It’s been an unusually exciting month in the legal tech world. Several lawyers have been charged with (and cleared of) upsetting electronic crimes. An Am Law 100 firm got sued for allegedly screwing up e-discovery. I haven’t even had the time or need to write the same vague jibber-jabber about Google+ that everyone else on the Internet has already written.
This week, we’ve got more high-profile tech arrests, involving the members of an international hacker club who happen to be supporters of everyone’s favorite Australian albino.
For deets on the legal consequences of crashing PayPal’s website, read on….
On Tuesday, the FBI arrested 16 members of Anonymous, an international hackers’ group, for their roles in a cyber-attack against PayPal. Anonymous claimed responsibility for a 2010 distributed denial of service attack on the site, code named “Operation Avenge Assange.” Assange collected WikiLeaks donations through PayPal, which had locked him out of his account. If convicted, the alleged hackers would face up to 10 years in prison.
From a well-written New York Times piece about the arrests:
The PayPal attack came in response to the release by WikiLeaks last November of thousands of classified State Department cables. Members of Anonymous, a clique of worldwide hackers with a vague and ever-changing menu of grievances, have claimed responsibility for a number of attacks on government and corporate Web sites over the last eight months.
The criminal case is one of the first of its kind against a group like Anonymous, which blurs the line between large-scale mischief and real malice. For example, LulzSec, an offshoot of Anonymous, made a stink Tuesday when it hacked into servers at The Sun, a News Corp. newspaper, and posted a fake story about Ruport Murdoch committing suicide. Scotland Yard arrested an alleged LulzSec member this week as well.
The Times story highlights a few legal questions that prosecutors will have to answer in order to convict the alleged hackers:
The prosecution is expected to face at least two major challenges, said Jennifer Granick, a San Francisco-based lawyer who specializes in computer crimes and has defended hackers in the past. Because hackers often use aliases and other people’s computers when they carry out attacks, prosecutors will have to prove that those arrested “were the ones with their fingers on the keyboard,” she said.
Second, the conspiracy charge could be especially difficult to prove, given that Anonymous boasts of being leaderless and free-floating. “When you have a decentralized group,” Ms. Granick said, “the question is, Are there big fish, and are any of these people big fish?”
The obvious irony is that now the alleged members of the “loose, secretive federation of hackers” have their names plastered all over at least one news story. Anonymous indeed.
From a corporate perspective, Anonymous and LulzSec exist mostly to give in-house counsel chronic migraines:
Cyberattacks are made possible by a combination of two features of the Internet economy. Poor security at many companies and agencies makes sensitive government and private data vulnerable to breaches. And mounting an attack is inexpensive and, with the right skills, relatively simple.
This seems to be just the beginning of a larger crackdown — and European authorities have already started stepping it up. All these hackers will have to lawyer up sooner or later. I’d say it’s about time for all you unemployed attorney folk to catch up on Internet case law.
Christopher Danzig is a writer in Oakland, California. He previously covered legal technology for InsideCounsel magazine. Follow Chris on Twitter @chrisdanzig or email him at [email protected]. You can read more of his work at chrisdanzig.com.