You know, I wouldn't rely on this article for accurate characterization of the government's legal position. Saying 'prosecutors argued that...' and then linking to a 2011 Guardian article threw up a red flag for me. That article didn't describe prosecutor's arguments; it described expert witness testimony. And the trespass was not the unauthorized nature of wget, although this was mentioned in passing, but the way in which it was employed to access data from the '.22' computer that was for secure/classified material.
wget is mentioned by the forensic expert in the context of describing how he came to his conclusions, but that's a far cry from saying it's bad in and of itself. Suppose I'm investigating a physical trespass, and I say that I discovered characteristic bootprints in the area that perfectly matched a pair of boots owned by the suspect. That doesn't mean the boots themselves are illegal, it just shows that someone was wearing that particular pair of boots while trespassing. As far as mentioning the non-authorized nature of wget, it's equivalent to observing that the boots in my example were not regular army issue.
I don't know precisely what prosecutors argued as I haven't obsessively followed the trial, so if someone can link to a primary source that contradicts the above I'm happy to be corrected. But as posted, the article seems to be drawing an incorrect inference from another news report, an as such is a questionable third-hand account of what prosecutors were really saying.
This sounds accurate. My understanding is that the words "trespass" or "computer fraud" are used in relation to: http://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act (a law which I believe is generally construed far too broadly--even though it looks to be appropriate here). Nothing to do with wget, he could've used a browser to the same effect.
That said, this reporting is indicative of most of the "journalism" around Snowden and Manning. While it's no longer surprising, it's still disappointing.
Quantity has quality of its own. So does efficiency. When you make a process much more efficient you after a tipping point convert it to something else entirely - like the surveillance that. Technology is amplifier.
Of course getting 10 more years just because he used wget instead of bash scripts that loop with nc is absurd.
But the fact that he used simple automation to do the job should be taken into consideration. So should be the fact that solitary confinement is torture.
But the whole trial seemed like Kangaroo court to me anyway ...
Edit: Also technically he was authorized to use wget - he had permissions to download it from wherever or to install the package and had permissions to set the executive bit to true.
Not trying to justify Bradley's treatment in any way, but to put the other side...
Is it not possible that wget was not authorized specifically because if would make copying lots of file easier and quicker? I mean, if I were in charge of sensitive data like that, it would be the sort of thing I want to consider. If legit use is no say a file by file basis, then only a select few would need some sort of batching tool. So, why make it easier? That fact that you can do it other ways, I see no reason to then just allow anything. We all still have locks on our doors, despite knowing a determined thief will defeat or circumvent them.
If batch downloading is de facto fraud then the military should have been monitoring their HTTP logs for this suspiciously fraudulent signature and immediately stepped in to prevent the leak. That they had a mandate to secure sensitive data and failed in that task does not make Manning's actions fraudulent.
Is security important to US military or not? Both having lax security at the time of breach and then severely punishing a leaker for using trivial tools does not inspire confidence in the competence of our military security.
I see where you're going with this, but you're fixing that problem on the wrong end. If they want to rate limit with exceptions, they should rate limit with exceptions. Not insist all the clients limit themselves, with exceptions.
Following your analogy, we all have locks on our doors, despite telling thieves not to steal our cars.
Also technically he was authorized to use wget - he had permissions to download it from wherever or to install the package and had permissions to set the executive bit to true.
Do we know this to be true? Was Manning himself even responsible for the installation of wget on the systems he used?
Not authorizing wget and classifying that as computer fraud may have its justification, but giving someone 10 years for what amounts to a form of trespassing is absurd.
They are making an example of him for publicly distributing classified documents. The prosecution found every legal justification to convict him of that crime.
I'll admit to not really following the trial or general crime news, but it seems like "making an example" has become significantly more common over the past few years.
Blanket releasing classified diplomatic info so everyones' good pals in the governments of China, Russia, Iran, etc gain strategic insight is also pretty absurd.
Say what you want about Snowden's actions, but at least he seems to be pretty responsible about his disclosures and has a purpose to expose a particular practice.
Manning's blanket leaks provided no new major revelations- the fact that US diplomats have & collect secrets is not a major revelation.
I read those lists & they seem like a "throw everything and the kitchen sink" strategy to defend his behavior.
It shouldn't be much of a surprise that there is occasional criminal (& horrific) misconduct from soldiers or that the military collects statistics on civilian casualties. The idea that "war is hell" has been around for a long time.
(Who doesn't like idle speculation?) Manning seems like someone who had some emotional issues & was overwhelmed w/ what he saw & made a reckless decision to "turn over the playbook." Snowden's revelations are things that probably even the most intrepid journalist couldn't figure out, Manning's put folks' dots together for them
Overall, it seems like it will be very unfortunate circumstances & tough going for Manning and his family for the next several decades
Assuming the computer was running Windows, you wouldn't need wget to perform HTTP requests in batch -- you could make a VBScript to do it (src: http://stackoverflow.com/questions/204759/http-get-in-vbs ). I would assume that Windows (and therefore everything in it) would be considered "authorized" in that case, but would the VBScript be considered unauthorized software? If that's the case, would you need to get approval every time to write macros to make your job more efficient?
Is there actually a line drawn in the military about what is considered software?
That's what some people might believe, after focusing on the minutiae of the charges. I wouldn't bet on it though. Manning shamed and embarrassed his chain of command, the gov't at large, the military at large, the diplomatic corps, etc, etc. He was always going to get the book thrown at him; and the only thing that might have stopped it is widespread public outrage.
>U.S. prosecutors pointed out that wget was not on the list of “approved” programs for use in facility where Manning worked.
I know it sounds trivial but it was an unauthorized tool run on a system that was supposed to be secure as that system was talking to SIPRNET. Above all the other things PFC Manning has shown the world, he's also shown that security standards & procedures around some of the most damning secrets the DOD & State department could stupidly put on one fileshare was unprotected. Ironically this stuff might have shown up in foreign intelligence circles even without the PFC's actions.
Wow, wget is one hell of a tool isn't it? I think it should be a requirement that judges have to take a mandatory digital refresher course every 12 months to ensure they can deal with cases like this because this is ridiculous.They got him on a technicality, I guess they are clutching at straws and trying to get him on as many things as they possibly can.
Typically restricted access computers (govt or not) require an authorization form to install software and require software to be installed by an authorized person. Any use of programs not installed via that process (with supporting paperwork) would be considered misuse. Even if the settings of the system do not prevent an authorized user from performing those actions. Furthermore, access to such systems will require the user also to sign an authorized use form.
So I guess he could have used a nix box then and just used curl, which comes preinstalled? I am not saying the government has no case here, but using wget is way too fuzzy to weak to be one of the central charges.
wget is mentioned by the forensic expert in the context of describing how he came to his conclusions, but that's a far cry from saying it's bad in and of itself. Suppose I'm investigating a physical trespass, and I say that I discovered characteristic bootprints in the area that perfectly matched a pair of boots owned by the suspect. That doesn't mean the boots themselves are illegal, it just shows that someone was wearing that particular pair of boots while trespassing. As far as mentioning the non-authorized nature of wget, it's equivalent to observing that the boots in my example were not regular army issue.
I don't know precisely what prosecutors argued as I haven't obsessively followed the trial, so if someone can link to a primary source that contradicts the above I'm happy to be corrected. But as posted, the article seems to be drawing an incorrect inference from another news report, an as such is a questionable third-hand account of what prosecutors were really saying.