The prosecution claimed that using wget was an unauthorized access under the cfaa because, direct quote I wrote down, Manning was: "only allowed to view one document at a time using a web browser."
To emphasize how scary hackerish wget was, they said that someone: "could not see wget from five feet away. It is a command-line program...it can run in the background."
To talk about how Manning was clearly a hacker, they explained how he:
* "used wget to create functionality that did not exist";
* "had to program wget—wget did not have a GUI, therefore it was not as simple as double-clicking"
* "had to research how to program wget" (by which they meant forensic evidence that he had consulted the wget man page!!)
They also mentioned that there was forensic evidence he had searched google for "computer programming".
That's just wget. In addition, they claimed that writing a VBA macro in Excel to bulk download contact info from Outlook was also a CFAA violation, because Outlook didn't offer a mass export function, so writing a VBA macro (in another part of the Office suite!) was a CFAA violation.
Yeah, scary stuff. Manning was convicted of the CFAA charge by the judge.
> But as a military soldier they could almost as easily have charged him with simply downloading information without authorization, wget or not.
They did charge him with various "mis-use of classified information" violations -- he pled guilty to most of them. The CFAA charge was an additional charge, carrying additional potential jail time, and it's one of the ones he was fighting in court (others he pled guilty to).
That's why they were 'bothering with wget', specifically to try and prove the CFAA charge (which he was convicted of) -- it was specifically about 'authorization' under the CFAA, not about COs permission under any rules or regulations related to classified information.
And regardless of what you think of Manning, it's the CFAA stuff that's scary for the rest of us computer programmers.
Yeah, I can definitely see where you're coming from here. This particular charge might even be a better poster child for CFAA reform than Swartz or weev's cases, since in Manning's case this is essentially a wide-area LAN access and not going to an external third-party's network. (edited WLAN to be what I meant)
I think Manning's case is definitely a better example for CFAA reform than Swartz's or Weev's. With Swartz, MIT intended to kick him off the network. With Weev, AT&T intended, poorly, to keep that data secret. But with Manning, there was no attempt o keep that data from Manning. He had access to it.
They'd basically be using an expert to testify that doing something didn't require said expert. Like having an auto mechanic testify that changing your oil is dead simple.
I mean, it is probably possible to convincingly make that case, but it seems a bit tricky.
I'd think it would be more akin to getting an astrophysicist to testify that "F = ma" is something taught in an introductory physics class and isn't indicative of someone being an expert.
just shows how stupid the judge is. Or that the US Courts are not this independent from the Executive branch after all. Just rubber stamping Big Gov demands.
The best synopsis I could find for the dubiousness of the government's approach is from bradleymanning.org [1]:
"The government says that Bradley Manning used the automated downloading program Wget to retrieve hundreds of thousands of State Department cables from the Net-Centric Diplomacy database, and that use of Wget alone constitutes exceeding his authorized access to data, a violation of the Computer Fraud and Abuse Act."
...
"The Government has not introduced any evidence to suggest that PFC Manning was not permitted to view the cables in question. The Government has not introduced any evidence to suggest that PFC Manning was not permitted to download the cables in question. The Government simply asserts that PFC Manning was not permitted to download them using a certain program, Wget. (Sec. 6)
The Government is simply incorrect in asserting that the use of an unauthorized program to download information automatically converts what would otherwise be authorized access to that information into “exceeding authorized access.” Whether or not PFC Manning used Wget to download the information he had access to is irrelevant; under the language of Section 1030, as well as this Court’s ruling and all legal authorities, PFC Manning could not have exceeded his authorized access because he was authorized to obtain the information he obtained. That is, “exceeds authorized access” is not concerned with the manner in which information to which one has access is downloaded; it is rather concerned with whether the accused was authorized to obtain or alter the information that was obtained or altered. (Sec. 8)"
This is surely one of the more bizarre arguments. Does the law draw a distinction between different client applications used to make HTTP requests? Are web browsers somehow privileged because they both fetch resources from web servers and attempt to render them visually in a frame? Is the issue that it's easier to script wget or curl than a browser, so it becomes possible to download more resources more quickly? The argument seems prima facie nonsensical.
You could make an argument that the government can direct usage of a certain end-user app (which is why I'm sitting here on f'in IE 7 instead of something decent).
However in this case I think it would be more equivalent to charging Manning with using a handtruck to move paper files instead of carrying them one-by-one; i.e. a pretty lame excuse for a charge.
No, because in a browser you are expected (or forced) to do lots of clicking and double-clicking, and that limits how much info you can access in a given amount of time.
"In the Manning case, the prosecution used Manning's use of a standard, more than 15-year-old Unix program called Wget to collect information, as if it were a dark and nefarious technique. Of course, anyone who has ever called up this utility on a Unix machine, which at this point is likely millions of ordinary Americans, knows that this program is no more scary or spectacular (and far less powerful) than a simple Google search."
Clearly he has never used Wget. It is dark and nefarious and riddled with confusing options that should have sensible default combinations. There's dozens of rules you must follow when using certain parameters, and no simple "turn on all the sane defaults for downloading a website" option. Example from the man page:
Note that Wget will behave as if -r had been specified, but only
that single page and its requisites will be downloaded. Links from
that page to external documents will not be followed. Actually, to
download a single page and all its requisites (even if they exist
on separate websites), and make sure the lot displays properly
locally, this author likes to use a few options in addition to -p:
wget -E -H -k -K -p http://<site>/<document>
And that doesn't even handle more than one page, recursion, 3rd-party-site recursion limits, timeouts, SSL, cookies, forms, user agents, etc. If it's a choice between using Wget and being waterboarded, i'm not so sure I would choose the former over the latter.
--mirror
Turn on options suitable for mirroring. This option turns on recursion and time-stamping, sets infinite recursion depth and keeps FTP directory listings. It is
currently equivalent to -r -N -l inf --no-remove-listing.
This is part of the wider process of turning being technologically skillful (or at least, more skillful than those in power) into a crime in itself. We've already seen countless of examples, and it's really nothing new.
It started way back when the establishment managed to get society to equate "hacker" with "criminal". Many have argued that we should just accept that as a historical fact, but the propaganda was deliberate and the process that created the propaganda has only gathered strength since.
You suggest that the modern vilification of hackers (such as Bradley Manning) is analogous to the medieval burning of witches. I assert that hackers and witches also have something else in common.
The spells that witches cast are analogous to the code that hackers develop. They are both writing in esoteric languages that can create things and cause actions. Witches' power is magical, but hackers' power is virtual. Neal Stephenson uses the Sumerian word namshub to describe this idea in his novel Snow Crash.
"Hitler had access to American newspapers" - yes and someone in the US military who leaked information useful to the enemy to one would have aided the enemy. This isn't "anyone gives information to the press", it's someone subject to military law giving information away.
Manning was acquitted on the charge but the article tries to imply that no-one should ever be convicted on the basis of giving information to a "good" party that allows the "enemy" to receive it.
Which is bonkers - the press routinely have to get handled by the military because they, through ignorance or not caring, will often aid the enemy with information.
From a UK example the BBC during the Falklands exasperated the military because it routinely broadcast information of assistance to the Argentines because they didn't know any better. It isn't the fault of the journalists, it's the fault of the military personnel telling them the information.
The article rightly points out Government's abuse of general ignorance of tech. At the same time it falls into the opposite trap of the "information should be free" brigade.
The standard for claiming someone aided the enemy should be naming the enemy. Which enemy did Bradley Manning aid? Who are our enemies? Why are you talking about censoring the press during times of war when we are not officially at war?
Good points all, but at least the "aiding the enemy" charge didn't stick, perhaps for the obvious reason you cite. Now if the judge weren't too dense to understand "wget and IE are both web clients, with only superficial differences", the whole affair wouldn't have been quite such a travesty. Although IMHO locking someone up in solitary, incommunicado, without trial, for years (much of that time without clothing) is so damaging that a defendant must be assumed to have been left in no condition to vigorously defend himself, and all verdicts should have been "not guilty" for that alone.
O/T: when I typed "aiding the enemy" into G, the word it suggested next was "pokemon". LOL.
I listed an example, not the only example. Most spies, after all, only gave up their information to a single "enemy".
Like inductive reasoning, one example is all the law requires here, and for good reason.
For stuff that was actual whistleblowing of war crimes (i.e. the stuff actually beneficial to that nation of 300 million) there can be no charge of aiding the enemy. But for all the rest, there could have.
Luckily the judge threw in an extra element to the UCMJ (which was written for a pre-Internet age). But that still didn't help with most of the rest.
An interesting side-note about the Falklands, the restrictions on reporting resulted in this wonderful quote from the late BBC correspondent Brian Hanrahan
"I'm not allowed to say how many planes joined the raid, but I counted them all out, and I counted them all back" [1]
I'm not saying Manning shouldn't have been found guilty of breaking some military rules, but the biggest charges are mostly bullshit. How was it "espionage" what he did? Did we lose track of what espionage means? Or is the government twisting every word in the dictionary to mean whatever they want it to mean now?
Manning should've gotten a few years in prison at most, if that. It's quite obvious the government's hand is all over this case to scare future whistleblowers.
Anyway, is there any hope for Manning, now? Can the case still go to the Supreme Court, or is this over?
> Or is the government twisting every word in the dictionary to mean whatever they want it to mean now?
Without commenting on this particular case I want to note that it is not just the government that engages in this practice but that business and governments have a very rich history of creative redefinition of terms to stretch their meaning well past the breaking point.
Espionage means nothing more or less than trying to gain unauthorized access to national security information. There's no requirement you deliver it to an enemy personally (otherwise how would you have charged Soviet spies if you caught them before they delivered the information to the USSR), and it doesn't even matter that you have "good intent" (just ask that Israeli spy who is still in prison despite spying for an 'ally').
Manning's case will be appealed to Court of Appeals for the Armed Forces (there might be an Army-specific appeals court before that too, the Navy/Marines have something like that but I'm not sure if Army does).
After the CAAF it can be appealed to the U.S. Supreme Court, but other than that it's final.
Say I walked into Intel, downloaded tons of information about their fab technology, and walked out with it on a USB key. Does whether I call that "corporate espionage" depend on whether I hand that USB key over to AMD or ArsTechnica?
Caveat: I think Manning deserves a good while in prison, life or how long, meh, I'm not a judge. The primary reason I think this is because he didn't release specific information because he felt that it was incriminating. He mass dumped a bunch of stuff he hadn't read which to me screams: I'm pissed, so I'll dump this shit to be important, consequences and significance be damned. Snowden, a little more conflicted on, definitely more sympathetic.
As a former DoD employee, the hacker paranoia definitely scares me. I used scripts and wrote command line tools for analysis since the tools given were insufficient or just plain sucked. The arguments listed by jrochkind1 could have been applied to me. I certainly have never leaked any information but from the comments below it seems that programming and command line tools themselves are now considered crimes because they can be more powerful although the bulk of normal people are uninterested in using them. Should he be tried and convicted for what he did? Yes (IMO). Should he be tried and convicted because he was what most would consider a power user? No. That's like tacking on charges for a murderer for being too accurate. It deflates the validity of the governments claims, exposes the legal argument to some risk, and creates ridiculous precedent.
There is a scary amount of anti-tech stuff going on now, though I guess that should be expected. Thinking of pg's What People Can't Say essay here, since the computer illiterate are still in charge of most things, while simultaneously the computer literate are now ascendant. I expect it will get worse before it gets better.
Of course, if you want to have more judges and politicians with a useful level of programming and other technical skills, then you might have to take into consideration the apparent correlation between the development of programming and technical skills and the tendency for people to turn into raving libertarian anarchists.
If every judge appointed in the USA over the next 20 years turns out to be an anarchist, it will be a good start. Don't underestimate the depth of the hole we've dug for ourselves.
I still have yet to find anything supporting the government's accusations. Has anyone else? (I am in no way in support of this decision, however I would like to see the government's argument presented as clearly as was presented in this article if that is possible.)
The only way you're going to get a presentation of the government's case is from the court transcript; the prosecution isn't writing articles.
So the court is not releasing public transcripts, but some people organized to crowdfund an independent court recorder.
So here's the prosecution's closing arguments; they are VERY long and repetitive (I was there watching in person, I haven't yet read the transcripts) but burried in here is where you're going to find the prosecution's own presentation of their argument.
MOST of the CFAA stuff is probably in the afternoon session, but there might have been a bit at the end of the morning too.
Thank you. I don't quite know how to word this without sounding terrible but here goes. I find it weird that so many articles have been written by very passionate people about how this case has so many holes in it. What is odd is that there is no counterpoint provided by other passionate people about why this verdict is right. I've never seen news articles so one sided in favor of the defendant before with nothing in favor of the prosecution.
There are a variety of offenses under the Uniform Code of Military Justice that aren't crimes in the civilian world. Courts-martial tend to be nasty because of it.
Here's an example: Article 92 of the UCMJ - Failure to obey a lawful order [1]. This is a pretty broad Article, mostly because everyone is ordered to obey the UCMJ and other laws. So you get prosecuted for it in addition to your other crimes.
So, a person who gets arrested for DUI out in town is actually guilty of Article 92 in addition to Article 111 (Drunken or Reckless Driving).
To compound this, you also have Article 134, which specifies,
>>“Though not specifically mentioned in [the UCMJ], all disorders and neglects to the prejudice of good order and discipline in the armed forces, all conduct of a nature to bring discredit upon the armed forces, and crimes and offenses not capital, of which persons subject to this chapter may be guilty, shall be taken cognizance of by a general, special, or summary court-martial, according to the nature and degree of the offense, and shall be punished at the discretion of that court.”
So, this means that anything that can be proven to have a "detrimental effect on good order and discipline" is also punishable by court-martial. And that's a distinct crime from Article 92. So that guy who got a DUI? He's actually charged with three things - Article 111, Article 92, and Article 134. All for the same offense. And yes, he's punished for all three. Even nastier, there's no double jeopardy for 92 and 134 because they have no civilian versions. So, you can be tried under civilian court for DUI and lose your license and then lose your rank and pay under the UCMJ for the exact same crime with two different legal proceedings.
Now look at Bradley Manning's case, and you can pretty easily see that his actions could be punishable under these two Articles alone. And that's what they did. His guilt in these charges isn't even close to being in question.
Just? Personally, I think so, but I'm colored by my own views and experiences. Your opinion might differ. But it's most definitely legal and will beat appeal.
I know what you mean, although I'm not entirely sure it's true -- could it be sampling bias, are there lots of passionate anti-Manning articles out there, you just aren't seeing them in the places you are looking?
I'm not sure I agree with you that 'news articles' in general have been generally pro-Manning. In general, I think mainstream media has been pretty incompetent at covering this trial, generally ignoring it, and not doing a very good job of explaining it.
But, if there really are lots of passionate articles pro-Manning, but hardly any passionate anti-Manning articles... what do you think the explanation is?
It could also be that the government's case on the contested charges in particular really was bonkers. It's hard for someone to passionately defend it without seeming like a moron.
I do think it's notable that it's the government that decided not to make transcripts of this theoretically public trial available. The only reason you even have access to the prosecution's closing argument is because pro-Manning folks funded their own freelance court reporter.
It could definitely be sampling bias, but with that I'm not sure where any anti-manning articles would be posted in the first place. I thoroughly agree that mainstream media hasn't covered this case as much as it should have been. I'd argue this is just as important as the trayvon Martin case ( I mean the guy literally got away with manslaughter. I guess after thinking about it for a while, the reason people wouldn't be upset about this, thus all the pro-manning articles and nearly no anti-manning articles are a result of only hackers genuinely caring about the misapplication of these poorly worded and over stretched laws they used to "prove" manning guilty of "computer fraud" whatever the hell that is.
The prosecution claimed that using wget was an unauthorized access under the cfaa because, direct quote I wrote down, Manning was: "only allowed to view one document at a time using a web browser."
To emphasize how scary hackerish wget was, they said that someone: "could not see wget from five feet away. It is a command-line program...it can run in the background."
To talk about how Manning was clearly a hacker, they explained how he:
* "used wget to create functionality that did not exist";
* "had to program wget—wget did not have a GUI, therefore it was not as simple as double-clicking"
* "had to research how to program wget" (by which they meant forensic evidence that he had consulted the wget man page!!)
They also mentioned that there was forensic evidence he had searched google for "computer programming".
That's just wget. In addition, they claimed that writing a VBA macro in Excel to bulk download contact info from Outlook was also a CFAA violation, because Outlook didn't offer a mass export function, so writing a VBA macro (in another part of the Office suite!) was a CFAA violation.
Yeah, scary stuff. Manning was convicted of the CFAA charge by the judge.