FBI Investigating Lamo Via Patriot Act Provision
umm qasr writes "Mark Rasch, a columnist for SecurityFocus wrote in his Register-reprinted column that the FBI has sent a letter, invoking provisions of the Patriot Act, to journalists reporting on the Adrian Lamo case: 'The letters warn them to expect subpoenas for all documents relating to the hacker, including, apparently, their own notes, e-mails, impressions, interviews with third parties, independent investigations, privileged conversations and communications, off the record statements, and expense and travel reports related to stories about Lamo.' Good to see that our First Amendment rights are being upheld by the FBI."
Lamo.
TEH RASULT OF THIS OF COURSE IS TAHT 3V3RY JOURNALIST SUED FOR NOT TURNNG DOCUM3NTS OVER AS A R3SULT OF DA UNCONSTITUTIONAL SUBPO3NA CAN B CONSIEDRED 2 HAEV INTEGRITY AND IS SOMEON3 TAHT U WIL WANT 2 WATCH IN TEH FUTURE11!111 OMG WTF
ANYONE WHO HANDS OVER THEYRE DOCUMENTATION IS OBVIOUSLY A RATFINK AND EV3RY TIEM A PAEPR CAREIS ONA OF THEYRE ARTICLES IT SHUD B DELUGAD WIT L3T3RS 2 TEH EDI2R LATNG THEM KNOW JUST WUT KIND OF ASHOLA WROT3 DA S2REIS!!!!! OMG WTF LOL
If he was hired to test security it would be a different matter. But he allegedly broke into those systems without permission. That puts him in violation of Cybercrime laws.
I feel sorry for him, because he did allegedly report the weaknesses to the admins and he could have just read the data and not told anyone and used the information for his on purposes. So his intentions were good, to plug security holes by finding them and telling the admins about it. But he is doing it the wrong way, without permission.
He may want to think about pleading guilty and making a deal to get reduced charges. This will make him famous and when he gets out of jail and ends probation, he can become a security consultant. Otherwise they may try to make an example out of him and charge him with a full pentalty and any other charges they can think of.
But then the places he broke into didn't use good security practices and didn't apply the latest updates. Personally, I wouldn't put a machine on the Internet that contains sensitive data on it that only my company should have access to like contact information, credit card numbers, etc.