Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The digital equivalent of "stop hitting yourself". Notwithstanding their crypto issue, this gives me renewed confidence in Signal's team.


To me it seems more like the equivalent of leaving booby trapped packages to be found by porch pirates. Or putting laxatives (or worse) in your sandwich to get back at the unknown coworker stealing your lunch. Both of which are considered illegal in the US.

Assuming these files actually contain exploits. Maybe they do maybe they don't. You feeling lucky Cellebrite?


The question of whether damaging reports would be illegal is separate from whether booby traps are illegal. And they're not, in the broad case: Booby trapped packages are only illegal if they cause bodily harm or damage or are negligent along those lines.


The actual crime would be different; the former would be assault, while the latter would be unauthorized access under the CFAA, but I think the principle applies to both. In both cases the intent to cause harm exists, and doesn't become irrelevant just because the victim had to put themselves in a situation to trigger that harm. If anything I think there is a stronger case against leaving exploits around where software might scan them, because while stealing is illegal, scanning files typically is not (if you have legal rights to access the device, via ownership or warrant).


Ahhh... Au contraire. The Cellebrite exploits a device for root. Technically that is sidestepping most permissions frameworks as a matter of expediency, but I assure you scanning things and being able to access them by default is not a given. Access Controls are digital fiefdoms unto the implementer's design, and if it is so that a scan should be responded to with a malicious payload, it is not at all anything more than a quirk of the configuration of that device.

If you want to start trying to project human legality into the computing world, you're going to have a really, really bad time. Human legal logic and digital logic do not at all mix.

Things get even hairier with things like a hard disk full of a nation state's classified info, where a root terminal has been left open.

The computer will not argue a lick about producing those contents, but I assure you, someone else will most vigorously object.

And by CFAA, and everything else under the sun, Law Enforcement wants extra-priviliged access reserved for themselves which no inherent property of digital logic or programming need guarantee.

Practically implementing such programs/filesystems/systems-as-a-whole is an exercise left to the reader. As is the consequences of doing so in a particularly authoritarian leaning society at the moment.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: