iowa judicial branch

Security Testers Charged With Breaking Into Iowa Courthouses Cleared Of All Criminal Charges

The two men, who worked for Coalfire Labs, were caught up in a miscommunication between local law enforcement and the Iowa judicial branch, which hired the security firm to conduct testing.

Two penetration testers employed by Coalfire Labs, a security firm, were cleared of all criminal charges on Thursday after they were arrested and jailed in September for breaking into an Iowa courthouse -- a task they were hired to do in a contract signed by the Iowa judicial system.

Justin Wynn and Gary De Mercurio had been charged with third-degree burglary and possession of burglary tools after they were caught attempting to break into the Dallas County Courthouse last year. Upon the police’s arrival, the two men informed law enforcement that they were breaking in as part of security testing for Iowa’s court system, according to The Des Moines Register.

However, local law enforcement were unaware of these plans and said that the State Court Administration lacked the authority to allow the testers to enter the property. Wynn and De Mercurio spent more than 12 hours in jail until they were released on bail.

Since then, the court system has said that the Coalfire employees acted outside of the scope of the contract and that they had been hired to find cybersecurity vulnerabilities, not break into courthouses. But the security firm said that it was following through on a contract to test the security of government buildings and outside access to records.

The chief justice of the Iowa Supreme Court apologized to legislators and the public for the mishandling of the contract in October. Following a senate hearing, the judicial branch released new policies on security tests, with one requirement to notify local law enforcement prior to testing.

After news of the contract between Coalfire and the Iowa government became public, Dallas County Attorney Charles Sinnard reduced the charges against Wynn and De Mercurio to trespassing but continued to prosecute. On Thursday, Coalfire leaders and Sinnard announced that the charges had been officially dropped.

“Ultimately, the long-term interests of justice and protection of the public are not best served by continued prosecution of the trespass charges,” Coalfire officials and Sinnard wrote in a joint statement published by Ars Technica. “Those interests are best served by all the parties working together to ensure that there is clear communication on the actions to be taken to secure the sensitive information maintained by the Judicial Branch, without endangering the life or property of the citizens of Iowa, law enforcement or the persons carrying out the testing.”

Coalfire CEO Tom McAndrew added that he hopes a “a new dialogue now begins with a focus on improving best practices and elevating the alignment between security professionals and law enforcement.”

De Mercurio and Wynn’s lawyer, Matthew Linholm, said in a statement that he was frustrated that his clients were ever arrested for doing their jobs and that the felony arrests will remain on their permanent record.

“This entire ordeal could have been avoided by simply respecting the fact finding that the responding law enforcement officer conducted which verified the work was authorized by the Judicial Branch,” Linholm said. “Unfortunately, the lack of communication between government entities, an ignorance of the law, personal pride and politics overrode the objective investigation conducted by responding law enforcement.”

He added that the two men plan to share their experiences in an “effort to help educate others” on security testing and the consequences of their ordeal.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • The Future is Happening Outside the Cloud

    For years, the cloud has captivated the physical security industry. And for good reason. Remote access, elastic scalability and simplified maintenance reshaped how we think about deploying and managing systems. But as the number of cameras grows and resolutions push from HD to 4K and beyond, the cloud’s limits are becoming unavoidable. Bandwidth bottlenecks. Latency lags. Rising storage costs. These are not abstract concerns. Read Now

  • The Impact of Convergence Between IT and Physical Security

    For years, the worlds of physical security and information technology (IT) remained separate. While they shared common goals and interests, they often worked in silos. Read Now

  • Unlocking Trustworthy AI: Building Transparency in Security Governance

    In situations where AI supports important security tasks like leading investigations and detecting threats and anomalies, transparency is essential. When an incident occurs, investigators must trace the logic behind each automated response to confirm its validity or spot errors. Demanding interpretable AI turns opaque “black boxes” into accountable partners that enhance, rather than compromise, organizational defense. Read Now

  • Seeking Innovative Solutions

    Denial, Anger, Bargaining, Depression and Acceptance. You may recognize these terms as the “5 Phases” of a grieving process, but they could easily describe the phases one goes through before adopting any new or emerging innovation or technology, especially in a highly risk-averse industry like security. However, the desire for convenience in all aspects of modern life is finally beginning to turn the tide from old school hardware as the go-to towards more user-friendly, yet still secure, door solutions. Read Now

  • Where AI Meets Human Judgment

    Artificial intelligence is everywhere these days. It is driving business growth, shaping consumer experiences, and showing up in places most of us never imagined just a few years ago. Read Now

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities