Monday, February 26, 2007

Vigilante Hacker's Evidence Puts Judge Behind Bars - Technology News by InformationWeek

Read the story, but here's a short summary: A judge in Cali was sentenced for possession of child pornography.  The prime mover in this case was a hacker who let loose a Trojan on the judge's computers and found the evidence that was used to garner the guilty plea.

I'm not sure whether to be scared or not here.  Vigilantes with time on their hands, an axe to grind, and some coding skills rooting around in my machine for contraband?  While I agree that the hacker was not acting on behalf of the government and therefore did not violate the Fourth Amendment, that line can get really blurry really quick.  Let's say the evidence found pointed to a victimless crime (drug usage, prostitution, etc), something that is defined as illegal, but has no victim other than the amorphous "society".  At what point can any hacker-vigilante say he's not an agent of the government?  If you drink the government Kool-Aid, decide to be a vigilante P-I, and follow only your muse to the criminals that turn you on, the only thing missing from a Fourth Amendment violation is a prior government blessing.

And by not prosecuting the hacker (they've already found and ID'd him - Brian Willman in Canada), they're setting a very bad precedent.  As mentioned in the article, the tacit approval given opens the door for anyone to do the same thing for any reason as long as the evidence found leads to a conviction.  And while a U.S. Attorney has admonished people with a variation of "Don't try this at home, kids", that carries zero weight - we've already erased the old line and now have to figure out where to draw it again.  Until the new line is drawn, there will be people trying to push it further and further away from due process and privacy concerns, and closer to a Machiavellian "ends-justifies-the-means" interpretation of illegal activity.

Brad Willman, the hacker in this case, needs to be brought up on charges - let him argue and negotiate and plea-bargain, but he needs to be charged go through the process he set the judge up for.  We go after hackers and pirates in other countries all the time - why can't we go to Canada to get this guy?  And no, I don't care that he did us all a service (I agree he did, but that's no the point) - the next guy caught in this kind of net may be only a political subversive, or maybe just unpopular.  Why does Willman get to decide who has fingers pointed at them?

And in case you're still on the fence, pose the question differently - what if Willman had broken into your home, rummaged around while you weren't home looking for "contraband", and then setup hidden cameras so he could do so whenever he wanted to?  His Trojan did exactly that in the judge's computer.  Now ask yourself if you want your busy-body neighbor to be able to do the same, and it's all OK as long as they find something to charge you with.

OK, now I'm scared.

Link to Vigilante Hacker's Evidence Puts Judge Behind Bars - Technology News by InformationWeek

No comments: