Federal Law - Computer Fraud and Abuse Act - Are the hunters now the hunted?
Given my complete lack of legal expertise, and the fact that no Twitter lawyer has called this out, I sure I am completely off base here. Call me dumb, whatever.
But with the Weiss investigation making the rounds again, I got to thinking about Weiss' charges. He was charged for, “a report of computer access crimes.” Sounds bad. He's fired and gone.
Then I was thinking...wait a minute. Aren't these Signalgate leaks stating that an investigator accessed Connor Stalions private server? If this is really just about some minor college football infraction, then the investigator shouldn't be authorized to do such a thing. Either Connor is implicated in something else, or somebody may have broken Federal law just to dunk on Michigan.
" (1) the defendant was not authorized to access the protected computer under any circumstances by any person or entity with the authority to grant such authorization;
(2) the defendant knew of the facts that made the defendant’s access without authorization; and
(3) prosecution would serve the Department’s goals for CFAA enforcement, as described below in B.3. "
"B.3 ...an attorney for the Department of Justice should consider the following additional factors in determining whether a CFAA prosecution should be pursued because a substantial federal interest would be served by prosecution in a case in which the admissible evidence is expected to be sufficient to sustain a conviction:
1. The sensitivity of the affected computer system or the information transmitted by or stored on it and the likelihood and extent of harm associated with damage or unauthorized access to the computer system or related disclosure and use of information;
...
4. The impact of the crime and prosecution on the victim or other third parties;
5. The deterrent value of an investigation or prosecution, including whether the need for deterrence is increased because the activity involves a new or expanding area of criminal activity, a recidivist defendant, use of a novel or sophisticated technique, or abuse of a position of trust or otherwise sensitive level of access, or because the conduct is particularly egregious or malicious;
6. The nature of the impact that the criminal conduct has on a particular District or community;"
I tried to cliffs notes the website; there may be some other relevant information in there. Again, I am clearly not a lawyer. There may be holes here. If I am reading this correctly, and let's say Stalions isn't implicated in something actually criminal, then the only way the leaked Signalgate "evidence" isn't against Federal law would be that Stalions either gave the investigator the password himself (doubt) or that Stalions specifically granted the authority to the Vast Network to allow others to access the data (also kinda doubt that).
I could be stretching here. But it would be hilarious if the investigator, and whomever hired them, ended up with Federal charges at the end of all of this. Maybe the State of Michigan throws in some "Using a computer to commit a crime" charges? Hooray, you got Michigan some bad PR. But you broke actual laws to do that.
October 29th, 2023 at 9:24 PM ^
Your dumb. Whatever.
October 29th, 2023 at 9:29 PM ^
Well I did ask for that I guess.
October 29th, 2023 at 9:30 PM ^
I threw in a little self deprecating irony, just for good measure
October 29th, 2023 at 9:43 PM ^
yore* ftfy
October 29th, 2023 at 9:49 PM ^
Please, we don't need to brag about our feets of yore here.
October 30th, 2023 at 8:38 AM ^
Your, yore, you're dumm, dum and dumb.
October 29th, 2023 at 9:25 PM ^
Sorry. We already talked about this. A LOT. It was either done illegally or it wasn't. Since we don't know what happened yet we don't know.
October 29th, 2023 at 9:28 PM ^
My bad, I've been MIA from the board for a while. Was this specific law referenced?
October 29th, 2023 at 9:36 PM ^
I don't know. Maybe.
Any hacking is obviously illegal.
The legal method is covered by Brian in his post Signgate The Third:
Plenty of vague words the article, particularly "a computer drive maintained and accessed by Stalions as well as several other Michigan assistants and coaches." Unless an outside investigative firm was happy to take a case founded on hacking into Michigan servers, here is what this means, in all likelihood:
- One of Stalions's recruits flipped on him.
- He/she provided a link to a Google Drive or equivalent.
- That's where the documents came from.
So yet another piece of evidence that indicates Stalions is an idiot: he gave virtually unknown strangers access to his CommitCrimes.docx.
This article does clarify some things. One: the steady drip, drip, drip of one story after another that barely changes the overall picture is indeed the work of a firm hired to damage Michigan's reputation as badly as possible. Michigan is executing exactly zero PR in response.
One thing it does not clarify is what the nature of the "drive" is, a detail seemingly left blank intentionally to let people fill in the worst case scenario. "A computer drive maintained and accessed by Stalions as well as several other Michigan assistants and coaches" could be Jesse Minter reading CommitCrimes.docx and giving his enthusiastic approval, or it could be just another folder on a cloud drive that no one else goes into.
I could even assert that Stalions might have password protected his portion of the drive, or limited access, but no, that doesn't appear to be how this guy rolls.
I do think this might end up being wrong. I can't imagine Michigan has an internal shared drive that Stalions could give someone else permission to access, especially after the Michigan IT disaster this August. I mean, I guess I can because WHY NOT but surely at some point we will throw a stone and hit a reasonably professional individual. If this was a stand-alone google drive anyone inside the program who accessed it will be turbo-fired.
October 29th, 2023 at 9:38 PM ^
The specific law may not be relevant. One of Stalion's underlings that attended games may have just given the PI the incriminating files. There may not have been any hacking.
October 29th, 2023 at 9:42 PM ^
If Stalions did not permit the "underling" to do that, that would still appear to be against the law.
October 29th, 2023 at 9:46 PM ^
If there's an employee who improperly leaked info they could be in legal trouble. But the PI would be in the clear. Unless they pressured the employee to leak it. Or something.
October 29th, 2023 at 9:48 PM ^
Are you sure about that? Because the investigator also passed that information on to the NCAA without Stalions permission (probably). The NCAA is not a legal overlord that can just permit this type of behavior.
October 29th, 2023 at 9:54 PM ^
No, I'm not sure. I don't know the ins and outs of this stuff.
I do think, just as a general knowledge kind of thing, that PIs don't break the law, and if they do, they don't tell on themselves by leaking things to the press about how they broke the law.
Just common sense here tells us that it was probably kosher from the PI perspective. That doesn't mean that's necessarily true. But I don't think we can say definitively right now that a law was broken.
I imagine this will be one of the things Michigan actually cares about so we'll find out eventually.
October 29th, 2023 at 9:59 PM ^
Fair. Still have a hard time believing a PI is exempt from Federal law for investigating something non-criminal. That basically gives them free reign to steal information from whomever they want.
October 30th, 2023 at 1:42 PM ^
I think you might be missing who the "owner" actually is. One of the many articles stated that videos were uploaded to an iCloud account. If I film for you and upload a video. Who owns it - you or me? I don't think I need your permission to give my video to someone else or show anyone else where it was uploaded. Further, you'd need to look at the iCloud terms and conditions to understand ownership. If he made the folder publicly available, he may waive any data rights. icloud may claim all data ownership rights for all I know. Further, I'm sure Weiss signed an end user agreement about what he would and wouldn't do with data. I doubt Scallions had his people do something similar. Further, Further, I think you would need Scallions to sue over this (not UM). It's all a long shot and not likely something that will be a problem for the PI or OSU.
October 30th, 2023 at 7:54 AM ^
Hensons Mobile . . . just wondering if the "or something" would include disseminating the info. that they received, knowing that it was obtained without the permission of the owner?
October 30th, 2023 at 8:39 AM ^
As I said above, I don't know. The "or something" is because I don't know. I believe I saw or heard earlier that if you coerce someone to share proprietary information then you're culpable. But if they share it willingly, you're not.
For example, when the Washington Post reported on it, they are not in trouble for talking about the details of the files. And if they had been given the files and printed screenshots of it with even more information I imagine that would be fine too.
October 29th, 2023 at 9:51 PM ^
Incorrect. The underling wouldn't be allowed to share a password with the PI firm, but they could share or show the materials. Or the PI could open the link if the drive was open and no password was required.
October 29th, 2023 at 9:53 PM ^
They could show them the materials, I suppose. But the PI actually being given that material appears to be against the law. And the PI passing those materials to the NCAA would then also be against the law.
October 30th, 2023 at 10:58 AM ^
That was what I thought too Red_Lee. (Being careful about my words) But, If the PI firm obtained information that was taken by an "employee" of Stalions without his consent or the owners consent and they knew it was without consent, I would think they would be culpable if they further disseminate that information.
Irrespective of pressure, coercion, passwords or other nuances to the facts. Is that right or wrong?
October 30th, 2023 at 11:19 AM ^
Well your question is a great one. It just seems to me that the process this PI appears to have taken is dipping its toes on some Federal law areas for somebody (the source, the firm, or the person who hired the firm, etc.)
That is a big risk to take over a very mundane college football rule. Personally, I would focus on making my own team better than risking Federal investigations into a sabotage mission against a rival.
October 30th, 2023 at 11:55 AM ^
I agree, with technology and information sharing, the rule is out of touch with what's the reality of the CFB landscape.
October 30th, 2023 at 1:10 PM ^
OK, so let's posit that Bob Leaker is the alleged bad actor here.
- It is not a crime for Bob Leaker to share any files that he personally uploaded to a shared drive.
- It is not a crime for Bob to share any metadata associated with the other files in the area of the shared drive where Bob was given access, as that information is implicitly included in Bob's access grant. So, for example, if Bob notices that there is a file called Maryland-OSU-2022.mpg, he may share that information.
- It is not a crime for Bob to share the actual file Maryland-OSU-2022.mpg if a good faith actor would believe that he had the right to read that file. For example, if Stalions said "hey, check out the great work that Greg Goodguy did on the Maryland game," that would be direct authorization for Bob to access the file and therefore it would not be a crime for him to share the file.
- It is likely be a crime for Bob to share the names of files in directories, or the actual files, if a good faith actor would believe that they were off-limits, even if his permissions allowed them. For example, if Connor had a separate folder called "Connor's Private Manifesto, Do Not Read," then you might have a case.
- The gray area would be if Bob could access Maryland-OSU-2022.mpg if Connor neither allowed nor prohibited it. I suspect a good faith actor would believe they had access to those files barring any notice to the contrary, so it wouldn't be a crime. It's certainly not an open-and-shut case.
If it is not a crime for Bob to access the file, then it is not a crime for him to give the file to the NCAA or anyone else -- full stop. Access is access. (This is not national security stuff here).
Joe Simon had a brief discussion about this on Sam Webb's show on WTKA Friday morning. It simply cannot be theft if Bob was authorized to view the files.
October 30th, 2023 at 4:10 PM ^
If Bob Bad Actor had been granted access to files, it assuredly would be to do his work, and not for ANY other purpose. I don't believe you need to say to Bob Bad Actor, who's doing work supposedly for the benefit of UM, "don't share this with OSU", C'mon.
Your analysis is absolutely solid and if we can agree on the above, just a couple of questions:
1. Would a reasonable person believe Bob Bad Actor had permission to share files with the NCAA, PI firm or OSU without the consent of the owner? I know I don't and my business isn't football.
2. Once NCAA, PI firm or OSU had those files, could THEY reasonably believe the source of the information was from someone who had permission to share it with THEM and they could further disseminate it? I don't think so, and I wouldn't share info. that I thought was illegally shared with me.
I guess the question is whether criminal liability attaches (in this scenario) and without having looked at ANY applicable statue/criminal code, I wouldn't say YES at this point. I would think civil liability is almost a given though. What do you think?
October 30th, 2023 at 2:28 AM ^
You don't have any idea what you're talking about, so you should stop while you are behind.
If you have granted authorization to a second party to access your files, once those files have been removed from your server, it is not a computer crime for that authorized second party to give them to a third party. It might be a breach of contract, but it's not a crime -- no unauthorized person accessed the server in question.
Also, private investigation firms are well-versed in the law. Their livelihood depends upon them knowing and following that law. While that doesn't mean they're saints, it should give someone pause before flinging around accusations of illegal conduct, particularly when you've admitted several times that you don't know how to interpret the law.
Finally, just as meta commentary: "they shouldn't have been able to catch us" is a poor excuse. It's not the way Michigan carries itself. I promise you that if the NCAA came to Michigan and said "we have reason to believe that there are prohibited copies of game videos on the drive called "Michigan Manifesto Super Secret Do Not Share," Michigan would immediately give them access to that drive. Michigan is a voluntary member of the NCAA, and they willingly accept its governance.
October 30th, 2023 at 2:50 AM ^
A bit harsh, do you have a background in this?
For your second paragraph, I have seen and personally heard about professionals, that should know the law, be quite terrible at their jobs. But statistically you are correct, a PI firm would follow the letter of the law. Just seems that if they did such great work that their leaks wouldn't be anonymous. They should be proud of their work. I'm sure a lot of people would be lining up to use their services.
Your meta commentary is also suggesting you know a lot about the inner workings of U of M. What knowledge do you have about their typical procedures on these types of complaints?
October 30th, 2023 at 8:47 AM ^
Just seems that if they did such great work that their leaks wouldn't be anonymous.
The client surely would like them to keep it private for as long as possible. For example, if it was Ryan Day's brother, they wouldn't want that to be in the headlines.
What knowledge do you have about their typical procedures on these types of complaints?
You don't need to be an insider for this. We have a long history of complying with NCAA investigations, most recently over a cheeseburger.
October 30th, 2023 at 12:43 PM ^
Not harsh enough, apparently, since you keep embarrassing yourself.
At the risk of repeating myself: you don't have any idea what you're talking about. You admit that you don't have any idea what you're talking about. But you seem to be following a rather unique line of reasoning: "Since I don't know anything about this, maybe the people whose job it is to know about this don't really know anything about it either."
In general, if you think you've found something that everybody else has missed, the most likely explanation is that you're missing something.
Nobody lines up to hire a PI firm who can't keep their mouth shut about who their clients are. It's the client's business to disclose the relationship or not.
October 29th, 2023 at 9:26 PM ^
There was a hacking of the University of Michigan in August that shut down their network. Could that be related? Possibly but I haven’t heard anyone connect the dots there so who knows.
Anyway, no point in continued message board pontification- let’s just see what comes out. There are plenty of people that are incentivized to investigate all this.
October 29th, 2023 at 9:31 PM ^
The Ann Arbor police department said that the Weiss investigation and the August university hack are not related to the Stallions stuff in any way. There was an MLive article from a few days ago with the AAPD quotes
October 29th, 2023 at 9:32 PM ^
The Ann Arbor police department said that the Weiss investigation and the August university hack are not related to the Stallions stuff in any way. There was an MLive article from a few days ago with the AAPD quotes
October 29th, 2023 at 9:38 PM ^
I heard about Weiss investigation not being connected. I didn't hear about the August hacking.
October 29th, 2023 at 9:29 PM ^
Aren't these Signalgate leaks stating that an investigator accessed Connor Stalions private server?
Emphasis added.
Where did you see that?
October 29th, 2023 at 9:38 PM ^
"In evidence presented to the NCAA, the unnamed investigative firm found evidence that it had obtained from computer drives that had been accessible by multiple Michigan coaches."
https://nypost.com/2023/10/26/sports/michigan-sign-scandal-could-go-beyond-connor-stalions/
I swear I had seen things about a private server somewhere also, maybe that was message board banter. Either way, that quote there seems pretty egregious.
October 29th, 2023 at 9:50 PM ^
same post 15 times and counting. do you get a royalty for this one?
October 29th, 2023 at 9:55 PM ^
I enjoyed it. I took a long hiatus from the board so I missed a lot. Can't keep up with all of the info here, especially right now lol.
October 30th, 2023 at 8:47 AM ^
Man. People in this thread are mad. This post usually gets upvotes.
October 30th, 2023 at 9:37 AM ^
Yeah I really just wanted discussion on this topic. I appreciate the ones giving some solid feedback. People sometimes take things way too seriously or negatively.
October 29th, 2023 at 10:04 PM ^
Given my complete lack of legal expertise, and the fact that no Twitter lawyer has called this out, I sure I am completely off base here. Call me dumb, whatever.
You’re D.U.M.M. style dumb, whatever.
October 29th, 2023 at 10:13 PM ^
I'm just gonna r-u-n-n-o-f-t
October 29th, 2023 at 10:08 PM ^
Edit: Deleted
October 29th, 2023 at 10:12 PM ^
A bit self-deprecating I know. It does set the mood off improperly.
October 29th, 2023 at 10:58 PM ^
Shut up
October 30th, 2023 at 12:57 AM ^
If one of Stalions' ponies gave the google docs password to the firm and the firm used that password that is illegal. Just because you have the password doesn't make it legal to access. You need authorization from the owner. So if that is what happened, then as far as I can tell they broke the computer fraud and abuse act.
October 30th, 2023 at 3:24 AM ^
Ah, the hunters have become the hunted. It's time to play a little game of...cat and mouse.
October 30th, 2023 at 7:31 AM ^
Who cares how they (likely OSU) got the info. If we cheated then so be it... we all know everyone is trying to steal signs, but we had a coach not happy with losing act like a limp-wristed sissy (no I'm not calling him homosexual... I mean it as weak) and tell the NCAA. Let's say fuck you and just continue to drag him and his teams faces through the mud like we have the past 2 seasons
October 30th, 2023 at 8:50 AM ^
I care. I'm sure Michigan cares. If people committed crimes--not NCAA crimes, U.S. law crimes--against Michigan, I want those people brought to justice.
That is a separate issue from our own NCAA violations, which should also be dealt with.
October 30th, 2023 at 7:53 PM ^
Based on what I've heard, it wouldn't be surprising if he shared the drive via a link. If so, Apple's Terms of Service would likely consider the data on that drive as public, allowing anyone with the link to access the files. I'm not a lawyer, and there might be legal nuances, but unless there's another interpretation of "publicly" I'm unaware of, sharing with a link would likely make the files fair game. (Emphasis mine)
Folder and File Sharing. When you use iCloud Folder and File Sharing, Apple stores any files you share until you delete them. You can access your shared files from any of your Apple devices with iCloud Drive enabled. You may give access to people to view, save, copy or edit these files. You have the option to give people the right to edit the files or to only view them. If you use iCloud Folder and File Sharing to share files via a web link, these files will be publicly accessible to anyone who has been provided the web link. You can stop sharing files at any time. If you stop sharing, files will be removed from iCloud Drive on everyone’s devices. However, any file previously copied to another device or computer will not be deleted.