A district court in Idaho ruled it had the right to seize and copy software developer Corey Thuen’s hard drive without even notifying him. Why? Apparently, it’s because his startup’s website states, “We like hacking things and we don’t want to stop.”
This, the court must have decided, created national security concerns, because Thuen’s background as a hacker would make him more likely to delete evidence. His startup, Southfork Security, is embroiled in an intellectual property case against his former employer, Battelle Energy Alliance. Before he left, he copied Sophia, a preventative cyber-attack program he had been working on, with the intention of turning it into an open-source project, and Battelle is suing to prevent the release of the code.
The court decision released last week labeled the website’s positive statement about hacking as the “tipping point” for approving what the court even admitted is a “serious invasion of privacy.” An excerpt from the decision reads:
“The Court has struggled over the issue of allowing the copying of the hard drive. This is a serious invasion of privacy and is certainly not a standard remedy… The tipping point for the Court comes from evidence that the defendants—in their own words—are hackers. By labeling themselves this way, they have essentially announced that they have the necessary computer skills and intent to simultaneously release the code publicly and conceal their role in that act.”
Thuen and his lawyers weren’t even given a chance to appeal the decision before the hard drive was seized. The court was admittedly conflicted about the decision, but allowing words like “hacker” and “national security” to influence a rash decision like this one sets a dangerous precedent.
“Hacker” is a subjective term that can mean many different things, as overwhelming criticism has been quick to point out. Deeming an individual a cybercriminal and stripping his or her right to privacy and personal property based on a phrase on a website is wrong.
Until the decision is reversed—we hope—self-professed “hackers” may want to consider a change of title to avoid having their rights trampled. Later on in Southfork Security’s About page, it says:
“Beyond hours on the clock, we like to play as hard as we work and actively participate in the security community and capture-the-flag events, or ‘hacker fights’… Our company policy advocates community participation, contribution to open-source projects, donation of time or money to relevant causes, and other activities to make this world a better place.”
Sounds like a band of hardened cybercriminals if I’ve ever seen one.