[mpyne]

These types of articles are depressing to me because they mask what could be a good moral and legal question behind claims which border on dishonest.

Saying that the Feds are charging Barrett for the crime of "posting a URL" is like saying that the Norwegian police would be charging Breivik for "pulling a metal lever" hundreds of times. I mean sure, he did that, but that's not what the claimed "crime" is.

Imagine a guy gets passed the key to a storage locker by his friends, and is told that the storage locker holds stolen trade secrets, credit cards, etc. This guy had nothing to do with the theft itself, but he knows about it.

Let's say further that this guy duplicates the key and mails it to a gang to do with as they will. If providing that gang access to that locker is illegal then homeboy here has certainly "aided & abetted" in that behavior, even though he did nothing more himself than a) duplicating a key (normally legal) and b) using the mail (normally legal).

The author brings up the point that newspapers have to deal with this issue, but it's not really as much of an "issue" for them at all, as being passed classified data is not inherently illegal, and newspapers still make an effort to avoid printing information which would be dangerous if publically-available. Even the NYT/Guardian's recent reporting about NSA capabilities with regard to crypto didn't spill all the beans, and what links were posted by the newspapers were to documents that the newspapers screened for safety instead of a link to "all the goods".

But certainly the papers wouldn't publish credit card numbers of victims of an identity theft scheme, would they?

Likewise our intrepid, noble and completely objective storywriter uses the maximum legally-possible sentence as a FUD factor without so much as a single reference to the sentencing guidelines which would be used to determine an actual eventual sentence.

There is a question to be asked here: Should these types of forcibly-exfiltrated secrets have any special inherent legal protection? If no, then posting a link to that data should be fine (assuming no other legal protection category applies). If yes, then posting a link to protected data would certainly be a no-no.

The answer isn't obviously "no" either, by the way, otherwise our current protections against identity theft could hardly apply, not to mention the Privacy Act of 1974, medical record protections, etc. But it deserves a better answer than what we have now, which seems to be "throw whatever vague law might fit at it".

[rosser]

The relevance of your analogy of a storage locker filled with trade secrets hinges on a crucial question: Did Brown have specific knowledge that the file dump contained credit card numbers, and if so, was his intent in posting the link to the chatroom to disseminate those credit card numbers for the purpose of furthering identity theft?

Because if not, then given the crimes he's been charged with (aside from those related to the threatening the FBI agent, of course), he doesn't have the mens rea to warrant a conviction, to my — IANAL — understanding.

(There's, I think, a further question in terms of whether or not, and to what extent, posting the URL to a chatroom intended presumably for the internal communications and coordination of Project PM counts as publishing them, but that's irrelevant to his mens rea.)

[mpyne]

I forget the fancy legalese for it, but some crimes do not require mens rea (or have a lesser charge for an action without the required mens rea). I'm not sure if that applies to the data in question in this case though, but it's a great point to consider for the general question.

[pja]

"Strict liability" is the term of art I think.

[aspensmonster]

>Imagine a guy gets passed the key to a storage locker by his friends, and is told that the storage locker holds stolen trade secrets, credit cards, etc. This guy had nothing to do with the theft itself, but he knows about it.

I can imagine, but it's not what happened. LulzSec shotgunned the release out onto the web, where everyone picked it up, not just Brown.

>Let's say further that this guy duplicates the key and mails it to a gang to do with as they will. If providing that gang access to that locker is illegal then homeboy here has certainly "aided & abetted" in that behavior,...

It isn't illegal. LulzSec is responsible for the release. Specifically, Jeremy Hammond has been charged and convicted with the actual crime of hacking into Stratfor and releasing the material. He was facing a life sentence and received 10 years and 2.5 million dollars in restitution upon pleading guilty. The liklihood that he could ever get that restitution dropped, via bankruptcy or other means, is minimal. Financially, he has effectively been given a life sentence. Brown no more aided and abetted anyone than Cryptome or any of the other numerous actors that linked to and received the link or, heaven forbid, downloaded the material, and yet Brown is facing punishment of similar magnitude to the guy who actually committed the crime.

>Likewise our intrepid, noble and completely objective storywriter uses the maximum legally-possible sentence as a FUD factor without so much as a single reference to the sentencing guidelines which would be used to determine an actual eventual sentence.

What typically happens is irrelevant. It shouldn't be possible for someone like Hammond to face life in prison, or Manning to face the death penalty, or Brown to face 105 years at all. To make that possible is to make a "lighter" sentence of 10 years for Hammond (and 2.5 million dollars), or 35 years for Manning, or 5 years for Brown, seem graciously reasonable. The constant whiny poo-pooing that "they won't really get that much," and cheeky linking to blog posts intended to inform the uninformed masses about the federal sentencing guidelines, is nothing more than noise. It truly intends to give an appearance of solidity to pure wind.

>There is a question to be asked here: Should these types of forcibly-exfiltrated secrets have any special inherent legal protection?

>The answer isn't obviously "no" either, by the way, otherwise our current protections against identity theft could hardly apply, not to mention the Privacy Act of 1974, medical record protections, etc.

It really is an obvious "no." Hacking into customer databases and pilfering the contents is a crime. A crime that has been tried in court with the accused convicted and serving time in prison. Once information is out in the clear, it makes absolutely zero sense to try and claim some sort of retroactive "special inherent legal protection." The protection already exists, with punishment for its violation. The crime is for putting documents into the clear, not propagating them, no matter their contents.

==========================================

http://cryptome.org/0005/stratfor-hack.htm

|

|->http://pastebin.com/f7jYf5Wd

   |

   |->http://ibhg35kgdvnb7jvw.onion/lulzxmas/stratfor_full.tar.gz

Do I get N decades in prison for that? Do I get N months for that? N days? If my sentence is anything other than "0 days" and "absolutely no harassment" then justice has not been upheld.

[mpyne]

Manning never faced the death penalty. Not for a single day.

This goes back to what I was saying about advocates being near to dishonesty, by the way. You probably read at some point Manning was facing the death penalty, and despite having years and years to correct your initial misperception, you continue to not only remember that incorrectly, but to parrot it as truth.

> Once information is out in the clear, it makes absolutely zero sense to try and claim some sort of retroactive "special inherent legal protection."

When Barrett pasted that link, was that information already publically available? I don't mean "a URL one could theoretically have wardialed"... did all the others in that IRC chat room already have that data, or did they not?

If that data were already out in public and he was simply referencing it I'd probably agree with your interpretation in this case. But if that data were 'news' to the rest of the chat room then it seems that 'hacking and pilfering' would apply, except that no hacking was needed in this case.

But either way involvement in criminal enterprises has always been itself a crime, to avoid diversion of responsibility in the way you would allow.

E.g. a bank robbery, the guy driving the getaway car gets in trouble too even though driving a car isn't illegal, otherwise you could split up your criminal ring in a kind of 'process separation' scheme and have only a few take the risk of the actual crime while the rest aid as much as they can with normally-legal activity.

[trevelyan]

> You probably read at some point Manning was facing the death penalty, and despite having years and years to correct your initial misperception....

Manning was charged with "aiding the enemy". This is a capital crime, and while prosecutors stated they would not "recommend" the death penalty, they do not determine sentencing and the military judge could have ignored their recommendation were Manning found guilty.

It entirely true that Manning faced the death penalty.

[mpyne]

> This is a capital crime, and while prosecutors stated they would not "recommend" the death penalty, they do not determine sentencing and the military judge could have ignored their recommendation were Manning found guilty

Go read the Manual for Court-Martial yourself. Specifically Rule 1004. Death penalty determinations must be made at the beginning of the trial (specifically, on both referral of charges and on arraignment). The judge doesn't get to enter a death penalty plea on behalf of a wary prosecution.

And, even in cases where the death penalty is on the table, the jury (not the judge) must unanimously agree with the sentence. There's a reason the military hasn't managed to execute anyone since the middle of the Cold War when the civilian system has been busy sending people to the executioner's chair.

What I can't figure out is how you're so convinced you're right based only on what seems to be an "educated layman's knowledge" (at best) of military law. I'd understand being confused by someone else, but I'm telling you the source material you need to go read and you're arguing instead of reading...

[trevelyan]

You're right. It was not referred as a capital case although it could have been. And I was not aware the judge did not have the leeway to override the prosecution as a result.

[aspensmonster]

>Manning never faced the death penalty. Not for a single day.

Yes. He did. He was charged with the capital offense of aiding the enemy. And yes. I know that the prosecution declined to seek the death penalty. And that the trial did not begin with the required paperwork to do so.

>This goes back to what I was saying about advocates being near to dishonesty, by the way. You probably read at some point Manning was facing the death penalty, and despite having years and years to correct your initial misperception, you continue to not only remember that incorrectly, but to parrot it as truth.

The prosecution declined to seek the death penalty. Instead, they ultimately asked for 60 years. Now, the distinction between being lethally injected and left to rot for 60 years is minimal in my mind (and the injection seems almost preferable), but there's nothing dishonest or near dishonest about the fact that Manning faced the death penalty. It was the (surely merciful) prosecution that had the choice and declined to fill out the necessary paper work. Every day prior to their decision to merely seek an effectively life-long prison sentence, rather than an immediate execution, was a day Manning spent uncertain even of whether he would be executed or not, much less whether he'd spend the remainder of his life in a six by eight foot cage.

I am not remembering anything incorrectly. I'm merely refusing to let misconceptions spawned from paralegal pedantry trump justice.

>When Barrett pasted that link, was that information already publically available?

Yes. The entire debacle was already blowing up between Christmas Eve and Christmas Day on 2011. Stratfor itself was aware of the problem on Christmas Eve and alerting its subscriber base to the breach and what they were doing about it. Dozens of people were reporting about this "on or about December 25 2011" as the indictment describes, when it lists "http://wikisend.com/download/597646/stratfor_full_b.txt.gz" as the link that got Brown in trouble when he copy-pasted it from #AnonOps to #projectpm and in so doing, in the eyes of the indictment, became guilty of aiding and abetting in charges relating to "Traffic in Stolen Authentication Features," "Access Device Fraud," and "Aggravated Indentity Theft." (indictment: http://freebarrettbrown.org/files/bb_indictment2.pdf). Take a look at the various reports from December 24 2011 to December 25 2011 to the query "stratfor hack" on Google:

(google query: http://www.google.com/search?q=stratfor+hack&tbs=cdr%3A1%2Cc...)

>did all the others in that IRC chat room already have that data, or did they not?

>But if that data were 'news' to the rest of the chat room then it seems that 'hacking and pilfering' would apply, except that no hacking was needed in this case.

How so? The standard is not whether it's "news" to whoever is listening, be they readers of a newspaper or users in an IRC channel. That's like saying that I'm aiding and abetting Snowden's release of the NSA files because, before Snowden, Greenwald, Poitras et alia released the materials, I was unaware of their existence.

>But either way involvement in criminal enterprises has always been itself a crime, to avoid diversion of responsibility in the way you would allow.

There is no "diversion of responsibility" taking place here. Those responsible for the initial hack into stratfor have already been tried and convicted. Hammond was also involved in utilizing the credit card data to lodge donations to various entities, along with other "co-conspirators" that the FBI presumably has yet to identify. And are we also forgetting that the FBI was complicit in this whole charade with Stratfor? Sabu was already their man at this point, and when Hammond approached Sabu about vulnerabilities in Stratfor's infrastructure, the FBI set up their own servers with which to store the information that was to be exfiltrated! Hell, according to the FBI's own press release, Hammond and Co. were responsible for the initial leak of information:

"HAMMOND and his co-conspirators also publicly disclosed some of the confidential information they had stolen."

(press release: http://www.fbi.gov/newyork/press-releases/2012/six-hackers-i...)

Is Brown to be considered a co-conspirator for talking about something that dozens if not hundreds or even thousands of others were also talking about at the same time? The indictment's line of reasoning swallows itself whole: who's going to indict those responsible for listing the link in the indictment? Or those who link to the indictment? Or host it? Is anyone going to go after the FBI for knowingly and willingly permitting the breach and release of materials belonging to a protected corporation of the United States that thereby caused undue economic distress to said corporation?

[mpyne]

The prosecution has to make it a capital case or not when they file formal charges. Until Manning was charged there was no way for a death penalty to be on the table, but the prosecution couldn't "pre-charge him" with a capital case and drop the death penalty the week after, it had to be at the same time. So no, not for a single day.

However if there was public awareness of the link itself (and its contents) at the time Barrett pasted the link then I would agree that it makes no sense to charge him with pointing out information that's already out there, as by then he's not the source or someone with involvement, but an observer.

[guelo]

Bullshit. Typing out http://some.website should never be a crime. Period. Look up the first amendment.

[rayiner]

Nobody is saying its a crime. But that doesn't mean it can't be a piece of a larger course of action that is itself a crime. Circumstances are not irrelevant.

[mpyne]

So if I should find out someone is HIV positive and looking for employment, I should be able to type out the preceding sentence to the HR departments of all prospective employers due to my First Amendment rights?

How about inciting a lynch mob (you know, the kind that hang 'uppity' persons off of trees)? It's just speech, right?

[reginaldjcooper]

Inciting a lynch mob is conspiracy to commit murder, so it's not a restriction on free speech that would prevent you from doing so.

Telling everyone an applicant has HIV is disgustingly immoral but I don't know if/why you should be barred from doing it. That's a much better question than the lynch mob.

[mpyne]

> Inciting a lynch mob is conspiracy to commit murder, so it's not a restriction on free speech that would prevent you from doing so.

On the contrary! The inciter doesn't explicitly call for the killing, rather they froth the crowd up into a frenzy by lies and emotion and then ask what that crowd is going to do about it... right about the time that a convenient victim from the "oppressor group" (Jews/blacks/etc.) comes into the scene.

http://en.wikipedia.org/wiki/United_States_free_speech_excep...

[kevingadd]

Discrimination of that type in hiring contexts is illegal already, IIRC.

[beedogs]

Jesus. What do either of those situations have to do with this case? (Spoiler: nothing at all.)

[mpyne]

There's a cute Churchill quote about hiring a prostitute, that seems to apply here.

In short, the comment implied that the First Amendment has an absolute and total protection of speech as a way of saying my larger point is ridiculous.

But speech doesn't enjoy total protection, even in the U.S. And most people would identify some category of thing that they simply wouldn't let people say about another, whether it's stuff like personal and private IM/emails, information useful for identity theft, financial information, etc.

Almost everyone has something that they would say the First Amendment doesn't protect. So now the question people should ask themselves is what kind of other speech would they say warrants no protection? They've already agreed to prostitute their absolute protection of speech, now they need only negotiate on the 'cost'.

[kevingadd]

Neither of those actions are 'just speech', quite in fact they are punishable through the existing legal framework and in neither case is the crime specifically the speech. The crime is what you use the speech to do, whether it is oppress someone, punish them, or bring harm to them.

Pasting a link to the stratfor archive - content that was already available in lots of places - does not do measurable harm to anyone. The idiots at Stratfor who stored CC information without proper security, or the people who leaked that information without paying attention, are the ones who did harm. Once that information was out there on the internet, no single link was going to magnify or increase the magnitude of that disclosure.

[comex]

While this is a reasonable opinion, the parent was responding to a claim that "typing out http://some.website should never be a crime. Period." Since the harm supposedly caused by pasting the link is contested, this was presumably meant to mean that the consequences of typing out a link should not be considered, so the parent was reasonable in rebutting it with that example.

[kevingadd]

My PoV is that the link itself IS irrelevant; you can just look at whether it inflicted harm to the owners of those credit cards, and in this case it obviously did not - the information was already available.

[mpyne]

Yeah, that's one of the things that would make pasting a link just fine in my opinion/analysis, is if that data were already publically-known (and not otherwise legally restricted somehow). I'm not diving into 40 pages of indictments to research again, court PDFs are driving me batty, but to the extent that information was already out there somehow I don't see justification for charging Barrett for simply pointing that out.