Criminal Charges Finally Dropped Against Security Researchers Who Broke Into An Iowa Courthouse

from the all's-well-that-ends-unceremoniously dept

Security research isn't a criminal activity, no matter how many companies might wish otherwise when their bad security practices are exposed. But a couple of researchers working for Coalfire Security found themselves arrested and charged after performing a physical penetration test of an Iowa courthouse. Testing the physical security boundaries of the courthouse didn't go exactly as planned once the local sheriff showed up.

The two employees, Justin Wynn and Gary De Mecurio, showed Dallas County Sheriff Chad Leonard their credentials and the contract supposedly permitting them to perform a B&E but it didn't matter to Sheriff Leonard.

It did matter to Iowa Court officials, who said the test had been authorized... but perhaps not exactly on those terms. And it mattered to their employer, which wrote an angry letter demanding to know why Coalfire's employees were still locked up even after things had been (mostly) cleared up by courthouse officials.

The sheriff refused to budge, claiming it was his sacred duty to protect taxpayer-funded courthouses from out-of-town interlopers (or words to that effect). Coalfire's CEO, Tom McAndrew, was less than enthused with the sheriff's self-assessment. He said Sheriff Leonard was actually hurting taxpayers more than helping them by locking up people trying to increase courthouse security and prevent unauthorized access to sensitive records and documents.

Nearly three months later, prosecutors have finally backed down. Apparently, enough pressure can result in the prosecutorial discretion we hear so much about when prosecutors and politicians claim broadly-worded laws won't result in a bunch of collateral damage.

Originally charged with third-degree felonies, the charges were reduced to misdemeanor trespassing after the story began gaining traction outside of Iowa. Those charges have now been dropped as well.

Dallas County Attorney Charles Sinnard and Coalfire officials released a joint statement Thursday in which they said they agreed to drop the charges when it became clear the Coalfire employees and the responding law enforcement had the community's safety in mind.

"Ultimately, the long-term interests of justice and protection of the public are not best served by continued prosecution of the trespass charges," they wrote in a statement provided by Sinnard. "Those interests are best served by all the parties working together to ensure that there is clear communication on the actions to be taken to secure the sensitive information maintained by the judicial branch, without endangering the life or property of the citizens of Iowa, law enforcement or the persons carrying out the testing."

This is great but it seems like something that could have been cleared up three months ago and without putting felony arrests on the researchers' permanent records. The testing could have been handled a bit better by everyone involved but it's pretty tough to stress-test physical security measures without utilizing methods targets won't necessarily expect to be used. Breaking into courthouses is certainly unexpected. But once judicial reps made it clear the court system had engaged the service to test security, the researchers should have been released by the sheriff and all charges dropped. Instead, this got dragged out for another three months, providing more evidence there's nothing all that secure about a career in security research.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: breaking and entering, chad leonard, charges, courthouse, dallas county, iowa, security, security research
Companies: coalfire security


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 31 Jan 2020 @ 3:11pm

    If nothing else, prosecutors should have given the no-go immediately.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 31 Jan 2020 @ 3:42pm

    Now send the sheriff the bill for the entire time the 2 employees were locked up and dealing with the 3 months or rigamarole.

    link to this | view in chronology ]

    • icon
      Stephen T. Stone (profile), 31 Jan 2020 @ 4:07pm

      Oh, if only they could. But qualified immunity would take care of that.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 31 Jan 2020 @ 6:14pm

        Re:

        Qualified Immunity would probably get the sheriff out of a judificial court case seeking such damages. It doesn't mean Coalfire can't send the bill, and back it up with more pressure in the court of public opinion. They may not succeed, but it's still worth trying.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 1 Feb 2020 @ 12:43am

          Re: Re:

          Coalfire had a contract with the court so the court should get the bill. They can then deal with their own local sheriff for getting the money back.

          link to this | view in chronology ]

      • identicon
        Anonymous Coward, 1 Feb 2020 @ 8:41am

        Re:

        The testers were acting as agents of state so would they also be entitled to Qualified Immunity?

        link to this | view in chronology ]

    • icon
      Bergman (profile), 31 Jan 2020 @ 9:19pm

      Re:

      Depending on how the security test contract was worded, the Sheriff might not be on the hook for three months of extreme overtime, but the court officials that hired Coalfire might be!

      link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    ...ROGSIFIED, 1 Feb 2020 @ 10:30am

    "you might beat the ticket, but you wont beat the ride."

    link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Jane Doughrogs, 1 Feb 2020 @ 10:36am

    Israeli spies, Silicon Valley

    Well, trying to be centrist is appreciated, as long as we talk about the 10000 lb. Golem in the room:

    Israeli spies in Silicon Valley:

    https://techcrunch.com/2015/03/20/from-the-8200-to-silicon-valley/

    link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    SA Child Porn.Distributor, 1 Feb 2020 @ 10:46am

    Joel.Zamel

    Maybe, take a look at the types of people who are distributing child pornography in the name of counter-terrorism....

    *for the children…

    https://en.m.wikipedia.org/wiki/Joel_Zamel

    "an agency specializing in counter-extremism activities and social media operations"

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Feb 2020 @ 12:41pm

    Are we just replying to random articles in any thread now? OK!

    Zoo per bole.

    link to this | view in chronology ]

  • identicon
    I. Dunno, 2 Feb 2020 @ 5:22am

    You are correct, I put that in the wrong thread.

    My bad.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Feb 2020 @ 11:44am

      Re:

      Didn't mean to be insulting, so i am sorry if it came off that way. Just decided to run with it. Obviously, not funny.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 2 Feb 2020 @ 12:18pm

        Re: Re:

        Oh no please feel free to insult that shitty lil racist edgelord.

        link to this | view in chronology ]

      • identicon
        Tweedle Dee, 7 Feb 2020 @ 9:42am

        Re: Re:

        Its ok. Thank you for that.

        I have thick skin, and acknowledge when I am wrong, unlike that paper thinskinned, race baiting AC chatbot troll underneath this comment, who, coincidentally will eat shit if I take a dump...

        Pucker up Tweedle Dum, here it comes
        ({⊙})

        link to this | view in chronology ]

      • identicon
        Tweedle Dee, 7 Feb 2020 @ 10:32am

        Re: Re:

        Pucker up Tweedle Dum, here it comes
        ({⊙})

        link to this | view in chronology ]

  • identicon
    Zoo per bole?, 2 Feb 2020 @ 9:38am

    Look:That doesnt Translate in any knownn language

    Try again, AC?

    AC indicates is a troll spamming Superbowl shit.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Feb 2020 @ 11:41am

      Re:

      It is a reference to the thread on the superbowl article. It is also perfectly fine english. However, it might be hyphenated.

      Thanks, lame excuse for a concern troll.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Feb 2020 @ 2:05am

    The felony arrest warrants will be a badge of honor for those pen testers CVs.

    link to this | view in chronology ]

  • identicon
    Tweedle Dee, 6 Feb 2020 @ 8:52am

    out of our ass

    Um, no, AC dumbass.

    Getting CAUGHT is FAILURE by definition.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.