
The free Web program that got Bradley Manning convicted of computer fraud - blumentopf
http://www.washingtonpost.com/blogs/worldviews/wp/2013/07/30/the-free-web-program-that-got-bradley-manning-convicted-of-computer-fraud/
======
anigbrowl
You know, I wouldn't rely on this article for accurate characterization of the
government's legal position. Saying 'prosecutors argued that...' and then
linking to a 2011 Guardian article threw up a red flag for me. That article
didn't describe prosecutor's arguments; it described expert witness testimony.
And the trespass was not the unauthorized nature of wget, although this was
mentioned in passing, but the way in which it was employed to access data from
the '.22' computer that was for secure/classified material.

wget is mentioned by the forensic expert in the context of describing how he
came to his conclusions, but that's a far cry from saying it's bad in and of
itself. Suppose I'm investigating a physical trespass, and I say that I
discovered characteristic bootprints in the area that perfectly matched a pair
of boots owned by the suspect. That doesn't mean the boots themselves are
illegal, it just shows that someone was wearing that particular pair of boots
while trespassing. As far as mentioning the non-authorized nature of wget,
it's equivalent to observing that the boots in my example were not regular
army issue.

I don't know precisely what prosecutors argued as I haven't obsessively
followed the trial, so if someone can link to a primary source that
contradicts the above I'm happy to be corrected. But as posted, the article
seems to be drawing an incorrect inference from another news report, an as
such is a questionable third-hand account of what prosecutors were really
saying.

~~~
joelhaus
This sounds accurate. My understanding is that the words "trespass" or
"computer fraud" are used in relation to:
[http://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act](http://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act)
(a law which I believe is generally construed far too broadly--even though it
looks to be appropriate here). Nothing to do with wget, he could've used a
browser to the same effect.

That said, this reporting is indicative of most of the "journalism" around
Snowden and Manning. While it's no longer surprising, it's still
disappointing.

------
venomsnake
Quantity has quality of its own. So does efficiency. When you make a process
much more efficient you after a tipping point convert it to something else
entirely - like the surveillance that. Technology is amplifier.

Of course getting 10 more years just because he used wget instead of bash
scripts that loop with nc is absurd.

But the fact that he used simple automation to do the job should be taken into
consideration. So should be the fact that solitary confinement is torture.

But the whole trial seemed like Kangaroo court to me anyway ...

Edit: Also technically he was authorized to use wget - he had permissions to
download it from wherever or to install the package and had permissions to set
the executive bit to true.

~~~
alan_cx
Not trying to justify Bradley's treatment in any way, but to put the other
side...

Is it not possible that wget was not authorized specifically because if would
make copying lots of file easier and quicker? I mean, if I were in charge of
sensitive data like that, it would be the sort of thing I want to consider. If
legit use is no say a file by file basis, then only a select few would need
some sort of batching tool. So, why make it easier? That fact that you can do
it other ways, I see no reason to then just allow anything. We all still have
locks on our doors, despite knowing a determined thief will defeat or
circumvent them.

~~~
GhotiFish
I see where you're going with this, but you're fixing that problem on the
wrong end. If they want to rate limit with exceptions, they should rate limit
with exceptions. Not insist all the clients limit themselves, with exceptions.

Following your analogy, we all have locks on our doors, despite telling
thieves not to steal our cars.

~~~
jacalata
But we don't let thieves get out of a conviction just because somebody had
easily bypassable or broken locks, either.

~~~
JanneVee
But it makes insurance harder to claim.

~~~
GhotiFish
And when they break your window because your lock was too good. WHAT DO YOU DO
THEN?

what were we talking about?

------
aqme28
Not authorizing wget and classifying that as computer fraud may have its
justification, but giving someone _10 years_ for what amounts to a form of
trespassing is _absurd._

~~~
jared314
They are making an example of him for publicly distributing classified
documents. The prosecution found every legal justification to convict him of
that crime.

~~~
ojbyrne
I'll admit to not really following the trial or general crime news, but it
seems like "making an example" has become significantly more common over the
past few years.

~~~
dredmorbius
Pity they don't take that concept to Wall Street.

~~~
aa0
They do but backwards. [http://dealbook.nytimes.com/2011/03/18/ex-goldman-
programmer...](http://dealbook.nytimes.com/2011/03/18/ex-goldman-programmer-
sentenced-to-8-years-for-theft-of-trading-code/)

------
gpcz
Assuming the computer was running Windows, you wouldn't need wget to perform
HTTP requests in batch -- you could make a VBScript to do it (src:
[http://stackoverflow.com/questions/204759/http-get-in-
vbs](http://stackoverflow.com/questions/204759/http-get-in-vbs) ). I would
assume that Windows (and therefore everything in it) would be considered
"authorized" in that case, but would the VBScript be considered unauthorized
software? If that's the case, would you need to get approval every time to
write macros to make your job more efficient?

Is there actually a line drawn in the military about what is considered
software?

~~~
megablast
Interesting, if the description in the article is true, would writing your own
program count as running a program not on the accepted list?

------
pothibo
This is crazy. If he had used IE "Save as a file", he wouldn't have been
convicted of fraud?

~~~
fnordfnordfnord
That's what some people might believe, after focusing on the minutiae of the
charges. I wouldn't bet on it though. Manning shamed and embarrassed his chain
of command, the gov't at large, the military at large, the diplomatic corps,
etc, etc. He was always going to get the book thrown at him; and the only
thing that might have stopped it is widespread public outrage.

------
CptCodeMonkey
Issue is wget.

>U.S. prosecutors pointed out that wget was not on the list of “approved”
programs for use in facility where Manning worked.

I know it sounds trivial but it was an unauthorized tool run on a system that
was supposed to be secure as that system was talking to SIPRNET. Above all the
other things PFC Manning has shown the world, he's also shown that security
standards & procedures around some of the most damning secrets the DOD & State
department could stupidly put on one fileshare was unprotected. Ironically
this stuff might have shown up in foreign intelligence circles even without
the PFC's actions.

------
DigitalSea
Wow, wget is one hell of a tool isn't it? I think it should be a requirement
that judges have to take a mandatory digital refresher course every 12 months
to ensure they can deal with cases like this because this is ridiculous.They
got him on a technicality, I guess they are clutching at straws and trying to
get him on as many things as they possibly can.

------
gambiting
So is the US government listing every single program authorized to be used on
their computer? And I mean every single one?

That would include: -ls -cat -bash

and in Windows land: explorer.exe

If he used windows explorer to copy those files, could they have argued that
explorer.exe was not on the list of authorized programs to use?

~~~
gte525u
Typically restricted access computers (govt or not) require an authorization
form to install software and require software to be installed by an authorized
person. Any use of programs not installed via that process (with supporting
paperwork) would be considered misuse. Even if the settings of the system do
not prevent an authorized user from performing those actions. Furthermore,
access to such systems will require the user also to sign an authorized use
form.

~~~
jlgaddis
> ... access to such systems will require the user also to sign an authorized
> use form.

As well as agreeing to such policies _every single time_ they log in to a
computer.

------
ibudiallo
Make sure you read the fine prints before you view source on a page.

------
morgante
wget likely came pre-installed...

~~~
muyuu
This was a Windows machine apparently. He used zip to compress, pointed to
sharepoint links... looks like an all-windows operation.

Looks like he downloaded and installed wget himself.

