Hacker News new | comments | show | ask | jobs | submit login

> In order to be polite, you have to speak. [...] anything you say can be held against you in a court of law.

I think this is going a bit too far.

Can you come up with any reasonable way that "Hello, how are you?" and a smile can be used against you? This way you're polite. If this could be used against you in some way, why would you believe that any laws or rules would be obeyed?

On the other hand "None of your business" can be used against you. Saying that, you're being unreasonably aggressive in your conversation.

The author is a lawyer and states that ""None of your business" is a legally safe response, and does not open you up to criminal charges. Can you walk us through how you believe you might have violated a criminal statute with that specific answer?

With that said, "Hello, how are you" sounds fine (to me). But "Business or Pleasure" is a question that is fraught with legal peril.

It is fraught with theoretical peril in this guy's exposition, but I haven't seen any evidence that it's actually fraught with any practical peril. Many millions of citizens are asked this question every year, but "business or pleasure" does not appear to be a significant vector for criminal convictions the US.

This notion that answering "just visiting" to that question is some kind of pernicious legal tripwire seems like a fantasy, especially considering the fact that the border police can search you without provocation or cause if they really want mess with you.

You are one of a fairly small number of people worldwide who can be considered to be experts in computer security, yet you keep admitting here that this guy's approach is theoretically valid, and you just have a problem with it practically.

I really don't understand that.

How is that not like my saying, "Well, sure, theoretically I should be hashing the passwords in my database, but practically speaking we can't expect that it's going to matter anyway."?

(I upvoted you).

You are making an allusion to the perennial controversy over "theoretical" vs. "practical" vulnerabilities in my field. That's an interesting point, but unfortunately not a valid one.

In security, "theoretical" vs. "practical" is a fig leaf used (mostly) by vendors to avoid facing up to their responsibilities after having shipped flawed products. Calling something "theoretical" shields people from culpability, mostly in public relations, but clearly isn't actually an assessment of the real-world impact of most vulnerabilities. It's spin.

But the fact that the words "theoretical" and "practical" can be used as spin doesn't mean the concepts of "theory" and "practice" are inherently spin; the reality is quite the opposite. Outside of computer security, we'd be well advised to use those words more; our adhesion to the notion that all theoretical threats are practical is probably a major component of the "security theater" trend that has us all getting electronically strip searched in airports.

Yeah, I see what you're getting at. For my part, while I'm interested in computer security, I'm more interested in legal (or "real-life", or "social", or what-have-you) security. So, I'd be more inclined to say that when there's a theoretical legal attack, it should be handled as though it were a practical one.

I recently had a close friend go through the court system on multiple felony charges. That particular introduction to the legal system was eye-opening.

I'd be inclined to say that when there's a theoretical legal attack, it should be handled as though it were a practical one.

The real flaw in this argument is that as soon as you mark yourself out as "that guy who's being a dick" you attract a lot of attention, and you're more likely to wind up in court on some other charge.

For instance, there's a very high probability once you've started being a dick that they'll decide to thoroughly search your suitcase. Have you accurately reported the value of all goods acquired overseas on your customs declaration form? If you haven't (or even if you have but they feel like quibbling over the value of some of those goods, or if they suspect that some of the goods acquired in the US were acquired overseas) then you could potentially wind up getting charged over that.

The real flaw in this argument is that as soon as you mark yourself out as "that guy who's being a dick" you attract a lot of attention, and you're more likely to wind up in court on some other charge.

But doing the right thing can also get you into trouble. Just as Pascal Abidor.

Another way to say that is that there's no such thing as a "theoretical" vulnerability. There's either a working exploit, or there is not and we can test it. In physical security, though, there are plenty of movie plot threats that nobody has ever actually tried and which are not, in fact, practical.

With software, you can have the computer try millions of times to go after that one crazy race condition. Meanwhile, your average crazy bomber generally has one chance to get it right before everyone on the plane attacks and subdues him.

Tone of voice is just as important. I have an in-law who’s a cop, and most times if you're a jerk, he says you get the ticket you might otherwise not have. It’s very much an issue of power because someone needs to control the situation—you or them. Not to mention, being argumentative gives them a reason to suspect something else might be going on, and in turn, mess with you. Why give them that chance?

I wonder if he would try another experiment where he actually answers the questions as asked, but instead makes his tone sarcastic, etc. I bet he's pulled out of line just as quickly for cooling down, even though legally he’d have complied.

I think the point of saying nothing is that once you open your mouth, you can say something inadvertently that could be used against you (rightly or wrongly). Once the words start coming out, one follows the other, and you'll likely end up saying something you didn't want or need to. If your policy is to maintain silence except for the most basic interactions, then accidental self-incrimination is much less likely.

Lying to a federal agent. You're tired and angry dealing with the border security, but responding "great" or "fine" is technically 5 years federal prision.

I'm not sure how they could actually prove that, save you telling someone else you're tired and angry.

Please find one example in the history of ever of someone doing 1 day --- forget "5 years" --- for responding "great" or "fine" to a border police officer.

Whether it has already happened does not change whether it could happen. You only need to encounter one asshole like the one here: http://boingboing.net/2007/04/24/canadian-professor-d.html and you're screwed.

You just cited a case of an alien being denied entrance to the US as evidence of the notion that someone might be convicted of a felony and serve time because they answered "great" or "fine" to a border police question.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact