Criminal Charges Finally Dropped Against Security Researchers Who Broke Into An Iowa Courthouse

from the all's-well-that-ends-unceremoniously dept

Security research isn't a criminal activity, no matter how many companies might wish otherwise when their bad security practices are exposed. But a couple of researchers working for Coalfire Security found themselves arrested and charged after performing a physical penetration test of an Iowa courthouse. Testing the physical security boundaries of the courthouse didn't go exactly as planned once the local sheriff showed up.

The two employees, Justin Wynn and Gary De Mecurio, showed Dallas County Sheriff Chad Leonard their credentials and the contract supposedly permitting them to perform a B&E but it didn't matter to Sheriff Leonard.

It did matter to Iowa Court officials, who said the test had been authorized... but perhaps not exactly on those terms. And it mattered to their employer, which wrote an angry letter demanding to know why Coalfire's employees were still locked up even after things had been (mostly) cleared up by courthouse officials.

The sheriff refused to budge, claiming it was his sacred duty to protect taxpayer-funded courthouses from out-of-town interlopers (or words to that effect). Coalfire's CEO, Tom McAndrew, was less than enthused with the sheriff's self-assessment. He said Sheriff Leonard was actually hurting taxpayers more than helping them by locking up people trying to increase courthouse security and prevent unauthorized access to sensitive records and documents.

Nearly three months later, prosecutors have finally backed down. Apparently, enough pressure can result in the prosecutorial discretion we hear so much about when prosecutors and politicians claim broadly-worded laws won't result in a bunch of collateral damage.

Originally charged with third-degree felonies, the charges were reduced to misdemeanor trespassing after the story began gaining traction outside of Iowa. Those charges have now been dropped as well.

Dallas County Attorney Charles Sinnard and Coalfire officials released a joint statement Thursday in which they said they agreed to drop the charges when it became clear the Coalfire employees and the responding law enforcement had the community's safety in mind.

"Ultimately, the long-term interests of justice and protection of the public are not best served by continued prosecution of the trespass charges," they wrote in a statement provided by Sinnard. "Those interests are best served by all the parties working together to ensure that there is clear communication on the actions to be taken to secure the sensitive information maintained by the judicial branch, without endangering the life or property of the citizens of Iowa, law enforcement or the persons carrying out the testing."

This is great but it seems like something that could have been cleared up three months ago and without putting felony arrests on the researchers' permanent records. The testing could have been handled a bit better by everyone involved but it's pretty tough to stress-test physical security measures without utilizing methods targets won't necessarily expect to be used. Breaking into courthouses is certainly unexpected. But once judicial reps made it clear the court system had engaged the service to test security, the researchers should have been released by the sheriff and all charges dropped. Instead, this got dragged out for another three months, providing more evidence there's nothing all that secure about a career in security research.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: breaking and entering, chad leonard, charges, courthouse, dallas county, iowa, security, security research
Companies: coalfire security

Reader Comments

Subscribe: RSS

View by: Thread

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)


Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.