←back to thread

Man jailed for parole violations after refusing to decrypt his Tor node

(reddit.com)
989 points heavyset_go | 6 comments | 16 Sep 25 12:10 UTC | HN request time: 0s | source | bottom
Show context
tptacek ◴[16 Sep 25 13:26 UTC] No.45261951[source]
For whatever it's worth, the Reddit story here says that the federal courts used "fraudulent warrants to jail my husband again". Maybe! The other side of that story, via PACER, is a detailed parole violation warrant (you can hear the marshal refer to it in the video); the violations in that warrant:

1. Admitting to using cannabis during supervised release

2. Failing to make scheduled restitution payments and to cooperate with the financial investigation that sets restitution payment amounts.

3. Falling out of contact with his probation officer, who attempted home visits to find him.

4. Opening several new lines of credit.

5. Using an unauthorized iPhone (all his Internet devices apparently have keyloggers as a condition of his release).

These read like kind of standard parole terms? I don't know what the hell happened to get him into this situation in the first place, though.

replies(13): >>45261987 #>>45262004 #>>45262031 #>>45262032 #>>45262053 #>>45262096 #>>45262107 #>>45262359 #>>45262427 #>>45262489 #>>45262691 #>>45263190 #>>45263322 #
tptacek ◴[16 Sep 25 13:33 UTC] No.45262053[source]
OK, I think I found the original thing Rockenhaus was convicted of.

Back in 2014, Rockenhaus worked for a travel booking company. He was fired. He used stale VPN access to connect back to the company's infrastructure, and then detached a SCSI LUN from the server cluster, crashing it. The company, not knowing he was involved, retained him to help diagnose and fix the problem. During the investigation, the company figured out he caused the crash, and terminated him again. He then somehow gained access to their disaster recovery facility and physically fucked up a bunch of servers. They were down a total of about 30 days and incurred $500k in losses.

(He plead this case out, so these are I guess uncontested claims).

replies(12): >>45262123 #>>45262144 #>>45262161 #>>45262367 #>>45262384 #>>45262386 #>>45262724 #>>45262818 #>>45262976 #>>45263837 #>>45263945 #>>45264601 #
petcat ◴[16 Sep 25 13:42 UTC] No.45262161[source]
If all of that is true, then that is a very serious CFAA charge. It makes sense that they would want to downplay it as "minor" and "not relevant". It sounds like the parole violations came later? In any case, thank you for researching. There is always more to the story.
replies(3): >>45262268 #>>45262432 #>>45262527 #
mothballed ◴[16 Sep 25 14:13 UTC] No.45262527[source]
Weev 'violated' the CFAA for incrementing a GET request, with his overturned conviction only for wrong jurisdiction. So the government has put us in a position where it's hard to take the CFAA seriously.

We also know from prosecutions in other statutes that the government will often prosecute a a broad crime with many separate sub-definitions of the various way you can break it, then refuse to tell you under which sub-definition you're being charged, meaning you have no way to know if the jury even were unanimously convicting for the same thing and no way to know what you're even defending against.

replies(8): >>45262557 #>>45262571 #>>45262622 #>>45262628 #>>45262637 #>>45262699 #>>45263111 #>>45269890 #
VWWHFSfQ ◴[16 Sep 25 14:16 UTC] No.45262571[source]
The CFAA isn't super complicated. It basically boils down to:

Don't fuck with other people's shit if they don't want you to.

replies(2): >>45262657 #>>45262929 #
boston_clone ◴[16 Sep 25 14:23 UTC] No.45262657[source]
Are you a lawyer by chance?

I seem to remember cases or interpretations of the CFAA in which even guessing the username password combo of "admin:admin" would violate the act, resulting in teenagers or children being caught up in cYbEr FrAuD

replies(4): >>45262775 #>>45262844 #>>45263173 #>>45263872 #
efdee ◴[16 Sep 25 14:56 UTC] No.45263173[source]
Breaking in in a system, whether or not the password was easy to guess, sounds like a crime to me.
replies(2): >>45263612 #>>45263644 #
1. ethbr1 ◴[16 Sep 25 15:28 UTC] No.45263612[source]
It is a crime!

But CFAA charges should, and this is the issue a lot of people have with them afaict, have a sliding scale for premeditation though.

If I knock on a door, it swings open, and I walk inside and steal something, then imho there should be a lesser maximum charge for possessing burglary tools than if I show up with a lock gun, crowbar, and concrete saw.

A lot of the CFAA excesses are maximum penalties from the CFAA being thrown at people using minimally sophisticated / premeditated methods, in addition to charges about the underlying crime.

That doesn't seem just or fair.

In practice it's turned into an if(computer){increase maximum penalty} clause, solely at the government's discretion.

replies(2): >>45263699 #>>45264020 #
2. efdee ◴[16 Sep 25 15:36 UTC] No.45263699[source]
You have a point. But on the other hand you have no idea of what tools the intruder possesses, only (at best!) what they used.

I think intent probably matters a lot more than the technicality of how you succeeded.

3. JambalayaJimbo ◴[16 Sep 25 15:58 UTC] No.45264020[source]
>If I knock on a door, it swings open, and I walk inside and steal something, then imho there should be a lesser maximum charge for possessing burglary tools than if I show up with a lock gun, crowbar, and concrete saw.

Why? (I'm not a lawyer...) - shouldn't intent and harm (i.e. the value of the stolen item) be the only relevant details? Now of course its much easier to demonstrate intent if there's a crowbar involved, but once that's already established, it seems irrelevant.

replies(3): >>45264653 #>>45270728 #>>45282883 #
4. ethbr1 ◴[16 Sep 25 16:45 UTC] No.45264653[source]
Because that's the way most method-specific laws work, at least in the US.

There's an underlying result crime (eg causing business harm by destroying a database), then the method by which one chose to do it (eg exceeding authorized access to a computer with the intent to cause harm).

The CFAA was originally passed under the erroneous worry that existing laws wouldn't be enforceable against cybercrime, which turned out to generally be false.

When you cause damage, there's almost always a law by which someone can sue you for those damages.

What there wasn't, and what the CFAA created, were extra penalties for computer crimes and an ability to charge people with computer crimes where there were no damages (eg Aaron Swartz).

And why should those things need to exist? Theft is theft. Destruction is destruction.

It was an underspecified law, ripe for prosecutor overreach. See: https://www.congress.gov/crs_external_products/R/HTML/R47557...

It fit with 'premeditated intent' intensifiers (where penalties escalate if premeditated intent can be proven)... but that wasn't actually how it was written or how it is used. Instead, it's a method-based checkbox that allows prosecutors to tack on additional charges / penalties. If a computer was used to destroy this thing, add X years the sentence.

5. Dylan16807 ◴[17 Sep 25 02:06 UTC] No.45270728[source]
If you're saying there should only be theft charges either way, that's fine.

But if there are burglary tool charges, they should depend on whether you used burglary tools to burgle, not how much theft you did.

6. Strat296 ◴[17 Sep 25 23:44 UTC] No.45282883[source]
Am a lawyer - You're correct. Intent is key and almost all laws are based around intent or, in legal parlance, "Mens rea" or the guilty mind. That is what separates a legal act from an illegal act: the intention behind it.

Suppose you are leaving a store and heading to your car. For whatever reason, the button on your keys unlocks someone else's car that is the exact same make and model as yours. You hop into the car, your key starts the ignition, and you drive off (Yes, this has really happened). That isn't legally theft because you legitimately believed that was your car - aka you didn't intend to take something that wasn't yours.

For 98% of laws, in order to be convicted, the government needs to prove you intended to commit the crime. Obviously, I'm oversimplifying what is a very complicated topic you spent two years learning, but that's the gist