Apparently Being Too Dumb To Know Better Is A Legal Hacking Defense,… For The President’s Son

Comment The President’s son Donald Trump Jr broke the Computer Fraud and Abuse Act, a US federal law.

That’s not an opinion, incidentally, it’s a fact, at least according to the Mueller Report, finally published earlier this month. However, that dossier makes it plain that federal prosecutors ultimately decided not to press charges against Don Junior, and that decision has become the subject of debate by law professors this week.

Before you get ready to rage-tweet or fury-comment, though, you may find the debate is disappointingly reasonable since it is built around how badly written tech law has ended up giving prosecutors too much leeway in deciding when to bring cases and when to let them drop: a situation that everyone should be able to agree is not a great thing.

But before the reasonableness, let’s get some digs in. The president’s son is such a weapons-grade idiot that this isn’t the only time that Mueller decided not to prosecute him for breaking the law because he was too thick to realize that what he was doing was illegal.

The other time is, of course, when he agreed to a meeting in Trump Tower with Russians offering “dirt” on Hillary Clinton. Accepting help from a foreign power during an election is a federal crime but Mueller ultimately decided not to prosecute because for Don Junior to be found guilty it would have to be proved that he knew he was breaking the law.

And, without explicitly saying it, Mueller decided that Trump Jr’s inevitable “I don’t really know what’s going on at any given point in my life” defense was going to be all too believable.

trump jr

New info demonstrating Don Jr.’s intelligence

But back to this particular piece of idiocy: he was sent a direct message from Wikileaks during the election campaign about a new site that was about to go live at putintrump.org that purported to have evidence of misdoing between the Trump Campaign and Russian government. Wikileaks had correctly guessed the (terrible) admin password of putintrump.org – it was “putintrump” – and sent the password to Don Junior as a heads-up.

Same law, wildly different end result

Now, logging into someone else’s website using a hacked password in order to access information is, for obvious reasons, not legal. In fact it is a federal crime under 18 U.S.C. § 1030(a)(2) of the Computer Fraud and Abuse Act.

But the prosecution of this crime can vary from nothing more than a misdemeanor to as serious as a felony, depending on the circumstances. Guessing the password to some random WordPress blog is obviously not going to be the same as hacking into the servers of a financial institution.

But because the law is currently so poorly structured and defined, the end result of this ability to either lock someone up for years or give them a slap on the wrist for the exact same crime, has meant that such decisions come down almost entirely to prosecutorial discretion.

What we didn’t know until this month is whether Don Junior actually used the password Wikileaks had sent him to access the site and dig around. But now we do [PDF, p33]. He did.

Guys I got a weird Twitter DM from wikileaks. See below. I tried the password and it works and the about section they reference contains the next pic in terms of who is behind it. Not sure if this is anything but it seems like it’s really wikileaks asking me as I follow them and it is a DM. Do you know the people mentioned and what the conspiracy they are looking for could be? These are just screen shots but it’s a bully built out page claiming to be a PAC let me know your thoughts and if we want to look into it.

Which is an absolutely clear-cut case of breaking the law. But Don Junior is such a moron that he didn’t even think twice about maybe not doing what someone suggested.

Mueller decided not to prosecute him for it though. Why? Well, we don’t know. Because the relevant part has been redacted by Attorney General Barr using the most unjustifiable version of his many redactions – that of “personal privacy.” Which, as they say these days, is “not a thing.”

don jr

Redacted so you don’t know it’s Donald Trump Jr

Not important

Fortunately, no one is really arguing that Don Junior should be prosecuted for being dumb enough to actually log into someone else’s server using a password sent by an anonymous stranger. Given the unimportant nature of the website, it definitely fits into the misdemeanor side of the sentencing equation.

Donald Trump and Vlad Putin

We’ve read the Mueller report. Here’s what you need to know: ██ ██ ███ ███████ █████ ███ ██ █████ ████████ █████

READ MORE

But by redacting the reasoning in the Mueller Report to avoid embarrassing the president and his son, law professors are arguing that we are losing a critical piece of guidance for future prosecution.

It is fair to assume that Mueller and his team carefully considered whether to prosecute what is an obvious breaking of the law and, due the spotlight that was going to be put on any such decision, were very careful in explaining how they reached that decision.

In the absence of properly worded and defined law covering the unauthorized entry into other people’s computers and servers, having that kind of expert opinion would be extremely useful.

But as with everything around Trump and the Russia investigation, it seems the world is determined not to learn anything useful from it but instead use it as a weapon against whoever you happen to dislike today.

And for Trump supporters, you can also get annoyed about this decision because ill-defined prosecutorial discretion was also behind the decision by former head of the FBI James Comey not to prosecute Hillary Clinton over her use of a personal server to carry out official government business. Not so much “lock her up!” as “better define the statutes to provide greater clarity in future decisions!”

When/if the Mueller report does finally get unredacted, this part of the report may provide some useful guidance and hence case law to better define computer fraud. ®

Sponsored: Re-designing Linux Security: Do No Harm

READ MORE HERE