Slashdot Mirror
Guilty Plea in AOL Engineer's Address Theft Case
ScentCone writes "Jason Smathers, a former AOL software engineer has pleaded guilty in his theft of 92 million in-house account screen names. He'll be paying $200-400k, and serving a year or two of federal time. Smathers used another employee's account to steal the data, and sold it to a Vegas-based online casino operator. Interestingly, one of the charges was 'interstate transportation of stolen property.'"
Doesn't seem like such a good idea now does it?
If he was charged with 'interstate transportation of stolen property', does that mean that he printed out all 92 million screen names and took them in his car across state borders?
Do the crime, pay the time.
I'm not sure how he's going to pay $200k+ though.
Sorry, couldn't help it...
Click here or a puppy gets stomped!
Stop the IT crime! Burn all copies of "Office Space"!
time is a perception of a being's consciousness
time is your 6th sense, the wierd ones are 7+
Textual representations of AOL customenrs email addresses are considered AOL's property? As much as I hate spammers, that is insane.
That guy should have asked for much more than that... like if a casino was short on cash! Omni
Maybe, they'd learn that when spamming, the sysadmin wins.
Fight Spammers!
He pleaded guilty cause he was.
Can we really say anything more than 'well deserved'?
Do we know for how much he sold the stolen list? I supe hope for him its more than 400k... but I doubt it!
Eureka Science News - automatically updated
The guy who gives the email addresses to the spammers is forced to pay restitution costs to AOL for the amount they spent on dealing with email that the spammer's sent. This is bullshit. If anyone should have to pay, it is the spammers. The guy can go to jail for theft of property (if you consider email lists property... which the government seems to... but this is another issue), but he didn't directly cost AOL any money. This is a crap example of a big company getting money from this little guy because getting the money from the spammers is nigh impossible. He plead guilty, so I think that keeps him from being able to appeal.
*yawn*
He'll be paying $200-400k, and serving a year or two of federal time.
This guy has 'Capital Punishment' written all over him.... he got off lite!!
'You've got male!'
For all intensive porpoises your a bunch of rediculous loosers
Smathers is only paying "the amount the government estimates AOL spent as a result of the e-mails," which is that $200,000 to $400,000. Is our government unable to represent those who suffered significantly more harm than AOL, the people?
Sufferers may primarily be AOLamers and maybe all of us here will laugh that off to some extent, but consider "The stolen list of 92 million AOL addresses included multiple addresses used by each of AOL's estimated 30 million customers. It is believed to be still circulating among spammers." AOLamers or not, these are our grandparents and grade school teachers; training-wheeled users who if anything, need more protection than we do.
This penalty does them no good, whatsover. TFA makes it clear that a signficant number of them are still getting ruined by the crime, as_we_type. IANAL; can someone add whether "the people" can expect to be served a piece of Smathers?
If this is it, it sure as hell isn't what I'd call "restitution." Anyone want to wager that we also get nothing out of Sean Dunaway, the guy to whom Smathers sold?
BG
'transportation of stolen property'
More like 'transportation of copied property'.
No such law.
"A microprocessor... is a terrible thing to waste." --
GeneralEmergency
You forgot to include the text/html part:
----35977.08538_20228509
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
fibration crankshaft spatial
perfecter conjure
downey happenstance aromatic charley gubernatorial
----35977.08538_20228509
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 8bit
Actual spam message
----35977.08538_20228509--
It may be nothing to you, but when 80% of all email is spam, and when legitimate emails are filtered out, and when email becomes essentially useless, nearly everyone else disagrees.
If someone says he and his monkey have nothing to hide, they almost certainly do.
Quite frankly, I don't care what goes on in there as long as people fear getting into one. Fucking ream the shit out of the murderers and child rapists with broomsticks and they'll never rape again.
I wonder if users can sue AOL for not taking proper precautions (obviously the assumption here is that they didnt)
"Interstellar transportation of stolen property"
Yikes! At first glance that's what I read.
Thinking about it though, (while not really stolen property) he could do that but it would take at least 4 years for the act to occur.
The mantra of impending doom: "Cooperate and Graduate"
Damn, man. The guy deserves a thank you. Those casino sites rock. Really.
Sshh, dear, don't cause a fuss. I'll have your spam. I love it. I'm having spam spam spam spam spam spam spam beaked beans spam spam spam and spam!
It is no longer uncommon to be uncommon.
If this wasn't about spam, people on here would be jumping up and down screaming their guts out about how the punishment doesn't fit the crime.
$400k for 92 million screen names? That's less than a half-cent per compromised screen name- what a deal! The year in prison is on top of that but that's probably on the order of magnitude of about $500k (judging from how much you'd have to pay me to go) so we're still at less than a cent per screen name. Ask anyone whose screen name was compromised, with a punishment of less than a cent. This guy got off easy.
For christ's sake, spam is NOT that big of a deal.
Yes it is.
Look at http://www.pcworld.com/news/article/0,aid,119011,
Fight Spammers!
" Its not theft, right? AOL wasn't deprived of any property!"
If you use the Slashdot groupthink definition of "stolen property," well then sure. You often see this come up in Slashdot discussions regarding copyright protection. Nonetheless, in the world of trade secrets, mailing lists, and the like, these are the terms that are used. If you leave a company and take with you a copy of a customer list, trade secret, or other confidential or proprietary information, you cannot use the "the company still has a copy so I didn't deprive them of anything" defense. In the real world, this claim can get you a +5, Astute from the Slashdot crowd, but that's about it.
Sitting in my day care, the art is decopainted.
Yes, get this man off the street before he copies anyone else's database! I know I feel a lot safer with him behind bars. The monster.
exactly. if we take the logic for downloading music/movies. etc and apply it here its the same thing. slashdot should be defending this man!
always mosh clockwise
Well, not according to TFA.
Federal prosecutor David Siegal said Smathers had engaged in the interstate transportation of stolen property and had violated a new federal "can-spam" law meant to diminish unsolicited e-mail messages about everything from Viagra to mortgages.
Thank you for the most fascist comment of the day.
Who the hell are you or anybody else to say what's a crime and what's not, not to mention what's a "suitable punishment"? Can't take care of yourself? Buy a gun and shoot the bastard. Hell, even 90 year old granny can do that. Can't buy a gun legally? Shouldn't have given up your rights...
Thank you for the anarchist retard comment of the day.
Thinkin' Lincoln - a web comic of presidential proportions
"As I understand it Facts are not copyrightable. A huge list of email addresses is just a big list of facts. If they can't have a copyright on the list of email addresses they can't assert that they've been stolen."
I'm not sure how you made that last logical connection. This isn't a copyright infringement case; it's one of trade secrets and proprietary information. This is the modern equivalent of the old days where somebody might sneak out a big list of customer names and snail-mail addresses -- they're not copyrightable either, but it sure as hell is legally actionable.
Sitting in my day care, the art is decopainted.
In November of 2003 I was getting about 175 spams per day. In December of 2003 I installed Spamassassin, set up ip# and domain name block lists, tweaked the rules and wrote my own, and wrote a user email/spam report system. I spent a good deal of time getting this set up and working out the bugs. My email server received over 145,000 connections in 2004, over 143,000 were spam.
I have the ability and resources to do these things but many internet users do not. While I don't have an AOL account, I still think he should have received more hard time. Put him away for a long time, maybe his cell mate will be a disgruntled AOL user who lost it after getting "one too many spams".... make other spammers and their helpers think twice.
The expression of the facts in a particular grouping can be copyrighted.
OpenBSD is FOSS, but you can't make ISOs of the official CDs and sell them because Theo holds copyright of the particular way the CD is laid out. You can make your own CDs/ISOs, with the same data, but not just copy his image.
The OpenBSD project does not make the ISO images used to master the official CDs available for download. The reason is simply that we would like you to buy the CD sets, helping fund ongoing OpenBSD development. The official OpenBSD CD-ROM layout is copyright Theo de Raadt. Theo does not permit people to redistribute images of the official OpenBSD CDs. As an incentive for people to buy the CD set, some extras are included in the package as well (artwork, stickers etc).
Note that only the CD layout is copyrighted, OpenBSD itself is free. Nothing precludes someone else from downloading OpenBSD and making their own CD. If for some reason you want to download a CD image, try searching the mailing list archives for possible sources. Of course, any OpenBSD ISO images available on the Internet either violate Theo de Raadt's copyright or are not official images. The source of an unofficial image may or may not be trustworthy; it is up to you to determine this for yourself.
http://www.openbsd.org/faq/faq3.html#ISO
500GB of disk, 5TB of transfer, $5.95/mo
beaked beans
Quack!
Since he's being charged over stolen property, I'm assuming Slashdotters are okay with the concept of intellectual property in this circumstance.
Slashdot: If it's not a tangible object that someone else can be deprived the use of, it's not property!
U.S. Courts, U.S. Law: If the law says its property, its property.
That's why the courts come up with all of these crazy rulings that slashdotter's just can't seem to get their heads around...
"That's not even wrong..." -- Wolfgang Pauli
"He infringed a trade secret"
You can't infringe a trade secret. You can steal a trade secret, you can misappropriate a trade secret, but you can't infringe a trade secret.
"That's not even wrong..." -- Wolfgang Pauli
Who cares? This guy deserves the word "thief."
Just like the RIAA calls the music pirates thieves.
Going after people who harvest and spam your e-mail address is Good. Going after people who harvest and pirate somebody else's music is Bad. How's that moral relativism smell?
Hey man, you and the rest of the hang the spammers crowd need to realise that it cuts both ways. If you want a free and open Internet you have to accept the spam. Don't like spam? Then don't give out your E-mail address to people likely to spam you. Still get spam? Write yourself a spam filter.
I don't like spam, but I'd rather have spam than an over-regulated Internet and I think that spending 5 minutes of my time each day dealing with the spam that gets through the filters is much better than some guy having to go to prison with all the psychological torment that might/will cause, not only to him but his innocent family and friends as well. Not to mention that sending people to prison harms the economy.
It should be copyright infrigement or breach of privacy, not theft. We might not mind in this case, but we don't want 12 year old girls using Kazaa to be charged with grand theft and put in jail.
I haven't heard anything against the Vegas company that purchased this information. Why is it OK for a company to carry out these acts but if a citizen does the same acts, he/she is fined a few hundred grand and sent to jail for a year or two?
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison
I would agree with you, but look at how the court argued in United States vs Riggs back in 1990 (yes, the famous E911 BellSouth document case) about applying the "interstate transfer of stolen goods" rule to an electronic file. When the issue of tangibility was brought up, the court briefly compared the electronic file with "a colorless, odorless, and tasteless gas", arguing that the "interstate transfer" rule could reasonably be applied to the gas in spite of its "intangibility". Now, even an odorless gas does consist of very tangible atoms, and it seems to me like a rather weak argument for applying the law also to what is essentially a transmission of information. If a TV station broadcasts a movie without paying royalties, is that "interstate transfer of stolen goods" too?
In the E911 case, the "value" of the stolen document was heavily inflated, quoted as $79,499 when a paper copy was actually available from Bellcore for $13.
There are actually two pieces of intangible property involved here. One is the original work as such, the database that may have cost a lot of time and money to compile. The other is an electronic copy of said original, perhaps available for a modest fee. I believe that in both the E911 case and this AOL case, only the copies have been transferred. The difference is that copies of the E911 document was available for sale, while the AOL customer database appearantly wasn't. How do you determine the "value" of something that isn't legally available for sale? Are we talking black market prices with respect to the copy (what someone is prepared to pay for it) here, or estimated damages to the database owner caused by the misappropriation of the information in it?
When a copy of a printed book is stolen, the value is considered to be the retail price for the copy (and that copy is quite tangible). No license fee for a reprint or damages for copyright infringement is ever involved. If an original manuscript is stolen, that is quite a different thing. But if you make an unauthorized copy (on paper) of an unpublished manuscript?
You are correct. This site has some good information including some applicable federal statutes involving theft of trade secrets and economic espionage. This guy was looking at up to 10 years in prison and 500K in fines so he got off relativly lightly. I never knew that theft of trade secrets carried criminal attachment, I thought it was purely a civil tort, shows how much you might not know about the law if you're not a lawyer.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
I side with who's correct, not accordig to party lines.
From your blog:
We, Republicans that is, got our asses stomped in 1992 and 1996. Sure, we didn't like it, but you know what? We dealt with it.
You bet on "gay marriage" and scaremongering about the supreme court. Sorry, that was not a winning bet.
Wow. And NFL football is gay? I hope that was mostly a joke, because your attempts to prove it were pathetic.
The law (either the statutory text or its interpretation) is amended to deal with new realities, that's true, but it doesn't happen automatically. Some laws are widened in scope, others are not, in either case because of a reason. If not, totally different laws might end up applying to the very same circumstances, leading to mutually contradictory rulings. How come electronic publishing has been subject to the "interstate transfer of stolen goods" rule long before it's covered by freedom of the press statutes? The AOL database case isn't about publishing, but many other cases of electronic information transfer (such as the E911 case) are.
After having establisheded different legal frameworks surrounding different things like postal mail, telephone services, newspaper publishing, broadcast radio and television, banking, trade, private property, workplace environment, healthcare, public administration, law enforcement, education, scientific research, innovation, and national security, it shouldn't come as a major surprise that having all those laws apply to said activities when taking place within the same piece of machinery on your desktop may become a little messy if not done with proper consideration.
so easy to abuse, no wonder it's number one!
he was locked up in an unusually rough situation for his non-violent crimes. if he was on trial today i bet he would be hit with some patriot act violations and locked up as a terrorist.
i know a million other people face the same thing, but his is a case most people here should know about.
Whew! I'll sleep better at night knowing this guy is doing hard time.
Well, considering that guys like this literally keep system admins up at night (not sleeping better) as they clean up after the billions of pieces of trash that his "customer" sends out, choking up businesses and private e-mail accounts... fewer of him, and I'd actually, literally sleep better. As for the brick-smashing guy, well, that really sucked. Also, the guy that broke into my car and stole my LAN tools deserves to actually, truly die. I'd like to take care of that myself, and will never have the chance, and neither will the cops. But, this clown who sold out his employer's data (and their customers' trust) for a smallish pile of cash knowing that billions of spam messages would soon plague millions of people... he's an ass, and now he gets to cover his for a year or so.
Don't disappoint your bird dog. Go to the range.
so called "laws"
So, what would this thief have to do in order to pass your test of righteousness? Maybe... kill a security guard while stealing the company data? Or is that still OK? Where do you draw the line? Or is theft OK, as long as you're not actually putting someone in the hospital?
Don't disappoint your bird dog. Go to the range.
As far as I can tell, aol still had the account names. When my car got stolen, what I objected to was that I no longer had my car, not that someone else had a car a lot like mine. Aiding spammers may be wrong, but let's keep the categories straight.
Not so. The block of data that he stole amounts, by any reasonable standard, as proprietary information and trade secrets. If he had stood there and photocopied customer data, it would have been the same story. His intent is almost beside the point - he knew he was diluting the company's value (and its customers' trust in the company) - and that's willful damage, something they should also have pursued.
Don't disappoint your bird dog. Go to the range.
The horrible thing is that this joker will probably have net access between rapings. Alot of prisons (especially minimum and low security), allow the inmates some form of internet access. A hypothetical situation here, but he could get online, pull this list off of some offsite file dump, and sell it again and again. While I'm not saying this guy would be dumb enough to do this, I do wish to state that if the punishment is to fit the crime, he should have gotten the same treatment that most hackers do: From sentencing until $X years later, you cannot touch or interact with a computer. As a potentional victim, I would find this more acceptible, on top of a much higher fine, in lieu of jailtime.
Let's fake an answer for the curious; let's fake it all for the fame.
I've been a felon for wire fraud since i was thirteen, nuttin happened to me other than 29 months in wales detention in wisconsin and 29 months in a group home ( www.norriscenter.org ) and 3 years probation. I'm 17 in 2 days. I paid(well, my parents) paid $201,000 in court fees and restitution. we are broke now. :(
Actually, the two DO go togeather. Prison is SUPPOSED to be a deterrent. Prison is NOT supposed to be a place of free shelter with feature comforts. It's supposed to be harsh as hell.
In fact, rather then having prisoners rott away and spending my tax dollars, I would rather the system mirror that of what happens in Singapore. That is to say if you rob a store, you should have your ass beaten till skin breaks. I mean, total pain and torture...but not enough to physically mame you for life. Just enough to drill it in your thick skull that it is NOT ok to do crime.
We are all children in life. The only difference is some of us learn our leasons in life so as not to repeat them as we get older.
Life is not for the lazy.
It doesn't matter what the dictionary says. If you go down to the court and file an action for "whatever" of a trade secret, the court will accept "theft of a trade secret" or "misappropriation of a trade secret." "Infringement" of a trade secret is not a recognized cause of action in any jurisdiction I am aware of.
My assertion may be "unfounded" based on whatever dictionary you used, but it is not "unfounded" based on my experience with trade secret law.
"That's not even wrong..." -- Wolfgang Pauli
You can steal a trade secret
Which is kinda my original question: if the company still has the original information and only loses their exclusive ownership and distribution ability, then has the information been stolen?
It's the same situation with copyrighted materials: you didn't steal the material, you took away their exclusive right to copy. So why isn't that called "stealing"?
Ah, the I may have misunderstood your point.
When you wrote
"You can't infringe a trade secret. You can steal a trade secret, you can misappropriate a trade secret, but you can't infringe a trade secret."
I thought you were making a claim about reality, rather than a claim about the name given to the cause of action.
The federal criminal statute is labled theft of trade secrets, but in the elements of the offense it is sufficient to allege misappropriation or infringement, and there need be no allegation of theft. Criminal statutes are construed more narrowly than civil causes of action, and the precise meaning of words matters.
The defendent here wisely accepted a deal.
I don't know whether there's prior case law interpreting the word "stolen" in this context.
We agree that the list is property. We disagree about whether, in English, the term 'steal' included 'copy without authorization.'
I used dictionary.com.
Now that I ponder the question, I believe a complaint stating infringement of a trade secret would be sufficient to meet notice pleading requirements under federal rules.
I think you are right that these torts are more often referred to as theft of trade secret.
The slashdot post-scarcity conceptual distinction between copying crimes and deprivation crimes probably hasn't been fully litigated by the courts, which are still operating more under a scarcity-based world-view.
Looks like we are on the same page now.
"Now that I ponder the question, I believe a complaint stating infringement of a trade secret would be sufficient to meet notice pleading requirements under federal rules."
That's probably true, but, unlike patent, copyright and federally-registered trademark infringment actions, trade secret actions are generally taken up in state court, which is why I suggested that YMMV.
But you are right, I wasn't very clear -- I was discussing the realities of a legal action, and not what the "definitions" really mean, or whether or not "stealing" a nontangible object is "stealing."
"That's not even wrong..." -- Wolfgang Pauli
If I understand your question correctly -- and I may not -- you are wondering why you "steal" a trade secret, whereas you "infringe" a copyright, even though both merely take away an "exclusive right." I don't know if that is what you are asking, so I'll simply assume it.
There is a difference between trade secrets and copyrights (and patent and trademarks) that may not be obvious. With Copyrights, patents, and trademarks, you are being given an "extra" right (or extra set of rights) that you don't get with trade secrets. Basically, with trade secrets, you can only protect them as long as they remain secret -- once they are out in the open, that's it, there's nothing left to protect. So the law has made illegal the act of, for lack of a better name, "publicizing" trade secrets, and calls it "stealing" trade secrets, and that makes sense, because you are "stealing" the value of something, and the original owner cannot ever get it back. If the value is in keeping it secret, then once it is not secret, the value is lose, and that is something you have stolen from the owner. So we call taking a trade secret a "theft."
Now, copyrights and like are different -- here, they are already out in the public -- that's the bargain you make with the government to get the protections in the first place -- and so we have the governmentally-imposed rights that we give the holder of the copyright. Generally, whenever someone is interfering with someone elses "rights," we call that "infringment" -- you can infringe someone's right to control distribution of a copyright, but you can also infringe on someone right to life, liberty, and pursuit of happiness as well. It's not the same as a theft of a trade secret -- even after an infringement, you still have something of value, so we call it infringement of a copyright instead of theft of a copyright (which could still happen in certain circumstances, but would involve stealing the right to enforce the rights, not the rights themselves).
Now, before everyone jumpsd in and says "hey, he just said copyright infringement isn't stealing," you need to be careful here. I said that copyright infringement didn't mean that you stole the copyright holder's rights to control his work -- you just "infringed" on them. What you have stolen is the economic value of the sale to you, and to anyone else who gets a copy of your infringing copy. I know, you'll say, "but I wouldn't buy it anyway," but you DON'T know that for a fact probably even for yourself, and certainly not for everyone else sharing from your copy. Even though YOUR infringement may not have "stolen" the economic value of a complete copy of the work from the copyright holder,your infringement HAS stolen some economic value, even if it is small and hard to quantify, and THAT IS stealing, no matter how you slice it.
I know I'm not going to be able to convinve anyone otherwise, but at least I made may arguments.
"That's not even wrong..." -- Wolfgang Pauli
We are both discussing the realities of a legal action.c ode/html/uscod e18/usc_sec_18_00002314----000-.html
Part of the discussion is about whether the indictment fairly described what happened, or was overcharging in order to coerce a plea.
At the December 21st hearing, the judge refused to accept a plea, which is unusual. At a second hearing, he pled guilty to conspiracy to spam, and to violating a statute which prohibits transporting stolen or fraudulently obtained goods. The indictment had alleged both that the list was stolen and that it was obtained by fraud,
so the issue of whether or not the list was stolen was not resolved in this case. Sounds like you are familar with this area -
has the term "stolen" in the transporting stolen good statute been defined by statute or case law to include unauthorized copying? Cite please?
It may well have been, but so far I haven't seen anyone in this thread point to such authority, so we're speculating.
http://assembler.law.cornell.edu/us
(statute)
Well, I don't have a lot of time to do research today, but here's a couple of notes I found in West's annoted federal code:
""Stolen," as used in National Stolen Property Act, is not term of art and instead is broad in scope with wide ranging meaning. U.S. v. Pre-Columbian Artifacts, N.D.Ill.1993, 845 F.Supp. 544."
I didn't read this case, but my guess is this suggests that the dictionary defintion of "stolen" may not be controlling for the purpose of this statute.
"Proprietary information stolen from telephone company's "911" computer text file was capable of being "stolen, converted or taken by fraud" within meaning of federal statute prohibiting interstate transportation of stolen property. U.S. v. Riggs, N.D.Ill.1990, 739 F.Supp. 414."
Again, I didn't read this case to determine if the test file itself was stolen or not, but this seems to imply that if you simply steal the "information," that enough to be stealing under this section.
The Slashdot crew will like this one:
"Act of duplicating copyrighted aggregations of sounds without authorization constituted "stealing, converting, or taking by fraud," and thus such act could be prosecuted under this section. U.S. v. Sam Goody, Inc., E.D.N.Y.1981, 506 F.Supp. 380, 210 U.S.P.Q. 318."
So there's a case for ya that says copyright infringement can be considered "stealing, converting, or taking by fraud," at least as far as this statute is concerned.
And finally, here's another quote from the same case which also suggests that the act of infringing a copyright is stealing:
"Unauthorized duplicates of copyrighted sound recording were "goods, wares, [or] merchandise," as required for fraudulent taking of such recordings to be violation of this section, even though actual tapes on which such unauthorized duplications of sounds were placed were not stolen. U.S. v. Sam Goody, Inc., E.D.N.Y.1981, 506 F.Supp. 380, 210 U.S.P.Q. 318. "
Anyway, for the purposes of this code section at least, "stealing" appears to have a pretty broad definition, and this guy's theft of the user lists is certainly the type of "proprietary information" that will fall under this statute.
"That's not even wrong..." -- Wolfgang Pauli
OK, you've done what I asked for, cited a case, so you win, and I'll let it drop.
c k.html
But first I'm going to bicker midly about your examples, and tell some war stories, before I fall asleep in my rocking chair.
National stolen property act - different statute, seemed to be dealing only with tangible goods.
Sam Goody dealt with the fraud prong of the statute, rather than the stolen goods prong.
Riggs was operation sun devil, the case that set up the steve jackson games case. Here's more:
http://www.savage.net/public_html/net/phra
The following March a Federal grand jury was told that the document that Knight Lightning had printed in Phrack was worth 80 thousand dollars and was extremely dangerous to the public. The grand jury brought a Federal indictment against Knight Lighting. He faced 31 years in prison for the interstate transportation of stolen property, wire-fraud and violations of the computer fraud and abuse act.
"In July of 90 we went to court...the witnesses took the stand to try and prove that I had not just committed the crimes they were saying i committed, but to prove that the actions I took were crimes in the first place. The defense never had to put on a single witness, by the end of the week, the governments case had completely fallen apart. The now famous 80 thousand dollar E-911 document was proven to be [publicly] available for no more than 13 dollars from Bellcore."
Because the information was publicly available the case against Knight Lightning was dropped and the trial ended after only 4 days. Knight Lightning however is stuck paying off $100,000 in legal fees, the US government is immune from being sued. "Anything I had ever saved up for college has gone into paying it off."
If there was anything at all that came out of the E-911 case against Craig it was that there was a large public awakening to the rights of electronic journalism and to government intrusions to suspected hackers. Organisations like the EFF and CPSR were formed to look into people's rights and uphold civil liberties on the internet. Jim Warren started CFP (Computers, Freedom, Privacy) as a direct result of the Operation Sundevil raids and the case against Knight Lightning. Phrack is still being published* and can be obtained via WWW, anonymous ftp or by subscribing. Phrack is still free to individuals but has now been copyrighted. Corporations and security professionals are expected to register their subscriptions.
---
* Phrack had its last issue recently. In 1992, I was having lunch with Craig at CFP 2, listening to Bruce Sterling talk about the hacker crackdown,
at a table with eric b. and emmanuel goldstein and an irs agent, with phiber optik wandering around and some kid who'd hacked his way in by stealing my credentials, and he told me a bit about his side of the case. I came away from that weekend wanting to be somebody who fought for free speech on the internet. I've failed rather miserably at it so far (majors.blogspot.com), but I gave it a shot.
Well, I did preface my examples with the facts that a) I hadn't read them, and b) I just pulled the cases off of West's annotated U.S. code for that particular statute... I've had a 60+ billable week this week putting the finishing touches on a Markman brief, so I didn't spend the time to vet the cases before posting them -- thanks for being gentle!
Interesting stuff there about hackers and the like. This stuff we've been talking about is a bit out of my area, I spend most of my time litigating and prosecuting patents, with a little copyright, a little general commercial lit, and some labor and employment law to spice things up...
Enjoy your rocking chair...
"That's not even wrong..." -- Wolfgang Pauli