
Bradley Manning and "hacker madness" scare tactic - Libertatea
http://www.newscientist.com/article/dn23981-bradley-manning-and-hacker-madness-scare-tactic.html?cmpid=RSS%7CNSNS%7C2012-GLOBAL%7Conline-news#.UfuDdlM6dEk
======
jrochkind1
After attending the closing arguments, I wrote an article:
[http://indyreader.org/content/thoughts-attending-bradley-
man...](http://indyreader.org/content/thoughts-attending-bradley-mannings-
computer-crimes-trial)

The prosecution claimed that using wget was an unauthorized access under the
cfaa because, direct quote I wrote down, Manning was: "only allowed to view
one document at a time using a web browser."

To emphasize how scary hackerish wget was, they said that someone: "could not
see wget from five feet away. It is a command-line program...it can run in the
background."

To talk about how Manning was clearly a hacker, they explained how he:

* "used wget to create functionality that did not exist";

* "had to program wget—wget did not have a GUI, therefore it was not as simple as double-clicking"

* "had to research how to program wget" (by which they meant forensic evidence that he had consulted the wget man page!!)

They also mentioned that there was forensic evidence he had searched google
for "computer programming".

That's just wget. In addition, they claimed that writing a VBA macro in Excel
to bulk download contact info from Outlook was also a CFAA violation, because
Outlook didn't offer a mass export function, so writing a VBA macro (in
another part of the Office suite!) was a CFAA violation.

Yeah, scary stuff. Manning was convicted of the CFAA charge by the judge.

~~~
mpyne
Yeah, the technical arguments are all stupid.

But as a military soldier they could almost as easily have charged him with
simply downloading information without authorization, wget or not.

Classification requirements have 3 elements:

1\. A valid security clearance for the information to be obtained. 2\. CO's
permission. 3\. Need to know.

They wouldn't even have to bother with wget at all thanks to 2. and 3., except
perhaps to make it more clear that Manning failed 2 here.

~~~
jrochkind1
> _But as a military soldier they could almost as easily have charged him with
> simply downloading information without authorization, wget or not._

They _did_ charge him with various "mis-use of classified information"
violations -- he pled guilty to most of them. The CFAA charge was an
_additional_ charge, carrying additional potential jail time, and it's one of
the ones he was fighting in court (others he pled guilty to).

That's why they were 'bothering with wget', specifically to try and prove the
CFAA charge (which he was convicted of) -- it was specifically about
'authorization' under the CFAA, not about COs permission under any rules or
regulations related to classified information.

And regardless of what you think of Manning, it's the CFAA stuff that's scary
for the rest of us computer programmers.

~~~
mpyne
Yeah, I can definitely see where you're coming from here. This particular
charge might even be a better poster child for CFAA reform than Swartz or
weev's cases, since in Manning's case this is essentially a wide-area LAN
access and not going to an external third-party's network. (edited WLAN to be
what I meant)

~~~
rayiner
I think Manning's case is definitely a better example for CFAA reform than
Swartz's or Weev's. With Swartz, MIT intended to kick him off the network.
With Weev, AT&T intended, poorly, to keep that data secret. But with Manning,
there was no attempt o keep that data from Manning. He had access to it.

------
nohuck13
The best synopsis I could find for the dubiousness of the government's
approach is from bradleymanning.org [1]:

"The government says that Bradley Manning used the automated downloading
program Wget to retrieve hundreds of thousands of State Department cables from
the Net-Centric Diplomacy database, and that use of Wget alone constitutes
exceeding his authorized access to data, a violation of the Computer Fraud and
Abuse Act."

...

"The Government has not introduced any evidence to suggest that PFC Manning
was not permitted to view the cables in question. The Government has not
introduced any evidence to suggest that PFC Manning was not permitted to
download the cables in question. The Government simply asserts that PFC
Manning was not permitted to download them using a certain program, Wget.
(Sec. 6)

The Government is simply incorrect in asserting that the use of an
unauthorized program to download information automatically converts what would
otherwise be authorized access to that information into “exceeding authorized
access.” Whether or not PFC Manning used Wget to download the information he
had access to is irrelevant; under the language of Section 1030, as well as
this Court’s ruling and all legal authorities, PFC Manning could not have
exceeded his authorized access because he was authorized to obtain the
information he obtained. That is, “exceeds authorized access” is not concerned
with the manner in which information to which one has access is downloaded; it
is rather concerned with whether the accused was authorized to obtain or alter
the information that was obtained or altered. (Sec. 8)"

[1] [http://www.bradleymanning.org/featured/incompetent-
overprose...](http://www.bradleymanning.org/featured/incompetent-
overprosecution)

EDIT: clarified

~~~
RyanMcGreal
This is surely one of the more bizarre arguments. Does the law draw a
distinction between different client applications used to make HTTP requests?
Are web browsers somehow privileged because they both fetch resources from web
servers and attempt to render them visually in a frame? Is the issue that it's
easier to script wget or curl than a browser, so it becomes possible to
download more resources more quickly? The argument seems _prima facie_
nonsensical.

~~~
jaxb
No, because in a browser you are expected (or forced) to do lots of clicking
and double-clicking, and that limits how much info you can access in a given
amount of time.

~~~
oakwhiz
How would download manager browser extensions play into this?

~~~
RyanMcGreal
Or an external macro script that moves the mouse and clicks stuff?

Seriously, it's a ridiculous distinction and I'm discouraged that a Court
would allow it to stand.

------
peterwwillis
_" In the Manning case, the prosecution used Manning's use of a standard, more
than 15-year-old Unix program called Wget to collect information, as if it
were a dark and nefarious technique. Of course, anyone who has ever called up
this utility on a Unix machine, which at this point is likely millions of
ordinary Americans, knows that this program is no more scary or spectacular
(and far less powerful) than a simple Google search."_

Clearly he has never used Wget. It is dark and nefarious and riddled with
confusing options that should have sensible default combinations. There's
dozens of rules you must follow when using certain parameters, and no simple
"turn on all the sane defaults for downloading a website" option. Example from
the man page:

    
    
               Note that Wget will behave as if -r had been specified, but only
               that single page and its requisites will be downloaded.  Links from
               that page to external documents will not be followed.  Actually, to
               download a single page and all its requisites (even if they exist
               on separate websites), and make sure the lot displays properly
               locally, this author likes to use a few options in addition to -p:
    
                       wget -E -H -k -K -p http://<site>/<document>
    

And that doesn't even handle more than one page, recursion, 3rd-party-site
recursion limits, timeouts, SSL, cookies, forms, user agents, etc. If it's a
choice between using Wget and being waterboarded, i'm not so sure I would
choose the former over the latter.

~~~
mh-

        --mirror
               Turn on options suitable for mirroring.  This option turns on recursion and time-stamping, sets infinite recursion depth and keeps FTP directory listings.  It is
               currently equivalent to -r -N -l inf --no-remove-listing.

~~~
peterwwillis
I have read the man page. Note the quote I took from it.

------
bowlofpetunias
This is part of the wider process of turning being technologically skillful
(or at least, more skillful than those in power) into a crime in itself. We've
already seen countless of examples, and it's really nothing new.

It started way back when the establishment managed to get society to equate
"hacker" with "criminal". Many have argued that we should just accept that as
a historical fact, but the propaganda was deliberate and the process that
created the propaganda has only gathered strength since.

Witches and heretics, the lot of you.

~~~
schackbrian
You suggest that the modern vilification of hackers (such as Bradley Manning)
is analogous to the medieval burning of witches. I assert that hackers and
witches also have something else in common.

The spells that witches cast are analogous to the code that hackers develop.
They are both writing in esoteric languages that can create things and cause
actions. Witches' power is magical, but hackers' power is virtual. Neal
Stephenson uses the Sumerian word namshub to describe this idea in his novel
Snow Crash.

------
cmdkeen
"Hitler had access to American newspapers" \- yes and someone in the US
military who leaked information useful to the enemy to one would have aided
the enemy. This isn't "anyone gives information to the press", it's someone
subject to military law giving information away. Manning was acquitted on the
charge but the article tries to imply that no-one should ever be convicted on
the basis of giving information to a "good" party that allows the "enemy" to
receive it.

Which is bonkers - the press routinely have to get handled by the military
because they, through ignorance or not caring, will often aid the enemy with
information.

From a UK example the BBC during the Falklands exasperated the military
because it routinely broadcast information of assistance to the Argentines
because they didn't know any better. It isn't the fault of the journalists,
it's the fault of the military personnel telling them the information.

The article rightly points out Government's abuse of general ignorance of
tech. At the same time it falls into the opposite trap of the "information
should be free" brigade.

~~~
betterunix
The standard for claiming someone aided the enemy should be _naming the
enemy_. Which enemy did Bradley Manning aid? _Who are our enemies?_ Why are
you talking about censoring the press during times of war _when we are not
officially at war_?

~~~
rbanffy
> Who are our enemies?

Eastasia. We've always been at war with Eastasia.

------
mtgx
I'm not saying Manning shouldn't have been found guilty of breaking some
military rules, but the biggest charges are mostly bullshit. How was it
"espionage" what he did? Did we lose track of what espionage means? Or is the
government twisting every word in the dictionary to mean whatever they want it
to mean now?

Manning should've gotten a few years in prison at most, if that. It's quite
obvious the government's hand is all over this case to scare future
whistleblowers.

Anyway, is there any hope for Manning, now? Can the case still go to the
Supreme Court, or is this over?

~~~
jacquesm
> Or is the government twisting every word in the dictionary to mean whatever
> they want it to mean now?

Without commenting on this particular case I want to note that it is not just
the government that engages in this practice but that business _and_
governments have a very rich history of creative redefinition of terms to
stretch their meaning well past the breaking point.

Doubleplus ungood.

------
BWStearns
Caveat: I think Manning deserves a good while in prison, life or how long,
meh, I'm not a judge. The primary reason I think this is because he didn't
release specific information because he felt that it was incriminating. He
mass dumped a bunch of stuff he hadn't read which to me screams: I'm pissed,
so I'll dump this shit to be important, consequences and significance be
damned. Snowden, a little more conflicted on, definitely more sympathetic.

As a former DoD employee, the hacker paranoia definitely scares me. I used
scripts and wrote command line tools for analysis since the tools given were
insufficient or just plain sucked. The arguments listed by jrochkind1 could
have been applied to me. I certainly have never leaked any information but
from the comments below it seems that programming and command line tools
themselves are now considered crimes because they can be more powerful
although the bulk of normal people are uninterested in using them. Should he
be tried and convicted for what he did? Yes (IMO). Should he be tried and
convicted because he was what most would consider a power user? No. That's
like tacking on charges for a murderer for being too accurate. It deflates the
validity of the governments claims, exposes the legal argument to some risk,
and creates ridiculous precedent.

There is a scary amount of anti-tech stuff going on now, though I guess that
should be expected. Thinking of pg's What People Can't Say essay here, since
the computer illiterate are still in charge of most things, while
simultaneously the computer literate are now ascendant. I expect it will get
worse before it gets better.

------
w_t_payne
Of course, if you want to have more judges and politicians with a useful level
of programming and other technical skills, then you might have to take into
consideration the apparent correlation between the development of programming
and technical skills and the tendency for people to turn into raving
libertarian anarchists.

~~~
saraid216
What correlation? Seriously, show me numbers.

~~~
w_t_payne
About the same as between you and a sense of humour.

------
dev1n
I still have yet to find anything supporting the government's accusations. Has
anyone else? (I am in no way in support of this decision, however I would like
to see the government's argument presented as clearly as was presented in this
article if that is possible.)

~~~
jrochkind1
The only way you're going to get a presentation of the government's case is
from the court transcript; the prosecution isn't writing articles.

So the court is not releasing public transcripts, but some people organized to
crowdfund an independent court recorder.

So here's the prosecution's closing arguments; they are VERY long and
repetitive (I was there watching in person, I haven't yet read the
transcripts) but burried in here is where you're going to find the
prosecution's own presentation of their argument.

MOST of the CFAA stuff is probably in the afternoon session, but there might
have been a bit at the end of the morning too.

(AM)
[https://pressfreedomfoundation.org/sites/default/files/07-25...](https://pressfreedomfoundation.org/sites/default/files/07-25-13-AM-
session.pdf)

(PM)
[https://pressfreedomfoundation.org/sites/default/files/07-25...](https://pressfreedomfoundation.org/sites/default/files/07-25-13-PM-
session.pdf)

try searching for 'wget' in the PM one. i also recommend searching for "VBA",
that part was bonkers too.

~~~
dev1n
Thank you. I don't quite know how to word this without sounding terrible but
here goes. I find it weird that so many articles have been written by very
passionate people about how this case has so many holes in it. What is odd is
that there is no counterpoint provided by other passionate people about why
this verdict is right. I've never seen news articles so one sided in favor of
the defendant before with nothing in favor of the prosecution.

~~~
omegaham
Military here.

There are a variety of offenses under the Uniform Code of Military Justice
that aren't crimes in the civilian world. Courts-martial tend to be nasty
because of it.

Here's an example: Article 92 of the UCMJ - Failure to obey a lawful order
[1]. This is a pretty broad Article, mostly because everyone is ordered to
obey the UCMJ and other laws. So you get prosecuted for it in addition to your
other crimes.

So, a person who gets arrested for DUI out in town is actually guilty of
Article 92 in addition to Article 111 (Drunken or Reckless Driving).

To compound this, you also have Article 134, which specifies,

>>“Though not specifically mentioned in [the UCMJ], all disorders and neglects
to the prejudice of good order and discipline in the armed forces, all conduct
of a nature to bring discredit upon the armed forces, and crimes and offenses
not capital, of which persons subject to this chapter may be guilty, shall be
taken cognizance of by a general, special, or summary court-martial, according
to the nature and degree of the offense, and shall be punished at the
discretion of that court.”

So, this means that anything that can be proven to have a "detrimental effect
on good order and discipline" is also punishable by court-martial. And that's
a distinct crime from Article 92. So that guy who got a DUI? He's actually
charged with three things - Article 111, Article 92, and Article 134. All for
the same offense. And yes, he's punished for all three. Even nastier, there's
no double jeopardy for 92 and 134 because they have no civilian versions. So,
you can be tried under civilian court for DUI and lose your license and then
lose your rank and pay under the UCMJ for the exact same crime with two
different legal proceedings.

Now look at Bradley Manning's case, and you can pretty easily see that his
actions could be punishable under these two Articles alone. And that's what
they did. His guilt in these charges isn't even close to being in question.

Just? Personally, I think so, but I'm colored by my own views and experiences.
Your opinion might differ. But it's most definitely legal and will beat
appeal.

[1][http://usmilitary.about.com/od/punitivearticles/a/mcm92.htm](http://usmilitary.about.com/od/punitivearticles/a/mcm92.htm)

