Archive for September 18th, 2008

h1

Did Palin’s Email Hacker Break The Law?

September 18, 2008

I was hoping to see a WPPBA thread on this subject, so I thought I’d just throw it out there for the Alliance…

With all the buzz over this, I’ve seen plenty of claims on blogs out there that what was done here constitutes a federal crime.  What I haven’t seen, however, is exactly which law was broken.  I’ll admit that I’m no lawyer, and I’m still trying to figure this out, so I’m hoping that someone can help me in the comments section here. 

For the time being, I’ll start with what I know.  Via the much linked-to Malkin page, the pertinent part of the hacker’s “confession”:

In the past couple days news had come to light about palin using a yahoo mail account, it was in news stories and such, a thread was started full of newfags trying to do something that would not get this off the ground, for the next 2 hours the acct was locked from password recovery presumably from all this bullshit spamming.

after the password recovery was reenabled, it took seriously 45 mins on wikipedia and google to find the info, Birthday? 15 seconds on wikipedia, zip code? well she had always been from wasilla, and it only has 2 zip codes (thanks online postal service!)

the second was somewhat harder, the question was “where did you meet your spouse?” did some research, and apparently she had eloped with mister palin after college, if youll look on some of the screenshits that I took and other fellow anon have so graciously put on photobucket you will see the google search for “palin eloped” or some such in one of the tabs.

I found out later though more research that they met at high school, so I did variations of that, high, high school, eventually hit on “Wasilla high” I promptly changed the password to popcorn and took a cold shower…

So, the hacker was basically able to exploit Yahoo!’s password recovery system, reset it, and gain access to the account (quite easily, it would seem).  In other words, this person used the tools that Yahoo! itself provides visitors to its site, as opposed to something akin to a script kiddie “hack”.  (Nevermind what this says about Palin and/or Yahoo!’s ability to protect a password, I’m still trying to make sense of what law was broken. )

Remember that Yahoo! is basically a free email service, so to me, it would be unclear if anything that transpires on their servers is “owned” by Palin or anyone else who uses it.  I would think that you’d be at the mercy of Yahoo! and whatever their terms of service are.  So, speaking of that (emphasis mine):

5. MEMBER ACCOUNT, PASSWORD AND SECURITY

You will receive a password and account designation upon completing the Service’s registration process. You are responsible for maintaining the confidentiality of the password and account and are fully responsible for all activities that occur under your password or account. You agree to (a) immediately notify Yahoo! of any unauthorized use of your password or account or any other breach of security, and (b) ensure that you exit from your account at the end of each session. Yahoo! cannot and will not be liable for any loss or damage arising from your failure to comply with this Section 5.

I don’t know about you, but what I’m reading there is that the responsibility for Sarah Palin’s password winding up on some 4chan message board falls on….Sarah Palin.  In fact, as you read the terms of service, one gets the impression that any given user can expect very little guarantee of, well, anything.  Heck, they can just shut your account down if they feel like it (see section 15).

So, I open up the thread to enlighten myself.  Was the offence related to posting the new password online?  Just accessing the account? 

Have at me, and I’ll update when I see the light.

 

WordPress.com Political Blogger Alliance

Update: I was wrong about the WPPBA not having a thread up. DandelionSalad has one (that’s getting a lot of hits, actually), with more background on what happened.

Update:  Another WPPBA member posts, this one hoping the culprit goes to jail.  Still waiting for the charge…

Update:  Another reason I ask, is because there are “lock door/throw away key” comments being posted on other blogs, or discussions about whether Palin should show mercy and drop the charges.  But no one seems to be stopping to ask if there is a there there to begin with. (of course, going public with showing mercy in light of having nothing to charge the kid (?) with might just be a great political cover for the aforementioned section 5 oopsy).

Update:  I thought I’d add that Gawker (the site that posted screenshots of the emails in question), feels good about their legal situation. Here is the rundown on their coverage.

Update:  Thanks to commenter Mike who finds a post over at the Volokh Conspiracy, and OrinKerr states:

UPDATE: The FBI and Secret Service are conducting a joint investigation. The easiest crime to prove here is 18 U.S.C. 1030(a)(2)(C), accessing a protected computer without authorization to obtain information, with the possibility of felony liability under 18 U.S.C. 1030(c)(2)(B)(ii)-(iii) and also the possibility of felony liability under 18 U.S.C. 1030(a)(4). As with most computer crime cases, the real trick will be finding the bad guy rather than finding a charge.

For the record: § 1030. Fraud and related activity in connection with computers

I dunno.  I think the “trick” would be equating what happened and “accessing a computer without authorization”.   Again, what this person essentially did was gain access to web pages (as opposed to a computer) using the tools that Yahoo! provides.  No trojan horses, no spyware, no keystroke logger.  It will be interesting to see how this plays out, but I’m not seeing anything sticking at this point.  But again, I’m not a lawyer and am unaware of precedents here.

Update: The most comprehensive breakdown I’ve seen thus far of the legalities involved at Threat Level: Little or No Jail Time Likely for Palin Hacker 

The law really does appear to be ambiguous on this one.  But to prove how little I know, I had no idea that there was such a thing as the Stored Communications Act.

Update:  There’s been an indictment, and they’re charging him in violation of 18 U.S.C. Section 2701 and 1030(a)(2) (as Volokh predicted).

Update:  There’s and excellent discussion going on over at Volokh, and the title says it all:  Is the Palin E-Mail Hack Indictment Legally Flawed?