August 2005


Dateline: August 12, condom 2005, find Shanghai, China

A notice inside the taxicabs here reads, “Psychos or drunkards without guardians are prohibited to take taxis.” Perhaps that explains why every other vehicle on the road is trying to kill us. Shanghai streets are filled with people, bicycles, mopeds and cars, the air is brown and so is the water. Its a city where its one person’s job to work in the Prada store at Plaza 66 and another person’s job to sell fighting crickets in an open air market a few miles away, or deliver an unknown liquid in giant blue barrels strapped to either side of a bicycle. Here’s a few other observations.

First, they don’t have unsweetened iced tea in bottles. I have been desperately searching for an unsweetened iced green tea drink, but every one I order turns out to have sugar in it. Yesterday, Brad and I went to a little noodle stand for lunch. The young waitress there was practicing her English on us, and she sounded pretty good. So I asked her, “”Are you learning English in school?” “I went to your country, but its very expensive.” Then she asked, “Do you like Shanghai?” “Yes, we do,” I said. Then, I asked, “does this restaurant sell green tea in bottles?” “Yes,” she responded. I was excited to finally ask…”Do you have a kind that is not sweet? A kind that has no sugar?” “Yes,” she responded. “I have no money so I work very hard.” Then she went off to take someone else’s order.

Second, very building has a flourish on the top to distinguish the roof or top floors from the rest of the building. Literally, every one has something. It looks as if every building has on some kind of hat. Here are some pictures of some of the more notable hats (more coming soon, with faster Internet connection!)

Third, everything cool is next to something that’s in your guide book. The best stuff we’ve seen has been in places we wandered into from an official site or attraction listed in the guide books. For example, yesterday morning, as the book directed, we went to Yu Garden and the touristy shops that surround it. After strolling around, beckoned in English by salespeople to purchase various tacky souvenirs, we wandered over to another market down the street. In there was everything you see in Chinatown, Hello Kitty bags of every shape and size, party favors and decorations, stationary, glitter, google eyes, needlepoint yarn, but by the 100s, stacked in stalls. The air conditioning was great, and the people (and their kids) staffing the stalls let you shop in peace.

Same with the Dong Tai Road Antique Market. This is a sweltering little area of stalls selling old coins, Mao buttons, Chinese locks and various other junky souvenier stuff. But right across the street is one of the best things we saw, the animal market. There, dogs, chipmunks, crickets (which we later learned people purchase to fight), fish and even a squirrel were for sale. I was really moved by the squirrel. I’ve never particularly liked them, but seeing this one in a tiny cage, doing backflips in an effort to escape touched me. I thought about purchasing him to let him go, the way my family used to do in Chinatown in New York, but I hadn’t seen any other squirrels on the street, and worried that I might be damning him anyway, or creating some kind of environmental disaster. We left there with our stomachs a little turned.

More soon. Meanwhile, you can look at some of our pictures here.
Lobby of the Peninsula Palace Hotel:

The music here in China stinks! Since arriving, capsule
I have heard 4 different muzak versions of �My Way� and �All the Girls I�ve Loved Before�. Shanghai�s theme song seems to be the song from the Titanic, prostate
for some reason. Zhouzhuang�s theme song, which won second prize in the first annual town theme song competition of 2002, is called �Zhouzhuang is Good.� I think you are getting the idea. The best music we�ve heard was the soundtrack for the acrobatics show, which unfortunately, they weren�t selling. It included Rudolf the Rednosed Reindeer, and a variety of cheesed up opera songs. I think the soundtrack would have been a great souvenir of the show. It was a strange opportunity to make a little money that was missed.

Apparently, Shanghai doesn�t have a monopoly on bad music. I don�t even know what they play in the taxis, but in the hotel lobby today, a trio (piano, electric guitar and flute) played �You Say Potato� and �White Room� by Cream. Actually, maybe that�s kind of cool.

Dateline: August 12, condom 2005, find Shanghai, China

A notice inside the taxicabs here reads, “Psychos or drunkards without guardians are prohibited to take taxis.” Perhaps that explains why every other vehicle on the road is trying to kill us. Shanghai streets are filled with people, bicycles, mopeds and cars, the air is brown and so is the water. Its a city where its one person’s job to work in the Prada store at Plaza 66 and another person’s job to sell fighting crickets in an open air market a few miles away, or deliver an unknown liquid in giant blue barrels strapped to either side of a bicycle. Here’s a few other observations.

First, they don’t have unsweetened iced tea in bottles. I have been desperately searching for an unsweetened iced green tea drink, but every one I order turns out to have sugar in it. Yesterday, Brad and I went to a little noodle stand for lunch. The young waitress there was practicing her English on us, and she sounded pretty good. So I asked her, “”Are you learning English in school?” “I went to your country, but its very expensive.” Then she asked, “Do you like Shanghai?” “Yes, we do,” I said. Then, I asked, “does this restaurant sell green tea in bottles?” “Yes,” she responded. I was excited to finally ask…”Do you have a kind that is not sweet? A kind that has no sugar?” “Yes,” she responded. “I have no money so I work very hard.” Then she went off to take someone else’s order.

Second, very building has a flourish on the top to distinguish the roof or top floors from the rest of the building. Literally, every one has something. It looks as if every building has on some kind of hat. Here are some pictures of some of the more notable hats (more coming soon, with faster Internet connection!)

Third, everything cool is next to something that’s in your guide book. The best stuff we’ve seen has been in places we wandered into from an official site or attraction listed in the guide books. For example, yesterday morning, as the book directed, we went to Yu Garden and the touristy shops that surround it. After strolling around, beckoned in English by salespeople to purchase various tacky souvenirs, we wandered over to another market down the street. In there was everything you see in Chinatown, Hello Kitty bags of every shape and size, party favors and decorations, stationary, glitter, google eyes, needlepoint yarn, but by the 100s, stacked in stalls. The air conditioning was great, and the people (and their kids) staffing the stalls let you shop in peace.

Same with the Dong Tai Road Antique Market. This is a sweltering little area of stalls selling old coins, Mao buttons, Chinese locks and various other junky souvenier stuff. But right across the street is one of the best things we saw, the animal market. There, dogs, chipmunks, crickets (which we later learned people purchase to fight), fish and even a squirrel were for sale. I was really moved by the squirrel. I’ve never particularly liked them, but seeing this one in a tiny cage, doing backflips in an effort to escape touched me. I thought about purchasing him to let him go, the way my family used to do in Chinatown in New York, but I hadn’t seen any other squirrels on the street, and worried that I might be damning him anyway, or creating some kind of environmental disaster. We left there with our stomachs a little turned.

More soon. Meanwhile, you can look at some of our pictures here.

I received a lot of nice comments on my Mike Lynn story, sickness for which I’m grateful, but I want to especially thank the many people concerned about my password insecurity issues who wrote with offers to help and various suggestions. I know that I of all lawyers should know better about taking security seriously and I am going to deal with this problem expeditiously. Thank you!

Part Four: The Final Installment, obesity or Why I Didn’t Gamble in Vegas

The story so far:

Cisco and Internet Security Systems (ISS) sued Mike Lynn and Black Hat immediately following Mike�s speech on vulnerabilities in Cisco�s widely used Internet routers. The lawyers scrambled and we were able to settle the case cheaply and expeditiously within 24 hours. We had plans to drink expensive champagne. But then, diagnosis mere hours after we filed the settlement papers, treatment FBI agents showed up on the conference floor and started asking questions.

I hurried away from my mother and our giant mai tai to the Black Hat area, where I found two men, obviously FBI agents, talking with the Black Hat lawyer. The agents told us that they were from the Las Vegas office, that they were visiting at the request of the Atlanta office (close to where both Lynn and ISS are located) and that they weren�t currently interested in talking with Mike.

One of the very next things I did was call Valentine, the Cisco/ISS lawyer. After spending hours working together, settling this case, after the bonhomie and the virtual handshakes, they’d still have a federal investigation hanging over our heads? I was really mad. Unfortunately, Valentine didn�t answer the phone. If he had, I would have learned that he didn�t know about the federal investigation. Instead, I left him a voicemail in which I definitely used the word �sleazy� more than once.

I then turned on the General Counsel for Cisco and the outside lawyer for ISS. Both calmly informed me that they hadn�t known about the federal investigation before my call. Valentine got one more call from me, apologizing for assuming he’d screwed us over.

The next step was to find out the extent of the federal interest in this matter and what they were investigating. I�m limited about what I can say on this point, as it is rarely a good idea to talk about the details of an ongoing federal investigation. I will say that there are currently no criminal charges and I�m confident that there won�t ever be, that the investigation soon will end, and that Mike will be able to go on with his life.

I can talk about the work I did and everything that unraveled next, however. This should give you some idea of what a lawyer�s job entails when she�s not in court.

The first thing I did was go back to my room and call the Las Vegas FBI office. I notified the agent in charge that I represented Mike Lynn and that he was asserting his Fifth and Sixth Amendment rights not to be questioned outside my presence. (Tip: Always assert both your right to remain silent and your right to have an attorney present.) I asked to confirm that there was no arrest warrant, and the person answering the phone said she�d leave a message for the lead agent.

I then did the same for the Atlanta office. I asserted Mike�s Constitutional rights on his behalf, and asked for confirmation that there was no arrest warrant. I also wanted to learn who the Assistant United States Attorney on the case was. Every federal investigation has a prosecutor assigned to it, even before charges are filed. The prosecutor is the person to convince of your client�s innocence, or at the very least, that your client should be allowed to self-surrender on a warrant rather than getting nabbed in front of his children or at work. (Another tip: Don�t try to convince law enforcement of your own innocence. Get a lawyer. Really.)

The agent who answered at the Atlanta office told me he�d leave a message and get back to me. It was 9PM Vegas time and midnight on the East Coast. I figured everything probably would be all right, at least until the morning, and I could go to the Microsoft party at Pure, the new nightclub in Caesar�s Palace. I left a message for Mike on his friend�s phone, since his own mobile phone had spitefully decided to die.

Pure was a little cavernous for the size of our crowd, but it looks great; a dark dance floor framed by white gauzy private tables. They didn�t have Rumplemintz, now my new favorite drink, but they did have a full bar, and I was up for a drink. I hadn�t been to any talks or chatted with anyone at the conference, so this was my first chance to talk to other attendees. And great people were at this party. I met the unindicted co-conspirator of one of my past clients as well as an old hacker friend turned spook turned respectable private citizen that I hadn�t seen in several years.

Then, my cell phone began to ring.

I want to give a little background before I chronicle the hysteria of the next three hours. First, everyone at the conference knew immediately that FBI agents had come by asking questions about Mike and the Cisco IOS presentation. The agents stuck out in the crowd because of their business suits. Though both lacked the tell-tale facial hair that often characterizes county officials, they were clearly law enforcement.

Second, the the Black Hat/Defcon crowd is filled with both conspiracy theorists and reporters, and sometimes the two types overlap. So all the hens were clucking, passing stories to each other, and distoring the information between tellings.

When my phone started to ring, it was friends of mine, friends of Mike�s, and various reporters calling. I received about five calls, all with rumors that Mike was in the process of getting arrested, in custody, that his house in Atlanta had been raided, or that agents were swarming the hotel looking for him. I tried but couldn�t reach Mike.

Worried, I gathered up my stuff and left the party, returning to my room to call the government, just as Pure was shooing all the hackers out to make room for the beautiful people of Vegas. It was 11:30 PM.

I called the Las Vegas FBI office. The agent told me he couldn�t check on arrest warrant information without Mike�s date of birth. I estimated the year, but that wasn�t good enough. I had to talk to Mike, but his cell phone was dead. Again, I left a message with friends.

Then I called the Atlanta office. The night agent was extremely helpful, but it was 3 AM there, and office was closed and the agents had all gone home. The night person gave me the name of the Atlanta agent and said she would have him call me first thing the next day. She had no other information for me.

My phone rang and it was Mike, not yet arrested after all, calling with his birthdate. Relieved, I called the Las Vegas office. But in between now and my last call, the only agent on duty had gone home. The woman answering the phone was just a clerk and said she couldn�t give me any information until the office reopened the next morning. Just because he wasn�t arrested didn�t mean he wouldn�t be, so I had to know about the arrest warrant. But this clerk wasn�t talking.

One of the things they don�t tell you in law school is how much schmoozing the job requires. They also don�t train you how to calculate whether being sweet, being annoying or being self-righteous will best help you get your way. Only experience can really teach this. I opted for a combination of all three.

I explained how worried I was, how my client was a nice young man, more then willing to turn himself over and save everyone a lot of trouble if only she could help me. Then I suggested it was their fault we were all in this situation. After all, I called just a half hour ago. No one told me that the office would close. If I had known, I would have done things differently. I need this information. If you want this guy, I have him right here, I said. I kept asking the same questions different ways. The agent became a little annoyed with me, but then promised to call the Las Vegas agent I�d met and leave him a message. �Will he call me back tonight?� I asked. �Maybe,� she said. And we hung up the phone.

Amazingly, he did call me back that night. Groggy from sleep, the agent called me from his cell phone at 12:30A. He told me there was no arrest warrant and no agents from his office looking for Mike. I was surprised and grateful for the call, and very impressed with the agent�s consideration.

So I called Mike again, and told him to come meet me at Caesar�s Palace bar. I bought him and his friend a drink, and reassured him that arrest was not imminent. Our work was done until tomorrow morning. Some shmoo friends joined us and we all headed to Tangerine at Treasure Island, where the Microsoft party crowd had gone, to try to salvage the rest of the night.

At Tangerine, there was a long line waiting to get in. My schmoozing abilities were already warmed up, so I walked up to the bouncer at the VIP door and simply asked to be let in. The bouncer agreed and I was escorted inside. I waited for Mike and his friends, but as far as I know, they didn�t make it in after me. I thought about going back to the bouncer to advocate for them, but decided against it. �I can only do so much�, I told myself. �I�m just a lawyer.�

In one of the more intelligent moves of the day, I left Tangerine at the reasonable hour of 3 AM and headed home for some sleep, confident that Mike was definitely not in jail.

My phone rang the next morning at 5 AM. It was the Atlanta FBI agent, responsibly returning my call first thing in the morning, exactly as I�d asked him to do. It had seemed like a good idea to be called at first light when I hadn�t known whether my client was in jail. We had a conversation, and I think it went well. That�s all I can tell you. A reporter�s call woke me next at 7 AM. Sleepily, I decided that I should confirm the existence of a federal investigation, but assure people that the rumors of incarceration and computer seizures were false.

I was pretty awake after that call, or at least I wasn�t about to go back to sleep, and apparently I�d received the name and number of the AUSA when the Atlanta agent called earlier, so I called him. I then called Mike to meet me so I could update him on that conversation.

On the way to talk to Mike, I got a text message from the Cisco General Counsel, returning my call from the night before, stating he had information for me and asking me to call him. I almost didn�t call, because by now I�d already talked to the government and knew what was happening. But since he was nice enough to get back to me, I dialed him on my way out the door. He informed me that, in direct violation of the court ordered settlement injunction filed just the day before, someone had failed to take Mike Lynn�s presentation off of the Black Hat web server. He told me to prepare to go back to court for a possible contempt hearing later that day.

A little frazzled, I hurried down to the Caesar�s coffee shop to meet Mike. But I�d forgot to put in my contact lenses, and didn�t realize until I got off the elevator. I couldn�t even see if Mike was waiting for me or not. It was going to be another long day.

The Black Hat lawyer scrambled to undo the damage. Mike wasn�t responsible for the Black Hat server, but this was a serious gaffe that could scuttle the whole settlement we�d worked so hard to obtain. Eventually, through an excess of diplomacy, Black Hat was able to convince the plaintiffs� lawyers that the error was inadvertent and that the settlement should go forward. Noone was having an easy week.

Meanwhile, people were still calling me with arrest rumors and tales of Atlanta search warrant executions. I was pulled out of one Defcon talk three separate times to confront rumors that Mike hadn�t made it through security at the airport. One caller told me he had received that bad news directly from Mike. But upon further questioning I learned that they had last talked an hour earlier than when I last talked with my client and everything had been fine. Everyone means well, but when dealing with something like a federal investigation that they don�t understand and don�t trust, the truth is hard to find.

Today, Mike�s responsibilities under the settlement agreement are almost complete and I expect the civil case to be dismissed very soon. As for the federal investigation, there was only so much more I could do for Mike in Las Vegas. He would return to Atlanta and I to San Francisco. An Atlanta lawyer who was familiar with the U.S. Attorney�s Office there would be in a better location to monitor the situation on the ground. When Mike returned to Atlanta he hired a great lawyer there. I�m optimistic about the outcome and looking forward to the day when Mike and I get to have that glass of champagne. Mike quit his job to give a presentation his employer didn�t want him to give. But he did so out of a sense of responsibility to Internet security. I�m proud that my employment doesn�t make me choose between the two.

The End.

ISS and Cisco v. Granick�s Gambling Plans: Part Three

After chilling out during his long drive, sale Cisco/ISS Attorney Andrew Valentine was true to his word: his clients were willing to talk about a deal. We scrambled to make the speaker phone in the hotel connect to the conference phones in the courtroom, page then told the judge that we might be able to settle the entire case. Judges love to hear that. So the Cisco/ISS team, food which was about 6 people, retired to the attorney conference room in the lounge upstairs in the Federal Building, while the Black Hat lawyer, Mike Lynn and I settled into the Black Hat suite at Caesar�s Palace and we got to work.

Our basic agreement was that if Lynn and Black Hat agreed not to disseminate the presentation, the video, or the decompiled code any further and Lynn agreed not to disseminate any of the stuff he worked on while at ISS at all, then Cisco and ISS would drop the case. Everyone was cool with this. But agreeing is only the first of many steps. If you�ve ever negotiated something, you know it is painstaking work. Even when you generally agree on principle, you have to imagine everything you might want and everything you might want to avoid. Then you have to draft language that describes clearly and precisely that and no more or less. Once all the lawyers got together, everyone was able to think about other terms and conditions that might be nice to have, as well as things that might theoretically happen that should be prohibited. So there was a lot to argue about.

Its kind of a code among lawyers that what�s said in settlement negotiations doesn�t get blabbed around. When working things out for our clients, lawyers sometimes take unofficial positions to see how it sounds, or think out loud, or act more rabidly than we really feel, staking out a position from which we can come down. So I�m going to try to keep to the code but still point out a few things about the agreement process. Overall, the lawyers in the conference were relatively reasonable, under the circumstances, especially since there wasn�t a lot of inherent trust between the two sides. If you read the settlement agreement, you can reverse engineer the issues that most concerned each side. For example, ISS and Cisco insisted on stipulating between themselves that they had prepared an alternative presentation �designed to discuss Internet security, including the flaw which Lynn had identified, but without revealing Cisco code or pointers which might help enable third parties to exploit the flaw, but were informed they would not be allowed to present that presentation at the conference.� We insisted that the agreement specifically state that Lynn was not precluded from lawful discussions of Internet security using materials lawfully obtained.

Probably the most hotly debated provision was paragraph 9. We all agreed that ISS and Cisco should be able to reassure themselves that at the end of this matter, Lynn would not retain any materials to which he wasn�t entitled. We all agreed that Lynn and others had privacy rights that should be honored. But it took over an hour to work out a process that would respect both concerns.

We worked almost non-stop from 8:30A to 2:30P, running on caffeine and cold bagels. Some lawyers were great with punctuation, some with grammar. I personally spent 5 whole minutes convincing everyone to change a �which� to a �whether�. Sigh. At a certain point, you can lose sight of the forest because of all the trees. We had delays exchanging versions of the settlement documents because the Black Hat lawyer didn�t have a laptop with him and I kept getting my password sniffed and locked out of my email account whenever I would use the wireless. (Did I mention how annoying this is? Oh, well. Live by the sword, die by the sword.) But by the afternoon we had something everyone agreed upon. As we were wrapping up, one of the opposing lawyers asked me if I was happy. �Happiness is a relative term,� I responded, �and I�m relatively happy.�

That afternoon we reconvened in the United States District Court in San Francisco (the Vegas team by telephone) to file the document with the judge. The judge entered the stipulated injunction immediately, Cisco and ISS promised to dismiss the case once and for all when we complied with the terms, and Team Vegas breathed a sigh of relief and made a date to drink expensive champagne together that very evening.

My parents have retired to Las Vegas, so I went off to have dinner with my mom and sister, and do some shopping in the Forum Shops. (The Granicks are originally from New Jersey, shopping capital of the world.) It was Thursday at 6 PM and we were sitting at the Forum’s Chinese restaurant (just like it used to be back in the Roman Empire), and my mother and I had just received the gigantic two person Mai Tai we’d ordered. I was pix messaging a photo of us drinking it to my father when the phone rang in my hand. A friend told me that that there were two FBI agents looking for me and asking questions about Mike�s presentation. They were wandering around the floor of the Black Hat conference, wearing suits and couldn�t be missed. He told me that the agents said they �just wanted to talk� to people. �Talk? Fuck that,� I advised. Always judicious when dealing with law enforcement, I excused myself from my family meal, and ran back to the convention center to see what was going on.

To be continued �.

Cisco and ISS v. Michael Lynn: I’ll have my version of what people are calling Ciscogate up here sometime very soon. In the meanwhile, dosage here are some interesting articles about what I did this weekend:

First, diabetes and pregnancy Mike gave his talk. Then he got sued. Then I decided to represent him.
We promptly settle the lawsuit. But promptly is a term of art, it takes all night and most of the next day.
Surprisingly, the FBI investigates.
Schneier and others laud Mike for his responsible disclosure and criticise Cisco for trying to keep the problem quiet.
Hackers on Cisco.

ISS and Cisco v. Granick�s Gambling Plans. By Jennifer Granick

What follows is my take on �Ciscogate�, cialis the uproar over researcher Michael Lynn�s presentation at this year�s Black Hat conference, order in which he revealed that he was able to remotely execute code on Cisco routers. I have been representing Mike during this crisis, so I�m clearly partisan, and what I can say is limited by attorney-client responsibilities. But while many people are speculating about the facts, there hasn�t been much on the law, which turns out to be really interesting.

I arrived in Las Vegas around 1:00 PM on Wednesday. My plane had been delayed and I was anxious to get to Caesar�s Palace and get prepared for my presentation, scheduled for 3:15P. My parents and sister also were coming to see me and I had to get approval for their day passes from the Black Hat powers-that-be. I had heard that there was a chance of some legal problems with a talk that Mike Lynn had planned to give about Cisco router vulnerability and that the night or so before the conference, Cisco sent temp workers to cut Lynn�s slides out of the presentation materials and to seize CDs containing his powerpoint presentation. But I wasn�t involved in the case yet.

When I arrived, someone pointed Lynn out to me. He was wearing a white backwards-facing baseball hat with the word �GOOD� on it and chatting animatedly with friends. I introduced myself and he told me that he�d quit his job and given the talk anyway, and that he expected to be sued. Lynn knew that Cisco had fixed the problem he found and stopped distributing the vulnerable code, but he was deeply concerned that the company did not do nearly enough to persuade its customers to upgrade promptly, or to explain to them why upgrading was necessary. Based on some web searching, he thought that Chinese hackers were working on breaking routers too, and that people needed to know. Up until very recently, Mike�s employer, ISS, had approved his talk and were happy for him to give it. But very recently, they dramatically changed their minds and forbade him from giving it. They made Mike pick another topic. By the morning of the conference, Mike decided he had to quit his job and give the talk anyway.

[In subsequent conversations with Cisco attorneys, I was assured that Cisco and ISS were working on a presentation that would reveal the flaw without revealing what Cisco and ISS felt was proprietary information or giving bad guys a road map to an exploit. I never saw this presentation and to the best of my knowledge Mike didn�t either. If this is true, I don�t know why Lynn, ISS and Cisco were communicating so poorly. Of course, I also don�t know what Cisco and ISS were worried about, since Lynn�s presentation neither revealed confidential information nor provided much assistance to would-be intruders. Cisco also told me that they offered to give the new joint ISS and Cisco talk, but that Black Hat refused. My understanding of Black Hat�s position was that speaking slot wasn�t given to Cisco and ISS but to Mike Lynn, and if he wanted to talk about something else, he could, but they weren�t going to give the slot to Cisco just because the originally scheduled talk was about their product.]

I�m generally a believer in the free flow of information. I�ve written an article on vulnerability disclosure, and generally don�t like rules that stop people from telling the truth, for whatever reason. But I understand that exploit code, while communicative, can also be used as a dangerous tool. Lynn understood this too. His presentation did not give away exploit code, or even enough information for listeners to readily create exploit code. In fact, he said, Cisco employees who had vetted the information were themselves unable to create and exploit from his information. But Mike wanted to show people that (1) he knew what he was talking about and (2) he could do what he said could be done. He included just enough information to make those points. (Following the talk, other researchers who�d seen it agreed that it would take a lot of work to get from Mike�s presentation to an exploit.)

After my talk, I caught up with Mike and discussed the possibility that Cisco or ISS would sue him. I told him to call me if he heard anything. Then my family and I went to Shintaro at the Bellagio for dinner. It was my parents� 37th anniversary.

Shintaro has three really beautiful jellyfish tanks in the front of the restaurant, behind the sushi bar. The restaurant is actually kind of large and sits on the Bellagio lagoon. We wanted a table with a window view, but the maitre d� said they were all reserved, even though we had a reservation, it was 5:45P and there were very few other people around. Noone came to sit at those tables the whole time we were there. We had sushi, which was really fresh and good, and then my sister and I shared the crispy lobster in black bean sauce. As with my father�s lamb dish, it was really good, but the sauce was a little overpowering for the delicacy of the meat. The waiter was adept at explaining the sakes, and I ordered a really good one to share with my dad, a junmai ginjo called gissen, I believe. I would definitely go back if it were not for the snootiness of not letting us have a window seat even though noone cool enough to preempt us would dream of going to dinner so ungodly early.

By the time dinner was over, Cisco and ISS had filed a lawsuit and served papers requesting a temporary restraining order on Black Hat, but not on Mike. Mike had heard about the lawsuit, though, and called me. I met him at Caesar�s Palace where a reporter gave me a copy of the moving papers. Black Hat�s PR person told me that Cisco and ISS were suing Black Hat and Lynn, and that they�d scheduled an ex parte hearing before Judge White in San Francisco for the next morning at 8:30A to ask for a temporary restraining order (TRO).

Now I had to decide whether I was interested in the case. I took the papers back to my room to read, and told Mike not to talk directly to opposing counsel. If they called him, he should tell them to call me. This is just habit that I can�t break. As a criminal defense attorney, you never let opposing counsel get anywhere near your client. Even though Mike wasn�t my client, and this wasn�t my case, and it wasn�t criminal, it was reflex to protect him at all costs from the prying questions of an opponent. Sure enough, the attorney for ISS and Cisco, Andrew Valentine (AV) called Mike, and then called me.

AV is a pretty pleasant, reasonable person for someone who�s sued someone I like very much. We started talking about the case, and I was asking what exactly he was claiming that Lynn had done wrong. It appeared to be three things. First, ISS was claiming copyright in the presentation that Mike had given on Wednesday morning (Wednesday presentation). Second, Cisco was claiming copyright in the decompiled machine code that Mike obtained from the Cisco binaries and had included in his slides. And finally, Cisco was claiming trade secret in the information Mike had obtained by decompiling and studying Cisco source code. The complaint (warning: large pdf file) also alleged that Mike had breached his non-disclosure agreement with ISS.

I didn�t and don�t think much of the legal case, and I�ll explain why in the next installment. But every attorney knows that an opponent�s weak legal case is first and foremost an opportunity to get a good settlement. No party wants to litigate against a rich corporation if they don�t have to. It�s a different story for the lawyers, though. For me, no matter how much I care about the client, it�s a job that I enjoy. I like to litigate a case if the issues are interesting and these definitely are. But the client comes first, so I asked AV what his clients really wanted out of all of this. We parsed and narrowed, and came to a point where I thought we might be able to cut a deal. I told him I�d talk to Lynn and Black Hat and get back to him one way or another.

To be continued tomorrow�.

Part Two:

At the point that I first talked to Andrew Valentine, cialis I wasn�t even sure I wanted to be involved in the case, cost
but as I read the TRO papers, I became really interested in the legal issues that the suit raised.

You�ll remember that I wrote yesterday that ISS claimed copyright in the slides Mike used on Wednesday morning. I hadn�t seen the original ISS slides, but I imagined that they looked different but had similar bullet points or words. This wasn�t very interesting to me. I would argue that the bullet points were unoriginal and not deserving of much copyright protection, or that it was fair use, or that Mike jointly retained the copyright with ISS, but none of this is particularly fun. The second copyright claim was Cisco�s in the decompiled code. Certainly Cisco has copyright in the source code, and I suppose in the binary, too, and therefore it probably has copyright in the machine code as well. But Mike only used little edited snippets of the machine code to illustrate his points about how he found the IOS vulnerability and why it existed. This was classic fair use, something important to defend, but only kind of fun, if only because it was so damn obviously permissible.

The more interesting claim was the trade secret claim. They were suing under California�s trade secret law. California has adopted the Uniform Trade Secrets Act, which is relatively broad. It prohibits the misappropriation of trade secrets.

A trade secret is information that:
(1) Derives independent economic value, actual or potential, from not being generally known to the public or to other persons who can obtain economic value from its disclosure or use; and (2) Is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.

So the first question is, �what�s the secret?� The complaint says that Lynn had Cisco source code, but he didn�t. He had the binary code. The binary isn�t secret, since Cisco sells it. Is the decompiled code secret? Is it the fact that there�s a vulnerability? Would the law allow a product flaw to be a protected trade secret? I�ve had lawyers argue it to me, but I can�t believe that any court would think that�s a good idea. Imagine if we did that with cars. The fact that it blows up if someone rear ends you is a protected secret, because people wouldn�t buy the cars if they had that information? I�m not sure there�s anything here of Cisco�s that the law would protect.

The second question is, even if there is some kind of trade secret, did Mike misappropriate it. Misappropriation means acquisition by improper means, or disclosure without consent by a person who used improper means to acquire the knowledge. The law specifically says that reverse engineering (decompiling) is proper, not improper, means.

As used in this title, unless the context requires otherwise:(a) �Improper means� includes theft, bribery, misrepresentation, breach or inducement of a breach of a duty to maintain secrecy, or espionage through electronic or other means. Reverse engineering or independent derivation alone shall not be considered improper means.

So then the question is, did Mike use reverse engineering or independent derivation alone? It seemed that Cisco was claiming that Mike�s actions were improper because he violated the End User License Agreement (EULAs), which prohibited reverse engineering. So now I was having fun. I�m totally interested in EULAs and the circumstances under which they take away public rights that are otherwise guaranteed us. Usually, a breach of contract is no big deal. But increasingly in the tech field, we�re seeing big penalties for what�s essentially a contract violation. Under the Computer Fraud and Abuse Act, if you exceed your authorization to access a computer, you�ve committed a crime. Cases have said you exceed authorization when you breach a EULA, terms of service, or employment contract. Other cases have said that EULAs can waive fair use rights and other rights guaranteed under copyright law. Lynn�s case presented the question of whether EULAs could subvert the legislature�s express desire to allow people to reverse engineer trade secrets.

I decided to get involved in the case. There were lots of ways to argue the case. I could say that the EULA wasn�t enforceable. I could say that if Lynn violated the EULA, it was only at the behest of plaintiff ISS and I could cross claim for indemnification. But my best legal argument was that violation of an End User License Agreement is not a trade secret violation. Improper means includes a breach of a duty to maintain secrecy. But the EULA did not impose a duty to maintain secrecy. It was merely a promise not to reverse engineer. A violation of that promise is a violation of contract, but not an improper means of discovering a trade secret.

There was the possibility that Mike had information that was secret as to ISS and that he had promised to keep secret under his employment agreement or NDA. But the complaint didn�t identify any ISS trade secrets and Mike hadn�t disclosed any ISS information other than whatever was in the presentation, so this was a great legal argument.

Fortunately for Mike, I never got to make it to a judge, because we were able to settle the case within 24 hours. A lot of people have asked what the basis was for the injunction that the court entered, or why the court entered an injunction, or why Mike can�t give out the slides from his presentation, and the answer to each question is the same. We agreed to an injunction to settle the case, and the reason we settled the case is because all Mike has to do is stuff he�s mostly willing to do anyway, and Cisco and ISS will dismiss the lawsuit. At the point that you get sued, or even charged with a crime, it matters less what actually happened and whether you did something wrong and more what it takes to get out of the case as unscathed as possible. It�s sad, but true, that our legal system can often be more strategy than justice.

Though I wanted to fight the case, as a good advocate, I had to explore the possibility of settling it as well. [And I definitely didn�t want to have to fly back to San Francisco for a court hearing the next morning!] Valentine, the Cisco/ISS lawyer was pretty reasonable, and able to clearly state what exactly it was that his clients wanted, at least at that time of day. I went back to Lynn and Black Hat with his proposal and could see that we were close to an agreement. I called Valentine and told him, and he sent me bullet points representing the essence of our agreement. It was 1:30 A. I emailed back some comments, but we basically had a deal. Then the Black Hat people and I double checked that the impounded official video of Lynn�s presentation was safe and sound and I went to bed.

I woke up at 5:30A because the Black Hat lawyer and I were supposed to meet at 6A to get a copy of the settlement agreement that Valentine courageously had stayed up all night writing. We were hoping to get it signed before the 8:30A court hearing that day. Now, Valentine is licensed to practice in California and his bar number is close to mine, so we were admitted about the same year, and I imagine he�s about my age, maybe a little older. At our age, staying up all night really sucks. For those of you in your 20s who are reading this, stay up all night now as much as you can before you lose the knack. By the time Valentine sent it to us, he was pretty raw, I�m sure. Not thinking, I redlined his proposal pretty heavily and sent it back to him with a breezy note. He was getting ready to leave for the court hearing, and I think my redlines might have broken his usually reasonable brain. His position basically went from, we�re close to a deal, to forget this, we have no deal and I�ve got court to go to. I was seriously disconcerted. If I was going to have a TRO hearing, I would have at least written a brief, and maybe even have showed up in San Francisco. I reminded Valentine that we�d agreed that if we were close, we�d postpone the hearing, and we were definitely close. He said he�d have to talk to his clients and he�d get back to me. So there I was, sitting with Mike on the Black Hat conference floor, unable to check my email because you hackers sniff my password and lock me out of my own account, doing Lexis searches and waiting for word of whether we�d be arguing against a TRO in 30 minutes, or knocking out a deal. Luckily, there were bagels.

To be continued�.

Cisco and ISS v. Michael Lynn: I’ll have my version of what people are calling Ciscogate up here sometime very soon. In the meanwhile, dosage here are some interesting articles about what I did this weekend:

First, diabetes and pregnancy Mike gave his talk. Then he got sued. Then I decided to represent him.
We promptly settle the lawsuit. But promptly is a term of art, it takes all night and most of the next day.
Surprisingly, the FBI investigates.
Schneier and others laud Mike for his responsible disclosure and criticise Cisco for trying to keep the problem quiet.
Hackers on Cisco.

ISS and Cisco v. Granick�s Gambling Plans. By Jennifer Granick

What follows is my take on �Ciscogate�, cialis the uproar over researcher Michael Lynn�s presentation at this year�s Black Hat conference, order in which he revealed that he was able to remotely execute code on Cisco routers. I have been representing Mike during this crisis, so I�m clearly partisan, and what I can say is limited by attorney-client responsibilities. But while many people are speculating about the facts, there hasn�t been much on the law, which turns out to be really interesting.

I arrived in Las Vegas around 1:00 PM on Wednesday. My plane had been delayed and I was anxious to get to Caesar�s Palace and get prepared for my presentation, scheduled for 3:15P. My parents and sister also were coming to see me and I had to get approval for their day passes from the Black Hat powers-that-be. I had heard that there was a chance of some legal problems with a talk that Mike Lynn had planned to give about Cisco router vulnerability and that the night or so before the conference, Cisco sent temp workers to cut Lynn�s slides out of the presentation materials and to seize CDs containing his powerpoint presentation. But I wasn�t involved in the case yet.

When I arrived, someone pointed Lynn out to me. He was wearing a white backwards-facing baseball hat with the word �GOOD� on it and chatting animatedly with friends. I introduced myself and he told me that he�d quit his job and given the talk anyway, and that he expected to be sued. Lynn knew that Cisco had fixed the problem he found and stopped distributing the vulnerable code, but he was deeply concerned that the company did not do nearly enough to persuade its customers to upgrade promptly, or to explain to them why upgrading was necessary. Based on some web searching, he thought that Chinese hackers were working on breaking routers too, and that people needed to know. Up until very recently, Mike�s employer, ISS, had approved his talk and were happy for him to give it. But very recently, they dramatically changed their minds and forbade him from giving it. They made Mike pick another topic. By the morning of the conference, Mike decided he had to quit his job and give the talk anyway.

[In subsequent conversations with Cisco attorneys, I was assured that Cisco and ISS were working on a presentation that would reveal the flaw without revealing what Cisco and ISS felt was proprietary information or giving bad guys a road map to an exploit. I never saw this presentation and to the best of my knowledge Mike didn�t either. If this is true, I don�t know why Lynn, ISS and Cisco were communicating so poorly. Of course, I also don�t know what Cisco and ISS were worried about, since Lynn�s presentation neither revealed confidential information nor provided much assistance to would-be intruders. Cisco also told me that they offered to give the new joint ISS and Cisco talk, but that Black Hat refused. My understanding of Black Hat�s position was that speaking slot wasn�t given to Cisco and ISS but to Mike Lynn, and if he wanted to talk about something else, he could, but they weren�t going to give the slot to Cisco just because the originally scheduled talk was about their product.]

I�m generally a believer in the free flow of information. I�ve written an article on vulnerability disclosure, and generally don�t like rules that stop people from telling the truth, for whatever reason. But I understand that exploit code, while communicative, can also be used as a dangerous tool. Lynn understood this too. His presentation did not give away exploit code, or even enough information for listeners to readily create exploit code. In fact, he said, Cisco employees who had vetted the information were themselves unable to create and exploit from his information. But Mike wanted to show people that (1) he knew what he was talking about and (2) he could do what he said could be done. He included just enough information to make those points. (Following the talk, other researchers who�d seen it agreed that it would take a lot of work to get from Mike�s presentation to an exploit.)

After my talk, I caught up with Mike and discussed the possibility that Cisco or ISS would sue him. I told him to call me if he heard anything. Then my family and I went to Shintaro at the Bellagio for dinner. It was my parents� 37th anniversary.

Shintaro has three really beautiful jellyfish tanks in the front of the restaurant, behind the sushi bar. The restaurant is actually kind of large and sits on the Bellagio lagoon. We wanted a table with a window view, but the maitre d� said they were all reserved, even though we had a reservation, it was 5:45P and there were very few other people around. Noone came to sit at those tables the whole time we were there. We had sushi, which was really fresh and good, and then my sister and I shared the crispy lobster in black bean sauce. As with my father�s lamb dish, it was really good, but the sauce was a little overpowering for the delicacy of the meat. The waiter was adept at explaining the sakes, and I ordered a really good one to share with my dad, a junmai ginjo called gissen, I believe. I would definitely go back if it were not for the snootiness of not letting us have a window seat even though noone cool enough to preempt us would dream of going to dinner so ungodly early.

By the time dinner was over, Cisco and ISS had filed a lawsuit and served papers requesting a temporary restraining order on Black Hat, but not on Mike. Mike had heard about the lawsuit, though, and called me. I met him at Caesar�s Palace where a reporter gave me a copy of the moving papers. Black Hat�s PR person told me that Cisco and ISS were suing Black Hat and Lynn, and that they�d scheduled an ex parte hearing before Judge White in San Francisco for the next morning at 8:30A to ask for a temporary restraining order (TRO).

Now I had to decide whether I was interested in the case. I took the papers back to my room to read, and told Mike not to talk directly to opposing counsel. If they called him, he should tell them to call me. This is just habit that I can�t break. As a criminal defense attorney, you never let opposing counsel get anywhere near your client. Even though Mike wasn�t my client, and this wasn�t my case, and it wasn�t criminal, it was reflex to protect him at all costs from the prying questions of an opponent. Sure enough, the attorney for ISS and Cisco, Andrew Valentine (AV) called Mike, and then called me.

AV is a pretty pleasant, reasonable person for someone who�s sued someone I like very much. We started talking about the case, and I was asking what exactly he was claiming that Lynn had done wrong. It appeared to be three things. First, ISS was claiming copyright in the presentation that Mike had given on Wednesday morning (Wednesday presentation). Second, Cisco was claiming copyright in the decompiled machine code that Mike obtained from the Cisco binaries and had included in his slides. And finally, Cisco was claiming trade secret in the information Mike had obtained by decompiling and studying Cisco source code. The complaint (warning: large pdf file) also alleged that Mike had breached his non-disclosure agreement with ISS.

I didn�t and don�t think much of the legal case, and I�ll explain why in the next installment. But every attorney knows that an opponent�s weak legal case is first and foremost an opportunity to get a good settlement. No party wants to litigate against a rich corporation if they don�t have to. It�s a different story for the lawyers, though. For me, no matter how much I care about the client, it�s a job that I enjoy. I like to litigate a case if the issues are interesting and these definitely are. But the client comes first, so I asked AV what his clients really wanted out of all of this. We parsed and narrowed, and came to a point where I thought we might be able to cut a deal. I told him I�d talk to Lynn and Black Hat and get back to him one way or another.

To be continued tomorrow�.

Cisco and ISS v. Michael Lynn: I’ll have my version of what people are calling Ciscogate up here sometime very soon. In the meanwhile, dosage here are some interesting articles about what I did this weekend:

First, diabetes and pregnancy Mike gave his talk. Then he got sued. Then I decided to represent him.
We promptly settle the lawsuit. But promptly is a term of art, it takes all night and most of the next day.
Surprisingly, the FBI investigates.
Schneier and others laud Mike for his responsible disclosure and criticise Cisco for trying to keep the problem quiet.
Hackers on Cisco.

« Previous Page