Judge delays trial of accused Palin e-mail hacker

Computerworld - The Tennessee college student indicted a month ago for allegedly breaking into the e-mail account of former Republican vice presidential candidate Sarah Palin will face trial next May, not next month as originally scheduled, according to recent court documents.

At a motion hearing before U.S. Magistrate Judge Clifford Shirley in Knoxville, Tenn., on Friday, federal prosecutors and an attorney for 20-year-old David Kernell agreed to push back the trial date to May 19, 2009. Initially, the trial was to begin Dec. 16 for Kernell, who faces a single count of illegally accessing Palin's Yahoo Mail e-mail account.

Kernell, a student at the University of Tennessee at Knoxville, was the focus early in the investigation into the hacking of Palin's Yahoo Mail account, which first made news when several of her messages were published on the Internet in mid-September.

The government has accused Kernell, the son of a long-time Democratic Tennessee state legislator, with accessing Palin's e-mail account by using Yahoo's password reset. Shortly after Palin's messages went public, a hacker identified only as "Rubico" bragged that it had taken only 45 minutes of online research to come up with the answers to the password reset questions.

Like other Web-based e-mail services, Yahoo Mail uses an automated password-reset mechanism that can be abused by anyone who knows the username associated with an account and an answer to one or more security questions.

If convicted, Kernell faces up to five years in prison, a fine of $250,000 and three years of supervision. He has pleaded not guilty to the charge and was released on his own recognizance. Among the court-imposed conditions, however, Kernell is not allowed to own a computer and must restrict his use of the Internet to e-mail and his college coursework.

The joint motion approved Friday cited the need for additional time to dig into the computer side of the alleged crime. "Because of the nature of the case, significant forensic evaluation is required," according to the motion. Lawyers for both Kernell and the government also said they needed more time for discovery, the pretrial process in which both sides are allowed to request documents and other information from the other party.

Last month, Kernell's attorney, Wade Davies at Knoxville law firm Ritchie, Dillard & Davies PC, asked Shirley to dismiss the case against his client, arguing that the government was trying to charge him with a felony when he was guilty, if at all, of only a misdemeanor.

The same day, Davies also moved that the court bar the use of the term "hacking" and prohibit Kernell from being referred to as a "hacker" during the trial.

"According to the Indictment and information provided in pretrial discovery, Mr. Kernell is a college student who allegedly accessed a Yahoo! e-mail account simply by guessing three security questions based on readily available information from public sources," Davies' motion stated. " 'Hacking,' which implies the use of sophisticated means or specialized computer skills, is not applicable to the alleged conduct."

The next item on the case calendar is a March 9 pretrial conference.

Read more about security in Computerworld's Security Knowledge Center.