I am glad that the government wised up and abdicated their position that McDanel did something wrong. However, I don’t think this was vindication for McDanel, who still served his entire term in prison, and whom will even with the reversal of the conviction, still have to live the rest of his life fighting the demons of trying to get a job with employers who are unwilling to trust him for being a resident of FedPen, even though he was cleared of the charges.

As I said back in August 2002, this whole situation is ridiculous (yes, I mis-spelled it then…), but very common. Though this was the first case I knew of where an individual was arrested and convicted of the crime of making other customers aware of a problem which the company failed to fix, I myself have been threatened by companies in the past for disclosing vulnerabilities in their hardware/software, and it seems to be a growing trend that instead of calling the security engineers, the first knee-jerk reaction to a vulnerability disclosure is to call the police. I hope that if any more of these cases are brought to trial, this will serve as case-law to prevent those accused from suffering the same misguided punishment that McDanel suffered.

Those who know me know that I have a deep, and sometimes perverted (yes, I know that word isn’t right, but it is the closest word I can think of to describe what I am trying to say,) love for the law. And even with this love for the law, I still find this case to be disgusting since it in itself is the ultimate corruption of the law, using the legal system to protect a companies flawed image instead of dealing with the flaw and moving on. I just hope nobody else has to suffer this abuse of the law (I know, a daily occurance in many cases.)