Blog Jay Leiderman Law

Hacktivist’s Advocate: Meet the Lawyer Who Defends Anonymous

 LUKE ALLNUTT OCT 3, 2012

http://www.theatlantic.com/international/archive/2012/10/hacktivists-advocate-meet-the-lawyer-who-defends-anonymous/263202/

As a lawyer not particularly immersed in the technology world, Jay Leiderman first became interested in the hacker collective Anonymous around December 2010. That was when Anonymous activists launched distributed denial of service attacks (DDoS) against Mastercard and PayPal, who stopped processing donations to WikiLeaks.

Since then, he has represented a number of high-profile hackers, including Commander X, who is on the run from the FBI for a DDoS attack on a county website in Santa Cruz, California, to protest a ban on public sleeping, and Raynaldo Rivera, a suspected hacker from LulzSec who is accused of stealing information from Sony computer systems. Both Commander X and Rivera could face up to 15 years in prison.

Leiderman, who represents many of his hacker clients pro bono, argues that the law should be changed on DDoS. In an interview I conducted with Leiderman recently, he told me why slapping teenaged hackers with harsh prison sentences is counterproductive.

How did you first become involved with representing Anonymous?

The politics of it spoke to me and the fact that it was a newly emerging area of law really spoke to me. My partner and I do a lot of medical marijuana law. Primary among the reasons that we do that are that it’s new and emerging so we can help shape the way that the law ultimately fits society. And because we believe in the politics behind it. And it’s the exact same with Anonymous.

We have an opportunity here to make the courts, as these cases wind their way up, understand privacy issues, emerging tech issues, against the backdrop of civil rights and through the prism of free information. And that was something that was just an amazing opportunity for me and something that still engages me as I continue to take on these cases.

You’ve said about DDoS attacks that “they are the equivalent of occupying the Woolworth’s lunch counter during the civil rights movement,” but under U.S. law DDoS attacks are illegal. Do you think the law should be changed?

Oh, absolutely. Keep in mind that I didn’t say that in an unqualified manner about DDoS. If you were knocking someone’s front page offline to ultimately rape their servers and take credit-card information and things like that, that’s not speech in the classic sense. When you look at Commander X’s DDoS, what he was accused of in Santa Cruz, or with [the] PayPal [protests], these are really perfect examples. And very rarely in law do we have perfect examples.

Take PayPal for example, just like Woolworth’s, people went to PayPal and said, I want to give a donation to WikiLeaks. In Woolworth’s they said, all I want to do is buy lunch, pay for my lunch, and then I’ll leave. People said I want to give a donation to WikiLeaks, I’ll take up my bandwidth to do that, then I’ll leave, you’ll make money, I’ll feel fulfilled, everyone’s fulfilled. PayPal will take donations for the Ku Klux Klan, other racists and questionable organizations, but they won’t process donations for WikiLeaks. All the PayPal protesters did was take up some bandwidth. In that sense, DDoS is absolutely speech, it should absolutely be recognized as such, protected as such, and the law should be changed.

But say that I had a rival law practice across town from you and I was perhaps a bigger more powerful rival with more money and perhaps I wanted to down your website every single day. Isn’t that just the equivalent of me just going outside and spray painting and taking down your sign every day and preventing customers from coming to you?

Jay-Leiderman.jpgBut both of those actions would be illegal in the abstract. Taking down my sign or vandalizing it would be a graffiti or vandalism type charge whereas repeatedly DDoSing my site would be similar in method and manner to that. It’s why you have to be careful with the speech. What you have with PayPal, it’s a pure form of speech — it was a limited and qualified thing like Woolworth’s. African-Americans went into Woolworth’s and said, I want lunch, feed me lunch, I will eat it, pay for it, and leave. Same with PayPal.

Santa Cruz perhaps provides a more compelling case on that because Santa Cruz was about literally petitioning the government for a redress of grievances. Santa Cruz wanted to essentially criminalize — or did criminalize — homeless people sleeping in public without qualification. And the city council wouldn’t listen, the police wouldn’t listen, no one would listen. People regularly die from exposure, because they can’t find safe and secure places to sleep in the community. Therefore getting your government’s attention in that manner should not be something that the U.S. government is interested in criminalizing and spending resources to prosecute. So in those regards, it’s different from the examples you gave, where I would be under perpetual DDoS.

So you’re not saying decriminalize DDoS per se, but perhaps it’s the way that DDoS is used and other legal factors would come into play there.

Here’s what we conceived in terms of the DDoS. The government and people who write about tech tend to call it a “DDoS attack” but in certain circumstances it’s not a DDoS attack, but a DDoS protest. So the law should be narrowly drawn and what needs to be excised from that are the legitimate protests. It’s really easy to tell legitimate protests, I think, and we should be broadly defining legitimate protests. The example you gave of the rival law firms, that’s not protest activities or traditional free speech activities.

The argument has been made that the problem with some of the sentences for Anonymous/LulzSec members is that a lot of them are really just foot soldiers, naive, young, vulnerable kids, who perhaps get into something over their heads. And they’re not skilled hackers who are trying to bring down the U.S. government and they don’t deserve long jail terms . Would you agree with that?

Absolutely, that’s probably one of the most often-repeated and truest things about a lot of these Anonymous members is that they’re not these ill-intentioned, misanthropes that really need to have the weight of the law come down on them. I agree with that 100 percent.

Who should the weight of the law come down on then? Should the weight of the law come down on the ringleaders who are behind these people?

Sabu‘s cooperation [aside], he would be a good example of someone who’s cruising for one of these eye-popping over-the-top sentences. He was a bit older, he had been involved in the hacking world for 10 or 15 years; he had a lot of prior Internet misdeeds. He was very skilled, or at least reasonably skilled, he had special skills. He was involved in other criminal activity, he was selling pounds of marijuana, which they didn’t charge him with. They dismissed those charges as part of his cooperation.

He was using his skills to commit credit-card fraud, without ideology, without politics behind it, without anything. He was literally stealing from people — this was not a big, nameless, faceless corporation…There was no ideology behind him stealing credit-card numbers from Mr. and Mrs. Smith…. He was recruiting people actively into LulzSec. One of the allegations in the case I’m handling [Raynaldo Rivera] is that Sabu recruited my client based upon my client’s skill, through another member of LulzSec, an intermediary.

Sabu was unquestionably the leader of LulzSec. When you read through the reports, as I have, it’s very clear that Sabu was giving orders, pressuring people to “get their hands dirty.” … It was Sony Pictures and the databases were organized via movie sweepstakes — names and password that were ultimately dumped on the Internet — and Sabu made individual people go in there and do individual databases so everyone had their hands dirty so that he could exert more control and get them to do more. He had importuned them to criminality.

… He’s looking at 124 years so that’s obviously beyond ludicrous. But if Sabu were to get a decade or something, that [could be] a sentence for someone like him with a really malignant heart. But for someone like Rivera and the typical member of Anonymous, no, those sentences simply don’t fit and for the most part I don’t believe they should be going to jail. A lot of these kids — and most of them are kids — don’t understand the criminal consequences here and could be rehabilitated; scared straight without a jail sentence. There are other things that we could do to them to make them understand that this is in fact illegal and not the way to express yourselves politically.

If we are not talking about harsh prison sentences, how should society respond to rehabilitate those hackers?

I really think this is a situation where a lot of these people are really scared of the consequences once they understand them. Usually someone like that, a criminal conviction in and of itself is a terrible black mark on someone’s record now. It becomes difficult to get a job. If you’re a person with computer skills, it becomes difficult to get computer clearances to be able to work your way up in a lot of these areas. So simply the conviction alone gets the message across, a probationary period where they’re being monitored or checked in on, some community-type service, working with the community in a productive manner. All sorts of creative punishments like those that are available and at the government’s disposal.

Do you think denying them access to the Internet is useful?

In some cases it might be useful and appropriate. You really have to look at the offense and the offender. If someone’s really unhealthy in their Internet use, it may not be a bad thing to look at them and say, a year, 18 months, two years, let’s see how you do without Internet in your life except work and school. That may well be a very good and healthy thing for some people, but you have to look at the offense and the offender before saying we should just yank this person’s Internet privileges.

You don’t think there’s a purpose to passing harsh prison sentences in that it sends a message and acts as a deterrent to any potential offenders?

I don’t necessarily think that message gets received by this population which are exclusively naive, not legally savvy, fairly young first-time offenders. That’s not a population who can really understand in a practical sense that if you do this, you’re going to get a harsh prison sentence. In some of their minds, it almost may be worse, to take away Internet use or modify their behavior in some ways as it so violently changes how their life ordinarily progresses.

Are there any Anons you wouldn’t represent?

It depends. I’ve been asked that question before and I struggle with it and here’s why. I don’t have to like or agree with the people that I represent to represent them. I have represented neo-Nazis and I’m Jewish. I’ve been assigned them when I was a public defender and it never really occurred to me until someone asked me, how do you feel about representing this skinhead and I said, you know, I didn’t think about it.

Everyone is entitled to a defense and the more reprehensible they are and maybe the more guilty they seem at the beginning of the case makes them more entitled to a vigorous and hard-hitting defense. So I don’t necessarily know that there’s someone I wouldn’t represent based upon what they did or based upon their politics. I wouldn’t go ahead and represent someone whose views I didn’t agree with pro bono. I’m not going to spend my time and energy that way. … Certainly there are many people I wouldn’t represent pro bono.

Would you represent Sabu pro bono?

No. The damage he did by turning so completely on people he used to call his brother [was considerable]. People who cooperate, throw someone else into harm’s way so they can soften the blow on themselves, I tend not to represent. For those reasons, I wouldn’t represent Sabu at all. […] He hurt a lot of people and he did it to save his own skin and he hurt a lot of people worse than they would otherwise be hurt.


Copyright (c) 2012. RFE/RL, Inc. Reprinted with the permission of Radio Free Europe/Radio Liberty, 1201 Connecticut Ave., N.W. Washington DC 20036.

twitter Facebooktwittergoogle_pluslinkedinmail

Hearing scheduled in Andrew Luster’s appeal of rape sentence

An attorney for convicted rapist Andrew Luster, an heir to the Max Factor cosmetics empire, said a hearing is scheduled for Dec. 17 to set dates and times when legal motions surrounding Luster’s appellate court issues will be heard.

Attorney Jay Leiderman said Monday that Luster raised 20 legal issues in his appeal, including whether he was denied effective assistance of counsel at his trial and whether the judge used a proper method to calculate Luster’s prison sentence in 2003.

***

Leiderman said Luster, 48, was offered a favorable plea bargain deal of six to 16 years in prison but that his lawyer didn’t give him proper legal advice on the offer.

***

Andrew Luster

Jay Leiderman, unhappy that he only was able to reduce Andrew Luster’s sentence by 74 years, leaves the courthouse. Luster’s new sentence will be served at 50% time so he will be released when he is 62 as opposed to his release date before Leiderman got the sentence reduced. His original release would have come when Luster was 99 years old.

 

***

Ventura County Superior Court Judge Ken Riley, now retired, sentenced Luster to 124 years in prison. On June 19, 2003, Luster, who is Factor’s great-grandson, was caught at a taco stand in Puerto Vallarta, Mexico, by bounty hunter Duane “Dog” Chapman.

http://www.vcstar.com/news/2012/dec/10/hearing-scheduled-in-andrew-lusters-appeal-of/ 

twitter Facebooktwittergoogle_pluslinkedinmail

Notice of habeas corpus petition

To the Court of Appeal of the State of California, ______ District, Division ____, the _____ County District Attorney, the Attorney General for the State of California, the Warden of _____ State Prison; please take notice that:

Pursuant to Article VI, section 10 and Article I, section 11 of the California Constitution and Penal Code section 1473, and In re Clark (1993) 5 Cal.4th 750 n.7, petitioner [defendant’s name] seeks this Court’s writ of habeas corpus to relieve him of his wrongful criminal convictions and/or sentence and his unlawful confinement in the California Department of Corrections and Rehabilitation’s (“CDCR”) _______ State Penitentiary. Petitioner’s confinement is unlawful for the reasons and on the grounds stated in this petition and in Petitioner’s separately filed Memorandum of Points and Authorities, and supported by the attached exhibits, the declarations attached hereto, and the files and records in this matter, as well as any oral argument that may supplement this petition and any exhibits, declarations or the link filed subsequent to this petition as a result of the ongoing investigation.

HABEAS CORPUS

Known as “the great writ” habeas corpus petitions are the last refuge of an unjustly incarcerated prisoner

What is a habeas corpus petition?

Latin for “that you have the body.” In the US system, federal courts can use the writ of habeas corpus to determine if a state’s detention of a prisoner is valid. A writ of habeas corpus is used to bring a prisoner or other detainee (e.g. institutionalized mental patient) before the court to determine if the person’s imprisonment or detention is lawful. A habeas petition proceeds as a civil action against the State agent (usually a warden) who holds the defendant in custody. It can also be used to examine any extradition processes used, amount of bail, and the jurisdiction of the court.

See, e.g. Knowles v. Mirzayance 556 U.S.___(2009), Felker v. Turpin 518 US 1051 (1996) and McCleskey v. Zant 499 US 467 (1991).

 

twitter Facebooktwittergoogle_pluslinkedinmail

Monday, August 19, 2013

Remarks Made at the Jeremy Hammond / Barrett Brown Fundraiser 19 August 2013 New York

We live in times where our liberties are ever threatened.  Where the individual is presumed to yield to the state.

Things that should not have ever been forgotten have, until recently, seemingly been lost to history. Things that should be said and known every day as we Americans decide how we allow ourselves to be governed are no longer spoken except by an outlawed few.  Our privacy, the very gift that gives us our spirit of independence has become threatened.  Where the masses have forgotten, a new breed of patriot, the hacktivist, remembers. Words that have, over the years, lost their meaning have suddenly gained meaning anew. There is a war on information, but that is not a war that the government will win. The people will prevail. As the people must prevail.

Jeremy Hammond

Jay leiderman addresses a crowd at a protest after celebrated hacktivist Jeremy Hammond was sentenced

I want to read to you a bit:

THESE are the times that try men’s souls. The summer soldier and the sunshine patriot will, in this crisis, shrink from the service of their country; but he that stands by it now, deserves the love and thanks of man and woman. Tyranny, like hell, is not easily conquered; yet we have this consolation with us, that the harder the conflict, the more glorious the triumph. What we obtain too cheap, we esteem too lightly: it is dearness only that gives every thing its value. We know how to put a proper price upon goods; and it would be strange indeed if so celestial an article as FREEDOM should not be highly rated. 

Thomas Paine, The American Crisis, Winter 1776.  It is as appropriate now as it was at Valley Forge.  It shouldn’t be, but it is.

Let us not forget the principles upon which this country was born. As we look to our seemingly forgotten past we must embrace the fantastic promise of the digital revolution. It is our future.

The world is changing at a faster pace than it ever has before.  One person with the courage to come forward can change the world in ways they never could before.  But we must be mindful of the world as it is so that we can act to change it in ways that will benefit the future.

Money

Power

Sex

Drugs

Rock and roll

These things have become passé

Information is the new currency

Information is the new aphrodisiac

Information is the new high.

He who controls the information controls your world.

And your government knows it.

But we’re starting to know it too, thanks at least in part to the groundbreaking work of Jeremy Hammond and Barrett Brown, two of the first prophets of the digital age.

Barrett Brown

Political Prisoner Barrett Brown

Educate and inform the whole mass of the people… They are the only sure reliance for the preservation of our liberty, said Thomas Jefferson. But our government would likely seek to classify our founding fathers as terrorists if they dared seek to turn their rhetoric to reality today. How far we have drifted from the American ideals. What dangerous times are these.

Likewise, predictably lurking about Jeremy and Barrett are prosecutors and judges who want to turn these prophets into martyrs. Our aim is to see that they fail miserably in these endeavors.

At issue in the cases of both Hammond and Brown is the principle that people are entitled to privacy while the state must be transparent. Syllogistically, a good result in The United States v Hammond and The United States v. Brown translates into a good result for freedom, freedom for us all. At the same time, we must also recognize that what is good for freedom is antithetical to the emerging omnipresent surveillance state.

Jeremy is accused of hacking Strategic Forecasting Inc., commonly known as Stratfor.  Stratfor was thought of as a private CIA.  He has admitted to passing over 5 million emails to Wikileaks for publication.  He has pled guilty and faces a possible 10 years in federal prison.  Those emails gave us a glimpse of the evil and inappropriate relationship between the government and the private spy network, the so called private intelligence community.  Among the disclosures of the Stratfor emails shed light upon was something called trapwire – facial recognition software already in place in major American cities that can track you as you go about your daily routine.

Jeremy Hammond Barrett Brown

Jay Leiderman addresses the crowd at a fundraiser for journalist Barrett Brown and hacktivist Jeremy Hammond in New York City

Trapwire was one of the many items that journalist Barrett Brown was investigating at the time of his arrest.  Barrett pends trial on charges that could add up to over 100 years of custody time.  Principal among the charges he faces are allegations that he shared a link to the Stratfotr hack wherein there were credit card numbers.  Assuming arguendo he did so, he shared a link to a newsworthy event.  He did something journalists do every day all day long.  But because of his investigations into these private intelligence firms, including Booz Allen Hamilton, the company in the news because they were the NSA contractor who employed NSA whistleblower Edward Snowden, Barrett was charged and stands to lose his freedom for all of his days.  He’s 32 and they could give him 100 years.  It’s obscene.

Let me read some Jefferson once more to buttress the historic importance of these acts:

Rightful liberty is unobstructed action according to our will within limits drawn around us by the equal rights of others.  I do not add ‘within the limits of the law’ because law is often the tyrants will, and always so when it violates the rights of the individual. 

Indeed, Jefferson would be in the lockup today, perhaps sharing a cell with Jeremy or Barrett.  What dangerous times are these indeed when personal liberty is constantly under threat of incarceration.

Jeremy and Barrett acted not for fame or for financial gain.  They didn’t think that one day we would gather together like this to support them and their actions.  They did what they did because of their unyielding principles.  Because they understood that freedom, liberty and independence come from that simple concept; privacy for the individual and transparency for the state.  Based upon that, they have acted heroically.

They remembered the American ideals that were lost to time.  They remembered their past as they forged ahead to make a better future for us all.  These are indeed the times that try man’s souls, but if we follow the lead set by Jeremy and Barrett, I’ve no doubt that it will be the American people that have a glorious triumph over the American government and the corporatocracy’s private surveillance state.

Donating to the causes of Jeremy Hammond and Barrett Brown is important for the foregoing reasons. We ask you to stand up for freedom, to stand against the surveillance state, to stand for the true ideals of the American experiment and help us protect and fight for these prophets of the digital age.

Jeremy and Barrett put themselves on the line for your freedom. Please help secure theirs. We do not forgive the transgressions of the surveillance state.  We do not forget our heroes.

 

twitter Facebooktwittergoogle_pluslinkedinmail

Why We Can Stop Missiles But Not Hackers

Hackers present both the public and private sector with some very unique challenges. Unlike traditional threats, which are often presented in very black and white terms, hackers are notoriously adaptable to new security measures and tend to discover vulnerabilities as fast as developers can fix them.

Their tools vary; sometimes hackers author malware to commandeer a victim’s system or computer, while other times they brute force their way in by guessing passwords or stealing account information. Other times they exploit users’ trust with phishing; failure to update software is another major cause of a security breach.

Stories about the mock pentagon hacks leave us with the burning question: just how vulnerable are we to hackers?

Hackers

Private Enterprises

Large corporations and small businesses frequently have good door security; they know who’s going in and out of their building and there is usually some kind of monitoring, be it live or recorded.

Private surveillance has made it considerably easier for law enforcement because physical evidence of a crime on tape is subject to less bias and provides a solid narrative of what happened. The threat of surveillance is also a great deterrent to would-be criminals.  In other words, it is considerably more difficult to dispute a criminal charge when one is caught on tape.

But digitally speaking, things are very different. Major data breaches, such as with Seagate and LinkedIn, show us that hackers are undeterred by the private sector’s security advances. They demonstrate that our businesses haven’t made much progress since the Target or Yahoo breaches, that hackers are still finding their way into servers and stealing customer information.

Much of this has to do with human error. Some of the largest hacks, including the iCloud celebrity photo “leaks” of 2014 [note 1] and the Seagate breach of 2016 stem from very basic phishing scams. Thus far, security services offer little in the way of handling scams, focusing mainly on encryption and malware elimination.

That’s not to say that said services aren’t useful; they just can’t stop everything. More often than not, businesses fall victim to internal sabotage or basic scams because that may be the only way for hackers to get in.

Public Services

Thus far, damage from hackers in the public sector appears to be minimal; no bombs have been dropped, no missiles launched, and no secret operations (that we’ve been told about) foiled. But the government has been hacked—and not just once.

no bombs have been dropped, no missiles launched, but the government has been hacked—and not just once.

In 2016, both the Internal Revenue Service and the Federal Bureau of Investigation were hit by hacks, with the former exposing the Social Security numbers and personal information of hundreds of thousands of private parties, and the latter information about public agents in the Department of Homeland Security and the FBI. [Note 2]

While not all details of the hacks have been made public, it is suspected that information gained by hacking private sector businesses led to the IRS hack. Yet these hacks may be the least of our concerns in the public sector.

Between 2015 and 2016, the US government accused both China and later Russia of hacking into public systems. These demonstrations of cyberespionage are evidence that foreign intrusions are evolving into something beyond moving around warships, staging blockades, or declaring no-fly zones. In some ways, they are much more akin to Cold War tactics.

More importantly, these sorts of hacks are unprecedented. Concerns that Russia may have interfered in the US elections give concerns as to just how safe our public systems really are and if they can be relied upon for accuracy.

You and I

Back at home, individual users face new problems from the hacker menace because our devices carry increasingly valuable information and are often far less secure than larger companies or databases.

Practically speaking, there are a few basic things you can do to keep yourself safe from intrusions. Protecting yourself is valuable both to you and to any companies you associate with, as a single unsafe device can have a cascading effect as companies move towards BYOD (Bring Your Own Device) models.

The standard anti-malware service is a given on any device, mobile or otherwise. What’s less commonly utilized but equally valuable is a Virtual Private Network (VPN) service. It works as a form of private encryption, protecting your internet connection and securing you from hackers, particularly while on public networks. For entry level users, I recommend this guide by Secure Thoughts to learn about the details and if a VPN suits your needs.

password

Change your passwords every six months to ensure continued security

Other useful apps and software include password management services and backup programs. The former can aid in managing the large number of passwords we as private users are required to juggle each day, while the latter can help recover from losses.

Hackers also have a particular affinity for outdated services, so just make sure anything you have installed is running on the most recent version. Old versions often contain security loopholes or bugs that hackers can exploit. It’s one other reason to beware of older programs that are no longer supported by their respective authors.

Looking Forward

Hackers are a serious threat, both public and private, that aren’t likely to go away anytime soon. They may not be as devastating as a single bomb or missile, but they’re considerably more difficult to stop and much more tenacious.

Chances are you or someone you know has already been hacked as a result of so many breaches and may not even know about it. This is the era of eternal vigilance, and if we’re going to keep up with hackers, that means remaining on alert and monitoring our accounts. Keep an eye out for suspicious activity; it’s one of the best ways to prevent damage from getting out of control. And if you don’t, who will?

About the Author: Cassie is a writer and blogger who focuses on internet security and technology. The constant stream of identity theft and public data breaches keeps her very busy writing about how individuals and businesses can be better prepared for future incursions.

Web: www.securethoughts.com
Twitter: @securethoughtsc

[note 1: Jay Leiderman worked on one of these cases but he did not write this post]

[Note 2: Likewise, Jay Leiderman represents a defendant charged in some of these cases]

twitter Facebooktwittergoogle_pluslinkedinmail

 

 ^