Blog Jay Leiderman Law

Anon on the run: How Commander X jumped bail and fled to Canada

One fugitive’s epic tale.

Commander X


“You scared?” asks the fugitive in the camouflage pants as he sidles up to our pre-arranged meeting point in a small Canadian park. He wears sunglasses to hide his eyes and a broad-brimmed hat to hide his face. He scans the park perimeter for police. “Cuz I’m scared enough for both of us.”

It’s a dramatic introduction, but Christopher “Commander X” Doyon leads a dramatic life these days. He jumped bail and fled the US after the FBI arrested him in 2011 for bringing down a county government website—the only Anonymous-affiliated activist yet to take such a step. When I meet him months after his flight, he remains jumpy about getting caught. But Doyon has a story he wants to tell, and after he removes his hat, sunglasses, and backpack, he soon warms to the telling of it. It’s the story of how, in Doyon’s words, “the USA has become so tyrannical that a human rights/information activist would feel compelled to flee into exile and seek sanctuary in another country.”


Meet Commander X

In the early 1980s, when Doyon was in his early 20s, he had moved down the coast from rural Maine to Cambridge, Massachusetts. At the time, it was a “tripping fucking city to live in” where Doyon dropped plenty of acid, smoked plenty of weed, and found a political movement agitating against apartheid in South Africa. The mix of Grateful Dead culture and a righteous indignation intoxicated Doyon, who was soon recruited into a small group called the People’s Liberation Front (PLF), which he describes as “one of the ost secret organizations in the world.” The PLF was led by an older man with slate grey hair who favored aviator sunglasses and bomber jackets and who went by the name “Commander Adama.” Adama had already recruited five or six young people to join his quest for justice, and Doyon soon decided to help the cause. The group traveled from protest to protest performing technical services—printing flyers, deploying backpack FM radios for communications, surveillance.

When Adama later asked his recruits to relocate with him to California, Doyon and three others followed. They spent the next few years traveling around the Northwest in a van, helping groups like the Animal Liberation Front release animals. “We would sneak up basically in the middle of the night on mink farms and free all these little animals,” Doyon tells me, though his memory of those days is fading a bit. “And I believe we burned a couple [of buildings] to the ground. They weren’t mink farms that we burned… the fuck did we burn? I think it was a lumberyard, or… fuck. I can’t remember now. There were a couple places that we set fires.”

The PLF stayed in the background and, because groups that live in the darkness generally prefer not to use real names, Doyon needed his own nom de guerre. He quite consciously set out to pick a something “impressive.” For two weeks he jotted names on scraps of paper but found nothing he liked. The came the breakthrough: what about a single character? Most letters felt ridiculous (“Who wants to be G?” Doyon says), but X seemed promising. Doyon jumped online and spent the next four days scouring BBSes for anyone else using X as a handle. No one had it, so Doyon took it.

Commander Adama created the PLF as a hierarchical organization, the opposite of Anonymous, with a Supreme Commander at the top and the rank and file—which never numbered more than 12—taking orders. From 1985 to 1995, Doyon was known simply as X. In 1995, as the group moved from supporting direct action to information disclosure and the Internet, Doyon was offered rank within the PLF. He became “Commander X” and helped the organization emerge from its secrecy to become a self-described “cyber militia” that welcomed members from all over the world. In 2007, the group allied itself with Anonymous; Doyon soon became so active that, when HBGary Federal CEO Aaron Barr attempted to ID the leaders of Anonymous in early 2011, he named Commander X as one of the top three.

Rather than bringing down Commander X, however, Barr’s work gave him the additional strength of notoriety. The Anons who hung out in the group’s IRC channels now all knew who he was, and the Commander X persona became increasingly central to his identity. Within Anonymous, critics carped that Commander X should stay a bit more anonymous, rather than popping up all the time to give interviews such as the one in which he told journalist Dan Tynan that “Commander X is a cartoon character that inspires thousands.”

But Doyon refused to retreat back into the shadows because, he says, the Commander X persona was simply too inspiring to others. Not that being such a figure is easy, though.

“All the costs are personal and all the benefits are helping people,” he says. “It’s a huge fucking burden on my ass.”


But his pace began to slow. By mid-September, he could run no more. Increasingly ill, he made it down to Mountain View but became too sick to relocate again. A week into his illness, Doyon began to see more Crown Vics—the cop car of choice—and he feared his FBI pursuers had tracked him to the area. His fever rose. He lay in his camp for several days straight, logging into the free public Wi-Fi network that Google built and maintains throughout Mountain View. His judgment impaired by illness, Doyon ventured back into town on September 21. He called Jay Leiderman, a lawyer from downstate Ventura who agreed to represent Doyon pro bono, and warned him an arrest might be near. Leiderman agreed to fly up to Mountain View and meet Doyon the next day at his favorite coffee shop in town.

He called Jay Leiderman, a lawyer from downstate Ventura who agreed to represent Doyon pro bono, and warned him an arrest might be near

That afternoon, Doyon had an IRC chat with another hacker known as Locke. Locke, a student, offered to wire Doyon some cash through Western Union. Doyon provided him with the address of the coffee shop. It wasn’t a wise move for a man on the run, but Doyon was worn down by illness and fatigue and by the constant running. Fearing the feds might grab him soon, Doyon gave the “keys to the kingdom”—such as his Twitter account password—to his subordinates in the PLF that evening. He then says he used an encrypted, one-time only e-mail service to send a message to the FBI’s cybercrime division. “I am not armed,” it said.

After the hallucinatory night, Doyon roused himself again and returned to the coffee shop in time for his meeting with Leiderman. At 9:00am, from the second floor of the shop, Doyon looked out the window and saw a pair of Crown Vics in the street below. “This is it,” he thought, a sudden shock of sweat running down his back. “They’re here for me.”


Righteous hacktivists

Jay Leiderman’s phone rang as he pulled up to the Mountain View coffee shop in a rental car. His secretary was on the line saying that Doyon had just been arrested by the FBI and would soon be arraigned at federal court in San Jose. Leiderman hopped back into the car. He hadn’t come prepared for a federal court appearance and only had jeans and sneakers. He made his way to San Jose by noon and learned that his client wasn’t scheduled to appear before a judge until 1:30pm He asked the security guys running the metal detector at the courthouse entrance where he could get a suit quickly. They recommended a Vietnamese tailor down the street.

“I’m usually an Armani guy if I can be, but I went from jeans into the one of the nicest $99 suits I had seen, plus a tie, pocket square, and socks,” says Leiderman. “I got the shoes and belt at a Ross [Dress for Less store] in between the tailor and the courthouse. The guys that worked security were impressed.”

Jay Leiderman


Leiderman had involved himself with Anonymous after watching the Lulzsec crew wreak mayhem that summer. “Oh shit, someone here is going to really need a lawyer,” he began thinking. He “floated a tweet out there” during the early summer, offering pro bono work to “righteous hacktivists.” He heard from many Anons, including Commander X—whose name he recognized from Ars Technica’s reporting on the HBGary story—and had to pick one. He chose Doyon.

Now he was in San Jose, in a new suit and shoes, defending Doyon over a 30-minute DDoS attack. Leiderman made the 1:30pm court appearance, at which Doyon entered a plea of “not guilty.” A week later, Doyon was out of jail on a $35,000 signature bond in the name of labor lawyer Ed Frey, who had protested Santa Cruz’s no-sleeping policy with Doyon and had a long history of such battles. Should Doyon not show up for a court date, Frey would suddenly owe a huge amount of money.

Doyon’s bail was not unrestricted, however, and those restrictions would eventually lead him to take up a fugitive’s life once more. The court forbade Doyon from using Twitter. Or Facebook. Or IRC. Or from communicating with other Anons. Or the PLF. In other words, the very activities that occupied most of Doyon’s time were off limits.

“I’m not saying we’re in a police state,” Leiderman says when talking about the restrictions, “but it sure looks like it when you evaluate the system of pretrial release. His human contact is not really human contact—he does his life’s work through IRC.”

Leiderman worked on Doyon’s case for the next few months as it jerked along through the justice system and soon believed that Doyon could beat the rap. The CFAA, the law under which Doyon was charged, has long been criticized as fatally overbroad; Leiderman shares those concerns. “It’s both on its face an overreaching law and it’s being used in an overreaching way,” he says.

But Leiderman was convinced he could limbo under the CFAA’s low bar to prosecution by knocking $1,300 off the $6,300 damage claim from Santa Cruz County. Much of the damage appeared to be charges for non-overtime employee salaries—salaries already paid by the state, rather than new expenses. Such a win could also make a larger argument of Leiderman’s: DDoS attacks cause little damage and should be treated as political protest.

In Leiderman’s view, the DDoS was “absolute speech under the First Amendment.”

“They didn’t harm Santa Cruz’s computers, they didn’t go in and rape their servers,” Leiderman says of Doyon and crew. In his view, the DDoS was “absolute speech under the First Amendment.”

He soon began to worry he wouldn’t have a chance to make the argument, however. Anonymous tips warned him that Doyon—fed up with not being able to operate online as he liked—was thinking about fleeing to Canada. Doyon stopped answering Leiderman’s calls and e-mails. When Leiderman showed up to court in San Jose for a status hearing on February 2, 2012, his client did not appear.

“So, returning to Mr. Doyon,” said the government’s lawyer, according to a court transcript, “his appearance has not been waived. He is not present here. And so I’m inquiring as to whether there’s a reason for that.”

Leiderman knew nothing. The judge issued a bench warrant for Doyon’s arrest but agreed to hold it for two weeks.

On February 16, everyone reconvened in the same San Jose courtroom. Doyon was still missing. “It appears as though the defendant has fled,” said the prosecutor. The judge looked around the courtroom and said he saw no sign that Doyon was going to appear. The prosecutor noted they actually had good reason to believe Doyon would not appear—on February 11, Doyon had issued a press release titled “Commander X escapes into exile.”

Doyon was gone, Ed Frey owed the court $35,000, and Jay Leiderman’s “DDoS as free speech” test case just lost its client.

“A charming feeling as an attorney,” was how Leiderman described the moment to me. “Dateless on prom night.”


Commander X

This is more sedate than the initial version of events. As for the claim that he was “this close to fucking dead” when arrested, I asked Jay Leiderman how Doyon looked when the two met that day. Doyon was thin and ragged, with a few bruises and discomfort from the handcuffs, but “he lives a rough life, so he’s often in rough shape,” Leiderman says. “He was overall pretty much the same.”

It becomes clear as we talk that Doyon has a storyteller’s sense of the dramatic and a penchant for the Big Statement. PLF operations, for instance, tend to be grandiose. “Operation Freedom Star,” launched earlier this year, created the “PLF Space Command,” and sought a million dollars in donations to buy up an old satellite in order to provide broadband access to underserved parts of the globe. “Op Syria” aimed to “launch a major new offensive against the forces of tyranny and evil”; its status is currently listed as “success.” 2011’s “Operation USA” was said to be the beginning of “the Transnational Global Cyber Insurgency. Welcome to the second American Revolution!”

The pattern carries over into conversations with journalists. In May, Doyon famously told a Montreal journalist, “Right now we have access to every classified database in the US government. It’s a matter of when we leak the contents of those databases, not if… There’s a really good argument at this point that we might well be the most powerful organization on Earth.”

“Honestly, in 2011, nobody cared about Doyon at all. Anons thought he was a pretentious theatrical idiot.”

When I press him on this, the explanation is far more reasonable: Anonymous has received several terabytes of leaked data that appears to originate from US government databases, but it remains unclear whether this is of any real value. Doyon also insists that many of the geeks guarding these databases for the US government have come to Anonymous and pledged their support. “The simple fact is that by becoming one of the world’s worst tyrannies, the USA government has lost the loyalty and trust of many of the very people tasked with keeping their secrets safe,” Doyon says. After an obscure soldier like Bradley Manning could leak huge troves of US diplomatic cables, this statement isn’t as outlandish at it might have once appeared. On the other hand, the promised major leaks haven’t materialized

Why pay such a price? For Doyon, the answer is simple: activism is his life’s work and trumps all else. “I would hope people would see me as someone who

He is Supreme Commander of the PLF, scourge of tyrants, a voice for Anonymous, a man behind a mask, a cyber knight tilting his lance on behalf of the downtrodden—or he is a hyperbolic homeless hacker in love with the overwrought tones of his own press releases, a quote machine for journalists, a grown man playing at grand titles and in love with secret societies.

But in either case, he remains Commander X.

twitter Facebooktwittergoogle_pluslinkedinmail

Prior to trial, petitioner believes, the court warned the defense attorneys something to the effect of: “This trial is not going to be about police and prosecutorial misconduct.”  The defense was on notice that their entire case plan of putting the system on trial was not to be presented to the jury.  Thus, petitioner was without the defense of consent and without the ability to put the police investigation on trial, his right under Kyles v. Whitley (1995) 514 U.S. 419, 445-449, where the U.S. Supreme Court said that the defense can attack the police in front of the jury by cross-examination and in closing argument about shoddy, slovenly, inadequate, or biased police investigation work.[1]

The district court committed plain error and abused its discretion by instructing the jury not to ‘grade’ the investigation

[1] See also United States v. Hanna (9th Cir. 1995) 55 F.3d 1456, and United States v. Sager (9th Cir. 2000) 227 F.3d 1138, 1145-1146, relying on Kyles.  In Sager the court said:  “[T]he district court committed plain error and abused its discretion by instructing the jury not to ‘grade’ the investigation.”  (Id. at 1145.).  “Details of the investigatory process potentially affected [the officer’s] credibility and, perhaps more importantly, the weight to be given to evidence produced by his investigation. Defense counsel may have been fishing for flaws, but it is obvious that he cast his bait in a promising pond.”  (Id.)  To fail to allow this line of inquiry impinges on a defendant’s state and federal constitutional rights to confrontation and compulsory process.  (See Pointer v. Texas (1965) 380 U.S. 400, 403- 405.)

kyles v. whitley

Kyles v. Whitley allows for the introduction of evidence concerning a sloppy or shoddy police investigation

The defense has wide latitude in cross-examination of prosecution witnesses in a criminal case.  (People v. Ormes (1948) 88 Cal.App.2d 353, 359; People v. Watson (1956) 46 Cal.App.2d 818, 827.)  “We construe the [proper scope of cross-examination], at least ordinarily, that when a prosecution witness testifies to facts tending to establish the guilt of one criminally accused, that witness may be cross-examined on all relevant and material matters preceding, concurring with, or following the criminal event, within his knowledge and reasonably related to the issue of guilt or innocence.”  (In re Victor F. (1980) 112 Cal.App.3d 673, 682-683, citing Gallaher v. Superior Court (1980) 103 Cal.App.3d 666, 671.)


twitter Facebooktwittergoogle_pluslinkedinmail

Protest Speech and the Digital Revolution

The unpolished draft of the op-ed written for the Guardian

There is no weapon on the planet more powerful than speech.  In recent years, the digital revolution has led to new and unique ways for people to express themselves.  Speech has flourished around the globe, and brought the world closer together.  As a lawyer and as someone who promotes the advancement of individual liberties, I was fascinated by the advent of online speech, and then the advent of online protest.


The power of speech – a microphone and brass knuckles

While affixing your e-signature to an online petition is a new and somewhat direct way to “petition your government for a redress of grievances,” I am most concerned with advocating for more immediate and effective manners of protest.   Accordingly, I was quite interested in December 2010 when the hacktivist collective Anonymous took to the internet to voice their displeasure with PayPal over their part in the banking blockade of Wikileaks.  A reported 10,000 protestors around the world voiced their displeasure with PayPal by using a protest method known as DDoS.  DDoS is the functional equivalent of hitting the refresh button on a computer repeatedly.  With enough people refreshing enough times, the site is flooded with traffic and slowed or even temporarily knocked offline.  No damage is done to the site or backing computer system, and when the protest is over, the site resumes business as usual.

This is not “hacking.”  It is protest.  It is speech.

True, customers of the site are temporarily inconvenienced, but democracy is often messy and inconvenient. Moreover, to hear the voice of your fellow citizen for a moment should always be worth slowing down for.  Exposure to new or differing views enriches us all.  Such was the case with the 2010 PayPal DDoS protest.

Or, at least, it was until the United States Government decided to serve 42 warrants and indict 14 protesters.  While protest crimes have typically been seen as tantamount to nuisance type behavior, like trespassing or loitering, these were different.  The 14 PayPal defendants, some of whom were teenagers when the protest occurred, find themselves looking at 15 years in federal prison.  For exercising their free speech rights.  For redressing their grievances to PayPal, a major corporation.  For standing up for what they believed was right.  Instead of facing a $50 fine, like one would face for traditional protest crimes like a sit-in, the PayPal defendant’s freedoms are in real jeopardy.

This is not “hacking.”  It is protest.  It is speech.

To address this situation, there was some more traditional, yet still-modern speech aimed at the White House.  An online a petition has been launched asking that DDoS be treated as speech.  I wholeheartedly support this concept.  Being mindful that all protest must be reasonable in time, place and manner, I believe that there is room in cyberspace, indeed in the world, for this type of protest activity.


Free Speech is seldom pretty, but it is essential to an open and free society

The example used above, that of the PayPal protest, is again apt to analogize why DDoS is speech.  Just like civil rights protestors who went to the Woolworth’s lunch counter in the segregated American South of the 1960’s to seek a simple meal, people went to PayPal to express their desire to make a donation to WikiLeaks.  In Woolworth’s the protestors made plain their goal: “If you serve me a meal, I will eat it, pay for it and then I will leave.”  This simple concept was lost on the Jim Crow South.  And so protest became necessary.  Certainly this situation is a lesser evil.  No one suggests it is not.  But the analogy is apt nonetheless.  Thousands of PayPal protestors said, via their protest speech in DDoS form: “I want to make a donation to WikiLeaks, I’ll take up my bandwidth to do that, then I’ll leave, you’ll make money, I’ll feel fulfilled, everyone wins.”  But alas, PayPal, and their parent company eBay were not in the win-win business.  They were in the censorship business.  Censorship is not something Anonymous suffers lightly.  PayPal will take donations for the Ku Klux Klan, other racist and questionable organizations, but they won’t process donations for WikiLeaks.  So it came to pass that thousands of displeased people around the globe voiced their displeasure via a DDoS protest.   All the PayPal protesters did was take up some bandwidth.  PayPal claimed – almost as a cry of victory – that their site never even went offline.  In that example, DDoS was used as an almost pure form of protest expression.  Accordingly, it was speech, it should absolutely be recognized as such and protected as such.   The law should be changed.


Anonymous. Headless. Leaderless. The hive.

The Computer Fraud and Abuse Act is being used to stifle new and creative forms of online expression.  This type of harmless creative protest should be encouraged.  Our nation was built upon the principles of free speech.  If the founders of this great nation saw the abuses of the laws as applied to these minor protests I think they would be shocked and offended.


The Government would seek to restrict speech if left to their own devices

Our best and brightest should be encouraged to find new methods of expression.  Direct actions in protest should be encouraged, not stifled.  The dawning of the digital age should be seen as an opportunity to expand our knowledge and collectively work together to enhance our communication.  Government should have the greatest interest in promoting speech, especially unpopular speech.  If new and contrary methods of speech became mainstream, they would need no protection.  The majority, the corporatocracy and the oligarchs are, no doubt, displeased by dissent.  Such is the nature of dissent.  When the world becomes perfect, no one will ever have need to protest.  Until then, the Government should never be used to stifle the new and creative – not to mention effective – methods of speech and expression.   Since the PayPal prosecution there has been no DDoS protests on that scale.  Speech has been chilled.

Supreme Court Justice William O. Douglas said: “Restriction of free thought and free speech is the most dangerous of all subversions. It is the one un-American act that could most easily defeat us.”  Toward that end, let’s begin a conversation about carving out some room for DDoS to be seen as protest speech deserving of First Amendment protection.

twitter Facebooktwittergoogle_pluslinkedinmail

A ten-year delay due to attorney misrepresentations was excused by the appellate court in In re Grunau, 169 Cal.App.4th 997 (2008). The court in part said that “it does not lie in the state’s mouth to object to relief, since it has in a sense warranted the attorney’s competence by issuing him a license.” Id. at 1003 (emphasis added).

Grunau is best summarized by it’s opening paragraph: “Defendant Mark Daniel Grunau seeks recall of the remittitur in this matter on the ground that the 1997 dismissal of his appeal resulted from neglect and misconduct by his appellate attorney, and that relief was not sought sooner because that attorney consistently and plausibly misrepresented the status of the case to defendant through defendant’s father. We initially denied defendant’s motion but were directed by the Supreme Court to reconsider the matter. Having done so, we are persuaded that defendant is entitled to the relief he seeks. Accordingly, we will recall the remittitur so that the appeal may be determined on the merits.”  169 Cal.App.4th 1000.  Grunau was a case involving sex convictions.  Grunau’s attorney had timely filed a notice of appeal but thereafter failed to diligently prosecute the appeal, and lied to Grunau’s father, stating the appeal was progressing when it had been dismissed (Grunau himself was unable to communicate with his lawyer).

The facts of Grunau are astonishing:


The shocking case of In re Grunau discusses what remedies are available to a defendant abandoned by his attorney

Defendant relied on his father to communicate with Foley regarding the appeal, in part because his own attempts to contact Foley were largely unsuccessful.   Everything defendant learned about his case came from his parents.   Between 1996 and 2004, Mr. Grunau called Mr. Foley monthly, sometimes weekly.   In September 2002, he discovered that Foley’s phone had been disconnected, but tracked Foley down by using the phone book to find someone who knew Foley’s mother.   According to Mr. Grunau, Foley at no time disclosed that the appeal had been dismissed.   On the contrary, from 1996 to 2004, in response to repeated inquiries, Foley consistently assured Mr. Grunau that the appeal was proceeding in due course.

Despite Foley’s assurances, Mr. Grunau attempted to independently confirm that the appeal was pending by contacting the superior court. Those attempts were unsuccessful.   Eventually-on August 24, 2004-Mr.   Grunau contacted this court, and was told that the appeal had been dismissed.   He went to the law library to research a possible remedy.   He also continued to attempt to communicate with Foley regarding a possible solution.   Finding none, he again telephoned this court in November and was directed by the clerk’s office to contact the Sixth District Appellate Project.   He did so that same month.


twitter Facebooktwittergoogle_pluslinkedinmail

Is former Sacramento media employee Matthew Keys a victim of overzealous, misguided cybercrime prosecution?

Matthew Keys’ trial here in Sacramento in federal court to wrap up soon

This article was published on .

Some say the U.S. Department of Justice’s priorities are out of whack when it comes to cyberterrorism prosecutions.


The trial of former KTXL Fox40 Web producer Matthew Keys in Sacramento federal court appears to be approaching its anticlimax.

The 27-year-old blogger and journalist is accused of helping hackers break into the Los Angeles Times website, where they changed the headline of a story. Keys has even confessed to the substance of the crime, though it hardly qualifies as misdemeanor vandalism. So why make a federal case out of it? Couldn’t Department of Justice resources be better directed elsewhere?

It’s a question of priorities, according toSurviving Cyberwar author Richard Stiennon. “For those in justice, your career path is to get a whole bunch of successful prosecutions and get noticed,” Stiennon says. “So you’re going to go after the low-hanging fruit.”

Lately, prosecutors have been taking advantage of the wide latitude afforded them by the Computer Fraud and Abuse Act to press cases involving “network security.” And they press hard.

Last January, Internet entrepreneur and activist Aaron Swartz killed himself while under felony prosecution for downloading academic journals. Swartz, who helped create the crowdsourced entertainment site Reddit, was facing 50 years and $1 million in fines.

“The days of ’Let’s haul this kid in front of the judge, scare him and send him home with a warning’ are long since gone,” says attorney Jay Leiderman, who represents Keys. “Prosecutorial discretion is a great thing if it’s exercised, but it doesn’t happen in any meaningful way these days, because prosecutions are so politicized.”

That’s the crux of the problem for Keys, the former Reuters social-media editor and possessor of 23,000 Twitter followers. In December 2010, he crossed paths with Hector Xavier Monsegur, a.k.a. Sabu, the eventual leader of AntiSec, a more mischievous offshoot of hacktivist group Anonymous. Keys passed them the credentials he once used to log into KTXL’s computers, which were linked to the Tribune Company network.

Keys left KTXL two months earlier, and he’s since expressed surprise that the credentials still worked. An AntiSec member used them to access the L.A. Times website and change a story headline from “Pressure Builds in House to Pass Tax-cut Package” to “Pressure Builds in House to Elect CHIPPY 1337,” a reference to another hacker group. Within 30 minutes, the hacker was frozen out and the headline corrected.

Keys might have expected, at worse, a stiff warning and small fine. But he literally messed with the wrong guy. Sabu had been an FBI informant since his arrest in June 2011, right around the time he started AntiSec.

For months, Monsegur encouraged his followers to commit cybercrime while under the FBI’s control. He was the “honeypot” attracting would-be perps into an operation seemingly designed to intimidate future hackers and anyone who might associate with them, like Keys.

“Part of this is [the feds’] broader push to send a message that anything and everything is going to go punished that appears to suggest that the control of the Internet is up for grabs,” says Hanni Fakhoury an attorney at Electronic Frontier Foundation in San Francisco. “It is not a coincidence that this was linked to behavior undertaken in the name Anonymous.”

It wasn’t always like this. Keys and Swartz were charged under CFAA, a 28-year-old law whose contours, like the shore, have worn away with time, yielding to much wider application.

The CFAA was conceived in the wake of the Matthew Broderick movie WarGames, about a hacker who inadvertently almost starts a nuclear war. The original drafters focused narrowly on government computers and the intent of the intrusion.

But changes in the law and vague wording have turned “unauthorized access” to a computer into a prosecutorial blank check.

Eleven years ago, nearby Fiddletown resident Bret McDanel was jailed under the CFAA for a crime the government later admitted he hadn’t really committed.

McDanel noticed a security flaw in his firm Tornado Development’s Web-based communications software. He told his supervisors, but his concerns went unaddressed. After leaving their employ, he sent an email to all the software’s users informing them of the issue. The Amador County resident was charged with undermining the “integrity of a computer system.”

By the time the feds admitted the law wasn’t meant to protect a software company’s reputation, he had already served his 16-month sentence. He’d lost his fiancée and was living with his parents, while his former employer had gone out of business. But McDanel can surely tell you which way the railroad runs.

As Keys has discovered, the feds lean hard and wear you down. He faces up to $750,000 in fines and 25 years in prison.

Swartz initially faced only 35 years, but four months before his death (20 months after his initial arrest), they added nine more felony counts, raising his jeopardy to 50 years. The idea, critics say, was to squeeze a plea out of him; Swartz found a different way out.

Swartz’s act of martyrdom generated a firestorm of protest. It caught the attention of Bay Area Congresswoman Zoe Lofgren, who sponsored (still-stalled) legislation known as Aaron’s Law to change some CFAA provisions.
“In talking to Aaron’s family and others who were involved in his situation, it was a real eye-opener to what happens in the criminal-justice system,” says Lofgren. “What they felt was very abusive was this sort of thing where you more or less try to extort concessions through the use of overprosecution.”
Keys’ odyssey appears to be drawing to its close, for better or worse. His last court appearance, on April 2, was accompanied by news that the case had gone to “reverse proffer.” This involves the prosecution sharing their case with the defense, generally with an eye toward an agreement.

Nearly all those swept up in the feds’ Anonymous-related enforcement actions have been processed. The sole remaining exceptions are Keys and cooperating ringleader Monsegur. In January, Monsegur’s sentencing was delayed for a third time, so it’s not difficult to believe he’s the bow on the whole operation.
Keys is certainly guilty of something, but probably not a felony. In that respect, he’s perhaps a victim of cybercrime’s intrigue and a prosecutor’s desire to leverage that publicity.

“Any case that has the word ’cyber’ in it brings headlines, because it’s interesting. There’s a degree to which careers are made this way,” says Leiderman. “’Cyber prosecutor blah-blah-blah.’ Nobody reads the ’blah-blah-blah.’ They just go, ’They caught a cybercriminal. Fantastic.’”

Lofgren continues to push changes in the law to make it less prone to abuse. Unfortunately, there’s precious little to be done about overzealous prosecutors.

“You really can’t impose good judgment legislatively,” Lofgren says, “but we do need to have better oversight over the Department of Justice.”

twitter Facebooktwittergoogle_pluslinkedinmail