G-men pay [Kyle McDonald] a visit

Looks like the men in black have paid [Kyle McDonald] a little visit. The United States Secret Service is investigating him for fraud and related activity for his People Staring At Computers project. We just took a look at that one yesterday, and were thankful that all he was doing was taking people’s pictures and not stealing their information. Looks like [Uncle Sam] wasn’t being as lenient–or it could have been Apple that did the complaining since mums the word from the corporate giant. [Kyle's] also keeping his mouth shut after soliciting the advice of the Electronic Frontier Foundation.

Since details are scarce, it’s time to play armchair lawyer. Let us know in the comments what you think [Kyle] might be up against, and whether we’ll see this thing hit the courts or not. And remember not to take those comments as legal advice since none of us actually know what we’re talking about.

By the way, the gentleman seen above isn’t [Kyle], he’s one of the unsuspecting ‘victims’ with some wikimedia commons slapped in for effect.

[Thanks Craig, David, and others]

Comments

  1. Ender says:

    My hope is that publicity like this will convince computer manufactures to put mechanical shutters over built in cameras.

  2. Maxwell Mudd says:

    @Quin: Do you think Apple specifically agrees to let people use their computers to update their Facebook profiles, or play a radio head song on YouTube? By your reasoning, anyone that does anything on these computers is committing a crime. In actuality, since there are no Terms of Use, and the computers are set up with the expectation that customers will be using them, he committed no crime. It is very, VERY, easy to set limits to a user’s activity on a user account in Mac OS, so they took no steps to prevent his actions, or to inform the customer which activities were not permitted on the computer.

  3. t&p says:

    blah blah blah
    I remember the last post about something where he got permission to do this.
    That alone should fault on the store itself and the manager.
    But it was in plain sight and he let people know that their pic was taken. He said in the vid they didn’t care. Of course that would do nothing to prove anything, but still.
    This is just too much.

    The secret service… seriously? WHY?
    That right there is fucking strange.

  4. Maxwell Mudd says:

    @Renee: Your assessments of the legality of his actions pertaining to privacy issues need to be re-evaluated. What you’ve posted simply accentuates your lack of knowledge. I could legally walk into a public restroom, take pictures of the patrons, and print and sell t-shirts with those pictures(provided I didn’t break any decency laws). The deal is that people just don’t like having pointed out that this is perfectly legal. The issues that this guy is facing are regarding POSSIBLE(but unlikely)computer fraud for using Apple’s free-to-use computers in a way that no one expected. This is NOT a privacy law issue.

  5. MAx POwer says:

    Let’s face facts.
    The Secret Service saw this and thought, “Hey what a great way to find terrorists, dissidents and cute chicks”
    and now they are currently working on putting this feature into the next Stuxnet.

  6. I personally think that what he did was unacceptable.

    Most shops that have camera, advertise the fact with a poster of some sorts.

    Just because SOME people use the computers in the Apple store like they’re sitting at home, doesn’t mean everyone does. Some people just go in and test the computer and have no real idea about macs.

    Look at Google streetview, they take pictures in public places but are forced to blur peoples faces before putting them online. Google are the masters of breaking and bending the law, so if they couldn’t get away with it, how on earth did this guy think he could?

    The Apple store is not a public place, it’s a private shop. While there may be the expectation that you’ll be recorded for security purposes, you would not expect those images to be shared online. You certainly wouldn’t expect a demo computer to be taking secret pictures of you.

    I remember one time they were recording at a london tube station and they’d placed huge signs at every entrance saying that recording was happening and not to enter past X point if you didn’t want to be recorded.

    For those saying ‘oh but the green LED comes on next to the camera, so you know its doing something’. Well yes, we know, but my mum wouldn’t have a clue what that green light means.

    He certainly doesn’t deserve any jail time. I think just a warning or a fine would suffice.

    Too many people are being sent to jail and heavily penalised for daft things. I think I’d get less time in jail for smashing someones face with an iron bar than I would for hacking into someones computer.

  7. t&p says:

    yeah okay…
    I read federal code 18 section 1030 (http://www.law.cornell.edu/uscode/18/1030.html) and know why the secret service is doing this, but he got authorization, did not “exceed authorized access,” and did nothing for fraud, withhold information to the accesor, and didn’t cause harm to government, interstate, and foreign commerce

    SO NONE OF THIS APPLIES

  8. cde says:

    @Renee You’re misconstruing what the expectation of privacy at an ATM would be. The expectation would be that noone is taking pictures of YOUR PIN or card number. And even then, the person has a duty to mitigate that possibility by blocking the view.

    As far as a computer goes, I have gave you a reason it is legal. Simply because you are doing a private act (and using a corporate computer on a private corporate network you are pretty much sol because you are allowing them to keep copies of the network info anyway) on a computer, would render that act private. It would not render you simply being there private. One, you are still in plain view. Two, the pictures taken are not of your private data. By your logic, someone doing something private, like say, urinating, in public, would make them immune to plain sight. And again, you would have no recourse if you let someone see you typing in your password. It is only if they use your password without permission.

    Oh, and I’m sure the people using the computers have no issue with the store (or outside or other stores) security cameras watching, the network admins reading their private data that they carelessly access in public.

    Mainly on that, since the pictures have nothing to do with whatever private information someone is accessing in public, it is a moot point to argue that access would pass any sort of REASONABLE expectation of privacy to them.

    As for the “If you were on the street and someone started taking pictures of you, specifically of you, you have the right to tell them to buzz off.” They do have that right. And any photographer has a right to ignore them. Any police officer reprimanding them for taking pictures in public against someone’s wishes is reprimanding them for being an asshole, and is using the color of the law to intimidate, because unless there is a law specifically and explicitly disallowing that activity, the cop had no right to do. People also get reprimanded for protesting funerals and for marching under nazi banners, but hey, look at that, freedom of speech (which photography certainly is).

    And as zacdee316 brought up, Google Street View. Even when they went on private property and included a person’s private house online, and were sued, and appealed, and went to a high court, the courts threw out the privacy claim (no damage done) and awarded a measly 1 dollar and no legal fees, for trespassing http://www.cbsnews.com/stories/2010/12/02/tech/main7110674.shtml

  9. cde says:

    @ Max, the service tech found the software, and voluntarily installed a copy of it on a work station knowing the general idea of what it did (Through network traffic, and the camera light). The guy neither distributed the picture, or named anyone. And again, no malicious or prurient interest in the picture taking. No court would find any damages in the instance.

  10. Renee says:

    I’m arguing privacy because that’s the direction the conversation went. I read the article, I know why the SS is going after him.

    Going into a bathroom is one thing, going into a stall (like I said) is another. Don’t believe me? Check The Second restatement of Torts §§ 652A-E, specifically, forced intrusion into a secluded area. Bathroom stalls count under that.

    Furthermore, if you were using those photos for subjects other than editorial, say for advertising or product design, you would need to compensate those people.

    As for privacy, like I said before, being able to access your banking records and personal correspondence is protected under the law (US Code Title 18 Chapter 119)

    Not that any of that matters, I think the strongest point is 18/1030.

    If you’re a lawyer then I’ll default to whatever you say but don’t tell me what I know and don’t know. Especially when there’s a wealth of evidence to back me up.

  11. cde says:

    @ anonymousjoepie91 Google is not Forced to do any blurring of the pictures (except for obvious military and sensitive locations). They CHOOSE to blanket blur people because it’s easier then defending a lawsuit, and more cost effective. And facial recognition is easy. Same reason movie studios want permission/release forms, because having big pockets, they are likely to be sued otherwise, even if the claim is frivolous. Look at Borat for proof http://en.wikipedia.org/wiki/Sacha_Baron_Cohen#Legal_issues
    Sued and dismissed, when you considered that this was a multimillion dollar movie shown across hundred of US movie theaters and aired countless times on TV, not just some dumb website online.

    The apple store is a place of public accommodation, and in plain view of anyone walking by. No reasonable expectation of privacy, even if it is private property.

    And for //Well yes, we know, but my mum wouldn’t have a clue what that green light means.// would the same thing apply to the London tube station filming if she didn’t read english or was illiterate or blind?

  12. Renee says:

    All of this armchair legal reasoning is great and all but I can’t take any of it seriously because I keep thinking I’m talking to Lionel Hutz:

  13. cde says:

    @ Renee US Code Title 18 Chapter 119 is wiretapping. Doesn’t apply to public photography. Nothing about the photos is related to the bank or personal correspondence, or even what is being done outside of the generic “Sitting at a computer”. Had he recorded what was being done on the computer, such as “person 255 opened a window for crapofamerica.ck” then it would be wiretapping. But he didn’t.

  14. jd says:

    ‘fraud and related activity’

    Hmmm, That really doesn’t sound like grabbing jpeg’s of people in a public place. That sounds like stealing to me.

  15. Aaron Bitler says:

    I am glad to see the EFF could provide help, its nice to see an organization look out for our rights and the future of the internet.

    Cheers!/Google +1/Like/Thumbs up
    -Aaron

  16. retepvosnul says:

    So basically the US secret services are reading the techblogs and on that they act ? So for any real crook to not get a visit from the homeland terror institutions, they only need no to blog about it !

    What utter useless incompetent bullying bastard of a government agency you have over there.

  17. Mostafaberg says:

    I think (Hope) he won’t be in any troubles !!, it’s annoying to know the US services are following hackaday.com, what a bunch of noobs lol

  18. KillerBug says:

    The government wants it to be extremely easy to hack into anyone and anything…that is why their own servers have such lax security. By exposing security flaws, he is making systems more secure…and that is an act of terrorism as far as the government is concerned. He is lucky that he didn’t simply “disappear” or “commit suicide”.

  19. harro says:

    What the?
    So it’s legal in the States to just take photos of someone without their knowing and consent and upload them to the internet?
    In Germany that pretty illegal, even without any hacking.

  20. keith says:

    maybe they want to use his resources for intelligence purposes

  21. henry81 says:

    i wish the EFF wouldn’t help him. Should teach him a lesson for trying to be clever.

    And yes, i think its about time we have a mechanical switch for the webcam.

  22. KillerBug says:

    Yes, it is perfectly legal to take someones photo and use it without their permission…that is why tabloids exist.

  23. Haku says:

    I’m not suprised in the least.

    As soon as I saw the original article I knew it wouldn’t be long before some people with power decided they didn’t like what he did.

  24. Chris says:

    Kyle surely knew he was doing something questionable, as evidenced by his roundabout and inappropriate way of getting “permission”.

    Just as Star Simpson surely knew she was doing something questionable when she walked into an airport with a strange circuit board on her shirt. In a city that had overreacted to another strange circuit as a possible bomb earlier that year. Inexplicably carrying around a lump of Play-Doh that looked like plastic explosive, especially in the context of the wires. And then walking out silently, instead of answering, when asked what it was.

    Whether either act was actually illegal is almost irrelevant in my opinion.

    Most of us learn at an early age that if you do something stupid, like stick your fingers in a fire, you’re likely to get hurt.

    But then there’s people like these, who do stupid things *in the name of art*, as if that alone transforms stupidity into something different and important.

    And if they get hurt, instead of taking responsibility, they run crying to the EFF, media, or whoever else will listen. “I’m a persecuted artist, society is so closed-minded, oppressive, and unfair, boo-hoo!”

    All I have to say to people like this is grow up. You’re old enough to know better. And if it takes some fines, lawyer fees, loss of property, or something even worse to finally get that important life lesson into your head, then that is exactly what you need and deserve.

  25. chuckt says:

    If I went to Great Adventure and rode the rides and they took a picture of me and used it in a commercial, they would be using my likeness to generate income. Could I sue because I wasn’t paid? If I can then I have a right to my photograph in public.

  26. Draget says:

    Am I the only one who thinks that this guy on the title looks kinda of CG?

  27. chuckt says:

    Someone play devil’s advocate? This guy you don’t know walks into a store, and installs something on your company’s computers and it is transmitting pictures on the internet. Wouldn’t that freak you out? It isn’t over the top or notable? Then why have a blog post about it?

  28. t&p says:

    @Draget
    That is because he looks like the black version of Gordan Freeman!

  29. chuckt says:

    The moral of the story is not to do anything without written permission.

  30. alien says:

    I think the MIB guys want to gain access to the technique so they can use the same technique for whatever purpose they might need it.

  31. Polymath says:

    @t&p
    Dude, you beat me to it. I was looking for the creepy g-man in the background!

  32. mark429 says:

    wow. I had no idea HaD was so full of sheeple….
    unless you live out in the boonies you are recorded on camera pretty much every where you go. The only difference here is that a private citizen who was open and honest about it performed the surveillance instead of some government thug. The SS is probably just pissed off that this guy has raised public awareness to the dangers of having a camera installed in just about everything electronic. IF you think that the goverment(or even a little kiddie scripter) can’t turn on your webcam/phonecam/ etc. without turning on the little record light you’re delusional. hell just google bluetooth hacking and you’ll freak right out at what can be done to your precious little cell phone without you ever knowing… Any U.S. citizens reading this and thinking ooh that guy got what he deserved should be ashamed of themselves and go live in communist China.. Before you go see if Philip T can give you some Mandarin lessons (j/k)…

    “Those who desire to give up freedom in order to gain security will not have, nor do they deserve, either one.”
    Benjamin Franklin

  33. Aaron says:

    There’s no fucking winner here, no one deserving of support — Apple is Apple, the Secret Service is what it is, and the guy who calls what he’s doing “art” is a pretentious little fuck who didn’t get paid enough attention as a child. Misquoting Franklin through a Guy Fawkes mask won’t change any of that.

  34. localroger says:

    @chuckt: If I went to Great Adventure and rode the rides and they took a picture of me and used it in a commercial, they would be using my likeness to generate income. Could I sue because I wasn’t paid?

    Absolutely. They need a document from you called a “model release” which gives them permission to use your likeness for publication or commercial purposes. Everyone who does professional photography of people knows about this. If they used your pic in a commercial you would have a slam dunk civil tort against them and you could also get an injunction requiring them to stop publishing your picture.

    In practical terms, though, you probably wouldn’t do that unless it was a big national ad campaign or you for some entity you hated, because the recoverable damages probably wouldn’t be that great. Using your pic without permission is a tort, but how much of a tort depends in part on circumstances and in part on how much money is involved.

    I am guessing that the SS’s interest in Kyle stems from a confluence of circumstances:

    1. He diverted someone else’s computer resources to pull the stunt. True, he didn’t do damage or divert much, but he did use computers he didn’t own in a way their owner didn’t intend. That might not be a big crime in itself, but…

    2. The pictures are high resolution, the subjects easily identifiable, taken without permission or model releases, and published for potential financial gain as part of his art installation. Again, not a big tort per subject, but…

    3. He did it THOUSANDS OF TIMES. Even if a court was likely to decide that he owes each subject the princely sum of one dollar, he is deep in felony territory.

    If you run a salami slicing scheme which steals $0.0001 from each of ten million customers of a bank, you may not have hurt any particular person noticeably but you are still guilty of felony fraud and will do hard time if you’re caught. The principle here is similar. The basic crime is the misdirection of computer resources for benefit, the basic tort being the unauthorized publication for gain of peoples’ images. Neither might be of much interest if he had only done it once, but both are clearly wrong and he did it to thousands of people.

  35. PJ Allen says:

    Here’s an article from the Beeb —

    http://www.bbc.co.uk/news/technology-14080438

  36. Max says:

  37. vic says:

    1) He only asked a security guard if it was OK to take pictures. It’s quite a stretch to assume it implies permission from Apple to install software on their computers.
    2) It is perfectly legal to take any pictures in a public place.
    3) It is *not* legal, however, to publish a picture of a person, when this person is the main subject of the photograph, without her consent.
    4) Hack a Day doesn’t have more right to publish the picture of this person than Kyle McDonald had.

  38. svanheulen says:

    He took pictures of people without their permission on private property. That’s illegal, end of story. He’s boned.

    Also, it annoys me that the EFF is involved. They have real issues to deal with.

  39. mark429 says:

    @ Aaron, I agree now winning here. Sorry for the mashup of quotes I stand corrected.

    They that can give up essential liberty to obtain a little temporary
    safety deserve neither liberty nor safety.
    — Benjamin Franklin (1706-1790), Letter to Josiah Quincy, Sept. 11, 1773.

    Those who desire to give up freedom in order to gain security will not
    have, nor do they deserve, either one.
    — President Thomas Jefferson. 1743-1826

    Oh and I’ve never been one to hide behind a mask. I use the name mark429 everywhere I go. If you must know I am mark dot abraham at us dot army dot mil

  40. mark429 says:

    shit, I meant no winning…

  41. mark429 says:

    and to clarify I think the guy in the article is a douche.. I just think it a is a fucked up waste of tax payer dollars to have the SS investigate this bullshit stunt, let the local cops or better yet Apple’s lawyers deal with this and let the SS concentrate on things that actually fucking matter…

  42. anyone says:

    two major mistakes here:

    1. the guy wanted to brag about his legally questionable project
    2. attaching a traceable identity to said project.

    several people here who do hacking have this problem; too much pride and diarrhea of the mouth.

    so many cool exploits have been found over the years, only to be shared by pride hungry people to raise their magical internet rep, leading to new laws or sewn holes, ruining it for everyone.

    when will people learn? i hope this guy gets jail time.

  43. abobymouse says:

    @ mark429 – you’re currently in breach of Army Regulation 530–1: Operations Security (OPSEC). Enjoy that “free speech”.

    Also, you say “a private citizen who was open and honest about it performed the surveillance” – no, he wasn’t honest and open. He didn’t get permission from the owners of the computers to install his software. He didn’t get permission from the people he photographed. He didn’t tell anyone before he did it. That’s neither open nor honest.

  44. shazzner says:

    If you think this guy should be locked up for the rest of his life, then you’re a piece of shit.

  45. david says:

    Insult: Mind-boggling that the readers of this site are so poorly educated when it comes to legal rights. You can program night and day, but most of you wouldn’t know a legal theory if it wiretapped you.

    His conduct was perfectly legal. Here is why.

    Rationale:

    1. The right to privacy is based in the right to be free from unreasonable (e.g. warrantless) searches and seizures. Only government actors are required to obtain warrants; private actors are under no legal duty to respect constitutional rights unless the federal government expands the scope of enforceability to include private actors.

    2. The constitutional right to privacy has never been enforced against private parties. The federal government does enforce certain constitutional rights against all parties, governmental and private. Best example is 13th Amendment-discrimination on the basis of former slavery is enforceable against any party. Constitutional rights are extended in certain contexts, like employment and public accommodations.

    3. A breach of privacy by taking your picture without your consent does not rise to the Constitutional level unless it is in a protected context. Apple stores are not in any protected context.

    4. Therefore, no breach of the right to privacy under the Constitution.

    5. However, there is still state law and tort law.

    6. Therefore, if the FBI is involved, there are concerns of federal law violations. None here. Case closed.

    I promise that unless he did something that hasn’t been published yet, the whole thing just blows over. However, it is possible that the FBI knows something that we don’t, in which case it goes to trial. But either way, it probably will just go away.

  46. Aeva says:

    Security cameras record all sorts of things that happen in public space, and it is not unusual for particularly indignant behavior to make it on TV or the internet without the consent of the observed.

    How is this any different?

  47. mark429 says:

    @ abobymous, I am enjoying my free speech and in no way shape or form am I in violation of any regulation, especially 530–1, unless they have a new reg on HaD trolling and quasi-arguing with random hacker dudes on this site =) You have a point about the honest and open remark, what I meant was that instead of setting up a keylogger and stealing people’s info he set up a website and posted some random webcam pictures to it, not exactly nefarious or criminal and my main point was with all the messed up shit that’s going on in our own country and all across the world, the secret service should have better things to do… This smells like security theater to me.

  48. Quin says:

    @abobymouse
    I hope you don’t really think Army code applies to civilians.

    Seriously, everyone defending this guy saying what he did is not a crime: ask yourself if the following applies to what he did.
    “Whoever—
    (2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains—
    (C) information from any protected computer; ”
    or
    “(6) knowingly and with intent to defraud traffics (as defined in section 1029) in any password or similar information through which a computer may be accessed without authorization, if—
    (A) such trafficking affects interstate or foreign commerce;”
    First one is pretty obvious, second one might require Apple to claim that doing this impacted sales. Remember, faces can be used for bio-metric passwords now. And the phrase “similar information” is really legally vague. Separate legal discussion on whether the sale of devices made in other states constitutes interstate commerce, but it could be argued that it does.

    As for how it differs from security cameras, well the Apple store can’t use video from it’s security cameras for anything other than security. They can’t publish those videos anywhere, they can’t use them in an advertisement without a model release from every person in them. They can watch the videos and look for people breaking the law, and they can use the videos for evidence in a court case; but that is about it.

    This is really going to hinge on whether he had, or thought he had, the permission of the people who owned the computers at the time. Having a security guard tell me I can walk out of a shop with a unpaid-for jacket doesn’t make it not shoplifting if I intended to defraud the store. His intent will be a big part of any charges, so he’s smart to not say anything else about it.

  49. cidtrips says:

    The guy obviously broke the law. But seriously, one of the reasons we have judges in our judicial system is for situations just like this. Remember people, there is an exception to every rule, and just because the law was broken, doesn’t mean the accused is guilty of a crime.
    Think about this for a second; In nearly every state it is illegal to make a left at a red light, but perfectly fine to make a right. What about the situation presented by making a left from one one-way street onto another one-way street. Doesn’t this present the same conditions as making a right at any other light? The driver need only concern themselves with traffic coming from one direction. By making a left at this light, the driver is technically breaking the law, and should rightfully be issued a citation for doing so. A judge, though, has the authority to dismiss the charge based on the conditions of the infraction, and any reasonable judge should see how the intent of the law doesn’t apply to the situation, even though the letter of the law does.

  50. chuckt says:

    Quin,

    If other people are using the computers to check email or insert thumbdrives then how are the Apple computers protected computers and how is Kyle’s access exceeding the authorization that everyone else has? Was there a sign or a contract at the store? Was there a EULA that anyone checked? Were other people using the web cams? Were other people surfing the web or using the internet?

    Chuck

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 94,048 other followers