"...are suggesting that to share information online is the same as possessing it or even stealing it."
I find the choice of the verb "steal" rather bizarre, particularly given the slant of this article. If leaking information is theft, then the New York Times is a frequent recipient and trafficker of stolen goods. I'm not necessarily criticizing their decision to steal the Pentagon Papers, but I think it would be cool if they returned them.
If the information can be considered newsworthy then there are several legal protections that kick in that make getting convictions difficult and the government isn't likely to bother. Especially if it would hurt the mutually beneficial relationship between government and the news media.
Brown has done things that put him outside of mainstream news media, many of these actions were quite illegal. He's not in trouble for sharing leaked documents. He's in trouble for sharing credit card numbers and information that can be used for identity theft. I'm pretty sure that type of information is not newsworthy and not for sharing.
If he had scrubbed that information then I would imagine there wouldn't be an issue. That and stop threatening FBI agents.
I was surprised to see Aaron Swartz's name not mentioned once...the parallels between Brown's and Swartz's cases -- at least in the post-indictment phase and the seemingly disproportionate charges -- are hard to ignore.
Ridiculous max sentences which almost never happen do not work well together with plea bargains.
I get why people are concerned with plea bargains, but I don't understand why people think that defense attorneys are not familiar with the concept of federal sentencing guidelines. Even a public defender (especially a public defender?) should be able to explain the basics of sentencing to their client when their client is considering a plea.
Really?
http://www.righto.com/2013/09/9-hacker-news-comments-im-tire...
http://freebarrettbrown.org/fundraising-drive/
I don't know how far they've gotten in the meantime, but I'm happy to see this issue getting more attention.
Meanwhile, the new Project PM website --wiki.project-pm.org-- appears to be back up! I'm hoping to do some cross-referencing of the various releases of the past few years. See if anything has been missed or passed over.
Saying that the Feds are charging Barrett for the crime of "posting a URL" is like saying that the Norwegian police would be charging Breivik for "pulling a metal lever" hundreds of times. I mean sure, he did that, but that's not what the claimed "crime" is.
Imagine a guy gets passed the key to a storage locker by his friends, and is told that the storage locker holds stolen trade secrets, credit cards, etc. This guy had nothing to do with the theft itself, but he knows about it.
Let's say further that this guy duplicates the key and mails it to a gang to do with as they will. If providing that gang access to that locker is illegal then homeboy here has certainly "aided & abetted" in that behavior, even though he did nothing more himself than a) duplicating a key (normally legal) and b) using the mail (normally legal).
The author brings up the point that newspapers have to deal with this issue, but it's not really as much of an "issue" for them at all, as being passed classified data is not inherently illegal, and newspapers still make an effort to avoid printing information which would be dangerous if publically-available. Even the NYT/Guardian's recent reporting about NSA capabilities with regard to crypto didn't spill all the beans, and what links were posted by the newspapers were to documents that the newspapers screened for safety instead of a link to "all the goods".
But certainly the papers wouldn't publish credit card numbers of victims of an identity theft scheme, would they?
Likewise our intrepid, noble and completely objective storywriter uses the maximum legally-possible sentence as a FUD factor without so much as a single reference to the sentencing guidelines which would be used to determine an actual eventual sentence.
There is a question to be asked here: Should these types of forcibly-exfiltrated secrets have any special inherent legal protection? If no, then posting a link to that data should be fine (assuming no other legal protection category applies). If yes, then posting a link to protected data would certainly be a no-no.
The answer isn't obviously "no" either, by the way, otherwise our current protections against identity theft could hardly apply, not to mention the Privacy Act of 1974, medical record protections, etc. But it deserves a better answer than what we have now, which seems to be "throw whatever vague law might fit at it".
Because if not, then given the crimes he's been charged with (aside from those related to the threatening the FBI agent, of course), he doesn't have the mens rea to warrant a conviction, to my — IANAL — understanding.
(There's, I think, a further question in terms of whether or not, and to what extent, posting the URL to a chatroom intended presumably for the internal communications and coordination of Project PM counts as publishing them, but that's irrelevant to his mens rea.)
I can imagine, but it's not what happened. LulzSec shotgunned the release out onto the web, where everyone picked it up, not just Brown.
>Let's say further that this guy duplicates the key and mails it to a gang to do with as they will. If providing that gang access to that locker is illegal then homeboy here has certainly "aided & abetted" in that behavior,...
It isn't illegal. LulzSec is responsible for the release. Specifically, Jeremy Hammond has been charged and convicted with the actual crime of hacking into Stratfor and releasing the material. He was facing a life sentence and received 10 years and 2.5 million dollars in restitution upon pleading guilty. The liklihood that he could ever get that restitution dropped, via bankruptcy or other means, is minimal. Financially, he has effectively been given a life sentence. Brown no more aided and abetted anyone than Cryptome or any of the other numerous actors that linked to and received the link or, heaven forbid, downloaded the material, and yet Brown is facing punishment of similar magnitude to the guy who actually committed the crime.
>Likewise our intrepid, noble and completely objective storywriter uses the maximum legally-possible sentence as a FUD factor without so much as a single reference to the sentencing guidelines which would be used to determine an actual eventual sentence.
What typically happens is irrelevant. It shouldn't be possible for someone like Hammond to face life in prison, or Manning to face the death penalty, or Brown to face 105 years at all. To make that possible is to make a "lighter" sentence of 10 years for Hammond (and 2.5 million dollars), or 35 years for Manning, or 5 years for Brown, seem graciously reasonable. The constant whiny poo-pooing that "they won't really get that much," and cheeky linking to blog posts intended to inform the uninformed masses about the federal sentencing guidelines, is nothing more than noise. It truly intends to give an appearance of solidity to pure wind.
>There is a question to be asked here: Should these types of forcibly-exfiltrated secrets have any special inherent legal protection?
>The answer isn't obviously "no" either, by the way, otherwise our current protections against identity theft could hardly apply, not to mention the Privacy Act of 1974, medical record protections, etc.
It really is an obvious "no." Hacking into customer databases and pilfering the contents is a crime. A crime that has been tried in court with the accused convicted and serving time in prison. Once information is out in the clear, it makes absolutely zero sense to try and claim some sort of retroactive "special inherent legal protection." The protection already exists, with punishment for its violation. The crime is for putting documents into the clear, not propagating them, no matter their contents.
==========================================
http://cryptome.org/0005/stratfor-hack.htm
|
|->http://pastebin.com/f7jYf5Wd
|
|->http://ibhg35kgdvnb7jvw.onion/lulzxmas/stratfor_full.tar.gz
This goes back to what I was saying about advocates being near to dishonesty, by the way. You probably read at some point Manning was facing the death penalty, and despite having years and years to correct your initial misperception, you continue to not only remember that incorrectly, but to parrot it as truth.
> Once information is out in the clear, it makes absolutely zero sense to try and claim some sort of retroactive "special inherent legal protection."
When Barrett pasted that link, was that information already publically available? I don't mean "a URL one could theoretically have wardialed"... did all the others in that IRC chat room already have that data, or did they not?
If that data were already out in public and he was simply referencing it I'd probably agree with your interpretation in this case. But if that data were 'news' to the rest of the chat room then it seems that 'hacking and pilfering' would apply, except that no hacking was needed in this case.
But either way involvement in criminal enterprises has always been itself a crime, to avoid diversion of responsibility in the way you would allow.
E.g. a bank robbery, the guy driving the getaway car gets in trouble too even though driving a car isn't illegal, otherwise you could split up your criminal ring in a kind of 'process separation' scheme and have only a few take the risk of the actual crime while the rest aid as much as they can with normally-legal activity.
Manning was charged with "aiding the enemy". This is a capital crime, and while prosecutors stated they would not "recommend" the death penalty, they do not determine sentencing and the military judge could have ignored their recommendation were Manning found guilty.
It entirely true that Manning faced the death penalty.
Yes. He did. He was charged with the capital offense of aiding the enemy. And yes. I know that the prosecution declined to seek the death penalty. And that the trial did not begin with the required paperwork to do so.
>This goes back to what I was saying about advocates being near to dishonesty, by the way. You probably read at some point Manning was facing the death penalty, and despite having years and years to correct your initial misperception, you continue to not only remember that incorrectly, but to parrot it as truth.
The prosecution declined to seek the death penalty. Instead, they ultimately asked for 60 years. Now, the distinction between being lethally injected and left to rot for 60 years is minimal in my mind (and the injection seems almost preferable), but there's nothing dishonest or near dishonest about the fact that Manning faced the death penalty. It was the (surely merciful) prosecution that had the choice and declined to fill out the necessary paper work. Every day prior to their decision to merely seek an effectively life-long prison sentence, rather than an immediate execution, was a day Manning spent uncertain even of whether he would be executed or not, much less whether he'd spend the remainder of his life in a six by eight foot cage.
I am not remembering anything incorrectly. I'm merely refusing to let misconceptions spawned from paralegal pedantry trump justice.
>When Barrett pasted that link, was that information already publically available?
Yes. The entire debacle was already blowing up between Christmas Eve and Christmas Day on 2011. Stratfor itself was aware of the problem on Christmas Eve and alerting its subscriber base to the breach and what they were doing about it. Dozens of people were reporting about this "on or about December 25 2011" as the indictment describes, when it lists "http://wikisend.com/download/597646/stratfor_full_b.txt.gz" as the link that got Brown in trouble when he copy-pasted it from #AnonOps to #projectpm and in so doing, in the eyes of the indictment, became guilty of aiding and abetting in charges relating to "Traffic in Stolen Authentication Features," "Access Device Fraud," and "Aggravated Indentity Theft." (indictment: http://freebarrettbrown.org/files/bb_indictment2.pdf). Take a look at the various reports from December 24 2011 to December 25 2011 to the query "stratfor hack" on Google:
(google query: http://www.google.com/search?q=stratfor+hack&tbs=cdr%3A1%2Cc...)
>did all the others in that IRC chat room already have that data, or did they not?
>But if that data were 'news' to the rest of the chat room then it seems that 'hacking and pilfering' would apply, except that no hacking was needed in this case.
How so? The standard is not whether it's "news" to whoever is listening, be they readers of a newspaper or users in an IRC channel. That's like saying that I'm aiding and abetting Snowden's release of the NSA files because, before Snowden, Greenwald, Poitras et alia released the materials, I was unaware of their existence.
>But either way involvement in criminal enterprises has always been itself a crime, to avoid diversion of responsibility in the way you would allow.
There is no "diversion of responsibility" taking place here. Those responsible for the initial hack into stratfor have already been tried and convicted. Hammond was also involved in utilizing the credit card data to lodge donations to various entities, along with other "co-conspirators" that the FBI presumably has yet to identify. And are we also forgetting that the FBI was complicit in this whole charade with Stratfor? Sabu was already their man at this point, and when Hammond approached Sabu about vulnerabilities in Stratfor's infrastructure, the FBI set up their own servers with which to store the information that was to be exfiltrated! Hell, according to the FBI's own press release, Hammond and Co. were responsible for the initial leak of information:
"HAMMOND and his co-conspirators also publicly disclosed some of the confidential information they had stolen."
(press release: http://www.fbi.gov/newyork/press-releases/2012/six-hackers-i...)
Is Brown to be considered a co-conspirator for talking about something that dozens if not hundreds or even thousands of others were also talking about at the same time? The indictment's line of reasoning swallows itself whole: who's going to indict those responsible for listing the link in the indictment? Or those who link to the indictment? Or host it? Is anyone going to go after the FBI for knowingly and willingly permitting the breach and release of materials belonging to a protected corporation of the United States that thereby caused undue economic distress to said corporation?
How about inciting a lynch mob (you know, the kind that hang 'uppity' persons off of trees)? It's just speech, right?
Telling everyone an applicant has HIV is disgustingly immoral but I don't know if/why you should be barred from doing it. That's a much better question than the lynch mob.
Pasting a link to the stratfor archive - content that was already available in lots of places - does not do measurable harm to anyone. The idiots at Stratfor who stored CC information without proper security, or the people who leaked that information without paying attention, are the ones who did harm. Once that information was out there on the internet, no single link was going to magnify or increase the magnitude of that disclosure.
I would point out that the charge itself doesn't have a problem with the link per se, as much as the data located at the link. If the link pointed to something completely innocuous (such as Wikipedia's front page) then even our overbearing prosecutor here would be laughed out of the courtroom if he tried filing charges.
So the take away from this is security by obscurity is now officially protected by law and linking to leaked information is illegal according to the government.
My America how far you have fallen.