

A "GET" request can land you in Jail - narayanb

After reading through the judgment of Andrew Auernheimer case, I feel really taken aback and scared! How could calling 'public' GET API be unauthorized action?
How could the judgment be passed so fast and carelessly? 
And why aren't the AT&#38;T 'subscribers' suing them for keeping their private information insecure?<p>Frankly, now as a developer every time I make a "GET" request, I have this fear of getting jailed!
======
beryllium
It's a bit absurd. A chilling effect, even; now, instead of responsible
disclosure (which weev seemed to think meant scraping 100K examples of the
data and giving it to a Gawker reporter), we'll be left with irresponsible
disclosure (anonymously reporting it or selling it on the black market).

That said, I don't think AT&T would necessarily have reacted well to an
attempt at real responsible disclosure.

For an example of the ideal scenario for how this should be handled, there's
the Steam data leak that Ars Technica found:
<http://www.gibsonindex.org/blog/2013/02/06/steam-leak/> \- I rated it as a
Level Zero event on my cyber attack ranking blog, because of the proper
resolution.

I agree that the blame in this case lies mostly with AT&T. It's their
responsibility to protect the data. They build the program so that if anyone
asked it for anyone else's info, it went "OK, sounds good, here you go."

Weev was the one who asked. AT&T should be on the hook for answering.

~~~
narayanb
But from a pure legal standpoint, any API developer can face jail term if they
suddenly change their terms/conditions.

~~~
anywhichway
I'm not a lawyer, but violating terms, conditions, or other contacts in non
malicious ways generally aren't going to be criminal offenses. They are civil
offenses for which the main recourse is only for the company to sue.

------
logn
It's concerning. But I honestly think this had everything to do with his image
and little with his actions. He's well known for trolling with offensive
messages and being affiliated with grey hat hacking. Neither of these are
necessarily wrong/illegal/immoral, and I'm not saying this is karma at all,
but he's the type of person the FBI wants to see in jail one way or another.

But yeah I've spent many years in web scraping and this type of reaction is
always in the back of my mind. If you're really that worried, keep good
company.

Anyhow, we should do what we can to inform non-technical people about these
issues so they're not so mysterious and scary. How do you think gay rights are
so mainstream? Years of people being vocal about what's right.

