You’re a decent, upstanding, law-abiding citizen, aren’t you?
Ever catch yourself running through a scenario where you were one of the people you read about in crime stories in the news? You know, one that would sell in Hollywood? You think, “man, that dude’s in deep,” and then you feel a little better knowing you won’t ever end up in that predicament. Sure, you speed on occasion, or push through the “orange” traffic light over the intersection when you’re in a hurry. But you’d never do anything to expose yourself to federal crime, would you?
These days, you might do just that without ever knowing.
Moreover, you might think you just have been trying to help when the FBI knocks on your door with a warrant for your arrest.
So goes the story of Brian West. He lives in Oklahoma but the story could play out anywhere in the United States.
According to news reports, West says he discovered a hole in the security of the Web site of the local newspaper, the Poteau Daily News and Sun. While he was developing banner advertising that was supposed to run on the Web site, West found that he could access several critical files, including administrative passwords, quite easily. He notified the newspaper’s publisher, Wally Burchet, who in turn notified the newspaper’s Internet service provider, a company called Cyberlink.
West was later arrested and charged with violation of federal law by unauthorized access to Internet Web pages.
As you might imagine, word has spread around the Internet about the “good Samaritan” who got busted. The newspaper, which did not report West to the authorities, has been bombarded by angry letters and e-mail. The paid circulation of the PDN&S is about 5,000 and the newspaper’s Web site used to receive 25,000 hits every week. Now it’s more like 300,000. In recent weeks, the newspaper has worked feverishly to distance itself from this debacle.
There are several sides to this story, as usual. First, the newspaper is basically innocent (you can’t ALWAYS blame the news media). All it did was receive the tip about security problems with its Web site and ask its service provider to fix them.
Cyberlink, the service provider, turned to local Oklahoma authorities who contacted the FBI, reporting Brian West as a hacker who illegally infiltrated its systems, a violation of federal law. The company West was working for at the time, CWIS Internet Services in Stigler, Okla., is a direct competitor with Cyberlink, which may have had something to do with the quick whistle.
West, meanwhile, maintains he was only trying to help the newspaper shore up its Web site security. Some observers, including Cyberlink, think West took too many liberties with the system before coming forward. New PDN&S publisher Grover Ford told one news reporter that West was eager to use the security hole as a vehicle to promote his company’s Internet services over those of Cyberlink.
According to West’s Web site, which has recently been shut down, the government offered to settle with West if he agrees to plead guilty to one computer crime count and be put on probation. The alternative is to go to court to fight multiple counts of computer crime.
If you were West, what would you do? He seems confident that the files he accessed were only for inspection purposes, all in the name of helping a local business close a security hole. Would you settle out of court, allowing your record to reflect one count of computer crime? Or would you take on the FBI and roll the dice on clearing your name? Fines and jail time hang in the balance.
I don’t know all the facts of the story, but I’d be inclined to go to court. In any case where the FBI appears to be sticking it to the little guy, I like the chances of an underdog in front of a jury.
New technologies mean new laws. Each requires time for understanding. And at this time, I’m glad I’m not in Brian West’s shoes.