You can beat the rap, but you can't beat the ride
You can catch one of these by logging into your moms netflix account.
> [Supreme Court Justice Amy Coney] Barrett ruled that for the CFAA, a person violates the "exceeds authorized access" language when they access files or other information that is off-limits to them on a computer system that they otherwise have authorized access to. The majority opinion distinguished this from Van Buren's case, in that the information that he obtained was within the limits of what he could access with his authorization, but was done for improper reasons, and thus he could not be charged under CFAA for this crime.
This still does criminalize logging into your mom’s Netflix account, probably (?), but at least browsing HN on your work computer not covered anymore.
However the quote on its own is not necessarily true without further qualifications as mentioned above.
This is exactly the argument for privacy to people who say "I have nothing to hide". Authoritative governments will always find a reason to dig something up and the less privacy you have the easier it will be.
As a side note it sickening to see USA government doing this arrest straight out of gestapo/kgb playbook.
How is 3 years pretrial not blatantly unconstitutional and thrown out immediately?
Opioid painkillers are associated with “things that are criminal in nature” because a certain segment of every society does and will suck, nearly no matter what. Does this mean that everybody in pain should just suffer and let their education, career, and family be taken from them before their time?
If some electronics repair guy repairing vehicle ECUs in bulk who doesn't ask questions but has an inkling that they're gonna get used for emissions laws violations got rolled up on by the feds for refusing to go out of his way to help them out HN would find all sorts of ways to cheer and justify it.
But when they do it to a tor node it's bad.
Well, I hear that if you make being gay a crime again, you cut off the head of palantir.
1. The fbi asks you to be an informant or "cooperate" with an investigation in some way.
2. If you refuse, they investigate you, and basically throw the book at you.
We voted for this, the time to fix the problem was last November, and now we have to live with the results. It's also why I, and anyone else who values their freedom, their career, their family, needs to post such sentiment anonymously. It is NOT safe to criticize this administration.
https://en.wikipedia.org/wiki/H._Beatty_Chadwick
And this in a civil matter!
Yup. https://www.androidauthority.com/google-pixel-organized-crim...
It doesn't need an excuse because people let it not need an excuse.
Every idiot, even on HN, heck, particularly on HN and other places where demographic factors result most never having been the target of government or think that they would be, is perfectly fine with it when the government behaves this way in pursuit of things they agree with. And so the only people complaining about any one government abuse are the small minority that care all the time plus whatever group care about the specific issue.
If people would stop being two faced snakes and have some principals and stand by them the problem would decrease on its own. But that's like saying "just go as fast as light", it's not a tractable problem.
The bar for legal consequences is expected to be much higher than mere association.
It has never been perfect, nor uniformly applied in all circumstances, but it is and should remain a nominal goal of the justice system. For that to no longer be considered the case, even in a casual conversation like this, is a devastating shift of the Overton window towards authoritarianism as the norm.
I say this because this cultural vibe of government agencies kicking in your door for doing innocuous shit needs to die already, that is simply not how this happens. We get letters, we get calls, VERY occasionally we get visits and said visits are scheduled weeks, sometimes months in advance. We always cooperate and the relationship, therefore, is not adversarial.
Honestly we have way more fucking problems with huckster vendors trying to fuck us out of a few extra dollars on parts than anything to do with the big scary government.
While we're at it, fuck coal rollers with a cactus.
This is also why mobile phone camera tech led to BLM as more and more people became aware of how police act when they think nobody is watching.
Your local building commissioner or whatever just has a lot less money and muscle on tap and much more circuitous access to court judgements in their favor than the FBI does. Differences in their strategic and tactical approach is a reflection of this.
This will become practically impossible very soon if it isn't already.
Of course there was no reporting on the Tor aspect, just “local man arrested for CSAM” in the local papers. He eventually had the charges dropped after years of court battles, but his name is forever tarnished as a result.
This particular job we had a lot of idealist folks, two of whom ran relays - they immediately ceased to do so in the aftermath of the coworker’s arrest.
The article provides a good foundation for opposing arguments.
Excerpting:
> The researchers wanted to find a way to do the seemingly impossible — to give the military the benefits of a global, high-speed communications network without exposing them to the vulnerabilities of the metadata that the network relied on to operate.
> ...
> There are other implications, as well. For a CIA agent to use Tor without suspicion in non-U.S. nations, for example, there would need to be plenty of citizens in these nations using Tor for everyday internet browsing. Similarly, if the only users in a particular country are whistleblowers, civil rights activists and protesters, the government may well simply arrest anyone connecting to your anonymity network. As a result, an onion routing system had to be open to as wide a range of users and maintainers as possible, so that the mere fact that someone was using the system wouldn’t reveal anything about their identity or their affiliations.
> ...
> Anonymity loves company — so Tor needed to be sold to the general public. That necessity led to an unlikely alliance between cypherpunks and the U.S. Navy.
> The NRL researchers behind Onion routing knew it wouldn’t work unless everyday people used it, so they reached out to the cypherpunks and invited them into conversations about design and strategy to reach the masses.
Even from the early days of Tor I remember all of the warnings to not run an exit node in a country where internet activity was likely to lead to prosecution.
Running any sort of proxy (including Tor exit nodes) allows other people’s traffic to appear as your traffic. That’s the entire purpose of the software. You’d have to be willing and able to handle the consequences of any traffic any other person decides to send through the system.
This would come off lot more legit if the current elected US president wasn't a convicted rapist and constantly promoting crypto along with his acolytes like Elon Musk.
This sounds awful lot like Middle Eastern mafia stuff, where it's technically illegal to do some things but you can do a lot of things if you are aligned with the people in power.
I have no idea what this person was up to but this selective treatment(if true) smells very bad. IIRC behind the release of Ross there was some libertarian NGO or something, maybe contact them?
It may not literally be guilt by association, but they’re two parts of the same whole in this case, right or wrong.
Wow did this just happen today? I can't find anything about it online
/s
Didn't Ulbricht get pardoned for being a hero of the cryptocurrency-bros, as kind of a deal to get support from the Libertarians in the election? I think he was a one-off, or at least part of a small category that doesn't extend to cryptography and privacy idealists.
It's absolutely true, you're accessing an unauthorized account. All law enforcement need to do is ask you, did you access an electronic account that was not yours ?
Nuance will be ignored when it suits them.
1. Admitting to using cannabis during supervised release
2. Failing to make scheduled restitution payments and to cooperate with the financial investigation that sets restitution payment amounts.
3. Falling out of contact with his probation officer, who attempted home visits to find him.
4. Opening several new lines of credit.
5. Using an unauthorized iPhone (all his Internet devices apparently have keyloggers as a condition of his release).
These read like kind of standard parole terms? I don't know what the hell happened to get him into this situation in the first place, though.
Tor is totally used for criminal activity. That doesn't mean it is inherently a bad thing, or that it is this guy's fault, but he can't completely wash his hands off it. If bad guys use the postal service, it's not the postman's fault, but he has to cooperate with law enforcement if they demand that.
I don't know about the US, but contempt of court is a thing in the UK at least. You can't refuse to submit evidence to court, including things like encryption keys or things only stored in your head - or face penalties including unlimited jail time.
Now, I get that this is the US so the arrest was dialled up to 11 and it seems all of this is extra-judicial - no court warrant etc. This is all very disappointing. But, to my non-expert eye running a Tor exit node is in the legal grey zone, and I guess you can't be too surprised when things like this happen.
People who say this will not be swayed by any argument. What they are really saying is "I don't want to think about this".
There's a truth I've come to accept in recent times: The vast majority of people are not able to extrapolate from their immediate personal situation. If they are not effected by something right now in a way they personally feel, they do not and will never care.
Once you accept that fact, so many things make so much more sense in this world. The whole MAGA movement explains itself, the complete disregard of climate change or even local environmental issues make sense and the complete ignorance of privacy issues. The only way to sway these people is when they are personally affected. So consider this Truth the next time you find out a service has been collecting private information in an unsecured S3 Bucket.
Edit:
Reminds me a lot of the lives of people in this saga:
https://www.amazon.com/gp/aw/d/B01L8C4WBG/
The poor wife, “can you stop being a criminal for like, one month, please?”.
He also lied about using his computer, his wife told on him to his parole officer, according to the court documents.
He was on parole for DDOSing* a former employer...
*Ah, I see your update, guess it was less distributed and more direct denial of service with the physical destruction and all.
https://rockenhaus.com/wp-content/uploads/2025/09/U.S.-v.-Ro...
Page 28, lines 3 to 8 on https://rockenhaus.com/wp-content/uploads/2025/09/U.S.-v.-Ro...
https://www.youtube.com/watch?v=isYZoFrIeo0
However, the poor guy only defeated criminal charges on appeal!
Back in 2014, Rockenhaus worked for a travel booking company. He was fired. He used stale VPN access to connect back to the company's infrastructure, and then detached a SCSI LUN from the server cluster, crashing it. The company, not knowing he was involved, retained him to help diagnose and fix the problem. During the investigation, the company figured out he caused the crash, and terminated him again. He then somehow gained access to their disaster recovery facility and physically fucked up a bunch of servers. They were down a total of about 30 days and incurred $500k in losses.
(He plead this case out, so these are I guess uncontested claims).
For any given issue, subject, industry or niche there is always a you. And you are the enablers. Multiply by every equivalent idiot and niche and that's how you get the world in which some guy gets whacked for running a tor node.
If not that it would be some other niche, maybe some guy importing gray market power equipment to the chagrin of the branded dealers would be getting whacked. If not that then it's the amish farmers getting whacked over one of their many "in letter but not spirit" compliance measures.
Yeah, in every case the letters of the law are broad enough to nail these sorts of people but that's not an outcome the general public wants except for the occasional zealot on any given subject. And the equivalent enablers would be endorsing it just as you are now.
And at the end of the day your behavior (you plural) undermines the legitimacy of these institutions and the government they serve because these are outcomes that nobody wants, but single industry enforcement enough of a back burner issue that elections mostly don't get won and lost over them so the fire just keeps smoldering year after year (fed by our tax dollars, of course).
>As someone who works in this industry
Perfect illustrative example for one of HN's favorite quotes:
"It is difficult to get a man to understand something, when his salary depends on his not understanding it"
>Our products all align with all required emissions regulation...the relationship, therefore, is not adversarial.
You might as well compare a medium company with an encrypted file share service to some 1-man package maintainer for software that does the same. Who is law enforcement gonna try and abuse?
>While we're at it, fuck coal rollers with a cactus.
A bunch of reactionary yokels are a symptom of the degree to which your ilk has undermined the legitimacy of the laws they violate and enforcement agencies they thumb their nose at, not the root cause. If society solves people like you the yokels will mostly go away on their own. That is what I seek.
Instead we're left up to state thuggery.
Who cares if he smoked weed or installed a VM or evaded a government keylogger? Those are all really shitty reasons to put someone in a cage, whether it's couched as "probation terms" or not.
One the first comments on reddit was actually:
> … in trump's america lmao
Someone had to awkwardly point out it was biden’s america. Which makes it easier and saves keystrokes: it’s just “america, lmao”. Then other countries can be even worse so it’s “lmao”. And soon enough they are just laughing their asses off while the person is stuck in jail.
> "clear hacking tools" I had installed in my computer, e.g CCleaner
I have always wondered if they are primarily that stupid or just evil and pretending to be stupid. I am leaning towards evil.
The U.K. is fast sliding down the slope to being a dystopian police state. The idea that you can be jailed for refusing to provide encryption keys (except for really specific, narrowly-defined circumstances) is something that should induce nausea. I feel for you and your country, you accomplished such great things.
I don't normally agree with this man, but he is dead right. There are too many fucking laws.
https://www.theatlantic.com/ideas/archive/2024/08/america-ha...
This is a bit more complex in the US. We have the fifth amendment to our Constitution which says "nor shall [a person] be compelled in any criminal case to be a witness against himself."
So, we can't be made to testify against ourselves. This has sometimes been interpreted to mean that they can't compel cryptography keys that are stored in our brains, and sometimes has been interpreted the other way.
I'm unaware of any definitive decision that applies universally. I've heard some suggest that passphrases that are themselves an admission of crime are a workaround that ensures you can't be compelled to provide them.
Your local zoning code is probably chock full of them. And if not there then your local stormwater/runoff rules probably have a bunch of examples too.
Federal stuff is much more highly litigated so you don't see as much of it there. State is a middle ground.
People take this to the extreme and think that their country is somehow a lawless hellscape where police are openly shooting innocent people, dragging them from cars for seemingly no reason etc... but those stories make the news precisely because it's not the norm.
That was the National Libertarian Party and the party chair was forced to resign in disgrace shortly after, due to accusations of kickbacks and embezzlement.
Isn't the reddit post doing the same thing by trying to imply he was jailed for running a TOR node when he was officially jailed for breaking parole terms? Even if they think those were just excuse to jail him, the refusal to acknowledge those details makes the account at least deceptive.
Shutting down the server (you solely maintained) before leaving would be "minor" to me... intentionally causing damage, earning money from that, getting caught, and again causing physical damage.. that's pretty "major" to me.
If someone who did some serious stuff, couldn't follow easy terms, it is cause for concern.
Go check page 28, lines 3 to 8 on https://rockenhaus.com/wp-content/uploads/2025/09/U.S.-v.-Ro...
The FBI said he downloaded a client, here Spice, which can be used to access a VM and visited the tor project website to look into how he could download a Tor client. That happened in the 24h which followed him agreeing to electronic monitoring and voluntarily installing a spyware. They argue that he has the knowledge and mean to circumvent the monitoring he agreed to and his pattern of actions indicate he is likely to do so if left free. A huge part of the argument lies on him having agreed to voluntarily participate in his own monitoring. The CFAA charge seems to be sealed but I'm far from convinced it's a minor work related issue.
If you read the website, they keep firing their attorneys and pretending they are colluding with the government to keep him in jail. Parts of the description are frankly bizarre. It seems they are actually suffering for paranoia.
I would read the post with a huge grain of salt.
There has to be some penalty for noncompliance or you get more of it.
The wife makes a big deal about how one of the agents testified that Spice was an operating system, then she went on to falsely claim that it was merely a “graphic driver”. However, later in the in the transcript another agent corrected the error of the first agent and explained to the court that Spice was a means of accessing remote VMs, which could be used to circumvent monitoring software.
This combined with the fact that there was no internet activity subsequent to the software being downloaded is pretty damning evidence.
I'd be a little more concerned about the state of US at this point.
However, I suspected there was a lot more to this story when the original post buried the actual reason for the arrest several paragraphs down and tried to dismiss it as “minor”. Intentionally damaging a company’s infrastructure with an intent to disrupt their operations is a very serious charge. Not a “minor” disagreement with a former employer.
New Yorkers spend an average of 10 months in pretrial detention. This kind of abuse is routine in the American system, and by and large Americans want it that way for their usual reasons about "crime".
This didn't work out for SBF, but you can clearly see this process being set up for other people.
Seems like he was legally eligible to be arrested for a variety of reasons. The FBI is still not allowed to use fraudulent warrants to that end. The rule of law is no such thing unless it applies to everyone equally.
Vandalizing your employer's infrastructure over a grudge is, I suggest, strong evidence of a major impulse control issue. It think it makes sense and is in the public interest, draconian as it is, that this person shouldn't be allowed to get high and have unmonitored internet access. The same place they've committed felonies before, on impulse.
Further context: his own defense lawyer filed a motion asking a court to find this guy mentally incompetent to stand trial,
https://www.govinfo.gov/app/details/USCOURTS-txed-4_19-cr-00...
3 years sounds about right to me.
Freedom is being taken away by govt, because we are making choices that surrender it.
Cannabis is harmless and a lot of people use it as medicine, even if they think of it as recreational. "Oh I need it to relax." Then its an anti-anxiety drug, not a 'party' drug. Limiting this is just cruelty and an easy 'win' for LE. Same with justifying the slaying of Philando Castile and others (he had pot, or pot in his system, thus a criminal undeserving of rights or due process).
Once the federal government is onto you with a case like this, all your money is gone. Either to lawyers or your bank accounts are frozen and things like that. Failing to make payments is a feature, not a bug, in this system. I'm not going to tell everyone here how to live, but its ideal to have money that's squirreled away in a place hard to be frozen because tomorrow this can be any of us. You host a vpn on a vpn somewhere? Use tor? Said the wrong opinion online? Heaven knows, but the hammer falls on a lot of people and there's no mercy to it.
Lines of credit, again, fits in with the above. People need to feed themselves, pay rent, pay lawyers, etc. I've never been accused of a crime but I've done a lot of legal stuff in my life with lawyers and such, and everything about this system is unbelievably slow and expensive. It isn't like Hollywood portrays it at all. The money needed here is more than more people can muster just to remotely get a fair trial or deal. Especially when a lot of charges against you are 'stacked' if not entirely dishonest on the assumption of 'well, we're going to court anyway or making a deal so better add some nonsense on top for negotiation.' I can't find the cite, but I've read that if you get a federal arrest, you're looking at $1m starting to begin. How many of us here have $1m they can access, and even if you do, is it accessible if the feds freeze your accounts on 'suspicion?'
Probation stuff, who knows, but he was already being sieged by LE, so who knows what is happening here. There's no shortage of probation horror stories like one's officer cancelling at the last minute or changing location, and other things to guarantee missing meetings. And eventually you can break a man entirely and he'll stop being functional, and he'll fail at a lot of basic things. The stress here can trigger extreme mental illness. I'm a fairly delicate person and if this happened to me, the stress would entirely break me. I'd fall into deep depression. So there's complexity with "he missed x appointment" and "he missed x payment," that's worth exploring.
The government telling you that you can't use a computer of any kind without a keylogger is insane and should be fought entirely. Computers are like paper nowadays. "Everything you write and do should be sent to LE" is unacceptable. Computers arent optional anymore. Everything we do is computer or app based. Also we dont know his motivation for making a private vm or using an iphone. Keeping valuable information about himself from LE for example or hiding a medical condition or heaven knows what else. This is why privacy and speech and rights between you and your counsel are so protected but "We get all your computers" sidesteps many of those protections.
Yes, he's a criminal but he doesn't deserve to be treated like this. These, and his past, are simple white-collar crimes, but he got the bully treatment.
Yes these are 'standard' because they maximally oppress working class people (note very wealthy people just buy themselves out of the above) with the thin veneer of legitimacy. The wealthy, capital owning class, etc if arrested like this just shrug this stuff off usually, and uses its connections and wealth to get ideal terms, but nobodies like this have no chance. The federal government conviction rate is over 90% not because of merit, but because of this kind of bullying and dishonesty and oppression. Imagine if we were discussing near any other nation with a 90+ percent conviction rate, you'd balk and know its corrupt, but we're the same in this regard.
I wish digital culture was more liberal-libertarian like it used to be, than the hard-right turn its made in the past 15+ years. LE does not need a 'devil's advocate.' The accused do. I dont care if liberalizing the above makes more criminals get away with. I'd rather this guy go free, even if he's super guilty, than accept the above as acceptable in our justice system. All this for what's essentially mostly-harmless white collar crime.
Not to mention the incredible violence here for a non-violent crime. Armed LE more or less besieged his home. I'm not sure why people knee-jerk to defending any of this. I hope a new liberal-libertarian movement emerges in tech because I feel like we've lost our way.
We also know from prosecutions in other statutes that the government will often prosecute a a broad crime with many separate sub-definitions of the various way you can break it, then refuse to tell you under which sub-definition you're being charged, meaning you have no way to know if the jury even were unanimously convicting for the same thing and no way to know what you're even defending against.
Thus, every time we see a CFAA charge we have to ask ourselves: "Is this an abuse of power?".
We should have better, clearer laws.
Being angry at the CFAA is one thing, but this case has no relation to modifying a simple GET request.
Interestingly, Rockenhaus's isn't --- it's more or less exactly the circumstance foreseen by the authors of CFAA, who believed that even though existing law covered most hacking-type scenarios, they didn't form a clear basis for felony charges for purely destructive computer abuse.
I seem to remember cases or interpretations of the CFAA in which even guessing the username password combo of "admin:admin" would violate the act, resulting in teenagers or children being caught up in cYbEr FrAuD
Warrants (in the US anyway) require reasonable belief that the crimes listed were committed.
They don't have to be right, mind you (after all, that's what trial is for), they just need reasonable belief.
They also can't recklessly disregard the truth (IE deliberately write lies they know are wrong).
Again, it's okay for them to be wrong about their belief. It's just not okay to know they are wrong and write it anyway.
Here, reading the warrant, etc, there is nothing obviously fraudulent here.
Perhaps it is, of course, but i read everything i could find and it's completely non-obvious which part of the warrant is supposed to be fraudulent.
Even the sort of retaliation claim made here is strange - Arresting you when you appear to actually hvae broken the law is generally only considered retaliation if (among other things) the enforcement of the law is uneven - IE targeted at you and nobody else.
Given the arrest was for a parole violation and they arrest parole violations like this all the time, ....
Like if you are at a traffic stop becuase you ran a red light, call a cop an asshole, and they arrest you because you have 50kg of cocaine bricks in your back seat, it's not retaliation.
Retaliation would be if you call a cop an asshole on facebook, and they come arrest you for violation of an 1825 law that hasn't been used against anyone in 200 years.
Most big businesses are good about that, but I've helped a couple family members with their business' WordPress and just have standing access that I really don't want. They don't want to juggle activating/de-activating my account though, so /shrug.
The Reddit post is an attempt to garner sympathy by leaving out all of the actual crimes committed.
8 Q. Due to the nature of the offense charged being a
9 computer-related crime, did he have specific
10 restrictions on his pretrial release as it relates to
11 his computer usage?
12 A. Yes. One of the conditions was that he must
13 participate in the Computer Restriction and Monitoring
14 Program.
15 Q. How is that program enforced?
16 A. That program is enforced -- the defendant has to
17 download a software program onto his computer or iPhone
18 or whatever, any type of device that has access to the
19 Internet. That information is -- the monitoring
20 company, they monitor -- they are able to monitor what
21 he is accessing on the Internet. And the Probation
22 Officer has been allowed to review weekly reports about
23 what sites he's accessing, things like that.
24 Q. And is the defendant notified and made aware and
25 provided with a document that states the terms of that
1 agreement?
2 A. Yes.
The chain would then appear to be: convicted of computer crime -> required computer monitoring software during supervision -> installed and used Tor -> supervision violation and revoked to prison.
Could you give some examples of this?
This appears to be the earlier filing, but I'm not savvy enough to pull the underlying docs if indeed I can (where I am used to viewing PACER documents I get a permissions error): https://www.courtlistener.com/docket/66960649/united-states-...
(If you install the RECAP extension in your browser you can cache downloaded PACER docs and they will get linked from Courtlistener. Lay users can sign up for a PACER account and if you use less than $30 of document access charge per quarter it will be waived)
Then, if something breaks down the road, there’s no temptation for them to wonder if I had anything to do with that weird failure.
(And obviously, don’t freaking hack your ex employers! But also don’t even leave the impression that you could.)
Wouldn't the monitoring software capture any application's network activities, including a client for a Remote VM? I'm imagining something like Wireshark?
Navy sailor was convicted of possessing machine guns and destructive devices.
The ATF for example put back together de-milled RPGs, which could be a destructive device
However the statute says the following:
(2) any type of weapon by whatever name known which will, or which may be readily converted to, expel a projectile by the action of an explosive or other propellant, the barrel or barrels of which have a bore of more than one-half inch in diameter, except a shotgun or shotgun shell which the Secretary finds is generally recognized as particularly suitable for sporting purposes; and (3) any combination of parts either designed or intended for use in converting any device into a destructive device as defined in subparagraphs (1) and (2) and from which a destructive device may be readily assembled.
But the state didn't tell him under what definition he was charged, so they didn't know if they were defending against the collection of parts the ATF took (falls under 3), or against the weapon the ATF claimed it was after they put the parts together (which falls under 2).
https://www.courtlistener.com/docket/16517474/united-states-...
Here's his plea: https://storage.courtlistener.com/recap/gov.uscourts.txed.19...
My recap is acting up a bit so I'll just copy/paste in case it doesn't grab docket entry 158 - the 'factual basis' for the plea:
1. That the defendant, Conrad Rockenhaus, who is entering a plea of guilty, is the same person charged in the Indictment;
2. That the defendant worked as a as a developer services manager, and later an infrastructure architect, for an online company providing travel booking and vacation services to customers (hereinafter, Victim Company );
3. That the defendant had access to and could control computer code located on Victim Company s servers throughout the country, including computer code that controlled business functions such as marketing, scheduling, and payment processing;
4. That on or about November 11, 2014, the defendant remotely accessed, without authorization, the Victim Company s servers from his residence in the Eastern District of Texas;
5. That on or about November 11, 2014, the defendant executed a computer code or command that shut down one of Victim Company s servers, which in turn caused several other Victim Company servers to crash;
6. That the defendant was retained by Victim Company to assist with the restoration of Victim Company’s servers;
7. That during the remediation efforts, the defendant, without authorization, disconnected Victim Company’s servers in Plano, Texas, in the Eastern District of Texas, causing further business disruption;
8. That the defendant’s actions cost Victim Company at least $242,775 in lost revenue and at least $321,858 in recovery and remediation costs.
I am absolutely NOT a fan of "tough on crime" type stuff. By and large I feel the US criminal justice system is an inhumane cruel monstrosity. But the conditions were not all that unreasonable (except the weed stuff) and all of this smells of bad faith on the part of this couple.
This has never come up before, but it’s easy enough to be diligent about it.
Also: I keep a little paper notebook where I log the work I do for everyone, and occasionally have someone else sign and date it. It’s basically a cheap blockchain IRL. “How do you know you did this before you stopped doing work for them?” “Because the owner signed and dated the logbook after I did the work but before they hired the new IT person.”
I’m suuuuuper nitpicky about diligence in all this, for the protection of everyone involved, and especially me.
Which raises sincere doubts about the commenter's credibility to make such a claim.
1. Back in 2014 this person committed a pretty grave computer offense, which was not at the time prosecuted.
2. Some time after that, he became a high-profile Tor relay operator.
3. Some time after that, he was asked to subvert those Tor relays by the DOJ.
4. In 2019 he was prosecuted for the computer offenses, and convicted.
5. In 2021, he was released on parole.
(I think there's a long string of parole issues after that, and then)
6. In 2025 he was accused by the probation office of violating his parole in a bunch of ways and taken into custody.
e: really? why am i downvoted for this
But even if you stay in prison for your full term, you're likely to have supervised release which has similar terms.
Disclaimer: I don't have any skin in this game or association with any government, any law enforcement agency, nor do I know the person discussed or (at least as far as I know) anyone who knows that person. And IANAL.
IIUC (and I may not), the guy was on probation[0], which is release from or in lieu of prison.
If someone is on probation, they are still under the authority of the (in this case Federal) judicial/prison authority which sentenced them.
It is (whether you think it's right or not) normal for restrictions to be placed upon those on probation, including random drug tests, restrictions on certain types of behavior (this is often related to the crime(s) for which they've been convicted).
Often, this also provides for warrantless searches and other privacy-invading stuff as part of the probation agreement. I'd note that (again, IIUC) that the convicted person must agree to the terms of probation or they will have to go to (or not be released from) prison to serve their (remaining) sentence.
Violation of the terms of probation (as is clearly defined in probation agreements) may result in imprisonment to complete the sentence imposed by the court after trial or (as it was in this case) a plea bargain.
I am unfamiliar with the case at hand, but sending someone to (or back to) prison for violating probation is the stick which (presumably) keeps people from re-offending and/or violating the terms of their probation, at least until they complete the term of probation.
[0] https://www.uscourts.gov/about-federal-courts/probation-and-...
Even if this Administration is friendly to Tor (which I doubt), the FBI is a very large organization and installing a new head doesn't magically make current caseload at the agent level go away. There are still Biden-era and even Trump v1 era investigations likely still open and active there.
I'm surprised this isn't mentioned much here, there's a lot of reddit comments that picked up on this and the OP (self-identified as the wife) isn't replying to any, only the ones that fit her story.
https://old.reddit.com/r/TOR/comments/1ni5drm/the_fbi_couldn...
The OP here also downplays a lot of what the husband did. He was on probation from DDOSing and then physically damaging company equipment after he was fired. Then on probation from that he smoked weed, ghosted his probation officer, broke the terms.
Yeah, good point. That happens sometimes. It's sad, people just see reddit as sort of a platform of gullible people. I was just pointing out reddit's reaction, mainly.
Then my other reply was in reply to GP's own story ("clear hacking tools" = CCleaner).
Turning this sentence up and down, and still fail to get what it tries to convey. Law is social construct per definition, isn’t it?
>It has never been perfect, nor uniformly applied in all circumstances, but it is and should remain a nominal goal of the justice system.
No? Like, at best it is just going to pretend to be so. Then it’s actually all ruled by ambitious sociopath manipulators that take The Prince as bedtime reading, either right from the start or as soon as they can unleash their master plan.
Can anyone point to any jurisdiction in the world which puts equal duties and rights with actual associated material/logistical means on every single citizen? If no, we might be free to conclude that justice and equality are words on frontispiece of the theater, not how the leviathan is planning to actually process.
All that said, not everyone is Aaron Schwartz. Even supposing it’s only to maintain the façade, institutions do also have to act against some criminal outside of their own ruling castes.
I am not defending at all the actions of the FBI. The FBI/CIA/NSA are overzealous law enforcement serving the will of colonial capitalism. Their history of targeting whistleblowers, activists, and technologists; like, for example, the guy running a Tor node; is well documented and deeply problematic. That same machinery has also been deployed against environmental activists, which makes the irony even more bitter that it's being cited here.
I'm defending the EPA, which in contrast, works with numerous industries, including ours, to benefit society as a whole.
The problem is this exact mindset where we insist that everything is on one massive slippery slope and there's simply no way to differentiate from proper, needed regulation, and the boot of law enforcement being deployed to fuck with the working class at scale.
We can tell the difference and it isn't difficult, it simply requires thinking which an unfortunate number of voters don't like doing.
> "It is difficult to get a man to understand something, when his salary depends on his not understanding it"
Completely backwards. There is a LOT of money to be made circumventing emissions regulations, which is why almost every OEM has been caught with their hands in that particular cookie jar, either fingernail or wrist deep.
We COST ourselves money locking up those features because we agree with the regulations in place.
> A bunch of reactionary yokels are a symptom of the degree to which your ilk has undermined the legitimacy of the laws they violate and enforcement agencies they thumb their nose at, not the root cause. If society solves people like you the yokels will mostly go away on their own. That is what I seek.
Reactionary movements have existed for every time the Government says don't do anything since time immemorial. There is ALWAYS reactionaries because there is ALWAYS a segment of the population that never matures past the age of ten. The fact that they occasionally have a point is nothing but statistical likelihood; if you constantly say "no" to everything, by sheer chance, you will occasionally say no to something bad.
What are you getting at?
If an appeals court says “wrong jurisdiction”, that’s an “rm -rf” on the whole entire case. There’s nothing left to argue about.
> What are you getting at?
> If an appeals court says “wrong jurisdiction”, that’s an “rm -rf” on the whole entire case. There’s nothing left to argue about.
I think your parent comment meant something like "the case wasn't overturned on the basis of deficiencies in the legal theory of the crime."
A remote VM would combine both of these things, where the device/computer is in a location that isn't monitored and accessed by means aimed at bypassing controls in place. Activities carried out from the remote VM are then not monitored.
User + Devices -> VPN/other -> Remote VM -> Unmonitored Activities / Network Access
^ Monitoring is here, but may not capture the rest of the chain
Law enforcement would need to monitor the VM itself to monitor those activities, or I guess request logs from the provider if at all possible.
There's a limit to how much you can monitor someone and I assume there's a degree of good faith in cooperation with these controls. Failure to comply, seemingly, has severe consequences.
Considering he was convicted in another jurisdiction, and they can retry him in the 'right' one, why wouldn't a reasonable person anticipate that might happen?
I don't think Weev is living in Ukraine/Transnistria to practice his Slavic languages.
And the reason why I brought up it was overturned, was because I knew someone would mention his case was vacated, and I wanted to make clear it wasn't vacated because there was something improper found about the legal question of the CFAA.
He violated 6 or 7 criminal things.
I'm on the civil rights and free speech maxxing side, but this was clearly a criminal in the act of actively criminaling.
The danger here is in crying wolf when this isn't a case of rights being violated for a non-perpetrator. This guy was willfully breaking laws left and right.
Don't cry wolf. We need that energy elsewhere.
Also that it occurred right after the search mentioned on Page 28. It's a really bad look.
Were he high on weed, maybe he'd not commit the felony in the first place. Yeah, banning him from alcohol is fine, from stimulants broadly - also OK, but weed? Honestly? How often, statistically speaking, does smoking weed make a person aggressive? While this person may be an outlier, without precise information on it, I'd say the ban on weed is as sensible as a ban on butter or relanium. If it doesn't serve any obvious purpose (like with alcohol: being drunk makes you do stupid things more often), then maybe it's really just a way of harassing this person?
I think that the type of person that excels at software development would also excel at lawyering. But they should probably go to law school and pay attention in class.
Oftentimes, kiwifarms users directly harass or manipulate their targets to try to provoke more weird behavior, usually directly making the target's life worse in the process.
I can see why it's entertaining for folk (kind of like watching reality television), but overall it seems to have a pretty negative effect. And if you hang out there too long, it seems like you tend to lose human empathy.
According to the court documents his crimes extended into “real life” as well, with intentional damage to his former employer to shut down their operations.
The sobriety violation was against his parole terms. People on parole are required to remain sober as drugs like cannabis impair judgement.
He agreed to the parole terms and then violated them.
Regardless, you could strike the cannabis part from this completely and it wouldn’t change anything. He has numerous other parole violations.
But CFAA charges should, and this is the issue a lot of people have with them afaict, have a sliding scale for premeditation though.
If I knock on a door, it swings open, and I walk inside and steal something, then imho there should be a lesser maximum charge for possessing burglary tools than if I show up with a lock gun, crowbar, and concrete saw.
A lot of the CFAA excesses are maximum penalties from the CFAA being thrown at people using minimally sophisticated / premeditated methods, in addition to charges about the underlying crime.
That doesn't seem just or fair.
In practice it's turned into an if(computer){increase maximum penalty} clause, solely at the government's discretion.
As far as I am concerned, I am allowed to send any traffic I wish to public-facing hosts, and if they respond with content that the owners would not wish me to see, I have no responsibility to refrain. The only traffic I am not permitted to send are credentials I am not authorized to use (this would include password guessing, because if I manage to guess correctly, I was still not permitted to use it).
So which was it?
Operating an exit node is by definition you acting in the distribution of such activity (legal or not).
BTW, last time I posted stuff like this, someone thought I was treating this like an alibi: “ah ha! Now I can run amok and not get blamed for it!” No. Don’t do that, lest ye end up with a felony and permanent unemployability. I just mean that when things inevitably break due to natural entropy, the first question is often of who had access, and you don’t ever want your name to be on that list.
3 Q. So, Ms. Routh, having been acknowledged of his
4 obligations to monitor and pay for the service on
5 August 29th, can you please tell the Court how
6 Mr. Rockenhaus complied or didn't comply with the terms
7 of his release?
8 A. Yes. On September 22nd the defendant did
9 successfully download the monitoring software program
10 on his computer. On October 11th Officer Ramos
11 contacted the defendant regarding his lack of computer
12 usage. So he reviewed some reports and realized that
13 nothing was appearing, indicating that he was using his
14 computer.
22 So Mr. -- Officer Ramos spoke to Phillip
23 Danford with IPPC Technology and he stated that, yes,
24 the defendant had downloaded the software. They showed
25 that on September 22nd he said that the defendant --
1 they see that the defendant looking at, it's called the
2 TOR Network website on September 23rd, which is where
3 you download software to access the dark web.
On September 22nd, 2019, the monitoring software was downloaded. On September 23rd, Tor was installed. No internet activity was detected for the remainder of September or October by the monitoring software.
I don't believe that 2 or 3 come into play in terms of the parole violations (including the subverting of the monitoring software).
Only reason I know of it is from the thread at the time on HN.
For what it's worth, I think this is the government's response to the argument you raise (on page 22 of the response brief, PDF page 30):
> Section 5845, captioned “[d]efinitions,” is a definitional provision, not a criminal prohibition. As relevant here, § 5845(b) defines the term “machinegun,” and § 5845(f) defines the term “destructive device.” These definitions do not create additional elements of the offenses charged under §§ 5861(d) and 922(o). Therefore, the government was not required to charge the applicable definition(s) in the indictment. See, e.g., Robbins, 476 F.2d at 30 (holding that an indictment under § 5861(d) need not refer to the definitions in § 5845 to “fairly notify a defendant of the charge against him”); United States v. Hoover, 635 F. Supp. 3d 1305, 1316 (M.D. Fla. 2022) (rejecting the argument that the government “was required to plead the specific facts supporting its contention that the [firearms] at issue fall within the definition of a machinegun”); cf. United States v. Pennington, 168 F.3d 1060, 1065 (8th Cir. 1999) (“The indictment’s failure to cite [18 U.S.C.] § 1346, a definitional provision, and to use its specific term, ‘honest’ services, does not mean no crime was charged.”).
And defendant's response, page 5:
> The question is whether the indictment “fully, directly, and expressly, without any uncertainty or ambiguity, set forth all the elements necessary to constitute the offence intended to be punished” and whether the indictment complied “with the necessity of alleging in the indictment all the facts necessary to bring the case” within the intent of the statute. United States v. Carll, 105 U.S. 611 (1881) (emphasis added). The government’s failure to give any specificity in the indictment cannot be remedied by wriggling as to whether the missing information can be considered an “element” or not. Even if the government were correct that the particular definition (or definitions) the prosecution is proceeding under does not change “elements,” it changes the “facts” underlying the scope of the statute.
I have no idea who is correct legally, and since oral arguments appear to have been held a few days ago I suppose I'll have to wait to see who is right.
My recommendation: ignore and swipe under the rug anything where KF is in play. Whatever it is, visibility feeds it.
He was on probation and required to use monitoring software as a condition of being let out of jail early, he had a secret iphone he used to access the internet that was not monitored, so his probation was revoked. He wasn't arrested again, his probation was revoked.
The wife's account focuses on a ton of irrelevant details, the above is sufficient to explain the entire situation.
Out of curiosity, how does this work? If I claim I don't remember a particular password that I (provably) didn't enter for the past X months, how does the court force me to recall it? With an $8 wrench? Wouldn't that be cruel (if not unusual) punishment?
Alcohol on the other hand mostly just knocks you out from doing anything too cerebral after you pass the ballmer peak. I say this as a person who prefers weed to alcohol 100x.
'whacked' usually means killed. This guy was neither killed, nor jailed for 'running a tor node', but a bunch of more specifically bad, illegal shit that it would be misleading to describe this way.
The same way as describing destroying a bunch of an ex-employers data on-site causing thousands in loss is not a "workplace dispute".
> these are outcomes that nobody wants
which outcomes? these are outcomes no-one wants, but you've yet to prove they happen. It takes a lot of time to properly go through case details to determine abuse, it seems like you are very casually throwing around accusations.
> You might as well compare...
Why? they comply with the law, why does that make them 'big'? I'm sure the FBI has plenty resources to go after them, in fact, they have more to lose.
The 'one man shop' needs to comply with the law, however big or small they are.
> Who is law enforcement gonna try and abuse?
abuse? this guy says no-onw is kicking his door down, have you proof it changes for smaller setups?
they go after whoever they think is breaking the law, and not complying (providing relevant licences, proof of testing) flags you for that. Are you suggesting the small guy should fly under the radar?
4chan in 2010? Is this really ever even said anymore?
> The Origins of a Retaliatory Prosecution (Texas, 2019-2022)
> Early 2019: Conrad Rockenhaus, a supporter of free speech, runs Tor exit nodes used by journalists and activists. Federal agents demand he assist them in decrypting traffic; he repeatedly refuses, asserting his constitutional rights.
> The Coerced Confession: The case against him began when he was forced to confess to a non-violent CFAA (computer crime) offense while under the influence of prescribed painkillers and not lucid following a major surgery.
> The Pretextual Arrest: Just months before the 5-year statute of limitations was set to expire, the federal government arrests Conrad on the CFAA charge. The family alleges this was a pretext for his refusal to cooperate on the Tor matter.
If you don't like the terms of parole, you are permitted to refuse it and remain incarcerated for your full sentence, at which point you are released and there are no parole restrictions at all. Parole is "you agree to behave and they release you early". And "behaving" is whatever they want it to mean.
Not really, no: a VM is just another userspace application and a monitoring software should be able to capture its traffic just fine. If he was also using a VPN, tor or conneting to a remote machine that's another story, but only saying he was using a VM doesn't really mean much.
My guess is that things would have gone substantially worse for this person had he taken that case to trial.
I am still permitted to do this. None of the details of this case give me the impression that they're using CFAA in such a way as to offend my sensibilities. Sounds like he sabotaged a former employer and caused hundreds of thousands in (tort not physical) damages. I guessed the urls for some issuu.com links that aren't available in search, and downloaded the page images to make a pdf. I was never prompted for a password. Arrest me, I'm a notorious hacker.
In a technical sense, this may be true as part of the plea agreement.
In reality, a lot of plea deals are made because of various factors, which unfortunately is often not that the person accused is guilty, rather the risk of going to trial or especially the cost of going to trial is too large.
I feel the need to point this out as too many folks look at “accepted plea deal” to mean that the person accepting is the guilty party when it can be more complicated than that in reality even if technically by judicial process they are by accepting that considered guilty.
That said, in this particular case, the hard evidence suggests that indeed, the person accused committed the crimes they pleaded out for
To continue the garage door analogy, you wouldn't walk up to any random garage door and try code 12345 to help protect the owner's stuff, would you?
Unlocked doors, open windows, any lack of security doesn't give you permission to enter. Just as "incrementing a GET request" doesn't mean anything outside of the intent.
The intent was to do damage.
There is no law for "white-hat hackers". You don't get to break into a system because the color of your hat.
"White-hat hackers" have contracts, or very specific rules of engagement. Having run many a bug bounty, if someone was malicious, we would absolutely work to prosecute.
You can also find bugs in software freely, as long as you don't obtain unauthorized access to other people's systems.
Why? (I'm not a lawyer...) - shouldn't intent and harm (i.e. the value of the stolen item) be the only relevant details? Now of course its much easier to demonstrate intent if there's a crowbar involved, but once that's already established, it seems irrelevant.
> I am allowed to send any traffic I wish to public-facing hosts
No you're not. Denial of service is a federal crime.
> I have no responsibility to refrain
Yes you do, and this is just beyond silly. The nuance of how you obtained it will be decided in a court. Stop making everything so reductionist and lazy.
> The only traffic I am not permitted to send are credentials I am not authorized to use
Absolutely not. Use of a vulnerability to cause a data breach is OBVIOUSLY a federal crime.
This is beyond absurd.
Even then, I've had clients for whom things have broken come to me in despair hoping I'd kept access. The day one of them for whatever reason decides to suspect that I was the one to break things, I will be very happy to be able to point to consistently having done what I can to ensure I get locked out.
Don't mess with people's stuff if they don't want you to. This seems very simple to me. But I'm aware that you're trying to find some fringy gray area where you think it will be OK to mess with people's stuff even though they don't want you to.
The majority are returned to prison within days/weeks/months of release.
The defendant plead nolo contendere (no contest) in 2014. Any activity between 2014 and 2019 was under supervision restrictions. Any use of Tor during that period would likely be an issue.
Page 6 of 8:
You must not purchase, possess, have contact with, or otherwise use any device that can be connected to the Internet or used to store digital materials, other than that approved by the U.S. Probation Office. You must allow the U.S. Probation Office to install software on any approved device that is designed to record any and all activity on the device the defendant may use, including but not limited to capture of keystrokes, application information, Internet use history, e-mail correspondence, pictures, and chat conversations. You will pay any costs related to the monitoring of his authorized device and must advise anyone in the household that may use an authorized device in question that monitoring software has been installed. If you need access to an employer owned Internet-equipped device for employment purposes, you must advise your probation officer before using the device. The probation officer will ensure the employer is aware of the criminal history, and you must agree to use the device for work purposes only.
You must not attempt to remove, tamper with, or in any way circumvent the monitoring software, and must disclose all on-line account information, including usernames and passwords, to the U.S. Probation Office. If requested, you must provide a list of all software/hardware on your computer, as well as telephone, cable, or Internet service provider billing records, and any other information deemed necessary by the probation office to monitor your computer usage.
You must not access Tor or participate in any online social environment (i.e., Facebook, Twitter, Second Life, Linkedin, Craigslist, FaceTime, WhatsApp, video/audio, etc.) or texting applications, which allow the user interaction unless pre-approved and authorized by the probation officer and Court.
Furthermore, he worked to circumvent the monitoring software in September of 2019 and had no internet activity recorded in October of 2019.
> 1. Back in 2014 this person committed a pretty grave computer offense, which was not at the time prosecuted.
> 2. Some time after that, he became a high-profile Tor relay operator.
> 3. Some time after that, he was asked to subvert those Tor relays by the DOJ.
It wasn't prosecuted because he plead no contest. After that, the use of Tor was in violation of supervision. I read #3 as "you're not running the monitoring software as required" which would subvert the exit nodes... but he shouldn't have been running them in the first place.
1. It's wrong. That's not how my parents raised me.
2. I value and protect my reputation.
3. I want to be able to have another job in the field without being permanently deny-listed.
4. Prison sounds awful.
Perhaps selfishly, I'd rather get out of a trial in the motion to dismiss stage, rather than having to very-expensively argue the merits all the way to the end.
Under US law, pretrial detention is not prison. You are technically not being "punished" even though generally the conditions in pretrial are vastly worse than in prisons. (I did a deposition with a jail warden once and asked him why this was: "Because these facilities are designed for the average stay, which is 30 days if you run the numbers. Sure there are people here for a decade, but most people pay their bail within 24 hours.")
Technically most states have pretty short Speedy Trial statutes which require the gov to try you within several months of arrest. This almost universally doesn't happen because the defendants don't have all the information necessary for their defense, and because they want to run motions to try and quash any existing evidence.
The quick summary is (reddit) OP's husband was fired from a job and used old unrevoked access to crash their servers, was briefly contracted to fix it before the company found out they were the source of the crash and terminated them again, then after all that he then gained access to their DR facilities and physically damaged a number of servers.
If that's true it seems like a pretty cut and dry CFAA case (with some extra normal crime on top to boot) and the main issue to take with it is the FBI using it as leverage to get him to compromise his TOR node.
Running a Tor exit node is also not a crime, and he ran it long before there was any conviction. And asking to decrypt incoming traffic (from other nodes) is really sus; it has nothing at all do with the accused’s parole or alleged crimes.
It's not one side or the other - any group with authority has to be watched closely and rebuked when they try to expand their power.
Or not, depending on how the party who owns what's inside that door feels. But if it feels he should be prosecuted, then hell yes, the state should do that. My 2c.
Because you got a university email as a student 20-30 years ago back when .edu emails were "for life". Then you started working at the university as a staff-person under the same email. Then 20-30 years later you're leaving, and much of your digital identity is inextricably linked to that old "personal" email.
Yes, I wasn't trying to imply that. But according to court records he got hurt because he was being combative during the execution of an arrest warrant.
> Running a Tor exit node is also not a crime
Probably correct, and the original headline seemed to try to imply that it was in fact what they got in trouble for (it has since been changed), but there's way more to this story than OP lets on... by a mile.
Given the plea in 2019 and those conditions... as shown in the judgement document, the things that were alleged in the 2020 transcript were a clear violation of those conditions.
Where there any pretrial bond conditions prior to 2019?
I think there is some slightly down-in-the-weeds confusion here - what does an indictment require vs ...
I think they screwed this up at trial and then tried to argue the indictment was insufficient, but i doubt they will get any appeals court to bite on this.
I posted it elsewhere, but you can listen to the oral argument of the appeal here:
https://www.ca4.uscourts.gov/OAarchive/mp3/23-4451-20250912....
It is a very accessible argument (in the sense of not need legal knowledge to usefully process it).
You can hear the judges sort of struggle to understand how this is an indicment opportunity, but really do seem to be trying to understand. They give counsel an opportunity to try to distinguish and explain things. Att around 10 minutes, one of the judges asks counsel for the bset case he has that says he's right, and he can't come up with one at all.
Which is probably the point at which he lost this appeal. :)
As i said elsehwere, i don't blame the lawyer - this seems like it woudl be a very hard case to win because of choices made at the level below. They are essentially arguing things they know will lose because nobody objected to things they should have at the level below.
My understanding is, it's not like the FBI got a warrant for this etc, and instead started flinging shit at him - which is clearly bad. But for this narrow argument, that's besides the point, IMHO (IANAL). Because in the first place, the guy simply didn't want to share this information with law enforcement. There is no claim that it incriminates him.
How that stacks up against actual US case law, I have no idea of course, but I don't see how it follows from the right to not self-incriminate.
There's an underlying result crime (eg causing business harm by destroying a database), then the method by which one chose to do it (eg exceeding authorized access to a computer with the intent to cause harm).
The CFAA was originally passed under the erroneous worry that existing laws wouldn't be enforceable against cybercrime, which turned out to generally be false.
When you cause damage, there's almost always a law by which someone can sue you for those damages.
What there wasn't, and what the CFAA created, were extra penalties for computer crimes and an ability to charge people with computer crimes where there were no damages (eg Aaron Swartz).
And why should those things need to exist? Theft is theft. Destruction is destruction.
It was an underspecified law, ripe for prosecutor overreach. See: https://www.congress.gov/crs_external_products/R/HTML/R47557...
It fit with 'premeditated intent' intensifiers (where penalties escalate if premeditated intent can be proven)... but that wasn't actually how it was written or how it is used. Instead, it's a method-based checkbox that allows prosecutors to tack on additional charges / penalties. If a computer was used to destroy this thing, add X years the sentence.
Typically it's applied to cases where the information is clearly available, like a drug dealer not remembering his daily driver laptop password, or refusing biometrics unlock. Not, we found this thumb drive within a mile of your house, decrypt it or else.
But of course the standard of "reasonableness" is murky, and you'll find plenty of cases that revolve on such contested judgment.
The oral argument is here: https://www.ca4.uscourts.gov/OAarchive/mp3/23-4451-20250912....
The first question they asked is "why didn't you ask for a bill of particulars?".
Overall, they seemed very confused as to the argument made here - why is the indictment actually insufficient, and what words did you want them to use instead.
I don't think this will be a successful appeal at all - they seem to all agree this is not stuff that goes in an indictment, and to the degree that there was ambiguity, the correct answer was to request a bill of particulars.
At around 10 minutes, one of the judges asks counsel for the best case he has that says he's right, and he can't come up with one at all.
Which is probably the point at which he lost this appeal. :)
To be fair, i don't blame the lawyer, and i expect why the judges are being not too hard on him, is because he's doing his best to argue a losing case because of choices made at the district court level.
That's pretty minimizing of alcohol's contribution to violent acts (bar fights, escalating disagreements at supermarkets/etc, domestic violence) as well as vehicle collisions.
Here's the link to the full docket: https://www.courtlistener.com/docket/16117870/united-states-...
And the factual basis for his plea: https://www.courtlistener.com/docket/16117870/158/united-sta...
https://cyber.fsi.stanford.edu/news/investigation-finds-ai-i...
https://www.techpolicy.press/laion5b-stable-diffusion-and-th...
Someone somehow downloaded the images in LAION 5B to do the actual training, and we know that thousands of these images contained illegal content.
Where's the strict liability? Everyone who ever downloaded and ran Stable Diffusion 1.5, or even Lora's from it, could in some way be held "strictly liable" for the fact that you are simply one prompt away...
The discussion here has focused heavily on the original 2014 CFAA charge. But the current, life-threatening crisis is happening in Michigan, and it's based on a series of supervised release violations that were provably manufactured.
The warrant lists five violations. Here is the truth for each:
"Lost Contact/Absconder": This is a lie. My husband was hospitalized in a VA facility for a mental health crisis, and we have text messages proving the probation office knew his exact whereabouts.
"New Credit": This was identity theft, for which we filed a formal police report. The probation office tried to punish him for being the victim of a crime.
"Unauthorized iPhone": The phone was his authorized work device, issued by me, his formally approved employer (approved by his former PO in writing).
"Failed Restitution": He was paying the amount agreed upon with his first PO. We have the government's own receipts to prove it.
"Cannabis Use": A misleading omission. He has a legal prescription for Marinol for his combat-related PTSD, which the probation office knew would cause a positive test.
Regarding the Texas case, the real issue is not the details of the decade-old charge; it's the corrupt process the government used:
Pretext: The charge was revived just before the statute of limitations expired, and only after my husband refused to help the FBI decrypt traffic from his Tor exit node.
Perjury: His 3-year pretrial detention was secured by the perjured testimony of a U.S. Probation Officer who lied about what a "SPICE graphics driver" is. The FBI agent never corrected this lie on the record.
Collusion: The entire hearing was tainted. We have documented proof that his own defense attorney at the time was actively colluding with his ex-wife to sabotage the case.
This is not about whether you approve of his past actions. This is about whether the government should be allowed to use pretext, perjury, and conspiracy to jail a citizen. The core principle is that everyone is entitled to due process. He did not receive it.
Please do not take my word for it, and do not take the word of anonymous commenters.
Read the primary source documents for yourself. The fraudulent warrants, the court transcript proving the perjury, and the evidence of the conspiracy are all on the public record at rockenhaus.com.
You and I seem to both speak/write English, but there is a language barrier. For me, "authorization" means that they have given me credentials, and any content locked down under those credentials is off-limits.
For you, "authorization" is a magical term that has no real meaning. It means that they want me to have the content. But I am no telepath, and I do not know what they want me to have or do not want me to have. The only way, from my point of view, to know what they want me to have or not is to try to retrieve the content without credentials, and if it succeeds, it's legal.
Of course, there are a few corner cases. What if I discover some software defect that very clearly shows they intended to require credentials, and a test without credentials shows that it is indeed off-limits, but exploiting the defect produces that content? I wouldn't do that, that'd be illegal.
But your way of (non-)thinking is alien to me, and no reasonable judge or legislator could possibly mean what you claim that law states. Or at least what you seem to claim.
>No you're not. Denial of service is a federal crime.
Only with intent. If I send reasonable content that shouldn't be DoS, how was I to know? I intend no crime.
>Yes you do, and this is just beyond silly.
You're the one being silly. You can't even decide what you mean by "authorized".
>The nuance of how you obtained it will be decided in a court.
I'm never going to trial, I'm not even going to be noticed.
>Use of a vulnerability to cause
Use of a clear defect. The biggest and most dangerous vulnerabilities are the apathy and stupidity of their employees, their lack of a sane business model and attainable vision, and so on. Using those is just common sense. There is a popular magazine that is subscription only. But they have the pdf download links hidden with display: none CSS. These links require no authorization. Just knowledge. I retrieve those quite punctually.
The search was for an article my husband was writing for Encyclopedia Dramatica, a well-known (and very controversial) satirical wiki that parodies offensive topics. He was researching the topic to make fun of it, similar to how shows like South Park handle such subjects.
The prosecution knew this search was irrelevant to the actual alleged violation, but they included it in the evidence they gave the judge anyway. This is a classic "poison the well" tactic, using something shocking and out-of-context to prejudice a judge against a defendant.
While the opposition wants to distract everyone with this, the real issues are the ones they cannot defend: the documented perjury by a federal officer, the fraudulent warrants in Michigan, the collusion by his former attorney, and the ongoing medical neglect.
It seems his mistake was not realizing that he was caught between a rock and a hard place. More colloquially he's in the FO stage after FA.
It doesn't seem like anyone is morally in the right, but it also seems like the defendant here was in a legal grey area to begin with.
There's nothing at all CFAA-specific about this; this is really basic US criminal law and it comes up in all sorts of different criminal justice contexts. The terms you're both dancing around are mens rea and actus reus.
KF is a horrible place, but saying that they bullied this person into suicide is an easy scapegoat and a long stretch. Near/Byuu did a lot, deliberately, to bring negative attention to themselves over the years. For someone deeply involved in the emulation scene, they certainly committed lots of the scene's cardinal sins -- dump hoarding and gloating about it in particular.
They also license trolled commercial users of competing emulators as a source of income... Threw temper tantrums about the existence of FPGA-based emulation because it wouldn't use their code...
You only get a thread on KF by behaving like a lolcow.
I was responding to the implication that it's OK for him to be arrested regardless of how, because he did bad and criminal things. The premise of the article being false (i.e. the warrants are fine) wasn't mentioned in the post I responded to.
>I am not defending at all the actions of the FBI.
"I am not defending the EPA, the overzealous enforcement arm of regulatory capture, I am defending the FBI who work closely and collaboratively with many industries, including ours to benefit society as a whole"
Now, obviously that's not a serious opinion, but surely you see what I'm getting at.
>The problem is this exact mindset where we insist that everything is on one massive slippery slope and there's simply no way to differentiate from proper, needed regulation, and the boot of law enforcement being deployed to fuck with the working class at scale.
How exactly does one differentiate at the margin?
>We can tell the difference and it isn't difficult, it simply requires thinking which an unfortunate number of voters don't like doing.
Anything we give power to for good gets co-opted by interests that can't stand garner support on their own because such interests must find things that have good marketing and credibility to advance their causes under.
Furthermore, this failure mode is basically the story of our time. Tons of out institutions suffer from this sort of co-option by entrenched interests, big business interests, etc, etc.
>Reactionary movements have existed for every time the Government says don't do anything
And their existence can be used as a canary. I don't see a lot of people making complaining about or simping for the <shuffles cards> Office of weights and measure or <shuffles cards> state fire marshall's office. Those sort of functions aren't questionable so they don't have pushback arising out of basically nowhere and they don't need constant simpin to fight that pushback like micromanaging what people do with their cars after sale (EPA) and breaking encryption (FBI and friends) does
Now, obviously that's a bullshit statement, but surely you see the reflection.
The whole premise is flawed. We can't just pick "things" for government to enforce or do. That doesn't scale to a nation of 300+mil.
>there is ALWAYS reactionaries because there is ALWAYS a segment of the population that never matures past the age of ten.
I'd ask if you saw the irony in calling the reactionaries ten year olds immediately after thinking you can cherry pick which enforcement beurocracies are good(ish) and bad(ish) as if that's not too subjective of a task to be tractable, say nothing of the fact that they all influence each other, draw from the same talent pools at the higher levels, etc, etc.
(The only actual argument made in this subthread, as far as I can see, is impaired judgment. Which, maybe? But I’d want to see something other than vibes to weigh the risks of worse judgment against the additional recidivism, and my current intuition is that alcohol probably should make the list of risk factors but cannabis probably shouldn’t.)
Some BS CFAA charge for not helping decrypt a Tor session? Fucking evil.
I guess what I’m trying to understand is why that particular part is on the boilerplate to begin with, and more importantly whether it’s doing any good there rather than putting people in prison that otherwise wouldn’t need to be. (I pretty much immediately guessed it’s boilerplate, because that’s the only way it makes sense for it to be among the parole conditions for, essentially, a disgruntled sysadmin that took it out on their ex-employer.) It just trips my righteousness alarm, for things that sound right and proper rather than actually helping. And thus the justification of it being there because it’s how we’ve always done it this way annoyed me especially hard.
The U.K. is waaaaaaay further along in this direction. Wrongthink on a social media post? Jail.
They arrest 30 people a day for this: https://www.economist.com/britain/2025/05/15/britains-police...
As for mental health issues worsening due to THC - that's true, but alcohol has a much higher probability of causing or exacerbating such problems. On the other hand, the therapeutic use of THC has seen much better results than alcohol. If both happen to be legal in that jurisdiction, then banning weed but not alcohol really doesn't make sense. Further, even if possession is illegal, smoking itself (without inhaling, or however that went) isn't against the law in many places.
It really just seems arbitrary and strange, unless there was a psychiatric evaluation that we're not aware of, or this happened somewhere where weed is very strictly illegal (think alcohol in Saudi Arabia-level).
Notably this also isn't the only suicide attributed to the forum, another trans woman by the name of Chloe Sagal also was harassed by them into suicide in 2018, alongside a Canadian woman named Julie Terryberry in 2016.
The forum takes credit for this (though of course, not officially by the admins), with it being basically an explicit goal. I believe they also had a "kill counter" in a thread to count the people they brought to kill themselves. And the fact that they love targeting trans people, autistic people, and basically everyone who's different is a big part of the whole culture they've build.
Note that I prefer to not expose myself to that, so I invite other people to add info or refute something I said.
What I did mean is that declaring certain organizations to be terrorist organizations (HAMAS, Al-Qaeda, etc.) seems to be well within the remit of the executive branch.
The problem with communities like that is that they leave little to no room for redemption and recovery. Once a group of obsessive nutjobs sets their sights on someone mentally vulnerable pretty much the only way is down.
Any chance to improve your life is just going to be met with an increased levels of harassment to get back the entertainment they so desperately crave. I fully believe that a lot of the more famous "lolcows" that committed suicide or spiraled down to really ugly depths weren't actually lost causes until groups like kf got involved. Just people who were a little bit weird or different who if they got off the net and touched grass for better lack of a term and not been discovered by organized gang stalkers could've lived much different lives.
Nobody deserves that level of harassment even if they are a "lolcow"
The CFAA claim was never decided in HiQ. The chances of success on that claim did not look good and Microsoft settled
Even in 2014, 3rd Cir. COA seemed doubtful there was a valid CFAA claim
"5 We also note that in order to be guilty of accessing without authorization, or in excess of authorization under New Jersey law, the Government needed to prove that Auernheimer or Spitler circumvented a code- or password-based barrier to access. See State v. Riley, 988 A.2d 1252, 1267 (N.J. Super. Ct. Law Div. 2009). Although we need not resolve whether Auernheimers conduct involved such a breach, no evidence was advanced at trial that the account slurper ever breached any password gate or other code-based barrier. The account slurper simply accessed the publicly facing portion of the login screen and scraped information that AT&T unintentionally published."
https://web.archive.org/web/20140513205343if_/http://cdn.ars...
I hope you’re doing well.
I'm not in trouble. There is virtually zero chance of this ever being noticed by law enforcement, and even less chance than that of them giving a shit.
Also note, I am not arguing what the worst possible interpretation might falsely convict someone of, but how the law should be viewed, or, if someone can demonstrate to my satisfaction that the law disagreed with, then how it should be altered.
If I have to guess what retards (read: juries) might think is reasonable, then there can be no public internet. We're just a few years after journalists were arrested for looking at html source with "view source", aren't we?
>The terms you're both dancing around are mens rea
I'm only mildly ignorant. Has CFAA ever been considered to describe strict liability crimes?
His intent of releasing the data was bad (assuming he started with that intent!) but he wasn't committing any fraud when collecting it. He didn't bypass any authentication or damage the server. CFAA is the wrong law to use.
If a restaurant puts a bunch of proprietary documents in a dusty corner of the public lobby, you shouldn't browse through them but you're not breaking and entering if you do so. No matter what your intent is.
But if there are burglary tool charges, they should depend on whether you used burglary tools to burgle, not how much theft you did.
The point is that in the physical world there is some notion of proportionality in the response to trespassing depending on the actual damage done and sophistication and premeditation of the act. We don't generally lock up people because they accidentally walked into an area they shouldn't have. But once computers are involved we have laws that automatically make even even minor infractions into a big scary issue that allows the government to essentially destroy someone's live.
In this particular case, I don't disagree that there was probably motivation to the prosecution! They probably did want something from Rockenhaus, and, when they didn't get it straight up, looked for leverage. Unfortunately for Rockenhaus, he had given them a lot of leverage. It looks like it was a lay-up case.
You can call that a moral grey area and I won't disagree, but my point is just, it's not remotely a legal grey area. Rockenhaus' experience of this prosecution is probably no different than that of a typical federal defendant.
Suppose you are leaving a store and heading to your car. For whatever reason, the button on your keys unlocks someone else's car that is the exact same make and model as yours. You hop into the car, your key starts the ignition, and you drive off (Yes, this has really happened). That isn't legally theft because you legitimately believed that was your car - aka you didn't intend to take something that wasn't yours.
For 98% of laws, in order to be convicted, the government needs to prove you intended to commit the crime. Obviously, I'm oversimplifying what is a very complicated topic you spent two years learning, but that's the gist