Is This Thing On?

by on September 12, 2006 · 12 comments

When I saw this story from the San Jose Mercury News, I was irritated by its vagueness. The campaign of Phil Angelides, the Democratic campaign for governor of California, “admits downloading” a “tape” of Gov. Arnold making a racist comment. There’s an extensive back and forth between the two campaigns about whether the downloading was ethical or not, but not specific details about what actually happened.

Fortunately, Declan McCullagh is on the case:

The controversy may center on the design of the Web server called speeches.gov.ca.gov. The California government used it to post MP3 files of Schwarzenegger’s speeches in a directory structure that looked like “http://speeches.gov.ca.gov/dir/06-21.htm.htm”. (That Web page is now offline, but saved in Google’s cache.) A source close to Angelides told CNET News.com on Tuesday that it was possible to “chop” off the Web links and visit the higher-level “http://speeches.gov.ca.gov/dir/” directory, which had the controversial audio recording publicly viewable. No password was needed, the source said.

If Declan is right, then this isn’t a hard issue.

You could do the same thing to me. I occasionally have pictures to accompany blog posts here and elsewhere, and I tend to post them in this directory. Anyone with two much free time on their hands could easily find a picture, chop off the file name, and view the contents of the directory. If the directory contained embarrassing photos of me, you’d be able to access them.

Luckily, there aren’t any embarrassing photos there, although you can see random photos of some furniture I sold on Craigs List last year. My images are publicly available by any reasonable definition. No special hacking skills are needed to access them, just a reasonable knowledge of how the web works. I don’t think there was anything remotely unethical about accessing them.

On the other hand, it’s equally clear that the governor didn’t intend to make the files publicly available. So it’s not crazy to argue that it’s unethical to release them public. But I don’t think that argument really works. When President Bush made some off-the-record (and off-color) remarks into an open microphone a few weeks ago, I don’t recall anyone arguing that repeating the statements was unethical. This case seems no different. The fact that it involves computers gives Arnold’s campaign team the opportunity to take advantage of the public’s technical ignorance to make spurious accusations of “hacking,” but those charges don’t have any merit as far as I can see.

The public has a legitimate interest in learning as much as possible about the views of elected officials on issues of public concern. Evidence suggesting that the president doesn’t like Syria, or that the governor of California doesn’t like Cubans, seems to me to be legitimate subjects of public interest, and therefore I think passing the information off to the media was entirely appropriate.

SHARE: 12 comments

About Tim Lee

Timothy B. Lee (Contributor, 2004-2009) is an adjunct scholar at the Cato Institute. He is currently a PhD student and a member of the Center for Information Technology Policy at Princeton University. He contributes regularly to a variety of online publications, including Ars Technica, Techdirt, Cato @ Liberty, and The Angry Blog. He has been a Mac bigot since 1984, a Unix, vi, and Perl bigot since 1998, and a sworn enemy of HTML-formatted email for as long as certain companies have thought that was a good idea. You can reach him by email at leex1008@umn.edu.

Read more articles by Tim Lee.

  • Ned Ulbricht
    [I]t’s equally clear that the governor didn’t intend to make the files publicly available. So it’s not crazy to argue that it’s unethical to release them public. But I don’t think that argument really works.

    Slow down.

    If there wasn’t any notice that the governor’s staff intended to keep the files private, then whatever they may have thought is utterly immaterial. Iow, it may very well be crazy to argue that it’s “unethical”—let alone criminal— to release them publicly.

    According to Laura Kurtzman’s September 12th AP report, the governor’s communications director has claimed that the files were protected by a pop-up, but this claim has been denied by the Angelides campaign:

    [Adam] Mendelsohn said the Angelides campaign staffers should have encountered a pop-up warning before downloading the audio file.

    Amanda Crumley, communications director for the Angelides campaign, said the researcher who downloaded the file never received such a warning.

    “If they have a pop-up window, that’s something they’ve added now,” she said.

    There aren’t any further details on the mechanics of this supposed pop-up window, but imho, just for instance, it’s unreasonable to assume that everyone must browse with javascript turned on.

    Anyhow if turns out that there wasn’t any real notice, then calling the CHP to investigate a “hacking incident” was at best a waste of time.

  • Ned Ulbricht
    [I]t’s equally clear that the governor didn’t intend to make the files publicly available. So it’s not crazy to argue that it’s unethical to release them public. But I don’t think that argument really works.


    Slow down.


    If there wasn’t any notice that the governor’s staff intended to keep the files private, then whatever they may have thought is utterly immaterial. Iow, it may very well be crazy to argue that it’s “unethical”—let alone criminal— to release them publicly.


    According to Laura Kurtzman’s September 12th AP report, the governor’s communications director has claimed that the files were protected by a pop-up, but this claim has been denied by the
    Angelides campaign:


    [Adam] Mendelsohn said the Angelides campaign staffers should have encountered a pop-up warning before downloading the audio file.


    Amanda Crumley, communications director for the Angelides campaign, said the researcher who downloaded the file never received such a warning.


    “If they have a pop-up window, that’s something they’ve added now,” she said.



    There aren’t any further details on the mechanics of this supposed pop-up window, but imho, just for instance, it’s unreasonable to assume that everyone must browse with javascript turned on.


    Anyhow if turns out that there wasn’t any real notice, then calling the CHP to investigate a “hacking incident” was at best a waste of time.

  • http://elfs.livejournal.com Elf M. Sternberg

    No offense, Tim, since you’ve done the same thing, but the Governator’s tech people blundered badly. What you’ve described is known as “active indexing,” which means that the web server has to make some effort to create a browseable directory listing when no default index file is provided. At least with the Apache and Light webservers (I don’t know much about Microsoft’s IIS), active indexing is off by default. You turn it on by adding the phrase “Options +Indexing” to the configuration.

    Turn off active indexing, and you can’t just browse the directory one level up: you can only view files for which you have an exact URL, or can guess the exact URL. All other URLs (including the one for the directory itself) generate a “file not found” or “listing not permitted” warning, depending upon the server.

    This is a classic social vs. technological failure: the convenience of having one auto-indexed depository for audio both raw and postprocessed overrode any consideration of security. The Governator and his tech people have now paid the price for that convenience.

  • http://www.techliberation.com/ Tim

    Guys, it seems I wasn’t clear. I completely agree that Arnold’s technical people blundered. And I agree that people shouldn’t be required to browse with JavaScript on. From a technical perspective, this wasn’t a “hacking incident,” those files were public, and (as I said before) I don’t think there was anything remotely unethical about accessing them

    But look: if the files had been copies of Arnold’s emails to Arnold’s mother about her medical problems, or email to his wife discussing their sex life, I presume we’d all agree that it would be sleazy to release that to the press. Yes, he (or his tech support people) blundered in posting the files, but that doesn’t mean that anything people find there should automatically be reported by the press.

  • http://elfs.livejournal.com Elf M. Sternberg

    No offense, Tim, since you’ve done the same thing, but the Governator’s tech people blundered badly. What you’ve described is known as “active indexing,” which means that the web server has to make some effort to create a browseable directory listing when no default index file is provided. At least with the Apache and Light webservers (I don’t know much about Microsoft’s IIS), active indexing is off by default. You turn it on by adding the phrase “Options +Indexing” to the configuration.


    Turn off active indexing, and you can’t just browse the directory one level up: you can only view files for which you have an exact URL, or can guess the exact URL. All other URLs (including the one for the directory itself) generate a “file not found” or “listing not permitted” warning, depending upon the server.


    This is a classic social vs. technological failure: the convenience of having one auto-indexed depository for audio both raw and postprocessed overrode any consideration of security. The Governator and his tech people have now paid the price for that convenience.

  • http://www.techliberation.com/ Tim

    Guys, it seems I wasn’t clear. I completely agree that Arnold’s technical people blundered. And I agree that people shouldn’t be required to browse with JavaScript on. From a technical perspective, this wasn’t a “hacking incident,” those files were public, and (as I said before) I don’t think there was anything remotely unethical about accessing them

    But look: if the files had been copies of Arnold’s emails to Arnold’s mother about her medical problems, or email to his wife discussing their sex life, I presume we’d all agree that it would be sleazy to release that to the press. Yes, he (or his tech support people) blundered in posting the files, but that doesn’t mean that anything people find there should automatically be reported by the press.

  • http://enigmafoundry.wordpress.com/ enigma_foundry

    But look: if the files had been copies of Arnold’s emails to Arnold’s mother about her medical problems, or email to his wife discussing their sex life, I presume we’d all agree that it would be sleazy to release that to the press.

    Yes there exists the intentional tort of public disclosure of private facts (which doesn’t really exist for public figures)

    But the fact that he intended to keep the files private does not change the fact that they are of public interest, so there’s nothing wrong in fact, the press has a duty) to make the files public.

  • http://www.techliberation.com/ Tim Lee

    Enigma, I agree. Isn’t that what I said in the first place?

  • http://enigmafoundry.wordpress.com eee_eff

    But look: if the files had been copies of Arnold’s emails to Arnold’s mother about her medical problems, or email to his wife discussing their sex life, I presume we’d all agree that it would be sleazy to release that to the press.

    Yes there exists the intentional tort of public disclosure of private facts (which doesn’t really exist for public figures)

    But the fact that he intended to keep the files private does not change the fact that they are of public interest, so there’s nothing wrong in fact, the press has a duty) to make the files public.

  • http://www.techliberation.com/ Tim Lee

    Enigma, I agree. Isn’t that what I said in the first place?

  • http://www.abc-acupuncture.com/baxqorav tramadol
  • http://www.abc-acupuncture.com/baxqorav tramadol

Previous post:

Next post: