Security Researcher At The Center Of Emoji-Gate Heading Home After Feds Drop Five Felony Charges
from the good-news-for-one-of-the-actual-good-guys dept
The security researcher who was at the center of an audacious and disturbing government demand to unmask several Twitter accounts on the basis of an apparently menacing smiley emoji contained in one of them is now facing zero prison time for his supposed harassment of an FBI agent. Justin Shafer, who was originally facing five felony charges, has agreed to plead guilty to a single misdemeanor charge. Shafer, who spent eight months in jail for blogging about the FBI raiding his residence repeatedly, is finally going home.
Here are the details of plea agreement [PDF] Shafer has agreed to. (h/t DissentDoe]
Mr. Shafer is pleading to a single misdemeanor of simple assault, based on his sending a Facebook direct message to an FBI Agent’s immediate relative's public Facebook account. There is no allegation of any physical contact.
The government agrees to recommend a sentence of time served. Mr. Shafer already served 8 months in jail before trial for criticizing the government's prosecution in a blog post. He was released after the defense filed a motion arguing his pre-trial detention violated First Amendment free speech rights and the statute governing pre-trial detention.
The government is not seeking for any restitution.
The United States Attorney's Office has agreed not to prosecute Mr. Shafer for the events leading to the initial armed FBI raid of his family’s home.
Mr. Shafer has agreed to a no contact order with the FBI agent, the agent’s family, and the company involved in the initial investigation.
What started out as normal security research soon became a nightmare for Shafer. His uncovering of poor security practices in the dental industry -- particularly the lack of attention paid to keeping HIPAA information secured -- led to his house being raided by FBI agents. The FBI raided his house again after he blogged about the first raid. The FBI justified its harassment of Shafer with vague theories about his connection to infamous black hat hacker TheDarkOverlord. To do this, the FBI had to gloss over -- if not outright omit -- the warnings Shafer had sent to victims of TheDarkOverlord, as well as the information on the hacker Shafer had sent to law enforcement agencies including the FBI.
Blogging about his interactions with the FBI led to the judge presiding over his criminal trial to revoke his release and jail him for exercising his First Amendment rights. This was ultimately reversed by a federal judge who agreed Shafer was allowed to call FBI agents "stupid" and blog about his treatment by the federal agency. (He was not to reveal personal info about FBI agents, however.)
This trial has come to a swift end because the presiding judge sees zero merit in the government's case.
[T]he case probably would have gone to trial had it not been for Judge Janis Graham Jack letting the prosecution know that she saw no evidence of any threat to support the felony charges and that she might rule on the defense’s motion to dismiss if the prosecution didn’t come up with some reasonable plea deal.
This case comes to an end, but it does not absolve the government of its abusive behavior. Here's what Shafer's defense team (Tor Ekeland, Fred Jennings, and Jay Cohen) had to say about their client's treatment by federal law enforcement.
Mr. Shafer first contacted us after he [was] raided by armed federal law enforcement for alleged computer crimes the government has never charged him for. When he complained to the government about it, he was arrested and thrown in jail for his criticism. He was freed after the defense filed a motion arguing his pre-trial detention violated the First Amendment. Fortunately, when presented with the facts of this case, the Court understood the magnitude of the issues here and helped us resolve this case without the hassle, expense, and stress of a jury trial. We are grateful to the Northern District of Texas for recognizing this case for what it was: an attack on internet free speech and a citizen’s right to criticize the government.
And what can we learn from this debacle? Here's what Shafer has learned: never help anybody.
I think the next time someone finds social security numbers that is considered protected health information under HIPAA they should just turn a blind eye. Nobody is going to call you a hero (except the enlightened), and you run the risk of being harassed by the FBI. Doctors responsible for alerting patients will now have yet another reason not to. Already, only about 10% of doctors notified patients that their patient information was publicly available. Law enforcement or the Office of Civil Rights won’t care, and will most likely ignore it. Punishing health information researchers for reporting these issues only puts patients at greater risk. I think it would benefit society greatly if people who find publicly accessible data were not threatened by the people who put it there.
Thank god the FBI was there to help ensure public safety no one publicly badmouthed one of its agents. Shooting the messenger is the expected response when security breaches are discovered. If it's not those leaving personal info exposed threatening researchers with lawsuits or criminal charges, it's the government itself stepping in to "protect" entities that can't even protect the data of paying customers.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: disclosure, fbi, hacking, justin shafer, security, security research
Reader Comments
Subscribe: RSS
View by: Time | Thread
The keyboard is mightier than the sword ?
How many kids in FL might have been saved?
[ link to this | view in chronology ]
Re: The keyboard is mightier than the sword ?
Need to create a new LEO agency whose sole purpose is to investigate the FBI for abuse of power and get away with criminal harassment of this type free from justice. If this happened in this case, how many other cases have hostile agents railroaded innocent people? Investigate top to bottom. Terminate and cage the agents who have run wild in recent decades.
Parse out the remaining agents who served honorably to other LEO agencies. Publicly reward them with promotion and recognition for the higher standard they held themselves to in a job well done. Then simply close shop and disband the FBI to end a dark chapter of American government.
This has gone on too long.
[ link to this | view in chronology ]
Justice still has not prevailed here.
How much time will be spent in prison by those who raided his home on trumped-up allegations that were so incredibly weak that the judge had to warn prosecutors not to pursue them?
Is the previous judge who violated Shafer's first amendment rights still on the bench?
Is the prosecutor whose prosecutorial descretion led him or her to take this case to court still employed? Sanctioned by the bar?
Yeah, pretty much what I thought. So, what incentive do any of those wrong-doers have for not doing this again?
[ link to this | view in chronology ]
Re: Justice still has not prevailed here.
[ link to this | view in chronology ]
Re: Re: Justice still has not prevailed here.
There seems to be some magical inverse correlation with how humans name things.
Call it the Justice System and it will soon become an engine of injustice.
Call it a bank, and it will soon become a tax.
Call it a service, and it will soon become your master!
[ link to this | view in chronology ]
Re: Re: Re: Justice still has not prevailed here.
It's not the fall that kills you, it is the rapid deceleration.
Double speak - lying with a straight face.
[ link to this | view in chronology ]
Re: Justice still has not prevailed here.
[ link to this | view in chronology ]
Different Standard
My bar for "good news" appears to be set at a very different height than yours. The simple fact that the feds didn't rape him harder than they already had does not meet my "good" standard.
[ link to this | view in chronology ]
Re: Different Standard
[ link to this | view in chronology ]
Boycott Patterson Dental
“Security Researcher At The Center Of Emoji-Gate Heading Home After Feds Drop Five Felony Charges - from the good-news-for-one-of-the-actual-good-guys dept.” By Tim Cushing for Techdirt, March 23, 2018.
https://www.techdirt.com/articles/20180322/18004339483/security-researcher-center-emoji-gate-he ading-home-after-feds-drop-five-felony-charges.shtml
As part of the plea agreement, Justin Shafer is forbidden to reveal the name of the dental software vendor who chose to turn Shafer in to the FBI for "hacking" rather than risk a HIPAA violation by admitting they carelessly left patients' identities on an anonymous FTP server – allowing access to ANYONE. Justin simply did the right thing. He reported the breach, and then spent 8 months in jail for it.
Nevertheless, I'm not forbidden to tell you that PATTERSON DENTAL COMPANY – a vindictive, sleazy corporation - tried to ruin Justin's life to hide their carelessness with Americans' privacy.
Most importantly, why did the US Department of Justice choose to protect PATTERSON DENTAL COMPANY at the expense of Shafer’s liberty?
Don’t do business with PATTERSON DENTAL COMPANY, Doc. They are assholes.
Darrell Pruitt DDS
CC: spamgroup
[ link to this | view in chronology ]
Re: Boycott Patterson Dental
[ link to this | view in chronology ]
Re: Re: Boycott Patterson Dental
We may never really know.
[ link to this | view in chronology ]
Re: Boycott Patterson Dental
[ link to this | view in chronology ]
Assault by smiley emoji
Presumably (guessing here) this is a plea to simple assault under 18 USC § 115. That section is captioned, “Influencing, impeding, or retaliating against a Federal official by threatening or injuring a family member”.
[ link to this | view in chronology ]
[The judge] saw no evidence of any threat to support the felony charges and that she might rule on the defense’s motion to dismiss if the prosecution didn’t come up with some reasonable plea deal.
In other words: the judge saw that the government had no case and instead of doing her job and dismissing the case/compensating the defendant for clear constitutional violations, maneuvered said defendant into accepting a plea deal.
Got to protect that government bureaucracy.
[ link to this | view in chronology ]
Deeply wrong here
[ link to this | view in chronology ]
Re: Deeply wrong here
[ link to this | view in chronology ]
Re: Re: Deeply wrong here
[ link to this | view in chronology ]
Emoji-gate?
I want this to be known as the menacing emoji affair.
☺️
[ link to this | view in chronology ]
The smiley emoji assault
From pp.3-4 of the defense press release—
No. It's only a federal misdemeanor. Simple assault.
The smiley emoji assault.
[ link to this | view in chronology ]
Re: Emoji-gate?
[ link to this | view in chronology ]
gate emoji
There's not even an emoji for a toll gateway or a logic gate, dangit!
[ link to this | view in chronology ]
Re: gate emoji
[ link to this | view in chronology ]
Thanks guys, really
I think the next time someone finds social security numbers that is considered protected health information under HIPAA they should just turn a blind eye. Nobody is going to call you a hero (except the enlightened), and you run the risk of being harassed by the FBI.
Between trying to cripple encryption, and now sending a crystal clear message that if you see something say nothing, the FBI is really working overtime to ensure the security of the american public.
As the slightly modified saying goes, 'With government agencies like these, who needs enemies?'
[ link to this | view in chronology ]
Re: Thanks guys, really
FBI should have been disbanded after Hoover died in '72. Everything since then is just his ghost working overtime.
[ link to this | view in chronology ]
Reporting Security Issues
Tech news sites like Techdirt and Ars Technica can report on the site, maybe once a week in the darkweb security report or whatever. Even if a company doesn't see it directly they will eventually hear it through the grapevine.
Companies and users would be able to address the information with less risk to the researcher.
[ link to this | view in chronology ]
FBI vs the public good
[ link to this | view in chronology ]
The FBI doesn't give a shit when it is violated.
The other parts of the government won't enforce it, because its not terrorism related & thats the only way to get budget money.
The best part of all is they got a no contact order to protect the company that most likely still hasn't secured their shit. I'm sure they will leverage that to make him never mention them again, even if he see's the CEO murder a puppy.
Can't begin to understand why the eternally clueless FBI can't seem to grasp they declared techies public enemies & won't beat a path to their door to assist them when the thank you is getting your house raided over & over then charged... while the company that CLEARLY violated the law faces no penalties & got to use the FBI to send the message don't look at them.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Or at least that is the way it seems.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
'Maybe seeing you the next person will keep his/her mouth shut.'
Oh no, stupidity would have been preferable, this was out and out vindictive maliciousness. 'You dared question us, dared stand up to us, so we're bringing the hammer down to make an example out of you.'
[ link to this | view in chronology ]