undefined | Better HN

0 pointspavon4y ago0 comments

The actual crime would be different; the former would be assault, while the latter would be unauthorized access under the CFAA, but I think the principle applies to both. In both cases the intent to cause harm exists, and doesn't become irrelevant just because the victim had to put themselves in a situation to trigger that harm. If anything I think there is a stronger case against leaving exploits around where software might scan them, because while stealing is illegal, scanning files typically is not (if you have legal rights to access the device, via ownership or warrant).

0 comments

salawat4y ago

Ahhh... Au contraire. The Cellebrite exploits a device for root. Technically that is sidestepping most permissions frameworks as a matter of expediency, but I assure you scanning things and being able to access them by default is not a given. Access Controls are digital fiefdoms unto the implementer's design, and if it is so that a scan should be responded to with a malicious payload, it is not at all anything more than a quirk of the configuration of that device.

If you want to start trying to project human legality into the computing world, you're going to have a really, really bad time. Human legal logic and digital logic do not at all mix.

Things get even hairier with things like a hard disk full of a nation state's classified info, where a root terminal has been left open.

The computer will not argue a lick about producing those contents, but I assure you, someone else will most vigorously object.

And by CFAA, and everything else under the sun, Law Enforcement wants extra-priviliged access reserved for themselves which no inherent property of digital logic or programming need guarantee.

Practically implementing such programs/filesystems/systems-as-a-whole is an exercise left to the reader. As is the consequences of doing so in a particularly authoritarian leaning society at the moment.

2 more replies

j / k navigate · click thread line to collapse