Hacker News new | past | comments | ask | show | jobs | submit login
Prosecutor won't charge reporter who uncovered database flaw (kshb.com)
264 points by ro_bit on Feb 13, 2022 | hide | past | favorite | 122 comments



>Cole County Prosecutor Locke Thompson released a statement Friday saying there is an argument to be made that there was a violation of law, and that the issues at the heart of the investigation have been resolved through non-legal means, the St. Louis Post-Dispatch.

That sounds more like that "we would have prosecuted the reporter" if they hadn't discovered that the "state education commissioner initially planned to thank the newspaper for finding the problem".

They should have profusely thanked him and also given him an award.


> also given him an award

Find a vulnerability for a big tech company, get $10,000. Find a vulnerability for the government, get prosecuted. I wonder why government IT is so far behind the private sector!


I think we shoudnt even call it a vulnerability. They send the 'secret' information in the html file, hoping that the browser does not render it (which it doesnt, so 'viewing source' was the way to see the information). I am actually surprised that the dont charge the person who set up that system; it is like broadcasting the confidential information.


They should prosecute the hacker who wrote that dangerous "view source" feature


> Find a vulnerability for the government, get prosecuted.

In fairness the government is, of course, not a monolith. There are multiple federal bug bounty programs out there [0] [1]. This is probably better stated as "find a vulnerability in the systems of a deeply corrupt, gerrymandered, and unpopular state's government's sites and be prosecuted in that state."

[0] https://www.hackerone.com/hack-the-pentagon

[1] https://www.dhs.gov/news/2021/12/14/dhs-announces-hack-dhs-b...


The government is so fragmented and ineffective that even if I did find a pentagon vulnerability, I'd feel like some other department would prosecute me for it.

One of the most unfair cases relating to security testing I've ever read about was that involving Coalfire Labs and the Iowa courthouse: https://www.cyberscoop.com/coalfire-security-pros-arrested-f...

Here's the darknet diaries episode where I first heard about it: https://darknetdiaries.com/transcript/59/


Except that they didn't get prosecuted.


How stressful do you think the last couple of months have been for that reporter?


From the Statement by Josh Renaud about Missouri investigation:

> This decision is a relief. But it does not repair the harm done to me and my family. // My deepest desire is that somehow this situation might be redeemed. And I believe it can be. // My actions were entirely legal and consistent with established journalistic principles.


Depends. Might have been a bit stressful, but this is exactly the kind of "good trouble" a good journalist hopes to be in.

They thought they had just found a mistake in the government's IT system; instead, now that have a story about a mistake in the IT system and an idiot governor who doesn't understand infosec and is too bad a leader to delegate to people who do.


You seem to be reading too much into what I wrote. I simply implied that what parent wrote was incorrect.


Stressful but also good. Much more widely known than had not been subject to this threat. Probably good for future career prospects.


I am not at all convinced that one story where the subject's reaction is out of place makes for a great career boost - though i can see ways how it achieves the opposite.

"Known to cause lots of work for legal department" could, for some bosses, be considered a negative signal in hiring. Moreover, "pisses of people with power": same.


"pisses off people with power" is sort of what it says on the résumé for any journalist worth hiring


> what it says on the résumé for any journalist worth hiring

To a good editor, yes. But I'm not sure the majority of editors are good ones, so while your point isn't exactly false, the GP's is also true (with all the other ones).


Except, to be honest, I know this story (and love to make fun of it), but I couldn't pick the name of the reporter out of a list of names


However i am probably right to assume that you are neither hiring in journalism nor working in that field.

In reverse, you probably know a lot names of startup or IT personalities, that nobody outside our field would ever need to know


well, it was on table for a brief moment... hence the article to communicate it is not happening...


And the place is sufficiently corrupt enough to have the prosecutor walking a tightrope so Parsons doesn't go after his ass too. I found the prosecutors statement very unsettling. He basically said that the reporter conducted criminal action but they are going to let it go because he has been punished enough already. Missouri sounds like a toxic, corrupt hell hole.


I don't wish that limbo to you. Not being prosecuted after such serious threats from big people is no small thing.


Well, I think if the matter reaches the prosecutor's office and it sits there for several months before a determination is made whether to proceed, it's not a stretch for the party involved to prepare as if he will be prosecuted.


What are the details behind «resolved through non-legal means».

The display of corruption has been stellar.


> What are the details behind «resolved through non-legal means».

The prosecutor did what the governor refused to do: Asked someone with a clue, and found out that absolutely no crime took place. Technical / factual means, not legal.


Clearly states need to start issuing equity options to govt employees on their future tax revenue. That and somehow raise property values in the middle of Missouri to $500/sq ft.


You can definitely thank the government for lowering property values!


Just another reminder that DAs and prosecutors are just cops with law degrees. No interest in figuring out what really happened and furthering justice, everyone on the other side of the line is guilty and they only decide to charge or not based on whether it serves them, and most importantly they are never, ever wrong.


That's a state of mind that is favored by an adversarial system.


Granting the premise (not sure quite what the premise is) for the sake of argument, what would be the alternative?


I read it as more of “he did nothing wrong but I can’t make the governor look bad so I’ll imply it was obvious he was guilty but we’re being magnanimous about it.”


That seems to be exactly what he's saying. People here seem to want to make the DA out to be as stupid as the governor or as a malicious person, but based on this statement he didn't actually think he had a case. Saying that something could be argued means that you're coming in with an argument that could be accepted if you overlook all sorts of details and context.


Yep. The right way to read this is that if a persecutor thinks there's a case, they'll prosecute.

Not prosecuting means they don't think they can possibly win. Anything that comes out of their mouths after is window dressing.


I also feel MBCook is probably right. In this particular case, however, there does not appear to be any argument for prosecution that does not immediately look preposterous as soon as you give it any thought. If this is so, then, by equivocating - for political expediency or any other reason - the DA is inviting doubts about his competence or integrity.

I'm hoping that "the issues at the heart of the investigation have been resolved through non-legal means" is a paraphrase for saying that the DA pointed out to the governor, directly or through his aides, that any attempt to prosecute would fail and bring down a heap of public ridicule.


> the DA pointed out to the governor, directly or through his aides, that any attempt to prosecute would fail and bring down a heap of public ridicule

If so, then apparently not strenuously enough: The governor went right out and issued a press release that invites just as much ridicule as his previous statements.


That was certainly my interpretation. I can't really think of a more politically savvy thing the prosecutor could have said.

"there was an argument to be made that there was a violation of law" is fantastic in the way it appears to be saying something but it's not actually saying anything.


That's some serious weasel wording. "There is an argument to be made" means that one could make that argument, not that you are making the argument, or that the argument has any merit, or whether it would be thrown out of court, or whether you consider this whole thing a waste of your time and would rather be doing your real job right now.

Actually, I think I'm going to use that.


There’s an argument to be made that this DA is competent at his job.


A far better one than him phrasing it that way; a way which shows that he is pretty competent.


Sounds like he's just being diplomatic. It would sound a lot more like criticizing the governor if he were to say things like "There is no argument whatsoever that can be made. In fact I don't know how the this dumbass case ever got this far" and so forth.


Why is it so hard for states to admit that they were wrong?

They really act as if there would be an immediate coup if people saw the rulers were flawed.


Because someone on the other side will use it in a campaign add within 48 hours.


> They really act as if there would be an immediate coup if people saw the rulers were flawed.

January 6 was kind of a big deal...


There was a violation of the law: the dissemination of private information by the government. Unfortunately they are not interested in prosecuting that but it would have been nice if someone had sued them as they were sending it completely in the open. At leasr they could make some introspection in what kind of contracting process is in place because it's a complete disaster.


The language is steeped in "don't embarrass the boss"


Related past threads:

The governor of Missouri still doesn’t know how websites work - https://news.ycombinator.com/item?id=29752259 - Dec 2021 (21 comments)

Reporter may be prosecuted for using “view source” - https://news.ycombinator.com/item?id=29737412 - Dec 2021 (163 comments)

Reporter who told Missouri officials of website flaw did 'nothing out of line' - https://news.ycombinator.com/item?id=29098289 - Nov 2021 (190 comments)

Gov. Parson releases video attacking newspaper for viewing HTML - https://news.ycombinator.com/item?id=28980855 - Oct 2021 (26 comments)

Gov Parson pushes to prosecute reporter who found security flaw in state site - https://news.ycombinator.com/item?id=28946392 - Oct 2021 (525 comments)

Governor vows criminal prosecution of reporter who found flaw in state website - https://news.ycombinator.com/item?id=28866805 - Oct 2021 (678 comments)


I like how all the statements from government employees imply "we are being nice." Like no, you're incompetent and this person did you a favor and you got butthurt that you look stupid and decided to jeopardize someone's life to throw a hissyfit and now you're backing off because you look even more stupid and refusing to admit it and so look even more childish than that. That's what happened. You didn't "decline to prosecute as is your prerogative." Just admit you were wrong, you might salvage some respect.


> You didn't "decline to prosecute as is your prerogative."

Those were the governor's words, not the prosecutor's.

> Just admit you were wrong,

As I read it the prosecutor did; only the governor didn't.

> you might salvage some respect.

So to me, again: The prosecutor did, the governor didn't.


this is exactly the roll our judicial branch should play and so rarely does.

Step by step in America, the judicial branch has become more and more deferential to the executive branch when it comes to law enforcement. The reality is that I (and you) should have zero expectation that they will protect you from bad state actors at this point.

It is something everyone involved with the judiciary should be embarrassed about.


And now he should sue both the law enforcement department and Parson. Make them pay for this bullshit and also a precedent should be laid down like a marker in the sand. Not sure what that marker is exactly, but at the least it will be ‘don’t be batshit crazy like Mike Parson.’


> Not sure what that marker is exactly

How about making it illegal for a state official to explicitly make credible threats to use unjustified state violence against someone? Similar to how it’s illegal for anyone to make credible threats of unjustified violence against anyone else.


Even if it became illegal, qualified immunity would protect the offical who made the threats, so officials will likely never be personally impacted by breaking the law and so it'll keep being broken.


That is a solid take. It's also the reason we have the second amendment.


Downvoted fact? Cool.


Not really factual.


While many wear the badge of hacker with pride, it seems that the government officials calling him a hacker is clearly defamatory and potentially injurious to his journalism career in this situation.


He, the journalist? Not the public? Corruption in the state - in the country -, and of such level, is not just the direct victim's business.

Has there been an uproar in the population?


Practically speaking, the system is designed to deal with this by people not re-electing Mike Parson.

... Good luck.


“There is an argument to be made that there was a violation of law.”

I mean, not really, but I guess that could mean anything.


I think that translates roughly as "I'm not allowed to say 'this was fucking stupid' because it involved the Governor".


It’s the verbal equivalent of drawing on a hurricane map with a sharpie.


The governor's argument was. The DA magnanimously acknowledging that the governor can make that argument wasn't; it was as diplomatically suave as a White House official saying the President can do what he wants with government sharpies.


The thing is though, I think this is basically correct. They probably could prosecute the reporter if they really, really wanted to. Not that I think they could actually convict someone who was obviously acting in good faith to report a security vulnerability, but security research of this kind seems like such a gray area legally speaking. In general we wouldn't treat an obvious flaw in physical security as a mitigating factor for theft. That is, if I drop my wallet in a public place it is still probably theft for someone to pick it up and take the cash inside.

To be clear, this is in NO WAY a defense of the way the government acted in this case which was both insane and harmful, but just to say that a lot of what makes things illegal is subjective judgements about intent. This is why professional pen testers (the careful ones at least) generally specify in very clear terms what the scope of their engagement is (and still sometimes end up getting arrested). I can only imagine that doing independent security research is a mine field.


This is not like dropping a wallet in a public place. This is literally the equivalent of sending your wallet to my house amongst other things that I actually requested. When you visit a website you are essentially trusting the website and giving it permission to download arbitrary data (in the form of HTML, CSS, and Javascript) to your machine. Now imagine if that website gave you more data than you intended to the point where it made you liable as an owner of something you neither intended to have nor wanted.

In terms of delivering something malicious to someone under no presumption of its deliverance, it's analogous to the extreme case of someone shipping a whole bunch of cocaine in a package with a book that you ordered. If we want to get closer to the actual problem, it's like you finding a paper shipped with your book and seeing a whole bunch of social securities numbers on it that may have included your own! Now if you have reasonable indication that this list was being sent out to everyone who ordered books from a specific place, of course you'd want to inform the people sending books to stop doing this so you could feel safe about your personal information.

Now imagine instead of protecting the information which has been going out to random people, the company decided to get angry and attempt to prosecute you for pointing out their negligence. It's absolute idiocracy.

As one of the Missouri residents who had their social security number exposed in this way I'd be furious at those who were delivering it.


Right, you should be furious at the people who created the site because they are absolutely at fault. But X is at fault for ludicrously bad security practices and Y exploited said bad security illegally are not mutually exclusive.

But to use your example, if you accidentally ship you credit card to me amongst a bunch of other papers, it would still be illegal for me to sell the information on the dark web. Likewise, if the reporter in question took the SSNs and sold them on the dark web that would presumably be prosecutable as well. Now if I just took the credit card and returned it to you, I don't think any reasonable person would consider that illegal (and I certainly hope that no prosecutor would try and bring a case for it). My only point is that we ultimately are making judgements about malicious intent.

To be clear I don't mean to imply this is just some misunderstanding either. Obviously the MO governor is just being a blowhard to try and deflect blame for a really bone-headed screw up. But I see a lot of discussions in security/hacker circles where people seemingly think that if security is bad enough, then whatever you do to exploit it cannot possibly be illegal. But I don't think that is true and people should keep it in mind.


> But X is at fault for ludicrously bad security practices and Y exploited said bad security illegally are not mutually exclusive.

No, but even that wasn't the case here.

When X has NO -- not even "ludicrously bad" -- security, Y can't have "exploited" anything, because there was nothing for them to exploit.


> but security research of this kind seems like such a gray area legally speaking.

Security research in general is a grey area. “Security research” of this kind is like spotting that the entire database is on file in a public library, with confidential data “encrypted” using Pig Latin, then reporting it to the librarian.


You're right, I shouldn't have said "of this kind" because in this case I don't think any sane person would think this was nefarious. But my point was just that, to use you example, the only way you would know that said database had confidential information in it would be to "decrypt" it. Then it is a question of why you did that. Was it malicious? No, but a sufficiently bad faith actor my try to argue that it was so you should be careful.

Take another example. Say you fire up Wireshark in on a public network like a coffee shop and see some unencrypted network traffic with confidential information in it. The packets were delivered to your computer and there for anyone to see. But why are you capturing traffic that wasn't intended for you (in the broader sense)? What if the traffic IS encrypted but with weak encryption that is easily cracked? As soon as you step off the path of "I am viewing information which was clearly meant for me" you're in a gray area. Of course as a society we should recognize that people who do these things and then responsibly disclose them are doing a valuable public service, but not everyone understands these things. Or in this particular case, some people are heavily incentivized to make bad faith arguments in order to deflect blame from their own screw ups. So it's worth being careful.


> But my point was just that, to use you example, the only way you would know that said database had confidential information in it would be to "decrypt" it.

While it looks obscure to the uninitiated, anyone with a day-to-day familiarity with Pig Latin (e.g. a schoolchild) would be able to just read the information straight off, with little-to-no conscious “decoding” stage.

> As soon as you step off the path of "I am viewing information which was clearly meant for me" you're in a gray area.

People say that, but the law is usually quite explicit about such matters. Your “grey area” is just ignorance of the law. (And I'll go on record as saying that the law around this is usually really silly.)


For those interested you can read the reporter’s full statement here: https://joshrenaud.com/pd/josh-renaud-personal-statement.pdf


Quote: ""The state did its part by investigating and presenting its findings to the Cole County prosecutor, who has elected not to press charges, as is his prerogative," spokeswoman Kelli Jones said."

If they would've continued, then the prosecutor would've been laughed out off the court by the judge. The lawyer defending the journalist would've called this the easiest case of his/her career. This statement is made to look official to save face. Plain truth is that the state simply fucked up badly, starting from the head all the way down to the tail.


Unfortunately that's not necessarily true. There are plenty of examples of prosecutorial over reach and unfair sentencing because our laws were written by people who fundamentally don't understand technology. It will probably take a few generations to fix that.

Common sense won out in the case, but it certainly helped that the target was a reporter instead of a security researcher or ordinary citizen.


> people who fundamentally don't understand technology. It will probably take a few generations to fix that.

No, it won’t be fixed. You seem to imply that people are actually deciding things based on their understanding of the facts. I don’t think so.

I think that people in these positions don’t care if they understand technology or not. They care about how they will look. If they can get away with pleasing their confederates by pretending they don’t understand technology, they will do so. If they could please them by pretending to understand technology and do the truthful thing, they would do that. They might (or might not) actually understand technology, but this has nothing whatsoever to do with what they will actually do. They will do the most profitable thing they can plausibly get away with. In a few generations, as you say, people might have less room to blatantly pretend they don’t understand a certain level of technology, but I have a feeling that techology itself will have become proportionally more complex, too, so nothing will change in practice.


No, I think GP is correct in saying that the case would be laughed out of court. Persuing this case would have been a gift to the Post-Dispatch and Ian would have been a hero.

Not only is this whole thing over literally right-clicking html, but this is a Reporter working for a local newspaper.

Imagine for a moment that this story was about a regular person who is not employed as reporter with credentials and a portfolio. Depending on that individuals circumstances, it could easily be a life-ruiner. I could think of a few people.


My impression from previously looking into this case is that there probably was a violation of the law here, but that it would be absurd to prosecute it.

The mistake here would be to assume that officials always correctly avoid absurd prosecutions.


What law specifically?


> there probably was a violation of the law here

He assessed a public web-page, found base64 encoded content, and decoded it. Please explain in exacting detail what you're claiming here both in terms of facts AND law.


> If they would've continued, then the prosecutor would've been laughed out off the court by the judge. The lawyer defending the journalist would've called this the easiest case of his/her career.

Yes, I'm sure that would be true.

Of course, I was ALSO sure that no governor would spend months (even after being well-informed about the matter by his advisors) railing against the journalist who reported this.

I HOPE I'm right that the judicial system isn't suffering from the same malaise. But I'm not longer as sure of that as I used to be.


Instead, the reporter should get a Medal of Honor for the Public Service.


Only members of the armed forces are eligible for the MOH, and IMO the reporter's actions don't really merit changing the rules


BTW the accused reporter is an occasional HN user who maintains a blog[1] and wiki[2] about BBS software. He started that site after seeing that Wikipedia was deleting pages about BBS software[3].

[1] https://breakintochat.com/blog/

[2] https://breakintochat.com/wiki/

[3] Jason Scott's blog post http://ascii.textfiles.com/archives/3826


The prosecutor’s statement is just normal posturing. It’s common language; a prosecutor will never state ‘the charges were baseless and are a waste of our time’. But that’s essentially what their statement means.


In the paraphrased words of Hackers... View Source - the only crime is curiosity.

https://www.cyberdelianyc.com/posts/view-source-the-only-cri...


This fact tells how much the Judicial system needs improvement. The fact it depends on who's sitting on a chair to determine whether a journalist should be charged for helping the public. Unbelievable...


Agreed, but this issue goes far beyond the judicial system.

The way the governor handled this situation really showed how much of a liability he feared this story would be to him and his party politically. Instead of examining the underlying conditions of the state agency responsible for the data breach, he chose to go after the messenger.

Given that every single time a company gets caught like this, the first thing we all point to is how stingy they are when it comes to security. A conservative governor doesn't want to be in a position where the solution to the problem is to spend money, so he went after the journalist instead.


If you look into the history of this specific governor and Missouri politics it makes more sense that he's an ideologue that refuses to accept any kind of bad press or even that mistakes can happen. This is the same politician that claimed he solved Missouri "covid problem" but ranks middle of the pack. It's a mindset that is all too common in politics today. Everything inconvenient is fake news. Every embarrassing headlines needs to be countered in the culture wars. Silence dissent, crush free press, etc etc.

https://twitter.com/govparsonmo/status/1448697768311132160?s...


> "decoded the HTML source code"

> "Highway Patrol's Digital Forensic Unit"

This could have been a joke. I'm sorry, but can these people be serious?

Really, the digital forensic unit is under the umbrella of the "Highway Patrol"?

I bet they're all into decoding HTML source codes all day long...


> Really, the digital forensic unit is under the umbrella of the "Highway Patrol"?

Maybe it's the only state-wide law enforcement agency?


He found an excuse to publicly attack a big-city journalist. That’s the beginning and end of the reasoning here.


And I'm sure none of his base will notice or care that months later the reporter isn't actually being prosecuted. The political points scored still count.


Maybe, or maybe it’ll be “that crooked prosecutor let him go, you need to re-elect me so I can replace the prosecutors.”


I would campaign on this alone. Say how the opposing party wants people to be insecure, exposed and that they will try prosecuting you for doing the right thing cause they have such fragile egos.


You have pointed out a weakness, but it seems in this case that it is working.

The judiciary, legislative, and executive branches of govt., as well as the other independent institutions of civil society, such as academia and the press, all must be strongly independent of each other for a democracy to survive.

In an autocracy, all of the institutions are coerced to bend to the will of the executive.

In this case, the executive (governor) made it very clear that he wanted this journalist prosecuted, a blatant attempt to bend the press to his will. In this case, it wasn't even the judiciary, but the prosecution, which is still in the executive branch, so nominally under the governor, who basically told the gov to go pound sand.

So, whenever you see executives undermining the independence of other branches or institutions, be VERY suspicious; it's a dead giveaway that they are interested in only their own power and not working to benefit the citizens they serve.


Would there not also be a grand jury involved at some point? If there is, the prosecutor's decision is more like a single point of failure in the prosecution than a single decider.


(Lawyer - but only 3 in states)

What crimes require a grand jury is state-specific.

About half of states require grand juries for some crimes. Of those, a bunch (minnesota, georgia are good examples) restrict grand juries to crimes that can be punished by life imprisonment/death require grand jury indictments. Others require them for any felony (New york is a good example)

People who watched a lot of law and order think grand juries get everything, because in new york, grand juries are required for all felony cases.

The other half of states do not require grand juries for indictments.

My recollection (take with grain of salt) of Kansas is:

1. A prosecutor can, but is not required to, present to a grand jury for a felony case. They can also just indict directly

2. Citizens can actually empanel a grand jury. It's something like 100 people min + 2% of the voters in the county.

3. If that grand jury indicts, prosecutor can still dismiss it, but it requires leave of the court (rather than them just being able to do it out of hand).


Really? It looks as though the system worked in this case.

A technical violation of the law was not prosecuted as a result of the exercise of prosecutorial discretion not to pursue a prosecution which was not in the public interest.

Grand juries are not a solution to this problem. One glance at the shockingly high percentage of cases in which grand juries indict should be sufficient to cast doubt that they are truly filtering out bad prosecutions. That the proceedings occur in the absence of the accused and therefore deprive them of procedural fairness is another problem.

The responsibility properly lies with the prosecutor.


In this case, yes, but look at how much risk this journalist beared.

For helping the public... Helping protect teacher's private data.

What if the prosecutor was politically influenced against him? I don't know how, but there's got to be a better way.


> A technical violation of the law was not prosecuted

This part I was not clear on. I was under the impression that what the reporter did was not a violation of the law. Or does term “technical violation” have a specific legal meaning that I’m not aware of?


I probably should have said arguable, not technical. That's what's in the article. I guess we never really know if the law was broken at all unless a jury gives a verdict, so it's all a bit hypothetical.

Suppose there's a law that says you can't film other people without their permission. You catch a thief breaking into someone's house, film them, and give it authorities enabling their identification, then delete the footage. I'd describe this as a technical breach of the law. It probably shouldn't be prosecuted.

This is kind of analogous to the present situation, a bit of a rough analogy I admit. Whether or not a law was broken, the journalist did something that was a net positive to society, with no real victim except a red-faced politician.


> A technical violation of the law

Citation needed. I’ve seen no evidence that there was even an arguable violation of the law,


I think the argument would go something like "just because there was a flaw in the security doesn't mitigate malicious exploitation of that flaw." To take an analogy, if a bug in a banks website allowed you to make negative transfers (i.e. "pay" someone a negative sum and move money from their account to yours) then you would almost certainly be prosecuted for exploiting that bug. Even exploiting it as a proof of concept so you could report the vulnerability to the bank would probably be dicey territory.

Ultimately there has to be a judgement of intent which at some level requires subjective assessment. In this case it is blindingly obvious that the reporter was acting in good faith so ti seems unlikely any reasonable prosecutor would pursue this case, or if they did any reasonable juror would convict.


I should have said arguable, not technical, as you say in your comment.

In the article linked the prosecutor expresses that opinion.

"there is an argument to be made that there was a violation of law"


On reflection, it's might not fair to even describe this as a violation of the law in the first place, but I am outside post edit time.

In any event, I fully support the journalist.


That's not an issue with the system per se, it's an issue that there's no specific carve-out in law for this kind of behavior. This could be solved by Congress in a hot minute.


There's no carve-out in law for this behavior because there doesn't need to be. Same reason we don't need a law permitting breathing, eating, etc. - it wasn't illegal in the first place.


Sure, but there's obviously ambiguity here for some, so it needs to be remediated.


You can clarify things like “it’s legal to film police officers in public” every single year but at some point you have to stop assuming the confusion is in good faith


Who do you think should decide which cases get prosecuted?


Echoing my reply to a similar question here:

> I'm not in a position to help improving it, but my impression is relying on a single person is not a good idea.

> Having to face judicial charges - in this case criminal ones, perhaps - would be a tremendous stress and financial loss to this journalist. It's unacceptable that we subject citizens to face this kind of risk at the hands of a single person.


Who else would decide? An impartial python script? Who provides the inputs to the script?


I'm not in a position to help improving it, but my impression is relying on a single person is not a good idea.

Having to face judicial charges - in this case criminal ones, perhaps - would be a tremendous stress and financial loss to this journalist. It's unacceptable that we subject citizens to face this kind of risk at the hands of a single person.


> Having to face judicial charges - in this case criminal ones, perhaps - would be a tremendous stress and financial loss to this journalist.

This is intentional, the governor explicitly wanted to inflict such pain to a citizen. I don't see a path to meaningful change in how the legal system is weaponized against the public as long as wealth is the primary driver of power in this country:

The legal system has always benefited the rich and powerful at the expense of everyone else.


This isn't very constructive, FWIW. If you say it's unacceptable, but can't define acceptable except as "not this", it's kind of worthless. Why is a single person better/worse than a group? Do you have any evidence to back it up?

There are all sorts of tradeoffs involved in how this sort of thing is done, and why, and those tradeoffs have evolved over thousands of years of legal systems existing.

In this case, the common tradeoff is that this is an elected official who is accountable to voters for the decisions they make. There are states where they are appointed. There are states which require grand juries.

All of these have tradeoffs - there is no "best", nor do statistics say that any of them end up any more fundamentally fair than each other. Nor do any of them have a significantly different rate of indicting objectively or subjectively innocent people (last i looked).

It's unclear exactly what you think a system should look like - i would argue any system with sufficient safeguards is not going to look very different than a preliminary hearing anyway.

Particularly your complaint about the stress/loss/etc seems unavoidable. That occurs starting with when people are investigated in the first place.


I'm really not in a position to help build a better solution, I have zero experience or knowledge on this sort of thing.

But I think it's still healthy to voice our concerns in a respectful and civil way.

I respect your view that we we should only voice a concern when we're in a position to directly help building a solution, I just don't find it (personal opinion) a healthy conduct as a citizen.


If you have zero experience or knowledge how are you so sure it is a bad idea?

It's not healthy conduct to express strong opinions on things that you have zero experience or knowledge about.

Healthy conduct would instead be to ask questions and try to learn about those things, prior to holding a strong opinion. Or leave them alone if you don't have the time.

This unhealthy conduct is precisely one of the huge problems in society today, and i'm somewhat surprised you can't see this.

See, e.g., people in the US holding super-strong opinions about universal healthcare despite having zero knowledge or experience with it.


In principle, this is why we in the USA have grand juries.

In practice, grand juries almost always vote to indict, unless the perp is a cop.


Grand juries are really only used in half of states, and even within that half, mostly for very serious crimes (IE life imprisonment or death).



I cannot offer you details, but many articles get redistributed as an exact copy in dozens of other sites. Either it is a network, or there is legal legitimacy to copy, or the article is proposed to many...


It's part of how the Associated Press operates; it's why you can read about a big Missouri news story in a newspaper in California (or wherever) without the Los Angeles Times (or whoever) needing to send their own journalist to Missouri to cover it. (And likewise, a newspaper in Missouri can cover the big local news out of California even if they don't have the budget to fly their own journalists across the country on a regular basis.)

>As part of their cooperative agreement with the AP, most member news organizations grant automatic permission for the AP to distribute their local news reports.

https://en.wikipedia.org/wiki/Associated_Press


Was the reporter authorized to access those things? Y/n?


Yes. It was a public webpage. They sent a normal request and received a normal response. That response just so happen to contain Base64 encoded SSNs in the page state.

There's no actual legal merit to any argument that this was unauthorized computer access. Suggesting that decoding base64 is somehow "hacking" is nonsense.


The sensitive data was sent to him in the HTML as part of legitimate usage, so I'd say yes?


As authorized as you were to publish this comment, yes.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: