Feeds

FBI bypasses First Amendment to nail a hacker

The Subpoenas are Coming!

  • alert
  • submit to reddit

Intelligent flash storage arrays

Citing a provision of the Patriot Act, the FBI is sending letters to journalists telling them to secretly prepare to turn over their notes, e-mails and sources to the bureau. Should we throw out the First Amendment to nail a hacker, writes SecurityFocus columnist Mark Rasch.

Frequent readers of this space know that I am no apologist for hackers like Adrian Lamo, who, in the guise of protection, access others' computer systems without authorization, and then publicize these vulnerabilities.

When Lamo did this to the New York Times, he violated two of my cardinal rules: Don't make enemies with people appointed for life by the President of the United States; and don't make enemies of people who buy their ink by the gallon.

Now, in the scope of prosecuting Lamo, the FBI is doing the hacker one better by violating both of these precepts in one fell swoop.

The Bureau recently sent letters to a handful of reporters who have written stories about the Lamo case -- whether or not they have actually interviewed Lamo. The letters warn them to expect subpoenas for all documents relating to the hacker, including, apparently, their own notes, e-mails, impressions, interviews with third parties, independent investigations, privileged conversations and communications, off the record statements, and expense and travel reports related to stories about Lamo.

In short, everything.

The notices make no mention of the protections of the First Amendment, Department of Justice regulations that restrict the authority to subpoena information from journalists, or the New York law that creates a "newsman's shield" against disclosure of certain confidential information by reporters.

Instead, the FBI has threatened to put these reporters in jail unless they agree to preserve all of these records while they obtain a subpoena for them under provisions amended by the USA-PATRIOT Act.

The government also officiously informed the reporters that this is an "official criminal investigation" and asks that they not disclose the request to preserve documents, or the contents of the letter, to anyone -- presumably including their editors, directors, or lawyers -- under the implied threat of prosecution for obstruction of justice.

That's why you're reading about the letters for the first time here.

They do this despite the fact that, had they actually obtained and issued a subpoena for these documents, the federal criminal procedure rules would have prohibited the imposition of any obligation of secrecy unless the Justice Department obtained a "gag" order on the press -- a rare event indeed.

All of this began the day after the Attorney General advised all United States Attorney's Offices to prosecute each and every criminal offense with the harshest possible penalties, instead of the previous policy of prosecuting cases with the penalties that most accurately reflect the seriousness of the offense. Thus, journalists be forewarned -- your government may be seeking to throw the book at you!

Believe it or not, this isn't even the worst of it.

Patriot Games

The demand that journalists preserve their notes is being made under laws that require ISP's and other "providers of electronic communications services" to preserve, for example, e-mails stored on their service, pending a subpoena, under a statute modified by the USA-PATRIOT Act.

The purpose of that law was to prevent the inadvertent destruction of ephemeral electronic records pending a subpoena. For example, you could tell an ISP that you were investigating a hacking case, and that they should preserve the audit logs while you ran to the local magistrate for a subpoena.

It was never intended to apply to journalist's records.

Similarly, the letters go on to inform the reporters that the FBI intends to get an order for production of records under the Electronic Communication Transactional Records Act, a statute that applies only to ISPs. Citing that law, they insist that the journalist is mandated to preserve records for at least the next three months and possibly longer. This demand is all the more egregious in that it comes more than a year after the articles and interviews first appeared -- after any actual Internet logs would have been routinely deleted.

There are times -- few and far between -- when it may be essential in a criminal investigation or prosecution to subpoena a member of the press. Say, for example, a cameraman gets a picture of a crime in progress, and the photograph or videotape is published or broadcast, and the prosecution seeks to use it at trial. Or suppose that O.J. Simpson, after the murders in Brentwood, chose to unload his soul to Barbara Walters. That admission may require hauling Ms. Walters to the stand, if -- and this is a big "if" -- there is no other way to obtain crucial evidence.

But before a subpoena can be issued to a reporter under federal regulations and internal DOJ guidelines, not only must the Attorney General personally approve the subpoena, but prosecutors are instructed to use all reasonable efforts to get the information from other sources. The New York State newsman's shield law that applies to the Lamo prosecution requires essentially the same thing.

Even if such a subpoena is issued, government regulations mandate that, absent exigent circumstances, it must be limited to the verification of published information, and to such surrounding circumstances as relate to the accuracy of the published information.

Breaking the Rules

And yet, the FBI is demanding that reporters preserve every scrap of documentation about everything having to do with Adrian Lamo -- and has expressly told them that if they fail to do this for at least three months, and perhaps longer, they can expect to be prosecuted for contempt of court.

The DOJ guidelines also mandate that before a subpoena is issued, even for public information (e.g., a copy of a Dateline NBC videotape), there has to be a good faith effort to obtain the records by negotiation with the reporter. But no negotiation has occurred in this case.

I wish I could say this was a first. But in May of 2002, prosecutors investigating the very same Lamo case issued an unauthorized subpoena to MSNBC.com's Bob Sullivan for his notes and records. The subpoena was hastily withdrawn when it was noted that it had never been approved by the Attorney General, as mandated by regulation, and that the prosecutor -- who was reported as "inexperienced" -- didn't even realize that he had to obtain such approval.

And in March of 2001, the Department of Justice subpoenaed then-Wired.com reporter Declan McCullagh to testify in a criminal case, also in violation of the regulations.

While the FBI has reportedly told reporters that this time they will seek Attorney General approval before issuing subpoenas, there does not appear to have been any effort to obtain any that approval before threatening to prosecute these reporters with obstruction of justice under a statute that facially does not apply to them.

It's as though the FBI believes that Attorney General approval is a mere formality, ignoring the regulations that require negotiations with reporters first, and reportedly stating that all reporters can expect to be required to "turn it all over."

So why would the government need to put a reporter on the stand to testify that she interviewed Adrian Lamo, and that Lamo confessed?

Presumably to demonstrate that Lamo in fact hacked into the New York Times. I would certainly hope that the government would be able to prove this through other means -- like the IP logs. But if you peruse the affidavit submitted by the FBI to arrest Adrian Lamo, you begin to wonder. The affidavit is rife with references to articles written by Security Focus reporter Kevin Poulsen, and MSNBC.com's Sullivan, as their principal "evidence" of Lamo's guilt.

Might it be helpful to the government to enlist all journalists Lamo spoke to as criminal investigators -- doing the prosecutors' job for them? Sure. Would it make the FBI's job easier? No doubt. But the law requires that the information sought by subpoena be highly relevant and not available elsewhere. The government has not even tried to make this showing.

Nor have they limited their request to preserve evidence to verification of the published information. In fact, if all they wanted was verification of published information, no document preservation would be necessary. You simply call the reporter to the stand and ask, "Hey, when you said in your article that Lamo confessed, was that true?" End of subpoena.

So there must be a more sinister motive behind this preservation request. And there must be a more sinister motive behind using the ISP statute to do so.

Secret Orders

There are really only three reasons the government would invoke the ISP statute against journalists. All of these possibilities are frightening in their implications.

They may think that reporters who write stories for online publications or who use e-mail to communicate with sources (and whose news organizations maintain their own Internet connections) are, in fact, "providers of electronic communications" under the law. The statute is clearly geared at mandating the preservation of ephemeral electronic records by ISP's, but perhaps the Department of Justice is attempting to use the fact that reporters use electronic communications as a jurisdictional hook to order them to preserve their physical notes -- a dramatic, unprecedented and unwarranted expansion of the statute.

More sinister is the possibility that these letters were never intended to go to the reporters at all, but rather were actually intended to go to their ISPs. You see, the regulation that mandates Attorney General approval applies only to subpoenas to reporters, or to telephone companies to get a reporter's telephone records. Because the regulation is 20-years-old, it does not address the possibility that you could actually get the content of a reporters communications from a third party -- an ISP -- without subpoenaing the reporter herself. So the whole thing could be intended as an end-run around for the First Amendment.

Finally, it is possible that the FBI knew that the ISP statute didn't apply to the reporters, but simply wanted to threaten or intimidate them with the possibility of an obstruction of justice prosecution. But, as the Enron auditors at Arthur Anderson learned, all the government has to do is tell the reporters that their information may be relevant to the prosecution or defense of the case, and this would put them on notice that destroying their records in anticipation of litigation would constitute obstruction. There was no need for the heavy handed threat.

None of this explains the cloak of secrecy the FBI has thrown over the whole affair. Reporters are being told that this is an official criminal investigation, and asked not to tell anyone. Even the DOJ's proposals for secret administrative subpoenas announced this month as part of USA-PATRIOT II would allow recipients of such subpoenas to confer with their own lawyers and others necessary to enforce the subpoena. The FBI request here made it clear that they didn't want the reporters talking to anyone, because that would supposedly harm the ongoing criminal investigation.

And yet the FBI publicly announced to the world, through a Wired.com reporter, their intention to subpoena every journalist who ever talked to Adrian Lamo. Apparently, the FBI can talk about their intention to subpoena reporters, and mention specific reporters' names in the Lamo affidavit, but if journalists have the temerity to mention it to their own lawyers, this could devastate the prosecution.

I've never spoken to Adrian Lamo, but I am sure that by writing this article, I am making myself a target for subpoenas, search warrants (government, take note that the law prohibits search warrants for reporter's notes) and demands to preserve evidence. All I have to say is, quoting President George W. Bush, "Bring it on."

Copyright © 2003,

Mark D. Rasch, J.D., is a former head of the Justice Department's computer crime unit, and now serves as Senior Vice President and Chief Security Counsel at Solutionary Inc.

Top 5 reasons to deploy VMware with Tegile

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.