Will Somebody Please Do Something About Boston?
What the heck is going on in Boston? Apologies to any Bostonians in the audience, but something is in the water, at least in the education and law enforcement districts. Once again, the "Cradle of Liberty" is in the news as the Defenders of the Fourth are forced to rush in to defend the baby against the hand that rocks the cradle.
Last August, Boston made big news, at least in tech circles, when representatives of the city's transportation system rushed into federal court at the last moment — on a Saturday, no less — an made an ex parte petition for an injunction to prevent three MIT students from presenting their research into flaws in the city's Charlie Card system at DefCon 2008. As it usually goes in these cases, the judge on weekend duty at the federal courthouse opted to exercise prior restraint in blatant disregard of the First Amendment rather than electing for something more temperate — and legally justified — like holding a hearing where the accused could present a defense and cross-examine their accusers — you know, the general American adversarial system that has worked for more than two hundred years now. A second federal judge — after waffling like an Eggo salesman — eventually vacated the injunction, finding that the Massachusetts Bay Transportation Authority's petition lacked legal merit, and — though professional courtesy prevents saying so unless you're an appellate court — that the injunction never should have been issued in the first place.
Obviously, someone wasn't paying attention, because the Electronic Frontier Foundation and other civil liberties organizations are now rushing to the assistance of a Boston College student whose dormitory room was raided by campus police, who seized a number of computers and other technology, including his iPod and cell phone. They've now turned the items over to the Massachusetts State Police, who are performing forensic analysis on the items.
So, what horrible crime led police to conduct this imitation Inquisition? Someone sent an anonymous email to a campus email list saying — wait for it — that another student was gay.
Now, first off, being gay isn't a crime, and neither is saying someone else is. Even if it's untrue — and we have no clue, we're not in the social scene at BC — it is, at the very worst, a slanderous (or libelous) utterance, a civil offense over which the police have no jurisdiction and into which they are prohibited from intervening. How, then, have they justified — as though anybody bothers to justify anything before they do it anymore — their actions? The same way the MBTA did, of course: the Computer Fraud and Abuse Act, the catch-all law for anyone who wants to concoct a computer crime without the trouble of contacting Congress.
Apparently this young man — who was a computer science student, no less — is guilty of "obtaining computer services by fraud or misrepresentation" and obtaining "unauthorized access to a computer system" — by sending an email. Now, this either says something incredibly bad about the police — and it does — or about the IT department at Boston College. Either the police are so poorly educated in the laws they are supposed to have sworn to uphold that they can't tell the difference between cracking boxes at the DOD and sending an email, or, if sending an anonymous email to the campus listserv is really "unauthorized access" obtained by "misrepresentation," then the IT Department at Boston College is so utterly inept that they can't figure out how to moderate a simple email list.
Just what did these valiant enforcers of the law list as probable cause for seizing this equipment? The student was observed with a number of laptops he was supposedly repairing for others, he has multiple logins for his computers, and he uses a strange operating system with a black screen and white text, and when using this operating system, which isn't the "regular B.C. operating system," he types bizarre "prompt commands" into it. Good God, if that's all it takes to be guilty of violating the CFAA, then they'd better start building more prisons, because there's a heck of a lot of us to lock away.
So now, the student's computers are sitting in the police crime lab, presumably to be forensically analyzed by the same people who can't tell a cracker from Grandma sending her holiday snaps, the student has been suspended from his job, and he no longer has access to the equipment necessary to do his coursework. The poor kid doesn't even have his iPod or cell phone — which have what to do with the non-criminal act of sending an email?
Thankfully, the EFF have filed a motion to quash the search warrant[PDF], as beautifully worded as it was, petitioning to have his property immediately returned to him and to enjoin the police from making any further searches or undertaking additional analysis of his data. With any luck, as soon as the court has granted the motion — and they will, eventually, even if it has to be done by order of the federal courts — the EFF will turn around and bring suit on the young man's behalf, seeking damages against the college, the campus police, the Massachusetts State Police, and anybody else who assisted in this Constitutional clusterbuster. Perhaps then, eventually, these "Guardians of Liberty" will begin to remember what Boston used to be about — and what happens when you run roughshod over the people's rights.
Justin Ryan is a Contributing Editor for Linux Journal.
|Where's That Pesky Hidden Word?||Aug 28, 2015|
|A Project to Guarantee Better Security for Open-Source Projects||Aug 27, 2015|
|Concerning Containers' Connections: on Docker Networking||Aug 26, 2015|
|My Network Go-Bag||Aug 24, 2015|
|Doing Astronomy with Python||Aug 19, 2015|
|Build a “Virtual SuperComputer” with Process Virtualization||Aug 18, 2015|
- Concerning Containers' Connections: on Docker Networking
- A Project to Guarantee Better Security for Open-Source Projects
- Problems with Ubuntu's Software Center and How Canonical Plans to Fix Them
- My Network Go-Bag
- Where's That Pesky Hidden Word?
- Firefox Security Exploit Targets Linux Users and Web Developers
- Doing Astronomy with Python
- Build a “Virtual SuperComputer” with Process Virtualization
- Three More Lessons
- diff -u: What's New in Kernel Development