>Exactly, was it a burglary when your front door is open
Legally speaking, yes in every place I've ever lived if all those things are the case it's still a burglary, although the cops may call the victim an idiot.
"Breaking and entering" it's a criminal offence, and walking through an unlocked front door back door doesn't count. If you are on someone's land but didn't have to break in then that's trespass, which is just a civil offense.
Theft is a crime in any case (indeed even if you're not on their land e.g. snatching a phone off the street).
> "Breaking and entering" it's a criminal offence, and walking through an unlocked front door back door doesn't count.
No breaking and entering is known as burglary. Also if you walk through the front door with the intent to commit a crime it is still burglary. The important part is trespassing with the intent to commit a crime.
OK, I probably should specify closer, but while the other commenter has noted there is "burglary" in the UK, I was using burglary in the vernacular, meaning you entered someone's house without their knowledge and stole some shit. I was perhaps unclear with this and in fact in some places what entering someone's house that is not locked and stealing some shit may be a different crime than when it is locked both variations are still generally described, in common usage, as a burglary and are both illegal according to every legal code of every place I've lived, which I've lived in a lot of Western Civ type places.
I am English. It took me all of like 30 seconds to look up the relevant law using Google. Most of Anglosphere has a definition of Burglary that is essentially the same and I suspect it is the same in Europe.
> Exactly, was it a burglary when your front door is open, lights on, spotlights on your wall safe, with the keys still inserted?
The thing isn't just the discovery of the "open door", though. Thousands of people were extorted in a pretty heinous way. Even if we say breaking in took little sophistication or effort, what was done with the data also matters.
Yes. Similarly, If I leave my car unlocked with the keys in the ignition, and someone takes it is still a crime. It might be unwise to do that (depending on where you are), but nonetheless it is still crime.
It's an odd position to take, that a crime was not committed or the offense isn't as bad if the difficulties of committing the crime have been removed or reduced.
Yes, it’s still wrong to take things but the guy should get like community service teaching white hat techniques or something. The CEO should be charged with gross negligence, fraud, and any HIPPA/Medical records laws he violated - per capita. Meaning he should face 1M+ counts of …
What does "the crime is less egregious" even mean?
Morally, you burglarized a home.
Legally, at least in CA, the charge and sentencing are equivalent.
If someone also commits a murder while burglarizing you could argue the crime is more severe, but my response would be that they've committed two crimes, and the severity of the burglary in isolation is equivalent.
Now, how do we apply that to today’s current events?
Is it still a crime if the roadblocks to commit the crime are removed? Even applauded by some? What happens when the chief of police is telling you to go out and commit said crimes?
Law and order is dictated by the ruling party. What was a crime yesterday may not be a crime today.
So if all you did was turn a key and now you’re a burglar going to prison, when the CEO of the house spent months setting up the perfect crime scene, shouldn’t the CEO at least get an accomplice charge? Insurance fraud starts the same way…
It's a common attitude with people from low-trust societies. "I'm not a scammer - I'm clever. If you don't want us to scam your system why do you make it so easy?"
The Internet is the ultimate low-trust society. Your virtual doorstep is right next to ~8 billion other peoples' doorsteps. And attributing attacks and enforcing consequences is extremely difficult and rather unusual.
When people from high-trust societies move to a low-trust society, they either adapt to their new environment and take an appropriately defensive posture or they will get robbed, scammed, etc.
Those naïfs from high-trust societies may not be morally at fault, but they must be blamed, because they aren't just putting themselves at risk. They must make at least reasonable efforts to secure the data in their custody.
It's been like this for decades. It's time to let go of our attachment to heaping all the culpability on attackers. Entities holding user data in custody must take the blame when they don't adequately secure that data, because that incentivizes an improved security posture.
And an improved security posture is the only credible path to a future with fewer and smaller data breaches.
We can start by stopping the use of posture like you’re squirming in your seat. I’ve heard that term for the last 10 years and never has it been useful. Policy yes, Practice if you must, Mandate absolutely, Governance required.
Using posture is a kin to modeling or showing off clothes, the likes of which will never see the streets. Let’s all start agreeing that the term is a rug cover for whatever security wants it to be. Without checks and balances.
If your posture is having your rear end exposed and up in public then…
It's a generic, albeit somewhat euphemistic term. I agree we could do with some better messaging. Dirty and direct is usually more effective. How about this framing?
The Internet is a dark street in rural India and your dumbass company is a pretty young white woman walking around naked and alone at 2AM. It's not your fault morally if someone rapes you, but objectively you're an idiot if you do not expect it. Now, you getting raped doesn't just hurt you; it primarily hurts people your company stores data about. Those rapists aren't going away, so we need you to take basic precautions against getting raped and we're gonna hold you accountable for doing dumb shit that predictably leads you to getting raped.
> If your posture is having your rear end exposed and up in public then…
Right, that is most companies' current security posture: Naked butt waving in the air. "Improving your security posture" is just a euphemism for "pull your pants up and put your butt down".
> Using posture is a kin to modeling or showing off clothes, the likes of which will never see the streets. Let’s all start agreeing that the term is a rug cover for whatever security wants it to be. Without checks and balances.
No, I will not agree with that; that's ridiculous. "Improve [y]our security posture" is not some magic talisman used to seize unchecked power within an organization. It's basically just the Obama Doctrine brought to computer security: "Don't do stupid shit".
“Improve [y]our security posture” absolutely is without a definition of posture. Does that mean more monitoring? More security team members?
Posture is no replacement for a plan.
Originally it was “how we follow our plan” but that has since been thrown out the window. Now, posture is code word for cover.
I don’t mean to vent it’s just tiring having to deal with varying degrees of posturing where everyone is just haphazardly laying on a couch watching TV.
Someone presented a hypothetical scenario: What if a hacker would write a virus, which breached a totally unprotected database after the hacker has passed away. It's clear that the therapy provider is at least partially responsible.
I'm not well versed in Finnish law - but in the USA simply the act of accessing a computer without authorization, even if it not secured, can be a crime under the CFAA. So the company is still a victim, and obviously the patients as well, even if they are incompetent. For the same reason that a person that gets burgled because they left their door unlocked when they left the house is still a victim.
But if you attest that your computer system is not accessible by any passersby in order to pass compliance, is that not also a crime? If it is indeed accessible to just anyone? HIPAA law violations and all that
I’m not arguing the person who stole didn’t commit a crime - just a lesser one than actually breaking in, cracking a safe, and making off with the jewels. I think the CEO and executive staff are culpable.
The CEO should be in prison.