Hacker News new | past | comments | ask | show | jobs | submit login
You are committing a crime right now (2012) (erratasec.com)
182 points by gpvos on Sept 8, 2013 | hide | past | favorite | 65 comments



Selective enforcement is the real power government and police wield over the common person. If the laws were fairly enforced, against everyone, equally, citizens and law enforcement would be on more common ground.

Instead, the breadth of laws on the books is far too wide for the average person to understand, with many of them vague enough to cast any person a criminal at any time. So those who have the power to cast down these punishments make deals. And the power to make those deals is where they derive this power. Do this, they say, and we won't throw the book at you. But defy us, and we have all manner of perfectly legal tools we can use against you.


American criminal law is rooted in intent. There is a strong element of selective enforcement in the process, but it's by design. The flip side of selective enforcement to jerk someone around is being able to not punish someone whose conduct falls within the letter of the law, but who didn't have criminal intent.

It's this reason that I think the book "3 felonies a day" is very weak. See some examples: http://www.threefeloniesaday.com/Youtoo/tabid/86/Default.asp....

The examples play fast and loose with the facts and the law. In the first example, the page leaves out a lot of the facts: http://www.justice.gov/opa/pr/2000/November/647enrd.htm. The defendants imported $4m of undersized and egg-bearing lobster tails in violation of multiple state and federal laws, and took measures to conceal the action showing their criminal intent. The page makes it seem like they were convicted based on one vague statute.

The second example leaves out the fact that the driver was fined only $75. The law in this case is very sensible: it's illegal to operate a motor vehicle in a Federal Wilderness Area. The driver did, even if he did only because there was a blizzard. Ironically, the page seems to have a beef here with the lack of selective enforcement!


Aren't there many new laws nowadays where there is strict liability, intent is not needed? And on top of that there is the entire section of negligence law, with no intent by definition, which is easier than you think to get caught in.


There are strict liability violations, but they tend to be things like traffic ordinances, not felonies. For example driving a motor vehicle in a wilderness is a strict liability offense, though its a misdemeanor punishable potentially by jail time. I think those are very troubling, and I'm against jail time for any non-violent crime, but they're not that pervasive.

But lots of otherwise troubling laws aren't strict liability. E.g. Child pornography possession requires knowledge of both possession and its status as child pornography. Drug laws are generally not strict liability.

Negligence law is civil, not criminal, except to the extent that reckless disregard is a state of mind satisfying intent requirements for a few limited gross negligence crimes (e.g. Locking the doors of a tightly packed nightclub).


“Did you really think that we want those laws to be observed?” said Dr. Ferris. “We want them broken. You’d better get it straight that it’s not a bunch of boy scouts you’re up against—then you’ll know that this is not the age for beautiful gestures. We’re after power and we mean it. You fellows were pikers, but we know the real trick, and you’d better get wise to it. There’s no way to rule innocent men. The only power any government has is the power to crack down on criminals. Well, when there aren’t enough criminals, one makes them. One declares so many things to be a crime that it becomes impossible for men to live without breaking laws. Who wants a nation of law-abiding citizens? What’s there it that for anyone? But just pass the kind of laws that can neither be observed nor enforced nor objectively interpreted—and you create a nation of lawbreakers—and then you cash in on guilt. Now that’s the system, Mr. Rearden, that’s the game, and once you understand it, you’ll be much easier to deal with.”


The CFAA is a shitty law, but this article apparently can't be troubled to read all of 18 USC 1030(a). All of the subsections require something more than mere access, and all require "knowing" intent. For example, subsection (1) requires knowing access to certain national security information. (4) requires a "protected" computer, knowing intent, intent to defraud, and obtaining something of value other than simple use of the computer.

In the common law there is this concept of implied license. You don't need explicit permission to enter a public store, but the store owner can revoke permission and if you enter the store knowing you don't have permission, you're committing a trespass. That's why the "knowing" part can't be ignored in the CFAA. That's why 3Taps lost against Craigslist--the IP block gave them notice of the fact that they were no longer entitled to access what is otherwise a public website.


"the IP block gave them notice of the fact that they were no longer entitled to access what is otherwise a public website."

The same logic could presumably criminalise the behaviour of making a new account on a site after your old account has been blacklisted.

This isn't so much about banning people from entering a premises, this is more like banning someone from looking at your roadside advertising signs by standing between them and a sign and then taking them to court when they glance round you.


A billboard is bad metaphor for a website. With a billboard, you can get the information while standing in public or private space not owned or controlled by the advertiser. So a billboard is more like banner ad than a website. A website as a public store seems to be the better metaphor.

That could mean that creating a new account after your old account was banned could be a crime. That's like putting on dark sunglasses and a beard and walking back into the store after you've been kicked out. It's trespassing which is a crime. The difference is in the real world, simple trespass does not result in a life-altering felony conviction with a jail sentence.


>The difference is in the real world, simple trespass does not result in a life-altering felony conviction with a jail sentence.

Isn't that enough of a difference? Property owners be responsible for security of their property to some extent. If there is a door with a key hanging next to the door and anyone is allowed in by simply using the publicly available key, is it really trespassing?


It is still trespassing. It doesn't have to be difficult to do something for it to be illegal.

I think the bigger issue is that trespassing is usually handled with a warning and, if it does go to court, is usually a misdemeanor or a low-grade felony. For this, it seems that accessing a server that you do not have permission to use is seen as much more serious than merely trespassing.

I can't see an argument that supports that position. Certainly, if you do anything to vandalize or disrupt the server, then you have crossed a line and should be prosecuted. Anything less should be handled more reasonably.


Creating a new account with a fake name directly interacts with the company's server. Looking at a roadside sign requires no activity on the part of the sign.


On the contrary, the sign must reflect photons into your eyes. :P


18 USC 1030(a)(2): "intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains— ... (C) information from any protected computer;"

18 USC 1030(e)(2): the term “protected computer” means a computer— (A) [computers used by financial institutions or the government] or (B) which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States [read as 'is on the internet']

So you're saying intent makes the difference. But I don't know how much that helps. We still have a state of reality in which the general public wanders the internet assuming they're allowed to access arbitrary websites without any explicit authorization from the operators. The strict (and obviously insane) interpretation is that they're all guilty because they know they haven't gone to Google's headquarters and gotten something like an authorization letter permitting them to do a search on google.com, but the alternative is the void for vagueness problem the author is trying to articulate: If you have implied authorization then where does impliedly authorized access end and unauthorized access begin? The line is so indistinct and open to interpretation that no one can say for sure, which is why all the hypotheticals (and some actual prosecutions) about mothers being jailed for Facebook posts and the like.


That is why the strict, and obviously insane, reading of the law is not the correct reading of the law. The intent element applies to every other element of the crime--you must intentionally (a) access a computer, (b) without authorization or inxcess or authorized access, and (c) obtain information from a protected computer.

Intent is the most important element of criminal statutes. For example, for homicide intent is the difference between a capital murder and involuntary manslaughter (and all the gradation between).


>That is why the strict, and obviously insane, reading of the law is not the correct reading of the law.

That's the whole point. The clear interpretation is clearly wrong and the remaining interpretation has undefined behavior because of the lack of any obvious demarcation point for authorized access.

In addition to that, we have the "ignorance of the law" issue. If you don't know what "unauthorized access" means but you intentionally do something that a judge subsequently decides was unauthorized access, are you (or the hypothetical security researcher, for example) going to be willing to bet your freedom that the fact that you subjectively didn't intend for your access to be unauthorized is going to keep you out of prison? Chilling effects.


I think "unauthorized access" is like porn. You know it when you see it.

As for chilling effects for security researchers, I don't think they're an inadvertent result of vague statutory language. I think Congress clearly intended to make that sort of tinkering around illegal. After all, back in meat space, you can't pick my lock, burst into my living room, and say: "hey, your lock sucks, buy my security service!"

I don't think it's necessarily a good idea to create such a rule, but there is a certain internal logic to it. Laws create social norms. When it comes to private property, the laws create a social norm wherein you're expected to give peoples' private property a very wide berth except according to certain clearly-defined, socially-accepted conventions. I.e. you can come onto someone's property if you're invited, or if the property seems to be a public venue and you have no reason to think you're banned, but generally you stay the fuck away. The end result of that norm is that people don't go and buy the best possible locks. The social norm enforces the owner's right to exclude, not technology. I don't even lock the door to my apartment because I know that nobody is going to come into my apartment and just look around because they found the door unlocked. And I know that if a neighbor sees someone do it, they'll call the cops because it's such an egregious violation of the social norm that it's per se suspicious.

I don't think that trying to create that norm for internet sites is the best model, for various practical reasons, but like I said there's a certain internal logic to it.


>I think "unauthorized access" is like porn. You know it when you see it.

Isn't that one of those quotes from the Supreme Court like "three generations of imbeciles are enough" that everybody now uses to show how the Court is fallible?

It's just abdicating the role of Congress to make the law and the courts to say what the law is so that instead everyone can just do whatever they want on a case by case basis.

>As for chilling effects for security researchers, I don't think they're an inadvertent result of vague statutory language. I think Congress clearly intended to make that sort of tinkering around illegal.

I don't think the Congress that passed the CFAA contemplated that the sort of tinkering around we're talking about could even be possible. They pretty clearly passed it having in mind the idea that some foreign government or corporation might try to infiltrate the mainframes of US banks or the military, or maybe to have the ability to prosecute in case GE or Boeing is using one of those beasts to store their proprietary trade secrets and the Communists try to break in. I can't expect that overeager college professors were high on the list of expected defendants.

>I don't think it's necessarily a good idea to create such a rule, but there is a certain internal logic to it. Laws create social norms.

The issue in this case is that the law violates social norms (or more accurately, social norms violate the law), because the law so rarely gets enforced that people disregard it, so it becomes a tool for prosecutors to abuse in service of convicting political enemies and anyone else they don't like when nothing else will stick.

Anyone who operates an internet-facing server can tell you that break in attempts happen continuously. That's what the social norms are. I expect if you went to the FBI with a list of all the IP addresses that have tried to guess ssh passwords against your servers in the last week and asked them to prosecute they would tell you to shove off as they have more important things to do -- and those are the people who are unambiguously doing something wrong.

That's the trouble with the social norms argument. The social norms on the internet are that if you forget to lock your doors then within a few hours an army of foreign criminal syndicates will parachute out of stealth planes to eat all the food in your refrigerator and start storing marijuana and pirated movies in your garage and then teenagers will wander in off the street to write graffiti on the walls. I can sympathize with the inclination to just prosecute them all, but when they mostly aren't subject to your jurisdiction and there is an obvious available alternative of remembering to lock your doors, having a law which imposes severe penalties on less serious offenses but only against the minority of offenders present in your jurisdiction seems like nothing more than a trap for the unwary that makes little to no progress against the problem it purports to solve.


Right, it's a basic rule of statutory construction that you have to apply the intent requirement to every element of a crime.

As a practical matter, the CFAA has not been applied to situations where it was unclear whether the person violated the law. With 3taps and Swartz, it's pretty clear that the defendants knew they were kicked off the site and tried to access the, anyway. The debate in those cases is about the punishment, which at least in Swartz's case was disproportional to the crime.


>With 3taps and Swartz, it's pretty clear that the defendants knew they were kicked off the site and tried to access the, anyway.

I don't know. It seems like you could still make the argument, e.g. if your account gets disabled but nobody tells you why, you might have to assume something you did wasn't allowed, but why would you assume that to mean you can never create another account even if you behave differently in the future? And if you can do that then how are you supposed to know what specific subset of the things you did are the ones you aren't supposed to do again? So there was the argument in the Swartz case that, for example, getting kicked off for downloading too quickly just means they want you to slow down rather than stop because they don't want you to degrade performance for others. And the fact that we have to argue about it is the problem.

Also, I think the OP was really referring to Auernheimer more than these others anyway, which gets more to the heart of the issue. He obviously intended to change the number at the end of the URL. The problem is that we don't know whether doing that is classified by the law as unauthorized access, but unless the courts are willing to throw out the statute or adopt a narrow interpretation, he still gets convicted for doing the thing he intended to do, not because he intended to violate the law, but because the judge decided after the fact that the thing he intended to do was a violation of the law. That seems extremely problematic because the judge is doing the clarification on what the law means ex post facto but then still subjecting the defendant's prior conduct to that new ruling, but that's the situation the statute leaves courts in unless they're willing to throw it out as a result of that.


Frankly government does not care at all for fairness of the law all they care for is control and funding. The former feeds back on latter you see, if you don't have right kinds of guards in place.

As such I don't see government making any move to make for fairer laws - because they would have to work harder and incidentally they will get less clout/control of the populace. Computer Trespassing act is just that a wild card in hands of police to persecute nearly anyone who dares to cross them in the way they do their business.

my 2c.


I think there is an enormous difference between accessing a public website and what weev did. He walked into an unlocked house, copied personal documents, and published them. Just because he didn't use a crowbar doesn't make it any less intentionally criminal.


> He walked into an unlocked house,

He sent an HTTP GET request, and the server responded. This isn't walking into an unlocked house. It's more like walking into an unlocked storefront during business hours, asking permission to view a certain item behind the counter, and being granted said permission by the clerk, who hands it to you.

> Just because he didn't use a crowbar doesn't make it any less intentionally criminal.

If those documents were not supposed to be viewable, the server should reject the request. Making a request is not a crime. You are literally asking, "Can I please see the document stored at $LOCATION?" If the answer is no, the server has a means to do that: send an HTTP 403 response.

The "unlocked house" analogy might hold if he tried to ssh into their server as the root user, but in this case, AT&T should have been held responsible for gross negligence for allowing people browsing[0] their open "storefront" (their website) access to personal customer information.

To use another analogy, if you submitted a FOIA request for classified documents, can the government satisfy your request (by sending you the documents) and then charge you with a felony for requesting those documents? I wager that most people would say that the fault lies with the government for failing to deny your request.

Publishing the documents later on is a separate matter, but the crux of weev's case focused on the fact that he obtained them, not the fact that he published them, which is maddening, because that logic would break the entire model of the web by breaking HTTP.

[0] Not to get too hung up on terminology, but notice that we use the term "browsing" the web to refer to HTTP requests, but we don't talk about "browsing" an ssh login.


> If those documents were not supposed to be viewable, the server should reject the request.

It certainly should, but it also should be obvious that this was not information that he was authorized to have, and he was prosecuted for intentionally scraping it after noticing the misconfiguration - not for making an HTTP GET request.

The idea that a GET request is like asking a clerk for an item under a counter is appealing, but doesn't really work because granting access is not the same as granting authorization. Authorization requires intent, and an HTTP server is incapable of intent (at this point in history, anyway). The fact that the server can be misconfigured and is fundamentally incapable of realizing it means it makes a lot more sense to think of it as the counter rather than the clerk, and items with 403 responses as items that are under a glass counter. For this same reason, the FOIA request example doesn't work either. A human (or many of them) processes that request.

Additionally, the items he took were not items the store sells, they were clearly items the store should not have out in a public place (so yes, the "store" is absolutely not blameless).

In light of these observations, I think a better analogy is this:

A man walks into a store. He spots a binder on the back counter, just close enough he can reach it without actually stepping behind the front counter. It contains a printout of the store's mailing/cold-calling list that they use for [whatever silly purpose]. The clerk is busy elsewhere, so he starts flipping through it page by page, taking a photo of each one with his smart phone.

Now, I'm still not sure what I think of the legality or morality of the situation, especially when you try to factor in intent. I'm also not a legal professional of any kind, so I know even less about what a court would think about all that. But I do think that these details are relevant, and leaving them out of an analogy creates a false impression that there's nothing even debatable about the situation.

Edited to add: FWIW I do agree that AT&T is very much at fault, mainly for the reasons phaus gave in the comment sibling to yours. I just don't think it is obviously the case that their guilt excuses the person that takes advantage of that negligence.


>A man walks into a store. He spots a binder on the back counter,..

Your analogy, for the record is wrong. Completely wrong in fact. But enough with the analogies. We have 20 years of mainstream HTTP usage. We know how it works. Authorization over HTTP is a solved problem and can be done in multitudes of ways, trivially. If he's breaking the law than so is Google millions times over because there are a shit ton of indexed pages that technically Google wasn't authorized to crawl. If your web server is configured to fulfill all anonymous requests, then you are implicitly granting the authorization to access this data. This is the way HTTP was designed. That's the only way this all makes sense, otherwise youtube can change their TOS to make every person who views a video a criminal.


Intent intent intent. The analogy of grabbing the binder on the back counter fits perfectly, because it shows the intent.

Googlebot is incapable of intent. It is a computer program that simply crawls accessible pages. It cannot distinguish between a website for which access is obviously not intended (i.e., Weev's case of accessing *other people's private information) and a website for which access is intended (i.e., a public Facebook or LinkedIn page).


Someone has to use Googlebot though. Google is therefore liable for what it does. Just because a machine or a piece of software is the main actor does not mean there is no culpability.

Google is trying to index as much of the web as possible so that it can provide a better service, attract more customers, and make more money from its advertisements. Therefore, the use of a program that scans the web and accesses documents which Google does not have permission to view makes Google responsible for routinely and intentionaly breaking the law.

Also, that your tool cannot filter content particularly well does not mean you get a free pass. It means you were negligent.

...or at least that is one way to interpret the law. The law is bad. You can't just say it's illegal when its illegal. It should be as cut-and-dry as possible (e.g. killing someone is always illegal, even when it is an accident a la accidental manslaughter).


If what Weev did was criminal, then why isn't AT&T guilty of some sort of criminal negligence for making it so easily accessible?


They probably should be, but I'm not aware of any law against it. Failure to secure sensitive customer data? That should at least be a fineable offense. If a customer was provably injured by this hack, they would probably have grounds for civil suit.


AT&T's site wasn't an unlocked house, it was an unlocked corporation.

If your personal site gets breached, it's akin to someone having walked into an unlocked house. You have a right to keep your house unlocked because the only one that's going to be hurt by your negligence is you and possibly your family.

A business owner that stores massive amounts of private information is not allowed to keep his doors unlocked, because it amounts to gross negligence. It wouldn't be right for someone to walk right in and steal everything, but the business should be held accountable, because they don't have the right not to secure their customers private information.


The problem with this analogy is that trespassing on a physical property and altering the user agent when making a query to a public server are totally incomparable.

It's more like you're handing out personal documents on the street to everyone with a mustache and some guy comes up with a fake one and you get tricked.


There are no houses or doors involved here. These physical analogies don't work and never will.


Most of us also commit a crime every time we drive a car by driving over the speed limit.

Selective enforcement is pretty wide spread. It would be wonderful if at some point in the future the law was changed, however it is too powerful a tool for the police to give that power up without a fight.


Speeding isn't a "crime." They're civil infractions. See: http://en.wikipedia.org/wiki/Civil_infraction.


Depends on the country. It's a crime in some countries


You can get jail time for speeding in Norway, so definitely criminal.


Thats really interesting. I had a foreign exchange student from Norway come to the States during high school and I remember him telling me that cops had to apply to a judge to bring a gun with them for a specific task, and didn't just carry one around. Big change for him coming to a school that had cops with hand guns at the entrance. Just interesting how different systems work and what goes into making them different...


It's a misdemeanor in the state of GA (all traffic violations are, now).


Off topic.

Can you recommend any good meetups/groups for node/js guys in Atlanta. I have looked at the meetups but would appreciate any personal opinions.


Nope, not involved in node/js. Sorry


But speeding laws are pretty specific, some even with tolerances to account for radar inaccuracy. If a radar control measures you're driving over the speed limit, you get a ticket.

But the point is that this isn't specific. It's like enforcing our current speeding laws on cars that behave according to Heisenbergs uncertainity principle or exhibit other weird quantum quirks. That law might have made sense in the past, but it doesn't anymore.

I really don't want Surfing whilst Savy to become the new Driving whilst black.


Driving over the speed limit isn't a felony.


Did you know that there are other countries and legal systems?


First, the law in the OP is an American law.

Second, I find it difficult to believe that there are countries where driving slightly faster than a number printed on a road sign can result in prison time.

If I've made an error, it's because I drew a reasonable, albeit incorrect, conclusion; it isn't because I'm an ignorant American who doesn't consider the existence of other countries. If you had a correction, you should have posted it rather than a snide comment along these lines.


Some countries take an extreme stance on driving-related offenses. A few countries are actually so worried about speeding that they have banned the sale of racing-related video-games.

Hell, in Virginia a few years back they implemented insanely high fines for all sorts of minor moving violations. Some of the offenses cost several thousand dollars.


Sufficiently over the speed limit can be reckless endangerment, which is a misdemeanor.


I responded to a post about the common tendency to speed when deemed prudent.


URLs are public and modifying them should not be considered unauthorized access or hacking, especially semantic URLs. I mean, if there's a querystring parameter on the end like "page=2" and I modify it to be "page=3", I'm simply using an interface in a logical manner. The onus should be on the website owner to secure resources within their URL space, especially since there are a myriad of easy ways to do this in 2013.


“ignorance of the law is no defense” only applies to the "natural" crimes like murder or theft.


> “ignorance of the law is no defense” only applies to the "natural" crimes like murder or theft.

It really doesn't (at common law, at least). If you don't believe me, try pleading ignorance of the law when you're arrested for breaching a traffic regulation. It's your responsibility to know the criminal law - however impractical that might be.

There is a bit of leeway on the boundaries between mistake of law and mistake of fact -- e.g. in England, a tenant who destroyed something he'd installed himself, not knowing that under civil law it'd become the landlord's property, had his conviction for destruction of property quashed (R v Smith [1974] QB 354). And apparently in Canada there's a defence of "invincible mistake of law" in situations where it's literally impossible for the person charged with a crime to have known it was a crime at the time it was committed. But the general principle is that ignorance of the law is no defence to any crime, however 'unnatural'.

IANAL.


> try pleading ignorance of the law when you're arrested for breaching a traffic regulation

That won't work for a mundane. However, if you're a cop, and you arrest someone under the pretext that it's for driving without a seat belt (max penalty $50 fine), judges might decide that your disregard of the law was mere ignorance and take that as an excuse. https://en.wikipedia.org/wiki/Atwater_v._Lago_Vista


There are similar concepts in American law.

Some crimes, (it used to be almost all crimes, now it's very few) require a particular state of mind, or mens rea. Mens rea, or "guilty mind", is a classic precept that goes all the way back to Roman law, and would have been considered an ordinary requirement for all criminal laws at the time the Constitution was written.

Unfortunately, the Constitution was silent on the issue of mens rea, and the Supreme Court refused to create a universal mens rea requirement for all criminal cases under the due process clause. As a result, there are now a great deal of "strict liability" crimes, which don't require any ill intent on the part of the accused at all. For example, a car accident in some states, even absent negligence, can be grounds for felony charges.

Prosecutors moved for this shift during the 70s-90s, since state of mind is so difficult to prove in court. In doing so, they overturned a precedent that goes back literally two millennia. What nobody realized was that mens rea was there for a reason, that it was difficult to prove by design. As a result we see lots of prosecutions for strict liability crimes that leave the defendant at a distinct disadvantage.

The second defense that comes up in this context is vagueness. Since penal laws must be strictly construed in favor of the defendant, i.e. any ambiguity in interpretation open in the statute must be resolved in favor of the defendant, vague laws can be and are struck down as being void for vagueness.

The theory here is not that the defendant did not bother to learn the law, it is that even if he had, the text of the law was insufficiently clear to give adequate notice to the defendant that his actions were illegal.

The real problem here, however, has nothing to do with the mens rea requirement. The real problem is that we have de facto dispensed with the presumption of innocence. In today's justice system, it is not a conviction that ruins a person's life, it is the decision to merely to bring a charge.

At the moment a felony charge is filed, before any determination of guilt has been made, the defendant may be incarcerated, for as long as nine years in some jurisdictions without violating the speedy trial requirement. All of his assets may be seized, before they have been proved to be involved in a crime of any kind. He will almost certainly be expelled from educational programs, usually with little or no due process, and lose his employment.

All of this happens before any proof has been shown, any arguments have been heard, any witnesses have been questioned, any evidence has been challenged, and before the defendant has had the chance to utter any words other than "not guilty." The fact is, in today's American justice system, your life is effectively over at the mere pointing of a finger.

The checks that were supposed to be the last line of defense, probable cause hearings before neutral magistrates and Grand Juries, similarly failed. Local magistrates often work hand-in-glove with the police, often in the same building, and since the probable cause standard is so low there is little obstacle to charging anyone for anything.

In states that use Grand Juries, jurors often meet repeatedly with the same prosecutors, month after month. The prosecutor is the only one that can call witnesses, present evidence, make argument, and even testify. He can refuse to present exculpatory evidence and witnesses, and the defendant is not even present to respond. From this fact comes the common saying among prosecutors, "I could indict a ham sandwich for the murder of a pig."

Most citizens are comforted by the notion, that no matter the unfairness in the initial process, eventually they will be able to present their case to a jury of their peers. However, even juries are no longer a right in most trials. Since the federal constitution's jury trial requirement was never incorporated against the states, most local magistrates are given the power to sentence defendants for up to six months in jail per count. Because most defendants face multiple charges stemming from the same conduct, there are countless American citizens spending years in jail, never having had their case heard by a jury.

We've given prosecutors the unbridled power to destroy anyone by signing a piece of paper.

Our justice system is just barely hanging on. Our rights still exist, but it's becoming impossible for an average citizen to effectively assert them. It's an interesting case to me. The decline of the legal system will be slow, and it's still far preferable to virtually any other system I've studied in detail, but it's scary to see it starting to happen.

The system still functions well, in some areas, especially for the rich. But the new unchecked system, (advocates would call it "streamlined"), pioneered upon inner city black and hispanic minorities is gradually moving up-market. Remember when you think about policies that seem to only apply to others, like loosening criminal law requirements, sovereign immunity, rampant disregard for the warrant requirement in poor neighborhoods, vehicle checkpoints, and stop-and-frisk: once the precedents are set, there is nothing to keep the government from applying them to you.


Can't upvote enough because this is the single most troubling aspect of our (US) justice system today: as soon as you are charged, your quality of life is ruined unless you are both wealthy and lucky enough to avoid pretrial incarceration. Even if you are both wealthy and lucky, the stress, effort and money required only to be found "not guilty" or get charges dismissed is a huge burden.

Even if there were redress for cases when "the system" makes a mistake, you can never get your quality of life back.


Unfortunately this seems like the trend internationally. It's just the justice systems in other countries just seem to be less aggressive, but have similar or even worse privileges.

The human rights court for example in Canada is known as pretty much a kangaroo court. But Canadian law enforcement is not nearly as aggressive and militarized, and the country does not suffer from an as large historical SES gap that can cause this aggression to develop in the first place.


It's funny to hear that perspective from a Canadian. In comparative constitutionality, the prevailing scholarly opinion is that the Canadian Charter of Rights and Freedoms is a modern update to the US Bill of Rights.

The United States Constitution has served as the template for countless founding documents, especially those written constitutional documents in most of the Commonwealth of Nations.

The innovations in the Constitution were threefold. First, a federalist system in which states ceded only specific enumerated powers to a central government. Second, a balance of powers between three branches with differing missions, members, and procedures. Third, a specific list of tasks that fell explicitly outside the powers of the central government. These are commonly termed federalism, separation of powers, and the Bill of Rights.

The federalism experiment failed, beginning with the establishment of true Federal supremacy following the Civil War and ending with the SCOTUS decisions that expanded the definition of "interstate commerce" to include virtually everything. The United States Federal government is for all intents and purposes now a government of general jurisdiction. This is what they have in e.g. Britain, so this is neither a good nor a bad thing, but it's simply no longer a differentiator from other modern governments.

Separation of powers is failing us right now. Without controlling both houses of Congress, with a supermajority in the Senate, and the Presidency can accomplish any coherent agenda.

Our third contribution, the Bill of Rights, is still holding relatively strong. Unfortunately, it's a few centuries old, and we've had to update it quite a bit by quite creatively reading rights into text where they might not really exist.

So the search is on in academia for a bill of rights that's a better model for new documents than the United States version. The Canadian Charter of Rights and Freedoms is the most commonly examined alternative. And the Supreme Court of Canada is generally considered more activist than SCOTUS.

So it's strange to hear that tribunal described as a kangaroo court. I'm not saying you're wrong, just wondering how the experience of an informed citizen differs from the prevailing winds in academia here.

One thing that troubles me about the Canadian Charter of Rights and Freedoms is that it has an explicit escape clause to suspend it. In fact, I believe it was invoked two years ago during the student protests in Quebec. An off-button seems like a major anti-pattern for a bill of rights.


You've got everything backwards, but why let reality get in the way?

Intent still the primary factor of most criminal laws at the federal level, and all criminal laws at the state levels (excluding infractions punishable by fines).

There are only a handful of federal laws which do not require intent (i.e., strict liability laws) and of those, none provide for imprisonment at the level of strict liabilty (though may provide for imprisonment if there is actual intent). For example, some securities laws are strict liability. The punishment is disgorgement of profits, but imprisonment is not on the table.

Most citizens are comforted by the notion, that no matter the unfairness in the initial process, eventually they will be able to present their case to a jury of their peers. However, even juries are no longer a right in most trials. Since the federal constitution's jury trial requirement was never incorporated against the states, most local magistrates are given the power to sentence defendants for up to six months in jail per count. Because most defendants face multiple charges stemming from the same conduct, there are countless American citizens spending years in jail, never having had their case heard by a jury.

This is factually false. The right to a trial by jury has been imposed upon the states by way of the 14th Amendment for more than 100 years. (Do you really think the South would have given black defendants jury trials in the Jim Crow days if they weren't required to?)

Where did you get your information? You're better of just staying silent if you don't know what you're talking about.


There's no need for aggression, especially when you're spectacularly wrong. There's nothing more dangerous than a confident yet totally inaccurate fact-checker.

The right to trial by jury is not fully incorporated against the states. That's a common myth. It only applies if the term of imprisonment is six months or greater. Otherwise, the right is not incorporated. See Baldwin v. New York, 399 U.S. 66 (1970) Hence, the end-run I described where police charge a variety of lesser counts, try the case before the local magistrate, and the cumulative sentence ends up as years without a jury ever examining the evidence.

There are plenty of black defendants in the South right now who would be happy to explain to you the intricacies of partial incorporation, if you're so inclined.

As for this statement:

>"Intent still the primary factor of most criminal laws at the federal level, and all criminal laws at the state levels (excluding infractions punishable by fines)." (Emphasis Mine.)

Let me list a few state criminal strict liability statutes that certainly come with incarceration:

Statutory Rape

Terroristic Threat

Driving While Intoxicated

Sale of Restricted Substance to a Minor

Corruption of Minors

I noticed you limited your comment to federal laws, while I did not, and even explicitly falsely denied the large trend in states toward strict liability criminal laws. We could also have a lengthy discussion about the various ways in which the necessary intent is being obfuscated in dozens of commonly charged statutes.

The mens rea requirement is being rapidly eroded. Yelling loudly on the internet won't change that.

As for where I got my information, that would be Princeton University, and four years as a paralegal under an attorney with a JD/MBA from the University of Chicago.


Part of the licensing requirements for a driver's license is learning about traffic regulations, so that isn't a helpful example for your argument.


Traffic regulations apply to everyone, not just drivers. Jaywalking, not using a seat belt are examples of infractions committed by non drivers.


It's obviously silly. No one could possibly read and understand every single law and regulation everywhere, let alone the legal systems' exact interpretation of them. People get punished all the time for things they had no idea was illegal, let alone wrong.

On the other hand, if you did accept ignorance of the law as a defense people would abuse it. You could just avoid reading the laws and then not have to follow them until someone explicitly tells you.

I think we should compromise and require the government to reasonably inform people what the laws are and make it simple enough to know whether or not you are complying with them short of hiring teams of lawyers.


I only have knowledge of German criminal law, but I would argue it's just common sense 99.9% of the time. Most people who "unknowingly" break a criminal law where trying to trick the system - I have little sympathy for that mindset.


Maybe we should grant amnesty to all crimes committed by xx% of the population? If not, we could end up where it becomes the norm everyone is a criminal to something, and the government can selectively prosecute only when it serves their purpose.


Lots of previous discussion here:

https://news.ycombinator.com/item?id=4812496


I'm glad I don't live in America.


The thing about these articles that I hate is that they all try to play to the letter of the law as if we're playing word games. But in real life, in the courts( of public opinion and the judicial ones), where this stuff matters, its almost always been about the spirit of the law.

People do get thrown into jail for technicality (minimum sentencing laws are moronic), but this is one of those cases where circumstance and plain common sense would prevail.


Did you not see the Auernheimer case mentioned in the article? What happened there is the exact opposite of what you describe.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: