23 March 2013: Thanks to the Ventura County Star for this great profile of me

Jay Leiderman
By: Jay Leiderman
January 02 2017

Ventura attorney represents high-profile hackers in a red-hot area of the law

Read more on Jay Leiderman: http://www.vcstar.com/news/2013/mar/23/ventura-attorney-represents-high-profile-hackers/?partner=RSS#ixzz2PXSIC5oa
– vcstar.com 

By Tony Biasotti

Posted March 23, 2013

Jay Leiderman


Jay Leiderman, a criminal defense attorney, checks his iPad for an update on a case in his Ventura office.

The client was known online as Commander X, the leader of the People’s Liberation Front, a group allied with the hacker collective Anonymous. He was suspected of engineering an attack on the county of Santa Cruz’s servers, an allegation that could land him in prison for up to 15 years.

His attorney, Jay Leiderman of Ventura, had never defended a computer crimes case. In the summer of 2011, after weeks of email and phone conversations, they decided to meet in person.

By then, Leiderman knew his client’s real name, but Commander X was keeping his identity a secret to the outside world. The client had a protocol for their meeting, and his lawyer followed it. Leiderman went to a specific street corner in a Northern California town — he won’t say which one — where he found a middle-aged homeless man sitting on the sidewalk.

Leiderman wrapped a dollar bill around his business card and dropped it in the man’s hat. Then he walked two blocks to a nearby park and sat on an empty bench.

The homeless man got up a few minutes later and joined Leiderman on the park bench. He was Christopher Doyon, also known as Commander X. The two men talked for hours.

“It feels really exciting at first, like you’re this spy lawyer,” Leiderman said in a recent interview in his Ventura office. “But then you get serious and get to work about it. It all gets normal very quickly.”

Helping shape law

Jay LeidermanToday, Leiderman is one of the top attorneys in the country for people accused of violating the federal Computer Fraud and Abuse Act, or the CFAA. It’s a red-hot area of law, the subject of recent congressional hearings by lawmakers concerned with the prosecution of programmer and activist Aaron Swartz, who was facing CFAA charges when he committed suicide in January.

Although he didn’t work on Swartz’s defense, Leiderman seems to have had a piece of almost every other headline-grabbing hacking case. This month, when Reuters social media editor Matthew Keys was indicted on charges of enabling a hack of a newspaper website owned by his former employer, Tribune Company, he hired Leiderman as one half of his defense team.

Like the rest of his computer crimes work, Jay Leiderman took the Keys case pro bono. He pays the bills doing standard criminal defense work in Ventura County, including the ongoing appeal of convicted rapist Andrew Luster’s 124-year sentence, and defending medical marijuana sellers all over the state.

Computer crimes interest him for the same reason medical marijuana does: It’s an area of the law that’s relatively new, so there are plenty of gray areas and potential test cases.

“In both cases, you’re just starting to see the law being shaped, and you can be the tip of that blade that’s shaping the law,” he said.

Leiderman, 41, started his career as a public defender and now has his own firm. He traces his interest in computer crimes to late 2010 and early 2011, when his wife was pregnant with their son. They’d stopped going out at night, and Leiderman quickly grew tired of watching television.

He started reading about the hacker collective Anonymous and its war on PayPal, Visa and MasterCard. The companies had all blocked donations to WikiLeaks after the site published its trove of leaked diplomatic cables. Anonymous retaliated with something called a distributed denial-of-service attack, slowing down the financial companies’ websites.

The U.S. government was tracking the hackers and prosecuting some of them, and that didn’t sit well with Leiderman. He thought the denial-of-service attacks were legitimate protests and should be treated the same as a march or a sit-in.

Sometime in the spring of 2011, Leiderman announced on Twitter that he would be happy to represent any “righteous hacktivists” free of charge. A friend retweeted the message to influential people in the hacker community, and the next thing Leiderman knew, he was exchanging emails with Commander X.

Crime, punishment

Because he takes the cases pro bono, Jay Leiderman is picky about which hackers he represents. In his view, they are people who are unjustly targeted by the government or who wouldn’t be able to navigate the justice system on their own.

Jay Leiderman

He thinks Doyon is an example of both. Commander X was a sophisticated hacker and online activist, the leader of the People’s Liberation Front, a group allied with Anonymous. Christopher Doyon was a 50-something homeless man whose most recent photo ID, Leiderman said, was a 20-year-old library card.

Doyon allegedly hit the county of Santa Cruz with a distributed denial-of-service attack that slowed its servers to a crawl for half an hour. He claimed he did so to protest the county’s actions in breaking up a protest of the city of Santa Cruz’s policy against sleeping in public.

“It was a symbolic crime,” Leiderman said. “A symbolic punishment would have been something like a $200 fine.”

Instead, Doyon was arrested on federal CFAA charges that carry a maximum sentence of 15 years in prison. Leiderman said it was likely that Doyon would get six months or less, but a 15-year sentence was on the table.

Doyon jumped bail and says he fled to Canada last year. In an email interview, he said the stiff potential sentence was one reason he fled, along with bail conditions that severely limited his use of the Internet.

Doyon said he felt bad about fleeing because he knew it would make things difficult for Leiderman, whom he considers a friend and “one of the greatest attorneys ever.”

“Jay has a deeply held passion for the freedom of information and cyberactivism movement,” Doyon said.

Prosecutors disagree

Jay LeidermanFederal prosecutors dispute Leiderman’s characterization of his clients as righteous protesters or harmless hobbyists.

One of Jay Leiderman’s clients, Raynaldo Rivera, pleaded guilty in October to his part in a 2011 hack of Sony Pictures Entertainment by LulzSecurity, or LulzSec.

Sony had sued a hacker for “jailbreaking” his PlayStation 3 to let it run software unapproved by Sony and publishing a guide on his website for others to do the same. LulzSec then obtained and posted the names, passwords and personal information of thousands of Sony accounts.

Leiderman maintains that Rivera, now 20, is a “good and promising man” who was manipulated by an older LulzSec leader. Rivera will be sentenced soon, and Leiderman said he hopes that his client will get probation rather than prison.

The U.S. attorney’s office agreed to seek a sentence at the low end of the possible guidelines for Rivera. Still, Thom Mrozek, a spokesman for the U.S. attorney’s office in Los Angeles, said in an email that Rivera committed a serious crime that put thousands of people at risk of identity theft. Some people did report having their email or Facebook accounts hacked after their Sony information was released online.

“This type of conduct is more than a prank and is worthy of a federal criminal prosecution,” Mrozek said. “I’m sure that each and every person at risk of identity theft as a result of Mr. Rivera’s criminal conduct would agree.”

The law’s future

The Computer Fraud and Abuse Act was passed in 1984, and Leiderman believes that it is obsolete in many respects. Back then, Congress was concerned about a scenario like in the movie “War Games,” in which a hacker infiltrates Pentagon computers and almost starts World War III. Computer networks were rare, and someone hacking into one was presumed to have bad intentions.

Today, computers are everywhere, and the CFAA can be vague on what constitutes illegal access to one.

Even when access is clearly illegal, Leiderman and other reformers see a problem in the law’s sentencing guidelines.

Slowing down Santa Cruz County’s website carries the same maximum 15-year sentence as an attack that permanently destroys the site of a major corporation or government agency and costs it millions of dollars. In practice, a hacker who doesn’t cause much harm isn’t likely to get a long sentence, but it is possible.

Jay Leiderman

“They’re still facing 15 years, and a judge that gets pissed off can throw them in prison for 15 years if he wants,” Leiderman said.

There are signs that Leiderman’s position on the CFAA is gaining traction. A House subcommittee this month heard testimony on the law. Many lawmakers said they were opposed to any reduction in the scope of computer crimes or the severity of penalties, but others were open to changes.

The current CFAA is the one Jay Leiderman must deal with. His latest case, that of Matthew Keys, will keep Leiderman on the front pages and the airwaves. He was recently interviewed on NPR and the Huffington Post, making the case that Keys was acting as a journalist, not a co-conspirator, in his dealings with Anonymous.

A few days before Keys was arrested, Leiderman sat in his office and said he was looking for “that next great case.”

“I want to make the government stop and think about what they’re doing, and maybe change what they’re doing,” he said.


6 thoughts on “23 March 2013: Thanks to the Ventura County Star for this great profile of me

  1. Would you mind generally if I mention two of your subject matteer so long as I provide you
    with acknowledgement together with sources back to yyour online site?
    My net page is in thee very same pecialized niche as your site and
    my viewers will profit from many of the suggestions your site offer right here.
    Please dont hesitate to let me know if this is okay for you.
    Thank you!

  2. There is no weapon on the planet more powerful than speech.

    In recent years, the digital revolution has led to new and unique ways for people to express themselves, and speech has flourished around the world, bringing it closer together. As a lawyer and as someone who promotes the advancement of individual liberties, I was fascinated by the advent of online speech, which was quickly followed by the advent of online protest.

    While affixing your e-signature to an online petition is a new and somewhat direct way to “petition your government for a redress of grievances”, I am most concerned with advocating for more immediate and effective manners of protest. So naturally, I was interested when, in December 2010, the hacktivist collective Anonymous voiced their displeasure with PayPal, over that company’s part in the banking blockade of Wikileaks.

    A reported 10,000 protesters around the world took to the internet with a protest method known as DDoS (distributed denial of service) – the functional equivalent of repeatedly hitting the refresh button on a computer. With enough people refreshing enough times, the site is flooded with traffic, slowed, or even temporarily knocked offline. No damage is done to the site or its backing computer system; and when the protest is over, the site resumes business as usual.

    This is not “hacking”. It is protest, and it is speech.

    True, customers of the site are temporarily inconvenienced, but democracy is often messy and inconvenient. Moreover, the voice of your fellow citizen should always be worth slowing down to hear for a moment. Exposure to new or differing views enriches us all. Such was the case with the 2010 PayPal DDoS protest.

    Or it was … until the United States government decided to serve 42 warrants and indict 14 protesters. While protest charges have typically been seen as tantamount to nuisance crimes, like trespassing or loitering, these were different. The 14 PayPal defendants, some of whom were teenagers when the protest occurred, find themselves looking at 15 years in federal prison – for

    Instead of being handed a $50 fine, as one would face for traditional protest crimes such as a sit-in, the PayPal defendants’ freedoms are in real jeopardy. To address this situation, there was some more traditional, yet still modern speech aimed at the White House. An online petition has been launched, asking that DDoS be treated as speech – a concept I wholeheartedly support. Being mindful that all protest must be reasonable in time, place, and manner, I believe that there is room in cyberspace, indeed in the world, for this type of protest activity.

    The example of the PayPal protest provides a good analogy for why DDoS is speech. In the 1960s, civil rights protesters went to the Woolworth’s lunch counter in the segregated American south because they sought to make a point by asserting their right to buy a simple meal – much as protesters went to PayPal because they wanted to donate to WikiLeaks. In Woolworth’s, the protesters made plain their goal: “If you serve me a meal, I will eat it, pay for it, and then I will leave.” This concept was lost on the Jim Crow south, so protest became necessary.

    Certainly, our contemporary situation is a long way from that struggle against deep, historic injustice – no one suggests otherwise – but the analogy is apt nonetheless. Thousands of PayPal protesters said, via their protest speech in DDoS form: “I want to make a donation to WikiLeaks; I’ll take up my bandwidth to do that, then I’ll leave. You’ll make money, I’ll feel fulfilled, everyone wins.”

    Alas, PayPal and its parent company, eBay, were not in the win-win business. They were in the censorship business, which is not something Anonymous suffers lightly – especially as PayPal has a history of taking donations for questionable organizations, like the National Vanguard (a national socialist group) and Americans for the Truth About Homosexuality (an anti-LGBT group), yet won’t process donations for WikiLeaks.

    So, it came to pass that thousands of displeased people, all around the globe, expressed their outrage via a DDoS protest. All the PayPal protesters did was take up some bandwidth. PayPal claimed – almost as a cry of victory – that their site never even went offline. In that example, DDoS was used as an almost pure form of protest expression – therefore it was speech and should be recognized and protected as such. The law should be changed.

    The Computer Fraud and Abuse Act is thus being used to stifle new and creative forms of online expression. This type of harmless creative protest should be encouraged: our nation was built upon the principles of free speech. If the founders of this great nation saw its laws abused, as when applied to these minor protests, I think they would be shocked and offended.

    Our best and brightest should be encouraged to find new methods of expression; direct action in protest must not stifled. The dawning of the digital age should be seen as an opportunity to expand our knowledge, and to collectively enhance our communication. Government should have the greatest interest in promoting speech – especially unpopular speech. The government should never be used to suppress new and creative – not to mention, effective – methods of speech and expression.

    Since the PayPal prosecution, there have been no DDoS protests on that scale. Speech has been chilled.

    Supreme court Justice William O Douglas said:

    “Restriction of free thought and free speech is the most dangerous of all subversions. It is the one un-American act that could most easily defeat us.”

    Toward that end, it’s time to begin a conversation about acknowledging DDoS as legitimate protest speech, deserving of first amendment protection.


  3. And now everyone who gets arrested, unless they’re facing 100 years, automatically is assumed to be a snitch. In the c4bin cr3w arrests the prosecutors played the families against one another expertly, but they were taking advantage of a societal reflex that was already in place. It’s a community defence mechanism.

    “The Sabu Effect.” The initial thought is to say that someone is getting reasonable treatment because they’re a snitch. They thought that [now-free Lulzsec member] Raynaldo “Royal” Rivera was one…he was in every way entitled to a lower sentence than his co-defendant but for the fact that he refused to snitch on anyone. In the final analysis he should have gotten 6-12 months rather than his 12 month sentence. It should have been no time or six months, but he got that sentence because he refused to snitch on anyone. But people are scurrilous, [saying] “Well, he was a snitch.” No, that was his co-defendant. He suffered for his refusal to snitch. People need to get that right, before they go casting aspersions like that.

  4. The thing is, the Justice Department doesn’t prosecute many people under the Computer Fraud and Abuse Act, the federal statute that governs computer crimes involving “unauthorized access.” The people it does come after are usually young and unable to afford high-quality representation. Consequently, even America’s most prominent defenders of computer criminals don’t defend them all the time, or even most of the time. And when they do, they often work for free, or close. That means, in 2016, it isn’t possible to have a solvent criminal law business solely devoted to defending hackers. And so the vast majority of people who trickle into Leiderman’s practice have nothing to do with the CFAA. Most of them probably have no idea what the CFAA is, or that their criminal defense attorney has an international reputation defending people accused of violating it. Neither, for that matter, do many of Leiderman’s local colleagues. No, one of computer law’s loudest voices — the attorney who has represented some of the country’s most famous hackers and who keeps an encrypted chat app open at all times so he can dispense ad hoc pro bono legal advice to members of Anonymous — spends much of his time defending the kinds of clients Matlock might turn down on a good day and keeping Ventura’s marijuana professionals out of trouble. Most days, he can’t even have an IRL conversation about his biggest cases. Which is a shame, because Jay Leiderman really loves to talk.


  5. Sex Crimes / Offender Searches
    US Department of Justice National Sex Offender Public Website
    Coordinated by the Department of Justice, the National Sex Offender Public Website (NSOPW) is a public registry of sex offenders nation-wide. It is a cooperative effort between the federal government and the state agencies that host public sex offender registries.
    URL: http://www.nsopw.gov/Core/Conditions.aspx
    Below are various state sex offender and inmate databases providing information such as description of the crime, time the perpetrator served, status of his or her sentence and identifying tattoos or birthmarks, home address and pictures.
    Offender Searches Arizona
    URL: http://www.azdps.gov/Services/Sex_Offender/
    Offender Searches Delaware
    URL: http://desexoffender.dsp.delaware.gov/SexOffenderPublic/
    Offender Searches Florida
    URL: http://offender.fdle.state.fl.us/offender/homepage.do
    Offender Searches New York
    URL: http://criminaljustice.state.ny.us/nsor/
    Offender Searches South Carolina
    URL: http://www.doc.sc.gov/InmateSearchDisclaimer.jsp
    Offender Searches Texas
    URL: https://records.txdps.state.tx.us/DPS_WEB/SorNew/index.aspx
    Parents for Megans Law
    URL: http://www.parentsformeganslaw.org/

Leave a Reply

Your email address will not be published. Required fields are marked *