Skip to main content

I'm a cartoonist and activist, but perhaps lesser known is I have spent a significant portion of my life working in software and web startups. Companies I've worked for have been acquired by the likes of IBM, Citrix, and Corel. I understand product development, web development, and the consumer responsibilities software and hardware companies have when creating their products.

And this is the reason I've been watching in absolute horror this week as the trial of USA vs. Andrew Auernheimer progresses. The reality of what is happening to Andrew is one that anybody using the internet or corporate whistleblower could face.

Andrew, known online as the computer hacker "weev" made headlines in 2010 when Goatse Security revealed AT&T's iPad servers were allowing private user data to be accessed publicly -- completely unencrypted -- also known as "clear text."

The breach created quite a stir, and Michael Arrington of TechCrunch awarded Goatse Security a Crunchie award for public service for exposing the massive problem.

Security is nothing new. IT professionals are paid big bucks every day to ensure the security of customers' personal information. Even web developers would never collect sensitive information without a) secure connection and b) encryption of the data during transit and storage. We've understood this very simple concept for decades.

What's worse, AT&T published the API (Application Programming Interface) on their public web servers, so anybody in the world could access this kind of data with a simple request to their server. This is akin to leaving your car keys in your car, and giving random people off the street permission to drive your car, and then calling the police.

The same kind of technology was employed as is commonly used on millions of websites -- including every WordPress website and even DailyKos.

A huge embarrassment and PR problem for Apple and AT&T (and rightly so), rather than take responsibility for publicly exposing their customer data and encouraging people to access the data by publishing a public roadmap (API), the two companies convinced the FBI to charge Goatse Security.

The FBI raided weev and another member of Goatse Security, and handed down indictments for “Conspiracy to access a computer device without authorization” and also “identity theft” for possessing a list of email addresses.

Regarding the data that was collected, Leon Kaiser, Goatse Sec spokesperson said:

There was never any "full disclosure of private data" from GoatSec. The email addresses aggregated from AT&T's server were compiled into a list which the following people had access to: weev, Ryan Tate, and whoever Ryan Tate worked on his article with inside the gawker offices. The list was never sold to the highest bidder, nor was it fully disclosed to the Internet. The closest people outside AT&T have ever come to viewing that list is the redacted version on the original Valleywag posting.

While plenty of jokes about selling the list to Chinese spammers or using it to screw with the stock market circulated #gnaa, the truth of the matter is that disclosing this vulnerability let customers know how their data was being mishandled. As it was widely reported, the data was only released to Gawker to provide proof of the vulnerability. Considering the circumstances, it was the most ethical thing they could do.

This all may sound very technical, but it isn't. If you've commented on a DailyKos diary, then you've used the same kind of technology these "hackers" used to humiliate two of the largest tech companies in the world. If the judge in this case finds weev guilty of these charges, technically any of us could be next, if a company decides they don't like us visiting their website or speaking out against them. This would be a huge blow to free speech.  

The incredibly sad lesson here is the results of trying to "do the right thing," in holding corporations accountable. The judge will likely rule in favor of the corporations and stockholders, rather than the consumer, and will destroy a man's livelihood in the process.

For more information about weev and his case, visit http://freeweev.info.

Sun Nov 18, 2012 at 9:04 AM PT: TechCrunch has picked up on the story: iPad Hacking Case Underway, Ruling Could Address Ancient Computer Abuse Law http://techcrunch.com/...

EMAIL TO A FRIEND X
Your Email has been sent.
You must add at least one tag to this diary before publishing it.

Add keywords that describe this diary. Separate multiple keywords with commas.
Tagging tips - Search For Tags - Browse For Tags

?

More Tagging tips:

A tag is a way to search for this diary. If someone is searching for "Barack Obama," is this a diary they'd be trying to find?

Use a person's full name, without any title. Senator Obama may become President Obama, and Michelle Obama might run for office.

If your diary covers an election or elected official, use election tags, which are generally the state abbreviation followed by the office. CA-01 is the first district House seat. CA-Sen covers both senate races. NY-GOV covers the New York governor's race.

Tags do not compound: that is, "education reform" is a completely different tag from "education". A tag like "reform" alone is probably not meaningful.

Consider if one or more of these tags fits your diary: Civil Rights, Community, Congress, Culture, Economy, Education, Elections, Energy, Environment, Health Care, International, Labor, Law, Media, Meta, National Security, Science, Transportation, or White House. If your diary is specific to a state, consider adding the state (California, Texas, etc). Keep in mind, though, that there are many wonderful and important diaries that don't fit in any of these tags. Don't worry if yours doesn't.

You can add a private note to this diary when hotlisting it:
Are you sure you want to remove this diary from your hotlist?
Are you sure you want to remove your recommendation? You can only recommend a diary once, so you will not be able to re-recommend it afterwards.
Rescue this diary, and add a note:
Are you sure you want to remove this diary from Rescue?
Choose where to republish this diary. The diary will be added to the queue for that group. Publish it from the queue to make it appear.

You must be a member of a group to use this feature.

Add a quick update to your diary without changing the diary itself:
Are you sure you want to remove this diary?
(The diary will be removed from the site and returned to your drafts for further editing.)
(The diary will be removed.)
Are you sure you want to save these changes to the published diary?

Comment Preferences

  •  As much as I appreciate his efforts he did cross (6+ / 0-)
    Recommended by:
    stevej, eataTREE, Mayfly, G2geek, erush1345, rja

    the line. He merely had to show that the breach was possible, mining the data and SAVING the results was his choice and broke the law. Intent is a funny thing in law, my sister the lawyer has tried explaining it and it's clear as mud. Some laws are violated with or without intent to violate them. You might get a lesser offense by showing you intended no harm. Sometimes you can be guilty of intending to commit a crime even if you didn't actually commit one. I don't know the law, obviously, but I do know computers. He could've shown the API existed, that it made security a joke, and done it without saving all that user data on his machine. What he intended could be irrelevant to the law. Hopefully a judge will decide differently.

    To me progress is not so much a goal as it is a process and I believe it will not follow a straight course. Remember, the drops of water that form the river may not take the shortest path but they will still reach the ocean.

    by ontheleftcoast on Fri Nov 16, 2012 at 09:53:14 AM PST

    •  In England (2+ / 0-)
      Recommended by:
      ontheleftcoast, Mayfly

      the mantra was that Ignorance is no defense. I don't know if this applied to everything legal but it was always a good thing to bear in mind.

    •  Clarification to law is needed (5+ / 0-)
      Recommended by:
      Mayfly, G2geek, AoT, codairem, kurt

      What is the law that says, "mining the data and SAVING the results" is illegal?

      By this definition, just accessing the data on AT&T's server would be illegal, because my browser or device would likely access and SAVE at least one record. See the problem?

      AT&T published an API, which implicitly grants access to use of the data from the server.

      •  Nope, you are allowed to access your own data (3+ / 0-)
        Recommended by:
        Mayfly, G2geek, erush1345

        That's completely different then knowingly accessing someone else's data and saving it for purpose or purposes unknown.

        To me progress is not so much a goal as it is a process and I believe it will not follow a straight course. Remember, the drops of water that form the river may not take the shortest path but they will still reach the ocean.

        by ontheleftcoast on Fri Nov 16, 2012 at 10:03:15 AM PST

        [ Parent ]

        •  Once again, where is the law for this? (2+ / 0-)
          Recommended by:
          Mayfly, AoT
          •  The identity theft laws are on the books (2+ / 0-)
            Recommended by:
            G2geek, erush1345

            What needs to be sorted out by the judge is if intent matters. If I grabbed your data from the internet would you feel OK about it if I said, "I don't intend to do anything wrong with it"? There are well established rules on what you can and can't do with private data. Saving it and sharing it (which he also did) are both violations of those rules. I can't quote you chapter and verse from the law but I've worked in security. The rules for 'clear text' data in security are well known to anyone in the field. He knew those rules and broke them. He thought it'd be OK if he explained it. I hope he's right.

            To me progress is not so much a goal as it is a process and I believe it will not follow a straight course. Remember, the drops of water that form the river may not take the shortest path but they will still reach the ocean.

            by ontheleftcoast on Fri Nov 16, 2012 at 10:14:15 AM PST

            [ Parent ]

            •  If it's identity theft to have someone else's info (3+ / 0-)
              Recommended by:
              AoT, codairem, kurt

              Then how can it be legal for me to go and purchase someone's personal information from a service like Intelius on the Internet?

              •  Now you're asking a better question (2+ / 0-)
                Recommended by:
                erush1345, Catte Nappe

                The data available on those services is considered public information. Things like your birth date, street address, and many other things you might consider personal or private are not. At least not in the eyes of the law. However, your credit card number PIN, your account passwords, and other data are considered private. But here's where it gets murky -- if you give what the law considers public data to a company that stores it and says the data will be kept private then "Viola!" that's now private data and has to be treated as such. The reason is some of that private data may actually be private data and thus all of the data has to be treated with the same level of care.

                To me progress is not so much a goal as it is a process and I believe it will not follow a straight course. Remember, the drops of water that form the river may not take the shortest path but they will still reach the ocean.

                by ontheleftcoast on Fri Nov 16, 2012 at 10:34:08 AM PST

                [ Parent ]

                •  The data returned in this (3+ / 0-)
                  Recommended by:
                  AoT, codairem, kurt

                  ...were email addresses. Is an email address private data? I'd certainly rather people had my email address than my street address.

                  •  See, you're using human logic here (0+ / 0-)

                    If I took the content of a protected movie that consisted of 3 seconds of a completely black screen with no sound and sold it I'd be guilty of selling "information". It doesn't matter what that information was. If the content was supposed to be protected or private than it has to be treated that way. The old expression, "The law is an ass", definitely applies.

                    To me progress is not so much a goal as it is a process and I believe it will not follow a straight course. Remember, the drops of water that form the river may not take the shortest path but they will still reach the ocean.

                    by ontheleftcoast on Fri Nov 16, 2012 at 10:45:13 AM PST

                    [ Parent ]

                    •  Yes, but there is also "intent of the law" (1+ / 0-)
                      Recommended by:
                      AoT

                      And I still don't understand: is an email address considered "private information?"

                      •  This is hard to explain (1+ / 0-)
                        Recommended by:
                        TBTM Julie

                        The e-mail address itself isn't the problem. But if the API was designed to faciliate the use of purchasing with your iPhone then yes, it'd be a problem. Because the e-mail address could be tied to the phone and knowing the EID (electronic ID) of the phone could give you access to private information like bank accounts info, etc. that are tied to the EID. So to re-iterate, if the API was designed to return private data, even if the data appears to you and I to be public data, then saving and sharing that data is a violation of the law.

                        To me progress is not so much a goal as it is a process and I believe it will not follow a straight course. Remember, the drops of water that form the river may not take the shortest path but they will still reach the ocean.

                        by ontheleftcoast on Fri Nov 16, 2012 at 10:56:23 AM PST

                        [ Parent ]

                      •  Just to clarify this (1+ / 0-)
                        Recommended by:
                        TBTM Julie

                        (Speaking as someone whose job is partly in the 'internet security' field but is not a lawyer.)

                        Is your name considered 'private information'? Is your phone number considered 'private information'? Is your social security number considered 'private information'? Are your health records considered 'private information'?

                        The answer to all of these questions is identical: 'private to whom'?

                        If you give your health records and your name to a newspaper reporter, on the record, and they elect to publish it, then those things aren't private information for the purposes of that newspaper (and anyone who reads it). If you publish your social security number intentionally on an ad on Craig's List (not terribly advisable, of course) then it is not private information for the purposes of Craig's List and anyone who reads it.

                        Likewise, if you give your name and email address in a newspaper interview, on the record, it is not private information. The newspaper publishes it. Anyone who wants to see it can see it. You have given your consent that that information that you gave them can be shared.

                        If you give your name and email address to that same newspaper for the purposes of signing up for a subscription (and, to save complexity, you uncheck all the boxes that say that the newspaper can share your email address with partners etc), then that's an entirely different story. Indeed, if the newspaper has your email address and name printed in a story, and they also have it in their subscriber database, then they simultaneously have your name and email address as public information and private information.

                        (Health information is treated more stringently, with many more safeguards, due to HIPAA. There are many situations where a company has an implied license to share your information if it's not HIPAA-related, but doesn't have that in the case of HIPAA. So that one isn't a perfect parallel, but the situations are still fairly similar.)

                        Really, you can see why it is important that the email address be treated as private information in such a situation. Because if it isn't, there is nothing stopping any company from sharing it with anyone they want, with or without your consent. As it is, many kinds of businesses are required (or the requirement is implied by the law, if not stated) to get your consent before sharing that sort of information with anyone.

                        If someone breaks in and 'steals' that information, then the company is in breach of their implied (or possibly express, depending on their TOS... I think AT&T's TOS makes it explicit) contract with you to keep your data confidential. That contract makes the information private information. It's not the content that matters, it's the fact that the company has promised you that the information will be kept private (again, either an implied promise or an explicit one).

                        Now, if the company publishes it, e.g. the newspaper puts it on their front page, then you can't be punished for reading it. But if they simply protect it inadequately (e.g. a company officer leaves a briefcase in the lobby of the company HQ while he goes to the bathroom, and someone picks it up and walks off with it) then they may be remiss in their duty to keep your information private, but that simple fact does not make you any less guilty of misappropriation.

                        It's hard to make laws that are just in every single instance. This one is damned complicated, and arguably problematic, but from reading the facts that I've seen, it's pretty clear that he broke it, and probable that he knew that what he was doing could at the very least have made him civilly liable, if not criminally prosecutable. And his disingenuous crap about incrementing numbers on a URL is doing him absolutely no favors, and his lawyer should tell him to shut up.

          •  The lawmakers don't know from tech. We should all (4+ / 0-)
            Recommended by:
            TBTM Julie, G2geek, ontheleftcoast, kurt

            beware lest some corporate groups put out crazy "model legislation" re this.

            Save the Home Planet

            by Mayfly on Fri Nov 16, 2012 at 10:17:34 AM PST

            [ Parent ]

            •  we need to start electing legislators who are.... (5+ / 0-)
              Recommended by:
              TBTM Julie, AoT, ontheleftcoast, Mayfly, kurt

              .... working scientists, engineers, technicians, etc., people who understand science & technology.

              Lawyers are smart but when it comes to tech they're laypeople.   We have more than enough smart laypeople in Congress; it's time to get some serious experts.  

              We got the future back.

              by G2geek on Fri Nov 16, 2012 at 10:31:06 AM PST

              [ Parent ]

              •  Heh! We got a WoW player into Congress (5+ / 0-)
                Recommended by:
                TBTM Julie, rja, Mayfly, kurt, G2geek

                And some internet savvy politicians like Grayson are there as well. It's not hopeless, but we need to organize and get them to listen to us and not AT&T or Apple about what's best for consumers.

                To me progress is not so much a goal as it is a process and I believe it will not follow a straight course. Remember, the drops of water that form the river may not take the shortest path but they will still reach the ocean.

                by ontheleftcoast on Fri Nov 16, 2012 at 11:17:24 AM PST

                [ Parent ]

            •  No, they don't (4+ / 0-)
              Recommended by:
              codairem, TBTM Julie, Mayfly, kurt

              We saw that clearly demonstrated with PIPPA(?) or what ever those supposed anti-piracy laws were called. We, the People, are not the ones telling Congress to "protect our data" it's the corporations that are trying to make us all pay for services, etc. that are getting the bills thru committees. But we have seen that community action can stop those bills from becoming law. In this case, though, the law already exists. Undoing it and getting justice in this case is another beast entirely.

              To me progress is not so much a goal as it is a process and I believe it will not follow a straight course. Remember, the drops of water that form the river may not take the shortest path but they will still reach the ocean.

              by ontheleftcoast on Fri Nov 16, 2012 at 11:16:03 AM PST

              [ Parent ]

          •  18 USC section 1030 (0+ / 0-)
            18 USC § 1030 - Fraud and related activity in connection with computers
            (a) Whoever—
            ....
            (2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains—
            ....
            (C) information from any protected computer;
            ....
            (5)
            (A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
            (B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or
            (C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss.
            ....
            shall be punished as provided in subsection (c) of this section.
            ....
            (c) The punishment for an offense under subsection (a) or (b) of this section is—
            (1)
            (A) a fine under this title or imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(1) of this section which does not occur after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; and
            (B) a fine under this title or imprisonment for not more than twenty years, or both, in the case of an offense under subsection (a)(1) of this section which occurs after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph;
            and so on.

            http://www.law.cornell.edu/...

            You can tell Monopoly is an old game because there's a luxury tax and rich people can go to jail.

            by Simian on Sun Nov 18, 2012 at 11:22:03 PM PST

            [ Parent ]

      •  Yes and there's a procedure for that: (5+ / 0-)

        Clear your browser cache, and better yet reset your browser so it clears all accumulated cookies, history, etc., everything back to factory default settings.

        I ran into this once when I found a kiddie porn site on line (I was deleting spam and I saw one that was pretty damn suspicious so I figured, if this is what it looks like let's go bust these people).  I didn't know jack squat about the browser cache rules, or the rules about merely accessing kiddie porn.  But when I saw the main page on the website I figured that what I'd found was suspicious enough to merit calling the FBI on a Saturday.

        I didn't click past that main page or do anything else on the computer at that point: I just picked up the phone and made the call.

        They took down the URL I found, and then told me about the law: illegal to even access the stuff unless reported to law enforcement immediately (I called them immediately, so no problem there), and also illegal to store even in browser caches.  So I asked them to talk me through the steps needed to clean my computer sufficiently, which they did, and that was that.  

        The same rule could be applied to any other case of accessing data whereby you run into something illegal or otherwise needing emergency response:

        1)  As soon as you even see the item in question, call the relevant authorities.  If it's a corporate system, call their computer security people immediately.  If it's something like kiddie porn or a terrorist site, call the FBI.  Do it immediately, do not wait.  (Word to the wise: do your cybersleuthing on weekdays during business hours, so you don't end up having to pester the FBI on a weekend.)

        2)  Give your full name & contact information and a description of what you found and how you came to find it.  Provide whatever other information is requested.

        3)  Ask specifically if you should clear your browser, and unless you are already experienced at dealing with these things, ask them to tell you what you need to do in order to clean up your machine to avoid accidentally storing material illegally.

        4)  If you're a computer security researcher and you're dealing with security issues, there is a protocol for giving the corporation in question a certain amount of time to respond and fix the problem, before you publish the results of your research.   Abide by that protocol, it has stood the test of time.  

        5)  Before you publish anything, talk to your company's lawyer or to EFF or some other source of legal advice about publication.  Get that advice in writing and follow it.

        6)  Do Not joke around about "selling data to China" etc.   Corporate security & law enforcement people do not have the leeway to say "my personal interpretation of the statement was that the person was joking."  They have to take everything that crosses their desk seriously until or unless they have a reason to do otherwise that will stand up to cross-examination.  

        7)  Do Not go seeking monetary rewards from corporations for finding their security holes.  That looks like extortion, and that will get you busted for extortion, and you will go to federal prison.  That actually happened to someone else on DK.  If you ever get lucky and catch a criminal who is on a Wanted list, law enforcement will let you know if there is a reward for the case, but if you ask, it's somewhat crass, and may affect your credibility.

        --

        In general there's plenty that law-abiding citizens can do to help catch baddies online, and to help catch corporate security holes.  But you have to know what you're doing, do it conscientiously, and be prepared to follow the rules if you find something.  

        We got the future back.

        by G2geek on Fri Nov 16, 2012 at 10:56:55 AM PST

        [ Parent ]

        •  Even safer, boot TAILS before you start digging. (3+ / 0-)
          Recommended by:
          ontheleftcoast, yella dawg, G2geek

          The Amnesic Incognito Live System (Tails) is built to keep you from saving your browser cache, cookies, history, etc.  

          The About page says:

          Tails is a live system that aims at preserving your privacy and anonymity. It helps you to use the Internet anonymously almost anywhere you go and on any computer but leave no trace using unless you ask it explicitly.

          It is a complete operating-system designed to be used from a DVD or a USB stick independently of the computer's original operating system. It is Free Software and based on Debian GNU/Linux.

          "And if you come down with a case of Romnesia, and you can’t seem to remember the policies that are still on your website, ..., here’s the good news: Obamacare covers pre-existing conditions." -- President Obama, 10/19/2012, George Mason University

          by rja on Fri Nov 16, 2012 at 11:32:40 AM PST

          [ Parent ]

          •  sweet. excellent. except... (1+ / 0-)
            Recommended by:
            TBTM Julie

            In theory you can wipe everything in a manner equivalent to reformatting your hard drive.  

            Except if you look further down the linked page, you find reports of "numerous security holes" in previous versions.

            So in practice it's not quite there yet, and its new enough that reasonable people would give their engineers more time to fix various bugs & holes along the way to having a properly-performing product.  

            Alternately it could be worthwhile to get a netbook that can be dedicated to cybersleuthing.  This way if you find something really really interesting, you can, if requested or approved by your friendly contacts in LE or "wherever," save it all to the netbook and hand in the netbook as material evidence that can be used in the case.  

            Later (years after the instance recounted above), when I got into the game of chasing right-wing terrorists in cyberspace, I opted for the netbook approach.  This because I'm cautious about the limits of my own expertise, and there's nothing like an air gap to ensure that one's regular production machines remain safe from the likely risks of one's forays into places where bad people hang out.  

            We got the future back.

            by G2geek on Sat Nov 17, 2012 at 02:34:45 AM PST

            [ Parent ]

    •  None the less: (5+ / 0-)

      He arguably broke the law but IMHO he should plead "competing harms" ("I broke into that house because it was on fire and I wanted to be sure there wasn't anyone trapped inside").

      The bigger harm in this case is the risk created by AT&T and Apple.  That needed to be exposed one way or another.

      We got the future back.

      by G2geek on Fri Nov 16, 2012 at 10:33:59 AM PST

      [ Parent ]

      •  He needs a damn good lawyer and the funds (3+ / 0-)
        Recommended by:
        TBTM Julie, G2geek, rja

        to fight his case in court. I totally agree he should not be imprisoned but damn, he was kind of an idiot about how he did this.

        I've worked extensively with protected content. There were times I needed to save the decrypted content to be able to figure out what went wrong. I needed to request special permission to access the data in that way, I had strict rules of storage, access control, etc. that had to be followed. And if I didn't follow them I could've been fired and fined. When you work in security you know the rules of the road.

        To me progress is not so much a goal as it is a process and I believe it will not follow a straight course. Remember, the drops of water that form the river may not take the shortest path but they will still reach the ocean.

        by ontheleftcoast on Fri Nov 16, 2012 at 10:41:20 AM PST

        [ Parent ]

        •  yep, and i see you saw my other comment... (2+ / 0-)
          Recommended by:
          ontheleftcoast, rja

          ... about how to go about this without breaking the law.

          Laypeople can also get in the game as long as they are willing to learn the rules and abide by them.

          I'm in telephony and we have our own rules about accessing live circuits, monitoring, recording, accessing clients' voicemail boxes, etc.  After a while one internalizes all of it as common sense.

          We got the future back.

          by G2geek on Fri Nov 16, 2012 at 11:04:29 AM PST

          [ Parent ]

          •  But why sould lay people have to? (0+ / 0-)

            If I'm Joe Six Pack, how can I be expected to do what corporations require, when THEY DISCLOSE this information?  For what I see here, you practically need a PHD in computer science just to stay out of Jail!!  Just because someone came upon it accidentally is outrageous.  I can see a lot of folks going to jail over accidents.  It's insane and it's high time we started electing officials who will put the onus back on the corporate interests and not on the average citizen.  Those that pass laws like this need to be sent packing.  If you're that willing to do corporate dirty work, you deserve to be unemployed.

    •  IANAL, however, I have dealt with (4+ / 0-)

      chain of custody and protecting data.

      In his position, I sure as HELL would save that data! It is EVIDENCE. I'd seal and protect it, yes, and not touch it again until providing it as evidence to proper authorities. Because on the other end- it only takes a few keystrokes to make it all go poof. Then it is big corp word against little person word, and we all know how well that works.

      If protecting evidence is now illegal, then we have no justice system.

      I am much too liberal to be a Democrat.

      by WiseFerret on Fri Nov 16, 2012 at 10:54:23 AM PST

      [ Parent ]

      •  It depends on what the crime is though (2+ / 0-)
        Recommended by:
        rja, WiseFerret

        If I stole millions of dollars I'd do my best to hide those assets, not report them as earnings on my 1040. And if I got caught I sure as hell couldn't say, "I was only doing it to prove it could be done!"

        The only evidence he needed to preserve was that he could call the API and return clear text for anyone, not the actual clear text. The program he wrote to do just that would be all the evidence needed. It would've then been tested in court, under approved circumstances, and no crime would've been committed.

        As G2 points out, even though he committed an illegal act and doing so knowingly he may be able to argue the case that he was doing a public service. You might not have heard about this case but Pete Townshend was arrested for having child pornography on his computer. He claimed, and was able to show to a court's sastifaction, he was doing it to track down and expose the purveyors of child pornography.

        To me progress is not so much a goal as it is a process and I believe it will not follow a straight course. Remember, the drops of water that form the river may not take the shortest path but they will still reach the ocean.

        by ontheleftcoast on Fri Nov 16, 2012 at 11:04:47 AM PST

        [ Parent ]

  •  I never liked weev (0+ / 0-)

    He's got that abrasive personality that you'd expect from someone who just knows they have one up on everyone else in the room, and for the most part he's pretty justified in that.

    However, he's always gone out of his way to ensure that he's the biggest asshole walking, has very few scruples when it comes to interpersonal relationships, and had (and possibly still has) a massive drug problem.

    Still, for all of that, he's damn good at what he does.

    •  I can't argue a single thing you've said (0+ / 0-)

      But actually have seen him not be an asshole at times, but I promised him I wouldn't reveal that to anybody.

      •  I'm sure its happened (2+ / 0-)
        Recommended by:
        TBTM Julie, eyesoars

        It always seemed to me that his asshole personality was affected, as if he were actually a pretty descent person fighting as hard as they could to be the nastiest guy around.

        Hell, I'm also sure that there are some people out there who think he hung the moon and get to see a side of him that's pretty awesome.

        Neither here nor there though.

        I really hope that he beats the charges from AT&T, because as much as I think he's a raging cock, he did exactly what a good security engineer is supposed to do, and these charges are simply retaliatory.

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site