Posting Publicly Available URL Claimed a "Hack"

Urban Strata writes "Popular mobile phone community HowardForums.com is being hit with take-down notices from MobiTV. At issue is the fact that a HowardForums community member uncovered a publicly accessible URL for MobiTV's television stream. This URL is not encrypted or authenticated in any way, and yet MobiTV sent site owner Howard Chui a cease-and-desist letter for hosting a forum with the public URL, claiming that doing so is equivalent to hacking their service."

what about google?

[aleph42]

As always, that kind of position is missing the fact that google is technically doing the same thing.

It's not that far fetch: imagine you are googling for your favorite show, and find some url with a video stream; and it's form a respectable "nbc.com" or the like website. How do you guess it's supposed to be a paying service?
Want a real life example? The other day I was looking for some bash command help, and the third google result was from http://www.experts-exchange.com./ [www.experts-exchange.com] If you access it directly, it hides the answers and asks you to pay. But from google, you get to the answers directly because of some glitch.

What I'm saying is you can't blame the user (or here, the website) if they never went through a dsiclaimer page that made them realise: "well, if I click this link, I will have done something illegal". Free equivalent services exist.

Re:Well, what did you expect?

[Anonymous Coward]

If a company leaves a box of goods outside their storefront overnight and I take it am I stealing? Yes, I am, but the insurance company will not pay them for the stolen goods. If they left it on the curb near the trash though I would have a good argument, and may even win my court case.

What I am trying to say is, if you used the URL and KNEW you should not use it you are morally stealing. If it was posted a s a here is a way to view some cool videos you may not be morally stealing.

In the short run it is the COMPANIES fault. They should have their system LOCKED down, security by Obfuscation is not security. It they did not do the minimal to protect their data, they are actually libel.

If I keep your Social, credit card info in a place that is not secure, encrypted and I get hacked, I am responsible and can be sued by you. If they do not want the average yahoo from watching their content they should protect it, and not assume no one will find the url. I could probably find it in google, will they send google a cease and desist?

It's just good business

[Bovius]

I wonder if they decided it simply wasn't worth the development effort to put their content behind encryption? Maybe they thought litigation against improper access would be cheaper, or at least simpler. With the RIAA's successes in court over the lsat few years, there is some precedent for that idea.

Yes, I know, secure connections are not rocket science. But it's business; the path perceived most profitable is the path chosen.

Re:Well, what did you expect?

[Anonymous Coward]

when people started walking into my house and taking my suff, i started locking my door. learn how to stop making excuses and secure your shit.

Re:Well, what did you expect?

[boristdog]

I concur, just because the door to my house is unlocked, that doesn't mean anyone is legally allowed to enter. IANAL, but this could be a similar precedent.

WRONG! YAdefinitelyNAL!

Entering a house or other property without permission is trespass. Visiting a website is not trespass.

If this were a precedent, people could start suing you just for surfing the web. Visit my website without paying? That's a default judgement for $2500.

Re:Well, what did you expect?

[kevinatilusa]

No. There is nothing wrong with visiting a publicly available URL. No exceptions.

Various child pornography laws probably wish to differ with the above statement.

Re:Shame shame

[stoolpigeon]

Let's go with something that fits the bill a little better. On a hot summer day you run a long garden hose out from your yard on the sidewalk turn it on and leave it running. Then you run an ad in the paper telling people that if they mail you five bucks they can use your hose to get a drink. But one day you notice a neighbor has been telling friends about your hose and they start coming by and getting a drink without mailing in the money.
 
You've put your resource out in a public place with no restrictions - and they should be accountable?

Re:Shame shame

[AK Marc]

In most places, it is illegal to leave a running car unattended, but it is not illegal to borrow something with permission. A sign saying "take one" is an invitation to take one item that doesn't belong to you. They have them at supermaket checkouts. If you are told you can take something, you may take it and it isn't illegal. In the example, the car was running, open, and with a sign indicating that the person should take a free joyride. If the sign can be reasonably assumed to be placed there by the owner (which would be reasonable, since in the example it was placed there by him) then it is perfectly legal to take the car. The only one that broke any laws was the owner, leaving the car running and unattended.

DMCA notice to Canada?

[randyest]

Did anyone ready the PDF of the letter they sent [207.210.82.134] to Howard . . . in Canada . . . citing the DMCA (a US law?) I don't know where HoFo's servers are, or if Canada has a DMCA-like law yet, but that seems pretty silly and maybe Howard should prep a backup server not in the US just in case. Then write the idiots at MobiTV a funny reply like the guys at the pirate bay [thepiratebay.org] do.

Silly MobiTV -- you can't copyright an URL!

Re:Is this what you want?

[boristdog]

Is it wrong? Yes

WRONG. Based on your scenario we need to get permission from the site owner to visit any web site.

Any web site which is publicly available is de-facto a public web site. This is precedent since the inception of the www. Even if you had a button that said "Do not click unless you are a paid member of this site" you would have no legal leg to stand on if anyone else clicked it.

Everyone is making real property analogies to this. A web site is not a house, it is not a building, it is not a car. If it were, it would be taxed as such and we would all need written permission to visit each site.

Re:Well, what did you expect?

[Joe the Lesser]

Uh, don't think it's that clear cut.

If I'm surfing the dregs of the internet looking for coveted pics of Natalie Portman petrified and covered in hot grits, and some javascript redirects me to a child porn page am I:

1. A criminal?

2. A criminal if I don't close the browser within 5 seconds?

3. Innocent?

Re:Well, what did you expect?

[spun]

Nah, flawed analogy. More like, I have a box of merchandise in my garage. I leave the door open, and someone comes along and posts signs saying, "free stuff in this guys garage, take all you like!"

Re:Well, what did you expect?

[gnick]

...some javascript redirects me to a child porn page am I:

1. A criminal.

IANAL but, under current law as I understand it, you're now guilty of possession of child pornography. If you choose to self-report or are caught through other means, the best you can do is hope that you're not prosecuted because it was an accident. The same goes (I believe) for possession of stolen goods ("But I paid $$ for it in a pawn shop and had no idea it was stolen!") or possession of narcotics ("He said they were just OTC pills to help keep me from dozing off!")

Awkward laws... Any idea of a fix?

Re:Well, what did you expect?

[ArcCoyote]

Huh? The intent to view child porn is what's illegal. Visiting a site you didn't know contained it is not. And you probably aren't going to be able to find that stuff by accident, or it would disappear really quick. Google has probably crawled a site with child porn on it at some point, are they liable? For that matter, this is illegal text right..

->here-

Now, /. says right down there that "Illegal" comments will be moderated. Say it gets modded way down. Does that mean you break the law just by visiting the story URL where you MIGHT see it... or is the URL only illegal if you set your threshold to read everything?

The law is all about intent. If I replace an image on my site people are hotlinking to with child porn, I'm the one getting in trouble for it, not the people who suddenly see it on their sites. (And yes, things like this have been done. I don't know about with child porn, but certainly with hate speech.)

In any case, the content at MobiTV is legal and publicly accessible.

Re:what about google?

[craig1709]

Am I the only one to notice something? Visit: http://www.experts-exchange.com./Microsoft/Development/MS_Access/Access_Forms/Q_23223103.html [www.experts-exchange.com] It's a question about the SQL Insert command. Scroll down. Down down down, below the obnoxious "Zones" that go on for ages. And then...there are all the responses in plain sight.

Re:Well, what did you expect?

[mea37]

It's not that simple.

The information, or Verizon's copy thereof, or their legal suscribers' access thereto -- those things are not destroyed.

The legally assigned rights related to profit for distribution are damaged.

Yes, Verizon can and should take steps to protect that value; but that doesn't make ir "right" or "ok" to take part in destroying it just because it's easy to do so.

The law probably should state that making information publically visible by posting it on the web without protection constitutes an implicit license to all who visit that URL. This would clear up a lot of problems.

If it were so, companies like Verizon would get serious about protecting their web-based content (or, failing to do so, have no recourse). Unless/until it is so, their failure to lock the doors doesn't make it ok to walk in and take what isn't yours.

123 and counting . . .

[moeinvt]

123 matches on Google as of 1:28 EST.

It's going to be fun watching this proliferate.

Re:Well, what did you expect?

[mzs]

It's silly how so many comments are strange analogies to this, but I gave a weird true story of how I almost got into a lot of trouble for going to the wrong gym.

I signed-up for a morning exercise program with the park district was was held inthe high school. It was a weights and stationary cycles type of thing. The first day that I got there I went in the 'other' door into the gym and saw an exercise room with a lot of people my age working-out in there so I went in and got into it. Later the burly high school wrestling coach came in an put me in a hold and started yelling at me. Luckily when I could breathe I started talking about my wrestling coaches that I had in nearby schools and he let go of me. Then I explained my situation and he led me to another room where the program was on the other side of the main gym. It turned-out that this room was used by the coaches and teacher in the morning before work.

He was always really nice to me after that, and we talked a bunch of times after that about wrestling from 'back then'.

Re:Well, what did you expect?

[blueg3]

For most state laws that I've looked at, if you encounter material that is child pornography, it is not criminal if you immediately report it and surrender it to law enforcement. This happens fairly frequently, and you only get embroiled in legal troubles if it's not clear that you happened upon the CP innocently.

It's also not a crime to be in possession of CP if you did not willfully acquire it and did not discover its presence. You may, however, have some significant legal wrangling ahead of you before that defense is accepted. (For example, one individual was found with an external hard drive containing CP on top of his computer. He claimed that he had purchased it from a neighbor and never used it. Forensic evidence corroborated this story, and so he was in the clear. His neighbor, not so much.)

Re:Well, what did you expect?

[STrinity]

The URL was not intended to be public and everyone involved knows this.

The web is a public network -- everything is assumed to be open to the public unless it's protected, at the very least, by a login. The fact that a someone intends for a page to be private doesn't make it so unless he does something about it. MobiTV is at fault for hiring an incompetent web designer. Period.

Re:Well, what did you expect?

[Anarke_Incarnate]

However, in the case of your employer failing to pay you, there is a contract, verbal, written or implicit that dictates a rate of pay corresponding to time spent or work completed. In the case of MobiTV there is no contract associated or enforceable for the "users" of that content on an on open stream.

To make it clearer, if somebody were to put a TV in their shop window with new movies playing and say that only people who paid for it may watch and all others must leave a public sidewalk, it would be ridiculous.

They are essentially asking for that, since the internet is accessible to the public (albeit not for free like the sidewalk) and they are not taking sufficient responsibility for the restriction of viewing.

Re:Well, what did you expect?

[Toonol]

They made it publicly available. It's the same as watching an HBO broadcast in a store window. If you do something silly in a public location, the public cannot be blamed for viewing it.

Or, even better; there used to be a hill you could sit on in this town that let you watch over the fence into a drive-in movie screen. Is that theft? No; it's just spillover, a consequence of where the theater was located. They are broadcasting into the public space. They could have raised the fence another twenty feet to fix the problem, but they didn't care enough to.

This site could have restricted the accessibility of the URL, but didn't care enough to.

Plus, as a practical matter, they are now the latest idiot of the week on the internet. There is no way this will work out in their favor.

Re:Well, what did you expect?

[Lummoxx]

The internet home analogy is broke. Just like darn near all analogies around here...anyway. The internet is a public place. Every URL on the internet is a public URL. Every single one. It's the nature of the network. It is up to the owner of the URL to ensure that, if required, those who visit it are not able to access more than the URL owner desires. This debate is stupid.