19 July 2013, Jonathan Rochkind
I attended the Bradley Manning court martial trial on one full day yesterday, and another half day of trial a couple weeks ago. The trial is taking place at Ft. Meade, only about 30 miles from where I live in Baltimore. I wanted to take advantage of the opportunity to view what I think is a historic event in person, and also to show support for Manning who I consider a hero. The trial is open to the public — although they aren’t providing any transcripts to those not there in person.
It is a very confusing trial, at least for a non-lawyer who only has been following it only intermittently like me. Lots of laywers making legal motions where I’m not sure what they’re talking about; lots of questioning of witnesses where you have to interpret the subtext of lines of questioning that initially appear bizarre, to understand how they actually relate to the either side’s case. It is hard for me to summarize with a single narrative; and at the same time full of suggestive threads leading in many directions; which leads to this rather long report, sorry.
But one thing that occured to me, with my own background as a computer programmer, is how the case is essentially a “computer crimes” case, with all the themes that my fellow techies will recognize from other computer crimes cases — all the infuriating incompetence of our legal institutions to deal with technology. All of Mannings alleged crimes were conducted with a computer over the internet, and the major charges that are being challenged (Manning has pled guilty to some charges)include the Computer Fraud and Abuse Act (CFAA).
For instance, one of the charges against Manning involves a ‘theft’ of computer records, under a statute (sorry, I don’t have the particular one) that, among other things, requires theft of at least $1000 worth of property. Yesterday, the defense tried to argue before the judge that the prosection had charged Manning with theft of the wrong ‘thing’, a ‘database’, rather than database records, copies of records, or the information held within. The prosecution somewhat reasonably argued that theft of a ‘database’ implies theft of information, they are inherently associated. But the defense made the even more reasonable claim that you can’t use the production cost of the database itself (including hardware costs, software development costs, etc) in calculating the value of the ‘property stolen’, when that database is still there in the governments’ posession and always has been, with no interruptions. The judge sadly didn’t seem to find this a reasonable argument, although we’ll see. But it is a familiar trope from piracy and other digital ‘theft’ cases: How can you steal something when the original owner still has posession?
In one sense this seems just legal nitpicking — and there were plenty more legal details around the technicalities of this particular law — but legal nitpicking is pretty much what a trial like this IS. The facts of what Manning did aren’t in signficant dispute, how the laws he was charged under may or may not actually apply to those acts is. As is common in computer crimes cases.
Two weeks ago when I attended, there was much examination and cross-examination that seemed to be around whether the printed out screenshot of a certain twitter.com/wikileaks/xxxx url could be assure to be: from twitter at all; really from the wikileaks account; really posted by wikileaks; really the same thing today that it would have been two years ago when Manning may have looked at it. (As far as I can tell, this had to do with trying to establish if there was coordination between Manning and wikileaks, which is relevant for an espionage or ‘aiding the enemy’ related charge)
Which, when you really start thinking about it, is a fundamental digital epistemological quesiton without certain answer. But here, was being discussed in front of a judge and by lawyers who seemed not to understand what a URL was, what twitter was, how google worked, or how the internet worked, in circular discussion equal parts marx brothers amusing and terribly dull. At least an hour was spent discussing whether searching for something on google and then clicking on a link was the same as searching directly on twitter for something — including some incorrect confusion over the difference between retrieving something from the ‘google cache’, and clicking on a link in the google search results. Another half an hour of confusion over the change in twitter’s canonical reference URLs (which used to include a “#” hashmark, but no longer do, although nobody in the courtroom could explain what that meant.)
Somewhat difficult to watch for the technologically skilled observer.
The day and a half of trial I’ve seen has included quite a bit of confusion from witnesses who were theoretically in positions that should give them technical expertise. Yesterday, one witness was a guy who worked for a military contractor in Iraq who was basically the Windows workstation admin for a variety of military intelligence units accross Iraq. He honestly reminded me of the worst stereotype of a Windows workstation admin, who knew what buttons to press to do his job but lacked much fundamental understanding of computer architecture, for instnace seeming unsure of what exactly an ‘executable’ file was (I’ll have to skip for now why this was even relevant, but it was literally hours of testimony, on ‘executable files’ and ‘programs’ and ‘installable programs’ and ‘self-executable packages’ and whether music and movies fit into any of these categories, and what the differences were between them; I am convinced the judge still has no idea.)
The Nature of Authorization, and the CFAA
That Windows admin witness seemed to be there to provide testimony relevant to what was or would reasonably be believed to be ‘unauthorized access’ of the military computer systems. One of the other charges against Manning is a Computer Fraud and Abuse Act (CFAA) violation, the same law that Aaron Swartz was charged with violating. As well as similar military regulations whose proof of violation, like the CFAA, hinges on what counts as “unauthorized access.”
And the setting being described by this Windows admin witness seemed to me to immediately fit into the narrative of the stereotypically disfunctional corporate IT setting, where nobody really knows exactly what the rules/policies were, and soldiers routinely had to make potential violations of IT policies just to get their jobs done, as well as to improve their quality of on-job life (by copying mp3’s to their computers, for instance). The nature of disfunction being described seemed familiar and understandable to anyone who’s worked in corporate IT, but I’m not sure what the judge’s understanding was.
At one point, presumably relevant to the question of ‘unauthorized’ access, both lawyers engaged in extensive, hours-long, examination of the governmetns digital forensics expert on the functioning of the ‘wget’ tool. This is a tool that can be used for bulk or automated downloading of web documents; I’ve used it myself many times at work; it does not let you do anything you didn’t have access to do already, it just helps you do it faster or more conveniently. Which is presumably what the defense wanted to get at. The discussion in court went into excruciating detail, sometimes seeming incomprehensible or even incorrect to me. It was like if in order to prove an assault, you first had to have laymen explaining to other laymen exactly how an accused attacker might put one foot in front of the other, with full anatomical, biological, and physical detail, to arrive at the scene of the crime (but could they have chosen to skip, jog, or even bicycle there instead? Really! How interesting!).
CFAA prosecutions have been used in civilian cases in truly ridiculous and horrifyingly distressing ways; it seems like any time you do something with a computer that the computer’s owner might not like, you are at risk of felony conviction as a ‘computer hacker.’ See the Electronic Frontier Foundation’s (EFF) page on CFAA reform: https://www.eff.org/issues/cfaa .
Note that the issue here under the CFAA and similar military regulations about ‘unauthorized’ access is not about release of classified material: Manning has already pled guilty to several charges related to misuse of classified material. The CFAA and other regulations on ‘unauthorized access’ are not, legally, related to whether classified information was involved, but instead are about whether hacking (or technically ‘unauthorized acess’) took place — and are additional charges carying additional potential sentancing on top.
On the State of Digital Forensics
Oh, and that digital forensics expert. The trial is also serving to me as a very good reminder of what ‘footprints’ you leave on your computer of your activities, to anyone who gets physical posession of your computer. Manning took basic precautions — deleting his web history, for instance. But the government was still able to get a record of some visited sites by looking at web browsers cache’s of favicon images. Also, by looking at Windows registry and other OS elements that end up keeping a record of the last X local applications run. OS features intended for performance improvement, not for tracking, but which can be used that way anyway. And of course, with typical analysis of ‘unallocated space’ (deleted files which have not been securely deleted and can still be recovered)
This was a good reminder that if you really want to cover your tracks left on your own computer through your use — you’ve really got to do everything in a Virtual Machine, and routinely delete that virtual machine’s hard drive image using secure deletion utilities — and I’m still not sure how confident I’d be in my track erasing. Government digital forensics tools have gotten relatively sophisticated — even when used by operators of limited understanding.
On Aiding the Enemy
So one thing that happened yesterday, was the judge rejected motions by the defense for a sort of summary dismissal before judgement. Contrary to some media coverage, this was NOT a verdict, the judge did NOT decide on the merits of the prosecutios case, or decide if anyone had proven anything ‘beyond reasonable doubt.’
Rather, to accept the defenses motion, the judge would have had to find that the prosecutions evidence — interprted in the best possible light for the prosectution and accepting the full credibility of all witnesses — was STILL not sufficient to make any reasonable case to prove the charges. The defense thought the prosecutions case on two charges (an ‘aiding the enemy’ charge, and the CFAA charge) was so weak that it justified making such a motion. The judge disagreed. The ‘aiding the enemy’ charge is the most serious one against Manning, carrying a potential life sentence.
This does not really tell us what the judge’s actual verdict will be — when she has to weigh both sides’ evidence and evaluate credibiltiy of witnesses, etc. (In this partiuclar military trial, the judge will be rendering the verdict; Manning could have instead chosen a quasi-jury trial, although it doesn’t work the same way as civillian juries, but he didn’t.)
But in rejecting the motion, the judge did have to explain what evidence the prosecution had introduced that overcame this minimal barrier. For the ‘aiding the enemy’ charge, it was that Manning had received training about how Al Quaeda and other enemies used information on the public internet to make their plans against us, but Manning chose to release information to wikileaks, knowing they would put it on on the public internet, anyway.
If this line of reasoning makes it into the final verdict, it is an awfully frightening precedent and line of analysis. Suggesting that anyone who puts information on the internet may be ‘aiding the enemy’, since the ‘enemy’ uses the internet. In 2013, any kind of whistleblowing or light-shing is pretty much always going to take place on internet, right?
And, again, this charge is unrelated to the classified nature of the information; Manning has already pled guilty to several classified information related charges; the ‘aiding the enemy charge’ is additional, and the ‘aiding the enemy’ charge can be made against people when there’s no classified information involved, it’s not about classified information. It does require ‘actual knowledge’ (not just negligence, or accidental or inadvertant action) that one’s actions provided intelligence to the enemy.
If the prosecution’s theory is accepted — that, since we know ‘the enemy’ uses the internet, providing information of use to ‘the enemy’ on the internet is a felony ‘aiding the enemy’ — it represents just one more step in the terrifying criminalization of transparency we’ve seen implemented under the Obama administration.
So that’s my summary of some of my thoughts based on just a day and a half over two weeks of observation — sorry it got long, the events at trial themself are confusing and disjointed enough that it’s hard for me to form them into a coherent narrative. Also they touch on so many interesting topics — I think anyone interested in the digital civil rights and the state of ‘comptuer crimes’ related laws should be interested in this case. I think it’s a deplorable that the government is not releasing public transcripts, and that the media is not covering this case more fully. But if anyone is interested, I’d recommend following the Bradley Manning Support Network’s daily trial coverage: http://www.bradleymanning.org/news
Finally, I’ll just say again that I consider Manning to be a national hero, who has acted in accord with his concience and for the good for our country and the world, to bring to the light of day the information we need to make informed decisions as citizens and as humans about what our governments would rather do in secret, but in our names. He deserves his freedom, and our support.