Corporations really are amazing. They are, simultaneously, in a superposition of getting away with crimes because they don't exist, and providing goods and services and benefitting shareholders because they do. Remarkable.
I understand the sentiment but while big companies can break the law with impunity you certainly can't. Companies can ignore IP law and any other law they want and they will very likely profit from it, even if they manage to get caught and earn a tiny slap on the wrist. If you on the other hand break even a minor infraction the state will throw the book at you with everything they have, your criminal record will mean that you will struggle to get work and housing, and you can lose everything.
Then they disrespect IP laws on even bigger scale and use all of your code/text/images to train generative tools they sell for money. Can't stick it to them...
I suppose that you’ve got the case law to back up your assertions about disrespecting IP laws? Or is this just another case of a developer thinking that they know how the legal system works.
I'd start there, but I'm fine with holding companies accountable as a whole at a certain point. A corporate death penalty could be a useful tool. At this point though I'd take just about any meaningful consequences for corporations that take actions which would land you or I in massive amounts of trouble.
They were accessing a system via internal endpoints not released to the public. They were also using stolen credentials a former employee of songbird brought over to ticketmaster, and accessed devices using stolen credentials. If that isn't "hacking" then the word has lost all meaning.
IANAL but this is textbook unauthorized access of a computer as has been drilled into me in every boring corporate training I do for my security work and thus is "hacking".
Telling the judge "but I wasn't wearing my black hoodie while listening to K-pop while doing it!" is going to be about as effective as telling the judge the legal code can't be trusted because it's not backed by a CI/CD system adhering to Agile practices. (Which a non-trivial number of Hacker News posters probably think would work.)
Let's put it this way - if he held on to his badge/keys to enter a building and used these credentials to access a computer system without authorization, then yes, it would be called hacking. The word hacking gets thrown around in dumb contexts sometimes, but this is perhaps the clearest use of the word "hacking" I can think of.
Like, what would make this hacking to you? The way an attacker gains credentials to access a system does not really matter. If he socially engineered these credentials, it'd still be hacking.
Let's put it this way: before there were even laws against hacking, if you had a key you shouldn't have and you used to get into a building and steal some IP, if you were charged, it would be with trespass or breaking & entering, not hacking.
The term is appropriate, but it tends to evoke ideas of serious crimes, when hacking can be much more innocuous acts that often don't see much in the way of prosecution.
> Let's put it this way: we wouldn't call it hacking if he had held on to his badge/keys to the building and got the information that way.
If he did that it'd be prosecutable as breaking and entering, and it's perfectly reasonable to use the term "hacking" as the digital counterpart for "breaking and entering".
EDIT: It also looks like you work at Ticketmaster, or at least used to? If that's the case, that's a rather weird thing not to mention in the context of this thread.
To be clear: I agree it was hacking. I'm saying that aside from the IP theft angle, this kind of hacking doesn't usually get heavy handed consequences for individuals. AFAIK, the individual involved was not prosecuted criminally.
I used to work at Ticketmaster. I don't anymore and I didn't at the time of the incident, so it didn't seem relevant to the discussion.
> No, they'd have called it trespassing. That's the point I think I'm making.
No, if someone retains a key to a location after their legal authorization to access the location has been rescinded, and then uses it to access that physical location, that is breaking and entering.
Regardless, "if they committed this crime with physical means instead of digitally, there would be a different criminal charge and a different word for it" is a point that is not particularly insightful, relevant, or interesting to discuss.
Breaking and entering requires the use of force. Absent that, it is trespass.
The claim was that individuals suffer bigger consequences than people. The person involved was not fined $10 million. AFAIK, they were not prosecuted criminally.
> Breaking and entering requires the use of force. Absent that, it is trespass.
No. This is right up there with "you can't report a person missing until it's been 24 hours" for most common popular legal misconceptions. It would be prosecutable as breaking and entering.
> The claim was that individuals suffer bigger consequences than people. The person involved was not fined $10 million. AFAIK, they were not prosecuted criminally.
Yeah, and that's not the comparison OP was making. If that's what you took away, read again, because you missed their point entirely.
> An individual did do this. They did not go to jail.
Right, and that's not the point OP was making.
> Trespass vs. B&E is nuanced, and I'm definitely oversimplifying it. The "misconception" is widespread enough that it includes lawyers
I'm guessing you didn't bother to read the link you dropped, because it actually undermines your entire claim. Before you pat yourself on the back, you might want to look up what qualifies as "use of force". It's not the way you seem to be using the word.
The only lens through which what you're saying is even vaguely correct is that some states don't have a specific statute of "breaking and entering", instead prosecuting it as "criminal trespass", but even then it's a distinction without a difference: it's prosecutable as a charge for using force to gain unauthorized access to a location with the express intent of committing a felony.
In any case, this whole discussion is pretty pointless, because as I already said, the fact that there's a different word used when the crime happens in meatspace vs. cyberspace is wholly uninteresting and not relevant to the original topic, and - as I also already said - you have clearly misunderstood the crux of OP's statement and so there's no point in continuing down this rabbithole.
> I'm guessing you didn't bother to read the link you dropped, because it actually undermines your entire claim. Before you pat yourself on the back, you might want to look up what qualifies as "use of force". It's not the way you seem to be using the word.
>
That's a good guess, but wrong.
> The only lens through which what you're saying is even vaguely correct is that some states don't have a specific statute of "breaking and entering", instead prosecuting it as "criminal trespass", but even then it's a distinction without a difference: it's prosecutable as a charge for using force to gain unauthorized access to a location with the express intent of committing a felony.
I mentioned that trespass vs. B&E is nuanced, and that I was definitely oversimplifying it. If someone was curious they might have investigated this matter for the relevant jurisdiction. They might even have some familiarity with the case. But that would indeed require more curiosity than someone who doesn't even read a link before they drop it.
> In any case, this whole discussion is pretty pointless, because as I already said, the fact that there's a different word used when the crime happens in meatspace vs. cyberspace is wholly uninteresting and not relevant to the original topic, and - as I also already said - you have clearly misunderstood the crux of OP's statement and so there's no point in continuing down this rabbithole.
Or maybe I just wasn't doing a good job of being clear on the point. There was both an individual and a corporation at fault in that specific case, so you don't have to speculate as to which party was more severely punished. The OP's assertion is flat wrong.
No they don't. Rules for companies and individuals are different in this country, unless you possess some secret to getting away with potentially ruining the lives of 1.5 times the population of the United States with the financial equivalent of a slap on the wrist.
Lol, if an individual does this, you're going to go to jail. A company does this? Tiny fine. What a world we live in.