Security Researcher At The Center Of Emoji-Gate Heading Home After Feds Drop Five Felony Charges
from the good-news-for-one-of-the-actual-good-guys dept
The security researcher who was at the center of an audacious and disturbing government demand to unmask several Twitter accounts on the basis of an apparently menacing smiley emoji contained in one of them is now facing zero prison time for his supposed harassment of an FBI agent. Justin Shafer, who was originally facing five felony charges, has agreed to plead guilty to a single misdemeanor charge. Shafer, who spent eight months in jail for blogging about the FBI raiding his residence repeatedly, is finally going home.
Here are the details of plea agreement [PDF] Shafer has agreed to. (h/t DissentDoe]
Mr. Shafer is pleading to a single misdemeanor of simple assault, based on his sending a Facebook direct message to an FBI Agent’s immediate relative’s public Facebook account. There is no allegation of any physical contact.
The government agrees to recommend a sentence of time served. Mr. Shafer already served 8 months in jail before trial for criticizing the government’s prosecution in a blog post. He was released after the defense filed a motion arguing his pre-trial detention violated First Amendment free speech rights and the statute governing pre-trial detention.
The government is not seeking for any restitution.
The United States Attorney’s Office has agreed not to prosecute Mr. Shafer for the events leading to the initial armed FBI raid of his family’s home.
Mr. Shafer has agreed to a no contact order with the FBI agent, the agent’s family, and the company involved in the initial investigation.
What started out as normal security research soon became a nightmare for Shafer. His uncovering of poor security practices in the dental industry — particularly the lack of attention paid to keeping HIPAA information secured — led to his house being raided by FBI agents. The FBI raided his house again after he blogged about the first raid. The FBI justified its harassment of Shafer with vague theories about his connection to infamous black hat hacker TheDarkOverlord. To do this, the FBI had to gloss over — if not outright omit — the warnings Shafer had sent to victims of TheDarkOverlord, as well as the information on the hacker Shafer had sent to law enforcement agencies including the FBI.
Blogging about his interactions with the FBI led to the judge presiding over his criminal trial to revoke his release and jail him for exercising his First Amendment rights. This was ultimately reversed by a federal judge who agreed Shafer was allowed to call FBI agents “stupid” and blog about his treatment by the federal agency. (He was not to reveal personal info about FBI agents, however.)
This trial has come to a swift end because the presiding judge sees zero merit in the government’s case.
[T]he case probably would have gone to trial had it not been for Judge Janis Graham Jack letting the prosecution know that she saw no evidence of any threat to support the felony charges and that she might rule on the defense’s motion to dismiss if the prosecution didn’t come up with some reasonable plea deal.
This case comes to an end, but it does not absolve the government of its abusive behavior. Here’s what Shafer’s defense team (Tor Ekeland, Fred Jennings, and Jay Cohen) had to say about their client’s treatment by federal law enforcement.
Mr. Shafer first contacted us after he [was] raided by armed federal law enforcement for alleged computer crimes the government has never charged him for. When he complained to the government about it, he was arrested and thrown in jail for his criticism. He was freed after the defense filed a motion arguing his pre-trial detention violated the First Amendment. Fortunately, when presented with the facts of this case, the Court understood the magnitude of the issues here and helped us resolve this case without the hassle, expense, and stress of a jury trial. We are grateful to the Northern District of Texas for recognizing this case for what it was: an attack on internet free speech and a citizen’s right to criticize the government.
And what can we learn from this debacle? Here’s what Shafer has learned: never help anybody.
I think the next time someone finds social security numbers that is considered protected health information under HIPAA they should just turn a blind eye. Nobody is going to call you a hero (except the enlightened), and you run the risk of being harassed by the FBI. Doctors responsible for alerting patients will now have yet another reason not to. Already, only about 10% of doctors notified patients that their patient information was publicly available. Law enforcement or the Office of Civil Rights won’t care, and will most likely ignore it. Punishing health information researchers for reporting these issues only puts patients at greater risk. I think it would benefit society greatly if people who find publicly accessible data were not threatened by the people who put it there.
Thank god the FBI was there to help ensure public safety no one publicly badmouthed one of its agents. Shooting the messenger is the expected response when security breaches are discovered. If it’s not those leaving personal info exposed threatening researchers with lawsuits or criminal charges, it’s the government itself stepping in to “protect” entities that can’t even protect the data of paying customers.
Filed Under: disclosure, fbi, hacking, justin shafer, security, security research
Comments on “Security Researcher At The Center Of Emoji-Gate Heading Home After Feds Drop Five Felony Charges”
The keyboard is mightier than the sword ?
Gee, wouldn’t most people assume that the FBI had more important things to do — oh, I don’t know, perhaps following up on real threats that have already been reported to the FBI?
How many kids in FL might have been saved?
Re: The keyboard is mightier than the sword ?
Too true. And unacceptable.
Need to create a new LEO agency whose sole purpose is to investigate the FBI for abuse of power and get away with criminal harassment of this type free from justice. If this happened in this case, how many other cases have hostile agents railroaded innocent people? Investigate top to bottom. Terminate and cage the agents who have run wild in recent decades.
Parse out the remaining agents who served honorably to other LEO agencies. Publicly reward them with promotion and recognition for the higher standard they held themselves to in a job well done. Then simply close shop and disband the FBI to end a dark chapter of American government.
This has gone on too long.
Justice still has not prevailed here.
How much time will be spent in prison by those who raided his home on trumped-up allegations that were so incredibly weak that the judge had to warn prosecutors not to pursue them?
Is the previous judge who violated Shafer’s first amendment rights still on the bench?
Is the prosecutor whose prosecutorial descretion led him or her to take this case to court still employed? Sanctioned by the bar?
Yeah, pretty much what I thought. So, what incentive do any of those wrong-doers have for not doing this again?
Re: Justice still has not prevailed here.
Sometimes some of the assholes might be punished, I mean with a slap on their wrist and of course years after they have committed the crime. Maybe that’s why you’re wondering why they aren’t punished yet. But that hope is futile, because it’s all assholes down there. You might stamp out one assholes or another and all you’ve achieved is absolutely nothing
Re: Re: Justice still has not prevailed here.
Justice is NOT the goal of the Justice System.
There seems to be some magical inverse correlation with how humans name things.
Call it the Justice System and it will soon become an engine of injustice.
Call it a bank, and it will soon become a tax.
Call it a service, and it will soon become your master!
Re: Re: Re: Justice still has not prevailed here.
They renamed the war department the defense department.
It’s not the fall that kills you, it is the rapid deceleration.
Double speak – lying with a straight face.
Re: Justice still has not prevailed here.
The system protects its cogs.
Different Standard
“good-news-for-one-of-the-actual-good-guys”
My bar for “good news” appears to be set at a very different height than yours. The simple fact that the feds didn’t rape him harder than they already had does not meet my “good” standard.
Re: Different Standard
No kidding. Eight months in prison is insane given what happened. I used to have the utmost respect for those in law enforcement and have always been a law abiding citizen to the best of my ability, but after a few fairly negative run ins with them (like nearly being shot by one just because she was having a bad day), I now rarely leave the house unless I absolutely have to and I never ever get involved, even when I could be of assistance. It’s just too dangerous, as this story aptly shows.
Boycott Patterson Dental
Don’t do business with Patterson Dental, Doc
“Security Researcher At The Center Of Emoji-Gate Heading Home After Feds Drop Five Felony Charges – from the good-news-for-one-of-the-actual-good-guys dept.” By Tim Cushing for Techdirt, March 23, 2018.
https://www.techdirt.com/articles/20180322/18004339483/security-researcher-center-emoji-gate-heading-home-after-feds-drop-five-felony-charges.shtml
As part of the plea agreement, Justin Shafer is forbidden to reveal the name of the dental software vendor who chose to turn Shafer in to the FBI for “hacking” rather than risk a HIPAA violation by admitting they carelessly left patients’ identities on an anonymous FTP server – allowing access to ANYONE. Justin simply did the right thing. He reported the breach, and then spent 8 months in jail for it.
Nevertheless, I’m not forbidden to tell you that PATTERSON DENTAL COMPANY – a vindictive, sleazy corporation – tried to ruin Justin’s life to hide their carelessness with Americans’ privacy.
Most importantly, why did the US Department of Justice choose to protect PATTERSON DENTAL COMPANY at the expense of Shafer’s liberty?
Don’t do business with PATTERSON DENTAL COMPANY, Doc. They are assholes.
Darrell Pruitt DDS
CC: spamgroup
Re: Boycott Patterson Dental
My guess is that someone who works for the FBI has a spouse working at Patterson Dental and the rights violations just write themselves from there.
Re: Re: Boycott Patterson Dental
Spouse, child, aunt, uncle, nephew, prostitute…
We may never really know.
Re: Boycott Patterson Dental
I kind of admire the brazen cheek of Patterson Dental Company’s management. In sensible parts of the world, what they did would be regarded as a serious data breach, punishable by substantial fines and/or prison sentences.
Assault by smiley emoji
Presumably (guessing here) this is a plea to simple assault under 18 USC § 115. That section is captioned, “Influencing, impeding, or retaliating against a Federal official by threatening or injuring a family member”.
[The judge] saw no evidence of any threat to support the felony charges and that she might rule on the defense’s motion to dismiss if the prosecution didn’t come up with some reasonable plea deal.
In other words: the judge saw that the government had no case and instead of doing her job and dismissing the case/compensating the defendant for clear constitutional violations, maneuvered said defendant into accepting a plea deal.
Got to protect that government bureaucracy.
Deeply wrong here
There is something deeply wrong with due process if defendants serve their entire sentence pretrial. Especially in this case where the plea-bargin was a face saving/lawsuit undermining measure.
Re: Deeply wrong here
Trials aren’t needed anymore. The investigation is the punishment.
Re: Re: Deeply wrong here
You can beat the rap, but you can’t beat the ride.
Emoji-gate?
I want this to be known as the menacing emoji affair.
☺️
Re: The smiley emoji assault
From pp.3-4 of the defense press release—
No. It’s only a federal misdemeanor. Simple assault.
The smiley emoji assault.
Re: Emoji-gate?
Is there an emoji for that?
Re: Re: gate emoji
There’s not even an emoji for a toll gateway or a logic gate, dangit!
Re: Re: Re: gate emoji
I eagerly await the first illegal emoji, wonder what it will be – a dick?
Thanks guys, really
I think the next time someone finds social security numbers that is considered protected health information under HIPAA they should just turn a blind eye. Nobody is going to call you a hero (except the enlightened), and you run the risk of being harassed by the FBI.
Between trying to cripple encryption, and now sending a crystal clear message that if you see something say nothing, the FBI is really working overtime to ensure the security of the american public.
As the slightly modified saying goes, ‘With government agencies like these, who needs enemies?’
Re: Thanks guys, really
FBI should have been disbanded after Hoover died in ’72. Everything since then is just his ghost working overtime.
Reporting Security Issues
Rather than reporting problems to the source, security researchers should just publicly release the data on a darkweb security blog.
Tech news sites like Techdirt and Ars Technica can report on the site, maybe once a week in the darkweb security report or whatever. Even if a company doesn’t see it directly they will eventually hear it through the grapevine.
Companies and users would be able to address the information with less risk to the researcher.
FBI vs the public good
Remember kiddies, law enforcement is not there to serve the public good. The public is there to serve law enforcement (or be served to it, as the case may be).
So HIPPA is worthless.
The FBI doesn’t give a shit when it is violated.
The other parts of the government won’t enforce it, because its not terrorism related & thats the only way to get budget money.
The best part of all is they got a no contact order to protect the company that most likely still hasn’t secured their shit. I’m sure they will leverage that to make him never mention them again, even if he see’s the CEO murder a puppy.
Can’t begin to understand why the eternally clueless FBI can’t seem to grasp they declared techies public enemies & won’t beat a path to their door to assist them when the thank you is getting your house raided over & over then charged… while the company that CLEARLY violated the law faces no penalties & got to use the FBI to send the message don’t look at them.
It takes a good guy with an emoji to stop a bad guy with an emoji
Where does the FBI recruit people who are willing and able to stand in court and spout the type of rubbish required to mount a case like this. I mean dont these agents have even the smallest amount of professionalism or intelligence. To often you see Americans supporting their law enforcement services like they are paragons of virtue when even the most cursory of glances shows they are groupings of people too fucking stupid to get a real job.
Re: Re:
It’s not just LEO, government offices/employees were started to give the “special” people a place to “work” and feel like they are contributing to society.
Or at least that is the way it seems.
Federal Bureau of Imbeciles. What a bunch of morons in that worthless, corrupt agency.
Re: 'Maybe seeing you the next person will keep his/her mouth shut.'
Oh no, stupidity would have been preferable, this was out and out vindictive maliciousness. ‘You dared question us, dared stand up to us, so we’re bringing the hammer down to make an example out of you.’