A Bad Test Case for Hacking

May 19, 2005

INQ7 reports that alleged hacker, JJ Maria Giner, has filed a motion which led to the suspension of the criminal case filed against him for hacking.  The Department of Justice alleges that Mr. Giner hacked government websites.  I haven’t read through the charge sheet but I do know that the primary basis for the prosecution of Mr. Giner is the affidavit he submitted to the DOJ.  The INQ7 report says:

In his counter-affidavit, Giner admitted to sending an e-mail to the National Economic and Development Authority (NEDA), informing the agency about the vulnerability of its website to hackers. With this admission, he argued that if he had the intention of destroying or corrupting the system, he would not have informed the agency.

So, it is Mr. Giner’s defense that he did break into the government websites but he did so in order to substantiate his emails to them that those government sites had security vulnerabilities.  He thought he was doing them a favor.  After all, the government IT managers would have ignored his emails if he didn’t demonstrate the vulnerabilities.  The subsequent emails indicate he was acting with good intentions (among many that line the path to hell, as they say).

Of course, the DOJ’s response is: “The law doesn’t require intent in order to commit the crime of hacking.”  I’m afraid I’ll have to agree with the DOJ here.  There is a string of Supreme Court decisions saying that crimes spelled out in “special laws” are mala prohibita — a lawyerly phrase which means, even if you didn’t mean to do the act, you’ll still be held accountable.

But I digress.

My point is that for all the publicity surrounding it, this is a bad test case for the government for the following reasons:

(a)  This case does nothing to show that the Philippine government can effectively investigate and collect evidence against hackers.  As admitted by the DOJ itself, their main evidence was supplied by the accused. 

(b)  The fact that he’s a white-hat hacker makes it worse.  What he did was harmless and in fact, he intended to help out the government agencies concerned.  Sure, he did break the law but government should run after black hat hackers — technically proficient people who act malevolently and without regard to the damage they cause. 

Script kiddies and white-hat hackers like Mr. Giner should be given a 30-day seminar on ethical computing and be required to listen to Kenny G (or Kenny Rogers) for the duration.  That’s punishment enough. (more…)

IBM’s Blogging Guidelines

IBM just  released its Blogging Policy and Guidelines (from James Snell’s blog).   Check out his post.  What’s interesting is that IBM employees collaborated on a Wiki to draft the guidelines in ten days.  I’m thinking of various projects involving Wiki and peer production of content and this is yet another application I’ve missed — employee crafting of policies. 

I hope you lawyers out there can use this as a template for your clients who’ll need one of these policies for their own internal use.

Many thanks to vonjobi for pointing this out.

US Supreme Court Cites a Blog

US Constitutional scholars scour every corner of US Supreme Court decisions.  Believe it or not, they even debate and agonize over footnotes. Which is why I was intrigued by an email received from one our graduates that the US Supreme Court had cited a blog in a recent decision.  This is just the thing blogging needs right now — some validation from the High Court that blog content is worthy of consideration in matters of Constitutional Law.

He gave me a link to this article which led me to this blog or bLAWg and finally to the decision itself only to find out that the citation (footnote no. 4 of Justice Stevens’ dissent) merely says that a certain document can be found in Prof. Berman’s Sentencing Law and Policy Blog.

Oh, well.  I can dream, can’t I?