The US District Court for the State of Idaho ruled that an ICS product developer’s computer could be seized without him/she being notified or even heard from in court primarily because he/she states on his/her web site “we like hacking things and don’t want to stop”.
A little background…
Battelle Energy Alliance LLC is the management and operating contractor for Idaho National Laboratory (INL), and they have brought suit against ex-INL employee Corey Thuen and his company Southfork Security. It began with the US Department of Energy funding an effort for INL to develop “a computer program aimed at protecting the United States’ critical energy infrastructure (oil, gas, chemical and electrical companies) from cyber attacks.” Corey Thuen was one of the developers of this software program that was later called Sophia. Sophia identifies new communication patterns on ICS networks.
Battelle wants to license this technology, NexDefense was selected to negotiate for a license, and the suit states that Corey was pushing for it to be open source. Eventually Corey left INL, created Southfork Security, and wrote a similar “situational awareness” program called Visdom. In simple terms, the suit alleges that Corey stole the code and violated agreements with INL.
But all this is not the important part…
The disturbing part of the ruling is that Battelle asked for and got a restraining order without first notifying Corey/Southfork Security primarily because the Southfork web site said “We like hacking things and we don’t want to stop”. They requested and got an order to knock on his door and seize his computer because he claims to like hacking things on the Southfork web site. From the court decision:
“…The Court finds it significant that defendants are self-described hackers, who say, “We like hacking things and we don’t want to stop”…
“…The Court has struggled over the issue of allowing the copying of the hard drive. This is a serious invasion of privacy and is certainly not a standard remedy, as the discussion of the case law above demonstrates. The tipping point for the Court comes from evidence that the defendants – in their own words – are hackers. By labeling themselves this way, they have essentially announced that they have the necessary computer skills and intent to simultaneously release the code publicly and conceal their role in that act. (underline added) And concealment likely involves the destruction of evidence on the hard drive of Thuen’s computer. For these reasons, the Court finds this is one of the very rare cases that justifies seizure and copying of the hard drive…”
This is bull$hit. All of a sudden capability = intent? I guess its really true – “Stupid is as Stupid does…”
Another factor in issuing the restraining order without notice was:
“…Battelle must show that the defendants have “a history of disposing of evidence or violating court orders or that persons similar to the adverse party have such a history.” Id. (citing In the Matter of Vuitton et Fils S.A., 606 F.2d 1, 5 (2d Cir. 1979))…”
“…Battelle asserts generally that defendants who have the technical ability to wipe out a hard drive will do precisely that when faced with allegations of wrongdoing…”
I think the Judge, Battelle and their lawyers either have forgotten or never knew what the term “hacker’ means. In other words, they have been afflicted with “Hacker Madness.” They obviously have been watching too many movies. From a hardware perspective a hacker is someone who innovates, customizes or combines electronic or computer equipment. From the software side, a hacker may be thought of as one who combines excellence, cleverness or exploration in the job they do. Basically a person who makes things “smaller, better, faster”. Any idiot can wipe a hard drive.
SOURCE – digitalbond.com