Posted on: Sunday, October 19, 2003

Convicted hacker no longer a bad guy to prosecutors

By Joseph Menn
Los Angeles Times

Federal prosecutors last week abruptly changed the label they had hung next to Bret McDanel's name, turning him from criminal hacker into innocent whistleblower.

In an extraordinary reversal approved by top Justice Department officials, the U.S. attorney's office in Los Angeles on Tuesday asked a federal appeals court to strike down a conviction it won last year against McDanel.

McDanel's crime: Warning customers of an e-mail company he once worked for about a flaw that could let other people read their messages.

Online rights activists hailed the Justice Department move as a rare piece of good news in the escalating fight between free speech and technological security.

McDanel, 30, said he wished the about-face had come earlier.

He spent 16 months behind bars before and during his trial. His fiancée left him, his two cats had to be boarded with his parents and his reputation was sullied.

Even now, McDanel said his future was uncertain.

"I don't think my name can ever truly be cleared. If you type my name into Google, you will come up with tons of articles about what a bad person I am," he said from his parents' house in rural Fiddletown, east of Sacramento, Calif.

"I had been reading up on the law for a great many years, and I believed everything I was doing was perfectly legal," McDanel said. "I didn't think sending e-mail and putting up a Web page would land me in jail."

At the time, investigators with the U.S. Attorney's Major Frauds Section disagreed. They seized McDanel's fiancée's computers, forcing her to shut down. And they hauled McDanel into court for violating the Computer Fraud and Abuse Act, one of the nation's principal anti-hacking laws.

The law prohibits attacks that impair the "integrity" of a computer system. The prosecutors convinced a judge at trial that simply by telling people how the Tornado software could be compromised, McDanel had harmed the system's integrity.

Since his release, McDanel has been in the temporary care of his parents. He's also been working on a book about non-Internet threats to computer security.

After McDanel's appellate attorney, Jennifer Granick of Stanford University, filed her appeal of McDanel's conviction with the San Francisco-based 9th U.S. Circuit Court of Appeals, the U.S. attorney's appeals unit revisited the case.

"Defendant's release of vulnerability information did not by itself cause an "impairment to the integrity of a computer system,' " wrote Assistant U.S. Attorney Ronald Cheng. "It is on this principle that the government confesses error in this case."