Child Trafficking Operation We Should All Do Something About

TDLR: a Finnish corporation has setup their information processing system to be perfect for both stealing child information as well as being impersonated due to zero email security on their official domain. This combination of theft of real child protection cases (and all the kinds of paperwork you could possibly need) and allowing impersonation of their official domain, is ideal for abducting children from orphanages, foster organizations, even adoption, or straight abduction, and moving them around the world with fraudulent documents. Many targets would have little training and means in anti-fraud and would also "want to believe" children are going to a better life in Finland.
Children could be in transit using fraudulent documents and misrepresentation of these companies right now. Since the scheme can operate in any country in the world, the only way to protect children from this security vulnerability is to spread this information globally, starting for example with law enforcement and child protection reporting systems in every country.
So please if you live in a country report this information to at least the proper channels if not other concerned parties. The vulnerabilities and law breaking the above represents are immediately obvious to anyone familiar with the DNS system and the GDPR, however if you're wondering what an AI like ChatGPT thinks of all this, I've done that basic sanity check for you:
https://chatgpt.com/share/6883c7e7-8bc4-8013-a982-62af7cb9e4c1
Feel free to submit the same prompts to the AI of your choice.
ChatGPT's conclusion abot all this:
"""
Final Thoughts
This setup creates a perfect enabling environment for child trafficking, including:
Digital identity laundering
Institutional impersonation
High-value data extraction
Complete lack of traceability or lawful oversight
If even one actual communication involving children’s data or welfare occurred through this .com domain, it is grounds for:
Immediate investigation by Finnish and EU authorities
Suspension or criminal scrutiny of anyone authorizing or tolerating the setup
"""
The base DNS records (DNS standing for Domain Name System) can be sourced directly from ICANN (the organization in charge of these records so the internet and world wide web functions as it does):
https://lookup.icann.org/en/lookup
Email server records, called "MX records" can be sourced from google's tool:
https://toolbox.googleapps.com/apps/dig/
Which will report "record not found" when clicking on MX.
But there's a bunch of tools available to make these inspections.
The errors produced by another popular tool https://mxtoolbox.com/emailhealth/ summarize the complete absence of any email security whatsoever:

Category Host Result Status
Problem mx uomasosiaalipalvelut.fi DNS Record not found Status
Problem mx uomasosiaalipalvelut.fi No DMARC Record found Status
Problem mx uomasosiaalipalvelut.fi DMARC Quarantine/Reject policy not enabled Status
Problem dmarc uomasosiaalipalvelut.fi No DMARC Record found Status
Problem spf uomasosiaalipalvelut.fi No SPF Record found Status
Problem spf uomasosiaalipalvelut.fi No DMARC Record found Status
Problem spf uomasosiaalipalvelut.fi DMARC Quarantine/Reject policy not enabled

Is there any actual evidence that any children have suffered because of what you explained?

Various documentaries have been made about similar practices taking place in the Netherlands, and political parties have tried to garner attention for it. Predictably, the political establishment isn't interested. I wonder why?

All I can say is that western intelligence agencies like the CIA, MI6 and Mossad have been linked at various points in time and on multiple occasions to global pedophile networks.

Too crazy to be true(?).

Quoting Sir2u

Is there any actual evidence that any children have suffered because of what you explained?

First of all, compromising people's data is itself harmful, which then, in itself, causes the suffering of needing to worry about how one's data could be used for ill, once one is made aware of the data breach (as required under the GDPR). If you knew your ID and medical history was stolen that would cause suffering even if the data theft is never exploited to commit further crimes against you.

Of course, I am aware your meaning is suffering beyond compromising the data in itself, but I just want to fully clarify that violating people's privacy, sending their data to the some anonymous individual, is harmful and causes suffering in itself.

This totally illegal setup has been running for at least 7 years compromising hundreds, likely thousands of people's data, so really not good.

Further crimes against children by the network involving the above company have also been committed; however, I can't as easily report on confidential information of ongoing investigations and / or court cases.

The data breach part of this criminal network, however, is public information so anyone can re-publish it anywhere and draw attention to it.

As to what exactly these corporations and their criminal network are doing; I only have insight into a small part.

However, what I can say about the whole is that there is no legitimate business process that would result in this sort of information processing setup.

These are corporations that can only exist with boards of qualified corporate managers liable for what the corporation does.

Quoting Limited Liability Companies Act

Chapter 22: Damages
Section 1: Management’s liability for damages

A member of the board of directors, a member of the supervisory board and the managing director
is liable to compensate for any injury or damage that they have, in violation of the duty of care
referred to in chapter 1, section 8, while in office, intentionally or through negligence caused to
the company.

A member of the board of directors, a member of the supervisory board and the managing director
is likewise liable to compensate for any injury or damage that they have, by violating other
provisions of this Act or the articles of association, while in office, intentionally or through
negligence caused to the company, a shareholder or a third party.

If the injury or damage has been caused by violating this Act in some other manner than by
merely violating the principles referred to in chapter 1, or if the injury or damage has been caused
by violating the provisions of the articles of association, it is deemed to have been caused through
negligence, unless the person liable proves that they have acted with due care. The same
provision applies to injury or damage that has been caused by an act to the benefit of a related
party. (512/2019)

The last thing you want to do as a corporate manager is be involved in breaking the law, as that's always by definition intentional or negligent violation of your duty of care.

Violating the GDPR, even in subtle ways, has famously large consequences:

Google GDPR fine summary:
GDPR fines are administrative penalties that can be imposed on organizations that violate the General Data Protection Regulation (GDPR). These fines can be substantial, reaching up to 4% of a company's annual global turnover or €20 million, whichever is higher, for serious infringements. There are two tiers of fines, with the lower tier reaching up to 2% of annual revenue or €10 million.

Fines Structure:
Tier 1: Up to 2% of annual global turnover or €10 million, whichever is higher.
Tier 2: Up to 4% of annual global turnover or €20 million, whichever is higher.

So any corporate manager, even more-so for something as serious as child welfare services, will know about the GDPR, informed by their lawyer or then it being constantly in the news. It was the absolute biggest news in EU corporate management for years, while it was debated, then passed, then the 2 years before coming into force and then the constant high-stakes legal cases resulting from the GDPR.

The first thing a corporate lawyer will tell you as a corporate member of the board is that implementing the GDPR for processing sensitive information requires expertise, having regular data audits, and no expert consultant or data auditor of any kind would not immediately identify all the serious security concerns in themselves of the data setup described in the OP as well as the long list of GDPR violations. This is really basic stuff.

But that's anyways how corporations work, that liability is transferred to qualified experts about as much as possible (so that the corporate managers cannot be held responsible for intentionally or negligently causing harm if they hired an expert to do it; an expert that then has insurance to cover their own negligent damages they might cause; why everything get's so expensive so quickly doing things the corporate way).

Ignorance is not a defence of corporate board responsibilities (such as to avoid being fined and / or sued under the GDPR) and it's simply not a hypothesis in this case worth entertaining.

Any legitimate corporation that is created to handle incredibly sensitive information will have at least 1 board member talk to their lawyer to go over the liability of the position which will result in immediately identifying handling the data as a major source of liability and disagreeing with a plan to just have somebody improvise the whole thing ... and also remain anonymous for the part where they improvise the email setup in the US.

A typical legitimate board member of this kind of corporation, if it were legitimate, would be very accomplished in their career, regularly consult with their own legal council about legal issues and take their responsibilities of due care seriously.

In addition to that, these corporations do government contracts to provide social services, so there would be another round of due diligence (and supposed to be regular review) from the government to get these contracts.

Point being, the hypothesis that a corporate board of child welfare company "accidentally" created a data processing setup that happens to be ideal for trafficking children is super amazingly implausible, and anyways is not a defence for the GDPR breaches as well as any damages that occur anywhere in the world. For, this setup makes the board members of these corporations not just liable to whoever's data they handled but also to anyone that is damaged by their child corporate welfare corporations having zero security measure implemented to avoid fraudulent emails representing their corporation.

"Limited Liability Companies Act" and "we didn't know about the GDPR" are not remotely plausible legal defences for corporate board members.

Therefore, we can be extremely confident this data processing setup was created and then shielded from scrutiny for the purposes of committing crimes (which there's specific evidence of more crimes than the criminally negligent data handling, but the above is another way to arrive at the same conclusion).

That it can be used to impersonate Finnish child welfare services and gain custody of and traffic children anywhere in the entire world is reason to disperse the notice as widely as possible (which if you live in a country, you can do; most countries have reporting channels, even anonymously, and just sending the notice could intercept a child being trafficked right now).

Such child abduction and trafficking crime can also be committed without even involving the corporations that created these vulnerabilities; any cyber criminal can discover these vulnerabilities and then exploit the with their criminal network.

Quoting Tzeentch

Various documentaries have been made about similar practices taking place in the Netherlands, and political parties have tried to garner attention for it. Predictably, the political establishment isn't interested. I wonder why?

In this case, that their email not even corresponding to their official domain and instead a 404 error page is red flag that anyone with anti-fraud training would discover pretty much immediately.

So we can be sure that government officials (police, prosecutors, judges, bureaucrats of various kinds) are involved in covering up this illegal operation, either because they are in on it or then manipulated by others who are in on it to ignore the red flags.

Doesn't need to be an intelligence operation though.

Quoting Tzeentch

All I can say is that western intelligence agencies like the CIA, MI6 and Mossad have been linked at various points in time and on multiple occasions to global pedophile networks.

Too crazy to be true(?).

Absolutely not too crazy to be true and we have abundant evidence this happens.

However, at the moment nothing requires involvement of intelligence agencies to explain. Just "regular crime" also happens of, for example, pedophiles making a child protection agency and then making money in organized crime and compromising public officials to shield their organizations from scrutiny; once enough public officials are compromised then other public officials that weren't involved in the original crime tend to conclude they need to help coverup the incredibly embarrassing truth in order to protect their own political future, so the coverup tends to sprawl out precisely due to it being uncovered if it has reached a critical mass.

Also, to address the point of why they have an email setup with zero security, both on their official website and this anonymously owned .com domain that they process emails on, but exploiting this vulnerability to send fraudulent email would take some computer skills, this is not a paradox of contradiction but easily compatible.

Corporate crime is almost always committed with layers of plausible deniability built in. Even if negligence is not a defence to allow criminal processes under your supervision, it's still better to be facing negligence charges than co-conspirator charges.

"Oh I'm just dumb, I didn't think" is still better to be able to say than facing clear and unequivocal participation in a criminal scheme.

So, in this case, if the key criminal role of the management of these corporations is to create the vulnerabilities in the first place and then those vulnerabilities can be exploited by criminals committing the criminal acts themselves that have some degree of criminal separation, then this maintains some plausible deniability that the vulnerabilities are created intentionally to participate in human trafficking.

What is meant by "degree of criminal separation" is that the criminals who then actually make fraudulent emails and actually go traffic the children are working for someone (who in turn maybe working for someone) up to a top boss that can then deal directly with criminal corporate managers in Finland. The "criminal laborours", for lack of a better term, would then not need to even know that the vulnerabilities were created intentionally for the criminal operation to function, but for all they know they are exploiting accidental vulnerabilities. Criminal management in Finland can then be compensated in off-shore accounts or with other money laundering methods.

Likewise, people who actually work for the child welfare corporation in Finland can be completely unaware that information they handle is being stolen for the purposes of human trafficking. For example, you can setup parallel devices that download all the information and you could even tell your employee about these parallel devices and that they stay in the office as a backup; indeed, you could explain that as precisely due to the sensitive nature of the processes this is a necessary security measure in case they lose their device.

As importantly as all that, Finland is a high technology sophistication country, so everyone who does anything remotely professional has degrees and certificates and so on. You need training and a certification to work as a waiter/tress in a restaurant.

Quoting Waiter/waitress training, Omnia.fi

Description of the training

You will graduate as a waiter/waitress from the Further Vocational Qualification in Restaurant Customer Service. During the training, you will learn to describe, recommend, sell and serve restaurant food and beverage products. You will be able to serve customers in a spontaneous, friendly and responsible way and to act in accordance with the company’s business idea and service culture.

You will also be able to explain to customers the ingredients and preparation methods of the food dishes sold. You will be able to serve customers with special dietary requirements and to process payment instruments. You will learn to make sales accounts and operate profitably, as well as to use various working methods, appliances and equipment.

So if you need training and certification to be waiter/tress at a restaurant, imagine how much training and certification software engineers have who build GDPR compliant systems for handling ID, medical and court information have. A lot.

In this sort of professionalized environment it creates a further problem of how to recruit a competent software engineer into your criminal conspiracy.

Your choices are:

1. Hire competent and non-criminal competency and try to carry out your criminal scheme behind their back. But this creates the enormous risk that the slightest thing that goes wrong, a single error message or someone making contact to report some odd thing on their network (such as a bounded email or information transfer or what have you), could result in an investigation and immediate uncovering up crime. If you higher some actual IT firm that dates responsibility for the data, they may do their jobs. Even if you circumvent their policies they may change policies at anytime in a way that reveals the previous circumvention.

Really this choice is a non-starter since if you have the skills to defeat highly trained forensic data experts that work for companies that actually manage ID, medical and legal information, then you have the skills to do things yourself.

2. Recruit a expert into your criminal conspiracy. Problem here is that easier said than done. Information experts don't necessarily need the extra cash, if they did they might not choose child trafficking as their extracurricular criminal activity of choice. Furthermore, even if you did find such an expert to setup and manage your network in a way that was not obviously in violation of the GDPR and participate in carrying out and covering up all the criminal activity, you'd be working for them as they would know everything, have backups of everything and possess all the leverage they could possibly want to rat you out. Such a person could extort you at anytime for any amount, so playing things out you may end up losing your cut and still be ratted out, so what's even the point of doing crime in that case? So, hard to find such a candidate and even if one did exist you may want to stay in charge of your criminal operation which requires staying in control of the data systems necessary to carry out the crimes in question, leading to the last and best option if you are not yourself an computer and information expert of some kind.

3. You improvise the data processing setup in such a way that allows your criminal partners to use out-of-country cyber criminals to carry out the crimes exploiting the security vulnerabilities, without even knowing this is by design. Cyber criminals are of course available for higher globally; the issue above is finding someone actually qualified in Finland for data GDPR compliance that you will trust with a birds-eye view of the whole scheme. With very little IT skills you can setup an official website with Wordpress (what this "corporate group" we are discussing actually does) and have zero email security opening the door to be fraudulently misrepresented by your criminal partners elsewhere (also what they actually do). Likewise, with very little IT skills you can setup email on another domain that is registered outside the EU (and so far less compliance checklists to go through as just an "private person"), in this case to an anonymous individual in the US, and so simply bring all the data outside the EU and GDPR scrutiny of even the service provider (and entirely outside the supervision of any competent IT company, which is not even involved at all). Suspicious logs maybe subtle, such as downloading information to suspicious devices and making the occasional odd contact to legitimate conversation (a fraudulent conversation could be a mix of actual emails that don't contain crime and fraudulent emails to pass the criminal information).

This irregular and non-compliant setup will still be noticed by police, prosecutors and judges in charge of the legal cases of these child protection process, but they can be compromised in various ways (from bribes to extortion).

Unlike hiring some highly skilled IT person that would have all the information, have the skills to launder their cut and disappear if needs be, but most importantly be the single most valuable person to any actual police investigation, having backups of all the data and communications etc. (possibly also recordings and other things competent IT people can easily do), compromised officials are far more easy to control, can have very little knowledge of what the scheme even is (just that if they don't do what they're told they won't get their money ... as well as arrested or even murdered, capiche), and would have little to no leverage if ever there's a legitimate investigation, so you can be more confident they really do work for you and not the other way around.

In fact, my guess would be this kind of criminal enterprise starts in the public sector by high-up pedophile officials, such as your typical Finnish appellate judge, who then slowly grow their criminal conspiracy over the years, maybe starting small with just covering up child rape crimes purchased on the "normal" blackmarket, creating a clique of officials that carry out and then coverup rape crimes against children while also then creating relationships and links with organized crime; at some point it is realized a lot more money could be made by everyone and a lot more children could be raped by those involved if the government say ... I don't know, ... just spit balling here ... contracted out child protection tasks to a private corporation that can operate without scrutiny (normally social workers in Finland work directly for the government so therefore use information systems managed by and overseen by the government IT people with all sorts of robust systems and scrutiny in place).

It would be difficult to conceive of and execute on this plan purely from the private sector (we're going to setup this company and this non-compliant GDPR system to do crime, then get government contracts and simply assume anyone who needs to be compromised can be compromised at any given time), but would be easy to conceive up and execute on from the point of view of public officials that have both a birds-eye-view and means of compromising the processes involved and are already involved in this kind of crime and now want to streamline things. This transfer of government money to a private corporation dealing in highly sensitive processes with essentially zero public supervision of what they are doing, also enables your more ordinary embezzling and laundering of government funds.

Furthermore, often red flag reports go to some choke point, so only that point needs to be compromised to reassure everyone below them that "nothing to see here" for the scheme to go unnoticed (so even if lots of people may notice a red flag that doesn't mean they all must be compromised). If you are unfamiliar with how the internet works and how the GDPR works and just find it odd that this company uses an email that has no corresponding website, and is not their official website, if some judge, or police chief or data controller told you that they know already, not to worry about it, most people wouldn't think further about it as it's "not my problem anymore". In fact, most people when encountering an irregularity outside their domain of expertise can be just confidently told the irregularity is in fact a good thing and required for greater security of these highly sensitive processes. So, police or other government employed child welfare officers involved could be just told things are done this way for "added security"; they'd have little way to know that makes no sense and their usual habit would be to not discuss their cases so it would be unlikely to randomly come up in conversation with people who would find that problematic (so from their perspective they carried out their anti-fraud training, reported out an email discrepancy as is their training, their job is done on that).

To take targets of the scheme in foreign countries, for example, in getting an email error message of some kind (say you write back to a fraudulent email and it bounces) you could be phoned up and told any number of things that will in fact increase your confidence this error message represents more rather than less security: for example that precisely because it's highly sensitive child information that this easily triggers all sorts of security systems that then make these sorts of error messages so that we can be sure everything is working as intended, or then simply the system is down precisely because the information is so sensitive and everything is regularly audited! Which is an essentially unsolvable problem in security that all anti-fraud warnings can themselves be transformed by fraudsters into an advantage when dealing with untrained people (a la "we're special, this whole process is special, therefore special things happen in these special processes and you can trust our special knowledge to guide you through this special day, and then once you know what we know you'll be special too").

As to the question of why government criminal conspiracies and networks so often involve pedophilia, I would not attribute most of that to the machinations of intelligence operations, though of course that happens too, but crime is anyways happening all the time and intelligence agencies are involved in very little of it overall.

The reason pedophilia and government corruption (or large institution corruption such as the Catholic Church) is so associated I would argue is not simply confirmation bias that such scandals get the most attention, but that such conspiracies are the most stable and so survive the longest with the most advantages both against legitimate law enforcement as well as other criminal conspiracies wanting to dominate the same processes but for different criminal reasons.

For, the major weakness of a criminal conspiracy over time is its internal coherence. For example, even if the criminal conspiracy under consideration is well run with no leaks or weaknesses, for example just embezzling government money in a super sophisticated way or then compromising border security to run drugs and these sorts of crimes, the criminal involved may anyways get caught doing other crime, then they find themselves faced with doing time and have the option of using their leverage of their knowledge of this other organized crime they are involved in. Criminals are not necessarily the most stable and law-abiding of people and so often it's this extracurricular crime that gets criminals in trouble and motivates them to rat on their criminal colleagues.

So there are these accidental weaknesses in most criminal schemes which there is not really any good way to prevent.

The exception to this rule is pedophilia. It's very unlikely for someone to confess to being involved in pedophilia and child rape in order to avoid prosecution of other offences.

So accidental discovery of a pedophile network is unlikely due to chance encounters with law enforcement about other fucked up shit the members of the conspiracy do in their spare time.

Then there's intra-conspiracy extortion. Another pathway to breaking up a criminal conspiracy is when members of the conspiracy start extorting each other. The means of extortion in a criminal scheme is simply threatening doing the above and going and cutting a deal with law enforcement. Even if this doesn't happen, this lowers the trust and mutual respect required for team work to happen effectively, so even if the ratting out doesn't happen the conspiracy will likely cease to function effectively (members may start destroying evidence and making sure not to create new evidence so they are squeaky clean).

For the same reason someone is unlikely to confess to pedophilia and raping children to plead down other offences, they are also unlikely to threaten to do so.

In other words, pedophilia and child rape are crimes that form the long term basis for trust based cooperation.

Through a process analogous to evolution and natural selection it is therefore pedophilia based conspiracies that have an advantage for long term survival. The potential effectiveness of any cooperative venture is directly proportional to mutual trust. Take a military unit where people trust each other implicitly and absolutely compared to a military unit where everyone suspects everyone else of being either dangerously incompetent or even enemy spies; the former organization can attain high levels of effectiveness while the latter not so much.

So, over the decades, if a pedophilia and child rape ring within government survives it will become more, rather than less, robust and stable over time. The pedophilia and child rape ring will be acutely aware of who threatens them and they can use their existing positions, power and connections with organized crime outside government to remove or otherwise neuter those threats. They cannot only use their network to rape children, but make lot's of money in selling that service to others but also just any criminal scheme that the are in a position to execute on, such as simply embezzling government money, taking bribes, protecting the drug trade and taking a cut, and so on.

Since they can have high confidence the other pedophiles in their network are exceedingly unlikely to confess to child rape, they can work in a highly organized, methodological and long term fashion.

Criminal conspiracies that do not solve the classic prisoner dilemma and variations or intra-conspiracy extortion dilemma (which is just a threatening the prisoner dilemma to maximize gain within the conspiracy) described above, will be unstable and ephemeral. The other long term basis for criminal conspiracy, as Vin Diesel in Fast and the Furious informs us, is "family", but this criminal foundation has the weakness of everyone involved being obviously linked whereas pedophilia does not have this weakness. An entire government process could be completely filled with pedophiles and it would not be obvious that there is a connection between anyone, much less everyone, arousing natural suspicion, compared to a situation in which everyone involved, from police and prosecutors to judges and witnesses etc., are apart of the same family, which would seem curious to most people; so pedophile networks even have an advantage over family based criminal networks.

If you have a long term advantage, over time you will likely dominate the space concerned. Of course that doesn't mean any given pedophile that launches into crime has an advantage, just the smart ones that manage to build a cooperative network and get over the first hurdles in doing so.

Quoting boethius

— Limited Liability Companies Act


The last thing you want to do as a corporate manager is be involved in breaking the law, as that's always by definition intentional or negligent violation of your duty of care.

Do you really think that this applies international? Have you any idea how many countries have massive companies without a single member on the board of directors. And that does not include a bunch of oversees companies that operate internationally and are not liable to nor answer to anyone.

As for the rest of what you wrote, it still does not answer the question!

Quoting Sir2u

Do you really think that this applies international?

Let's just start with the EU as qualifying as "international".

Can you name one EU limited liability corporation that does not have a board of directors?

Quoting Sir2u

Have you any idea how many countries have massive companies without a single member on the board of directors.

Please inform me. Can you start by naming just one massive limited liability corporation that has no board of directors?

Quoting Sir2u

And that does not include a bunch of oversees companies that operate internationally and are not liable to nor answer to anyone.

Again can you name one oversees company of whatever form (limited liability, partnership, single proprietor) that are "not liable to nor answer to anyone"?

But we're talking about Finland, so after answering these questions please clarify how it relates to Finland.

Are you saying companies in Finland are not liable to anyone in Finland?

Quoting Sir2u

As for the rest of what you wrote, it still does not answer the question!

I did answer your question.

Compromising someone's data, violating the law that is the GDPR and a bunch of other laws, is by definition harmful and causes suffering (one must worry how one's data maybe abused).

If you disagree, just DM me your ID, medical history, anything else you consider legally private information, thus making the point that you don't feel others having a copy of your sensitive information is in anyway harmful.

Other forms of harm have also occurred but I can't so easily disclose specific details of individual cases at this time, hence to focus on the legal violations that can be demonstrated using only publicly available information.

Since the information setup can be used to steal information and create fraudulent child transfer processes anywhere in the world, the only way to discover fraud in other countries, especially poorer countries with less robust systems, is that a victim of the fraud encounters this notice.

There is no possible downside to spreading the information, in particular to authorities in different countries who can check if they are possibly a victim of a scheme involving the fraudulent representation of these companies we are talking about.

To save time for anyone interested in how things actually work.

All companies of all forms are liable. The type of company determines who is liable. A single proprietor and partnerships usually have unlimited liability for the owner(s) / manager(s).

Why limited liability (.ltd) corporations are so common is because, as the name suggests, liability is limited. What this means is that the managers of a limited liability company, even less the shareholders, are not personally liable for the decisions they make on behalf of the company (such as in day-to-day management typically by the managing-director, in board meetings by board directors, and in shareholder meetings by shareholders).

The basic meaning of this is that a limited liability company can go bankrupt and no one involved is personally on the hook to pay the outstanding debts.

There is, however, a critical caveat to be off the hook for debts or other damages the company has caused others, which is exercising "due care". Due care is basically a catch all for not being criminal or a complete moron basically.

As you may imagine, if you've been embezzling money out of the corporation you can be held personally responsible for that, likewise if you cause damages due to negligence you can be held responsible for that.

Where the liability is limited is for bad outcomes of business decisions that were legal and did make some sense at the time, such as taking out debts to launch a product and that product just doesn't sell leading to bankruptcy.

Since we're talking about Finland, this manifests in the law as the first and only duty of management:

Quoting Limited Liability Companies Act

PART I: GENERAL PRINCIPLES, INCORPORATION AND SHARES
Chapter 1: Main principles of company operations and application of this Act
Section 8: Duty of the management

The management of the company shall act with due care and promote the interests of the
company.

As for the idea corporations don't need a board of directors at all, we'll soon see if there's even one country in the world where this is true, but in Finland it is definitely not true:

Quoting Limited Liability Companies Act

Chapter 6: Management and representation of a company
Section 1: Management of a company

A company shall have a board of directors. It may also have a managing director and a
supervisory board.

Quoting Limited Liability Companies Act

Section 8 Members: deputy members and chairperson of the board of directors

There shall be between one and five regular members of the board of directors, unless otherwise provided in the articles of association. If there are fewer than three members, there shall be at least one deputy member of the board of directors. The provisions of this Act on a member also apply to a deputy member.

How this all applies to the subject of the OP, is that the companies concerned definitely have a board of directors and by not implementing the GDPR those board members make themselves personally liable to be sued by any victims of the data breach for their negligence as well as being fined by the state; fines up to 10 - 20 million Euros, but even a 1 million Euro fine would be a lot of money for the typical professional on a corporate board.

To make and operate a limited liability company you typically need lawyers to do a lot of things, board members typically concern themselves with how much money they could be liable for if the company is run negligently (as well as breaking what laws could land them in prison), and then typically seek advice, typically starting with lawyers, to be confident that won't happen. For, nothing obliges anyone to sit on the board of a corporation, so if you thought it was all reckless improvisation you can just resign and your legal problems are solved if you haven't caused any damages yet.

The rational reason to join the board of a corporation dealing with sensitive information and not have the slightest concern that even step 1 of information security has been carried out, that no information expert of any kind has been involved in designing and implementing information systems and their supervision, would be to commit crimes with this non-compliant information system.

The other explanation available would be being irrational and taking on massive liabilities without knowing the first thing of how a corporation should be managed, not seeking to know from anyone who does know, and just flying by the seat of your pants in taking responsibility for processes as sensitive and critical and prone to litigation as child welfare and protection processes.

There is no legitimate and rational business process that would lead a corporate board to implement information systems for sensitive information in a way that clearly and obviously violates the law in literally step 1 of their implementation (non-transparent ownership and ownership by an individual of the domain used to process children's information, and zero email security on the domain that is officially owned allowing impersonation) and compromises people's private information and put children's lives in danger of these information vulnerabilities being exploitable to impersonate Finnish child welfare and protection to fraudulently gain custody of children anywhere in the world.

You might say that "well, me and my friends would definitely be that reckless and stupid if we ran a corporation" but that begs the question of are you and your friends running a corporation right now, not to mention a corporation that houses vulnerable children?

More relevantly to the matter at hand, even if someone was genuinely unconcerned with liability of any kind and would go through similar events with zero sense of possibly being held accountable for one's actions, that is not a good defence for others breaking the law in such situations.

Standing up in court and saying "Well, Jimbo over there doesn't give a shit about the law, would break exactly the same laws I did without a second thought, he's just that much of a fucking madlad, and never in a million years would it even cross his mind that the law even exists, much less could even potentially lead to some sort of accountability for the consequences of his own actions; therefore, gentlemen, ladies, as Jimbo has no sense of responsibility and genuinely feels he could never be held accountable for his actions in a similar situation, no matter how reckless and damaging they are, I too should not be held accountable. I rest my case." I guess has some sort of logic to it, could persuade some people (definitely some members of our little philosophic community), but mileage may vary.

Quoting boethius

Let's just start with the EU as qualifying as "international".

The world is a lot bigger than that, the EU is a small part of it.

Quoting boethius

Can you start by naming just one massive limited liability corporation that has no board of directors?

Maybe not an EU corporation but as you said, this is supposedly, according to your reference of the US and children being taken into Finland from somewhere else. affecting the whole world.

The world's largest privately owned company, Cargill, does not have a board of directors in the traditional sense. While Cargill is a massive, privately held company with global operations, its ownership structure does not include a board of directors. Instead, the company is owned by the Cargill and MacMillan families. The families' control is exerted through a combination of direct ownership and other governance structures, rather than a formal board.

Private Ownership:
Cargill is a privately held company, meaning it is not publicly traded on a stock exchange. This means the owners (the Cargill and MacMillan families) have more direct control over the company's operations.
No Formal Board:
Unlike publicly traded companies, private companies are not legally required to have a board of directors. Cargill, despite its vast size and global reach, has opted not to have a formal board of directors.
Family Control:
The Cargill and MacMillan families maintain their control over the company through various means, such as direct ownership stakes and other governance mechanisms that are not publicly disclosed.

Quoting boethius

Again can you name one oversees company of whatever form (limited liability, partnership, single proprietor) that are "not liable to nor answer to anyone"?

Maybe you could look into the Vatican, they rarely answer to anyone.

Quoting boethius

Compromising someone's data, violating the law that is the GDPR and a bunch of other laws, is by definition harmful and causes suffering (one must worry how one's data maybe abused).

Wow, bit of a comedown from:

Quoting boethius

This domain registration allows for moving the child data (ID, medical history, personal history, photos including child pornography that maybe part of child abuse cases) to the US, so outside of stricter scrutiny by data providers of EU citizen data (scrutiny that may catch crime), but individuals have more privacy rights than corporations anyways and so this is further avoidance of GDPR scrutiny.

The crimes that can be committed with this setup against children are numerous. The theft of child information allows for crimes against those children of targeted grooming, abduction (and then passing various checks at borders), selling explicit images that maybe apart of court cases, and various forms of fraud against the children information theft allows.

So you can talk to one "representative" of a child welfare company in Finland, validated by official email from the official domain, and then talk to another "representative" of another child welfare organization that will physically "home the child", again validated by official email from the official domain.

This whole thing is tailor made to traffic children and traffic in child information.

So I ask again, is there any evidence of any of these crimes being commited through the methods you are explaining.

Quoting boethius

To save time for anyone interested

Nope, all I want to know is, does any evidence exist that what you have spent so much time writing about is actually doing any harm so that I can ask my next question.

Quoting Sir2u

The world is a lot bigger than that, the EU is a small part of it.

Ok, well keep looking in the rest of the the big ol' world for a place where limited liability corporations don't have a board of directors.

Quoting Sir2u

Maybe not an EU corporation but as you said, this is supposedly, according to your reference of the US and children being taken into Finland from somewhere else. affecting the whole world.

Yeah I guess keep looking outside the EU if there's even one example of your claim.

Quoting Sir2u

Maybe you could look into the Vatican, they rarely answer to anyone.

The Vatican is not a limited liability corporation.

Quoting Sir2u

Wow, bit of a comedown from:

There's no comedown. Compromising people's data is itself harmful. If you disagree send me your ID, medical information, anything other data you'd consider private.

This harmful act of compromising child data in combination with zero security implemented allowing anyone to misrepresent these corporations anywhere in the world, even more harmful things can be done.

Since anyone could misrepresent this fraudulent corporation anywhere in the world, the only way to find that maybe to diffuse notice of this information vulnerability.

Quoting Sir2u

So I ask again, is there any evidence of any of these crimes being commited through the methods you are explaining.

There's evidence of other crimes involving (beyond the reckless GDPR breaches) these corporations are involved in Finland, as I've mentioned several times. It's not public information yet.

Now, as I've stated many times, the only way to see if this insecure system has been used for abductions elsewhere in the world is through getting the notice out.

Some bodies have been responsive to my notice and are investigating right now, which would usually indicate they found something preliminary, but I don't have more details and it is extremely normal that I would not be kept appraised of any investigation details (as I'm a private person).

All I can do (vis-a-vis child abductions and trafficking in other countries) is create a notice that a child welfare corporation (actually 2 of them) can easily be impersonated in a data setup ideal for child trafficking, and describe what this vulnerability allows.

I've been pretty clear with this message: DATA breaches are themselves harmful, there's other evidence of wrongdoing in Finland that is private information currently, and this completely unsecured and non-compliant setup can be used for a long list of crimes.

I have no issue providing a lot of analysis of these basic points because it's possible such analysis encourages someone to send the notice themselves in their own country, leading to records being checked and potentially child trafficking being frustrated.

For example, it may matter to someone that incompetence is really not a good explanation for why a non-compliant system would be setup in the first place, by an entire corporate group of child welfare corporations. If you're not familiar with how corporations work, what the laws are, how liability works, if limited liability corporations even have any management, etc. then it maybe difficult to evaluate.

Reply to Sir2u

To save you, perhaps others, a bit of time, you're confusing liability with actually being held accountable.

Liability is simply the potential to be held accountable and where. So discussions of liability are about what you could possibly be sued, fined or imprisoned for, and where exactly that can occur.

So where you will find no-liability is with sovereign immunity and its various extensions. For example that Trump cannot be sued for "official acts", or congress and parliament members can't be sued for the laws they pass, ambassadors running people over, are all manifestations of sovereign immunity.

But even so, there's then a confusing international legal system where people and states can nevertheless be held liable for acts they had sovereign immunity for within their own territory.

Who always has liability are regular people for what they do as well as regular corporations and their management, aka. board members (maybe somewhere there's special "sovereign" corporations that are not liable).

Now, even after the question of liability is perfectly clear, that doesn't mean accountability exists in practice.

As you note, corporations get away with a lot of shit all the time; however, the explanation for that is corruption of regulators and the legal system that's supposed to hold them to account, and not that they have no liability to begin with.

And even so, with corporations there's often some sort of process, a lawsuit does get heard after many years of legal wrangling but they manage to win by some subterfuge, or then they get some tiny inconsequential fine that's categorized as "the cost of doing business".

Someone who'e not liable at all for an action means there is no legal process of any kind that ever even begins. For example, in a liberal democracy you simply cannot sue parliamentarians for voting in a way you disagree with; members of parliament have zero liability for their votes on legislation.

Quoting boethius

Liability is simply the potential to be held accountable and where. So discussions of liability are about what you could possibly be sued, fined or imprisoned for, and where exactly that can occur.

And how many perfectly legal companies are involved in child trafficking? Or, are there illegal groups acting as legal companies to commit crimes?

Quoting Sir2u

And how many perfectly legal companies are involved in child trafficking?

Yes, child trafficking is illegal.

Quoting Sir2u

Or, are there illegal groups acting as legal companies to commit crimes?

In this case the companies described in the OP are breaking the law, violating the GDPR, having zero email security on their official domain and then sending all their information to an anonymously owned parallel domain in the US.

So, they are legal structures, the companies themselves, but the companies and at least some people involved are doing illegal things. In the same way that you are legally a person, perhaps even a legal citizen of a country, but can go onto commit crimes nevertheless.

If you're in the US, the laws being violated are equivalent to HIPAA.

It would not be too strange to find an individual practitioner who doesn't know what they are doing, doesn't realize their alternative magnet based therapy falls under HIPAA if they request people's medical info to optimize the magnetic chakra pulses (i.e. just because you are practicing alternative medicine does not mean you can practice alternative laws), but if you found a whole group of corporations employing trained experts that weren't HIPAA compliant in super obvious ways, that's simply not credible to entertain as a incompetent accident. So I have no hesitation to make the accusation that the reason this corporate group setup their informations systems in a non-compliant way ideal for trafficking children, is because they are trafficking children.

Now, there is an investigation by one data controller involved, so we will presumably know more at some point.

Just to update on this issue.

One of the data controllers actually doing their obligations under the GDPR is the Finnish Ministry for Social Affairs and Health, as they ultimately "own" government health and welfare data that would be sent to the data breach (i.e. into the possession of anonymous individuals in the US).

The ministry notified the Data Ombudsman within 72 hours as the law demands and continue their own "process", which hopefully is also what the law demands (further investigation into the breach by the data controller once notified, and then notifying victims of the data breach if there is risk to harm to their rights and freedoms). Which is what makes the GDPR such a potent law that it obliges reacting to risk and not proof of harm.

Under the GDPR, I can't leak your ID either intentionally or due to some security vulnerability and then sit back and claim no one's proven any harm has actually been done yet, and even if that is proven then no one's proven it was due to this particular data breach, and not some other breach or simple carelessness on the victims part.

The judges not reacting to such an obvious data breach that so obviously puts children's lives in danger (just allowing the child welfare corporations to be spoofed due to zero email security is incredibly dangerous), was already obvious corruption and judge participation in organized crime and child trafficking, but now it's even more obvious due to other government organs reacting the data breach.

Which pretty clearly establishes the corruption of the judges.

Well, its a good thing you’ve brought this to this forum. Once its in the hands of an obscure philosophy forum there is no end to the help such a highly influential internet place will provide.

Quoting DingoJones

Well, its a good thing you’ve brought this to this forum. Once its in the hands of an obscure philosophy forum there is no end to the help such a highly influential internet place will provide.

This is public information, anyone can report it in any police reporting or child trafficking reporting system of their country; can usually be done easily and also anonymously. If this scheme perfect for trafficking children has been used to traffic children that may only be find-out-able by spreading the notice as far as possible until someone gets the notice and happens to be like "ah yeah I remember these guys and this Finnish company moving children around".

And if more then one notice of the same thing arrives, that just usually encourages more thorough checking of records and asking around, so there's no disadvantage.

We also don't really know all the personal details of even the members of the forum, much less any lurkers out there, maybe there are readers in law enforcement (that isn't corrupt) or anti-trafficking networks that can take more specific actions.

My basic philosophical view here, which seems disturbingly necessary to elaborate, is that we have a universal duty to protect children. We must do our best to protect children wherever and whoever they are. Most of the time we can't do much about the situation of children far away (except engage in very long and cumbersome institutional processes starting with voting and local political engagement).

However, in this case, the fact that a whole group of Finnish child welfare corporations have optimized their data processing to both steal information and allow for traceless impersonation of their corporate identity, is a situation in which simply spreading that information can help protect children far away.

For those who believe in a duty to protect children, it is very little time to make a report in whatever country you are in, and that may result in someone checking and finding something. It also can not possibly be a false alarm as this incarnation of a scheme is useful to anyone needing to deal with anti-fraud related to child trafficking to know about and so the justification for and execution steps for more thorough checking.

I reported this immediately to all the authorities here in Finland over 2 weeks ago, and there's now a Health Ministry investigation into these data breaches, but what has not happened is anyone phone me to explain how this is not as alarming as it seems to be; if they did I would repeat such reassurances here.

Quoting boethius

causes suffering in itself

What suffering?

Reply to boethius Given your bend-over-backwards defense of Russia, it's hard to take your child welfare concerns seriously.
https://www.theguardian.com/world/2025/jun/27/russia-ukrainian-children-abduction-war-crime

Quoting AmadeusD

What suffering?

Invasion of privacy in itself causes suffering under Western jurisprudence and I would also argue just as a fact regardless of what our legal system says about it.

Which is why invasion of privacy is a crime. Of course, the suffering is once the victim knows about it.

Quoting RogueAI

?boethius Given your bend-over-backwards defense of Russia, it's hard to take your child welfare concerns seriously.

My pointing out that Ukraine cannot win, in any practical analysis, a one-on-one war with Russia is not "bending over backwards" to defend Russia.

Therefore Ukraine should use it's leverage of being able to continue fighting and impose a cost on Russia, even if the cost to itself is greater, to seek a diplomatic resolution, and so formulate a realistic diplomatic position.

Had such analysis (that I provided in the first weeks of the war, and many others before the war) been heeded, Ukraine would very likely be in a far better condition than it is now, far more children would still have their fathers and not be vulnerable to trafficking in Ukraine or Russia (organized crime is definitely a problem in Russia as it is in Ukraine), and also those fathers and other civilians would not themselves be dead or seriously wounded, in addition to the generalized trauma.

My advocacy of some rational plan for Ukraine is not "bending over backwards to defend Russia".

Furthermore, I made it super clear that my criticism was not even so much directed at Ukraine (though definitely Zelensky is an idiot, he is not the only Ukrainian "decider"), but at the Western policy.

My problem with the Western policy was that it was flooding in cash to Ukraine (with zero supervision) which is a de facto bribe to the Ukrainian elite to do what the West wants, while drip feeding weapons to Ukraine precisely to ensure it could not even hope to win, to pursue a policy made explicitly clear that the goal was to "fight the Russians to the last Ukrainian"; or as the Rand paper, discussed at length, put it to "calibrate" a conflict with Russia to impose costs on Russia for it's anti-US activities while not risking escalation into a direct or nuclear conflict that would be harmful also to the US.

I proposed two alternative policies:

1. Instead of sending money and drip feeding weapons systems on condition of not negotiating with Russia, using Western military and economic leverage to back Ukraine in negotiating the best deal possible for Ukraine.

2. If the UN charter and "rules based system" is really the categorical imperative and Ukrainian rights need to upheld whatever the cost, then what follows from that logic is sending troops into Ukraine to stand by our Ukrainian pseudo ally; as that's what friends do, the stand by each other.

I even explained at some length how option 2, of a direct confrontation, would be less risky in terms of nuclear escalation than the drip feed option; of course has to be managed with care and a reasonable offer on the table at all times to make clear the use of force is to motivate a swift diplomatic option.

The reason these options were never considered by the West, and plenty of Western politicians and analysts and talking heads happy and exuberant to explain why, is that it would have resulted in good things for Russia too. All roads that limit, or avoid entirely, multiple years of war would inevitably result in the new "security architecture" that Russia was asking for, and that was a no-no for Western policy.

However, the only pathway to damage Russia rather than seek a resolution inevitably results also into far more damage to Ukraine. Western leaders were super clear at each step that this is what they wanted.

Remember the logic of "this is between Russia and Ukraine, the West can't negotiate with Russia about it" packaged as a weird "we respect Ukraine so much that we won't help find a peace settlement, certainly won't use any of our economic leverage to help Ukraine out in such a process"?

Well what's the US doing right now with Russia?

Zelensky in Alaska?

Quoting boethius

Invasion of privacy in itself causes suffering under Western jurisprudence and I would also argue just as a fact regardless of what our legal system says about it.

Which is why invasion of privacy is a crime. Of course, the suffering is once the victim knows about it.

I've asked what suffering. You've not answered.

You receive information from my personal email account (clandestine, we assume). What have I suffered ? I shall short-cut this.

I haven't. Something more is required. Most Western Law even requires harm or damage to be established before a conviction or punishment will be metered out.

Quoting AmadeusD

I haven't

Ok, then send me your ID and complete medical information if it's nothing to you that I have it.

Just DM me all that, as well as any other information on hand you consider personal, and we can continue from there whether the same would cause suffering to other people.

Reply to boethius You could answer the question, please good sir, instead of prevaricating.

In the scenario i just gave you, what have i suffered, without something more? It's nothing, isn't it?

Quoting AmadeusD

It's nothing, isn't it?

If it's nothing, then there should be no hesitation to demonstrate it's nothing.

For example, it's nothing to me to write the word "fabricateous", and I can demonstrate it is nothing to me right now by doing so:

fabricateous

So there you have it, my position matched by my deeds.

If it's nothing to you to send me all your personal data, then do so to demonstrate it is indeed nothing to you.

Reply to boethius In the scenario I gave you, what suffering have I endured?

Quoting AmadeusD

?boethius In the scenario I gave you, what suffering have I endured?

I'm not you. You say it's nothing to you that I have all your personal information.

Do it then.

That would demonstrate your point, which may indeed be true for you, that you really don't mind.

If you don't demonstrate it though, match your words with your actions, then you're lying to me, and it's important to make that clear.

Reply to boethius You made a claim. I've challenged it. You are not answering hte challenge. So be it.

Further, I didn't say that. You claimed it about me. I asked a specific question you are refusing to answer.

Quoting AmadeusD

You made a claim. I've challenged it. You are not answering hte challenge. So be it.

You clearly state:

Quoting AmadeusD

In the scenario i just gave you, what have i suffered, without something more? It's nothing, isn't it?

Stating it is nothing for one to possess another's personal information, without something more.

If it's nothing, then you'd not hesitate to do so. It's nothing, therefore there's no obstacle, you should easily be able demonstrate something is nothing to you by simply doing it.

Obviously it isn't nothing to you, and is why you don't do it, because you're a liar.

As for your question, I had already answered it and it's just tedious to answer it again, even more tedious to answer to someone pretending to know something about the law, so incredibly ignorant as to state:

Quoting AmadeusD

I haven't. Something more is required. Most Western Law even requires harm or damage to be established before a conviction or punishment will be metered out.

Something more is not required in terms of compromising someone's privacy (personal data in this case), as I've already stated:

Quoting boethius

Compromising someone's data, violating the law that is the GDPR and a bunch of other laws, is by definition harmful and causes suffering (one must worry how one's data maybe abused).

The reason invasion of privacy is a crime is because it causes suffering even if there is no "physical harm". If I secretly watch you undress while you believe you are in a private space and not being watched, that is a crime even though I haven't done "something more" to cause you physical pain or cause you to lose property.

Why is invasion of privacy a crime? Because there is a feeling of violation when your personal space is not respected.

And maybe reflect on your own critical thinking skills as you obviously know invasion of privacy is a crime and yet there is 'nothing more'; the suffering is a purely psychological response to having been watched when you thought you had privacy. If I watched you undress without your knowledge while you expected privacy, but that happens to turn you on then you have actually benefited and not suffered, but it being "nothing to you" and actually a benefit is completely irrelevant to it still being illegal. Most people suffer from it and that is the reason it is a crime.

In the case of data, it is also an invasion of privacy; people have a reasonable expectation that their medical information, and ID, and court documents and so on, are kept private. There is the same feeling of violation if someone gains access to them who shouldn't.

In addition to the basic privacy violation in the case of child protection data there is the further suffering of all involved (children and guardians) of needing to worry about whether the data being compromised can be used for further harms (as I already explained).

The logic that invading someone's privacy is not harmful because "nothing's been done with it yet" is definitely the logic of a sociopath, and the reason cluster-B folks tend not to respect boundaries as they don't see the harm in it. FYI.

Lying is also a cluster-B personality trait.

I'm not a doctor, but I can definitely diagnose you with stupid.

Reply to boethius I see you continue to refuse to answer the simple question posed. OK then. That is a shame.

You made the claim. Stop answering with questions, and answer the one posed to you. Nothing in your responses gives me any reason to think you have an answer to this.

What have i suffered? This requires an actual answer, not continuous prevarication. My claim is it is nothing. I cannot prove a negative. You must convince me that you receiving information out of my personal email account results, prima facie, in my suffering.

A: You receive some clandestine information about me.
B: Nothing else has happened, as I gave this scenario and I am telling you this.
C: Where's the suffering ??

You do not have an answer it seems. Have a go! Your answer is restricted to responding to this scenario. If you move beyond this scenario, you are not answering the question/challenge.

You state, without qualification that C should be my suffering. Where is it?

Quoting AmadeusD

?boethius I see you continue to refuse to answer the simple question posed. OK then. That is a shame.

I've answered it multiple times. It's a shame you can't read simple sentences and also don't know anything about the law despite pretending to.

Compromising someone's personal data is a violation of their right to privacy and causes suffering in Western jurisprudence; the reason it is illegal to drill a hole through the wall of the women's locker room and spy on them, which you obviously know is illegal and yet does not meet your condition of "something more" in terms of causing some physical harm or damaging property (of the women being spied on; drilling a random hole a separate matter).

It's illegal because it causes suffering to invade people's privacy.

Personal data, in particular medical data and so on, is also private and compromising someone's privacy causes the same kind of suffering as in the example above.

Why it's illegal to hack into someone's email even if you "don't do anything with it". Of course, compromising people's privacy enables further harms, but the compromising of the privacy is also harmful in itself (and why it's illegal).

I've explained that multiple times, when this erroneous idea was first brought up and then multiple times after that.

Quoting AmadeusD

What have i suffered? This requires an actual answer, not continuous prevarication. My claim is it is nothing. I cannot prove a negative. You must convince me that you receiving information out of my personal email account results, prima facie, in my suffering.

Again, if you're talking about yourself, maybe you suffer nothing because you don't care about your own privacy. However, to spy on you and invade your privacy (your private physical space or hack into your data) is still illegal and you can press charges whether you've actually suffered from it or not. The reason it is illegal despite you claiming not to suffer, or then claiming not to understand how you've suffered, if because nearly everyone else suffers when their privacy is invaded.

It's honestly concerning that you seem to not understand that people value their privacy and if it is compromised by accident, negligence or intentionally they suffer from that. The suffering can be quite intense as they may develop a long lasting trauma response to such events.

Quoting AmadeusD

A: You receive some clandestine information about me.
B: Nothing else has happened, as I gave this scenario and I am telling you this.
C: Where's the suffering ??

You may not suffer if you don't care about your privacy, but this would cause suffering to most people knowing that I have their private personal information when I shouldn't.

As I've stated already multiple times, the suffering also requires becoming aware of the invasion of privacy.

Quoting AmadeusD

You do not have an answer it seems. Have a go! Your answer is restricted to responding to this scenario. If you move beyond this scenario, you are not answering the question/challenge.

This is like the fifth or sixth time I've answered why invasion of privacy (in digital form or another) causes most people suffering and that suffering is why it is illegal.

And you obviously understand that you'd suffer if I had all your personal data even if I did nothing with it, just knowing that I know private things about you that I shouldn't know would cause you some suffering as well as the suffering of needing to worry about what I may do with the information that may cause you further harm.

Because you understand that, it's obviously not "nothing" for me to have your personal information or then you'd just send it to me if it really was nothing to you as you say.

It's nothing to me to write down right here "fabricateous" and so I do so without hesitation.

fabricateous

I did it again, because it really is nothing to me to write down this word and I can demonstrate that easily and without hesitation.

The meaning of saying something is "nothing" for you to do means exactly that, it's nothing to you, there's no hesitation to do it.

For example, if I'm at a bar and someone asks if they can sit beside me, and I say "it's nothing to me if you sit there" then the implication is that they need not hesitate to sit there. If they proceed with their sitting plan and I interrupt them to say "woe, woe, woe, what are you doing, you can't sit there until you answer my questions ... that you haven't answered!!" then obviously it's not nothing to me that they sit there, but has conditions that are more than nothing.

The present situation is even worse, as not only do you demand I satisfy conditions for you to demonstrate it's "nothing" to you that I have all your personal information, but I satisfy your demands and still you don't demonstrate it's nothing to you by doing it.

Imagine after accusing this fellow bar goer of not answering my questions (let's say from a previous conversation) and of obviously he can't sit beside me at the bar until those questions are answered, all while claiming it's nothing to me if he sits there, and then the man does answer my questions and I still refuse to allow him to sit beside me.

Obviously I don't permit him to sit because I have issue with it, and it's not nothing to me. If it was nothing I'd make no conditions, answering questions or any other, as it's nothing to me, conditions would be something. My saying it's nothing to me and then obstructing the thing I say is nothing to me from happening, is called a bluff. It's obviously something to me but I don't want to admit it so resort to gaslighting and bullshit to avoid the thing in question from happening.

Quoting AmadeusD

will be metered out.

It is 'meted' not 'metered'.

Reminds me of how everyone online always uses 'hear hear'. I don't think I remember seeing that one written properly. :)

Quoting boethius

I've answered it multiple times. It's a shame you can't read simple sentences and also don't know anything about the law despite pretending to.

I see you immediately devolve into insults and ad hominems. Interesting.

I am telling you that you have said nothing that answers the question: What suffering am I undergoing in the scenario i gave you.

You haven't answered this. THe rest is not much my problem.

Quoting boethius

You may not suffer if you don't care about your privacy, but this would cause suffering to most people knowing that I have their private personal information when I shouldn't.

As I've stated already multiple times, the suffering also requires becoming aware of the invasion of privacy.

And now you seek to sneak in answers you refused to give previously. Gotcha.

Here's the 'something extra' i, multple times, noted was required. You now accept it. Great!

Quoting AmadeusD

I see you immediately devolve into insults and ad hominems. Interesting.

What's insulting is lying.

Obviously my having your personal data is not "nothing" to you, otherwise you would do it.

You lie about it (for honestly difficult to discern reasons) and insult me and everyone here, excepting those who also think it's fine to compromise children's private data.

Quoting AmadeusD

And now you seek to sneak in answers you refused to give previously. Gotcha.

This was already answered.

Quoting boethius

Is there any actual evidence that any children have suffered because of what you explained?
— Sir2u

First of all, compromising people's data is itself harmful, which then, in itself, causes the suffering of needing to worry about how one's data could be used for ill, once one is made aware of the data breach (as required under the GDPR). If you knew your ID and medical history was stolen that would cause suffering even if the data theft is never exploited to commit further crimes against you.

Then I answer the same question several more times.

There is zero sneaking about.

As for your claim that it is nothing to you if I have your personal information, if you were not lying about it then you would just send it to me.

If it was nothing to you, you'd have no hesitation to do it. You would need nothing answered at all, you would simply demonstrate that it is nothing to you by doing it.

And lying for what? To defend an entire group of child welfare corporations sending EU child information outside the EU and into the possession of some anonymous individual in the US?

You insult yourself by your own words and actions, my pointing it out is simply truth and accuracy.

Reply to boethius You have devolved into someone not worth exchanging with. That's a shame, as some months back you were consistently contributing well across multiple areas of the forum.

Take care of yourself.

Reply to AmadeusD

Also, pretending now you were simply asking a question, rather than claiming to know the law and will teach me is further annoying bad faith.

You make some bold claims:

Quoting AmadeusD

I've asked what suffering. You've not answered.

You receive information from my personal email account (clandestine, we assume). What have I suffered ? I shall short-cut this.

I haven't. Something more is required. Most Western Law even requires harm or damage to be established before a conviction or punishment will be metered out.

Which are not true, but if you happened to believe they were actually true and my having your data was nothing to you (which, fine, maybe you personally don't mind) you would not hesitate to demonstrate that by sending me your data.

But you don't, because it is something to you and you recognize that something is that you would suffer if I had all your personal data, therefore you avoid that happening.

Why lie about it, unclear. Why keep going on about my not answering your questions, and ad homonyms, and so on, also unclear.

What is clear is that you are clearly lying when you state it is nothing to you if I had all your personal data.

Quoting AmadeusD

?boethius You have devolved into someone not worth exchanging with. That's a shame, as some months back you were consistently contributing well across multiple areas of the forum.

Take care of yourself.

Who's not worth discussing with is someone who is bad faith: gaslighting, deflecting, wasting time, and so on, and the only appropriate response is to call out such bad faith and make clear it is not respectable.

You ask:

Quoting AmadeusD

What suffering?

Skipping over the part where I already explained that, but that's fine as I could just quote myself if I didn't want to write it again.

I then answer the question again, responding directly to your question:

Quoting boethius

Invasion of privacy in itself causes suffering under Western jurisprudence and I would also argue just as a fact regardless of what our legal system says about it.

Which is why invasion of privacy is a crime. Of course, the suffering is once the victim knows about it.

You then claim I am wrong:

Quoting AmadeusD

I've asked what suffering. You've not answered.

You receive information from my personal email account (clandestine, we assume). What have I suffered ? I shall short-cut this.

I haven't. Something more is required. Most Western Law even requires harm or damage to be established before a conviction or punishment will be metered out.

If you're claim was good faith (i.e. something you at least believed to be true) then you'd have no problem demonstrating exactly what you claim; that it would be nothing to you, cause zero suffering, if I had all your personal information ... ok so hand it over. That wouldn't resolve the issue of whether it is illegal or not to compromise people's data, but it would at least demonstrate you do at least believe it is not harmful to anyone including yourself.

Quoting boethius

Ok, then send me your ID and complete medical information if it's nothing to you that I have it.

Up until now, you've asked me your question, rejected my answer and provided your own.

We're debating, fine, great.

However, to keep in good faith, you must either demonstrate your claim that my having your information is nothing to you, or then retract your claim and recognize it's clearly not nothing to you.

Instead, you claim I haven't answered your question (which I've clearly done multiple times), then keep claiming I haven't answered your question.

As I explain above, if it was actually nothing to you then you wouldn't need me to answer your questions first, but even if that was someone a reasonable condition to make on something that is nothing to you, I clearly answered your question both before and after ... and yet you still do not send me all your personal data and also don't retract your claim.

The reason it's important to respond to bad faith with disrespect is that it is the only way to the truth of the matter, that you are simply lying about what is and is not nothing to you, then pretending not to understand your own position and adding conditions (which are something) to it being nothing to you, and conditions which are not sufficient, as you still don't send me your data even after that condition is met.

It's also important to demonstrate that bad faith tactics are not "clever" but sub-optimal methods of discourse.

Reply to AmadeusD

Also because it's also annoying, an ad hominem requires both insulting someone's character, in one way or another, as well as using that to deflect from the substance of the issue.

If you deal with substance and also disrespect your interlocutor, that's not an ad hominem but rather simply answering the contentions and making it clear you don't respect the person as well: it's just two factual claims.

What you do is ad hominem:

Quoting AmadeusD

?boethius You could answer the question, please good sir, instead of prevaricating.

In the scenario i just gave you, what have i suffered, without something more? It's nothing, isn't it?

Instead of dealing with the substance of are you going to send me all your personal data to demonstrate it really is "nothing" to you, you accuse me of bad faith.

You attack my intentions, accuse me of prevaricating and so avoiding the substance of the issue, to avoid yourself dealing with the substance which is: obviously you're not going to send me all your personal information as obviously doing so would cause you psychological suffering (to one degree or another) in addition to putting you in danger of further harms (and so also the psychological suffering of needing to worry about that).

That is ad hominem.

Which then you simply double down on:

Quoting AmadeusD

?boethius You made a claim. I've challenged it. You are not answering hte challenge. So be it.

And then keep going, all while adding that you are existing the conversation due to my base character.

You're the one making the incredibly bold claim that it would be "nothing" to you not only that I had all your information but I stole it, of which the natural reply to such a bold claim is to ask for a demonstration.

If I suddenly made the bold claim that I could talk to anyone in the world telepathically, I'm pretty sure you and pretty much everyone here would immediately respond "well do it then! talk to us!", as that's the common sense response to such a bold claim.

You accuse me of what you're doing.

Every accusation is a confession with you types.

However, you're not alone in your devotion to the ad hominem cause, since while we're at it:

Quoting RogueAI

?boethius Given your bend-over-backwards defense of Russia, it's hard to take your child welfare concerns seriously.

Is also an ad hominem of attacking the messenger rather than dealing with the substance of the GDPR breaches and their relation to child trafficking. And what sort of argument is this?

That even if we assume the GDPR breaches described in the OP are real and serious, if I am not pro-Ukraine enough (by which we mean pro-Zelensky apart from the welfare of actual Ukrainians, naturally) then we just have to let these Finnish compromising of child welfare systems slide and accept children may have and may continue to be trafficked in relation to the GDPR breach described?

This whole conversation is profoundly disturbing.

Reply to boethius Please don't lie. What I said was this

Quoting AmadeusD

what have i suffered, without something more? It's nothing, isn't it?

and you've provided absolutely nothing to move that needle. You cannot name a single 'suffering' i endure by you receiving my personal information. You are getting extremely agitated by having to answer a simple question directly related to your contention.

Then then snuck in the something more (that I know about it) and assumed that would cause suffering. Deceitful, assumptive and wrong. You squirmed.

This is why you are not worth engaging with. You are being dishonest, uninteresting and avoiding the challenge entirely. These are facts.

Quoting AmadeusD

?boethius Please don't lie. What I said was this

I've literally cited you saying exactly:

Quoting AmadeusD

what have i suffered, without something more? It's nothing, isn't it?

The immediately preceding comment to yours has me citing you:

Quoting boethius

?boethius You made a claim. I've challenged it. You are not answering hte challenge. So be it.
— AmadeusD

And yet you accuse me of not citing your words and misrepresenting your position ... which is not even the argument you're making in going on to say:

Quoting AmadeusD

and you've provided absolutely nothing to move that needle. You cannot name a single 'suffering' i endure by you receiving my personal information. You are getting extremely agitated by having to answer a simple question directly related to your contention.

Which clearly recognizes I haven't misrepresented your position, you just claim my explaining (multiple times) that invasion of privacy is illegal hasn't answered your question. And why is it illegal? Because it causes suffering.

Again, for you personally maybe you are radically transparent and really wouldn't suffer by demonstrating it is "nothing" to you that I have your information by simply sending it to me. Now, while that would satisfy me it really is nothing to you personally, invasion of privacy would remain illegal due to the very act of invading someone's privacy causing suffering of a feeling of violation, lack of safety, and worry of further harms enabled by the invasion of privacy (once they find out about it of course; privacy invaders, cluster B folks, would of course say that the goal is the subject of their enquiry never finds out about it and therefore it is a victimless crime and they've done nothing wrong and shouldn't be held accountable even if their victim does find out, because it's someone else's fault that the victim found out and therefore that person caused the suffering).

Quoting AmadeusD

This is why you are not worth engaging with. You are being dishonest, uninteresting and avoiding the challenge entirely. These are facts.

This is like the fifth time you've made your stylish exit.

And once more, every accusation is a confession.

[hide="Reveal"]Quoting boethius

I've literally cited you saying exactly:

This is, again, either a lie, or you being so intensely dense you cannot read.

I literally did not say what you're claiming. I never, once, at any time, said "It is nothing to me that you have my personal information". Quote it if a did. Otherwise, you're continually being deceitful. I'm calling you on it. You are continually lying about what I've said, and adding details which assist you while ignoring that I never added them (when did I suggest that i personally
send you my info? I didn't. You made it up.

Quoting boethius

Which clearly recognizes I haven't misrepresented your position,

What? This is utterly senseless. This does absolutely nothing to salvage your clearly deceptive takes. There's a reason no one else is engaging. You haven't even tried to answer my question.[/hide]

What do I suffer when you receive my personal information??? Stop fing around, and answer this question.

You haven't. You haven't tried. You've said other, not relevant things. This isn't my problem. I am now giving you something like the sixth opportunity to tell me what I suffer in that scenario. You are yet to tell me. Go ahead... Tell me, what I will experience as a result of only those facts?? Don't add any. Don't make anything up. Just answer the fucking question.

Quoting AmadeusD

What do I suffer when you receive my personal information??? Stop fing around, and answer this question.

I'll be checking in every few days to just point out that I have obviously answered this question multiple time, and you have yet to demonstrate you are not lying when you say you would suffer nothing if I had all your information.

If you would suffer nothing, if it was "nothing" to you, as you claim, then you'd just do it to show that.

If I said it was nothing to me to do something, then I'd just do it to demonstrate that fact.

You don't send me your personal information to demonstrate you suffer nothing if I have all your personal information, because you are lying to me.

You also just completely ignore the obvious fact that invasion of privacy is a crime, vis-a-vis your actual claim that it's not only nothing that I have your personal information but nothing to you if I steal if from you and also the matter at hand in that the child welfare group of corporations described in the the OP are compromising children's information integrity illegally (in violation of the GDPR).

As the reason it's illegal, and why there are now 2 investigations into these events that I know of, is because invasions of privacy, or comprising privacy due to malice, error or neglect, causes severe suffering. If it didn't, there wouldn't be laws about it, and certainly not offences and crimes.

Also, for those wondering: illegal, violation, offences, crimes, wrongdoing, are all technical legal terms and jargon to refer to different kinds of laws and non-legal actions.

"Wrongdoing" is a catch all for reproachable actions, leaving it undefined what kind of wrongdoing we are talking about: contractual breach, violation, offence, crime, being the main legal categories.

Specifically, wrongdoing is legal jargon referring to something one is saying violates the law in someway (i.e. a judge will rule in your favour) and is also immoral. Non-legal things that one does not wish to imply are also immoral, the jargon of "non-compliance" or "deficiency" would be used instead. "Serious contractual deficiencies" would be typical language to describe that you aren't happy about what's been done or delivered under a contract but are not saying it was done intentionally.

However, in terms of what the government does in terms of law enforcement by itself, a violation is not a crime but may give rise to orders to do things differently and / or a fine, whereas an offence is a crime.

For example, in Finland to stay in the context of the OP, the Companies Act ends with a small list of offences and violations. The whole act is rules that are supposed to be followed, but if would be up to a wronged party to seek redress in civil litigation or arbitration with respect to those rules, but the government does care about a few things in terms of law enforcement: such as not changing or misrepresenting auditing reports for example, especially in the context of a merger, which is an offence as you may imagine. A violation (i.e. will be ordered to fix and / or fined over) would be things like negligent paperwork of one kind or another.

So, in any legal dispute or government action, these word choices are important and refer to different categories of potential consequences.

For our purposes here, compromising someone's information is wrongdoing; if important enough information then if it is intentional it is by definition criminal invasion of privacy, if it's unintentional then it could be anywhere on the spectrum of non-liable accident, non-compliance, violation, to criminal negligence.

@Benkei's an actual lawyer who could certainly explain things better if he wanted to.

However, one important difference between board member's and regular people is that board members are held to a higher standard. Although "ignorance of the law is no excuse" is an oft repeated adage, it is actually totally a good excuse if you could not reasonably have known about the law; however, board members of a corporation are required by law to either have or then seek out expertise they lack in making decisions, why it is not plausible for board members in an advanced Western economy such as Finland to just completely ignore questions of data integrity and liability, as there's a super long list of violations and offences that go along with being careless with people's critical information and "oh, I didn't know" is a legal defence explicitly denied to corporate board members.

This back and forth would benefit from outside adjudicators as to the claims leveled against one another rather than you two just slugging it out which is just ending up in the same claims being volleyed from one side to the other again and again.

I would agree @boethius that it is glaringly obvious you have answered the questions many times so find it bizarre it is claimed you haven't. Of course I could be accused of being biased, so it could do with some fresh impartial, as agreed to the both of you, eyes. :)

Quoting unimportant

This back and forth would benefit from outside adjudicators as to the claims leveled against one another rather than you two just slugging it out which is just ending up in the same claims being volleyed from one side to the other again and again.

This is often the case.

It would of course be nice to have philosophical arbiters that could "make a ruling", but that just begs the question of how these arbiters know what the truth is.

In this case, @AmadeusD goes in circles so as to tire me out, then he can have the last word. However, I don't really mind because I'm unemployed at the moment so have plenty of time. It's also my overarching philosophical project on the forum to develop methods to deal with bad faith discourse (as that is one of the major political ills we are dealing with today).

Quoting unimportant

I would agree boethius that it is glaringly obvious you have answered the questions many times so find it bizarre it is claimed you haven't.

It is indeed glaringly obvious. Resorting to just repeated denials to frustrate the other side is not unusual, but what I find bizarre in this case is that it is to defend the interests of child traffickers by arguing stealing child protection data is not harmful.

Reply to unimportant I appreciate you attempting something of hte kind. Unfortunately, they factually, objectively have not answered this. They have claimed I said something I didn't., and responded to that. Then hid the ball on another issue. I'll explain.

I have asked specifically, in the scenario I gave (with no further elements involved), what I suffer by him receiving my information. This hasn't been answered. What happened was boethius then did two things:

1. Lied and said I claimed it "was nothing" that they have my information. I clearly, objectively did not say this. To claim I did is a literal lie. This is, i'm afraid, not debatable. The words are there to be read, and i did not say the ones he claims i did. q.e.d.;

2. Snuck in the "and you know about it" element. This is, quite obviously, what I had been pushing toward as a flaw in his initial statement. It took about six exchanges, and him sneaking that factor in, as if it were present in the initial claim, to get us anywhere. So, I pulled him back to my initial scenario. Since then he's been extremely immature and unbecoming for a philosophy forum. q.e.d.

My question has not be answered, unless the claim is that I am supposed to do some boat-building and figure out some esoteric position from statements that clearly do not answer the question, despite my attempting to bring it back several times.

Answering my question qith a question, I also note, is absolutely ridiculous, given how easy it would have been to answer.

To be even fucking clearer here are some responses that would have made sense:

"You are psychologically harmed because you feel your privacy has been invaded"

Ok. And this required the element snuck in later in the exchange: I know about it.

Why don't you answer the question, directly, so boethius has an example of the same:

In a scenario (without you adding any further facts) where you have received my personal email information, what do I suffer?

Please do not:

Claim i've said something I haven't.
Answer with a question
Pretend you've already answered it.

Quoting boethius

If you would suffer nothing, if it was "nothing" to you, as you claim, then you'd just do it to show that.

You are lying, as I have clearly explained above. I don't need you to agree with me. The facts sit in this thread. I already conditioned out that I know about it - yet you continue to lie, lie, lie.

Reply to unimportant

Pretty obvious to me Boethius is the disingenuine (and likely mentally ill imo) one here. How could a question so simple be impossible to answer? Instead, evasive, obtuse and…of a weasel like nature.
So much for outside arbitration.

Quoting boethius

This was already answered.

Is there any actual evidence that any children have suffered because of what you explained?
— Sir2u

First of all, compromising people's data is itself harmful, which then, in itself, causes the suffering of needing to worry about how one's data could be used for ill, once one is made aware of the data breach (as required under the GDPR). If you knew your ID and medical history was stolen that would cause suffering even if the data theft is never exploited to commit further crimes against you. — boethius


Then I answer the same question several more times.

Yep, that was the non-answer I got.

Quoting DingoJones

Pretty obvious to me Boethius is the disingenuine (and likely mentally ill imo) one here. How could a question so simple be impossible to answer? Instead, evasive, obtuse and…of a weasel like nature.
So much for outside arbitration.

No there is no problem with an opinion that differs from mine, it is still good to have others weigh in on the situation.

Although I have found Boethius very entertaining, and previously informative, when they are posting, I too am veering to your own appraisal which I have come to think due to their very erratic posting habits. There will be a large flourish of frantic posting then radio silence for weeks.

This could be put down to having a life but the strange thing I noticed is that they are still active on the forum, as it shows their status as having been here only minutes ago when I have checked for any new entertaining posts from them but it just seems like they are lurking for large spaces of time yet still absorbing the forum content.

Quoting AmadeusD

?boethius You could answer the question, please good sir, instead of prevaricating.

In the scenario i just gave you, what have i suffered, without something more? It's nothing, isn't it?

Quoting AmadeusD

I have asked specifically, in the scenario I gave (with no further elements involved), what I suffer by him receiving my information. This hasn't been answered. What happened was boethius then did two things:

Again your claim is:

Quoting AmadeusD

I've asked what suffering. You've not answered.

You receive information from my personal email account (clandestine, we assume). What have I suffered ? I shall short-cut this.

I haven't. Something more is required. Most Western Law even requires harm or damage to be established before a conviction or punishment will be metered out.

Which is simply obviously not true, and you obviously know that if I clandestinely hacked all your personal information I would be committing a crime.

It's just dumb to need to deal again and again with your lies.

And you make it clear that my clandestinely stealing all your data does not make the definition of a crime: "Most Western Law even requires harm or damage to be established before a conviction or punishment will be metered out."

But you know my hacking your information right now would be a crime. It's a crime because it causes suffering. Why does it cause suffering? Because having someone's personal data causes them both distress as well as the potential for further harms.

Quoting AmadeusD

1. Lied and said I claimed it "was nothing" that they have my information. I clearly, objectively did not say this. To claim I did is a literal lie. This is, i'm afraid, not debatable. The words are there to be read, and i did not say the ones he claims i did. q.e.d.;

Those are your exact words:

Quoting AmadeusD

?boethius You could answer the question, please good sir, instead of prevaricating.

In the scenario i just gave you, what have i suffered, without something more? It's nothing, isn't it?

What's the scenario? That I steal your personal information.

It's just incredibly stupid.

Unfortunately for my contributions to philosophyforum, there are actual ongoing investigations in multiple countries that I am contributing regarding this data breach, so I have had to focus on those for the time being.

Quoting AmadeusD

2. Snuck in the "and you know about it" element. This is, quite obviously, what I had been pushing toward as a flaw in his initial statement. It took about six exchanges, and him sneaking that factor in, as if it were present in the initial claim, to get us anywhere. So, I pulled him back to my initial scenario. Since then he's been extremely immature and unbecoming for a philosophy forum. q.e.d.

This is not "snuck in" as I already answered that the actual experience of suffering requires knowing about the invasion of privacy, and it is a crime (that I clandestinely steal all your information) because it causes that suffering, of course the experience of the suffering requires becoming aware.

However, this is irrelevant with regard to your claim, as you make clear this does not meet the definition of a crime in "Most Western Law", but it does even without the actual suffering taken place.

For example, you invade the privacy of someone who is unconscious in a coma and get caught. The fact they are in a coma and not aware of your invasion of their privacy has no bearing on being charged and convicted of a crime. "They were in a coma your honour!" is not a defence.

The process of becoming aware of an invasion of privacy is not required for "conviction or punishment will be metered out," but the invasion of privacy itself.

And again, there's no "sneaking" anything, I made it clear that the experience of suffering starts when one is aware of the breach, but it is against the law to cause compromise people's data, invade their privacy, steal their ID and medical information etc. due to that causing suffering:

Quoting boethius

Is there any actual evidence that any children have suffered because of what you explained?
— Sir2u

First of all, compromising people's data is itself harmful, which then, in itself, causes the suffering of needing to worry about how one's data could be used for ill, once one is made aware of the data breach (as required under the GDPR). If you knew your ID and medical history was stolen that would cause suffering even if the data theft is never exploited to commit further crimes against you.

And it is quite usual for crimes to cause suffering in a delayed manner. For example, if I poisoned you with a carcinogen that will very likely cause you cancer and die in some years, we do not have to wait for that suffering to start for me to be held accountable for poisoning you.

Quoting Sir2u

Yep, that was the non-answer I got.

What you got, as seen above, is exactly the answer to the question.

The OP is about breaching a whole giant law called the GDRP, which stands for "General Data Protection Regulation, and participants here are unsure whether compromising someone's data is even a crime.

I really have no other interpretation for such obviously false statements than the motivation comes from people who regularly spy and invade the privacy of others and feel that's ok because they don't plan to get caught and so people won't know and won't suffer, so it's not a crime really when you think about it.

I have little time for this nonsense, considering as mentioned there's real investigations happening in multiple countries now since I reported this data breach, but I will try to find time to repeat the obvious if people insist on it.

Quoting unimportant

Although I have found Boethius very entertaining, and previously informative, when they are posting, I too am veering to your own appraisal which I have come to think due to their very erratic posting habits. There will be a large flourish of frantic posting then radio silence for weeks.

Zero obligation for anyone here to post anything at any time.

As mentioned in my post above, there's actual investigations concerning this data breach, now in multiple countries, so considering the data breach described in the OP enables child trafficking, and proper investigation of breach (how it was created, why, has it effectively been used to traffic children etc.) is a bit higher on my list of priorities than arguing about whether compromising people's private information is even a crime (which we all know it is), I have prioritized child safety over dealing with obvious lies.

There is no way anyone participating here does not understand that invasion of privacy, hacking, mishandling people's data, certainly children's data, is not a legal issue and if intentional a criminal issue.

If I have time to spare, I'll respond to people trying to waste my time, try to find some entertainment value in it as you suggest. However, if I really have better things to do (perhaps a piece of evidence in my possession could actually result in the interception of a child being trafficked as we speak; we don't know, hence the need to investigate), radio silence with respect to lies and intentionally stupid points such as invasion of privacy and hacking people's data is not even a crime, is entirely warranted.

Quoting DingoJones

Pretty obvious to me Boethius is the disingenuine (and likely mentally ill imo) one here. How could a question so simple be impossible to answer? Instead, evasive, obtuse and…of a weasel like nature.
So much for outside arbitration.

I've answered this question of why a data breach which is also an invasion of privacy in this case (just in data form) is against the law (crime if intentional, negligence if unintentional) multiple times.

It is easy to answer, why there's a law literally called the "General Data Protection Regulation" and also various laws dealing with privacy.

Invasion of privacy, compromising someone's data for example, is a crime because it causes suffering.

It causes suffering in and of itself due to the violation of the victims privacy. It also causes suffering in enabling further harm and therefore the victim needing to worry about that and also if that further harm is actually carried out.

This is super duper basic and obvious and everyone in this conversation knows that if they went and spied on naked showering women through a peep hole they would be committing a crime, if they hacked my personal data or anyone else's they'd be committing a crime, if they setup a data processing system intentionally to compromise people's data they would be committing a crime.

Because it is an obvious crime there is now multiple investigations in multiple countries concerning this data breach.

Once investigations actually started, then that has been a bigger focus of mine then arguing about whether invasion of privacy, compromising child medical and ID data, is even a crime.

So, vis-a-vis the OP, hopefully there will be some public clarification of the matter.

Of course, as with the discovery of any security vulnerability, it is not immediately clear if the security vulnerability has been exploited or not, hence the need to report and for the matter to be investigated.

The matter of the OP is particular complicated as the security vulnerability these corporations create can anyways be exploited by anyone in the world; so there is both the matter of whether the problem is created intentionally for the purposes of crime, but anyways the matter that anyone in the entire world can take advantage of the problem for criminal purposes. Fortunately, in both cases crime concerning data tends to leave plenty of evidence all around the world in various logs.

And to remind everyone, why I posted this information here is because due to the fact the data breach can be exploited by anyone in the entire world to commit crime in any country, that it's possible that some such crime could only be uncovered if reported to authorities in that country.

Most countries have an anonymous system to report crime tips, and in most countries it's a super simple matter of a search for these corporations and their domains in systems related to child protection and foster case etc. to see if there's been any communication with these domains which, since they are setup with zero security and anyone can spoof them, may warrant further verification.

It is a low investment in time for people to report this information, and it is a low investment in time for any honest investigator to do some basic checks. If only one country it turns out criminals did exploit this security vulnerability to impersonate Finnish child protection workers and traffic children, that would be worth it to uncover.

My purpose was not to discuss whether compromising someone's data, moreover children's data, is even a crime in "Western law". Obviously it is, and anyone pretending otherwise is lying to me and everyone here.

Therefore, coming here to point out the obvious: that what is described in the OP, invading people's privacy generally speaking or compromising their data integrity generally speaking, is against the law. Why? Because it causes suffering. As everyone here obviously knows.

On the issue of mental illness, the evidence of mental illness is definitely the people here who genuinely seem to believe they have a right to invade people's privacy as a matter of principle or then as long as they don't get caught, and also genuinely seem to believe I haven't answered this question like 12 times by now of why it's for sure a crime.

I would also like to point out, that due to the essentially the only response to this notice of a data breach being people trying to gaslight me and everyone that what I describe in the OP is not a problem as no "suffering" has been caused, I have lost significant respect for the entire forum. So, I am also less motivated to discuss with people I do not respect. Really, absolute bottom of my list of priorities, but, no worries, still there.

Quoting boethius

What you got, as seen above, is exactly the answer to the question.

sir2u:Is there any actual evidence that any children have suffered because of what you explained?

I did not ask about possible future or imaginary consequences, it says quite clearly in the question I asked "actual evidence" of suffering.

Quoting boethius

It is a low investment in time for people to report this information, and it is a low investment in time for any honest investigator to do some basic checks.

So you have done the checking, how many reports have you made and to whom have you done so? Being as there are so many possibilities to report this to so many different agencies and organizations I imagine that there has been a lot of work for you.
If you could post a list of the places that you have informed already, maybe some of us could repeat the information to them so that they would have to pay attention. Email addresses or whatever form of communication would be necessary for us to send to the same places.

Quoting Sir2u

So you have done the checking, how many reports have you made and to whom have you done so? Being as there are so many possibilities to report this to so many different agencies and organizations I imagine that there has been a lot of work for you.

Quoting Sir2u

I did not ask about possible future or imaginary consequences, it says quite clearly in the question I asked "actual evidence" of suffering.

You're question was:

Quoting Sir2u

Is there any actual evidence that any children have suffered because of what you explained?

To which I answered:

Quoting boethius

First of all, compromising people's data is itself harmful, which then, in itself, causes the suffering of needing to worry about how one's data could be used for ill, once one is made aware of the data breach (as required under the GDPR). If you knew your ID and medical history was stolen that would cause suffering even if the data theft is never exploited to commit further crimes against you.

Note "once one is made aware of the data breach" is quite clearly in my first answer on this question.

And then also explained:

So as I answered you the first time, yes, there is child suffering due in part to these data breaches.

Quoting boethius

Further crimes against children by the network involving the above company have also been committed; however, I can't as easily report on confidential information of ongoing investigations and / or court cases.

I have definitely for sure answered your question.

Quoting Sir2u

If you could post a list of the places that you have informed already, maybe some of us could repeat the information to them so that they would have to pay attention. Email addresses or whatever form of communication would be necessary for us to send to the same places.

There is zero harm if reports are made multiple times; if authorities see there's public concern for an issue the only real risk is they may do their jobs more properly than usual.

Therefore, there is no reason to list every place I've already reported to, and making such a list public could potentially help perpetrators. No one should worry that they reported something that has already been reported.

Anyone here who cares about children not-being-trafficked can easily report in their country; there's usually super easy anonymous tip lines to do so, and then you can rest easy that if someone has used this security vulnerability in your country to traffic children at least it's reported.

Quoting boethius

To which I answered:

First of all, compromising people's data is itself harmful, which then, in itself, causes the suffering of needing to worry about how one's data could be used for ill, once one is made aware of the data breach (as required under the GDPR). If you knew your ID and medical history was stolen that would cause suffering even if the data theft is never exploited to commit further crimes against you. — boethius

Breathing air in the street is harmful, but until you can show the damage done by it, there is no actual harm been done. The possibility is always there, like the trees killing people in parks these last few weeks, but until you can show that there is ACTUAL harm done by the things you explain in your theory nothing has happened.

Quoting boethius

Therefore, there is no reason to list every place I've already reported to, and making such a list public could potentially help perpetrators. No one should worry that they reported something that has already been reported.

Would it not be better if everyone in this forum made a report to the same people instead of us each sending a report to many different agencies in many different countries. Maybe they would listen if the got a couple of hundred reports about the same thing.

Quoting Sir2u

Breathing air in the street is harmful, but until you can show the damage done by it, there is no actual harm been done.

No ... it's harmful, as is your premise.

Proving it is harmful, how harmful it is exactly, who's causing the air to be harmful, what the law should do, if anything, about this harmful air, would be different questions.

In order to show the air does damage the air must be already harmful in order to be able to show that.

I assume, to introduce another premise, you're thinking of pollution that people are generally not aware is harmful and therefore no one is liable for the damages caused until someone "proves" it is harmful.

If so, that is not a correct understanding of the law anyways, but is not applicable to this case of privacy.

We know invasion of privacy is harmful, why it's illegal. The damages caused by the harm are psychological distress of feelings of violation and placing the victim at risk of further crime (which is more psychological harm as well as enabling those actual additional harms).

Although awareness of the invasion of privacy is required for that harm "to be felt", that is not a condition for the crime of invasion of privacy.

In the same way that if I punch you in the face while you're in a coma, "that you didn't feel it" would not be a defence for the crime of assault; likewise, if I poison you but you'll only die next year, there is no need for everyone to wait for next year for me to be charged with poisoning you: "Wait! Wait! I have a year before he dies! You've got the right man at the wrong time! I need to do my bucket list, poisoning a guy was only number 7, so I used a clever delay!" is not a legal defence for poisoning in order to delay charges and trials.

Quoting Sir2u

The possibility is always there, like the trees killing people in parks these last few weeks, but until you can show that there is ACTUAL harm done by the things you explain in your theory nothing has happened.

If you're now talking about the OP, breaching people's data integrity is in itself harmful. Putting people at unnecessary risk of harm is itself harmful, which is why reckless endangerment is a crime. If you shoot arrows into a crowd and happen not to hit anyone: no harm done, still a crime.

Compromising people's data recklessly is basically a form of reckless endangerment, but since the world of data is complicated there's whole laws dedicated to the issue. In the US the law concerned would be mainly HIPAA (as medical information is involved) whereas in Europe the GDPR is the general regulation that covers all personal data and there's even stricter requirements for both medical and child information, as well as other laws and regulations that may apply.

These particular data security vulnerabilities (enabling spoofing of a domain that puts people at risk if it is spoofed, shady data processing on parallel domains, and non-transparent ownership of domains) have already been ruled by European courts as "inappropriate security" (as is common sense), which is the catch all term for what you are not supposed to do under the GDPR while handling people's data.

Quoting boethius

Again your claim is:

I've asked what suffering. You've not answered.

You receive information from my personal email account (clandestine, we assume). What have I suffered ? I shall short-cut this.

I haven't. Something more is required. Most Western Law even requires harm or damage to be established before a conviction or punishment will be metered out.
— AmadeusD

Which is simply obviously not true, and you obviously know that if I clandestinely hacked all your personal information I would be committing a crime.

It is though. You need to either answer the question, or stop pretending to have a point.

If you receive the information, and i don't know (you entered this later) what have a i suffered? Nothing. I don't even know it happened. You seem to think magic is occurring here.

This conversation is now over unless you can overturn that conclusion.