The key to the whole story is buried for some reason on the second page: "Prosecutors disputed this and maintained that chat logs recovered from Gonzalez’s computer described illegal carding activity that Gonzalez conducted and showed that Watt at least had broad knowledge of what Gonzalez was doing, if not the details. As Gonzalez and his gang hacked target after target, he sent Watt links to news stories describing the breaches, though he didn’t acknowledge in the correspondence that he was behind the attacks.
Watt’s attorney told Wired in 2010 that his client accepted 'responsibility for aiding people that he knew would commit wrongdoing. However, he is very disturbed by the government’s aggressive attempt to make him into more than what he is.'"
The article spends a page and a half making you think that he's just some innocent guy who wrote a program for a friend who ended up using it maliciously, when in reality he admitted that he helped Gonzales who he knew was going to use it to commit crimes.
This is open and shut aiding and abetting a felony. And not some vague made-up felony. A felony that actually deserves to be a felony. Without taking any affirmative measures when he found out to turn his friend in, and without cooperating with police when he was charged with helping in the scheme. Is it the mark of an innocent person to you that when he found out his software had been used to commit a crime, even then he didn't help the police? The judge did absolutely the right thing in not giving him probation in order to send a signal.
I'm going to argue contrariwise: say I write a compiler for a language I created. It's a niche thing and some guys find that it works really well for, e.g., doing network traffic analysis (work with me here, it's just an example), and it becomes the preferred tool to write hacks using network traffic (WPA2 sniffers, etc).
Do I have a responsibility to turn these people in? I know some/many/most of the users are grey/black hats. I might even have a notion of who those people are.
---
Let's flip the argument a wee bit. Say you're working for a weapons contractor building simulators and other tools for drones & ICBMs. You have a pretty good idea that your work is being used for death and destruction. You see some videos on the evening news of some people getting killed by a drone you helped build. Do you bear responsibility for the use of that drone?
Because I see the answer to both to be about the same.
There is nothing novel about this situation. The law on aiding and abetting has been stable forever. A person does not is not responsible if an, otherwise legal, tool they create is used to commit a crime. A person is responsible if an, otherwise legal, tool they create is used to commit a crime, and they know at the time of rendering that aid that there is a certainty or high probability that aid will be used to commit a crime. There is nothing illegal, for example, about opening a door. It is illegal, however, if you open a door for someone being chased by cops to help him escape and you know that the person is running away from a crime scene.
> You see some videos on the evening news of some people getting killed by a drone you helped build. Do you bear responsibility for the use of that drone?
Of course you do. You created a tool that you knew not only had the potential to kill people, but would be in fact used to kill people. But it's not a crime because it's not a crime to kill people in war.
The article says it was a packet sniffer. How would he know what the planned use was? In terms of your analogy, it would be like finding out only later that you opened the door for a crook. (Of course, he might have known from other correspondence, but it seems strange to assume that.)
As I understand it (that is: minimally) it was not just a packet sniffer. Why would anyone bother to write a packet sniffer anymore? It was a sniffer designed to capture credit card transaction information.
The article, if you read through to the second page, also says:
1) The prosecutors had IRC logs found on his computer that suggest he knew in general terms what Gonzales was doing with his packet sniffer, and was receiving links from Gonzales about his break-ins;
2) Watts admitted that he knew Gonzales was doing something wrong.
If he genuinely had no idea what his software would have been used for that would be a totally different case.
The article cannot substitute for what the jurors saw, to be fair. Not that jurors are infallible, but still, all we know comes from a few lines on Wired. Presumably the jurors saw the evidence and didn't believe his denials.
There is knowing with all its degrees but also there is 'should have known.' I suspect that he knew what his pals were up to and that's good enough.
There is a reason why we do not charge Soldiers with murder when we tell them to go fight for us. It is the same reason we don't charge weapon makers for the deeds there weapons/tools are used for. In the first case, the responsibility lies with the people who elected that government that gave the order. Not the Soldiers following legal/moral orders. In the second the same applies, the tool maker can not be responsible for the actions of the tool user, that falls on the tool user no where else.
In the case of the person in the article, he just got screwed over by the government, by lawyers shifting the personal responsibility to the tool maker instead of the tool user.
"Watt, by contrast, evidently earned no money from the scheme and didn’t participate directly in the breaches or possess stolen card data. His primary overt act was to code the sniffer tool for Gonzalez, for which he received no payment
But Watt refused to cooperate with authorities to help make their case against Gonzalez — aside from the fact that he was resolved not to snitch, he also maintained that he had no specific knowledge of his friend’s hacking scheme. His defiance may have been what did him in"
What's with people taking what accused computer criminals say at face value?
"Watt says he didn’t know the code would be used to intercept credit card data. 'I assumed it would have something to do with web traffic or instant messaging conversations or logins of some other protocol not related to the credit card information,' he told Wired in 2010.
Prosecutors disputed this and maintained that chat logs recovered from Gonzalez’s computer described illegal carding activity that Gonzalez conducted and showed that Watt at least had broad knowledge of what Gonzalez was doing, if not the details. As Gonzalez and his gang hacked target after target, he sent Watt links to news stories describing the breaches, though he didn’t acknowledge in the correspondence that he was behind the attacks.
Watt’s attorney told Wired in 2010 that his client accepted 'responsibility for aiding people that he knew would commit wrongdoing. However, he is very disturbed by the government’s aggressive attempt to make him into more than what he is.'"
It sounds like the jury didn't believe his story, particularly given the IRC logs and the links from Gonzalez describing the hacks. I can't say it's an unreasonable conclusion on their part.
You have a friend who is into lockpicking. Hey, that's a perfectly legal hobby as long as you're picking your own locks.
You have a Dremel tool and a grinding wheel, so he asks you to make him some custom picks. You don't know initially what these things will be used for, and you intentionally don't ask him what they're for. As it turns out, they're built for breaking into a specific make of lock that is only used on government installations. So, there is no way that it's just a hobbyist thing.
Your buddy then goes and steals government secrets with your custom picks so that he can sell them to China. He then sends you links to news stories talking about the thefts. You know that he's doing the crimes, but you say nothing. And when the police come by and ask you if you made the picks, you lie and pretend that you don't know anything.
Do you deserve the same sentence as him? No. But I'd say that you deserve prison time.
>>>> And when the police come by and ask you if you made the picks, you lie
Right here you're screwed, regardless of the rest. Making false statement to a government agent is a crime of itself, regardless what this statement is about. You could say "I'm not talking to you" or "Fifth amendment, to the rescue!" but if you lie, they can knit a nice prison sentence out of it.
This is not a "toolmaker" case (i.e. suing gun manufacturers for murders). Because of his knowledge of the crime, it's a straight up "aiding and abetting" or "conspiracy" case. He didn't just make a tool. By making the tool knowing what it was going to be used for, he participated in the actual crime.
No its not like it or not sovereign states use of force in a Just war is not the same as knocking over a bank.
Anyone whose worked in high end technical computing will have faced this and you have to decide at the time if you are cool with that.
For example at my first job I had to anlyse data from one of our test rigs and I commented to the guy I shared an office with that that looks like a REDACTED and his comment yeah probably REDACTED the Upgrade for the REDACTED weapon system - the one the then PM hadn't told the Cabinet about for a long time.
I had to sit down and think how I felt about this and if I was happy working on this sort of thing.
If you could reasonably foresee that the thing was going to be used in that way, yes, you bear responsibility. It's not like you just happened to make something that just happened to be used for crime in addition to the more reasonable uses you expected it to be used for instead.
Oh, granted, other people are responsible too - perhaps even more responsible than you. However, responsibility isn't an exclusive property, two or more people can be jointly responsible.
I don't get any indication the authors wanted to paint the guy as innocent in any part of the article. I think the point of the article is "does the punishment fit the crime?".
No one is saying the guys isn't responsible, but how responsible, that's what matters.
"The crime" is not "writing software," which is what the article makes it out to be by burying the details about Watt's knowledge on the second page. The crime is "knowingly aiding massive identity theft and fraud by writing software."
The law, for obvious reasons, defines your guilt in aiding and abetting cases based on the seriousness of the underlying crime and your knowledge of the nature of that crime. Helping some guy break into a 7/11 knowing he intends to steal beer is a lot less serious of a crime than doing the same exact action knowing he intends to kill the cashier.
Sounds like you are in full agreement that a young guy that received no monetary reward should be punished for the rest of life for a program he wrote in 10 hours.
Also you seem to be in complete agreement that the prosecutors got it right on this one, as it seems sure you would agree that they got it right on the Aaron Swartz case.
We all know that the government gets it completely right on these cases, right? /sarcasm
His crime was not writing a program in 10 hours. His crime was, as the jury convicted him of it, writing a program for someone he had a lot of reason to suspect was a criminal, knowing that he intended to use it for criminal purposes. I think after all that, and after failing to cooperate with police even after he became aware of the full extent of the crimes he aided,* I think two years in low-security prison is not an unduly harsh sentence.
If it was just the program, it would be a whole separate matter. But as much as the article wants you to think that, if you read the whole second page, you can see that the evidence the jury had in front of them painted a different picture.
As for being punished for the rest of his life--the government didn't do that. The government punished him for two years, for aiding in a crime that resulted in tens of millions of dollars in fraud. The fact that people don't want a guy like that working for them after serving his time is somewhat unfair, but also pretty understandable.
*) The article makes "not snitching on your friends" out to be some noble thing, but it's not and that's not how civilized societies work. If this were guys at Enron and not hackers, Wired would never be so sympathetic to that kind of bullshit.
Having to pay 171 million in restitution is pretty much a life sentence don't you think?
I don't think anyone here is saying there should have been no punishment or consequences, but do you seriously think his sentence is proportional to his crime?
"Failing to cooperate" and "not snitching" are two different things. By all accounts, he cooperated fully, and even accepted responsibility. What he didn't do, was snitch.
Being a snitch is reprehensible. He was more than reasonable.
Edit: doh. Posted this without realizing that you'd made an edit, dobbsbob. Oh well. I think the point is still valid, just not as a response to you :)
---
While I tend to agree about overzealous prosecutions when it comes to computer crimes, let's not pretend that there aren't individuals being hurt by some of these crimes. I am a bit fuzzy on the exact nature of the fraud, but I get the impression that it was either small businesses or individuals that were hit. Dealing with fraudulent charges is neither easy nor stress free, even when it is clearly the case that fraud occurred. Sure, most eventually get it resolved, but as someone who has had to navigate those bureaucracies before I know how unpleasant it is.
This is not to say that business owners facing high stress and uncertainty about their financial future is sufficient justification for the magnitude of the punishment, but it isn't always just the major corporation that suffers.
I think this is a case of journalistic malpractice. The article when I read it gave me the impression that Watt is some kind of innocent programmer that a friend asked him for a favor to write some innocent utility for him and maybe talked too much about his illegal activities but Watt did not give it any weight and when he refused to help feds to make case against his friend the feds threw the book at him.
When I read the background information on Watts missing from the article but mentioned here on HN, turns out he was an experienced security researcher with strong indications at being blackhat and at least having great knowledge in blackhat activities and manufacturing blackhat tools himself, and being proud of it. That's a bit different picture than the original article is painting.
> "Prosecutors disputed this and maintained that chat logs recovered from Gonzalez’s computer described illegal carding activity that Gonzalez conducted and showed that Watt at least had broad knowledge of what Gonzalez was doing, if not the details.
The lesson here to take away from this is to encrypt your stuff and if you're doing some kind of criminal activity to make (or force) your associates do the same.
Or don't associate with criminals. You ever hear stories about poor black kids who have friends involved in gangs and then get dragged into their crimes? People don't believe them when they claim they didn't know about/didn't help their criminal friends. This is the same shit.
The government really tries to cripple you following any sort of felony. Isn't going to prison and not doing the things you normally do, for any extended amount of time, enough punishment as it is? Isn't the whole thing supposed to be about rehabilitation for tendencies that hurt society and the fostering of tendencies that would help it? I'm not saying prisons, or the whole system, are rigged to perpetuate more crime, but it feels like you'd have to do some sort of illegal activity to stay afloat after losing everything then constantly getting held under water after release so as not being able to make a rent payment.
I'm not saying prisons, or the whole system, are rigged to perpetuate more crime, but it feels like you'd have to do some sort of illegal activity to stay afloat after losing everything then constantly getting held under water after release so as not being able to make a rent payment.
Bad things don't happen to good people, and good people don't do bad things or associate with bad people.
If someone gets arrested or convicted for doing something bad, then you associating with them must mean that either (1) you are also a bad person, or (2) bad things do in fact happen to good people, and could happen to you.
This would suggest that a way to fix things would be to publicize that the system has a disturbingly high error rate (bad things do in fact happen to good people) and the damage from that needs to be reduced. Another way would be to get rid of the belief that (getting caught) doing one bad thing makes you forever a bad person, but that would require working against how intolerance seems to feed on itself...
"Bad things don't happen to good people, and good people don't do bad things or associate with bad people."
I really can't believe people can actually go through life and think this is a remotely reasonable statement. I'm not sure there are many statements in existence that I could disagree with more strongly...
Yes, absolutely. After we're "done" fixing gay rights (because it's hard to get everyone behind more than one thing at a time), there's a very strong case that we need to fix felons' rights.
I believe that with the current "make it legal" happenings for marijuana, and the fact that huge amounts of people are forever fucked because of posession felonies, the two things should be more inter-twined than they currently are. As such, I would argue that laying the groundwork for this sort thing should be (and arguably is) happening now, while the gay rights stuff is center-stage.
Exactly. My brother may or may not be dealing with possession charges that would have warranted nothing more than a ticket if they happened ~60 miles to the West.
If this guy worked for Morgan Stanley then why isn't he coding Bitcoin/Litecoin/PPPcoin trading engines? Screw wallstreet, work for the hacker wallstreet
Because if he uses a computer for anything but his web development job (unless he is monitored by an appropriate authority), he violates his terms of probation and gets a second felony?
No reason he can't turn web development into bitcoin trading engine development by asking them. I know three sites that would apply to be his auth employer immediately regardless of prison history. That's all he needs to change jobs, a letter of employment confirmation sent to the parole board. I know because I was on probation once when I was 19 for some BS hacking charge and had the same restrictions
There is the very real question here - He got special dispensation to do the stuff at his work. It may be (I don't know but wouldn't be surprised if it was) logged/monitored by law enforcement, even if it isn't, the reasonable suspicion is there. So:
Would the judge, probation board, or whoever is in charge be ok with something like bitcoin? It is pretty linked in the popular mind with criminal doings.
Would any bitcoin exchange be OK with their development potentially being monitored by the government?
I think both of these are pretty likely answered in the negative.
Really? Because even the most amateur exchange operator like Bitcoin24 was making thousands per day. Look up how much cavirtex.com is making lately, or bitstamp.net
Regardless of his level of guilt, the aim of the prosecutors/government was not to punish, nor to rehabilitate - they wanted to break him. This is not 'justice'.
And, sadly (in my opinion), it appears they succeeded.
Sorry but I have little sympathy for this guy. He knew or should have known that he screwed many people's lives (clearing up the mess thanks to your stolen CCs is a nightmare) and cost hundreds of millions.
He should've been happy making $130k a year in 2007
Watt’s attorney told Wired in 2010 that his client accepted 'responsibility for aiding people that he knew would commit wrongdoing. However, he is very disturbed by the government’s aggressive attempt to make him into more than what he is.'"
The article spends a page and a half making you think that he's just some innocent guy who wrote a program for a friend who ended up using it maliciously, when in reality he admitted that he helped Gonzales who he knew was going to use it to commit crimes.
This is open and shut aiding and abetting a felony. And not some vague made-up felony. A felony that actually deserves to be a felony. Without taking any affirmative measures when he found out to turn his friend in, and without cooperating with police when he was charged with helping in the scheme. Is it the mark of an innocent person to you that when he found out his software had been used to commit a crime, even then he didn't help the police? The judge did absolutely the right thing in not giving him probation in order to send a signal.