockway
Exactly right. This was a sex issue, not a computer hacking issue.

