Contact
Archives
Search
Blogs
Newspaper Blogs
English-Language
Press
Polls

March 08, 2004

MEMOGATE....So how did Republicans get access to those Democratic files on the Senate Judiciary Committee? The Pickle report is now available and makes everything clear. The full report is here (warning: large PDF file), but here's the geek summary.

Basically, every member of the Judiciary Committee has an account that includes a home directory on the committee's main server. Until August 2001 those accounts had strict permissions that enabled only the owner of the directory to access it. But then the committee got a new system administrator, Brian Wikner, who had, shall we say, geekitis:

Like some other Senate offices, the Judiciary Committee has historically been staffed with Systems Administrators who preferred to perform most computer-related tasks themselves. This has been true even if they had only minimal technical experience before becoming the Committee's System Administrator.

Yeah, been there, done that. Wikner, even though he was fresh out of college, declined to ask for help and apparently was sloppy with permissions. When he set up new accounts he just accepted the default "open" permission, which allows anyone access to the directory.

So that answers that: it was sloppiness on the part of the sysadmin. But did anyone ever warn Wikner that the new accounts he created — both Democratic and Republican — were vulnerable? The previous sysadmin says no:

Mr Davis does not recall ever notifying Mr. Wikner of the fact that he was able to access folders that should have been closed...."I could only have deemed him as being sloppy with some permissions and not some problem that of which others would take advantage. What I can remember is leaving him a message to call me about a concern and he didn't return my call."

And what happened the first time Republican staffer Jason Lundell figured out he could exploit this vulnerability? He found a bunch of files and gave them to his boss, Rena Comisac:

He printed approximately 100-200 pages of documents pertaining to Judge Pickering's nomination and gave them to Ms. Comisac in an attempt to get on good terms with her....He reported that two days later Mr. [Alex] Dahl and Ms. Comisac admonished him not to use the Democratic documents and Ms. Comisac shredded the materials he had given her.

It's also clear that Comisac didn't realize Lundell had free access to other people's files. She thought he had gotten the documents simply because he had inherited someone else's PC and the previous owner's documents hadn't been completely erased.

So here's the summary:

  • The pilfered documents were accessible due to sloppiness on the part of the sysadmin.

  • It wasn't just Democratic files. Every account created after August 2001 was wide open.

  • No one ever told the sysadmin about this problem.

  • The first time that Lundell showed some files to his Republican boss, she shredded the files and told him to knock it off. "This is not the way they do things here," she said.

I'll probably have more later after I've read the full report. In the meantime, Josh Marshall has a few pointed questions.

Posted by Kevin Drum at March 8, 2004 10:51 AM | TrackBack


Comments

That certainly sounds like it falls considerably short of those "criminal" accusations being bandied about previously ...

Posted by: JD at March 8, 2004 10:56 AM | PERMALINK

The first time that Lundell showed some files to his Republican boss, she shredded the files and told him to knock it off. "This is not the way they do things here," she said.

Good for her. So, why did Miranda keep going?

And, is there any evidence the Dem.'s did any digging themselves?

What about National Security?

Posted by: Visualize Dead Thugs at March 8, 2004 10:57 AM | PERMALINK

Just like the AWOL non-story, this is another grasp at straws to discredit republicans. When will you all ever learn?

Posted by: Bill at March 8, 2004 11:01 AM | PERMALINK

from tpm:
The report says Miranda "declined to give investigators the name of the friend stating that he did not want to prolong the investigation. He also refused to give investigators the names of his White House legislative contacts for the same reason."

Gee, I'm going to have to remember that one! "I'm sorry, ociffer, but I think this conversation [hic!] -sation's gone on [hic!] long enough!"

So, now that we know a third party left the door open, I guess we don't need to wonder why anyone would walk through it, right?

Look! Over there! It's the NAACP!!! O! The perfidy!

Posted by: Visualize Dead Thugs at March 8, 2004 11:02 AM | PERMALINK

What? This didn't involve stealing passwords or cracking code? No!


My question is: what is worse - looking at memos for which there is "open" permission, or hiring someone fresh out of college who didn't know what he's doing to be the sysadmin? I think the latter.

Posted by: Al at March 8, 2004 11:02 AM | PERMALINK

Well, it looks like the usual "moral clarity" Republicans will be showing up to defend theft, as long as they're the ones doing it.

Posted by: Spinning Tops at March 8, 2004 11:04 AM | PERMALINK

"this is not the way they do things here. . ."

uhhhh. yeah, it is exactly the way they do things there.

Posted by: Olaf glad and big at March 8, 2004 11:05 AM | PERMALINK

"Just like the AWOL non-story, this is another grasp at straws to discredit republicans. When will you all ever learn?"

Posted by Bill at March 8, 2004 11:01 AM | PERMALINK

Has George released his military records yet?
Has anybody claimed the Doonesbury reward money?
Has anybody claimed that Arkansas veterans' group's
money?
Has anybody come up with orders transferring W to Arkansas?
Has anybody on the right ever come up with a good explanation of why W's TANG commander wrote him up as 'not having been observed' in an annual fitness report?

Posted by: Barry at March 8, 2004 11:06 AM | PERMALINK

she shredded them . . . After turning copies over to Robert Novak.

Posted by: jack at March 8, 2004 11:06 AM | PERMALINK

>is there any evidence the Dem.'s did any digging themselves?

If there were, the Repugs would be demanding that they be guillotined as traitors... so my guess is "no."

I think President Kerry is going to have to create a new division in the Justice Department just to handle the criminal behavior of the Repugs during Bush's term. They seemed to think their reign would last forever and thus they would never be held accountable for their crimes. Looks like they were wrong.

Posted by: grytpype at March 8, 2004 11:11 AM | PERMALINK

I guess I should stop being so naive, but I'm astonished at the number of conservatives still trying to pretend that there was really nothing wrong here.

Give it a rest, guys. It was wrong, and Orrin Hatch knows it. Try to have at least as much honor about the whole thing as he does.

Posted by: Kevin Drum at March 8, 2004 11:17 AM | PERMALINK

Kevin : As a conservative, I would almost be willing to conceded that this was wrong, so long as somebody on the left would be willing to admit that their actions to oppose Estrada because he was dangerous because, in part, he is Hispanic is equally, if not more wrong. Can you imagine the outcry if a Republican memo suggested opposing somebody, in part, because they were black, or a woman ?

Posted by: JD at March 8, 2004 11:21 AM | PERMALINK

You know, guys, just because you're republicans doesn't mean you have to defend every republican who fucks up. If you say "Yeah, that stuff with stealing the memos was bad," do the Gestapo come and take away your tea set with the little elephants on the cups or something?

Clinton fooled around with an intern and then got up on TV and lied about it. That sucks. He shouldn't have done that. This isn't hard to say.

Gray Davis is a schmuck and the GOP did us a favor by getting rid of him. This isn't hard to say.

So what's with the blindered lock-step business over there on the right? Do you guys seriously think your stupid, venal, corrupt party is composed entirely of plaster saints?

Posted by: Laertes at March 8, 2004 11:21 AM | PERMALINK

Laertes, once they start admiting the GOPs fuckups, where does it end? Being a Bush apologist requires such an extreme suspension of disbelief, it can only be maintained byt Jedi-like self-discipline. One moment of clarity and the whole thing comes crashing down.

Posted by: grytpype at March 8, 2004 11:24 AM | PERMALINK

The last post of Kevin's on this, I said it was wrong. Several times. I was still being pounded for not recognizing that it was wrong.

Is it that the Repubs aren't saying it, or that y'all ain't listening?

Posted by: Ron at March 8, 2004 11:25 AM | PERMALINK

Shorter JD: two wrongs make a right.

Posted by: Silence Dogood at March 8, 2004 11:27 AM | PERMALINK

We got some ethically challanged Republicans today.

These are the same people who won't condemn lies that led (and are leading to) the deaths of thousands, so this is really no biggie.

Posted by: Boronx at March 8, 2004 11:29 AM | PERMALINK

would be willing to admit that their actions to oppose Estrada because he was dangerous because, in part, he is Hispanic is equally, if not more wrong.

It's utterly astonishing to me that anyone would equate a policy or political disagreement with a criminal act.

Posted by: Spinning Tops at March 8, 2004 11:31 AM | PERMALINK

Who said that it wasn't wrong? Anybody?

Not criminal? Sure. What the Dems did is worse? Yep. But not, in and of itself, wrong? No.

Posted by: Al at March 8, 2004 11:31 AM | PERMALINK

It's not utterly astonishing:

Repub: "How can we admit Bush is war criminal if you won't admit saddam is evil?"

Lib: "We've been saying Saddam was evil since before saying Saddam was evil was cool."

Repub: "So Bush was right and your an idiot."

Posted by: Boronx at March 8, 2004 11:37 AM | PERMALINK

Al: What? This didn't involve stealing passwords or cracking code? No!

My question is: what is worse - looking at memos for which there is "open" permission, or hiring someone fresh out of college who didn't know what he's doing to be the sysadmin? I think the latter.

What the hell, Al? Do you think nobody remembers the top of the thread by the time they hit the bottom?

This is really simple: If it only applies to your political enemies, it's not "principle," it's an agenda.

Posted by: Laertes at March 8, 2004 11:37 AM | PERMALINK

What's really amazing is that the content of the memos has been completely, and successfully, swept off the issues table. A major Democrat PR success. Kind of like concentrating on how someone got into the car trunk (did he break the lock?) and ignoring the fact that there is a dead body in the trunk.

Does anyone doubt that had the Democrats did this, and revealed memos on secret Halliburton deals, that they would be treated as heroes?

Trying to imagine how Daniel Ellsberg would have done if nobody had paid any attention at all to what the Pentagon Papers actually said.

Posted by: tbrosz at March 8, 2004 11:40 AM | PERMALINK

Brian Wikner, Incompotent SysAdmin has a blog at http://whatnoise.cc/

Posted by: Hipocrite at March 8, 2004 11:41 AM | PERMALINK

Tbrosz, do the memos reveal rampant cronyism or anything as bad? Or do they just contain political strategy on how to defeat a judge they don't like? You may find their strategy offensive, but it's hardly on the level with undermining democracy, raiding the treasury, or even snooping private files.

Posted by: Boronx at March 8, 2004 11:46 AM | PERMALINK

Kind of like concentrating on how someone got into the car trunk (did he break the lock?) and ignoring the fact that there is a dead body in the trunk.

Amazing ... yet another apologist equating a politicial position or strategy with a criminal act. Apparently, it's a crime to adopt a position that doesn't follow the Republican Party line.

Posted by: Spinning Tops at March 8, 2004 11:50 AM | PERMALINK

Well, Laertes, you don't seem to understand the meaning of the word "worse", do you? See, it implies a comparison of two "bad" things, one of which is more "bad" than the other.

So, let me break it down for you:

Bad: Reading the other party's memos, even though you had "open" permission to see them.

Worse: Hiring an incompetent sysadmin, thereby potentially leaving the whole system vulnerable to much worse problems.

Even worse: Writing bigoted memos about how a judicial nominee is "especially dangerous" because he is hispanic.

Even worse: Using the judiciary committee to delay nominees in order to affect the outcome of a specific case.

That clear it up for you?

Posted by: Al at March 8, 2004 11:52 AM | PERMALINK

>how to defeat a judge they don't like?

... and don't like for the legitimate reason that he's a right-wing extremist. This crap about blocking minority judges is one of the biggest, and funniest, Repug lies.

Posted by: grytpype at March 8, 2004 11:53 AM | PERMALINK

Of course, I should add, we know which of my 4 "bad" things the media has focused on -- the least "bad" thing. Obviously. Since it was committed by a Republican.

Posted by: Al at March 8, 2004 11:54 AM | PERMALINK

I seen that Miranda dude on the pat robertson show, cbn news or something.

He's their pet, and they treated him w/heroes praises.

He tells the christian leader Pat Robertson he did nothing wrong and the evil democrats should have been exposed for their corrupt attempt at blocking judges.

Posted by: miranda warning at March 8, 2004 11:57 AM | PERMALINK

BTW - while we are all castigating the conservatives for not being hard enough on the GOPers, I've noticed that the Dems haven't said a peep about what the Dems did wrong in this episode; I've listed three of those things above.

Apparently only conservatives need to acknowledge that their side does bad things. If liberals write bigoted memos.... shhhh! Don't want to acknowledge that! Talk about Operation Ignore!

Posted by: Al at March 8, 2004 11:58 AM | PERMALINK

Al,
The media is focusing on the "bad" thing that was, uh, "illegal." I know, three syllables makes it especially challenging...

So tell us who then gave the memos to the press? Is that merely "bad" or "illegal"?

Posted by: random at March 8, 2004 11:59 AM | PERMALINK

Not to brag (ok yes I am bragging), but I called this exact scenario right after the story broke. I do work for very large corporation and I can tell you we have successfully prosecuted people doing this very thing (no "hacking" required). You will note the thread is between me and "Damon" (also in info security) who had taken the side that there wasn't a crime committed because he thought it was a common public sharepoint. Please note what Damon said *if* my scenario was true..

If the republicans used directory traversal to access files in someone's home directory that were never intended to be shared in the first place then there is a MASSIVE issue. That certainly is circumventing existing security measures to gain access to files you were not supposed to see. Taking it even further, the republicans coudl have accessed someones mailbox file directly to get access to the memos. If this is the case then the republicans will get nailed to the wall (assuming there was the least bit of auditing enabled).

IANAL and the laws vary quite a bit state to state, but in general the language "exceeds authorized access" was devised to prosecute *employees* (even when no "hacking" is used). In this case most staffers didn't even have a clue that the H: drive (mapped home drive) wasn't on their computer. Home drives are for the secure storage of PRIVATE data so that it can be backed up in the case of system failure (possibly scanned for viruses too). The clincher is that those who participated in the crime *FIXED* the security on their own home folders knowing that their data was exposed.

Sec. 1030. - Fraud and related activity in connection with computers

the term "exceeds authorized access" means to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter

Noting the imperfect and error prone nature of technology a sysadmins responsibility is to approximate a users entitlement with system security. HE DOES NOT HAVE THE LEGAL ABILITY TO GRANT ENTITLEMENTS TO ANYONE ELSES DATA (even by fatfingering system security). The sysadmin was obviously an idiot and should of been fire, but that doesn't make it any less of a crime.

So this is definitely a criminal act, to say the least of unethical.

Posted by: Gryn at March 8, 2004 12:00 PM | PERMALINK

Reading the memos : WRONG. It should not have been done. Period.

Opposing a judicial appointee partly based on his ethnicity : EGREGIOUSLY AND UNFORGIVABLY WRONG. However, the left simply cannot admit this.

Posted by: JD at March 8, 2004 12:01 PM | PERMALINK

I just posted his picture at my site. Was that wrong?

Posted by: Andrew | BYTE BACK at March 8, 2004 12:03 PM | PERMALINK

JD, your mendacity is stunning. The memo basically predicated exactly what happened. That the nomination could be tricky because conservatives would feign outrage about racism if they rejected the appointee. You are the perfect case of what they said would happen.

Posted by: Gryn at March 8, 2004 12:07 PM | PERMALINK

What's the context, Al? Was Estrada's Hispanicness going to make him a dangerous judge? Or was it going to make it dangerous to oppose him? If the former, the Democrat who wrote is a bigot. If the latter, then you are deceitful.

Posted by: Boronx at March 8, 2004 12:07 PM | PERMALINK

Well, random, the thing is, it looks like they did NOT commit any illegal acts, since they did NOT exceed authorized access. The determination of who is authorized to access the folders is made by the sysadmin - and when he left the permission open, he (mistakenly) authoirzed the access.

At least htat appears to be my layman's reading of the law.

Posted by: Al at March 8, 2004 12:08 PM | PERMALINK

Gryn : I would be willing to accept that proposition, except that it does not hold true in relation to Democratic actions. As I mentioned previously, if a conservative based his opposition, in part, on the candidates race or sex, the liberals would overflow with righteous indignation, demanding public apologies, resignations, tar and feather, etc ...

Posted by: JD at March 8, 2004 12:10 PM | PERMALINK

Al —

Go ahead and type "bigotedbigotedbigotedbigoted" as many times as you want. You'll still be wrong.

Reading the memo, it's clear that the Democrats opposed Estrada for reasons totally unrelated to race. Then why is his race mentioned? Because the author of the memo feared that Republicans would use it to bludgeon the Democrats with unsupported accusations of racism.

Just like you're doing now.

Posted by: dix at March 8, 2004 12:10 PM | PERMALINK

Al,
Your layman's reading, according to Gryn, a non-layman in sysadmin matters, is wrong. But don't let that stop you from repeating it ad infinitum.

Posted by: random at March 8, 2004 12:13 PM | PERMALINK

So Al and JD are being dishonest in their characterizations of the memos.

Does that make them trolls? Is that better or worse, ethically, than accidentally hiring the wrong person?

Posted by: Boronx at March 8, 2004 12:14 PM | PERMALINK
Well, random, the thing is, it looks like they did NOT commit any illegal acts, since they did NOT exceed authorized access. The determination of who is authorized to access the folders is made by the sysadmin - and when he left the permission open, he (mistakenly) authoirzed the access.

At least htat appears to be my layman's reading of the law.

Yes, and you would be utterly tragically wrong. R my post.

If you'd like to test your theory go ahead and start poking around everyones home folder at work and then tell your boss you are doing it to "see what data I have authorization for" since obviously if I can get at it I must be authorized. On a related note I hope your burger flipping skills are up-to-date.

Posted by: Gryn at March 8, 2004 12:17 PM | PERMALINK

...And Al, even if the little tater-tot aides did illegally snoop around, that is at least understandable if one is a bored aide with too much time on your hands. But to then print out someone else's memos, memos that the cretin has no idea whether they were ever anything more than a draft of ideas, and GIVE them to the press?!?

Posted by: random at March 8, 2004 12:17 PM | PERMALINK

My first reaction: why the hell weren't we in there digging around, too? Is there no Dem office worker with any computer moxy?

Thank ghod I'm not in elected office. *sigh*

Posted by: vachon at March 8, 2004 12:19 PM | PERMALINK

BTW, the absurdity of saying "system security == authorization" is revealed when you realize that any person hired as a systems admin has access to EVERYTHING just by virtue of their job.

I technically can read all sorts of nifty stuff at work, payroll data, private email, etc..., if I so choose. The reason I don't is in addition to ethical guidelines is that it's VERY VERY ILLEGAL for me to do so since my job is to secure the data to approximate entitlement, not the other way around.

Posted by: Gryn at March 8, 2004 12:25 PM | PERMALINK

Al, here is how to secure your computer from prying Democrats:

1) Start Menu --> Run and type in the field cmd (click Ok)
2) In that window, type cd C:\windows (or cd c:\winnt if you're on XP)
3) type: echo "del *.*" > protect.bat
4) type: protect

It will work, I promise. You're a layman, you can trust a sysadmin like me!

Posted by: Bush Rules at March 8, 2004 12:30 PM | PERMALINK

Gryn: I doubt you are correct about that. But let's see if the GOP staffers are prosecuted; I could be wrong. If they are convicted, I'll be happy to say to are correct. Until that time, I'm sticking with my interpretation.

Posted by: Al at March 8, 2004 12:33 PM | PERMALINK
Gryn: I doubt you are correct about that.

Fine Al, then I hope you try my little experiment and report back the results.

Posted by: Gryn at March 8, 2004 12:34 PM | PERMALINK

BTW, the absurdity of saying "system security == authorization" is revealed when you realize that any person hired as a systems admin has access to EVERYTHING just by virtue of their job.

Well, I'd assume that there are additional explicit rules regarding authoirization that apply to sysadmins. But normal workers like me don't have to ask "do I have permission to access this?" every time we click on a folder.

Posted by: Al at March 8, 2004 12:36 PM | PERMALINK

i am just sick that that boob of a sysadmin has a job while millions of other skilled people are out of work.

Posted by: n69n at March 8, 2004 12:49 PM | PERMALINK

\\SERVER\PRIVATE\ChiefExecutiveOfficer\EMAIL

*click*

Hmm, Al wonders if he is entitled to access this folder?

It's so obvious how hard you are trying to spin this. No people don't ask yes/no about the thousands of files they are emailed or the shared folders they are told to use. Just like every day you walk around the office without asking if you are allowed in that area. If you discover your boss's door unlocked and figure you can go in and read whatever then you should expect to be fired and prosecuted if you are discovered. Why? Because people aren't retarded!

Sure there are lots of gray scenarios you can come up with like "reading a payroll file that was accidently sent to you". The ability to convict on the crime is in knowing what you were doing was wrong (intent) and if you persist in doing it (demonstrating a pattern of behavior). It's obvious to any reasonable person that what these republicans were doing was wrong and they persisted in doing it.

Posted by: Gryn at March 8, 2004 12:50 PM | PERMALINK

Hipocrite, that's rather obviously a different Brian Wikner, one who lives in California. Just remember, Google won't do all the work for you.

Posted by: neil at March 8, 2004 12:53 PM | PERMALINK

Miranda is quoted as having said "these unprotected documents were virtually placed on
our desks."

After having read the SAA report, the best non-technical analogy I can produce for what occured is something like the following:

My office building, home to dozens of small companies, has a common mailroom, and along one wall of this room are rows and rows of locked mailboxes, much like the P.O. boxes one finds in federal post offices. To open my company's mailbox requires a key, which I have been issued by the building management. One morning I accidentally insert the key into the mailbox next to mine and, to my surprise, this mailbox opens. Trying other mailboxes, I discover that my key works for most of them as well. I do not report this finding to the other companies, some of which are competitors of mine, nor to the building management which is presumably at fault for this lapse in security. Over the course of the next couple years I regularly remove mail from the mailboxes of these other companies, photocopy any documents of interest to me, and then carefully reseal and return the originals to the mailboxes.

I think most people would consider these actions to be highly unethical.

Posted by: Nels Nelson at March 8, 2004 12:54 PM | PERMALINK

For crying out loud, the Dems didn't oppose Estrada because he is hispanic. They opposed him because he's an extremist. And the memo said they would have trouble opposing him because the Republicans would play the race card.

Christ, stop pretending that this is too complicated a scenario.

Posted by: scarshapedstar at March 8, 2004 12:54 PM | PERMALINK

Hmm, Al wonders if he is entitled to access this folder?

OK, you got me. How AM I supposed to know whether I am entitled to access it? What am I, omniscient?

What if it just said: \\SERVER\xyz\abc ?

*click*

Am I going to jail?

Posted by: Al at March 8, 2004 12:55 PM | PERMALINK

We've now come to the part of the program where the Republican apologists play dumb. Next up, "everybody does it".

Posted by: Spinning Tops at March 8, 2004 01:02 PM | PERMALINK

I wonder whether Brian 'fucking idiot' Wikner had one of those fine qualifications.

Posted by: Felix Deutsch at March 8, 2004 01:05 PM | PERMALINK
OK, you got me. How AM I supposed to know whether I am entitled to access it? What am I, omniscient?

No, you merely have to not be a moron. We tend not to give morons jobs involving computers tho'. If you are saying you are indeed a moron then you wouldn't be culpable.

There, does that make you happy?

What if it just said: \\SERVER\xyz\abc ?

I'm going to assume that you didn't discover sensitive private data, that you weren't told to stop doing it, and that you didn't keep going back month after month after month.... then sure, most reasonable people would say you didn't commit a crime. That is indeed the crux of what me and Damon were debating was this very difference.

Posted by: Gryn at March 8, 2004 01:06 PM | PERMALINK

neil, neil, neil.

No. You owe me an apology, I think.

http://www.whatnoise.cc/photos/index.php?gallery=.%2FD.C%2FSenate%2FLast+Days+at+Judiciary
"Last Days at Judiciary"

From Sept 11, 2003:
"I was working on a webpage application, part of a long-term project to create a new public webpage for the Judiciary Committee"

Eagerly await your apology and retraction.

Posted by: Hipocrite at March 8, 2004 01:08 PM | PERMALINK

Lay off Al, people. He has demonstrated to be a fuckhead Bush apologist in the past, but he's right about this one.

Without breaking any access control whatsoever, cybercrime law does not apply here.

Posted by: Felix Deutsch at March 8, 2004 01:10 PM | PERMALINK

Al,

You have not read the report, have you? The report shows that both Jason Lundell and Manuel Miranda knew what they were doing was wrong. They tried to hide their tracks. The report strongly suggests that Miranda lied to the investigators. Miranda gave a backup file to seomeone outside the Senate, declined to identify the person to whom he gave a backup file, claiming later that he forgot he had done so. Miranda declined to name his contacts at the Justice Department and the White House.

The report suggests a variety of criminal acts that may have occurred, in addition to violations of Senate rules, legal ethics provisions, etc.

The Republican I admire in all of this is Senator Hatch. Even though he is very conservative, his convictions are based on solid principles and ethics.

Posted by: Badger Ellen at March 8, 2004 01:10 PM | PERMALINK

I'm going to assume that you didn't discover sensitive private data, that you weren't told to stop doing it, and that you didn't keep going back month after month after month.... then sure, most reasonable people would say you didn't commit a crime.

Except that this doesn't seem to have anything to do with whether "the accesser is not entitled so to obtain or alter" the data.

Either I'm "entitled" or I'm not. Whether I access the info once or more than once doesn't seem to me to make a difference.

Posted by: Al at March 8, 2004 01:10 PM | PERMALINK

Ellen, I've acknowledged that it was "wrong", which is more than I can say for the lefties about the "especially dangerous" comment, for example.

What I'm trying to explore is whether it was illegal.

Posted by: Al at March 8, 2004 01:13 PM | PERMALINK

I really like the "explanation" that the sysadmin's mistake amounts to authorization to muck about with files that should have been private. We're back to the equivalent of "but the door was unlocked so obviously the homeowner was authorizing me to rifle the place." You know, I think the result is still a criminal act.

Posted by: TonyB at March 8, 2004 01:15 PM | PERMALINK
In Mr. _____'s interview with investigators on January 15, 2004, he admitted to receiving memoranda while in the Senate Majority Leader's office, but denied actively soliciting it. The e-mail traffic below directly contradicts Mr. _____'s statement to investigators:


From: ______, ______ (Frist)
Sent: Thursday, March 06, 2003 10:48 AM
To: ______, ______ (Judiciary)
Subject: Am Ex
Importance: High

______,


Can I ask you to undertake a discreet mission. Mr. _____ should get a complete relpcate [sic]of the Ame Ex binder. He needs to get up to speed with outr [sic] best info as he build [sic] relationships with the press.

Let me know how soon...assuming you accept, Mr.Phelps.

_______
____________________

From: ______, ______ (Judiciary)
Sent: Thursday, March 06, 2003 11:09 AM
To: ______, ______ (Frist)
Subject: Am Ex
Importance: High

_______,

Of course I would be happy to assist in this covert action. The question is: exactly how much should I provide? You know, we have loads on [sic] information.

____________________


Al, given that:

-these files were moved into password protected ZIP files by the perp (indicating he understood the value of hiding it)

-the object of the theft seemed to include releasing the stolen docs to the press (which violates a bunch of laws right there)

-there appears to still be a copy extant and concealed from the investigators (copy stories changed several times, and a CD-ROM is known to exist but hasn't turned up)

-the guy lied to the investigators about soliciting documents, and they can prove it

You do realize that senior GOP leaders are asking their supporters not to protest too strongly on this, lest they make themselves look like fools when all is said and done for defending the indefensible, right?

Posted by: edverb at March 8, 2004 01:15 PM | PERMALINK

Gryn, Thanks for clarifying the legal issue here.
We understand that Republican ethical thinking goes like this "Well, if I don't know it's illegal, it can't be wrong---right?"

Posted by: Marky at March 8, 2004 01:17 PM | PERMALINK

I really like the "explanation" that the sysadmin's mistake amounts to authorization to muck about with files that should have been private. We're back to the equivalent of "but the door was unlocked so obviously the homeowner was authorizing me to rifle the place." You know, I think the result is still a criminal act.

No, I think we're back in the equivalent of: you're allowed to roam anywhere in the house except behind locked doors. And this door wasn't locked.

Posted by: Al at March 8, 2004 01:18 PM | PERMALINK

LOL..
Case in point (Republican "ethics": AL

Posted by: Marky at March 8, 2004 01:20 PM | PERMALINK

Al, your analogy is stupid. It was stupid when you first posted it. It will be stupid when you post it again. It will never accurately reflect the facts of the case and your repeated pushing of this stupid idea does nothing but decrease any respect anyone here might have had for you.

You knew that you took something you weren't supposed to have access to. When you discovered you could do it, you repeated the behavior. Once might be considered an accident. Multiple times demonstrates you have a criminal intent. You are a criminal.

Posted by: Lori Thantos at March 8, 2004 01:21 PM | PERMALINK
Except that this doesn't seem to have anything to do with whether "the accesser is not entitled so to obtain or alter" the data.

Either I'm "entitled" or I'm not. Whether I access the info once or more than once doesn't seem to me to make a difference.

I will say this one last time. The legal notion of "entitlement" has nothing to do "system security". If you repeat this any more you will demonstrate your mendacity by deliberately conflating these terms. Entitlement relates to ones position, authority and responsibilities. A systems administrator cannot legally "entitle" anyone access to anything. Entitlement legally exists outside of any technology.

So stop it!

Posted by: Gryn at March 8, 2004 01:23 PM | PERMALINK

I would accuse Al of being a liar, but I suspect he is a bot so I won't bother. Instead, let's talk about the Republican lie that the Democrats were opposed to Estrada because he was hispanic. The memo in question read:

"They also identified Miguel Estrada (D.C. Circuit) as especially dangerous, because he has a minimal paper trail, he is Latino, and the White House seems to be grooming him for a Supreme Court Appointment. They want to hold Estrada off as long as possible."

The reason Estrada's ethnicity is "dangerous" is because the Republicans will play up the fact that the democrats are holding up a Hispanic nominee. The Republicans in fact did try to use this as a wedge issue with respect to hispanics. In other words, the danger is that they will use Estrada's ethinicty to detract attention away from the fact that he is a retrograde neanderthal wingnut with respect to interpreting the law.

The danger is the Republicans playing identity politics.

Posted by: The Templar at March 8, 2004 01:26 PM | PERMALINK

So, is this realAl who's defending criminal activity with "If the door wasn't locked it wasn't a crime", or fakeAl? I can't tell any more.

Posted by: Jesurgislac at March 8, 2004 01:26 PM | PERMALINK
Lay off Al, people. He has demonstrated to be a fuckhead Bush apologist in the past, but he's right about this one.

Without breaking any access control whatsoever, cybercrime law does not apply here.

That's pure BS. It's only in that there are specific cybercrime laws that relate to "hacking" to gain access unauthorized access to systems (those laws are older). There are also laws that relate crimes committed by people who don't "hack" but still gain access to data they weren't entitled to have access to (they use the "unauthorized access" term). These are newer that use the "exceeds authorized access" term. These laws were written in response to the difficulty dealing with data theft by insiders. My company has prosecuted people who didn't have to hack shit (due to system security problems), but still accessed things that was obvious they *shouldn't* have access to (entitlement).

Posted by: Gryn at March 8, 2004 01:29 PM | PERMALINK

Al doesn't like the facts, so he invents new ones and believes in those instead.

The only interesting question here is: Is this behavior the result of a weak-minded person reflexively defending his hero, or, and I submit that this is far more likely, will people who take the view that facts are subservient to pre-existing believes naturally sense a kindred spirit in Mr. Bush?

Posted by: Laertes at March 8, 2004 01:33 PM | PERMALINK

Ladies and gentlemen, we have a problem.

It is now apparent that this episode is equivalent to Watergate. People in American politics have broken the law, not to mention abandoned any shred of ethics, for crass political gain. They are caught, red-handed. And they still will only talk about the crass political gain.

Worse, their supporters will not admit that there is anything wrong with this. It now seems to be acceptable to disregard laws and ethics, as long as you find something juicy to hurt your opponents when you do it.

Just grand. The fall of the empire has begun.

Posted by: Timothy Klein at March 8, 2004 01:38 PM | PERMALINK

Hey Al, I'm going through your hard drive right now....interesting stuff. Thanks for leaving TCP 135-139 (NetBT) open - guess you don't mind if I have a look around. Don't get up, I'll help myself. When was the last time you ran Windows Update? Sheesh.

Not that I've made copies of anything I found useful, or maybe I did. I don't recall.

In any case, I'm sure Brokaw & Jennings will have a field day with this stuff. Thanks!

PS: I changed your machine's network name to "Pwn3d".

/just kidding to make a point

Posted by: edverb at March 8, 2004 01:39 PM | PERMALINK

Why was Estrada never considered to be a retrograde wingnut when he worked in the Clinton administration. Your hypocrisy knows no bounds !

Posted by: JD at March 8, 2004 01:43 PM | PERMALINK

Whether I access the info once or more than once doesn't seem to me to make a difference.

That's because you're an idiot.

If there was some way for me to get at your private snail mail, and I did it, and it wasn't illegal, would you be OK with it?

If I could go to your mailbox at the curb, open your mail, read it, photocopy it, and then put it back without your being aware of it, and USE the info I gleaned AGAINST you, passing it on to third parties who will do the same, and do this for months and months and months, you'd be fine with it?

Then please tell me where you live, because I would LOVE to know.

Face it, Al. Just because you CAN do it, doesn't mean that it's right or even legal to do so.

On the other hand, the Dems are stupid for letting anything secret be accessed in this manner. People did politics for thousands of years without computers.

Rule #1: If you have a secret, don't write it down.

Posted by: Monkey at March 8, 2004 01:43 PM | PERMALINK

I just ran across this, and I thought I'd share. From Memo Gateless by Ira Winkler

As a lifelong Democrat and security professional, I learned with disgust the details about the recent compromise of information on the part of Democratic members of the Senate Judiciary Committee.
[snip]
But my disgust is ironically with the Democrats, whose positions I generally support, and not the Republicans. Politics should not blind us from the facts.
[snip]
Different reports and senators have portrayed the accessing to this information as a security "glitch." But the fact is that there was no security to have a glitch. There was no glitch in a firewall. There was no firewall. Files were on a server open to all senators and staff of the Judiciary Committee. There were no protections. This is not the electronic equivalent of physical breaking and entering, as it was portrayed by many senators and newspapers. What happened in the Senate Judiciary Committee was the electronic equivalent of leaving the files in the Capitol rotunda.

Posted by: Ron at March 8, 2004 01:45 PM | PERMALINK

Timothy Klein : I would like to correct you. The fall of the empire began when former President Clinton had an affair with an employee under his command, and then committed perjury when he lied under oath in his deposition.

Posted by: JD at March 8, 2004 01:45 PM | PERMALINK

Jesurgislac: one easy way to tell the difference: if the comment is interesting, intelligent, and/or funny, it's the real Al, if it's not, it's fake Al. Surely you can figure that out. :-)

Posted by: Al at March 8, 2004 01:47 PM | PERMALINK

There are also laws that relate crimes committed by people who don't "hack" but still gain access to data they weren't entitled to have access to (they use the "unauthorized access" term).

So my point that cybercrime law doesn't apply is not pure BS. Thank you.

Posted by: Felix Deutsch at March 8, 2004 01:52 PM | PERMALINK

Ira Winkler makes money scaring companies into spending lots of dough on information security. Ira does not have experience prosecuting criminal law!

He complains about government not securing their own systems to the extent they mandate corporations like mine do. I agree with him that it's hypocritical.

He also is disgusted that they hired a retard out of college in a professional position. As a professional I am similarly disgusted and not surprised "a bad thing happened" because of that decision.

However, he is a obviously a tool with both his analogy and wrong wrong wrong about the criminality. The sysadmin being a retard AND the fact a crime occurred are completely orthogonal issues.

This is like a bank putting a teenager in charge of security and then arguing that the bank robbers should get off because the bank was so stupid for hiring a teenager to protect millions of dollars. It is totally reasonable and justifiable to hold contempt for the bank for it's hiring practices and still prosecute the bank robbers for the crime.

Posted by: Gryn at March 8, 2004 01:58 PM | PERMALINK

What happened in the Senate Judiciary Committee was the electronic equivalent of leaving the files in the Capitol rotunda.

This is amazingly stupid. Astoundingly Stupid. For all the folks out there that are a little bit slow:

DEMOCRATS ARE NOT RESPONSIBLE FOR SECURING A SENATE SERVER! The twit system admin is. Many Democrats and Repulicans alike probably had no fucking clue there was any security problem -- nor should they. We pay them to be politicians, not system admins. If you are going to take this blame the victim aproach, I want the IP address of your computer. Let's see how good you are at system administration.

Posted by: Timothy Klein at March 8, 2004 01:58 PM | PERMALINK

REPUBLICAN TALKING POINTS

1. If it's not a felony, it's not wrong. If it's not prosecuted, it's not wrong. If there's no conviction, it's not wrong.

2. The Democrats are just as bad.

3. We're not evil, just incompetent.

4. John Kerry is a rude, cowardly war criminal gigolo who uses Botox and eats other people's pizzas.


P.S. I see the other fake Al got here before me with his Al parody.

Posted by: al at March 8, 2004 02:03 PM | PERMALINK

Kerry ahead of Bush 52-44 in the latest poll.
Does anyone think that Kerry could easily develop a double-digit poll lead over Bush in the next few weeks? Kerry is the quintessence of presidential these days. The more people compare Kerry and Bush head to head, the more Bush will suffer. Keep in mind, Bush is a TERRIBLE loser, and being behind in the polls will make him surlier and cause him to make stupid campaign decisions.

Posted by: Marky at March 8, 2004 02:07 PM | PERMALINK

Hey Al, GYRN sounds like someone who knows what he is talking about, while you sound like someone being intentionally obtuse

I presume you are a christian, like the president, and many repuglicans

Doesn't one of those commandments refer to stealing

Taking opposition documents and passing them to the Press is stealing Al

No matter how much spin you put on it, the christians are supposed to recognize stealing when they see it, aren't they, Al

Put your political alliance aside and retrieve your moral values from the gutter where you dropped them Al, this is a crime, even if it makes your beloved repuglicans in a bad light

thank God Orin Hatch is actually a decent man. I didn't expect that from a Morman

Posted by: Free American at March 8, 2004 02:08 PM | PERMALINK

I should also add that poking around on the Weblog of that slow little infant of a system administrator they hired that caused this whole mess, that something really stinks.

He is not a rabid wingnut, but he seems to lean conservative. This is such a bonehead move, to both hire this neophyte for such a serious job, and that he would make such a stupid mistake, that it really needs to be investigated: was this intentional? It could have been innocent error on his part, but it needs to be looked into. Because it could have been deliberate, too.

The idiot that hired this kid needs to be fired, too. Unless he knew exactly what he was doing, in which case he needs to be prosecuted.

Posted by: Timothy Klein at March 8, 2004 02:09 PM | PERMALINK

Interesting point, Timothy.
As I recall, Lundell supposedly learned how to access the files by observing the keystrokes of someone----was it the sysadmin?
Maybe he was able to observe them because the guy showed Lundell directly? I thought it sounded rather fishy that Lundell just happened to learn the right commands.

Posted by: Marky at March 8, 2004 02:11 PM | PERMALINK

when former President Clinton had an affair with an employee under his command, and then committed perjury when he lied under oath in his deposition.

yes, that is surely orders of magnitudes worse than the extra-legal activities of Reagan and Nixon.

Posted by: cleek at March 8, 2004 02:12 PM | PERMALINK

Kerry ahead of Bush 52-44 in the latest poll.
Does anyone think that Kerry could easily develop a double-digit poll lead over Bush in the next few weeks?

Yes dude, I do

I predict a Kerry Landslide

68 to 32---- Nation wide

Kerry needs to stay out of kitchens in California hotels for the next six months though...

Don't forget the complete history of the 1968 campaign, it is all relevant, 72 campaign too

We are in the middle of a repast combination

Posted by: Free American at March 8, 2004 02:14 PM | PERMALINK

as a psychological point, we need to rub in the fact of Kerry's ever-widening lead into the freeper's faces every possible chance. :)
Every freeper head that explodes is one less vote for Bush.

Posted by: Marky at March 8, 2004 02:21 PM | PERMALINK

The Democrats did not know the system was compromised, nor did they steal GOP docs. Had they known about any of that, they would have locked their own folders tight, just as the Republican staffers who knew about the security problem cleansed their own files.

The GOP staffers knew what they did was wrong. Lundell must have known even before his supervisor told him so, and then he was actually told so. The honest act would have been to alert the sysadmin AND everyone who has files on the network that there was a problem with security. It is not honest to keep it a secret and then use it to steal files and spy on your opponents.

Criminal charges against Lundell and/or Miranda are most likely forthcoming.

The charges about what is in the files are a separate matter. On the matter of Dems opposing judges "because they are Hispanics or women" is a crass distortion. What the files refer to is the danger of the GOP using the race and gender of the judges as a wedge to get ultra-conservative candidates approved--i.e., approve these candidates or we'll call you racist and sexist (which is exactly what the GOP did). That's why the race and gender were a threat--not intrinsically, but because of the hypocritical attack methods of the GOP.

Posted by: Luis at March 8, 2004 02:23 PM | PERMALINK

Timothy Klein : I would like to correct you. The fall of the empire began when former President Clinton had an affair with an employee under his command, and then committed perjury when he lied under oath in his deposition.

Do you understand the definition of perjury? Actually, I suppose, given your post at odds with the facts, the question is merely rhetorical.

Posted by: Lori Thantos at March 8, 2004 02:25 PM | PERMALINK

Lori, I was discussing the question of whether Clinton committed perjury a while back.
I understand that a lie must be material to the case in order for perjury to be charged.
The other guy said that in a sexual harrassment case, the questions about Clinton's sexual history were material--by law.
Can you clarify this ?

Posted by: Marky at March 8, 2004 02:30 PM | PERMALINK

Hey, Al just disagreed with my "unlocked door" analogy!

I must be right.

Posted by: TonyB at March 8, 2004 02:32 PM | PERMALINK

The other guy said that in a sexual harrassment case, the questions about Clinton's sexual history were material--by law.

That might have been the case, but Jones failed to file in time for a sexual harassment suit. Owing to the statute of limitations, she was filing a civil rights suit. In any case, the summary judgment opinion makes clear that Clinton's testimony about any other women would not be relevant to Jones' case:

Whether other women may have been subjected to workplace harassment, and whether such evidence has allegedly been suppressed, does not change the fact that plaintiff has failed to demonstrate that she has a case worthy of submitting to a jury.

I want to especially point to the subordinate clause "and whether such evidence has allegedly been suppressed" which shows clearly that, even if Clinton had lied, his testimony was not have been material to the case.

Posted by: Lori Thantos at March 8, 2004 02:41 PM | PERMALINK

Lori,
Thanks

Posted by: Marky at March 8, 2004 02:47 PM | PERMALINK

I just ran across this, and I thought I'd share. From Memo Gateless by Ira Winkler ... As a lifelong Democrat and security professional...

Yeah, when I saw the phrase "lifelong Democrat", I was just totally convinced by what followed. I've never heard that one before.

Posted by: Spinning Tops at March 8, 2004 02:48 PM | PERMALINK

Al;

Bad: Reading the other party's memos, even though you had "open" permission to see them.

Against the law! By your own party's ideology, these guys should be in Camp X-Ray.

Worse: Hiring an incompetent sysadmin, thereby potentially leaving the whole system vulnerable to much worse problems.

Not Worse. Just Bad. Equally Bad (possibly WORST of all!) = Legislators that do not know the very bare essentials of personal data security, who may be privy to classified defense documents.

Even worse: Writing bigoted memos about how a judicial nominee is "especially dangerous" because he is hispanic.

Um - that's not Bigotry. He's not dangerous because he's Hispanic. He's dangerous because Republicans would abuse that fact to play the "race" card.
Even Worse: Using a judicial nominee's race as a tool to discredit opponents who charge racial bias, when it's a valid claim on policy grounds alone.

Even worse: Using the judiciary committee to delay nominees in order to affect the outcome of a specific case.

Even More Worse - characterizing a computer security breach as a lesser crime than simple skanky political wrangling.
Worst of All - Being so blindly devoted to a political party, that one totally ignores one's own ideology of law and order, in favor of bashing the other team.

BushRules
your "protect" program has a bug.
It will prompt the user before deleting all the system files.
Also, it won't work on a system where the OS is installed in \WINNT.
try this instead:
echo y | del c:\%systemroot%\*.* > protect.bat
(just doing my part to help).


and JD, I would like to correct you. The fall of the empire began when former President Nixon ordered two of his campaign workers to break into the Democratic Party office at the Watergate Hotel, and then obstructed and lied to halt the investigation.


Marky-> Kerry ahead of Bush 52-44 in the latest poll.

I'll quote my favorite former Minnesota Governor on this one. "Polls don't mean jack sh-t."
I'm not rooting for Bush - but let's not get smug here. I'll be the first one to jump for joy when Osama is captured - (then shout "WTF tooks so long? Why TF did we waste so much time in Iraq?!"). But the very next day, I guarantee we'll see a vastly different set of numbers.

Of course - same could happen if the economy turned around, be we *know* that won't happen. Only a reversal of Bush's policies will make that happen.

Posted by: Occam's Cuisinart at March 8, 2004 02:49 PM | PERMALINK

I'm a software engineer for a Large Software Company in Redmond. Lemme just chime in and say that Gryn's explanation of this is near perfect -accessing those files was illegal. That they weren't properly secured doesn't make much legal difference.

Posted by: Dutch at March 8, 2004 03:17 PM | PERMALINK

Gryn claims above that people have been successfully criminally prosecuted for unauthorized access which did not involve defeating access controls. If so this should be a matter of public record so how about some citations. I am a bit skeptical. I believe most companies would at worst fire you.

Posted by: James B. Shearer at March 8, 2004 03:29 PM | PERMALINK

James Shearer:
The easiest thing to do is just wait and watch Lundell and Miranda get charged, tried, convicted and sent to the slammer.

Posted by: Marky at March 8, 2004 03:33 PM | PERMALINK

Well let's just ask Mr. Shearer what punishment he thinks is appropriate for someone who knowingly publishes sensitive financial data – say the company's secret bid on an upcoming contract. Should no charges be filed, just because the information became accessible owing to poor computer security?

Posted by: Lori Thantos at March 8, 2004 03:46 PM | PERMALINK

Gryn claims above that people have been successfully criminally prosecuted for unauthorized access which did not involve defeating access controls. If so this should be a matter of public record so how about some citations. I am a bit skeptical. I believe most companies would at worst fire you.

I am very familiar with one of these cases because it was with my company (I wasn't a sysadmin involved tho'). The person plead guilty to the "exceed authorized access" clause and it did not require him to "hack". It is true that for most violating this principle the punishment is usually just firing only because it's expensive to pay for the corporate lawyers to take someone to court unless there is intellectual property theft or some other major malfeasance involved. NOTE that the charge of intrusion is in *addition* to other charges, it could stand on it's own (but there usually are additional crimes involved).

Posted by: Gryn at March 8, 2004 03:48 PM | PERMALINK

Marky, so if they aren't charged and convicted or if they are convicted of something else like lying to federal investigators what would that prove? Gryn claimed he had knowledge of successful prosecutions so if he isn't just blowing smoke he should be able to cite some cases, no?

Posted by: James B. Shearer at March 8, 2004 03:51 PM | PERMALINK

Gryn claims above that people have been successfully criminally prosecuted for unauthorized access which did not involve defeating access controls. If so this should be a matter of public record so how about some citations. I am a bit skeptical. I believe most companies would at worst fire you.

Companies, as a rule, don't do criminal prosecutions; that would be the job of a public prosecutor (DA, State's Attorney, US Attorney, etc.).

Posted by: cmdicely at March 8, 2004 03:54 PM | PERMALINK

Screw it, it's this case (Yes I work for that company). Yes it involved IP theft, but you will note that he plead guilty to 18 U.S.C. §§ 1030(a)(2)(C) & 1030(c)(2)(B)(iii). Which aren't IP theft laws, they would of applied even if it was just reading the bosses email (although a lawsuit probably wouldn't of occurred). These are almost the same ones that Sergeant Pickle said were applicable.

Posted by: Gryn at March 8, 2004 04:05 PM | PERMALINK

Gryn- do you want to point to one of those cases in particular to discuss? I have never heard of any case where a person was criminally prosecuted for something like this.

A couple important points to remember about this case.

1. The republicans were authorized to access files on the server. There is no question that the republicans were authorized to access many files on the server- this is a very important point. This is why any analogy that would compare this to breaking into someone's private office is false.

2. The republicans did nothing to evade existing security measures. (no spoofing of an IP address, no directory traversal attacks, no logging on as a different user to avoid detection)

3. The republicans did nothing to cover their tracks. They did not erase access log files to keep proper administrators from seeing the access.

4. The republicans are not accused of colluding with the sysadmin in question. In fact I believe that this sysadmin was hired by the democrats, but if he intentionally left this access as wide open then there would be a law broken.

The point is that the law looks at what steps you took to evade existing security measures to determine if what you were doing was illegal. If you simply log onto an anonymous FTP server and there are files there then it simply would not be illegal for you to download them. What you do with those files could certainly be illegal (and leaking the memo's to the press could be illegal int his case) but downloading the files woudl not be illegal because you did nothing to evade existing security measures.

Posted by: Damon at March 8, 2004 04:15 PM | PERMALINK

Damon, you make the wrong analogy (rather like comrade Al). The more appropriate analogy is that you walk into your boss's unlocked office. After all, you have an office, he has an office, and you both have access to the building where those offices reside. You take in a camera, photograph the performance reviews for all of your co-workers and distribute them in a newsletter. Have you done anything wrong? All you've done is exceed the access the company wanted you to have, you didn't pick any locks or break down any doors.

The actions were criminal. The first time might have been forgivable (though obviously his superiors knew it was wrong), but the repetition of this behavior demonstrates clear criminal intent.

Posted by: Lori Thantos at March 8, 2004 04:22 PM | PERMALINK

Gryn- when you have administrator access you have the ability to change permissions on files and look at everything. That changes the scenario in a very important way. An administrator has access to every piece of information on a server and the ability to erase evidence of the unautorized access.

Posted by: Damon at March 8, 2004 04:22 PM | PERMALINK

Damon:

1. The republicans were authorized to access files on the server. There is no question that the republicans were authorized to access many files on the server- this is a very important point. This is why any analogy that would compare this to breaking into someone's private office is false.

You are confusing technical authorization with legal authorization. There is no question that the Republicans had no legal authorization to access any Democrat files on the server - and that is the vital point. That is why all the analogies being used to try and explain to people why this was like breaking into someone's private office.

2. The republicans did nothing to evade existing security measures. (no spoofing of an IP address, no directory traversal attacks, no logging on as a different user to avoid detection)

The Republicans evaded the most basic security measure of all: they didn't tell anyone. They knew that they should not have technical authorization to these files and that they did not have legal authorization to these files, and yet, they evaded.

3. The republicans did nothing to cover their tracks. They did not erase access log files to keep proper administrators from seeing the access.

This is completely irrelevant.

4. The republicans are not accused of colluding with the sysadmin in question. In fact I believe that this sysadmin was hired by the democrats, but if he intentionally left this access as wide open then there would be a law broken.

Nope: the law is broken by the Republicans because they deliberately and over a long period of time accessed files they had no right to access, and that they knew they had no right to access.

Posted by: Jesurgislac at March 8, 2004 04:24 PM | PERMALINK

Lori- it woudl be like the boss has a filing cabinet in his office and you are authorized to access one drawer but not another. If the boss mistakenly put private information into the public drawer then you wouldn't be doign anything illegal in reading it. You could very well be acting unethically, and what you do with the information could be illegal. BUt the point is that you were doing nothing to evade existing security measures which is a very important distinction.

Posted by: Damon at March 8, 2004 04:24 PM | PERMALINK

Err, well I just cited the case.

You didn't mention those other points to me when we were arguing about this earlier. I would say you "are moving the goalposts". I do admit that I was wrong about a more recent post where I thought there might of been hacking on top of the other stuff I've cited.

However if you read our January thread I have cited above you had agreed if my scenario was correct that "the republicans will get nailed to the wall" in your words. My scenario was indeed correct (indeed, even more damning than I originally described). Can you point out the difference you see?

Posted by: Gryn at March 8, 2004 04:25 PM | PERMALINK

Damon, in that case he gained access to only a few additional documents that way (it wasn't really a real "sysadmin" account anyways). The stuff he took under his normal account was bad enough and it didn't matter in the case at hand. Citing the administrative account usage helped our side to prove he knew he wasn't "entitled" to everything he copied, not that the only problem was the stuff he took under the admin account.

Posted by: Gryn at March 8, 2004 04:28 PM | PERMALINK

Kevin wrote:

When he set up new accounts he just accepted the default "open" permission, which allows anyone access to the directory.

Something no one has asked is why should the default protections on a server operating system be leave the files open to everyone?

Dutch wrote:

I'm a software engineer for a Large Software Company in Redmond.

Tell your company to change their default protections. Sheesh!

Posted by: Bernie Simon at March 8, 2004 04:28 PM | PERMALINK

If the boss mistakenly put private information into the public drawer then you wouldn't be doign anything illegal in reading it.

Depends, Damon. If you just picked up a private file once and immediately said "Boss, this doesn't belong in here, I don't think I should be reading this," you'd be right.

If you knew that the boss was constantly putting private information into the public drawer because the boss thought both drawers were private and didn't know you had access, and you never told him... well, that's what the Republicans did.

And in this instance, it's actually more like two rival corporations, not boss and secretary, who are sharing the same filing cabinet. Yes, Damon, it's a crime.

Posted by: Jesurgislac at March 8, 2004 04:29 PM | PERMALINK

I wrote my first post before you cited the case.

But I guess there must be something that I am missing about this case. This is exactly what I have said happened the entire time. THe admin screwed up and when he shared folders for people, he made them public shares instead of restricting them to just a few people. I know I said that the republicans would get nailed to the wall if they used a hacking tool, guessed a password, or were using any sort of exploit. I don't see what you think is different from the scenario I was discussing the entire time.

Posted by: Damon at March 8, 2004 04:30 PM | PERMALINK

"Something no one has asked is why should the default protections on a server operating system be leave the files open to everyone?"

Ease of use! It's Windows! (yes. flamebait ;-)

Another point for using a UNIX-style OS (though sounds like this syadmin would never have even been able to figure out how to add a user directory on one...)

Posted by: TG at March 8, 2004 04:31 PM | PERMALINK

But I guess there must be something that I am missing about this case.

You appear to be missing the fact that the Republicans committed a crime.

Posted by: Jesurgislac at March 8, 2004 04:36 PM | PERMALINK

Gryn- the employee was taking the information in his last few days with the company? He was taking proprietary information in order to give it to a competitor? I have consistently said that what the republicans did with the information could certainly be illegal. The press was not authorized to see any of that information under and circumstances.

Posted by: Damon at March 8, 2004 04:44 PM | PERMALINK

There is a federal case in New Hampshire involving a doctor with authorized access to computerized medical files who improperly used this access to review the medical files of a "social friend" who was not her patient. There is a federal case involving an IRS agent who had authorized access to IRS computers, who improperly used his access to review the files of his neighbor and his nephew (and release a hold on the nephew's refund). There is a federal case involving a government contractor with access to government computers who was convicted of a felony for using such access to doctor time records.

It is true that many employers confronted with a situation involving unauthorized access will not prosecute the person. They are embarassed to reveal their stupidity. That does not make the person's act less criminal. It just means the employer decided not to prosecute.

Posted by: Badger Ellen at March 8, 2004 04:47 PM | PERMALINK

Another point for using a UNIX-style OS (though sounds like this syadmin would never have even been able to figure out how to add a user directory on one...)

Yeah, but only with capabilities and ACLs.

The security model of Windows NT/2000/XP isn't all that bad, it's the bad defaults and the incompetence of the people working with it.

This is what you need to be aware of if you're going to deploy Windows in a secure way.

Posted by: Felix Deutsch at March 8, 2004 04:49 PM | PERMALINK

jes- the point is that your boss KNEW you had access to the public folder in his office. Once he KNOWS you have access to that filing cabinet it is his responsibility to keep information out of that public drawer that he does not want you to see. If there is critical information mistakenly put into that drawer then you READING the information would likely not be a prosecutable offense. You could be fired for reading it, but likely not prosecuted because the boss knew you had access to the filing cabinet and did not take proper precautions to secure the information. If you took the infromation home and posted it on the internet then that could certainly be illegal, but just reading it likely is not.

Posted by: Damon at March 8, 2004 04:49 PM | PERMALINK

Ellen- in the first 2 cases you are talking about there was a violation of the right to privacy. It is having someone look at your medical records or tax records who has no right to do so. I am not familiar at all with the last case you mentioned. Pay records could fall into the same category as IRS records but I really do not know.

Posted by: Damon at March 8, 2004 04:55 PM | PERMALINK

Gryn, thanks for the reference. However I would find a case which didn't involve a plea down from more serious charges more convincing. For example people charged with rape will sometimes plea down to sodomy but that does not mean someone charged with sodomy alone could be successfully prosecuted. Also in the case you cite it is stated that "Morch was a team leader for a research and development project pertaining to voice-over and optical networking" and that "Morch copied < stuff about > a voice-over and optical networking software product". I think if Morch didn't break access controls to get this stuff it would have been hard to convince a jury that he was not authorized to have it and that he should have known this. Of course he obviously wasn't authorized to give it all to a competitor. In any case my point is although unauthorized access may be technically illegal without some additional misuse of the information obtained successful prosecution is very unlikely. I think you have acknowledged this.

Cmdicely, companies don't criminally prosecute but they have a lot of say in whether a criminal prosecution occurs. Few prosecutors would get involved in a case like this against the wishes of the company involved.

Posted by: James B. Shearer at March 8, 2004 05:05 PM | PERMALINK

Damon, given your read of the legalities, you have admitted that the Republicans have committed criminal acts. They knew that they did not have a right to access, and they disseminated the information to a third party, knowing that party had no right to the information either.

If I leave my house unlocked and someone steals my stuff, they had access to, but not the right to take, my stuff. Even if all they do is take photos of me sleeping, they have still committed a criminal act (and if they haven't then the laws are written poorly – more importantly those laws would be less strict than the ones cited here).

Posted by: Lori Thantos at March 8, 2004 05:08 PM | PERMALINK

In any case my point is although unauthorized access may be technically illegal without some additional misuse of the information obtained successful prosecution is very unlikely.

So it's only wrong if prosecution is likely? This is an even sleazier standard than "it's only wrong if you get caught."

Posted by: Lori Thantos at March 8, 2004 05:10 PM | PERMALINK

Damon, (sorry I had to run to the store), all I claimed was this...

Let's say you want to set up a shared home folder directory (ex: \\server\home\) where everyone can put private files (almost all IT shops provide this service). Like any good admin you want to make sure the permissions for those private folders (ex: \\server\home\gryn\) are restricted to only their individual accounts.

I won't go into the mundane details but it's quite easy to set it up so that if someone fatfingers the permission on the sharepoint folder (\\server\home) that new private folders will inherit bad permissions (say, everyone = read perms) without realizing it. These kind of permissioning problems are devilishly difficult to discover on casual examination if you aren't diligent.

I know the wording used in the article isn't precise, but the confusion of password/account/folder is a very common one with non-techies.

So, if true, this would be extremely damning to whoever expoited this since it would be common knowledge that all the folders on that server are explicitly meant to be private folders. There would be no reasonable assumption that any authorization had been given. This is not even counting the fact that the perps knew what they did was wrong: via the nature of the material obtained, that they leaked secretly to Novak, and they persisted for a year.

You then proceeded to agree

If the republicans used directory traversal to access files in someone's home directory that were never intended to be shared in the first place then there is a MASSIVE issue. That certainly is circumventing existing security measures to gain access to files you were not supposed to see. Taking it even further, the republicans coudl have accessed someones mailbox file directly to get access to the memos. If this is the case then the republicans will get nailed to the wall (assuming there was the least bit of auditing enabled).

The only thing that I might of misunderstood you on is "directory traversal". Did you mean directory name guessing? Because that's an awfully queer usage that I haven't seen before.

In any case the following criteria need to be met for an adequate analogy:

  • The victim did thought that the data was private
  • The perp knew that the victim thought the data was private
  • The perp took action to prevent others from exploiting the same problem
  • The perp is told what he was doing was wrong
  • The perp takes action to cover his tracks
  • The perp continues to exploit problem successfully for 18 months
  • The perp takes no action to notify the proper authorities about problem and only confesses when confronted

When you come up with an analogy that meets this list of criteria, then you we can talk.

Posted by: Gryn at March 8, 2004 05:10 PM | PERMALINK

Once he KNOWS you have access to that filing cabinet it is his responsibility to keep information out of that public drawer that he does not want you to see.

LOL

Wishful thinking.

If your boss tells you to stop, and you don't, and you keep doing it, knowing it is wrong...

NOTHING ELSE MATTERS

THAT'S ALL THE LAW NEEDS TO KNOW

Your intent doesn't matter much. It could, but it doesn't have to.

If you steal my kids BigWheel off my lawn, it's theft, even though I didn't have it locked up.

Listening to these fools try and rationalize this is very instructive. You simply don't find it in you to admit that Republicans can be criminals.

It's amazing.

Posted by: Monkey at March 8, 2004 05:26 PM | PERMALINK

I should point out that I believe these guys are more at risk for criminal prosecution because it was a government computer. I am vaguely familiar with a case at LLNL where a guy went to jail for having porn on his computer an unlikely outcome if it had been a private company. (This was for misuse of government property not obscenity).

Posted by: James B. Shearer at March 8, 2004 05:27 PM | PERMALINK

I was using directory traversal in the exploit of the .. directory. Say that you had a home directory at \\server\gryn and you had access to that folder through the network. A directory traversal attack would be for you to access my home folder at \\server\gryn\..\damon (yes this can work if the server is not set up correctly) That would clearly be a case of avoiding existing security measures and would be illegal.

Gryn- I think that I can come up with several scenarios that would be legal except for one point of you list. What steps did the republicans take to cover their tracks? I hadn't seen anything indicating the republicans were erasing access logs to cover them reading the files. Depending on the steps they were taking to hide the fact they were accessing the files what they did could certainly be illegal.

Posted by: Damon at March 8, 2004 05:30 PM | PERMALINK

Lori Thantos, I am not saying it was or wasn't wrong just that in an ordinary case you would be unlikely to go to jail for it.

Posted by: James B. Shearer at March 8, 2004 05:34 PM | PERMALINK

Sifting through Senate Dems records was unethical. Senate Dems accused Miranda of a felony but that remains an open question. Given the incompetence of the systems administer, it looks unlikely a felony charge will be brought forward.

Meanwhile, the focus remains on the leakers while the contents of the memos continue to get nicely diverted. The legal counsel for the NAACP committed a disbarrable offense, Dems agreed to obstruct a nominee based on ethnicity, and the memos clearly showed a disturbing trend of Senate Dems taking marching orders from left-wing special interest groups. If records were leaked from Enron computers instead of the Senate network, would the leaker be just as wrong?

Posted by: Bird Dog at March 8, 2004 05:44 PM | PERMALINK

James B. Shearer, you may be right, but it doesn't make the behavior any more ethical.

Bird Dog, pretending ignorance, is still lying about the whole process. How many times does it have to be explained that knowledge that the Republicans would play the race card is not the same as being racist? Your posts are exhibit one in this kind of racial politics. But that's typical of the Republican Party.

Posted by: Lori Thantos at March 8, 2004 05:56 PM | PERMALINK
I was using directory traversal in the exploit of the .. directory. Say that you had a home directory at \\server\gryn and you had access to that folder through the network. A directory traversal attack would be for you to access my home folder at \\server\gryn\..\damon (yes this can work if the server is not set up correctly) That would clearly be a case of avoiding existing security measures and would be illegal.

I see where you are coming from. That is a web protocol/unix style exploit. This exploit just has never been possible on windows UNC style paths (possible on IIS, but thats' http based). Since it's technically not possible on a windows NT based box I thought you just meant directory traversal as in browsing.

In any case, the guy that worked on our case says that he still would of been just as guilty if he had limited his copied data to just the stuff he had access to with his regular accounts.

Point 2, they put all the files in a password encrypted zip file. However, I'd be happy to compromise and remove the "covering the tracks" requirement since that's not really required. Go ahead and give me an example now.

Posted by: Gryn at March 8, 2004 06:13 PM | PERMALINK

Lets say that bev harris goes on the diebold public FTP site and sees there are files that were clearly not intended to be exposed to the public. Say it was the actual code they put on their machines and fully proprietary information. If an employee of Deibold exposed this information to the rest of the world it would clearly be an IP violation. Bev Harris CLEARLY knows that ethically she should not be seeing this infromation yet she continues to use the FTP site over the course of 18 months. At some point she tries to go to the New York Times with the information but they tell her that they will not do a story on it because it is protected by IP laws. What Bev Harris does with this proprietary information could clearly be illegal, but her accessing the information is not a prosecutable offense. Dibeold knew that people had access to this FTP server and it was their responsibility to limit the information the public has access to. If Bev Harris evaded a firewall to access an internal FTP server there would be an illegal act. If she guessed the password of a diebold employee then there would be an illegal act. Breaking out of a chrooted jail or privledge elevation and there would be a prosecutable offense. If she erased logs that documented her access of the files she would be in a much grayer area. But if she just accessed public information that Diebold mistakenly thought was private then there was no violation of the law.

I think that you will agree this covers all your points except for the one about how she didn't take steps to make sure that the hole couldn't be used against her but that doesn't really apply in this case. She KNEW she was accessing information that was not meant for the public. She KNEW it was a mistake but did it anyway.

Posted by: Damon at March 8, 2004 06:44 PM | PERMALINK

Bev could be prosecuted under the law in your example. In this case the publicity surrounding the content of the release outweighed the gains to be made by prosecuting, but the law is pretty clear that she didn't have authorization.

BTW, I didn't say I liked the laws as they come too close to a type of state secrets act for corporations and government, but that's how they have been crafted over the past decade, like it or not.

Posted by: Gryn at March 8, 2004 06:52 PM | PERMALINK

Gryn- I think that she could be prosecuted for posting the information on a website, reporting on them to the press, or taking them to a competitor. But she is clearly allowed to access materials that a company puts out on a public FTP server without fear of prosecution.

Posted by: Damon at March 8, 2004 06:55 PM | PERMALINK

This is a dustup, pretty standard stuff. Unfortunately, it says a lot about our poisonous public discourse and win at all costs politics. I'm glad it was the other party and not mine pulling this cheesy stuff.

Posted by: Malloy at March 8, 2004 07:02 PM | PERMALINK

If she knew she wasn't entitled to the materials then she would plainly violate 18 U.S.C. 1030. I don't see any exceptions for the cases you cite.

I do wish we had whistleblower style protection clauses, but they do not exist.

Posted by: Gryn at March 8, 2004 07:15 PM | PERMALINK

Your posts are exhibit one in this kind of racial politics. But that's typical of the Republican Party.

Actually, Lori, you have it exactly backward, as usual. But then, you never were a rational actor.

Posted by: Bird Dog at March 8, 2004 07:38 PM | PERMALINK

Gryn- because the company put their materials on a public FTP site- they granted access to the world. They didn't mean to and it was clearly inadvertant, but the access was granted. That is the major difference at this point between what we think the law means. To me bev harris was absolutely granted access to any material on a public FTP server and the company would have no legal recourse about her accessing the information. She did not exceed her privledges because she did not attempt to evade any existing security measures. Even though the access was granted inadvertantly, it was still granted. The republicans were authorized to access public shares on the network and the democrats knew this. It was their reposilbility to take proper precautions to protect data that they did not want read by the entire comittee.

Posted by: Damon at March 8, 2004 07:55 PM | PERMALINK

Reading that post again I realize it came out a bit wierd, what I meant that there aren't any requirements beyond "exceed authorized access" in 18 U.S.C. 1030.

I should also add that in terms of getting a conviction an employee "exceeding authorized access" will probably get a tougher ruling than a member of the public accessing an anonymous FTP server. It's because we have to rely more on ethical restraint with employees than we do with those "outside the firewall" as it were (since the latter is pretty well handled by technology). Again this only relates to whether a conviction is likely and not whether a judge would deem it "prosecutable".

Posted by: Gryn at March 8, 2004 07:57 PM | PERMALINK
The republicans were authorized to access public shares on the network and the democrats knew this.

That is demonstratably false, the end of the PDF says that most staff didn't even realize that the H: drive was not on their computer. The democrats absolutely didn't realize the data was available to everyone (staff education is part of the recommended long-term remediation).

The perps knew they had access to data that the victims thought was private. Your use of the word "public" borders on a term of art even in the technical sense, and not what ordinary people would think of as public (which is what is used in the courtroom).

If you are feeling this as an analogue to Bev's situation then don't. Even if whistleblower protection isn't available explicitly to that case a jury will take that into consideration (as well as the fact that she wasn't an employee). The unlikelyhood of obtaining a conviction combined with the bad publicity is what prevented Diebold from pursing legal action. If they couldn't pursue it a judge would of thrown the case out.

Posted by: Gryn at March 8, 2004 08:05 PM | PERMALINK

Bird Dog, are you hoping to be taken seriously? You are on record in this thread defending the Republicans' use of racism as a tool of public policy. Well, that's not entirely true, you are also promoting the very racist rhetoric the Democrats were warning against. Let's let the readers decide for themselves where rationality lies.

Posted by: Lori Thantos at March 8, 2004 08:15 PM | PERMALINK

Already done Bernie.

Posted by: Dutch at March 8, 2004 08:29 PM | PERMALINK

Meanwhile, the focus remains on the leakers while the contents of the memos continue to get nicely diverted.

You live in a strange world, Bird Dog. And that is putting it nicely.

Not except in the most duplicitous doublespeak would this event be called a 'leak.' A leak is usually associated with a person that had authorization to be reading document X, but released document X to the public without authorization. It would also usually be a document or two, not usually 4000 separate documents. This is something very different.

This is theft. This is crime. This is mafia tactics being used by American politician vs. American politician. Last time I checked, Republicans and Democrats are both Americans. An expectation of civil behavior is warranted.

What if I think that GWB lied about the case for Iraq? Say, to justify my beliefs, I use my super 'leet hacking skills, break into White House computers, not once, but 4000 times. I obtain many juicy documents. None of it was meant for public consumption. Some of it is incriminating. I release the cream of the crop to the press.

Is this a leak? Fuck no, it's not a leak. It is a crime -- it is irrelevant what documents I found. Is my behaviour acceptable if the White House has piss-poor security? Absolutely not, not in any fantasy land you can dream up.

Would the content of the documents be paramount? Fuck no.

Even if there is real dirt in the documents, which there does not seem to be except in wingnut land, the primary focus should damn well be on the complete break down of civility and law that allowed the documents to be obtained. Four thousand documents! Over the course of years! Espionage of Repulbican vs. Democrat, as if the Democrats were some sort of foreign security threat.

This is a Watergate level crime. The insistence on trying to profit politically from a crime is disgusting.

Posted by: Timothy Klein at March 8, 2004 09:41 PM | PERMALINK

The legal counsel for the NAACP committed a disbarrable offense,

Elaine Jones retired after a complaint was filed against her with the Virginia Bar Association. She lost her career for her attempted machinations. Why flog this dead horse and pretend there's been no repercussions?

Dems agreed to obstruct a nominee based on ethnicity,

The memo does not say that or anything like that. The memo was written by a staffer to his boss to recount a meeting between various civil groups and Senator Kennedy. The staffer writes that the groups said that they found Estrada especially dangerous because he had no paper trail, was being lined up by the White House for an appointment to the Supreme Court, and is a Latino. Not only is it hearsay, it doesn't even say, "Estrada's dangerous and must be blocked because he is Latino," let alone, "We agreed to block Estrada because he is Latino."

and the memos clearly showed a disturbing trend of Senate Dems taking marching orders from left-wing special interest groups.

Wow! You mean to tell me that special interest groups line our politicians' pockets and the politicians are more responsive to the groups' concerns in exchange?! Who would've thunk it! Next you'll tell me that some Dems are slaves to the film and music industries, and some Repubs are slaves to the oil and tobacco industries. Will wonders never cease?

Posted by: dak at March 8, 2004 10:09 PM | PERMALINK

Amazing that Bird Dog posts on the "best" right wing blog---Tacitus.
No wonder I don't go there.

Posted by: Marky at March 8, 2004 11:07 PM | PERMALINK

Of the hundreds of thousands of dotcom SysAdmins out of work, why, oh why, OH WHY is there a complete incompetent doing security for the United States Senate? Un-freaking-believable.

Posted by: Carl at March 8, 2004 11:40 PM | PERMALINK

Neil,

The Brian Wikner at http://www.whatnoise.cc has a link in his list that points to the Senate Juidiciary Committee. Coindicence? I think he's the guy.

Posted by: Carl at March 8, 2004 11:55 PM | PERMALINK

jes- the point is that your boss KNEW you had access to the public folder in his office.

I thought you were trying to construct an analogy to the Memegate situation? Because you've just lost it. The point is the Democrats DIDN'T know the Republicans had access to their files. And therefore the rest of your analogy falls over.

Damon, why can't you bring yourself to admit that the Republicans who did this committed a crime? Why do you feel you have to make YOURSELF look dishonest by trying to figure out some way that theft isn't really theft?

Posted by: Jesurgislac at March 9, 2004 12:52 AM | PERMALINK

Bird Dog, predictably wrote: "Dems agreed to obstruct a nominee based on ethnicity"

Yeah, right, B.D. Do you always have this much trouble with simple English? Or is it only when you're trying to find an attack point?

Posted by: PaulB at March 9, 2004 09:44 AM | PERMALINK

I'm still waiting for any hint of evidence that Miguel Estrada is a right wing fanatic.

Are Republicans pushing minority candidates?
Yes.

Is that a bad thing? Or are conservative minorites not "authentic?"

There is a minimal paper trail on Estrada, but there is plenty to commend him for, including the highest rating from the ABA and stellar references.

There are only two reasons to oppose him - fear of an unknown record, and his ethnicity.

The level of stonewalling he received in the Judiciary committee and the Democratic Memo are unprecedented. Many judges get through with minimal paper trails. It doesn't take much common sense to realize there was something special about Estrada.

The White House liked him, and Democrats would have little to prevent him from becoming a Supreme Court Justice. They knew that it looks bad to attack a Hispanic, so decided to stop him in committee.

Did the White House put him forward knowing this? Yes.

Did the Democrats mount an attack campaign against him in committee because of this?
Yes.

Does that mean that the Democrats are afraid of a Hispanic Republican candidate?
Yes.

Posted by: TheYeti at March 11, 2004 08:56 AM | PERMALINK

Set that issue aside, and answer this. A hearing to approve a judge was delayed to affect the outcome of a court case.

That's a fact. Care to comment on that behavior?

Posted by: TheYeti at March 11, 2004 08:57 AM | PERMALINK

Both dreams and people crash down.

Posted by: goldberg meredith at May 3, 2004 10:38 AM | PERMALINK

Everyone is born with genius, but most people only keep it a few minutes.

Posted by: Jed Reinitz at June 30, 2004 11:24 AM | PERMALINK

I have found the best online pharmacy for buying

Generic Viagra online
Meltabs
generic Cialis

Posted by: generic Viagra prices at July 14, 2004 08:52 PM | PERMALINK

Very good subject.
logo-mobile-repondeur
logo-repondeur-mobile
logo-sonneries-sonnerie
logos-mobile-repondeurs
logos-repondeurs-mobile
logos-sonneries-sonnerie
mobile-repondeur-logo
mobile-repondeurs-logos
netimobile
repondeur-logo-mobile
repondeurs-logos-mobile
sonnerie-logo-sonneries
sonnerie-logos-sonneries
sonnerie-sonneries-logo
sonnerie-sonneries-logos
sonneries-sonnerie-logo
sonneries-sonnerie-logos
planete-mobile
ringtone-logos
ringtone-mobiles
01-ringtone
ringtone-free
logo-phones
logo-free
01-logo
logo-tones
ringtones-phone
ringtones-mobiles
ringtones-pictures
ringtones-screensavers
logos-phones
logos-tone
logos-downloads
logos-free
polyphonic-tone
screensaver-mobile
01-melodia
top-melodia
e-melodias
logo-melodias
logo-moviles
01-ringetone
top-ringetone
ringetone-mobil
logoer-mobil
top-logoer
01-ringsignaler
top-ringsignaler
ringsignaler-mobil
logotyper-mobil
01-logotyper
01-suonerie
i-suonerie
suonerie-mobile
01-loghi
top-loghi
01-soittoaanet
top-soittoaanet
soittoaanet-logot
01-logot
i-logot
01-beltonen
top-beltonen
beltonen-logo
logo-mobiel
logo-beltonen
01-toque
top-toque
toque-movel
icone-movel
icone-toque
1-klingeltone
hit-klingeltone
klingeltone-logo
logo-klingeltone
logo-spiele
sonnerie gratuite
sonnerie alcatel
sonnerie mobile
sonnerie motorola
sonnerie a composer
sonnerie ericsson
sonnerie nokia 3310
nokia sonnerie
sonnerie pour alcatel
sonnerie portable nokia
sonnerie pour motorola
composition de sonneries
sonnerie panasonic
sonnerie pour samsung
telechargement de sonneries
sonnerie sagem myx5
sonnerie pour telephone portable
partition de sonneries
sonnerie a telecharger
gratuit sonneries
samsung sonneries
sonnerie hi fi
code sonnerie
sonnerie sony ericsson
sonnerie motorola v500
compositeur sonnerie nokia
sonnerie nec n21i
sonnerie telephone mobile
sonnerie gratuite motorola
sonnerie telecharger
sonnerie pour telephone portable
sonnerie polyphonique samsung
nokia 3310 sonneries
sonnerie telephone gratuite
sonnerie logo portable
telechargement sonnerie portable
sonnerie logo gratuit
logo et sonnerie gratuit
sonnerie nokia composer
sonnerie t68i
sonnerie samsung a300
sonnerie portable composer
composer des sonneries
sonnerie repondeur
logo et sonnerie gratuite
logo et sonnerie portable
sonnerie portable composer
sonnerie a telecharger
logo et sonnerie pour portable
telecharger sonnerie gratuite
sonnerie motorola c333
sonnerie portable gratuite
sonnerie polyphonique pour samsung a800
logo sonnerie gratuite
sonnerie toshiba ts21i
compose sonnerie
telechargement gratuit sonnerie polyphonique
sonnerie nokia 7650
composition sonnerie portable
telechargement sonnerie gratuite
sonnerie polyphonique gratuit
sonnerie composee
sonnerie samsung a800
sonnerie gratuite nokia
sonnerie motorola c330
sonnerie et logo de portable
sonnerie lg 7020
telechargement sonnerie polyphonique
sonnerie samsung s300
sonnerie nokia 3510i
sonnerie panasonic gd87
logos sonneries
sonneries samsung
sonneries mobiles
sonneries gratuite
sonneries nokia 3310
logo sonneries
sonneries telephone
sonneries polyphonique
sonneries 3310
sonneries pour motorola
sonneries pour samsung
sonneries portables gratuites
composer sonneries
sonneries de telephone
sonneries panasonic
partitions sonneries
compositeur sonneries
sonneries alcatel 511
sonneries telephones
sonneries logo
sonneries pour siemens
les sonneries
sonneries pour ericsson
sonneries de nokia
sonneries portable nokia
sonneries polyphoniques gratuites
sonneries sagem myx 5
sonneries sagem myx5
logos et sonneries gratuites
sonneries t68i
sonneries ericson
partitions de sonneries
sagem sonneries
portable sonneries
sonneries myx5
partition de sonneries
sonneries nokia 3330
sonneries gratuites pour motorola
motorola sonneries
sonneries lg
sonneries portable gratuites
sonneries gratuites portables
sonneries gratuites pour nokia 3310
sonneries de telephones
compositions de sonneries
sonneries logos gratuits
sonneries telephones
sonneries arabes
sonneries samsung a300
sonneries et logos gratuits
sonneries sms
sonneries par sms
sonneries siemens c45
notes de sonneries
sonneries de portable gratuites
sonneries polyphoniques nokia
sonneries de nokia 3310
logos et sonneries pour nokia
sonneries telephone portable
sonneries gsm gratuites
sonneries de motorola
sonneries gratuites portable
sonneries a composer
sonneries rock
sonneries poliphoniques
sonneries portables nokia
sonneries motorola c330
sonneries siemens c55
sonneries gratuit nokia 3100
sonnerie-de-portable
sonnerie-gratuites
sonnerie-de-telephone
sonnerie-alcatel-511
sonnerie-ericson
sonnerie-a-taper
sonnerie-de-nokia
sonnerie-portable-sagem
sonnerie-pour-siemens
sonnerie-portable-samsung
gratuit-sonnerie
sonnerie-de-portables
motorola-sonnerie
sonnerie-motorola-t191
sonnerie-myx5
sonnerie-a300
sonnerie-partition
sonnerie-fisio
sonnerie-pour-panasonic
sonnerie-myx-5
sonnerie-portable-ericsson
sonnerie-gratuite-motorola
sonnerie-gratuite-sagem
sonnerie-fr
sonnerie-de-portable-nokia
sonnerie-nokia-8210
sonnerie-my-x5
sonnerie-nokia-compositeur
sonnerie-v50
sonnerie-telecharger
composer-sonnerie-motorola
sonnerie-portable-gratuites
sonnerie-portable-sony
wap-sonnerie
logo-sonnerie-com
sonnerie-gratuite-pour-sagem
sonnerie-nokia-5210
sonnerie-par-sms
sonnerie-compositeur-nokia
sonnerie-t191
sonnerie-siemens-c35
sonnerie-alcatel-501
note-de-sonnerie
sonnerie-pour-portables
sonnerie-nokia3310
sonnerie-8310
sonnerie-pour-sagem-myx5
sonnerie-pour-sagem-my-x5
sonnerie-pour-telephone-portable
sonnerie-gratuite-nokia-3310
sonnerie-portable-panasonic
panasonic-sonnerie
sonnerie-gratuite-pour-nokia-3310
sonnerie-motorola-v66
logo-et-sonnerie-de-portable
sonnerie-fisio-825
sonnerie-gratuits
sonnerie-de-nokia-3310
sonnerie-gsm-gratuite
sonnerie-telechargement
sonnerie-gd67
sonnerie-gd87
www-sonnerie-fr
sonnerie-pour-sony-ericsson
sonnerie-et-logo-portable
sagem-myx-5-sonnerie
sonnerie-gratuites-nokia
sonnerie-siemens-s35
sonnerie-ericsson-t28s
sonnerie-gsm-gratuit
sonnerie-sur-alcatel
www-logo-sonnerie-com
telecharger-sonnerie-gratuite
sonnerie-toshiba
code-de-sonnerie
compose-sonnerie
sonnerie-alcatel-302
telechargement-gratuit-de-sonnerie
www-sonnerie-com
sonnerie-motorola-v51
sonnerie-gratuite-pour-samsung
sonnerie-a400
nokia-3410-sonnerie
sonnerie-a-composer-nokia
telecharger-sonnerie-sagem
composer-sonnerie-samsung
sonnerie-alcatel-ot-511
sonnerie-zelda
nokia-sonnerie-gratuite
sonnerie-philips-xenium
sonnerie-gratuite-siemens
logo-sonnerie-mobile
sonnerie-et-logo-pour-nokia
sonnerie-logos-gratuit
sonnerie-portable-telecharger
sonnerie-personnalisee
sonnerie-pour-nokia-3210
telechargement-de-sonnerie-gratuite
philips-sonnerie
composition-de-sonnerie-nokia
sonnerie-ericsson-t20e
sonnerie-pour-nokia-8310
sonnerie-pour-spv
sonnerie-telephones
sonnerie-sagem-myx-3
sonnerie-star-wars
sonnerie-alcatel-a-composer
sonnerie-mtv
matrix-sonneries
samsung-sonneries
composer-sonneries-alcatel
sonneries-telecharger
composition-sonneries-nokia
sonneries-my-x5
sonneries-telephones-portables
compositeur-sonneries-nokia
sonneries-portable-samsung
sonneries-a-composer-nokia
sonneries-matrix
telecharger-sonneries-portable
telechargement-gratuit-de-sonneries
sonneries-portable-siemens
sonneries-pour-telephone-portable
sonneries-alcatel-512
logos-et-sonneries-de-portable
sonneries-polyphoniques-pour-sagem
logos-et-sonneries-pour-portable
sonneries-nokia-compositeur
logos-sonneries-portables
compositions-sonneries
sonneries-et-logos-pour-portable
sonneries-a-composer-nokia
sonneries-logos-portable
sagem-myx5-sonneries
sonneries-portables-sagem
sonneries-telechargeables
sonneries-imode
sonneries-a-composer-pour-alcatel
a300-sonneries
sonneries-siemens-c35
sonneries-v50
telecharger-des-sonneries-gratuitement
sonneries-de-portable-alcatel
sonneries-de-portable-a-composer
sonneries-a800
sonneries-gratuites-3310
sonneries-nokia-5210
sonneries-composables
sonneries-logos-portables
sonneries-portables-siemens
sonneries-pour-ericson
telecharger-sonneries-portables
logos-et-sonneries-nokia
sonneries-t200
sonneries-pour-motorola-v50
sonneries-de-telephones-portables
sonneries-ericsson-t28s
sonneries-et-logos-de-portable
sonneries-pour-samsung-t100
logos-et-sonneries-pour-alcatel
telecharger-gratuitement-des-sonneries
telecharger-sonneries-portables
sagem-my-x5-sonneries
sms-sonneries
sonneries-portables-ericsson
composer-ses-sonneries
partitions-sonneries-portable
sonneries-v66
sonneries-et-logos-portable
partition-sonneries-portable
sonneries-de-portable-gratuit
sonneries-et-logos-pour-sagem
sonneries-fisio-825
sonneries-partition
sonneries-pour-nokia-3210
sonneries-et-logos-nokia
sonneries-telephone-mobile
sonneries-polyphoniques-motorola
sonneries-portable-composer
sonneries-samsung-r210
sonneries-siemens-s35
sonneries-a-telecharger-gratuitement
sonneries-gratuites-pour-siemens
sonneries-portables-gratuits
sonneries-portable-3310
sonneries-polyphoniques-gratuit
sonneries-portable-nokia-3310
sonneries-pour-portables-gratuites
sonneries-a-composer-alcatel
sonneries-a-telecharger
sonneries-composer-alcatel
sonneries-gratuites-mobiles
sonneries-portable-a-composer
sonneries-ericsson-t65
logos-sonneries-com
sonneries-z5
composer-des-sonneries-de-portable
sonneries-nokia-3310-gratuites
sonneries-a-composer-pour-nokia-3310
sonneries-logos-sagem
sonneries-pour-telephones-portables
composition-de-sonneries-de-portable
sonneries-de-telephones-portables
sonneries-gratuites-alcatel-511
telecharger-des-sonneries-de-portable
composer-sonneries-samsung
sonneries-ployphoniques
telecharger-des-sonneries-gratuites
sonneries-logo-gratuit
sonneries-sagem-myx-3
sonneries-mobiles-alcatel
sonneries-3310-gratuites
telecharger-sonneries-nokia
sonneries-de-portables-a-composer
dvd pascher
jeuxvideo pascher
mobile pascher
pda pascher
pc pascher
livre pascher
cdmusique pascher

Posted by: alex at July 26, 2004 04:41 PM | PERMALINK

6599 You can buy viagra from this site :http://www.ed.greatnow.com

Posted by: Viagra at August 7, 2004 05:34 PM | PERMALINK

4311 Why is Texas holdem so darn popular all the sudden?

http://www.texas-holdem.greatnow.com

Posted by: texas holdem online at August 9, 2004 02:55 PM | PERMALINK

3151 get cialis online from this site http://www.cialis.owns1.com

Posted by: cialis at August 10, 2004 08:11 AM | PERMALINK

8374 ok you can play online poker at this address : http://www.play-online-poker.greatnow.com

Posted by: online poker at August 10, 2004 02:08 PM | PERMALINK

6720 Keep it up! Try Viagra once and youll see. http://viagra.levitra-i.com

Posted by: Viagra at August 13, 2004 09:09 PM | PERMALINK

2187 Get your online poker fix at http://www.onlinepoker-dot.com

Posted by: poker at August 15, 2004 05:26 PM | PERMALINK

1449 black jack is hot hot hot! get your blackjack at http://www.blackjack-dot.com

Posted by: play blackjack at August 17, 2004 02:36 AM | PERMALINK

7841 so theres Krankenversicherung and then there is
Krankenversicherung private and dont forget
Krankenversicherung gesetzlich
and then again there is always beer

Posted by: Krankenversicherung private at August 17, 2004 02:30 PM | PERMALINK

456 Its great to experiance the awesome power of debt consolidation so hury and consolidate debt through http://www.debtconsolidation.greatnow.com pronto

Posted by: debt consolidation at August 18, 2004 11:45 PM | PERMALINK

8600

http://www.exoticdvds.co.uk for
Adult DVD And Adult DVDS And Adult videos Thanks and dont forget Check out the diecast model
cars
at http://www.diecastdot.com

Posted by: Adult DVD at August 19, 2004 07:23 PM | PERMALINK

5758 check out the hot blackjack at http://www.blackjack-p.com here you can play blackjack online all you want! So everyone ~SMURKLE~

Posted by: blackjack at August 23, 2004 04:00 PM | PERMALINK

24kt gold casino - 49er casino - 777 dragon casino - 7 sultans casino - 7 sultans poker - 888 casino - aces high casino - all poker casino - arthurian casino - aspinalls casino - aztec riches casino - aztec riches poker - blackjack ballroom casino - black widow casino - cabaret club casino - capital casino - captain cooks casino - caribbean gold casino - caribbean sun poker - carniaval casino - car sands casino - casino king - casino kingdom - casino las vegas - casino onliner - casino tropez - challenge casino - cinema casino - cirrus casino - city club casino - club dice casino - closseum casino - cool cat casino - crazy vegas casino - crazy vegas poker - crystal palace casino - delrio casino - desert dollar casino - diamond casino - empire casino - english habour casino - europa casino - flamingo club casino - fortune lounge casino - fortune room casino - gaming club casino - gaming club casino - gl casino - golden palace casino - golden palace poker - golden reef casino - golden riviera casino - golden riviera poker - golden tiger casino - golden tiger poker - goldate casino - gold key casino - grand aces casino - grand banks casino - grand hotel casino - grand online casino - hampton casino - havana casino - home casino - inter bingo - inter casino - casino casino poker - jackpoty city casino - kiwi casino - lucky emperor casino - lucky nugget casino - lucky nugget poker - mad bingo - magic box casino - magic oasis casino - millionarie casino - music hall casino - new york casino - omni casino - orbital casino - palace of chance casino - party poker - peach casino - planet luck casino - platinum play casino - play and deal casino - portofino casino - prestige casino - race track casino - river belle casino - river belle poker - river nile casino - roxy palace - royal dice casino - royal plaza casino - royal vegas casino - royal vegas poker - rube fortune casino - ruby bingo - scifi casino - showdown casino - sia casino - silver dollar casino - slot fever casino - slot land casino - slots royale casino - spin palace casino - spin palace poker - sports interaction - star luck casino - strike it lucky casino - sun vegas - super slots - swiss casino - the sands casino - usa casino - vegas country casino - vegas joker casino - vegas palms casino - vegas red casino - vegas slot casino - vegas towers casino - vegas villa casino - vip casino - vip sports - virtual city casino - virtual city poker - windows casino - windows casino light - you bingo - yokon gold casino - zodiac casino

Posted by: carnival casino at August 23, 2004 09:59 PM | PERMALINK

5223 Herie http://blaja.web-cialis.com is online for all your black jack needs. We also have your blackjack needs met as well ;-)

Posted by: blackjack at August 25, 2004 10:56 AM | PERMALINK

5006 check out http://texhold.levitra-i.com for texas hold em online action boodrow

Posted by: texas hold em at August 26, 2004 09:50 PM | PERMALINK
Navigation
Contribute to Calpundit



Advertising
Powered by
Movable Type 2.63

Site Meter