Hacker News new | comments | ask | show | jobs | submit login

Why would he, (neo), have any target from the law on his back? He wasn't sharing or selling the information. LocationSmart should be the ones getting fucked.

Under the ridiculously broad scope of the CFAA, that doesn't matter. The CFAA can be (and has been) twisted to prosecute people that do anything to a computer system that they do not own if the system owner could even remotely perceive said action as harmful. It's been used in the past to prosecute security researchers for accessing publicly available websites because the website owners claimed that they weren't "meant" to be public, they were only publicly accessible to make it easier for the actually "authorized" people to access them.

Even doing something like an nmap or a simple ping against a server that you're "not supposed to" could put a target on your back from an overzealous prosecutor.

See https://www.theguardian.com/technology/2014/may/29/us-cyberc...

If we want to be really pedantic here, didn’t LocationSmart violate the CFAA? Their system queried the location of users’ devices without their consent. Does tower triangulation count as accessing the device?

I believe the flow of info goes:


The carrier determines the location of the phone because it's a cell phone. The Carrier provides the information to LocationSmart. There's no querying of the devices by LocationSmart per se.

Telecoms, not LocationSmart, are to blame here. They made an API providing access to location information without any supervision.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact