pageok
pageok
pageok
Is the Palin E-Mail Hack Indictment Legally Flawed?:
Here's the indictment. And here's the potential problem with the indictment. In order to charge the case as a felony rather than a misdemeanor, the government needed to claim that the intrusion was committed to further criminal or tortious activity. The statute, 18 U.S.C. 1030, states that the intrusion is a felony if the intrusion "was committed in furtherance of any criminal or tortious act in violation of the Constitution or laws of the United States or of any State."

  Oddly, though, the indictment doesn't exactly state what the crime or tort is that the intrusion was designed to further. It just states that the intrusion was "in furtherance of the commission of a criminal act in violation of the laws of the United States, including 18 U.S.C. Section 2701 and 18 U.S.C. Section lO30(a)(2)" But Section 2701 and Section 1030 are the intrusion statutes themselves! It makes no sense to allow a felony enhancement for a crime committed in furtherance of the crime itself; presumably the enhancement is only for intrusions committed in furtherance of some other crime. Otherwise the felony enhancement is meaningless, as every misdemeanor becomes a felony.

  I'm not sure if the indictment is facially defective based on that. It might be, because it effectively doesn't say what crime the government is charging (in that the the government must show the unauthorized access and also the crime that the access is in furtherance of -- if you're the defendant, how to you defend yourself against an unnamed crime?). But if the government is trying to make this a felony on the theory that the intrusion was designed to further the crime of the intrusion, that strikes me as an extremely weak argument.
Paul Ohm (mail) (www):
Here's what I just sent to the cyberprof mailing list, echoing some of what you've said here, Orin:

As many have expected, the government charged the felony version of the "obtains information from any protected computer" "without authorization" crime (1030(a)(2)(C)). In order to get the bump from misdemeanor to felony, the government must establish that Kernell committed the crime "in furtherance of any criminal or tortious act" (1030(c)(2)(B)(ii)). Strangely, the rather terse indictment seems to suggest that the "in furtherance" crime included 1030(a)(2)! Is the government planning to argue that Kernell intended to obtain information from any protected computer in further of obtaining information from _another_ protected computer? What other computer? Surely, the government doesn't mean Kernell deserves the felony because he obtained information from Palin's account in furtherance of obtaining information from Palin's account! Then, every (a)(2)(C) would be chargeable as a felony!

They also point to 2701—ECPA's obtaining electronic communications while in electronic storage misdemeanor—as the predicate crime for the enhancement. Oddly, the government didn't charge the substantive violation of 2701 itself. Surely, the government wasn't convinced by EFF's silly argument about 2701 and Theofel, was it?

At any rate, the feds also charged section 2 aiding and abetting. Aiding and abetting whom? And they didn't charge 1030(b) for attempt.

Strange, strange, strange indictment.
10.8.2008 2:02pm
J. Aldridge:
Violating Yahoo's TOS maybe?
Recently Lori Drew was charged with violating the Computer Fraud and Abuse Act for signing up for a MySpace account under a fake name. While the larger circumstances were quite shocking (and have been covered enough I don’t think I need to go into them), she was charged for nothing more than pretending to be someone else on the Internet. The indictment calls this a felony, under title 130 section (a) (2) (c) of the US Code, which criminalizes anyone who “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer if the conduct involved an interstate or foreign communication.” The access to MySpace was unauthorized because using a fake name violated the terms of service. The information from a “protected computer” was the profiles of other MySpace users. Read more...


Also, he could be charged with a class A under Tenn. law.
10.8.2008 2:07pm
PhanThom:
It does seem like something like the merger doctrine should apply.

--PtM
10.8.2008 2:08pm
JB:
Did they go on to steal her credit card password or something?

Or did the prosecutors forget to leave out the part where they were trying to commit some sort of political blackmail/interfere with an investigation/somesuch?

Occam's razor suggests this is part of the generalized inflation of criminal charges for purposes of intimidation/plea-bargaining (more of the former in this case).
10.8.2008 2:13pm
one of many:
I'm not as certain as you are that the 1030 claim is just to get the felony bump. 18USC1030 seems to be the only statute which covers posting passwords, what else could you charge someone with who posts passwords?
10.8.2008 2:15pm
Connecticut Lawyer (mail):
In this case, the indictment alone is probably sufficient punishment. It'll cost the young man's family at least $50-$100,000 in legal fees to get the case dismissed, if indeed the judge is inclined to accept that argument before trial - plus there's always the risk of losing and going to jail. In the end, he'll plead out to a misdemeanor. Justice served.
10.8.2008 2:20pm
One more Matt:
I think Paragraph 6 answers this. He posted the new password so that others could repeat the intrusion. So the intrusion was done in furhterance of subsequent intrusions by other people, hence the apparently circular reference to the same crime.
10.8.2008 2:23pm
runape (mail):
"18USC1030 seems to be the only statute which covers posting passwords, what else could you charge someone with who posts passwords?"

Surely it's tortious, if nothing else. Invasion of privacy - some exotic form of trespass - or something. It's the equivalent of stealing the key to someone's home and leaving it in a public place with a note identifying the corresponding address.

The problem Orin is pointing out is not the lack of plausible theories, but that the government appears not to have identified any of them.
10.8.2008 2:27pm
BruceM (mail) (www):
They need to bring this case in the 5th Circuit, which would have no problem affirming a conviction based on a felony enhancement for a crime committed in furtherance of the crime itself.
10.8.2008 2:39pm
Shertaugh:
Orin:

We both know that the indictment's defect (I agree) is, in the scheme of the case, a minor blip. The grand jury can reindict and return a proper indictment alleging that the defendant hacked for the purpose of invading Palin's right of privacy under Alaska civil law.

Pyrrhic victory for the defense if a motion to dismiss is filed and granted . . . unless no re-indictment follows.
10.8.2008 2:39pm
Guest12345:
What about the copyright violation? Didn't the little putz break in for the express purpose of duplicating and distributing the contents of her email? Which one would assume she owns the copyright(s) on? By posting her pictures, etc. he performed a copyright violation. Perhaps that doesn't apply?
10.8.2008 2:44pm
A.W. (mail):
Orin

> It makes no sense to allow a felony enhancement for a crime committed in furtherance of the crime itself;

I think you are being maybe a little inartful here. after all, if a person shot someone in the furtherance of the crime of bank robbery, I don’t think you would object to using the shooting to enhance the robbery offense or vice versa.

I think what you are trying to get at is that the crime committed in furtherance should have some separation. Like if a state punished both breaking and breaking and entering, then breaking should not be an enhancement for breaking and entering.
10.8.2008 2:48pm
Nick42 (mail):
IANAL, but I am involved in computer security and have a layman's interest in the law (thanks for the quote J. Aldridge).

I understand that 2701 (Stored Communications Act), is similar to 1030 (CFAA), but does that mean that 2701 can't count as a further crime under 1030(c)(2)(B)(ii)? Would it not be possible to indiate the defended for accessing a computer w/o authorization AND receive the penalty enhancement for violating the SCA while stealing her email?

Also, it seems that an argument could be made for 1030(c)(2)(B)(ii), that the information in question is worth more than $5,000. I'd think the private email of a VP candidate would be worth at least that.

However, as runape pointed out, the Government does not seems to have articulated a theory. However, does that actually matter? If the defendant's lawyer objects, would it lead to anything? Other than, perhaps, requiring the Government to restate it's theory?
10.8.2008 2:48pm
BruceM (mail) (www):
Also, to the poster above, aiding and abetting in federal law - 18 U.S.C. 2 - is not a separate crime, but rather a separate means of indicting a particular crime. That's why indictments say "... in violation of [statute] and 18 U.S.C. section 2." There is never a separate count of an indictment based solely on 18 USC 2. This indictment is no different, it's a one count indictment (though it never actually cites 18 USC 2).

They could have made it a two count indictment, I suppose, one count based on 18 USC 2701 and the second count based on 18 USC 1030. But I'd argue that such an indictment would be duplicitous. Regardless, as Orin notes, it would mean a felony enhancement for a crime committed in furtherance of the crime itself.

The legislature would not have written a misdemeanor form of the crime into law if it intended all such charges of the crime to be only felonies.
10.8.2008 2:49pm
CDU (mail) (www):
What about the copyright violation? Didn't the little putz break in for the express purpose of duplicating and distributing the contents of her email? Which one would assume she owns the copyright(s) on? By posting her pictures, etc. he performed a copyright violation.


I don't think this meets the threshold for criminal copyright infringement. Palin (or anyone who sent her an e-mail) could sue, but I don't think he can be prosecuted for posting this stuff.
10.8.2008 2:52pm
Calculated Risk:
runape,

I don't think you get it. Something as broad as "invasion of privacy" would be a tort that is always committed when this particular act is committed. Once again, the problem is that this would make all violations of this law a felony, not a misdemeanor. What you need is a violation of criminal or tort law that is not always committed when the underlying crime is itself committed. Otherwise the distinction in the statute between when misdemeanor charges and when felony charges can be brought is meaningless.
10.8.2008 2:53pm
Justin (mail):
To those who think that there's some sort of all or nothing choice here, read the statute. In relevant part:

(b) Punishment.— The punishment for an offense under subsection (a) of this section is—
(1) if the offense is committed for purposes of commercial advantage, malicious destruction or damage, or private commercial gain, or in furtherance of any criminal or tortious act in violation of the Constitution or laws of the United States or any State—
(A) a fine under this title or imprisonment for not more than 5 years, or both, in the case of a first offense under this subparagraph; and
(B) a fine under this title or imprisonment for not more than 10 years, or both, for any subsequent offense under this subparagraph; and
(2) in any other case—
(A) a fine under this title or imprisonment for not more than 1 year or both, in the case of a first offense under this paragraph; and
(B) a fine under this title or imprisonment for not more than 5 years, or both, in the case of an offense under this subparagraph that occurs after a conviction of another offense under this section.

It's pretty clear that if there's no enhancing factor, then (b)(2)(A) still applies, and the result is a misdemeanor (ie, not punishable by more than one year in prison).
10.8.2008 2:54pm
Henry Bramlet (mail):
I agree with One more Matt. The person stole the information and then offered the information to other people, suggesting that they also go and peruse the email accounts in an attempt to find info. In so much as those people would be breaking the same laws, we would expect the reference to the same statute.

In other words: The accused broke the law against unlawful intrusion in pursuance of the crime of allowing other people to break the exact same law against unlawful intrusion.

A different analogy would be breaking into a guard house to disable an alarm so that other people could break and enter a museum- Breaking and Entering in order to commit a Breaking and Entering crime.
10.8.2008 2:59pm
DangerMouse:
It doesn't matter. He's a democrat and so he won't be punished.
10.8.2008 3:02pm
Anderson (mail):
It doesn't matter. He's a democrat and so he won't be punished.

Different worlds we live in, DM, you and I.
10.8.2008 3:07pm
A Law Dawg:
I increasingly suspect DangerMouse is my father-in-law.
10.8.2008 3:19pm
Adam J:
DM- It must be rough being a poor persecuted Republican...
10.8.2008 3:22pm
runape (mail):
"I don't think you get it. Something as broad as "invasion of privacy" would be a tort that is always committed when this particular act is committed. Once again, the problem is that this would make all violations of this law a felony, not a misdemeanor. What you need is a violation of criminal or tort law that is not always committed when the underlying crime is itself committed. Otherwise the distinction in the statute between when misdemeanor charges and when felony charges can be brought is meaningless."

I do get it, actually. And the hacking of an email account (or, in all likelihood, the posting of an email account password), is a relatively clear example of intrusion upon seclusion. Comment B of the Restatement (sec. 652B) provides that such intrusion "may be by some other form of investigation or examination into [the defendant's]private concerns, as by opening his private and personal mail, searching his safe or his wallet, examining his private bank account, or compelling him by a forged court order to permit an inspection of his personal documents."

A tort or crime - even a tort or crime that substantially overlaps with the underlying crime - is an acceptable trigger for a statutory enhancement. That is true whenever the gov't must prove some additional element. For example, if the gov't alleged intrusion upon seclusion as the trigger for the enhancement, they would have to prove that the intrusion was offensive to a reasonable person, which is not an element of the underlying crime.

The problem Orin is describing occurs where the tort or crime that purportedly triggers the enhancement is identical to the underlying crime. If the trigger is anything short of identical to the underlying crime, there's no problem.
10.8.2008 3:31pm
BruceM (mail) (www):
The only purpose of this indictmenet is to placate Palin and to minimize the impact of her blatant stupidity in having an easily accessible password. Having the person who so easily hacked her account under indictment for doing so makes him appear to be a serious, skillful, dangerous computer hacker. In reality, he figured out her birthday and the name of her first school, or whatever other dumb "security" questions her webmail used, and was able to reset her password to the password of his choice ("popcorn" according to the indictment).

Were this guy not indicted, Palin would appear like she allowed her account to be easily accessed. Now that the guy has been indicted, Palin can come across as a crime victim, and therefore it's not her fault (American victim culture abhores blaming victims for contributing to their harm, even if they are 99% liable, comparatively).

This is a political indictment, handed down by republicans a month before the presidential election to help get McCain/Palin into the white house. If ruining someone's life and costing the taxpayers hundreds of thousands of dollars to prosecute a crime and incarcerate a citizen will save McCain/Palin just one vote, it will be done by the Bush DOJ.
10.8.2008 3:41pm
A Law Dawg:
(American victim culture abhores blaming victims for contributing to their harm, even if they are 99% liable, comparatively).


Yeah, the way she was dressed, she was ASKING to be raped!

Seriously, BruceM?
10.8.2008 3:43pm
zippypinhead:
The form of this indictment doesn't trouble me, as there's nothing that can't be clarified in the inevitable Bill of Particulars, or at worst can't be cured with a superseding indictment that more fully explicates what's already been averred.

I think One more Matt hit one possible nail on the head:
Paragraph 6 answers this. He posted the new password so that others could repeat the intrusion. So the intrusion was done in furhterance of subsequent intrusions by other people, hence the apparently circular reference to the same crime.
May sound circular at first, but on the facts it makes sense. This also explains the aiding and abetting language of the charging paragraph in light of what at first blush was a solo crime. The factual predicate for A&A is in ¶7.

A superseding indictment could also rely on the existing averments to charge wire fraud. And ¶8 lays the possible groundwork for a §1519 obstruction allegation as well, although I don't think after-the-fact attempts at a cover up count as the enhancing predicate crime or tort under §1030. And then there's the wild and wacky universe of tortious conduct, which surely encompasses low-grade identity theft of this sort.

My main reaction upon reading the indictment? It's actually a straightforward, reasonable charging document that doesn't pile on the defendant. If the grand jury wanted to be harsh, this kid could have been charged up with separate counts for each access incident, each downloaded item or screen capture, each subsequent BBS post of the information, etc. And he would have been in much deeper trouble if he'd also been charged with something like §1519 obstruction, which would ratchet up the Sentencing Guidelines calculations on him (the USSG offense grouping issues are too complicated for a pinhead like me to explain, but trust me, they wouldn't help the defendant).

Fearless prediction: Odds of this pretty straightforward case pleading out are 99.44% If my quick off-the-cuff math is right and I haven't missed some USSG factor or another, even charged as a felony it may be possible for the defendant to land in Zone A of the Sentencing Guidelines' offense level chart with acceptance of responsibility. Zone A makes him eligible for straight probation, assuming no criminal history or other naughty things that strike the sentencing Judge's fancy.
10.8.2008 3:44pm
gattsuru (mail) (www):
[quote]Palin (or anyone who sent her an e-mail) could sue, but I don't think he can be prosecuted for posting this stuff.[/quote]

18 U.S.C. 1030 does not require that the act be criminal, only that the act be criminal or tortious. Palin owns the copyright (including the right to limit publishing of information) of anything she creates (thank you Rome Accords) as soon as she creates something, regardless of the quality of the work.

That's almost certainly not what the spirit of the law intended, and the Feds would not be wise to try prosecuting it, but I think it's within the letter of the law.
10.8.2008 3:50pm
Lonetown (mail):
I believe the intention was to damage the govenor of Alaska.


Thats not tortious?
10.8.2008 3:56pm
htom (mail):
I see this as two crimes: the hacking, and the blabbing of what was found. The former is not very damaging to the victim (although it is a crime); the latter is potentially very damaging.
10.8.2008 3:57pm
Larry Reilly (mail):
Does motive come into play in looking for furtherance of criminal or tortious activity?
I haven't dug back, but believe that the hacking was done on the heels of news reports -- about the Palin Administration in Alaska not releasing her work emails -- pointed out that she apparently had used private email accounts, such as Yahoo, to conduct some of her government business. The inference would be that she did not want them subject to sunshine laws.
It may well be that this young man wanted to expose a corrupt practice by the governor of Alaska at least equally as much as he was enjoying a good hack.
10.8.2008 4:04pm
Federal Dog:
How twisted and malicious do you have to be to blame a crime victim for being a crime victim?

This election has made a lot of people very, very sick. That level of attack is not mere partisanship: It's mental illness.
10.8.2008 4:08pm
Waldensian (mail):

I increasingly suspect DangerMouse is my father-in-law.

Clear thread-winner there.
10.8.2008 4:17pm
A Law Dawg:
she apparently had used private email accounts, such as Yahoo, to conduct some of her government business. The inference would be that she did not want them subject to sunshine laws.


I think the belief was that she was using her private e-mail for campaigning purposes. It just so happens that it would be illegal for her to use her government address for such things, so she used her private e-mail.

At least, that is how I remember it.

It may well be that this young man wanted to expose a corrupt practice by the governor of Alaska at least equally as much as he was enjoying a good hack.


Even assuming that's true, then he has still engaged in civil disobedience and therefore should go to jail.
10.8.2008 4:19pm
A Law Dawg:
How twisted and malicious do you have to be to blame a crime victim for being a crime victim?


No matter what The Other Side does, it is ill-intended. No matter what is done to The Other Side it is justified.

It doesn't matter which side The Other Side is, as long as that side opposes Your Side.

I really hate humans sometimes.
10.8.2008 4:22pm
Bruce:
Paul: I'm having a little trouble figuring out what's "silly" about the EFF's argument. To the extent read emails in storage are not in "transitory, intermediate storage" incidental to transmission, or stored by internet service for purposes of backup protection, then accessing (only) them is not a violation of 2701. Right? What am I missing?
10.8.2008 4:32pm
Larry Reilly (mail):
Let's try this again.
Here is what Orin Kerr noted at the top when he wondered if the indictment is flawed: The statute, 18 U.S.C. 1030, states that the intrusion is a felony if the intrusion "was committed in furtherance of any criminal or tortious act in violation of the Constitution or laws of the United States or of any State."
My question was based on that. If the man who hacked Palin's private email account did so because of some reports that she used the account improperly to hide some her official communications, does that mitigate?
My question in effect asked whether the "furtherance" must be intentional -- meaning that he intended to hack the account to further a crime or tortious act other than the hacking itself.
So, again, would the defendant's actual motive come in to play?
I don't believe that in rational discourse it is twisted, malicious or partisan to raise the matter.

Away from this question about the law and how it is interpreted, there indeed is a controversy in Alaska over various Palin email accounts and how they were used. And the issues are being pressed by various organiations seeking to have them released.
10.8.2008 4:36pm
BruceM (mail) (www):
[Deleted by OK. BruceM, my general rule that I always disagree with everything you say has to be supplemented by a second rule: I will delete any comment you write about sexual assault.]
10.8.2008 4:38pm
htom (mail):

(b) Punishment.— The punishment for an offense under subsection (a) of this section is—
(1) if the offense is committed for purposes of commercial advantage, malicious destruction or damage, or private commercial gain, or in furtherance of any criminal or tortious act in violation of the Constitution or laws of the United States or any State—
(A) a fine under this title or imprisonment for not more than 5 years, or both, in the case of a first offense under this subparagraph; and
(B) a fine under this title or imprisonment for not more than 10 years, or both, for any subsequent offense under this subparagraph; and


I think people may be focusing on the "furtherance" part, when it's the "malicious damage" -- the gossipy public disclosure of the password(s) -- that may be bringing the felony charge.
10.8.2008 4:42pm
MarkField (mail):

I really hate humans sometimes.


Does that put you on The Other Side?
10.8.2008 4:45pm
Nunzio:
BruceM:

That you need to take so long to prove your point means you were wrong in the first place.

This kid's a first-time offender so he should just pay a fine and grow-up. No election, not even "the most important election of our lifetime," is worth doing something this stupid.

That said, the indictment should be dismissed. It's impossible to say what extra crime or tort the grand jury agreed on.
10.8.2008 4:49pm
bud (mail):

Calculated Risk:
I don't think you get it. Something as broad as "invasion of privacy" would be a tort that is always committed when this particular act is committed.

Not necessarily. Let's remember why this "feature" was placed into this law: to keep "innocent" hacking activity from being seriously penalized. Nobody wanted some guy poking around for his own amusement or as a demo of technical prowess to face the same penalties as the guys lifting credit card numbers from the same sort of activity.

It's pretty obvious to me that this kid was intent on finding information that could be used against her, and that that activity would qualify for the "enhancement". Whether or not all the legal i's and t's are dotted and crossed is an issue that will be decided by the judge.
10.8.2008 4:54pm
Anderson (mail):
How twisted and malicious do you have to be to blame a crime victim for being a crime victim?

I don't see what's twisted or malicious about it at all.

Let's forget about Palin for a moment. If someone uses (say) his own name for a password, that's stupid.

We don't condone hacking his account, but we recognize his stupidity nonetheless.

More broadly: I buy a Mercedes convertible and park it downtown with the key in the ignition while I'm inside eating lunch. I come out, &my car -- sacre bleu! -- is gone!

Is anyone "twisted" or "malicious" in holding me partly responsible (tho not criminally liable) for my car's being stolen? I think not.

So the question is, if Palin's account could be hacked on the basis of readily available info, was that very clever of her? We can discuss that without thinking it's any exculpation at all of the guy who hacked her account.
10.8.2008 4:55pm
ShelbyC:
Didn't he gain unauthorized access to the password reset mechanism in furtherance of gaining unauthorized access to her email?
10.8.2008 4:58pm
solplot:
Didn't he gain unauthorized access to the password reset mechanism in furtherance of gaining unauthorized access to her email?

Correct - he did NOT crack her password. He used the password reset mechanism and answered the "security questions" with google-fu. Essentially, he pretended to be Palin, claiming she forgot her password.
10.8.2008 5:02pm
Anderson (mail):
Bruce M: but once she has been raped, it's a windfall.

Good lord, I missed that.

Married, Bruce? Girlfriend? Sister? Surely a mother somewhere in the background, eh?

Try that theory out on 'em.
10.8.2008 5:03pm
Felix Sulla:
Speaking as someone who has no use at all for Sarah Palin, I still have to say (whatever remedial technical flaws the indictment may have) the prosecution of this person is a good thing. This is a high profile case, and hopefully it will send a message that even "harmless" casual hacking of someone's email (or if you like, their Facebook page or what have you) is illegal and can get you into serious trouble. I think a lot of people out there consider such activity to be merely challenging or else not a big deal. It assuredly is.

I have a friend, an otherwise intelligent and generally law abiding person, who openly brags that she "hacks" personal enemies' email accoutns or webpages in order to get "dirt" on them. She also uses these occasions to imply that her ability to do this means she is a brilliant hacker, notwithstanding the fact she has no relevant technical knowledge of any description. Thus, for example, guessing her husband's ex-wife had a really easy-to-guess password on her MySpace page converts her into Matthew Broderick in WarGames.

Anyway, I warned her that this activity was illegal and could expose her to some moderate-to-severe civil and criminal penalties, but she brushed it all aside as no big deal. An very public example needs to be set on this issue, and I think the Palin case would serve this purpose admirably.

Still voting for Obama though. ;-)
10.8.2008 5:04pm
A Law Dawg:
Being a victim means [. . . ] you come first.


Guess I'm a victim then, judging from the bored looks Mrs. Law Dawg gives me when we're done!
10.8.2008 5:04pm
Kazinski:
I think posting the passwords to encourage others to go into her account and root around is clearly the furtherance of another criminal act.

Say the kid was trying to hack into a computer that contained credit card numbers for someone else. If all he did was figure out the access information, and then pass on the passwords to the third party, he would be furthering the act. Even if he didn't know specifically what they were after. In this case he got the password, and then posted them and encouraged others to log in and poke around, and make use of anything they found.
10.8.2008 5:04pm
Anderson (mail):
I have a friend, an otherwise intelligent and generally law abiding person, who openly brags that she "hacks" personal enemies' email accoutns or webpages in order to get "dirt" on them.

Yeah, that's weird. And I have to think it's coming from the same part of the brain that thinks that downloading pirated songs and movies is A-OK.

What passes for conscience in the human psyche seems to be an uneasy feeling that someone's watching, or could be watching. And despite the intellectual awareness that someone could in fact *be* monitoring your conduct on the internet -- or could trace it later -- that's not "physical" enough to set off the primitive conscience. Look, here I am, alone in this room, just me and the computer -- what could go wrong?
10.8.2008 5:09pm
Federal Dog:
"More broadly: I buy a Mercedes convertible and park it downtown with the key in the ignition while I'm inside eating lunch."

Are you contending that she published her log-on information or left it in a place where she knew any member of the public could get it? The level of hatred required to engage in such sophistry is neither normal nor healthy.
10.8.2008 5:13pm
Lonetown (mail):
Bruce M: but once she has been raped, it's a windfall.

The Tex Antoine theory no doubt! (told a joke along the same lines eons ago)
10.8.2008 5:15pm
A Law Dawg:
Are you contending that she published her log-on information or left it in a place where she knew any member of the public could get it? The level of hatred required to engage in such sophistry is neither normal nor healthy.


I am in no way defending the hacker here, but the answer to your question is yes. The answers to her password recovery questions were public knowledge.
10.8.2008 5:17pm
Anderson (mail):
Are you contending that she published her log-on information or left it in a place where she knew any member of the public could get it? The level of hatred required to engage in such sophistry is neither normal nor healthy.

Federal Dog, get a grip on your bad self.

You said, and I quoted: "How twisted and malicious do you have to be to blame a crime victim for being a crime victim?" General proposition about crime victims.

I created a hypo to demonstrate that your general proposition is mistaken. N.b. my exact words: "Let's forget about Palin for a moment."

Being reading-impaired, you fail to understand the import of those words, i.e., that my examples are not talking about Palin.

Having shown that your general proposition was false, I concluded:

So the question is, if Palin's account could be hacked on the basis of readily available info, was that very clever of her? We can discuss that without thinking it's any exculpation at all of the guy who hacked her account.

Nothing remotely construable by any honest person as an allegation that Palin "published her log-on information or left it in a place where she knew any member of the public could get it." Not even close.

So, let's look back at what you just wrote:

The level of hatred required to engage in such sophistry is neither normal nor healthy.

Word.
10.8.2008 5:22pm
Felix Sulla:

Yeah, that's weird. And I have to think it's coming from the same part of the brain that thinks that downloading pirated songs and movies is A-OK.
I have to admit I used to do that. I justified it, at the time, with the argument that the record label and/or studios were just middlemen making all the money while the creators were getting pitiful returns for their work. Actually, that's true. But the solution is to make sure the artists get a more fair compensation for their work...not to ensure that the artists themselves get precisely nothing. Thus, alas, does iTunes get more money from me than I care to admit.

I would never, however, have entertained the notion of going into Tower Records and shoplifting CDs. A lot of these people who think nothing of "hacking" someone's email address would quail in horror at the notion of walking up to someone's house or car (assuming they were unlocked or easy to get into) and helping themselves, whether they are observed doing so or not. I think we just haven't caught up to the fact that hacking someone's email or webpage is, from a moral standpoint, more or less the same as robbing them or at least breaking and entering and rifling through their possessions. We have not yet reached the point where we have as visceral a reaction to that as, for example, burglary. I think this is the deficit we need to remedy with prosecutions like this.
10.8.2008 5:24pm
arthur:
Are you contending that she published her log-on information or left it in a place where she knew any member of the public could get it?

That is exactly what she did. Aside from the email address, which was not secret, the only information needed to access the Yahoo account through the "I forgot my password" method was the answer to "Where did you meet your husband?" She revealed the answer to this question ("Wasilla High") in the convention speech she personally delivered to a nationwide television audience on six or so different networks.
10.8.2008 5:27pm
Federal Dog:
"The answers to her password recovery questions were public knowledge."

So someone sufficiently motivated to violate her account could do research and find that information out? All identity theft depends on that too. Are victims of identity theft to blame because information necessary to the theft (e.g., names, DOB, SSN, etc.) is discoverable given sufficient will and research necessary to commit the crime?
10.8.2008 5:29pm
Anderson (mail):
I have to admit I used to do that.

Just for the record, I'm observing, not judging -- if I were more tech-savvy and didn't waste my free time already with blogs and books, I probably would've had an iPod full of stolen stuff myself.

I think this is the deficit we need to remedy with prosecutions like this.

Agreed -- I wouldn't want to put the guy in jail for 5 years to scare the general public, but the prosecution seems valid (subject to Prof. Kerr's critique of the indictment).
10.8.2008 5:29pm
JunkYardLawDog (mail):
Question:

Could this be a felony because the intrusion was committed in furtherance of a violation of Sarah Palin's constitutional right to privacy or constitutional 1st Amendment rights?

Says the "Dog"
10.8.2008 5:35pm
NI:

This is a political indictment, handed down by republicans a month before the presidential election to help get McCain/Palin into the white house. If ruining someone's life and costing the taxpayers hundreds of thousands of dollars to prosecute a crime and incarcerate a citizen will save McCain/Palin just one vote, it will be done by the Bush DOJ.


That may very well be, but in this case I don't care. The amount of damage done by hackers, virus-creators, worms, phishers and other assorted people who seem to think that other people's private property is free for the rifling through is phenomenal. Were I dictator of the universe, computer hackers would be tarred and feathered, drawn and quartered, publicly flogged, and then tossed off an airplane at 35,000 feet with no parachute. At bare minimum, he should be permanently enjoined from ever using a computer again. And no, I don't care what that would do to his job prospects.
10.8.2008 5:35pm
A Law Dawg:
"The answers to her password recovery questions were public knowledge."

So someone sufficiently motivated to violate her account could do research and find that information out?


Yes.

All identity theft depends on that too. Are victims of identity theft to blame because information necessary to the theft (e.g., names, DOB, SSN, etc.) is discoverable given sufficient will and research necessary to commit the crime?


No. Nor did I suggest that they are.
10.8.2008 5:36pm
Felix Sulla:
Yeah, Anderson, I think we agree in substance. There are some people I would like to see get five years for stuff like this, though as a policy matter, I would prefer some method of ensuring that the people that get hit that hard for it are people that used the "hacked" info to get into someone's bank account, or something similar. (Which, I should think, was the intent of the felony/misdemeanor dichotomy in the statute.)

Some kid who did it as a prank or else just for the hell of it? Give him a good misdemeanor tap, and if the kid turns out to be a habitual offender (or gets more serious), work up from there.
10.8.2008 5:38pm
Federal Dog:
"So the question is, if Palin's account could be hacked on the basis of readily available info, was that very clever of her?"

As stated, the same could be said about many other forms of identity theft. The fact that information necessary to identity theft is readily accessible given sufficient research does not call the cleverness of the victims of that crime into question.
10.8.2008 5:40pm
Felix Sulla:

Could this be a felony because the intrusion was committed in furtherance of a violation of Sarah Palin's constitutional right to privacy or constitutional 1st Amendment rights?
The short answer: no. ;-)
10.8.2008 5:40pm
Federal Dog:
A Law Dawg:

I know that you did not suggest that Palin is to blame. Other posters here, however, do. The only reason for that blame is irrational hatred for Palin. Had Obama's identity been stolen to break into his email account and publish its contents, those same posters would be screeching in outrage, not blaming him because it was possible to do sufficient research to discover information necessary to commit the crime.
10.8.2008 5:44pm
Felix Sulla:

I know that you did not suggest that Palin is to blame. Other posters here, however, do. The only reason for that blame is irrational hatred for Palin.
Well, it is correct (as far as it goes) to note that it was naive of her to have had such an insecure account, and perhaps predictable that this result would occur. That of course does not excuse the commission of the crime, and it highlights the need for enforcement of the laws against it.

Some Palin haters do so in an entirely rational manner. ;-)
10.8.2008 5:51pm
runape (mail):
To reiterate the point, it would seem that the feds would have been fine alleging intrusion on seclusion (or something similar) as the triggering tort, because it requires that the gov't prove that the intrusion is offensive to a reasonable person. Some violations of the statute would plainly be inoffensive, so there's no complete overlap between the underlying offense and the triggering offense.
10.8.2008 5:51pm
john dickinson (mail):
I think posting the passwords to encourage others to go into her account and root around is clearly the furtherance of another criminal act.

Say the kid was trying to hack into a computer that contained credit card numbers for someone else. If all he did was figure out the access information, and then pass on the passwords to the third party, he would be furthering the act. Even if he didn't know specifically what they were after. In this case he got the password, and then posted them and encouraged others to log in and poke around, and make use of anything they found.


Whether or not it will fly, it is pretty clearly expressed in the indictment that this is what the prosecutors are going for, specifically with bullet #7 (and also 6) and the "aid and abet" language at the end. I.e., he broke into Palin's account in furtherance of aiding and abetting others in breaking into Palin's account.

That doesn't seem logically inconsistent to me, although perhaps it seems to run a bit afoul of the purpose of an enhancement law. It's not exactly parallel, but say you are in a state that allows the death penalty in felony murder cases (and obv *not* for garden variety murder). You want to murder someone, and devise a plan where you're going to knock them out with a tranquilizing injection, then drag them into the closet and shoot them. Unfortunately, when you go to carry out your plan, you accidentally use the wrong dose of tranquilizer and they die instantly. Could you be charged with felony murder and face death?
10.8.2008 5:59pm
Larry Reilly (mail):
Federal Dog said here that I engaged in twisted, malicous and partisan behavior for asking a question about "futherance" and motive.
Period.
I laid out the facts I saw for a possible motive on the part of the defendant. I did not excuse a stupid act on his part.
My question had to do with any pertinence, under the statute, of the reasons and objectives behind the hacking.

It is Federal Dog who is projecting partisanship into that.

Just the same, if Sarah Palin is emotionally scarred because of this aspect of the debate that I raised, I would hope all those contributing negligently by being here will join me in starting a fund to pay for counseling and any other remedial measures to restore her to full strength.
10.8.2008 6:02pm
Anderson (mail):
The fact that information necessary to identity theft is readily accessible given sufficient research does not call the cleverness of the victims of that crime into question.

Well, we'll have to agree to disagree here, assuming of course that Yahoo! provided her with the option of some less transparent ID response.

Of course, nothing stops a person from making up stuff on those questions. "Where did you first meet your husband?" "Oort Cloud." But to do that, one would have to be, um, clever.
10.8.2008 6:03pm
Anderson (mail):
I would hope all those contributing negligently by being here will join me in starting a fund to pay for counseling and any other remedial measures to restore her to full strength.

Where should I send my nickel?
10.8.2008 6:04pm
Federal Dog:
"Federal Dog said here that I engaged in twisted, malicous and partisan behavior for asking a question about "futherance" and motive."

What? Where in the world did I do that? Please post my remark about your question.
10.8.2008 6:08pm
Nunzio:
Felix S.

"Matthew Broderick in War Games." Awesome analogy. Of course, I'm getting old. And I know without looking it up that Dabney Coleman was in that movie, too.
10.8.2008 6:08pm
Felix Sulla:

"Where did you first meet your husband?" "Oort Cloud."
The odds of anyone ever hacking that question are astronomical. ;-)
10.8.2008 6:11pm
Felix Sulla:

"Matthew Broderick in War Games." Awesome analogy. Of course, I'm getting old. And I know without looking it up that Dabney Coleman was in that movie, too.
The sad thing, Nunzio, is that I debated internally for about a minute as to whether to use "Matthew Broderick" or "David Lightman" in that post. ;-) (It is still a good movie. And Ally Sheedy was adorable back in the day.)
10.8.2008 6:13pm
ObeliskToucher:
Since I haven't seen it mentioned here, the hacker changed the password on the account after he accessed it (it was the changed password that he posted on 4chan). That action could be certainly be construed as "malicious damage" since she presumably lost her access to the account for some period of time afterwards...
10.8.2008 6:20pm
BSKB (mail) (www):
The indictment is likely to be correct, the first aspect of the crime is logging on for himself, but he subsequently made the password available to others on 4chan. For the purposes of the indictment there is evidence that he intended to commit a separate subsequent criminal act or at minimum cause one to happen.
10.8.2008 6:25pm
Larry Reilly (mail):
Sorry, Federal Dog. Your remark came immediately after my question. And since my question raised a point about the defendant's motive perhaps having something to do with Palin possibly doing government business through improper use of a private email account, I assumed you were saying I had attacked the victim.
Apparently your remark concerned an earlier comment by someone else. So I was mistaken.
What I regret most about the mistake, or coming to realize it, is that I no longer have the satisfaction of being a victim myself -- thinking I was unfairly called those nasty things. Victimhood is sweet, even when wrong and fleeting.
10.8.2008 6:29pm
Anderson (mail):
Victimhood is sweet, even when wrong and fleeting.

A windfall, I hear.
10.8.2008 6:35pm
Federal Dog:
No problem, Larry. Thanks for the clarification.
10.8.2008 6:39pm
A Law Dawg:
Victimhood is sweet, even when wrong and fleeting.

A windfall, I hear.



Obviously we should tax it then.
10.8.2008 6:41pm
wm13:
If I left my keys in my car by mistake (totally hypothetical since I don't a car), and someone stole it, I would certainly want that person prosecuted. It isn't a defense or even a mitigating factor that I was kind of stupid. The same would apply if my daughter was foolish to go walking by herself in bad neighborhoods at night and got raped.

That's totally different from the question of what, if anything, are mitigating factors. For example, if my car was stolen by a teenager who went joyriding around the neighborhood, I would support a lighter punishment than if the thief were a professional who worked as part of an organized stolen car export ring. The teenager's situation and motive would be mitigating factors regardless of whether he stole the car because I left my keys in it or by using the hot wiring technique he learned in his high school auto repair course.

I suspect mitigating factors in rape cases would be a lot more controversial, so I will leave that one alone.
10.8.2008 6:46pm
zippypinhead:
"I really hate humans sometimes."
Waldensian was wrong. Law Dawg really wins this thread (and he might get the silver medal too, given that I snorted part of my Starbucks' reading his later comment about his wife's satisfaction level in light of the sequencing of certain events).

On to less important topics: Prosecuting this kiddie may be one of the best things the Feds can do for general deterrence of low-end hacking and identity theft (isn't going to deter Russian organized crime syndicates, but it should have some impact on college kids who are paying attention).
10.8.2008 7:03pm
Anderson (mail):
I would certainly want that person prosecuted. It isn't a defense or even a mitigating factor that I was kind of stupid.

Right. I certainly didn't suggest that it's a mitigating factor; it just leaves open the question of whether you (the "you" of the hypo) are an idiot, or careless.
10.8.2008 7:07pm
Angus:

This is a high profile case, and hopefully it will send a message that even "harmless" casual hacking of someone's email
The only thing is, this case has zero deterrence value because the only time it will get investigated is if the person is a Pres or VP candidate. Hell, even Lindsay Lohan and Paris Hilton got hacked and couldn't get the authorities to lift a finger to investigate.

This kid is under felony indictment for only one reason: Palin is a VP candidate.
10.8.2008 7:12pm
DOuglas2 (mail):
I signed up with Yahoo years ago, and I now have no idea what my security question was or what my answer was. Of course that was about 6 years before I read Schneier on what a security flaw the password-recovery feature was. Although I now know that this is a problem, I have no expectation that a non-nerdy person would be aware of this security risk. I also know that in the several cases where institutions have issued me a few non-master keys for different rooms I could with relative ease determine a small number of possible codes for the master key. Is this blatant stupidity on the part of the institutions in having an easily accessible key-code? I have developed the habit of responding that I don't want a low-security backdoor when I am asked to choose or provide a secret question, but the prevalence of this practice even from financial institutions makes me think that the inherent risk is not common knowledge.
10.8.2008 7:18pm
gallileo:
Angus,

He's actually under felony indictment for two reasons:

He hacked a private email account.
The account belonged to a VP candidate.

But the path to justice is to ignore the second fact. Not the first. We should be indicting all the hackers regardless of the victim. So this is a step in the right direction.
10.8.2008 7:26pm
Sagar (mail):
all the folks arguing that this misdemeanor is rightly elevated to a felony because the original crime was committed to "invade her constitutional right to privacy" -

are we now saying this right to privacy is in fact a 1st amendment right and not just lurking in the penumbra?

this perp was stupid, did something wrong and got caught - should be punished, but not with felony charges!
10.8.2008 7:27pm
Bruce Hayden (mail) (www):
all the folks arguing that this misdemeanor is rightly elevated to a felony because the original crime was committed to "invade her constitutional right to privacy" -

are we now saying this right to privacy is in fact a 1st amendment right and not just lurking in the penumbra?
I don't see the connection here. Few of the posters above even mentioned or probably seriously considered any Constitutional right of privacy, regardless of where it might be found (and there are probably better places than the 1st Amdt. for that).
this perp was stupid, did something wrong and got caught - should be punished, but not with felony charges!
I say that for a lot of things. I frankly think that there are a lot of things charged these days as felonies that shouldn't be, including some victimless drug related crimes. But that isn't the country we live in, and this is the one we have to deal with.
10.8.2008 7:49pm
Dan Bongard:
"So the question is, if Palin's account could be hacked on the basis of readily available info, was that very clever of her?"
I'd say it was neither clever nor stupid.

If the account had been one which was used for sensitive purposes, or contained crucial information, or even contained emails or information which could damage her or her family, then having a non-secure password would indeed be stupid. But we've seen what the account contained -- innocuous personal email. Not exactly stuff that needs to be kept tightly under lock and key. In fact, Democrats probably got hurt more by this than Palin did, especially once it turned out that the hacker was a Democrat engaged in dirty tricks.

Picking "1111" for your ATM PIN is stupid. Picking "1111" for the password to your eVite account isn't, because no significant harm will be suffered if that account gets hacked. The benefit of having an easy-to-remember password exceeds the potential harm.
10.8.2008 8:51pm
Youngblood (mail):
The letter of the law seems pretty clear to me. If the intent of the security intrusion was the intrusion itself (as it is in the case of most people who hack into systems 'because they're there', as 'white knights', or as pranksters), then the crime is a misdemeanor. If, on the other hand, if the intent is more serious, then it becomes a felony.

The hacker himself stated that his intent was to "derail [Governor Sarah Palin's] campaign". I'm not a lawyer, so I'm not sure if the time "malicious destruction or damage" has a specific legal meaning, but as a layman, it certainly looks to me that this was the hacker's intent. In addition, he provided the information that he gathered and explicit instructions about breaking into the account to a community of hackers, which facilitated and contributed to additional criminal actions by others. Again, I don't know about legal definitions but, at least to this layman, it certainly seems as though this act was to further "criminal and tortious" acts by others.

So either way you slice it, the hacker committed a felony. So, in my non-professional eyes, it seems as though the felony indictment seems to be on pretty solid ground.

Is this in keeping with the spirit of the law? I think so. Although people keep using the word "prank" to describe what the hacker did, he intended (in his own words) to destroy her political campaign and, when he couldn't do that, he made her personal information available to other hackers. I don't think that anyone reading this would classify those activities as pranks if what happened to Palin happened to them. Nor was this intrusion intended to display the ease with which a hacker could circumvent the security measures on the email account (i.e. hacking into the account because it was there, for bragging rights, or as part of some kind of 'white hat' scenario to highlight effective computer security techniques). That seems to be what the spirit of this law is all about, so the felony indictment seems to be on firm ground there, too.
10.8.2008 9:02pm
Dave N (mail):
Either Yahoo has tightened security as a result of this, or I can't reset my Yahoo password if I ever forget it.

Yahoo asked me my birthdate (in Sarah Palin's case, something widely available on Wikipedia now, probably relatively unknown when she created the account); my country of origin, and my zip code (gee, Wasilla, Alaska has so many).

I couldn't get to the next screen--but still, rocket science this ain't.
10.8.2008 9:07pm
Anderson (mail):
But we've seen what the account contained -- innocuous personal email.

Didn't she use her Yahoo! account for state business?
10.8.2008 9:58pm
Michael Edward McNeil (mail) (www):
The only thing is, this case has zero deterrence value because the only time it will get investigated is if the person is a Pres or VP candidate. Hell, even Lindsay Lohan and Paris Hilton got hacked and couldn't get the authorities to lift a finger to investigate.

What has happened in the past in this regard may not predict the future. It's quite interesting that in this article about the Palin hacker's indictment, the special agent responsible for the FBI's Knoxville office was quoted as saying, “Cyber crime is the FBI's top criminal investigative priority.” (Revisit that sentence again.) As a result, it seems quite likely that there will be many more such crimes brought to trial across the nation.

As to the point some are suggesting that it's idiotic to leave one's keys in their car or the front door to one's home unlocked — the point is that Palin's “car” (“house”) wasn't left open: it was locked. The locks to many people's homes are relatively easily bypassed or broken. As the saying goes, (ordinary) locks don't keep determined criminals out, they simply keep honest people honest. It was a criminal mentality which deliberately circumvented the security that Yahoo sets up for everyone to use, in order to break into her account.

Moreover, IANAL, but it appears to me that the intent of the hacker was not to simply read some random person's e-mail, but to use what he found in order to damage the reputation of a candidate for high public office and thereby interfere with the integrity of a federal election (the perpetrator basically admitted as much in one of his postings). Is that not a crime in its own right?
10.8.2008 10:58pm
Michael Edward McNeil (mail) (www):
“But we've seen what the account contained — innocuous personal email.”

Didn't she use her Yahoo! account for state business?


Not according to the hacker's own postings on the site where he distributed the (changed) key to her account and copies of the contents.
10.8.2008 11:05pm
anti-spam:
"Cyber crime is the FBI's top criminal investigative priority," Richard Lambert, special agent in charge of the FBI Knoxville office, said in a press release this morning.


Follow the money: FBI FY 2008 Authorization and Budget Request to Congress.

Summary from the Washington Post's Brian Krebs, “Is Cyber Crime Really the FBI's No. 3 Priority?”:
While the "Innocent Images National Initiative" is listed last in the excerpt above, it's by no means least among the FBI's cyber priorities. The initiative — designed to catch sickos who enjoy looking at and facilitating child pornography — claims the attention of roughly a third of the agency's cyber agents, according to the document.

[...]

The main reason I single it out is that it clouds the agency's record on addressing the kinds of crimes that most people probably think about when they hear the words "cyber crime." According to the FBI, the Innocent Images program accounted for a major share of the FBI cyber crime convictions and "pre-trial diversions" in fiscal year 2006. For example, Innocent Images netted 1,018 convictions and plea agreements in 2006, whereas the Justice Department won 118 convictions or pleas for computer intrusion cases last year.


Cybercrime gets 3.5% of the FBI's active agents. And, out of that 3.5%, online child-pornography investigations get roughly a third of the resources.

How much does that leave for email intrusion investigations for non-vice-presidential-candidate people? Not a lot. Even when the victim can establish significant monetary loss.
10.9.2008 1:12am
Random Commenter:
"This kid is under felony indictment for only one reason: Palin is a VP candidate."

Who could have predicted that? Of course, this speaks more to the stupidity of the perp than the seriousness of the crime.

I don't agree this will have "zero deterrence value" with the kids. It will deter some of them, because most don't have the penetration to see that the prosecutors only went after this kid because of the profile of the victim. They just see another kid in bracelets on tee vee.

So there's likely a silver lining to all this.
10.9.2008 2:24am
anti-spam:
...silver lining....

Not that many months ago we heard credible estimates that there are now over a billion users on the 'net. That estimate was followed by a credible estimate that there are now over one billion hosts on 'net. In scientific notation, that's 1e9 hosts.

Out of those 1e9 or so hosts, we believe that a large number are compromised. Very probably more than 1%, and we fear it's closer to 10% or more. Current credible estimates indicate on the rough order of 1e7 to 1e8 compromised hosts.

Over the several years, it's become increasingly clear that computer and network intrusions have become financially motivated. It may still be kids —in some case— but the ones doing the severe damage are doing it for money.

It's hard to get a good feel for how much of this crime is linked to traditional organized crime compared to how much is new internatial crime organizations. But it's organized crime for profit.

Bottom line: About 1e7 to 1e8 boxen compromised—most for profit.
10.9.2008 3:25am
Before Gore, Kneel:
Kernell has made it clear that his intent was to discover and publicize private information with the intent to harm reputation and peace of mind.

Like the Watergate burglars, he had intent. He, as well, had to 'break in'. Furthermore, he discovered private information, and took unauthorized possession or stole it.

So thus far he is completely on a par with the Watergate guys. Intent, breaking in, getting stuff. He's as guilty as they.

Kernell goes futher though. Unlike the Watergate guys who kept the private for private illegal use, he additionaly makes things public. He invites others to also steal the private to make them public. He facilitates their illegal activity. And he effectively steals everything from its owner by changing the password. There is nothing left for Palin.

Prediction: He's staying for five years. He's going to pay a fine, maybe the maximum. He gets to pay with lawyers.

And maybe, later, he will fall into a room of conservatives who show him the difficulty of using keyboard with hands in casts.
10.9.2008 8:47am
Snaphappy:
Here's a practical question for you technical types. It seems to me if you're going to engage in hacking activity, the easiest way not to get caught is to drive to some neighborhood that's not your own, look for an open wifi network, and do it through there. Is there any possible way to get caught? I there are a couple of routers in my neighborhood without any security enabled, so I assume its the same everywhere else.
10.9.2008 9:49am
Orson Buggeigh:
Before Gore, Kneel:
"Like the Watergate burglars, he had intent. He, as well, had to 'break in'. Furthermore, he discovered private information, and took unauthorized possession or stole it.

So thus far he is completely on a par with the Watergate guys. Intent, breaking in, getting stuff. He's as guilty as they are."

Thank you! Precisely the point I've been thinking of since this hit the media, albeit briefly. So where is the interest and the outrage? Oh, yeah, I forgot - apparently it's only felonious when it is a Republican operative breaking into a Democratic property. But you would think the press might be interested. Paging Dan Schorr - oh yeah, he's leaning toward the Dems and reliving his glory days on the 'Enemies List for NPR.' No point waiting for Woodward, either. He's too busy collecting his royalties and looking for more Republican scandals to be outraged about. Pardon my sarcasm, but doesn't anyone else find it rather interesting that this whole thing is being ignored by the media?
10.9.2008 10:34am
htom (mail):
Snaphappy -- The answer depends on the open link you use:

*) Some of them are honeypots, intended to ensnare such use;

*) others keep logs of usage that is not "whitelisted" (which yours would not be, of course);

*) still others, with lots of data space, just keep logs of everything;

*) and then there are those who will be blamed for what you've done.

Choose carefully. Some open wi-fi may be in more than one category above. ;)
10.9.2008 11:59am
Thorley Winston (mail) (www):
Prediction: He's staying for five years. He's going to pay a fine, maybe the maximum. He gets to pay with lawyers.

And maybe, later, he will fall into a room of conservatives who show him the difficulty of using keyboard with hands in casts.


The ironic thing is that this little POS set out to violate Governor Palin’s privacy by hacking her email account but as a result his name, face and home address are published all over the internet. Anyone care to lay odds on how long it takes someone to track him down and beat the **** out of him (or worse)?

Just as we’ve seen that there are plenty of crazies on the left who try to rationalize what he did because they don’t like Governor Palin, you have to figure that there’s more than a couple on the other end of the spectrum who are waiting for just the right moment when the authorities aren’t watching him to enact their own brand of justice. The safest place for him might actually be in a prison.
10.9.2008 2:02pm
Gabriel McCall (mail):
Even if we can come up with a credible theory of what crime or tort was being furthered, I think we've lost track of the main point of the initial post: isn't the indictment defective if it doesn't specify which one?
10.9.2008 3:51pm
Michael Drake (mail) (www):
Maybe they could charge all the participants for conspiring to violate 18 USC 371.
10.9.2008 5:52pm
MikeS (mail):
I was curious if Yahoo had learned anything from this situation: apparently not. It just let me reset my email password, with the only security question being the name of my dog.
10.9.2008 6:03pm
one of many:
M. McCall,

while I would certainly make that claim were I defending the gentleman, the indictment mentions the posting of the password which is sufficient for the charge to be facially valid. I don't know if it has ever applied to internet activity, but aiding and abetting has been charged successfully even when the crime aided has not been proven (Standefer v. United States, 447 U.S. 10).
10.9.2008 6:18pm
TCO:
1. posting the password, so that others can commit the crime of the statute, is within the statute.

2. "US code including X", does not mean "only X"
10.9.2008 9:24pm