I have been following all the FTB/Thunderf00t drama that has been unfolding in the past few weeks and much of it reminds me of kids having a fight in a sandbox.
The latest sand-flinging fight is now over Thunderf00t having had access to FTBs private e-mails on their back-channel. Many are saying things like he 'hacked' in, that he has private information from those e-mails that he 'stole', and that he is doc-dropping. These seem to be the main points that the bloggers on FTB are regurgitating to their readers, so I want to address them here.
There are many other things being said on the blogs by the FTB group that are patently ridiculous, false, and irrational, but to address all that would take me hours, and I just do not have that kind of time to waste on that ridiculousness. Which is why I only want to discuss the main points that actually matter. Discussing anything else will distract from the real issues at hand, which are:
- Did Thunderf00t hack into the FTB listserv?
- Is an e-mail disclaimer legally binding?
- Did Thunderf00t 'steal' information?
- Is Thunderf00t doc-dropping?
- Is anyone at FTB at great risk because of what has happened?
- Is what Thunderf00t did illegal?
- Was it ethical of Thunderf00t to do this?
1.Did Thunderf00t hack into the FTB listserv?
No. According to Ed Brayton of FTB, he did not. He was able to log back onto the mailing list because he was never removed from the list. Ed Brayton thought he had deleted him off the list, but he actually had not. The software they were using for the mailing list had a security loophole which allowed Thunderf00t to log back on without any difficulty. Did he hack in? NO! He simply logged back on.
Ed Brayton did not double check when he presumed to have removed Thunderf00t from the mailing list. Is his oversight, or lack of technical savvy a reason to accuse Thunderf00t of hacking into the listserv? No. The blame lies with Ed Brayton for not securing the listserv properly, or for double checking to ensure that Thunderf00t was unable to regain access.
If you are going to say you have a secure mailing list, you may want to test it to ensure that what you say is correct, and not ASSUME that this is the case. The breach of security, and blame, lies with Ed Brayton, not Thunderf00t.
2.Is an e-mail disclaimer legally binding?
No. Go Google it.
3.Did Thunderf00t 'steal' information?
No.
4.Is Thunderf00t doc-dropping?
No. First, the definition of doc-dropping seems to be unclear to those at FTB, so let me explain what doc-dropping really is.
Definition:
To obtain and disclose personal information about someone.
Any releasing (to the public) of someones home address, phone number, social security number, or other personal information to that effect.
Nothing Thunderf00t has disclosed on his blog includes any of the above information. He may have forwarded or quoted e-mails, but he has not doc-dropped. To accuse him of such is a falsehood. There is no proof of him having doc-dropped.
5.Is anyone at FTB at great risk because of what has happened?
No. Thunderf00t already had access to FTBsprivate e-mails when he was a blogger at FTB. He already was privy to personal information when he was there. So why is it such an issue now that he is no longer a blogger at FTB? He still knows all the personal details of the people at FTB that he was privy to while he was part of FTB. Was he supposed to have had a mind-wipe upon being kicked off FTB? Was there less of a risk when Thunderf00t was an FTB blogger, but more of a risk now that he is not? The logic does not follow, and this argument is basically ridiculous.
6.Is what Thunderf00t did illegal?
No. If it were, he would already be in jail.
7.Was it ethical of Thunderf00t to do this?
This seems to be a question that many people in the community are conflicted over. Many are saying that is was unethical of Thunderf00t to have done this. But is that because it truly was unethical, or because it is uncomfortable for us to examine?
When discussing the 'ethics' of this situation we must first define what we mean by ethics in relation to this issue. Ethics, in this instance refers to an individual moral sense / personal ethics.
As it is personal ethics we are discussing, we cannot then say that what Thunderf00t did was unethical. It depends what Thunderf00t sees as his personal ethic. We can't dictate what that is based on our own personal ethics. You can say that it goes against what you would consider ethical, but you cannot assume that others may share that same view.
So was it unethical? That would depend on what Thunderf00t's personal ethics are. We can only say weather it is or not based on our own individual sense of personal ethics, and that does not make it ethical or unethical in an absolute sense.
These are the main points people should be discussing and examining. Everything else is the equivalent of kids having a tantrum in a sandbox. A nice distraction technique, but one that logical and intelligent people should not fall for. Stick to the issues, and don't get distracted by the tantrums.
Stop applying logic and reason to the FTB ;)
ReplyDelete1. Yes he did, since he *was* deleted from the list but exploited a non-expiring invitation to put himself back on the list. A simple enough hack, but still a hack.
ReplyDelete2. Probably not, but morally, ethically, it probably should be respected by any reasonable person.
3. He covertly obtained private communications not intended to be seen by him, knowing full well that he was not supposed to be seeing them. If there is such a thing as information theft, this would qualify.
4. Not yet, he is merely enjoying the fact that he has documents he is not supposed to have and can use them to hurt FtB at any time at his discretion. Having been enough of a jerk to come this far, it is not unreasonable for people affected to be concerned about where those messages could end up.
5. Probably not, but see point 4
6. I don't think the internet police are that fast, and it would at least take a criminal complaint to get any sort of action started. Let's just say what he's done is illegal. How comfortable would you be in an FtB blogger's shoes, knowing just how pissed of TF is, about the idea of trying to get him prosecuted over this?
7. WTF.
I see that logic has left the building in your case.
Delete1. wrong asshole. an 'exploit', by definition, is used to make a piece of software do something unintended. so....
Delete2.WTF?
3. he was on the mailing list, so jack all was 'covert'. thanks for your bullshit legal opinion, but since tf has not been arrested, there has been no information theft. btw, are you this good at being wrong b/c you practice, or is it all natural talent for stupidity?
4.as ye reap....
5. who gives a fuck about a bunch of privileged, mostly white radfems?
6.don't talk out your ass, there's nothing illegal here. it's been a month or so, even cops as stupid as you would have arrested him by now.
7.ok, now you're just making word salad. get therapy. quickly.
@intepid:
Delete1. No.
Hacking (n) :(hacking) "Unauthorized attempts to bypass the security mechanisms of an information system or network." This was not unauthorized. This was not an 'exploitation' of any security loophole. He was not deleted from a mailing list, and therefor had no access. More important is the fact, that Thunderf00t is of the opinion that he was wrongly kicked out of FtB. This is a dispute, and if he is making a strong case (which he IS), then he has every right to collect information pertinent to his case, his statement ..if the FtB has much to hide (which they DO) - they can work towards making their systems airtight.
[Kinda'like Wikileaks.. you see the point, i hope.]
2. NO.
[This is like DMCA ..morally, ethically, one 'probably' should adhere to paying for the content s/he acquires ..but in reality, we must look at who the payment for the content serves - the artist or a money-hungry corporate monster.]
3. "He covertly obtained private communications not intended to be seen by him, knowing full well that he was not supposed to be seeing them." - maybe, but why would it be criminal..?
[This is like having a cookie before dinner when you're not supposed to. If the parents do not want the cookies had, they can restrict access to them in various ways.]
4. Implicit in your response to this point, is your admittance that FtB can be hurt by what they've said (or written). FtB is about freethought, right..? Unless they're plotting assasination or discussing very sensitive personal issues that've nothing to do with freethought - they should really not have their panties in the proverbial bunch.
5. Probably NOT. Most Probably not.. see the second half of the response above. If they're right in throwing out T'f00t, and if they're discussing logical rational points instead of brewing ideas on gaining voice, by suppressing others ..they REALLY SHOULD NOT WORRY. But then, they ARE doing just that. This is very unlike a corporate mailing list, where a competitor can gain the upper hand with information present in the mails acquired this way. Please see this contextually.
6. "Let's just say what he's done is illegal." - Very much FtB-esq..!
7. Why 'wtf'..?!
I'd go as far as to say this is not unethical - again, borrowing analogy as in the first point, from Wikileaks. You've a distorted sense of rationality if you think that FtB stands to lose if their mailing list is made public. You've a distorted sense of morality if you think that T'f00t should not divulge the contents of the emails even if those emails clearly prescribe a systematic, dogmatic (and unethical) boycott of Thunderf00t by the community.
You're (and your response is) suffering from confirmation bias.
My dearest Angry Baghead,
Delete1. You seem to have misread me, I 'admit' no such thing, and stand by my original point. I doubt that Thunderf00t himself would disagree– you should ask him yourself next time you take his balls out of your mouth.
2. Whatever.
3. What do lawyers mean when they refer to an action as "covert"? As a layman I would have naively assumed that it meant what dictionaries tend to define it as: "not openly acknowledged or displayed"
4. Since he was on the list because he added himself back on to it without the knowledge or permission of the members, you should rephrase that as "more morally reprehensible than covertly reading emails not intended for you"
5. So you are saying it is ok to covertly eavesdrop on people when you don't like them?
6. I was also unaware that the internet police force generally act to investigate breaches of privacy and trust without complaints being filed. Thanks for correcting me!
7. It's my great loss.
sigh:
Delete1. " <- This is still true, even if your narrow definition was accurate." ...haven't heard the term 'mutually exclusive', have you?
2. the fact that you're obtuse implies nothing about my sexuality. maybe you should email TF and find out if your characterization of his actions is accurate, but in the meantime, feel free to FAIL some more. oh, and thanks for the gratuitous misandry - it clarifies a great deal.
3. there's a reason ppl go to law school, moron, and for the record,the word you want is 'stupidly', not 'naively'.
4. still not getting it.
5. strawman. try again. i only wish you could do it on video.
6. what the fuck is an 'internet police force'? oh, and by the way, jackass, police forces of any kind investigate crimes, therefore, your acknowledgement that the 'internet police force' (whatever in the fuck that is) would not investigate a supposed 'breach of privacy and trust' merely underscores the fact that no crime was committed here. could you have someone throw a cream pie in your face? just asking.
7. for once in this tired thread, you're right.
BONUS: 8. is that a 'no' on the cream pie? how about re-enacting a three stooges skit? no, really, i'm sure you have friends.
On the whole, good analysis (and the sandbox picture made me literally LOL).
ReplyDeleteIs what TF did unlawful? Not as a matter of breach of contract, it would seem, but - depending on what information he disclosed (and assuming that Wikipedia's super-brief article on breach of confidence in US law is accurate) - he may have committed a tortious breach of confidence.
The question of whether anyone at FTB is at risk because of what TF did is not related to whether he now has personal information he did not have when he was officially on the list. Clearly he doesn't. It's about the fact that he has forwarded emails on the list to people who were never intended to be privy to their contents. His disclosure may or may not have put FTB list members at risk but, if I were, say, Natalie Reed, I'd feel nervous that my personal details were out there, with people who may not care about my welfare.
In my view, what TF did was unethical, because I consider that the public interest in the material he disclosed was negligible, and certainly not enough to justify his actions.
keep in mind, even if he were to be found liable for tortious breach of confidence, which would be difficult, given that he didn't hack into the system and that not every jurisdiction recognizes this (dunno 'bout his or ftb's locale), it would still be a tort, which is to say, he could be sued, but not criminally prosecuted.
DeleteHi,
DeleteI don't know, as I'm an English lawyer. I believe all involved are in the US, though I don't know whether these things are dealt with at State or Federal level. But you're quite right, it wouldn't be criminal.
my wife @woolybumblebee likes you. i trust her. keep commenting; don't quit. (almost) every voice deserves to be heard. yours does. and trust me, we're all stronger than we think.
Delete@McGingersnaps;
DeleteWhile i agree with you on the point of personal details (Reed, e.g.); i must disagree on "In my view, what TF did was unethical, because I consider that the public interest in the material he disclosed was negligible, and certainly not enough to justify his actions." - that's irrelevant, the content that has been disclosed, is directly related with the case he is making - to show that FtB is a closed, almost religious machine that has kicked him out without good justification. His actions are as justified as Assange's (why i keep resorting to that example, i have no clue) - in the way, that it displays the flaws, the cracks, the chinks in the armor (or gaping holes, if you will) - of a group that purports to espouse freethought.
Thanks iconografer - and hello! I like your wife, too. My introduction to her was less than brilliant, but I think I've more or less managed to retrieve my foot from my mouth by now. :)
DeleteArnab,
I'm not sure we disagree whether what TF disclosed is relevant to the ethical question. It seems to be more that we take a different view of the information that he's revealed. My thinking is as follows:
1. I consider it unethical to pass private email correspondence on to third parties when those involved have made it clear they want their conversation to be kept private. (I imagine most people would agree with this.)
2. Disclosure may nevertheless be ethical if it will bring wrongdoing to light that would otherwise remain hidden. Justification will depend on what is disclosed (e.g. what are the implications of the information, does it put other people at risk etc) and also, perhaps to a lesser degree, to whom.
3. I'm not persuaded that what TF has disclosed in his blog makes as strong a case against FTB as you consider it does. If I felt it did, I might find his actions ethical. Then again, I might not!
@McGingersnaps:
DeleteI too think that we're disagreeing on "what to do with information" with respect to "what situation the information is retrieved in".
1. Though i partly agree with you, i must point out that in this case, T'f00t is directly affected by the content of the e-mail. Allow me to construct a crude example.. if i were to chance upon a piece of email correspondence that hatches a plan to implicate me in a crime, should i or should i not bring it to the notice of the police..? Now, you may argue that he did not accidentally receive the emails, he deliberately logged in, to look at'em. Which can also be fit into my example - if i know that some people are antagonistic towards me, and wanting to be cautious, i snoop about without breaking any laws (which i'm sure he didn't), and then fit in the bit about the email planning on implicating me..
I agree on points 2 & 3 - except, we disagree on whether wanting to banish T'f00t based on disagreements is a very very spineless and unethical.. and showing such abject hypocrisy is especially important for a community of skeptics (..not skepchicks; Amy, cry maybe?).
{E & OE. Written at 0137hrs. under mild influence..}
Some good points here, IMO. My take:
ReplyDelete(1) I don't know the semantics of "hack"; but interpid is correct. Thunderf00t really was removed; but the system was poorly set up (and not, apparently a system really designed for this kind of situation?) and so Thunderf00t was able to add himself back again using the original invitation email. Ed is indeed responsible for security, and I am pretty sure he'd be feeling bad about this mess. In any case, they've fixed up the gaping security flaw and indeed moved to a whole new system.
Whether you call this a hack or not depends on what you mean by hack. But for sure there was a bad flaw in the system and for sure Thunderfoot found it and used it and kept quiet about having done so while continuing to read messages.
2. I think you are right about email disclaimers not being legally binding. If there's any illegality, it was in deliberately resubscribing to the list after having been removed. I don't think it would be illegal for someone legally on the list to pass out messages, even given the disclaimer saying that emails should be kept private.
But I don't think this is in dispute. As far as I have seen, the only discussion of actual legality is simply on the act regaining access after having been removed.
3. I disagree with you here; unless there are some semantic niceties over "steal" I am missing. He took messages from the list after he had been removed from the list. THOSE messages were not his to read; accessing them and passing any part of them on is a kind of "theft", IMO.
4. I don't know that "doc-dropping" is a term with a well defined meaning; but I agree with you that there's no evidence at this point of Thunderf00t passing on personal details; only of passing on private communications.
5. You have a very good point about personal risks associated with Thunderfoot's unauthorized access. He ALREADY had the personal information from his prior authorized access. As a quibble; I do think there is a small additional risk of having someone vindictive and operating outside of normal ethical standards secretly reading ongoing private discussions; but your main point about the personal details already having been legitimately known to Thunderfoot is a very good one.
6. I am not so sanguine about whether Thunderfoot is legally okay or not.
But in any case, the particular argument you apply is certainly fallacious. Legality is not so simple and would need to be tested in courts. Legal arguments get pretty convoluted; it would take time to determine legality, sorting out all kinds of additional details. It's just nonsense to say that legality is so clear and so rapid that he'd already be convicted and jailed if he was actually illegal. (And not all illegalities call for jail anyway; though that isn't the major fallacy in your argument here.)
7. Thunderf00t was unethical by my ethical standards. I'd go further. It's a pretty damned strange kind of ethics that would give an okay to what he did. Thunderf00t may well rationalise it to himself. But I don't think that's because he's got some carefully worked out consistent set of ethics. I think it's because he's a bad person.
Cheers -- Chris
Bravo,
ReplyDeleteVery good points, especially about the part where he could already have gained acces to their personal information when he was enlisted.
Also the part where they say he hacked in is such nonesense. On FTB they make the analogy of forgetting to close the door of your house but a more fitting analogy would be a workplace with a security guard that hasn't been updated about your expulsion. If you just walk inside and the security guard lets you in cause he wasn't informed is that trespassing? If I ring the doorbell and you open the door cause you didn't know I wasn't supposed to enter the building is that trespassing? If I have a partner and we use the same Email adress and after we split I keep on using that email adress for private stuff but forget to change the password is that hacking too?
I will go as far as saying what TF did was ethical. He didn't use force to enter back into the mailing list, rather was let in by mistake. Anybody thinking he wanted acces to gather personal information is kidding themselves, he wanted back in because he was wondering what they said about him, and who wouldn't want to know that? After seeing people conspire to shun your image just because you essentially called somebody a stupid person who wouldn't expose that?
All this boils down to in my opinion is that PZ and his klan were caught offguard with their pants down circle jerking, they were totally embarressed and now they are making all kinds of noise to distract from the real issue here, that FTB is just a place where bullies can jerk each other off.
Who cares if he was "unethical". Suppose someone at FTB was fired by a christian employer for being gay/feminist/whatever, you KNOW they would cheer each other for taking revenge by whatever means.
ReplyDelete