There’s a disturbing legal case coming out of the U.S. District Court for the State of Idaho, which has ruled that an application developer’s computer could be seized without notification because he self-identifies as a “hacker” on his website. This decision would appear to be in flagrant violation of the Fourth Amendment of the Constitution, which prohibits unreasonable search and seizure.
According to Digital Bond’s Dale Petersen, Corey Thuen is a former employee of Battelle Energy Alliance, a management and operating contractor for Idaho National Laboratory (INL). While working with Batelle, Thuen was one of the developers who helped create a solution to protect energy interests (power grids, etc.) from cyber-attack. The solution was nicknamed “Sophia.” At some point, Thuen left and began his own company, called Southfork Security, where he created a similar solution to the one developed for INL. Batelle has sued Thuen, alleging he stole code and violated employee agreements.
Image via Shutterstock
While this seems fairly straightforward – former employees are sued for breaking anti-competitive agreements all the time – it was the court’s decision to allow Battelle to get a restraining order and request to seize his computer without notifying him simply because his website states, “We like hacking things and we don’t want to stop.”
From the court documents:
“The Court finds it significant that defendants are self-described hackers, who say, ‘We like hacking things and we don’t want to stop.’
The Court has struggled over the issue of allowing the copying of the hard drive. This is a serious invasion of privacy and is certainly not a standard remedy, as the discussion of the case law above demonstrates. The tipping point for the Court comes from evidence that the defendants – in their own words – are hackers. By labeling themselves this way, they have essentially announced that they have the necessary computer skills and intent to simultaneously release the code publicly and conceal their role in that act. And concealment likely involves the destruction of evidence on the hard drive of Thuen’s computer. For these reasons, the Court finds this is one of the very rare cases that justifies seizure and copying of the hard drive.”
Apparently, all it takes is using a common noun to describe yourself, and your Fourth Amendment rights immediately go up in a puff of smoke.
While gaining a seizure order without notification usually requires that the plaintiff prove a defendant has “a history of disposing of evidence or violating court orders or that persons similar to the adverse party have such a history,” the court ruled that the self-identification as a “hacker” is enough to prove this.
What’s perhaps is most relevant here is that Thuen reportedly pushed for the “Sophia” solution developed for Battelle to be released as open-source, which may be the cause of Batelle’s animosity against Thuen. Lawyers for the company stated that, “Most broadly, releasing Sophia open-source has national security implications. Defendants plan to give away the keys to Sophia . . . to the very attackers Sophia is meant to thwart.”
Tech Dirt also covers the disturbing case, noting that the government often uses the words "hacking" and "hacker" almost exclusively to denote criminal activities and criminals, making it one of the court’s favorite “boogeymen.”
Edited by Alisen Downey