

Post from "weev" (AT&T/ipad data hacker) on his arrest and treatment - robk
http://security.goatse.fr/hypocrites-and-pharisees

======
illumin8
He seems to be unfamiliar with the legal process, and really needs to get a
lawyer. From the partial scans of the US attorney's letter, it sounds like a
federal grand jury would like to subpoena him as a witness to testify about
the gathering of AT&T subscriber email addresses and "electronic chip IDs" (I
think the letter is technically incorrect). The letter informed him that if he
failed to appear he might also have criminal charges filed against him.

This is a normal part of the process of a federal criminal investigation. What
happens first is that a grand jury is formed. The jury investigates evidence,
calls witnesses, and tries to determine if a crime has been committed, and if
so, who committed the crime. Then, the grand jury might issue a federal
indictment, or it might just determine that no crime was committed and drop
the case completely.

If he or someone else is federally indicted, then he would be formally
arrested and have to go to federal court to stand trial as a criminal
defendent. It sounds like it has not gotten close to this point yet.

Edit: I also wanted to mention that you have no right to an attorney as a
witness of a grand jury. You may choose to have an attorney represent you and
be present, however, the financial burden is in no way the federal governments
to provide one for you. IF you are charged, then you may receive a public
defender if you have insufficient financial means to pay for your own defense.

Federal cases take months and years to prosecute. By refusing to participate
with the grand jury, he might be opening himself up to the fact that another
witness could implicate him and he might be indicted. Of course, there is also
the saying "if nobody talks, everybody walks."

He really needs to get good legal counsel and decide if he wants to testify in
front of the grand jury, and decide what he wants to say.

Also, he's not helping his cause any by speaking out on the web. Mentioning
his past anti-semite ramblings is also probably not the best way to gather
sympathy.

I also think he does a disservice to the security community as a whole to
advocate black hat ideology at hacker conferences, and then talk about
"responsible disclosure" and how he was just trying to protect the poor
customers of AT&T. This seems to be rewriting history.

------
boredguy8

      and found is in quotes for a good reason, as the drugs “found” near
      me were “found” in the execution of a warrant for computers only
    

For what it's worth, the Fourth Amendment protects against 'unreasonable'
searches and seizures. Anything found in the reasonable execution of a search
warrant is admissible.

I don't know where the myth came from that only evidence related to the
probable cause of the warrant is admissible. This is an on-face absurd
interpretation: by that logic, if the police entered a house to search for
evidence of felony tax evasion and stumbled upon a murder in progress, that
wouldn't be admissible because the police weren't in the house searching for a
murderer.

There is plenty of case law establishing limits on reasonability. For
instance, in the execution of a lawful search of an apartment looking for
weapons, officers saw a stereo that 'didn't fit the furnishings'. They lifted
up the bottom of the stereo to take down serial numbers, and the person was
arrested for having stolen the stereo. The problem, of course, is that weapons
aren't stored under the bottom of a flat-bottomed stereo, and certainly the
serial numbers weren't a reasonable part of the search for weapons.

But having drugs out in the middle of the room in 'plain view' is clearly
reasonable. Even from weev's own post, the drug evidence passes the _Horton_
test.

~~~
sp332
His point is that the original warrant had no probable cause. So _any_
evidence collected in its execution should be inadmissible.

~~~
boredguy8
The argument that there was no probable cause is very unlikely to hold up in
practice. The law is very lenient to the issuance and execution of warrants.

    
    
      Warrants are favored in the law and utilization of them will not 
      be thwarted by a hypertechnical reading of the supporting 
      affidavit and supporting testimony. For the same reason, 
      reviewing courts will accept evidence of a less "judicially 
      competent or persuasive character than would have justified an 
      officer in acting on his own without a warrant." Courts will 
      sustain the determination of probable cause so long as "there 
      was substantial basis for [the magistrate] to conclude that" 
      there was probable cause.
    

[http://caselaw.lp.findlaw.com/data/constitution/amendment04/...](http://caselaw.lp.findlaw.com/data/constitution/amendment04/02.html),
citing _United States v. Ventresca_ , _Jones v. United States_ , and _Aguilar
v. Texas_.

If you're interested in some of the intricacies of 4th Ammendment
jurisprudence, <http://www.law.yale.edu/documents/pdf/1994Fourth.pdf> is a
phenomenal article.

~~~
invisible
Shouldn't the person the warrant applies to be served and/or notified of the
warrant and given a copy? I was under the impression that a warrant was a way
to give police rights that they do not typically have according to civil
rights. It's a civil contract that they will not exceed the rights they are
given, so I'd assume he should be given a copy with an explanation of why his
rights are being lessened temporarily.

------
rdl
I think it's shameful that no one has stepped up to provide him with free, top
notch legal assistance. I'm relatively familiar with the case (I know weev
personally, too), and he is actually not exaggerating. This is exactly the
kind of case the EFF exists to defend. Yes, weev is a troll and a media whore,
but that doesn't automatically make him wrong.

Goatse behaved in the industry accepted standard way in popularizing a
security vulnerability -- full disclosure. I personally would have done the
same (although I would not have kept illegal drugs at my residence after doing
so, but I also would probably ventilate anyone breaking into my home without
clearly announcing a warrant...)

Free weev!

~~~
ErrantX
> Goatse behaved in the industry accepted standard way in popularizing a
> security vulnerability

Well, as someone working in the security industry I take slight issue with
this. They appear to have cashed in on the media coverage as much as possible
rather than focus on proper disclosure practices. I (and a lot of people in my
job, I think) would consider it just on the wrong side of unethical.

~~~
roc
The defense of freedoms often involves defending those who exercise them in a
way that we don't _approve_ of.

~~~
ErrantX
Agreed; and if he is being unfairly refused representation that is a serious
matter.

Additionally if he has broken no actual laws then that needs to be cleared up
and he needs to be apologized too.

However I feel there is an important distinction between defend and approve; I
would, for example, represent him. But I don't condone his approach to
disclosure :)

------
ttol
He definitely needs to get an attorney to prevent him from writing future
statements/positions in public. Now whomever represents him will have a much
harder time defending him since he's written an entire essay on the matter.
Each and every word, sentence, statement, and position can and will be used
against him.

------
st3fan
Full Disclosure != Free Speech.

You cannot just publish personal data and then call it 'free speech' and
'industry standard practice' of a 'journalist'.

Seriously .. where is the ethics in that?

How about actually trying to work with AT&T to get this fixed behind the
scenes? Oh no, of course not, because that would not result in the right kind
of exposure for these 'security experts'.

These things are all about ego and status. Hidden behind a thin shell of 'full
disclosure'.

~~~
furyg3
Well, it depends.

Testing/Evaluating/Disclosing an exploit isn't immoral in my mind, nor should
it be illegal (in a perfect world).

Disclosing private details of third paries is certainly immoral in my mind,
and should be illegal.

According to this logic publishing the exploit, so long as you're censoring
output, is fine. If someone uses your exploit to download personal data, it's
AT&T who is doing the immoral/hopefully-illegal disclosure. If that someone
uses your exploit and then publishes the data or does some other naughty thing
with it, book 'em.

You get moral brownie points under this logic if you notify the target after
you discover the exploit. It's not required, because disclosure _is_
notification. Nefarious-types aren't going to call up a bank to say "hey,
we're stealing all your customer records", nor will they disclose this hole to
the world.

Unpopular statement ahead: if you collect personal details, it's _your_ job to
secure _your_ systems, and it's _your_ fault if _your_ systems leak them. Of
course there's no such thing as 100% secure, but you're the one doing the risk
analysis and design.

~~~
ErrantX
> It's not required, because disclosure is notification.

In this case it doesn't entirely work because it is trivial to recover in the
information (so the disclosure/fix is hour sensitive rather than days
sensitive)

Also, in Full Disclosure it is accepted ethical practice to notify the
affected vendor and give them a reasonable time to fix it (In this case... I'd
give them 2 days).

It is also very definitely _not_ ethical to hand the data you got to the
media. :)

------
Sujan
I don't know anything about the story, but right now, it somehow looks like
he's quite a nutjob. Writing shorter, more precise and in a chronological
order of the events would really help the text to be more understandable and
get the point across.

The situation is probably quite stressful for him, but he somebody should
really help him work on the text so others understand what it's all about.

~~~
datasink
His personal blog is worth a read for some context:
<http://weev.livejournal.com>

He has some posts which suggest the FBI was bugging his apartment and covertly
following him around town. This was months prior to the release of the iPad
accounts. So, yes, I suspect he is dealing with some mental issues.

------
dlytle
If his claims are accurate, and only minimally influenced by hyperbole, it
appears he's at the center of a massive miscarriage of justice.

I'd be interested to see an analysis by someone who knows more about the law
than I do.

------
mfukar
"Big law firm did it but didn't get punished, yet I did it and got raided."

Really? Are you really going for this elementary school argument?

Doesn't help when you distort the concept of 'full disclosure' and related
practices, either.

No sympathy vote from me.

------
ErrantX
I am highly suspicious of the fact that this deals a lot with other cases and
his past run ins with the government and very little with the actual case (at
times it even seems to deliberately skip details).

As always; this is one side of the story and (thought I hate to say this) from
a somewhat troublesome person. I think it is reasonable to treat this as a
serious matter, but there needs to be a lot more objective insight before I'd
send him some money :)

------
st3fan
This whole article is not good for his case. I stopped reading halfway because
it looks like the typical crazy person rant.

What he needs to do is get proper legal counsel.

~~~
furyg3
You didn't read far enough, because he's being denied legal counsel.

~~~
rdl
He's being denied legal counsel for the drugs charges -- according to the
letter, they are all minor misdemeanors, although originally he was alleged to
have felony weight on him. That's actually a victory for him, so far.

The problem is there are potential actual felony charges under discussion,
related to the original computer crime warrant. While he hasn't been charged,
he doesn't get a public defender. If he's charged, he gets a public defender.

If I were in his shoes, I would absolutely be getting a lawyer (and I sent him
$100 toward that, and asked some friends who are lawyers to consider it).

Honestly, not getting an _Arkansas Public Defender_ is probably a victory for
him, too. I would rather represent myself than rely on AR PD to defend me in a
case like this.

~~~
ttol
I upvoted you for bringing clarity to why he was denied a public defender.

The fact that he can't get a public defender because no charges higher than
the misdemeanors were filed against him is, like you said, a good thing. He
misunderstood, and creates a conspiracy theory around it. This is likely the
case with most of his other points in the essay as well.

------
mikecane
Just because you don't "like" someone is no reason to violate the hell out of
his rights. If they do it to him, they _will_ do it to you. And your being
"liked" won't help you one damned bit.

~~~
ttol
I'm still not convinced that his rights were violated. He _says_ they are, but
this is a guy who wrote a giant essay about his case, and then published it on
the net, and ended it with a plea for donations/money. If I were in his shoes,
I'd have spent the time calling the EFF to see if they can help, and asking
for referrals. It almost seems like he is seeking attention.

Also, he seems to be able to obtain documents and requests from the gov to
print online, yet also claims he can't get access to them but mentions some
deadline. If you're not able to read the request/denied access to it, no judge
will hold the deadline over you. That's just conspiracy/crazy talk.

~~~
mikecane
Of course he's seeking attention. So would you if you were being handled as he
says he is. And who says the EFF has the manpower right now to handle his
case? This is like people who turn to Legal Aid at the last minute and are
shocked to find out they have limited resources, if not an outright waiting
list. And given the behavior of both the government post-9/11 and Apple
several years ago suing a rumor site out of existence, I'd rather bet on him
than either of them.

~~~
ttol
Disagree. He's not being "handled". It's essentially all in his head. And no,
I wouldn't seek attention like this. There is no upside. You fight the case in
court. That's where the battle is. His essay only hurts him.

To be clear, he's just being asked to serve as a witness and _hasn't been
charged with anything related to the iPad security_. He just doesn't
understand the legal process and is requesting things he is not entitled to
yet, such as a public defender, and spinning conspiracy theories when they are
denied. As of this moment, he is only facing a misdemeanor related to the
drugs the police found.

It's not clear whether or not the EFF has the manpower to help him. The essay
he wrote doesn't seem like he even tried. However, the EFF is usually very
helpful with referrals or pointers. This is from personal experience.

If you want to bet on him over the government or Apple, that's your choice.
Based on his actions so far (black hat approach to security disclosure;
writing a long, ranting essay filled with conspiracy theories about the case
and the way he is being "handled" and publishing it on the net), I'd most
certainly call your bet and laugh all the way to the bank.

~~~
mikecane
Fair enough.

------
phreeza
Unfortunate domain name. Almost didn't click it. But it is legit.

~~~
daten
Unfortunate site logo as well. Between his writing style, the content of some
of his posts, and the choice of name and logo, I'm finding it very difficult
to take this author seriously.

~~~
Robin_Message
Civil rights are actually not dependent on domain name, writing style, content
of writing, name, logo, or in general any damm thing at all. They are called
"unalienable rights" for a reason.

As Americans declared in a few days ago in 1776, "But when a long train of
abuses and usurpations, pursuing invariably the same Object evinces a design
to reduce them under absolute Despotism, it is their right, it is their duty,
to throw off such Government, and to provide new Guards for their future
security."

If what he says is true, then it is our right, and our duty, to stand up for
weev. If the government is this far in the wrong, then that is more important
than any single individual's actions. Give him some cash
(<http://security.goatse.fr/help>); write to the EFF; call your congressman;
ask an America you know to do the same; but please, find another thread for
discussing logos, e.g. <http://news.ycombinator.com/item?id=1493603>

If he is lying, then we need evidence he is lying, not that he has bad taste
in logos.

EDIT: I clarified the above to add the "If what he says is true... // If he is
lying..." without marking the edit, which I am now doing. I apologise if I
edited after the children had posted.

~~~
mbateman
Of course civil rights aren't dependent on anything. But whether we believe
his story that his civil rights are being violated is partially dependent on
his credibility, which seems at first glance to be pretty close to zero.

He claims that his civil rights are being violated in the same breath that he
claims that it happens to him all the time and that anti-semitism is okay. Why
should we believe any of this, exactly?

EDIT: Okay you edited your post to be conditional on him telling the truth and
requesting of evidence that he's lying. My point is just that crankishness is
typically evidence that someone is lying, or at least good reason to not take
things that people are saying at face value and to wait for independent
confirmation for whoever cares to look for it. There's a burden of proof issue
here.

~~~
Robin_Message
Kindly retract that he said "anti-semitism is okay."

Screenshot 1 and 2 of the threatened indictment seemed believable and imply he
is in legal trouble over a security disclosure. A quick search online implies
the disclosure was responsible, proportionate and AT&T are pissed about it
(e.g. [http://bits.blogs.nytimes.com/2010/06/13/att-explains-
ipad-s...](http://bits.blogs.nytimes.com/2010/06/13/att-explains-ipad-
security-breach/)). So, from those two things, coupled with the fact legal aid
is being denied to him, implies he is serious about needing help with a
lawyer.

Is he already on some kind of FBI shitlist? Maybe, maybe not, it's irrelevant.
Would it have been better not to mention it? Probably. Is he credible? I don't
see why not given the corroborating evidence.

~~~
mbateman
> Kindly retract that he said "anti-semitism is okay."

Fair enough. He didn't say anti-semitism is okay. What he did do, which
prompted my inaccurate comment, is admit to make "joking" videos about the
genocide of Jews which are in egregiously poor taste. And then go on to make
paranoid comments about the FBI manipulating the Jewish lobby and Jewish
reporters to alleging that he bombs synagogues, or something (I wasn't too
clear on this part).

~~~
Robin_Message
Thank you. He certainly did make such videos which he claimed to be parody
adding useful balance to the Israel/Palestine debate -- I think we would agree
that this was not useful, but I don't believe his intentions were anti-
Semitic.

~~~
ErrantX
It's hard to really say what his intentions are.

He does (going on his online postings) regularly spout anti-semitic nonsense,
but then he is a very troll like person. So it is hard to figure where his
real beliefs lie - he often _sounds_ serious, but then he may just be a
serious troll.

(and, also, I suppose it is arguable his intentions [trolling or meaning it]
are irrelevant because it still goes out there and communicates to people
without being clearly ironic)

------
openfly
Dude is nuttier than a baby ruth. He even somehow managed to pull the
"zionists" card.

------
jeb
A goatse symbol as his logo, makes anti-israel videos, has drugs lying around
his apartment, describes his own blog posts as excellent, and apparently
publicized some type of private information.

This is not a housewife being attacked by a SWAT team, it's someone who is
likely to drift in and out of such problems who happens to have drifted in.

------
stcredzero
He seems to be an unabashed anarchist when things are going his way. Now that
they aren't he's crying out about his rights.

------
eplanit
There is no doubt some ego-based confusion in his mind. It's evident from the
first sentences: "...I’m sure you’re all familiar with from my previous
excellent blog posts"

------
skn
Link to cached copy
[http://webcache.googleusercontent.com/search?q=cache:http://...](http://webcache.googleusercontent.com/search?q=cache:http://security.goatse.fr/hypocrites-
and-pharisees)

------
superk
I feel sorry for the dude. He is asking for our help via cash or writing to
our local, state and national representatives. That's a rock and hard place.

