My question involves criminal law for the state of: Wisconsin
Hey I'm back again. I know a lot more about my case than I did before. It's complicated. I found out I was being set up. Most people counted me out the last time I was here but I am now presenting multiple constitutional challenges against the statute that I think will overwhelm the state to the point where they will have no choice but to dismiss the case and reform their laws while they're at it. I started a petition to get the government to reform their laws themselves
Here's what the Wisconsin law currently says
943.70(2)(a)1 - Whoever willfully, knowingly and without authorization modifies data, computer programs or supporting documentation.
This is a very old law, drafted in 1981 when the first personal computers were being released with MS-DOS. The internet was still over a decade away. They are now attempting to regulate internet social behavior with this law.
What happened was I found an empty social media website that had not been used in months. It had just a few posts on it total. The site looked abandoned and had not even had a terms of use agreement set up yet. The terms of use agreement reads "Enter your terms of use here". A co-worker was causing me and the company we worked for a lot of problems. Reporting people for nothing, getting people fired, spitting at people, giving people evil looks, swearing, not showing up for work, not dressing for work, making up his own projects to work on instead of doing what he was asked, that sort of thing. He was staying employed because he was making legal threats and claiming he would sue for racial discrimination if he were ever terminated.
After dealing with him for 6 months and seeing he was a problem I attempted to talk to him, argue with him, and finally reported him to my HR department after perceiving him as a possible danger to others. After I saw that nothing was working in a brief moment of frustration I made a tiny program, at most 50 lines of code, that made random posts on my own timeline of that social media website. Each post was 20 randomly generated letters. I made 32,681 posts on the website during the middle of the night over the course of 6 hours 13 min and 21 seconds. That's about 1.46 posts a second.
After coming home from work, the next day I think, my internet was not working and when I open my internet browser I got a message saying that they had to disable my internet because some unusual internet activity was detected. It said to fix the problem and press a button afterwards to have the internet restored. It was at this point that I noticed I still had that program running minimized and closed it. Then my internet was back online. I didn't think anything of it after that. I assumed he probably did not even notice.
The guy decided to shut down his server as his way of stopping it. Then he reported it to my ISP and the authorities as a Distributed Denial of Service attack. A Distributed Denial of Service attack implies the use of a botnet which implies the use of hundreds or thousands of hijacked computers. He provided access logs which shows that the posts came from my IP address only. Despite this the police passed this report on to the FBI calling it a Distributed Denial of Service attack. A CPU graph was provided to authorities which shows that the CPU had spiked to 132% while I was doing this. This was used to show probable cause that I was violating this law:
943.70(2)(am) Whoever intentionally causes an interruption in service by submitting a message, or multiple messages, to a computer, computer program, computer system, or computer network that exceeds the processing capacity of the computer, computer program, computer system, or computer network
Because CPU usage "exceeded 100%" the police used that as proof that I exceeded the processing capacity of the server. But along the y-axis of that graph you could see that the percentage goes up to 200%. This is because that the website was being hosted on a virtual cloud service located in another state that chooses to represent their CPU usage graphs with respect to their CPU cores. The site was on a dual core server. The documentation of the hosting service even states that spikes over 100% are normal. After experimenting with the same service myself I found that even when the CPU is at 200% the site is still functional. But the guy claimed that when the CPU is over 100% that people cannot connect to the site. He provided another graph showing a 4 week span of time where the CPU is 0% for the entire month. He used it to show a comparison of normal activity on his server to make it look serious while at the same time he was showing them that the site was dead. But they did not see it. He was pretending that the site was a big company website to make it sound as serious as possible.
I did not know it at the time but he was filing a lawsuit against the company and was attempting to provoke people to get a reaction in order to help his lawsuit case against the company. He was desperate to find out who put the posts on his site for that reason. If he had told the police that I did what I did to an abandoned site that no one cared about, including him, they probably wouldn't have reacted.
After he found out I was having charges pressed against me he deleted his social media website and replaced it with a clothing store website and claimed that the site was always a clothing store in the police report. And that he lost a few hundred dollars in advertisement revenue from the site's downtime. Even though his own access logs show no one except me and search engine bots connecting to the site all night, 0% CPU for a whole month, website value calculators showed no ad revenue potential as well. Very unfortunate that the police were given 67MB of logs from his server and they decided not to really use them to scrutinize the story he was giving them.
This person finally got fired about 3 months later. But then a couple weeks after that I get a pounding on my door saying they were the police and had a search warrant. It was 2 FBI agents and 6 police officers. They seized all my computer equipment and put me in jail for 12 hours before releasing me. The things they took include hundreds of DVD's, hundreds of CD's, many internal hard drives, external hard drives, memory cards, cell phones. The warrant said they were looking for a botnet and evidence that I was part of anonymous or some other hactivist group.
After talking to authorities I managed to convince them that I did not have a botnet and I was just making posts. They pretty much realized that this was nothing at this point. I said that I did not intentionally bring down the site. It's also now known that since he shut down his own server that he was actually the one that interrupted his own service, it wasn't me that did it. They had no basis to charge me with the interruption of service charge because of one of those reasons. But decided to charge me with the unauthorized modification of data instead.
He filed a lawsuit against me for $5,000 stating that I damaged server equipment, clean up costs of the posts, defamation. After finding the service that was used as the social media website I installed the same social media template site on the same service company that he was using. I found that just by deleting the account I created in the admin panel of the social media site would have deleted all the posts I made in about 0.25 seconds. Or he could have just deleted the posts I made from the table. He knows how to do this since we were both software engineers for the same company. He could have blocked my IP with a single command too.
Because my side is too complicated I lost the lawsuit but appealed for a trial with a jury. All he had to say was Denial of Service attacks are illegal and I was arrested for it. Then claimed labor without providing any proof of such labor and the judge ruled in his favor somehow. Based on my research he is currently guilty of obstructing an officer, perjury, and fraud (plenty of state and federal fraud laws to pick from there). But they haven't done anything about him as far as I know.
(Background: Taking Advantage of a Security Flaw on a Website)Quote:
The law does not address anything like whether there was damage, harmful intent, whether the data was important, whether the change was meant to be permanent or temporary, whether the modification is reversible or recoverable. These are the factors that contribute to determining whether modification of data is criminal according to Raymond Nimmer in this book I was reading called "The Law of Computer Technology" Without any established limits on what is considered a violation of this law then in theory anything seen as even slightly improper on anything that can be defined as a computer could be considered against the law.
Thinking of examples of unconstitutional law violations is child's play at this point. An example would be like if someone were playing a video game, paused the game, walked out of the room, while out of the room someone took the controller and resumed playing for a little bit before the person came back. This is technically a violation of the law because the data within the memory of that computer aka game system was modified.
Cheating in a game of electronic monopoly is technically a felony under this law.
Looking at Facebook while at the workplace where the work policy states that use of computers for personal use is unauthorized.
Moving someone's mouse pointer on their computer is technically changing the memory of the computer. The coordinates of the mouse pointer have changed within the computer. The active memory in a computer is considered data by definition in Wisconsin laws.
Sending someone a text or an e-mail without their authorization is technically adding data to the storage space of a computer.
Registering a Facebook account while under 13 years of age, making multiple Facebook accounts, or using a different name on a Facebook account violates Facebook's terms of service. This use can be considered unauthorized and criminal for that reason.
The same law was used to punish an 11 year old in Florida http://portland.indymedia.org/en/2003/02/44628.shtml for changing a couple of his grades on a teacher's laptop that was left open and unlocked leading to a felony charge. Technically a modification of data with intent to defraud.
Or this 8th grader that changed his teacher's wallpaper on his computer resulted in a felony charge http://www.computerworld.com/article...wallpaper.html
Without limitations on the law things like that happen.
One thing that makes the case important is that I'm saying that me placing harmless posts on an empty public website was my way of peacefully expressing myself. Expressing my frustration with a psychopath without being violent. It was also a form of artistic expression by making my posts random so it looks pretty. It's a freedom of expression case.
“Today, we find an urgent need to protect these freedoms on the digital frontiers of the 21st century...And that’s why we believe it’s critical that its users are assured certain basic freedoms. Freedom of expression is first among them. This freedom is no longer defined solely by whether citizens can go into the town square and criticize their government without fear of retribution. Blogs, emails, social networks, and text messages have opened up new forums for exchanging ideas, and created new targets for censorship.” – Hillary Clinton, 2010
"I think that the more freely information flows, the stronger the society becomes, because then citizens of countries around the world can hold their own governments accountable. They can begin to think for themselves. That generates new ideas. It encourages creativity." – President Obama, 2009
The supreme court came very close to ruling social media posts protected free speech in Elonis v. United States (http://www.supremecourt.gov/opinions...3-983_7l48.pdf). A guy posted some rap lyrics on his Facebook page which was interpreted as a threat then sentenced to 44 months in prison for it. The charges were dismissed but not for First Amendment issues.
But in State of Wisconsin vs Thomas G. Smith in 2014 (http://www.scribd.com/doc/283977212/...urt-of-Appeals) it was ruled in my state that social media posts are protected free speech when someone called the cops racist and was arrested and charged for that. His case was dismissed on First Amendment grounds. This is the argument I use to get the law thrown out on First Amendment grounds. He even sued the government afterwards and was awarded a large sum of money for that one.
In Jaynes v. Commonwealth of Virginia (http://caselaw.findlaw.com/va-suprem...t/1078360.html) a known spammer got his case dismissed and their anti-spam law voided on First Amendment grounds. What I have done could have got me charged with the Communication Decency Act. But this law was ruled unconstitutional by the federal government on First Amendment grounds back in 1997. In People v. Marquan M. (http://www.nycourts.gov/ctapps/Decis...4-Decision.pdf) a cyber bully law was ruled unconstitutional on First Amendment grounds.
There are facial and applied challenges of vagueness that I'm making too. For one that state does not define what authorization means or modification of data means. People of ordinary intelligence and law enforcement do not realize how complicated this can get. Florida has the same statute as Wisconsin. Their modification of data law was challenged in 1994 in Newberger v State (http://www.leagle.com/decision/19941...R%20v.%20STATE). They decided not to void the law but ruled that adding data without modifying existing data does not constitute a violation of the statute. (“The state reads section 815.04 too broadly. The record left in the system did not modify the existing data in any way, it merely added additional material.”) A similar case in Davia Campillo GARCIA, Appellant, v. The STATE of Florida (http://caselaw.findlaw.com/fl-distri...l/1045203.html) (“Here, the evidence showed that no existing data was modified. Garcia caused new information to be entered for the first time into the computer system and an identification card was issued. There was no evidence to establish that anyone modified data which already existed in the computer system.”). What I did was add data without modifying existing data too. My case would get dismissed with this logic.
The fact that I turned off the program the moment I saw a possible effort was being made to stop me is important according to the CRAIGSLIST INC., Plaintiff, v. 3TAPS INC case (https://casetext.com/case/craigslist-inc-v-3taps-inc) which ruled that access on a public website is authorized until an effort is made to rescind that authorization by placing a technological barrier or sending a cease and desist letter. Even that ruling was considered controversial since an IP ban is not much of a barrier since people's IP's can change all the time. But if we applied that standard to this case then I did not cross that line that would have made this a crime. "Prosecuting Computer Crimes" (http://www.justice.gov/sites/default...4/ccmanual.pdf ) discusses what authorization means on pages 5-12. They come to the same conclusion about public access rights being authorized until an effort is made to rescind the authorization.
Wisconsin’s computer crime laws make no mention of exceeding authorized use, just unauthorized use. However the federal government and many other states do make a distinction between these two types of accesses. States around the country have had criminal cases of exceeding authorized use in states that have no mention of exceeding authorized use in their statutes which have had their cases dismissed on this very point. GALLAGHER v. STATE (https://casetext.com/case/gallagher-v-state-14) (“Moreover, appellant points to the legislative history of the federal statute, where the United States Congress specifically expressed that an employee's exceeding authorized access, while technically wrong, does not warrant criminal sanctions because administrative sanctions are more appropriate.”) Briggs v. State (http://caselaw.findlaw.com/md-court-...s/1208933.html) (“Briggs distinguishes operating a computer system without authorization from exceeding authorized access by using the computer in an improper manner... Briggs's access was not unauthorized under Article 27, § 146, the unauthorized access to computers statute. If the law is to be broadened to include Briggs's conduct, it should be modified by the Legislature, not by this Court.”)
https://www.washingtonpost.com/news/...te-a-deep-dive talks about different main types of authorization. there are 3 types of liability for unauthorized access: code-based, contract-based, and norms-based. The code-based and contract-based versions I'm alright on. I did not bypass any security or violate any terms of use agreement. They would have no choice but to argue that what I did was unauthorized because it was socially unacceptable.
The Wisconsin vs Thomas G. Smith was an example of socially unacceptable behavior that was dismissed. United States v. Drew (http://www.scribd.com/doc/61217247/U...ew-aug-29-2009) was another example of a social norm violation which was a cyber bully case that led to girl named Megan committing suicide. The judge ruled that it would be unconstitutional to rule an action as unauthorized because of a violation of myspace terms of use agreement. In United States v. Nosal a group of employees used confidential company information to start a competing business. They were convicted at first but won on appeal. It was ruled that violating company policy does not constitute a violation of unauthorized access in computer crime laws. The social norm version of authorization is too murky and dangerous to set a standard on.
What I did was virtually identical to what happened in this Texas case Fidel Salinas v United States (http://www.wired.com/2014/11/from-44...o-misdemeanor/). Placing junk data on a public website. His charges were dismissed as well.
This law I'm challenging was challenged once before in 1994 in State v. Corcoran (http://law.justia.com/cases/wisconsi...2671-cr-5.html). He wrote a trojan in his program that deleted some files when he saw he was not going to get paid by an employer. This happened back in 1987 before there was a public internet. They used this definitions of authorization in that case:
The first was "defendant acted without the permission of the person responsible for the computer data or programs." WIS J ICRIMINAL 150 and second was THE RANDOM HOUSE DICTIONARY OF THE ENGLISH LANGUAGE 139 (2d ed. unabr. 1987), where one of the definitions for "authorization" is the "permission or power granted by an authority.". They then rejected his challenge because being the author of a computer program does not make him the authority of the service the program was providing. According to http://learnersdictionary.com/definition/permission the definition of permission is "the right or ability to do something that is given by someone who has the power to decide if it will be allowed or permitted”. Technically since this guy gave the whole world permission to make accounts and posts on this site then I was authorized then.
Other definitions of authorization could exist that would not make what I did authorized. Traditionally there's something called the rule of Lenity where a court is supposed to rule in my favor when there is ambiguous language.
But I no longer have a lawyer. My previous lawyer was not tech savvy enough to understand what I was saying and mostly dismissive when I tried to bring these arguments up. The facts are too much on my side anyway plus it's still only a misdemeanor.
There's something called the equal protection act which says that people are supposed to be treated equally under the law. But from what my previous lawyer told me, he thinks they decided to charge me probably because of some expunged record in my distant past. Because the law is being used the way it is in a desperate attempt to punish me because there's something about me they don't like is unconstitutional. The laws as they are written currently give the government too much discretionary power. My county has a 100% conviction rate of computer crime charges. They're pretty biased against anyone seen charged with a computer crime it looks like. That's weird that they want to go after hackers so bad now but don't want to reform their computer laws so that people can actually have a fair shot at following the law.
Currently I think the case has violated my 1st, 4th, 5th, 6th, 8th, 9th, and 14th amendment rights. It should be pretty obvious that the law needs to go now. If people want to sign that petition and then maybe the state can fix their neglected laws instead of me having to fight some misdemeanor charge for the next 7 years with my luck :).
Computer Crime Charges
Printable View
-
03-16-2016, 12:52 AMJack2015Computer Crime Charges
-
03-16-2016, 01:03 AMTaxing MattersRe: Presenting Multiple Constitutional Challenges to Wisconsin Computer Crime Laws
You really didn't ask a question. All you really did was invite people to sign your petition to change the law, which you could have done with a much shorter post and made the same point, I think. Even if the state legislature changed the law it would not necessarily help you in your present criminal problem. I see problems with the arguments you are trying to make. You’d fare a lot better having an attorney aid you in your defense here.
-
03-16-2016, 01:11 AMJack2015Hey
k forget it then :P I'm not taking my chances with this site for a 4th time.
Hey I tried to edit my post and erased all that but you changed it back. That's alteration of data with intent to injure. Illegal in my state. Maybe I could report you and you can fight with the government too over this. :cool: -
03-16-2016, 07:14 AMPringleRe: HeyOr, you could put more energy into finding an attorney that will represent you.Quote:
Quoting Jack2015
-
03-16-2016, 08:31 AMMr. KnowitallRe: HeyNo, it isn't. Good lord, you are clueless.Quote:
Quoting Jack2015
-
03-16-2016, 09:00 AMJack2015Re: Hey
Well you changed my post back to send me a message that was intended to annoy or abuse me right.
947.0125 Unlawful use of computerized communication systems
Or you altered my data with intent to injure me 943.392 Fraudulent data alteration -
03-16-2016, 09:06 AMMr. KnowitallRe: Hey
You need to see a psychiatrist.
-
03-16-2016, 09:21 AMPringleRe: Hey
And also read the TOS you agreed to when you created your account and posted this drivel.
-
03-16-2016, 09:25 AMJack2015Re: HeyTOS agreement can't technically give you the right to break the law with impunity though. If you had something illegal in the TOS that does not justify or legalize llegal activity on this site.Quote:
Quoting Pringle
-
03-16-2016, 09:34 AMfree9manRe: HeyGiven that there has been no illegal activity, it's not really relevant.Quote:
Quoting Jack2015
Neither of the laws you posted has anything to do with the mods here modifying your posts, which you agreed to when you signed up and posted.
P.S. Taking your chances on the site for the 4th time? Didn't learn anything the first 3 did ya?