Is the Palin E-Mail Hack Indictment Legally Flawed?:
Here's the indictment. And here's the potential problem with the indictment. In order to charge the case as a felony rather than a misdemeanor, the government needed to claim that the intrusion was committed to further criminal or tortious activity. The statute, 18 U.S.C. 1030, states that the intrusion is a felony if the intrusion "was committed in furtherance of any criminal or tortious act in violation of the Constitution or laws of the United States or of any State."
Oddly, though, the indictment doesn't exactly state what the crime or tort is that the intrusion was designed to further. It just states that the intrusion was "in furtherance of the commission of a criminal act in violation of the laws of the United States, including 18 U.S.C. Section 2701 and 18 U.S.C. Section lO30(a)(2)" But Section 2701 and Section 1030 are the intrusion statutes themselves! It makes no sense to allow a felony enhancement for a crime committed in furtherance of the crime itself; presumably the enhancement is only for intrusions committed in furtherance of some other crime. Otherwise the felony enhancement is meaningless, as every misdemeanor becomes a felony.
I'm not sure if the indictment is facially defective based on that. It might be, because it effectively doesn't say what crime the government is charging (in that the the government must show the unauthorized access and also the crime that the access is in furtherance of -- if you're the defendant, how to you defend yourself against an unnamed crime?). But if the government is trying to make this a felony on the theory that the intrusion was designed to further the crime of the intrusion, that strikes me as an extremely weak argument.
Oddly, though, the indictment doesn't exactly state what the crime or tort is that the intrusion was designed to further. It just states that the intrusion was "in furtherance of the commission of a criminal act in violation of the laws of the United States, including 18 U.S.C. Section 2701 and 18 U.S.C. Section lO30(a)(2)" But Section 2701 and Section 1030 are the intrusion statutes themselves! It makes no sense to allow a felony enhancement for a crime committed in furtherance of the crime itself; presumably the enhancement is only for intrusions committed in furtherance of some other crime. Otherwise the felony enhancement is meaningless, as every misdemeanor becomes a felony.
I'm not sure if the indictment is facially defective based on that. It might be, because it effectively doesn't say what crime the government is charging (in that the the government must show the unauthorized access and also the crime that the access is in furtherance of -- if you're the defendant, how to you defend yourself against an unnamed crime?). But if the government is trying to make this a felony on the theory that the intrusion was designed to further the crime of the intrusion, that strikes me as an extremely weak argument.
As many have expected, the government charged the felony version of the "obtains information from any protected computer" "without authorization" crime (1030(a)(2)(C)). In order to get the bump from misdemeanor to felony, the government must establish that Kernell committed the crime "in furtherance of any criminal or tortious act" (1030(c)(2)(B)(ii)). Strangely, the rather terse indictment seems to suggest that the "in furtherance" crime included 1030(a)(2)! Is the government planning to argue that Kernell intended to obtain information from any protected computer in further of obtaining information from _another_ protected computer? What other computer? Surely, the government doesn't mean Kernell deserves the felony because he obtained information from Palin's account in furtherance of obtaining information from Palin's account! Then, every (a)(2)(C) would be chargeable as a felony!
They also point to 2701—ECPA's obtaining electronic communications while in electronic storage misdemeanor—as the predicate crime for the enhancement. Oddly, the government didn't charge the substantive violation of 2701 itself. Surely, the government wasn't convinced by EFF's silly argument about 2701 and Theofel, was it?
At any rate, the feds also charged section 2 aiding and abetting. Aiding and abetting whom? And they didn't charge 1030(b) for attempt.
Strange, strange, strange indictment.
Also, he could be charged with a class A under Tenn. law.
--PtM
Or did the prosecutors forget to leave out the part where they were trying to commit some sort of political blackmail/interfere with an investigation/somesuch?
Occam's razor suggests this is part of the generalized inflation of criminal charges for purposes of intimidation/plea-bargaining (more of the former in this case).
Surely it's tortious, if nothing else. Invasion of privacy - some exotic form of trespass - or something. It's the equivalent of stealing the key to someone's home and leaving it in a public place with a note identifying the corresponding address.
The problem Orin is pointing out is not the lack of plausible theories, but that the government appears not to have identified any of them.
We both know that the indictment's defect (I agree) is, in the scheme of the case, a minor blip. The grand jury can reindict and return a proper indictment alleging that the defendant hacked for the purpose of invading Palin's right of privacy under Alaska civil law.
Pyrrhic victory for the defense if a motion to dismiss is filed and granted . . . unless no re-indictment follows.
> It makes no sense to allow a felony enhancement for a crime committed in furtherance of the crime itself;
I think you are being maybe a little inartful here. after all, if a person shot someone in the furtherance of the crime of bank robbery, I don’t think you would object to using the shooting to enhance the robbery offense or vice versa.
I think what you are trying to get at is that the crime committed in furtherance should have some separation. Like if a state punished both breaking and breaking and entering, then breaking should not be an enhancement for breaking and entering.
I understand that 2701 (Stored Communications Act), is similar to 1030 (CFAA), but does that mean that 2701 can't count as a further crime under 1030(c)(2)(B)(ii)? Would it not be possible to indiate the defended for accessing a computer w/o authorization AND receive the penalty enhancement for violating the SCA while stealing her email?
Also, it seems that an argument could be made for 1030(c)(2)(B)(ii), that the information in question is worth more than $5,000. I'd think the private email of a VP candidate would be worth at least that.
However, as runape pointed out, the Government does not seems to have articulated a theory. However, does that actually matter? If the defendant's lawyer objects, would it lead to anything? Other than, perhaps, requiring the Government to restate it's theory?
They could have made it a two count indictment, I suppose, one count based on 18 USC 2701 and the second count based on 18 USC 1030. But I'd argue that such an indictment would be duplicitous. Regardless, as Orin notes, it would mean a felony enhancement for a crime committed in furtherance of the crime itself.
The legislature would not have written a misdemeanor form of the crime into law if it intended all such charges of the crime to be only felonies.
I don't think this meets the threshold for criminal copyright infringement. Palin (or anyone who sent her an e-mail) could sue, but I don't think he can be prosecuted for posting this stuff.
I don't think you get it. Something as broad as "invasion of privacy" would be a tort that is always committed when this particular act is committed. Once again, the problem is that this would make all violations of this law a felony, not a misdemeanor. What you need is a violation of criminal or tort law that is not always committed when the underlying crime is itself committed. Otherwise the distinction in the statute between when misdemeanor charges and when felony charges can be brought is meaningless.
(b) Punishment.— The punishment for an offense under subsection (a) of this section is—
(1) if the offense is committed for purposes of commercial advantage, malicious destruction or damage, or private commercial gain, or in furtherance of any criminal or tortious act in violation of the Constitution or laws of the United States or any State—
(A) a fine under this title or imprisonment for not more than 5 years, or both, in the case of a first offense under this subparagraph; and
(B) a fine under this title or imprisonment for not more than 10 years, or both, for any subsequent offense under this subparagraph; and
(2) in any other case—
(A) a fine under this title or imprisonment for not more than 1 year or both, in the case of a first offense under this paragraph; and
(B) a fine under this title or imprisonment for not more than 5 years, or both, in the case of an offense under this subparagraph that occurs after a conviction of another offense under this section.
It's pretty clear that if there's no enhancing factor, then (b)(2)(A) still applies, and the result is a misdemeanor (ie, not punishable by more than one year in prison).
In other words: The accused broke the law against unlawful intrusion in pursuance of the crime of allowing other people to break the exact same law against unlawful intrusion.
A different analogy would be breaking into a guard house to disable an alarm so that other people could break and enter a museum- Breaking and Entering in order to commit a Breaking and Entering crime.
Different worlds we live in, DM, you and I.
I do get it, actually. And the hacking of an email account (or, in all likelihood, the posting of an email account password), is a relatively clear example of intrusion upon seclusion. Comment B of the Restatement (sec. 652B) provides that such intrusion "may be by some other form of investigation or examination into [the defendant's]private concerns, as by opening his private and personal mail, searching his safe or his wallet, examining his private bank account, or compelling him by a forged court order to permit an inspection of his personal documents."
A tort or crime - even a tort or crime that substantially overlaps with the underlying crime - is an acceptable trigger for a statutory enhancement. That is true whenever the gov't must prove some additional element. For example, if the gov't alleged intrusion upon seclusion as the trigger for the enhancement, they would have to prove that the intrusion was offensive to a reasonable person, which is not an element of the underlying crime.
The problem Orin is describing occurs where the tort or crime that purportedly triggers the enhancement is identical to the underlying crime. If the trigger is anything short of identical to the underlying crime, there's no problem.
Were this guy not indicted, Palin would appear like she allowed her account to be easily accessed. Now that the guy has been indicted, Palin can come across as a crime victim, and therefore it's not her fault (American victim culture abhores blaming victims for contributing to their harm, even if they are 99% liable, comparatively).
This is a political indictment, handed down by republicans a month before the presidential election to help get McCain/Palin into the white house. If ruining someone's life and costing the taxpayers hundreds of thousands of dollars to prosecute a crime and incarcerate a citizen will save McCain/Palin just one vote, it will be done by the Bush DOJ.
Yeah, the way she was dressed, she was ASKING to be raped!
Seriously, BruceM?
I think One more Matt hit one possible nail on the head:May sound circular at first, but on the facts it makes sense. This also explains the aiding and abetting language of the charging paragraph in light of what at first blush was a solo crime. The factual predicate for A&A is in ¶7.
A superseding indictment could also rely on the existing averments to charge wire fraud. And ¶8 lays the possible groundwork for a §1519 obstruction allegation as well, although I don't think after-the-fact attempts at a cover up count as the enhancing predicate crime or tort under §1030. And then there's the wild and wacky universe of tortious conduct, which surely encompasses low-grade identity theft of this sort.
My main reaction upon reading the indictment? It's actually a straightforward, reasonable charging document that doesn't pile on the defendant. If the grand jury wanted to be harsh, this kid could have been charged up with separate counts for each access incident, each downloaded item or screen capture, each subsequent BBS post of the information, etc. And he would have been in much deeper trouble if he'd also been charged with something like §1519 obstruction, which would ratchet up the Sentencing Guidelines calculations on him (the USSG offense grouping issues are too complicated for a pinhead like me to explain, but trust me, they wouldn't help the defendant).
Fearless prediction: Odds of this pretty straightforward case pleading out are 99.44% If my quick off-the-cuff math is right and I haven't missed some USSG factor or another, even charged as a felony it may be possible for the defendant to land in Zone A of the Sentencing Guidelines' offense level chart with acceptance of responsibility. Zone A makes him eligible for straight probation, assuming no criminal history or other naughty things that strike the sentencing Judge's fancy.
18 U.S.C. 1030 does not require that the act be criminal, only that the act be criminal or tortious. Palin owns the copyright (including the right to limit publishing of information) of anything she creates (thank you Rome Accords) as soon as she creates something, regardless of the quality of the work.
That's almost certainly not what the spirit of the law intended, and the Feds would not be wise to try prosecuting it, but I think it's within the letter of the law.
Thats not tortious?
I haven't dug back, but believe that the hacking was done on the heels of news reports -- about the Palin Administration in Alaska not releasing her work emails -- pointed out that she apparently had used private email accounts, such as Yahoo, to conduct some of her government business. The inference would be that she did not want them subject to sunshine laws.
It may well be that this young man wanted to expose a corrupt practice by the governor of Alaska at least equally as much as he was enjoying a good hack.
This election has made a lot of people very, very sick. That level of attack is not mere partisanship: It's mental illness.
Clear thread-winner there.
I think the belief was that she was using her private e-mail for campaigning purposes. It just so happens that it would be illegal for her to use her government address for such things, so she used her private e-mail.
At least, that is how I remember it.
Even assuming that's true, then he has still engaged in civil disobedience and therefore should go to jail.
No matter what The Other Side does, it is ill-intended. No matter what is done to The Other Side it is justified.
It doesn't matter which side The Other Side is, as long as that side opposes Your Side.
I really hate humans sometimes.
Here is what Orin Kerr noted at the top when he wondered if the indictment is flawed: The statute, 18 U.S.C. 1030, states that the intrusion is a felony if the intrusion "was committed in furtherance of any criminal or tortious act in violation of the Constitution or laws of the United States or of any State."
My question was based on that. If the man who hacked Palin's private email account did so because of some reports that she used the account improperly to hide some her official communications, does that mitigate?
My question in effect asked whether the "furtherance" must be intentional -- meaning that he intended to hack the account to further a crime or tortious act other than the hacking itself.
So, again, would the defendant's actual motive come in to play?
I don't believe that in rational discourse it is twisted, malicious or partisan to raise the matter.
Away from this question about the law and how it is interpreted, there indeed is a controversy in Alaska over various Palin email accounts and how they were used. And the issues are being pressed by various organiations seeking to have them released.
I think people may be focusing on the "furtherance" part, when it's the "malicious damage" -- the gossipy public disclosure of the password(s) -- that may be bringing the felony charge.
Does that put you on The Other Side?
That you need to take so long to prove your point means you were wrong in the first place.
This kid's a first-time offender so he should just pay a fine and grow-up. No election, not even "the most important election of our lifetime," is worth doing something this stupid.
That said, the indictment should be dismissed. It's impossible to say what extra crime or tort the grand jury agreed on.
Not necessarily. Let's remember why this "feature" was placed into this law: to keep "innocent" hacking activity from being seriously penalized. Nobody wanted some guy poking around for his own amusement or as a demo of technical prowess to face the same penalties as the guys lifting credit card numbers from the same sort of activity.
It's pretty obvious to me that this kid was intent on finding information that could be used against her, and that that activity would qualify for the "enhancement". Whether or not all the legal i's and t's are dotted and crossed is an issue that will be decided by the judge.
I don't see what's twisted or malicious about it at all.
Let's forget about Palin for a moment. If someone uses (say) his own name for a password, that's stupid.
We don't condone hacking his account, but we recognize his stupidity nonetheless.
More broadly: I buy a Mercedes convertible and park it downtown with the key in the ignition while I'm inside eating lunch. I come out, &my car -- sacre bleu! -- is gone!
Is anyone "twisted" or "malicious" in holding me partly responsible (tho not criminally liable) for my car's being stolen? I think not.
So the question is, if Palin's account could be hacked on the basis of readily available info, was that very clever of her? We can discuss that without thinking it's any exculpation at all of the guy who hacked her account.
Correct - he did NOT crack her password. He used the password reset mechanism and answered the "security questions" with google-fu. Essentially, he pretended to be Palin, claiming she forgot her password.
Good lord, I missed that.
Married, Bruce? Girlfriend? Sister? Surely a mother somewhere in the background, eh?
Try that theory out on 'em.
I have a friend, an otherwise intelligent and generally law abiding person, who openly brags that she "hacks" personal enemies' email accoutns or webpages in order to get "dirt" on them. She also uses these occasions to imply that her ability to do this means she is a brilliant hacker, notwithstanding the fact she has no relevant technical knowledge of any description. Thus, for example, guessing her husband's ex-wife had a really easy-to-guess password on her MySpace page converts her into Matthew Broderick in WarGames.
Anyway, I warned her that this activity was illegal and could expose her to some moderate-to-severe civil and criminal penalties, but she brushed it all aside as no big deal. An very public example needs to be set on this issue, and I think the Palin case would serve this purpose admirably.
Still voting for Obama though. ;-)
Guess I'm a victim then, judging from the bored looks Mrs. Law Dawg gives me when we're done!
Say the kid was trying to hack into a computer that contained credit card numbers for someone else. If all he did was figure out the access information, and then pass on the passwords to the third party, he would be furthering the act. Even if he didn't know specifically what they were after. In this case he got the password, and then posted them and encouraged others to log in and poke around, and make use of anything they found.
Yeah, that's weird. And I have to think it's coming from the same part of the brain that thinks that downloading pirated songs and movies is A-OK.
What passes for conscience in the human psyche seems to be an uneasy feeling that someone's watching, or could be watching. And despite the intellectual awareness that someone could in fact *be* monitoring your conduct on the internet -- or could trace it later -- that's not "physical" enough to set off the primitive conscience. Look, here I am, alone in this room, just me and the computer -- what could go wrong?
Are you contending that she published her log-on information or left it in a place where she knew any member of the public could get it? The level of hatred required to engage in such sophistry is neither normal nor healthy.
The Tex Antoine theory no doubt! (told a joke along the same lines eons ago)
I am in no way defending the hacker here, but the answer to your question is yes. The answers to her password recovery questions were public knowledge.
Federal Dog, get a grip on your bad self.
You said, and I quoted: "How twisted and malicious do you have to be to blame a crime victim for being a crime victim?" General proposition about crime victims.
I created a hypo to demonstrate that your general proposition is mistaken. N.b. my exact words: "Let's forget about Palin for a moment."
Being reading-impaired, you fail to understand the import of those words, i.e., that my examples are not talking about Palin.
Having shown that your general proposition was false, I concluded:
So the question is, if Palin's account could be hacked on the basis of readily available info, was that very clever of her? We can discuss that without thinking it's any exculpation at all of the guy who hacked her account.
Nothing remotely construable by any honest person as an allegation that Palin "published her log-on information or left it in a place where she knew any member of the public could get it." Not even close.
So, let's look back at what you just wrote:
The level of hatred required to engage in such sophistry is neither normal nor healthy.
Word.
I would never, however, have entertained the notion of going into Tower Records and shoplifting CDs. A lot of these people who think nothing of "hacking" someone's email address would quail in horror at the notion of walking up to someone's house or car (assuming they were unlocked or easy to get into) and helping themselves, whether they are observed doing so or not. I think we just haven't caught up to the fact that hacking someone's email or webpage is, from a moral standpoint, more or less the same as robbing them or at least breaking and entering and rifling through their possessions. We have not yet reached the point where we have as visceral a reaction to that as, for example, burglary. I think this is the deficit we need to remedy with prosecutions like this.
That is exactly what she did. Aside from the email address, which was not secret, the only information needed to access the Yahoo account through the "I forgot my password" method was the answer to "Where did you meet your husband?" She revealed the answer to this question ("Wasilla High") in the convention speech she personally delivered to a nationwide television audience on six or so different networks.
So someone sufficiently motivated to violate her account could do research and find that information out? All identity theft depends on that too. Are victims of identity theft to blame because information necessary to the theft (e.g., names, DOB, SSN, etc.) is discoverable given sufficient will and research necessary to commit the crime?
Just for the record, I'm observing, not judging -- if I were more tech-savvy and didn't waste my free time already with blogs and books, I probably would've had an iPod full of stolen stuff myself.
I think this is the deficit we need to remedy with prosecutions like this.
Agreed -- I wouldn't want to put the guy in jail for 5 years to scare the general public, but the prosecution seems valid (subject to Prof. Kerr's critique of the indictment).
Could this be a felony because the intrusion was committed in furtherance of a violation of Sarah Palin's constitutional right to privacy or constitutional 1st Amendment rights?
Says the "Dog"
That may very well be, but in this case I don't care. The amount of damage done by hackers, virus-creators, worms, phishers and other assorted people who seem to think that other people's private property is free for the rifling through is phenomenal. Were I dictator of the universe, computer hackers would be tarred and feathered, drawn and quartered, publicly flogged, and then tossed off an airplane at 35,000 feet with no parachute. At bare minimum, he should be permanently enjoined from ever using a computer again. And no, I don't care what that would do to his job prospects.
Yes.
No. Nor did I suggest that they are.
Some kid who did it as a prank or else just for the hell of it? Give him a good misdemeanor tap, and if the kid turns out to be a habitual offender (or gets more serious), work up from there.
As stated, the same could be said about many other forms of identity theft. The fact that information necessary to identity theft is readily accessible given sufficient research does not call the cleverness of the victims of that crime into question.
I know that you did not suggest that Palin is to blame. Other posters here, however, do. The only reason for that blame is irrational hatred for Palin. Had Obama's identity been stolen to break into his email account and publish its contents, those same posters would be screeching in outrage, not blaming him because it was possible to do sufficient research to discover information necessary to commit the crime.
Some Palin haters do so in an entirely rational manner. ;-)
Say the kid was trying to hack into a computer that contained credit card numbers for someone else. If all he did was figure out the access information, and then pass on the passwords to the third party, he would be furthering the act. Even if he didn't know specifically what they were after. In this case he got the password, and then posted them and encouraged others to log in and poke around, and make use of anything they found.
Whether or not it will fly, it is pretty clearly expressed in the indictment that this is what the prosecutors are going for, specifically with bullet #7 (and also 6) and the "aid and abet" language at the end. I.e., he broke into Palin's account in furtherance of aiding and abetting others in breaking into Palin's account.
That doesn't seem logically inconsistent to me, although perhaps it seems to run a bit afoul of the purpose of an enhancement law. It's not exactly parallel, but say you are in a state that allows the death penalty in felony murder cases (and obv *not* for garden variety murder). You want to murder someone, and devise a plan where you're going to knock them out with a tranquilizing injection, then drag them into the closet and shoot them. Unfortunately, when you go to carry out your plan, you accidentally use the wrong dose of tranquilizer and they die instantly. Could you be charged with felony murder and face death?
Period.
I laid out the facts I saw for a possible motive on the part of the defendant. I did not excuse a stupid act on his part.
My question had to do with any pertinence, under the statute, of the reasons and objectives behind the hacking.
It is Federal Dog who is projecting partisanship into that.
Just the same, if Sarah Palin is emotionally scarred because of this aspect of the debate that I raised, I would hope all those contributing negligently by being here will join me in starting a fund to pay for counseling and any other remedial measures to restore her to full strength.
Well, we'll have to agree to disagree here, assuming of course that Yahoo! provided her with the option of some less transparent ID response.
Of course, nothing stops a person from making up stuff on those questions. "Where did you first meet your husband?" "Oort Cloud." But to do that, one would have to be, um, clever.
Where should I send my nickel?
What? Where in the world did I do that? Please post my remark about your question.
"Matthew Broderick in War Games." Awesome analogy. Of course, I'm getting old. And I know without looking it up that Dabney Coleman was in that movie, too.
Apparently your remark concerned an earlier comment by someone else. So I was mistaken.
What I regret most about the mistake, or coming to realize it, is that I no longer have the satisfaction of being a victim myself -- thinking I was unfairly called those nasty things. Victimhood is sweet, even when wrong and fleeting.
A windfall, I hear.
Obviously we should tax it then.
That's totally different from the question of what, if anything, are mitigating factors. For example, if my car was stolen by a teenager who went joyriding around the neighborhood, I would support a lighter punishment than if the thief were a professional who worked as part of an organized stolen car export ring. The teenager's situation and motive would be mitigating factors regardless of whether he stole the car because I left my keys in it or by using the hot wiring technique he learned in his high school auto repair course.
I suspect mitigating factors in rape cases would be a lot more controversial, so I will leave that one alone.
On to less important topics: Prosecuting this kiddie may be one of the best things the Feds can do for general deterrence of low-end hacking and identity theft (isn't going to deter Russian organized crime syndicates, but it should have some impact on college kids who are paying attention).
Right. I certainly didn't suggest that it's a mitigating factor; it just leaves open the question of whether you (the "you" of the hypo) are an idiot, or careless.
This kid is under felony indictment for only one reason: Palin is a VP candidate.
He's actually under felony indictment for two reasons:
He hacked a private email account.
The account belonged to a VP candidate.
But the path to justice is to ignore the second fact. Not the first. We should be indicting all the hackers regardless of the victim. So this is a step in the right direction.
are we now saying this right to privacy is in fact a 1st amendment right and not just lurking in the penumbra?
this perp was stupid, did something wrong and got caught - should be punished, but not with felony charges!
If the account had been one which was used for sensitive purposes, or contained crucial information, or even contained emails or information which could damage her or her family, then having a non-secure password would indeed be stupid. But we've seen what the account contained -- innocuous personal email. Not exactly stuff that needs to be kept tightly under lock and key. In fact, Democrats probably got hurt more by this than Palin did, especially once it turned out that the hacker was a Democrat engaged in dirty tricks.
Picking "1111" for your ATM PIN is stupid. Picking "1111" for the password to your eVite account isn't, because no significant harm will be suffered if that account gets hacked. The benefit of having an easy-to-remember password exceeds the potential harm.
The hacker himself stated that his intent was to "derail [Governor Sarah Palin's] campaign". I'm not a lawyer, so I'm not sure if the time "malicious destruction or damage" has a specific legal meaning, but as a layman, it certainly looks to me that this was the hacker's intent. In addition, he provided the information that he gathered and explicit instructions about breaking into the account to a community of hackers, which facilitated and contributed to additional criminal actions by others. Again, I don't know about legal definitions but, at least to this layman, it certainly seems as though this act was to further "criminal and tortious" acts by others.
So either way you slice it, the hacker committed a felony. So, in my non-professional eyes, it seems as though the felony indictment seems to be on pretty solid ground.
Is this in keeping with the spirit of the law? I think so. Although people keep using the word "prank" to describe what the hacker did, he intended (in his own words) to destroy her political campaign and, when he couldn't do that, he made her personal information available to other hackers. I don't think that anyone reading this would classify those activities as pranks if what happened to Palin happened to them. Nor was this intrusion intended to display the ease with which a hacker could circumvent the security measures on the email account (i.e. hacking into the account because it was there, for bragging rights, or as part of some kind of 'white hat' scenario to highlight effective computer security techniques). That seems to be what the spirit of this law is all about, so the felony indictment seems to be on firm ground there, too.
Yahoo asked me my birthdate (in Sarah Palin's case, something widely available on Wikipedia now, probably relatively unknown when she created the account); my country of origin, and my zip code (gee, Wasilla, Alaska has so many).
I couldn't get to the next screen--but still, rocket science this ain't.
Didn't she use her Yahoo! account for state business?
What has happened in the past in this regard may not predict the future. It's quite interesting that in this article about the Palin hacker's indictment, the special agent responsible for the FBI's Knoxville office was quoted as saying, “Cyber crime is the FBI's top criminal investigative priority.” (Revisit that sentence again.) As a result, it seems quite likely that there will be many more such crimes brought to trial across the nation.
As to the point some are suggesting that it's idiotic to leave one's keys in their car or the front door to one's home unlocked — the point is that Palin's “car” (“house”) wasn't left open: it was locked. The locks to many people's homes are relatively easily bypassed or broken. As the saying goes, (ordinary) locks don't keep determined criminals out, they simply keep honest people honest. It was a criminal mentality which deliberately circumvented the security that Yahoo sets up for everyone to use, in order to break into her account.
Moreover, IANAL, but it appears to me that the intent of the hacker was not to simply read some random person's e-mail, but to use what he found in order to damage the reputation of a candidate for high public office and thereby interfere with the integrity of a federal election (the perpetrator basically admitted as much in one of his postings). Is that not a crime in its own right?
Didn't she use her Yahoo! account for state business?
Not according to the hacker's own postings on the site where he distributed the (changed) key to her account and copies of the contents.
Follow the money: FBI FY 2008 Authorization and Budget Request to Congress.
Summary from the Washington Post's Brian Krebs, “Is Cyber Crime Really the FBI's No. 3 Priority?”:
Cybercrime gets 3.5% of the FBI's active agents. And, out of that 3.5%, online child-pornography investigations get roughly a third of the resources.
How much does that leave for email intrusion investigations for non-vice-presidential-candidate people? Not a lot. Even when the victim can establish significant monetary loss.
Who could have predicted that? Of course, this speaks more to the stupidity of the perp than the seriousness of the crime.
I don't agree this will have "zero deterrence value" with the kids. It will deter some of them, because most don't have the penetration to see that the prosecutors only went after this kid because of the profile of the victim. They just see another kid in bracelets on tee vee.
So there's likely a silver lining to all this.
Not that many months ago we heard credible estimates that there are now over a billion users on the 'net. That estimate was followed by a credible estimate that there are now over one billion hosts on 'net. In scientific notation, that's 1e9 hosts.
Out of those 1e9 or so hosts, we believe that a large number are compromised. Very probably more than 1%, and we fear it's closer to 10% or more. Current credible estimates indicate on the rough order of 1e7 to 1e8 compromised hosts.
Over the several years, it's become increasingly clear that computer and network intrusions have become financially motivated. It may still be kids —in some case— but the ones doing the severe damage are doing it for money.
It's hard to get a good feel for how much of this crime is linked to traditional organized crime compared to how much is new internatial crime organizations. But it's organized crime for profit.
Bottom line: About 1e7 to 1e8 boxen compromised—most for profit.
Like the Watergate burglars, he had intent. He, as well, had to 'break in'. Furthermore, he discovered private information, and took unauthorized possession or stole it.
So thus far he is completely on a par with the Watergate guys. Intent, breaking in, getting stuff. He's as guilty as they.
Kernell goes futher though. Unlike the Watergate guys who kept the private for private illegal use, he additionaly makes things public. He invites others to also steal the private to make them public. He facilitates their illegal activity. And he effectively steals everything from its owner by changing the password. There is nothing left for Palin.
Prediction: He's staying for five years. He's going to pay a fine, maybe the maximum. He gets to pay with lawyers.
And maybe, later, he will fall into a room of conservatives who show him the difficulty of using keyboard with hands in casts.
"Like the Watergate burglars, he had intent. He, as well, had to 'break in'. Furthermore, he discovered private information, and took unauthorized possession or stole it.
So thus far he is completely on a par with the Watergate guys. Intent, breaking in, getting stuff. He's as guilty as they are."
Thank you! Precisely the point I've been thinking of since this hit the media, albeit briefly. So where is the interest and the outrage? Oh, yeah, I forgot - apparently it's only felonious when it is a Republican operative breaking into a Democratic property. But you would think the press might be interested. Paging Dan Schorr - oh yeah, he's leaning toward the Dems and reliving his glory days on the 'Enemies List for NPR.' No point waiting for Woodward, either. He's too busy collecting his royalties and looking for more Republican scandals to be outraged about. Pardon my sarcasm, but doesn't anyone else find it rather interesting that this whole thing is being ignored by the media?
*) Some of them are honeypots, intended to ensnare such use;
*) others keep logs of usage that is not "whitelisted" (which yours would not be, of course);
*) still others, with lots of data space, just keep logs of everything;
*) and then there are those who will be blamed for what you've done.
Choose carefully. Some open wi-fi may be in more than one category above. ;)
The ironic thing is that this little POS set out to violate Governor Palin’s privacy by hacking her email account but as a result his name, face and home address are published all over the internet. Anyone care to lay odds on how long it takes someone to track him down and beat the **** out of him (or worse)?
Just as we’ve seen that there are plenty of crazies on the left who try to rationalize what he did because they don’t like Governor Palin, you have to figure that there’s more than a couple on the other end of the spectrum who are waiting for just the right moment when the authorities aren’t watching him to enact their own brand of justice. The safest place for him might actually be in a prison.
while I would certainly make that claim were I defending the gentleman, the indictment mentions the posting of the password which is sufficient for the charge to be facially valid. I don't know if it has ever applied to internet activity, but aiding and abetting has been charged successfully even when the crime aided has not been proven (Standefer v. United States, 447 U.S. 10).
2. "US code including X", does not mean "only X"
[Important Note to Helpful Readers: If we have confusing typos and especially ugly formatting errors, such as an unclosed underline or bold tag, we'd love to hear from you about them -- but please e-mail the author about this, rather than leaving a comment. We often won't read the comments for a while after the post, and if there's a glaring formatting error, we'd see it quickly when we revisit the post, even without the comment; and in any event the comment likely isn't going to be that helpful to your fellow comment readers. So please e-mail us directly about glitches like this. Thanks!]
Comment Policy: We'd like the posts to be civil, of course (no profanity, personal insults, and the like), but we're also hoping that people try to be as calm, reasoned, and substantive as possible. So please, also avoid rants, invective, substantial and repeated exaggeration, and radical departures from the topic of the thread. Sticking with substance -- and staying on-topic -- will make the comments more helpful to other readers, and more pleasant.
As editors, we reserve the right to delete posts, and even to kick out posters, though we hope that both of these will be exceptional events. (We also reserve the right to be busy with other things, and therefore (1) not remove all the posts that might merit removal, and (2) ignore demands such as "You should remove A's posts, because they're just as bad as B's!")
Here's a tip: Reread your post, and think of what people would think if you said this over dinner. If you think people would view you as a crank, a blowhard, or as someone who vastly overdoes it on the hyperbole, rewrite your post before hitting enter.
And if you think this is the other people's fault -- you're one of the few who sees the world clearly, but fools wrongly view you as a crank, a blowhard, or as someone who overdoes it on the hyperbole -- then you should still rewrite your post before hitting enter. After all, if you're one of the few who sees the world clearly, then surely it's especially important that you frame your arguments in a way that is persuasive and as unalienating as possible, even to fools.
Our goal is to provide an interesting and pleasant environment that can help inform readers. To do that, we'll occasionally have to exercise our editorial discretion. Think of this as an in-person discussion group, where having different voices is critical to a great conversation -- but where sometimes the leader has to deal with cranks who sour the conversation more than they enliven it.
Naturally, there's always a risk that this discretion will be used erroneously, no matter how well-intentioned the editor. But discussion groups (especially on the Internet, but also off it) generally need an editor who'll occasionally make such judgments.
And, remember, it's a big Internet. If you think we were mistaken in removing your post (or, in extreme cases, in removing you) -- or if you prefer a more free-for-all approach -- there are surely plenty of ways you can still get your views out.