Monday, April 14, 2014

Fascinating... But Schtoopid...

I really don't quite know what to make of this story...

UPDATE 2-U.S. court voids man's conviction for hacking celebrities' iPads
A federal appeals court on Friday unanimously threw out the conviction of an Arkansas man for stealing the personal data of about 120,000 Apple iPad users, including big-city mayors, a TV news anchor and a Hollywood movie mogul.

The reason: Prosecutors brought the case in the wrong state.
Now, reading that part, you might be tempted to think this is a big "DUH" - except that it's not, really. Reading a little more into the issue, apparently the state for prosecution was chosen based on a number of victims having come from the state chosen - some 4,500 victims were from New Jersey where prosecution took place. There's no other information in the story about the remaining 115K+ victims.

With internet crimes like identity theft, this is a thorny new issue. If I travel to an adjoining state and knock over a liquor store, I get tried in the adjoining state because that's where the crime took place. It is unclear from this article what kind of policy exists for prosecuting crimes that occur over the internet, where victims might be spread over multiple jurisdictions.

Of course, this just means that the Fed will step in and claim jurisdiction in ALL internet crimes...

That is all.

Another dispatch from...
(image courtesy of Robb Allen)


Ted said...

So if it didn't happen in "some metaphyic
al space ". Where exactly did it happen???

At the victim's computers? On the our prerps computer ? In some sever farm someplace ? Which ever location they choose a good defense team will show it actually took place at some other location or locations.

What caliber for data packets??????

Anonymous said...

But it isn't Jay.

A little background: I ran an adult website from 1993-1996. During that time Tennessee attempted to claim that their jurisdiction extended to the entire internet. Back then, the thinking was that content was controlled by local law to where the server was from.

Tennessee had some of their cops log into a NJ server that had adult content that was illegal in Tennessee but not in NJ. (Tennessee is a bit prudish when it comes to adult content).

They were unable to convince NJ to arrest the website owner so instead they used a ruse to get the website owner there and arrest him on content charges.

It cost him everything but after a few years, a federal appeals court determined that the law applies to the jurisdiction for where it is physically located, not where it is consumed.

It would be like you posting something anti-gun control after California passes some anti-free speech legislation about anti-gun control speech. They then bring charges against you in California and try to get you sent there to stand trial. VA, where such speech is not outlawed, laughs and laughs and laughs.

The crime was perpertated in Arkansas, it has to be prosecuted there. That he reached out to multiple other states (and they decided to go on where the victim was living, not where their data was residing, which in the case of an iPhone, is a server perhaps out of the country) is immaterial as he attacked from Arkansas as a source point.

Joseph in IL

Dave H said...

The court's concern in this case is that with victims in a number of jurisdictions, authorities might cherry-pick and prosecute in the venue that most favors their case. The court is saying they can't do that, they have to pick a jurisdiction that has legal standing.

Tim D said...

That is a horrible article, this one makes it much more understandable. I'm not certain why the Reuters article fixates on the fact that there were "celebrities" involved. Also, he was charged in federal court, but it is not a completely monolithic system and is broken up into various districts. Lawyers have been known to cherry-pick where they sue to get a better result cf. patent litigation.

Alex Thomas said...

This gentleman did not "hack" anything. AT&T screwed up and put this information on a public facing website with no security. He was persecuted only because it protected AT&T. The fact is the appeals court looked at the jurisdiction issue, saw it was flawed and kicked this out without needing to go further.