Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Prosecutors admit error in whistleblower conviction

From: InfoSec News <isn () c4i org>
Date: Wed, 15 Oct 2003 03:22:28 -0500 (CDT)
http://www.theregister.co.uk/content/55/33393.html

By Kevin Poulsen, 
SecurityFocus
Posted: 14/10/2003
   
Federal prosecutors in Los Angeles will ask a court to set aside the
conviction of a man who served 16 months in federal prison for blowing
the whistle on an ex-employer's cybersecurity holes, officials said
Tuesday.

Without providing details, a spokesman for the U.S. Attorney's Office
in Los Angeles confirmed that the office's appellate division will
move this week to vacate Bret McDanel's felony conviction.

McDanel, 30, was convicted last year under the Computer Fraud and
Abuse Act for sending 5,600 e-mail messages to customers of his former
employer, the now-defunct e-mail provider Tornado Development, Inc.,
warning about a security hole in Tornado's service that left private
messages vulnerable to unauthorized access.

After a court trial, federal judge Lourdes Baird found McDanel guilty
of unauthorized access, accepting prosecutors' arguments that McDanel
abused Tornado's e-mail servers to send the messages. The judge found
that McDanel caused the statutorily-required $5,000 in damage in part
by bogging down those servers, and in part by harming the company's
reputation by disclosing the bug.

McDanel appealed last August, arguing that the judge misconstrued the
Computer Fraud and Abuse Act.

A federal prosecutor said Tuesday that the government was conceding
that point, and would file a rare "Confession of Error" acknowledging
that McDanel was convicted through an incorrect reading of the law.  
"The Confession of Error says we don't believe that simply disclosing
the fact of the vulnerability itself constitutes damage," said the
official.

McDanel's appellate attorney, Jennifer Granick at Stanford
University's Center for Internet and Society, could not be reached for
comment Tuesday.

A government press release issued at the time of McDanel's sentencing
colored him a "computer spammer," and touted the case as the first to
go to trial in Los Angeles under the Computer Fraud and Abuse Act.  
McDanel has already served his full 16-month prison term.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: