Thoughts on Attending Bradley Manning's Computer Crimes Trial
Thoughts on Attending Bradley Manning's Computer Crimes Trial
Bradley Manning's court martial for the Wikileaks leak of military and diplomatic documents is taking place at Fort Meade, only about 30 miles from where I live in Baltimore. The trial is open to the public, and I've attended the trial on two and a half days over the past several weeks, including for the prosecution's closing arguments on Thursday, July 25. I wanted to observe what I think is a historic event in person, and also to show support for Manning, whom I consider a hero.
As a non-lawyer who has been following the trial only intermittently, it can be a very confusing trial. It is full of lawyers making incomprehensible legal motions and questioning of witnesses—here, one has to interpret the subtext in the lines of questioning that initially appear bizarre, in order to understand how they relate to either side's case.
I work as a computer programmer, and one thing that started to become apparent to me is how Manning's case is essentially a computer crimes case. I wasn't really thinking of Manning's whistleblower case in these terms before attending the trial, although in retrospect it's clear.
All the crimes Manning is accused of took place with a computer and over the internet; his charges involve theft of information by copying it, and unauthorized access to computer systems under the Computer Fraud and Abuse Act (CFAA). In this sense, it is very similar to other computer crimes—in demonstrating the infuriating incompetence of our legal institutions to deal with technology in reasonable ways, and how computer crimes law enforcement places increasingly onerous limitations on civil and personal activities for the benefits of large institutions. If you, like me, have an interest in computer crimes and digital civil liberties, you'll recognize many common themes.
Theft of information
For instance, one of the charges against Manning involves a theft of database records, under a section 641 federal larceny statute that covers "stealing, purloining, or knowingly converting" property worth at least $1,000. There are technical legal definitions of all those quoted terms, and how they applied to copying information was a point of contention.
The defense argued that the prosecution had charged Manning with theft of the wrong 'thing', a 'database', rather than database records, copies of records, or the information held within. The prosecution somewhat reasonably argued that theft of a 'database' implies theft of information; they are inherently associated. But the defense made the even more reasonable claim that you can't use the production cost of the database itself (including hardware costs, software development costs, etc.) in calculating the value of the 'property stolen', when that database is still there in the government's possession and always has been, with no interruptions. This is a familiar trope from piracy and other digital 'theft' cases: How can you steal something when the original owner still has possession?
In one sense this seems to be just legal nitpicking—and there were plenty more legal details around the technicalities of this particular law—but legal nitpicking is pretty much what a trial like this is. The facts of what Manning did aren't in significant dispute. What is disputed is how the laws he was charged under may or may not actually apply to those acts. Odd technical wrangling over how laws and legal concepts pre-dating computers apply to acts in the digital era, is pretty typical of computer crimes cases.
Ultimately, just before closing arguments, the judge allowed the prosecution to alter the charge sheet to more accurately specify theft of "portions" of databases, over the defense's objections that altering the charges so late in the trial prevented them from cross-examining witnesses relating to the modified charges and fully defending against the new charges. The judge ruled that copying information in this case counts as stealing or conversion—even though the government's access and use of the originals was never removed or interrupted—because the copying interfered with the government's property rights to exclusive use of the information. The judge did rule that the value of creating and maintaining the overall database could not be used in proving the value of the property taken, and that the prosecution should not bring these aspects up in closing arguments.
The first day I attended the trial, there was much examination and cross-examination of a government digital forensics. The expert was questioned about whether the printed out screenshot of a certain twitter.com/wikileaks/xxxx URL could be assured to be: from Twitter at all; really from the Wikileaks account; really posted by Wikileaks; really the same thing today that it would have been two years ago when Manning may have looked at it. (This seemed to relate to establishing if there was coordination between Manning and Wikileaks, which is relevant for the espionage 'aiding the enemy' charge.)
Which, when you really start thinking about it, is a fundamental digital epistemological question without certain answer. But here, there were different, deeper technical questions that were being discussed in front of a judge and by lawyers who seemed not to understand what a URL was: what Twitter was, how Google worked, or how the internet worked—in circular discussion equal parts Marx Brothers amusing and terribly dull. At least an hour was spent discussing whether searching for something on Google and then clicking on a link was the same as searching directly on Twitter for something—including some incorrect confusion over the difference between retrieving something from the 'Google cache', and clicking on a link in the Google search results. Another half an hour of confusion over the change in Twitter's canonical reference URLs (which used to include a "#" hashmark, but no longer do, although nobody in the courtroom could explain whether that was significant).
I found these exchanges difficult to watch as a technologically experienced observer who likes explaining technology. I wanted to stop the court and explain how URLs and the web work, believing I could do it much better and faster than the government's witness was managing. (Although in this case, the confusion might have been to Manning's benefit.)
Another witness was Jason Allen Milliman, a civilian who worked for a contractor in Iraq as a Windows system administrator, running the computer labs used by a variety of intelligence units across Iraq such as Manning's. The description of the operation of these computer labs would seem familiar to anyone with experience in commonly disorganized, dysfunctional corporate IT: nobody actually knows exactly what the rules or policies of proper use are, and workers routinely have to make potential violations of IT policies just to get their jobs done, or to improve their quality-of-life (with mp3s or games), potential violations that everyone knows about but which are routinely ignored—except when they, unpredictably, aren't. Where many of the policy-makers are not technologically competent, and their technology policies reflect that; and where even some IT staff are just pushing buttons without fundamental understandings of how computers work.
In trying to establish what the policies were in the intelligence unit computer lab and how strictly they were enforced, another round of confusing tech explanation ensued. The question was whether soldiers could (by policy or common practice) install software on their workstations. There was at least an hour of testimony on 'executable files' and 'programs' and 'installable programs' and 'self-executable packages', the differences between them, and whether music and movies fit into any of these categories, and what the differences were between them. At one point, Milliman said that a 'self-executable' file could, by definition, not be 'installed,' so it didn't make sense to talk about whether soldiers could install such things. There was also much discussion of the fundamental differences between running a program from a CD versus from a computer hard drive (I'm pretty sure there aren't any of note, but some witnesses disagreed). Milliman also expressed uncertainty as to whether movies were 'executable files.'
If this is making very little sense to you, it's not because you lack technical background, it's because the discussion made very little sense.
While Milliman insisted that he would have known if soldiers had been routinely installing 'unauthorized' software on their workstations, he also said that "knowing human nature," he would "not be surprised" if soldiers had games he hadn't noticed installed on the network. On the other hand, he said that music mp3s were common on the network, although it was not clear to me from the testimony whether they were actually allowed by policy.
It appears that intelligence unit computer labs in Iraq were not run with substantially more or different security practices than a typical barely-competent corporate IT infrastructure.