'Like most convoluted theories, it was an incorrect one'

All Hail Bob the Dev... Plus: 'A Death Star isn't on the horizon'

Combat fraud and increase customer satisfaction

This was the week when Aaron Swartz's suicide called into question the blanket severity of maximum sentences faced by those accused of crimes under the Computer Fraud and Abuse Act. Angry supporters of Swartz partially blamed the pressure he was under as the subject of 13 different counts that could have resulted in over 30 years in jail. His family said:

Aaron's death is not simply a personal tragedy. It is the product of a criminal justice system rife with intimidation and prosecutorial overreach. Decisions made by officials in the Massachusetts US Attorney's office and at MIT contributed to his death.

Meanwhile, Congresswoman Zoe Lofgren said she would introduce a bill to the government to have the act changed. She wrote on Reddit:

There’s no way to reverse the tragedy of Aaron’s death, but we can work to prevent a repeat of the abuses of power he experienced.

The government was able to bring such disproportionate charges against Aaron because of the broad scope of the Computer Fraud and Abuse Act (CFAA) and the wire fraud statute. It looks like the government used the vague wording of those laws to claim that violating an online service’s user agreement or terms of service is a violation of the CFAA and the wire fraud statute.

Using the law in this way could criminalise many everyday activities and allow for outlandishly severe penalties.

But Swartz's prosecutorial office, led by US attorney Carmen Otiz, said it wasn't trying to push for an extensive sentence. Ortiz said in a statement:

At no time did this office ever seek – or ever tell Mr Swartz’s attorneys that it intended to seek – maximum penalties under the law.

The prosecutors recognised that there was no evidence against Mr Swartz indicating that he committed his acts for personal financial gain, and they recognised that his conduct – while a violation of the law – did not warrant the severe punishments authorised by Congress and called for by the Sentencing Guidelines in appropriate cases.

That is why in the discussions with his counsel about a resolution of the case this office sought an appropriate sentence that matched the alleged conduct – a sentence that we would recommend to the judge of six months in a low-security setting.

While at the same time, his defence counsel would have been free to recommend a sentence of probation. Ultimately, any sentence imposed would have been up to the judge.

Another US government official was also facing criticism this week. FTC chairman Jon Leibowitz found himself defending the commission's decision not to take action against Google over allegations of search bias. He bluntly said:

We went after a company [Google] where the law required us to do so, and forwent bringing a case where the law required us not to bring one.

And he also pooh-poohed the idea that Google's lavish spending on lobbying had stayed the FTC's hand:

My sense is that the lobbying makes the companies feel good and lobbyists feel good.

At the end of the day, whether you want to say lobbying had any influence, or cancelled itself out because there was lobbying on both sides, if you’re going to do what lobbyists want you to do in a regulatory agency, you’re not doing your job.

Meanwhile, a dev named "Bob" became the hero of anti-work-minded devs everywhere when his firm realised that the incredible IT skills of Bob were actually the tech talents of a dream team in China. Yes, a Chinese subcontractor was helping Bob win plaudits at work while he spent the day goofing around on the net.

The gig was up when VPN logs for the firm turned up regular logins from Shenyang and telco Verizon was called into sort out what it thought was a security breach. The comms corporation said:

The company's IT personnel were sure that the issue had to do with some kind of zero day malware that was able to initiate VPN connections from Bob's desktop workstation via external proxy and then route that VPN traffic to China, only to be routed back to their concentrator.

It was a bit of a convoluted theory, and like most convoluted theories, an incorrect one.

The hapless Bob, who's "no longer with the firm", had a great scheme going, pulling off the same trick with a few different companies so that he could rake in hundreds of thousands of dollars while paying his Chinese contractors just $50,000 a year. Unfortunately, the whole scam came toppling down because Bob couldn't take time out from Reddit, eBay, Facebook and LinkedIn long enough to have the data sent to him so he could log in and input it.

And finally, the aspirations of the dark side of the Force and legions of Star Wars fans have been thwarted by the White House, which said it will not build a Death Star. An e-petition to get the Obama administration to construct the ginormous killing machine was answered in the negative because it would be too expensive, among other reasons.

Paul Shawcross, chief of the science and space branch at the White House Office of Management and Budget, far too sensibly replied:

The Administration shares your desire for job creation and a strong national defense, but a Death Star isn't on the horizon. Here are a few reasons:

  • The construction of the Death Star has been estimated to cost more than $850,000,000,000,000,000. We're working hard to reduce the deficit, not expand it.
  • The Administration does not support blowing up planets.
  • Why would we spend countless taxpayer dollars on a Death Star with a fundamental flaw that can be exploited by a one-man starship?

Shawcross then consoled citizens by telling them that they could simply use the Force, against which the Death Star's power is "insignificant"... This suggests a few basic misunderstandings of the Force. Firstly, Mr Shawcross, if the Force could be used to blow up planets, wouldn't Darth just have done that in the first place? And anyway, since the Force is the essence of all things, one imagines it would rather resist blowing a planet up... ®

3 Big data security analytics techniques

More from The Register

next story
Forget the beach 'n' boardwalk, check out the Santa Cruz STEVE JOBS FOUNTAIN
Reg reader snaps shot of touching tribute to Apple icon
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
Happy 40th Playmobil: Reg looks back at small, rude world of our favourite tiny toys
Little men straddle LOHAN, attend tiny G20 Summit... ah, sweet memories...
Spanish village called 'Kill the Jews' mulls rebranding exercise
Not exactly attractive to the Israeli tourist demographic
Lego is the TOOL OF SATAN, thunders Polish priest
New minifigs like Monster Fighters are turning kids to the dark side
Dark SITH LORD 'Darth Vader' joins battle to rule, er, Ukraine
Only I can 'make an empire out of a republic' intones presidential candidate
Chinese company counters pollution by importing fresh air
Citizens line up for bags of that sweet, sweet mountain air
Google asks April Fools: Want a job? Be our 'Pokemon Master'
Mountain View is prankin' like it's 1999...
prev story


Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.