Saturday, November 01, 2014


Tangled Web

The Lawyer Who Defends Anonymous

A man wearing a trademark Anonymous mask takes part in an opposition rally in St.Petersburg.
A man wearing a trademark Anonymous mask takes part in an opposition rally in St.Petersburg.
As a lawyer not particularly immersed in the technology world, Jay Leiderman first became interested in the hacker collective Anonymous around December 2010. That was when Anonymous activists launched distributed denial of service attacks (DDoS) against Mastercard and PayPal, who stopped processing donations to WikiLeaks.

Since then, he has represented a number of high-profile hackers, including Commander X, who is on the run from the FBI for a DDoS attack on a county website in Santa Cruz, California, to protest a ban on public sleeping, and Raynaldo Rivera, a suspected hacker from LulzSec who is accused of stealing information from Sony computer systems.

Both Commander X and Rivera could face up to 15 years in prison.
 
Leiderman, who represents many of his hacker clients pro bono, argues that the law should be changed on DDoS.

In an interview I conducted with Leiderman recently, he told me why slapping teenaged hackers with harsh prison sentences is counterproductive.
 
Luke Allnutt: How did you first become involved with representing Anonymous?
 
Jay Leiderman:
The politics of it spoke to me and the fact that it was a newly emerging area of law really spoke to me. My partner and I do a lot of medical marijuana law. Primary among the reasons that we do that are that it's new and emerging so we can help shape the way that the law ultimately fits society. And because we believe in the politics behind it. And it's the exact same with Anonymous.
 
We have an opportunity here to make the courts, as these cases wind their way up, understand privacy issues, emerging tech issues, against the backdrop of civil rights and through the prism of free information. And that was something that was just an amazing opportunity for me and something that still engages me as I continue to take on these cases.
 
Allnutt: You've said about DDoS attacks that "they are the equivalent of occupying the Woolworth's lunch counter during the civil rights movement," but under U.S. law DDoS attacks are illegal. Do you think the law should be changed?
 
Leiderman
: Oh, absolutely. Keep in mind that I didn't say that in an unqualified manner about DDoS. If you were knocking someone's front page offline to ultimately rape their servers and take credit-card information and things like that, that's not speech in the classic sense. When you look at Commander X's DDoS, what he was accused of in Santa Cruz, or with [the] PayPal [protests], these are really perfect examples. And very rarely in law do we have perfect examples.
 
Take PayPal for example, just like Woolworth's, people went to PayPal and said, I want to give a donation to WikiLeaks. In Woolworth's they said, all I want to do is buy lunch, pay for my lunch, and then I'll leave. People said I want to give a donation to WikiLeaks, I'll take up my bandwidth to do that, then I'll leave, you'll make money, I'll feel fulfilled, everyone's fulfilled. PayPal will take donations for the Ku Klux Klan, other racists and questionable organizations, but they won't process donations for WikiLeaks. All the PayPal protesters did was take up some bandwidth. In that sense, DDoS is absolutely speech, it should absolutely be recognized as such, protected as such, and the law should be changed.
 
Allnutt: But say that I had a rival law practice across town from you and I was perhaps a bigger more powerful rival with more money and perhaps I wanted to down your website every single day. Isn't that just the equivalent of me just going outside and spray painting and taking down your sign every day and preventing customers from coming to you?
Jay LeidermanJay Leiderman
x
Jay Leiderman
Jay Leiderman

Leiderman: But both of those actions would be illegal in the abstract. Taking down my sign or vandalizing it would be a graffiti or vandalism type charge whereas repeatedly DDoSing my site would be similar in method and manner to that. It's why you have to be careful with the speech. What you have with PayPal, it's a pure form of speech -- it was a limited and qualified thing like Woolworth's. African-Americans went into Woolworth's and said, I want lunch, feed me lunch, I will eat it, pay for it, and leave. Same with PayPal.
 
Santa Cruz perhaps provides a more compelling case on that because Santa Cruz was about literally petitioning the government for a redress of grievances. Santa Cruz wanted to essentially criminalize -- or did criminalize -- homeless people sleeping in public without qualification. And the city council wouldn't listen, the police wouldn't listen, no one would listen. People regularly die from exposure, because they can't find safe and secure places to sleep in the community. Therefore getting your government's attention in that manner should not be something that the U.S. government is interested in criminalizing and spending resources to prosecute. So in those regards, it's different from the examples you gave, where I would be under perpetual DDoS.
 
Allnutt: So you're not saying decriminalize DDoS per se, but perhaps it's the way that DDoS is used and other legal factors would come into play there.
 
Leiderman:
Here's what we conceived in terms of the DDoS. The government and people who write about tech tend to call it a "DDoS attack" but in certain circumstances it's not a DDoS attack, but a DDoS protest. So the law should be narrowly drawn and what needs to be excised from that are the legitimate protests. It's really easy to tell legitimate protests, I think, and we should be broadly defining legitimate protests. The example you gave of the rival law firms, that's not protest activities or traditional free speech activities.
 
Allnutt: The argument has been made that the problem with some of the sentences for Anonymous/LulzSec members is that a lot of them are really just foot soldiers, naive, young, vulnerable kids, who perhaps get into something over their heads. And they're not skilled hackers who are trying to bring down the U.S. government and they don't deserve long jail terms . Would you agree with that?
 
Leiderman:
Absolutely, that's probably one of the most often-repeated and truest things about a lot of these Anonymous members is that they're not these ill-intentioned, misanthropes that really need to have the weight of the law come down on them. I agree with that 100 percent.
 
Allnutt: Who should the weight of the law come down on then? Should the weight of the law come down on the ringleaders who are behind these people?
 
Leiderman:
Sabu's cooperation [aside], he would be a good example of someone who's cruising for one of these eye-popping over-the-top sentences. [Editor's note: Sabu was a founder of LulzSec who was arrested in June 2011. It was revealed that he was an FBI informant.] He was a bit older, he had been involved in the hacking world for 10 or 15 years; he had a lot of prior Internet misdeeds. He was very skilled, or at least reasonably skilled, he had special skills. He was involved in other criminal activity, he was selling pounds of marijuana, which they didn’t charge him with. They dismissed those charges as part of his cooperation.
 
He was using his skills to commit credit-card fraud, without ideology, without politics behind it, without anything. He was literally stealing from people -- this was not a big, nameless, faceless corporation...There was no ideology behind him stealing credit-card numbers from Mr. and Mrs. Smith…. He was recruiting people actively into LulzSec. One of the allegations in the case I'm handling [Raynaldo Rivera] is that Sabu recruited my client based upon my client's skill, through another member of LulzSec, an intermediary.
 
Sabu was unquestionably the leader of LulzSec. When you read through the reports, as I have, it's very clear that Sabu was giving orders, pressuring people to "get their hands dirty." … It was Sony Pictures and the databases were organized via movie sweepstakes -- names and password that were ultimately dumped on the Internet -- and Sabu made individual people go in there and do individual databases so everyone had their hands dirty so that he could exert more control and get them to do more. He had importuned them to criminality. […]
 
He's looking at 124 years so that’s obviously beyond ludicrous. But if Sabu were to get a decade or something, that [could be] a sentence for someone like him with a really malignant heart. But for someone like Rivera and the typical member of Anonymous, no, those sentences simply don’t fit and for the most part I don't believe they should be going to jail . A lot of these kids -- and most of them are kids -- don’t understand the criminal consequences here and could be rehabilitated; scared straight without a jail sentence. There are other things that we could do to them to make them understand that this is in fact illegal and not the way to express yourselves politically.
 
Allnutt: If we are not talking about harsh prison sentences, how should society respond to rehabilitate those hackers?
 
Leiderman:
I really think this is a situation where a lot of these people are really scared of the consequences once they understand them. Usually someone like that, a criminal conviction in and of itself is a terrible black mark on someone's record now. It becomes difficult to get a job. If you're a person with computer skills, it becomes difficult to get computer clearances to be able to work your way up in a lot of these areas. So simply the conviction alone gets the message across, a probationary period where they're being monitored or checked in on, some community-type service, working with the community in a productive manner. All sorts of creative punishments like those that are available and at the government's disposal
 
Allnutt: Do you think denying them access to the Internet is useful?
 
Leiderman:
In some cases it might be useful and appropriate. You really have to look at the offense and the offender. If someone's really unhealthy in their Internet use, it may not be a bad thing to look at them and say, a year, 18 months, two years, let's see how you do without Internet in your life except work and school. That may well be a very good and healthy thing for some people, but you have to look at the offense and the offender before saying we should just yank this person's Internet privileges.
 
Allnutt: You don't think there's a purpose to passing harsh prison sentences in that it sends a message and acts as a deterrent to any potential offenders?
 
Leiderman:
I don't necessarily think that message gets received by this population which are exclusively naive, not legally savvy, fairly young first-time offenders. That's not a population who can really understand in a practical sense that if you do this, you're going to get a harsh prison sentence. In some of their minds, it almost may be worse, to take away Internet use or modify their behavior in some ways as it so violently changes how their life ordinarily progresses .
 
Allnutt: Are there any Anons you wouldn't represent?
 
Leiderman:
It depends. I've been asked that question before and I struggle with it and here's why. I don't have to like or agree with the people that I represent to represent them. I have represented neo-Nazis and I'm Jewish. I've been assigned them when I was a public defender and it never really occurred to me until someone asked me, how do you feel about representing this skinhead and I said, you know, I didn't think about it.

Everyone is entitled to a defense and the more reprehensible they are and maybe the more guilty they seem at the beginning of the case makes them more entitled to a vigorous and hard-hitting defense. So I don't necessarily know that there's someone I wouldn't represent based upon what they did or based upon their politics. I wouldn't go ahead and represent someone whose views I didn't agree with pro bono. I'm not going to spend my time and energy that way. [..] Certainly there are many people I wouldn't represent pro bono.
 
Allnutt: Would you represent Sabu pro bono?
 
Leiderman:
No. The damage he did by turning so completely on people he used to call his brother [was considerable]. People who cooperate, throw someone else into harm's way so they can soften the blow on themselves, I tend not to represent. For those reasons, I wouldn't represent Sabu at all. […] He hurt a lot of people and he did it to save his own skin and he hurt a lot of people worse than they would otherwise be hurt.
This forum has been closed.
Comment Sorting
Comments
     
by: Catherine Fitzpatrick from: New York
October 06, 2012 04:37
I don't understand what keeps drawing you -- out of all the free speech problems on the Internet, particularly in the RFE/RL foreign broadcast areas, to whitewashing and minimizing the crimes of Anonymous. Why? This is just law-faring for a political agenda, not real justice. And these *are* crimes, and these hackers are all right where they need to be right now when they commit these crimes -- indicted, in pre-trial detention or serving sentences.

The DDOS is not anything like the lunch counter protests because the attacks taking down sites for hours or days are blanket, coercive, and cause harm and loss of property, money and sometimes even data. Millions can be spent cleaning them up.

The people at the lunch counters entered the store quietly, made purchases to show their good intent, and sat quietly at lunch counters that wouldn't serve them. They didn't wreck anything or cause damage or block the aisles. They didn't put gags on the people behind the lunch counters and prevent them from speaking or serving at their counter. They didn't bother the other patrons who may or may not have agreed with them.

All of those things explain how the DDOS is not like a peaceful protest. It is violent, destructive, and takes away others' rights. No one could read Stratfor content and Stratfor couldn't send it out for days on end; Sony was immeasurably harmed. It doesn't matter if YOU think this damage is minimal, or if you think this somehow "helps" companies strengthen their security, it is a violent and criminal act and rightly prosecuted.

The other thing that is really disgraceful is trying to compare credit card moneys refusing to take donations to WikiLeaks with their ostensible illegality in taking KKK money. Credit card companies do not take money for illegal operations, like gambling in the US. Unless you can show the KKK, as reprehensible as it is, is actually doing some illegal act, and not engaging in legal free speech and association, you don't have a case. And if you REAAALY want to make the case for policing immorality, then you'll also have to make the case for intrusive inspection of content AND for some set of criteria as to how companies are to decide which of their patrons are "worthy" of service. Ready to do that, guys?

by: Catherine Fitzpatrick from: New York
October 06, 2012 04:38
part 2

Meanwhile, the documents WikiLeaks possesses ARE STOLEN. Of that there is no reasonable doubt. Under the TOS of Amazon, you have to warrant the docs are your own, and they do not store documents/content that are stolen -- full stop. Trying to dance around that cold, hard fact of criminality is completely unconvincing and lets us know where the moral slide begins. It doesn't matter if you don't think these documents shouldn't be secret -- they were, they are classified, and they were stolen. It doesn't matter if you think you had a higher aim of whisteblowing -- there is much to show that *isn't* the case of the anarchists' collective of WikiLeaks, which has a decidedly "worse the better" Leninist method.

Imagine, even while mentioning credit card theft in passing, Mr. Civil Rights Attorney seems to be more unwilling to defend Sabu because he turned on his comrades than anything else. The people Sabu hurt aren't just those companies bilked out of car parts from his credit card scam, and not his comrades, but the public, with his hacks, destruction of property, suppression of other people's rights on sites like Sony or Strafor. Thousands of people had their privacy destroyed and had their accounts hacked and used to buy online games or donate to charities they didn't wish to donate -- which cause those charities money to reverse the charges.

Civil rights -- privacy, integrity, free speech, freedom of association -- these all must be served in fact by prosecuting the destructive hackers that violate them for millions of others, instead of making up fake hypotheticals about "emerging law" on the privacy only of the hackers.

Sony -- after the damage to Japan of the tsunami! -- faced over a hundred million dollars of damage to their business because of the vengeful Anonymous/LulzSec/goons hack. And all because Sony wouldn't let the little darlings play the machines the way they wanted to for free.



About This Blog



Written by Luke Allnutt, Tangled Web focuses on the smart ways people in closed societies are using social media, mobile phones, and the Internet to circumvent their governments and the efforts of less-than-democratic governments to control the web. 
Partner Media

No records found for this widget:17474

Whistleblowing Survey

Griffith University and the University of Melbourne are running an international survey about attitudes to whistleblowing. The survey is anonymous and anyone can take part, not just whistleblowers. We invite you to participate in the World Online Whistleblowing Survey.