People engaged in journalism frequently acquire information others wish would never see the light of day. This often means gathering tips in violation of workplace rules or through other people's carelessness. That can result in legal battles and, in the age of technology and cybercrime, in governments coming after the curious with tools crafted for malicious hackers. All this appears to be the case with Tim Burke, who has been targeted with a controversial law by the feds after gathering information through electronic means.
Scoop or Hack?
"Federal prosecutors in Florida have obtained a disturbing indictment against well-known journalist Tim Burke," the Freedom of the Press Foundation (FPF) warned last week. "The indictment could have significant implications for press freedom, not only by putting digital journalists at risk of prosecution but by allowing the government to permanently seize a journalist's computers."
Specifically, in the February 15 indictment, federal prosecutors say that Burke "intentionally intercepted, endeavored to intercept, and procured another person to intercept and to endeavor to intercept, the contents of a wire, oral, and electronic communication as it was occurring, by means of a device, namely a computer."
Burke's home was raided last year after he distributed intercepted video, including outtakes of the rapper Ye (formerly Kanye West) making antisemitic comments during an interview with Tucker Carlson while the host was still with Fox News. Burke has built a reputation with his very online presence and distinctive style. He has also rubbed some people the wrong way with his reporting and, perhaps, the means by which he acquires material. But the prosecutors going after Burke are also accused of resorting to questionable tactics, including invoking the Computer Fraud and Abuse Act, an anti-hacking law.
Creative Interpretation of the Law
"The Computer Fraud and Abuse Act is a vague, ambiguous law, and the Supreme Court and the DOJ itself have cautioned prosecutors against testing its outer limits," notes FPF Advocacy Director Seth Stern. "Prosecutors should not be experimenting with the CFAA as a means of criminalizing journalists finding information online that embarrasses public figures."
In response to the indictment, the Electronic Frontier Foundation's (EFF) Andrew Crocker also questioned "whether the prosecution is consistent with the DOJ's much-vaunted policy for charging criminal violations of the Computer Fraud and Abuse Act (CFAA)."
Despite pressure for reform and restraint, Crocker added, "the law remains vague, too often allowing prosecutors and private parties to claim that individuals knew or should have known what they were doing was unauthorized, even when no technical barrier prevented them from accessing a server or website."
That's important, because Burke's lawyers argue in court documents that "no leaks or hacking occurred… Mr. Burke learned of the Internet location (the URL) of the feed by using a 'demo' credential posted publicly online by the owner of the credential and not by any unauthorized person."
Added Burke's team, "the hosting website ('Website 1') automatically delivered to any user — including users of their free demo service — lists of the URL's of all live streams hosted on the service" and "access to these live streams was not restricted to users of the site."
Clicking your way through a poorly secured website doesn't satisfy most people's definition of hacking. It also doesn't satisfy the U.S. Supreme Court.
In Van Buren v. United States (2021), the court cautioned that the federal government's creeping expansion of the definition of unauthorized access "would attach criminal penalties to a breathtaking amount of commonplace computer activity." Using data that's been made available in unapproved ways might violate policies, the court observed, but that doesn't mean it's prosecutable under the CFAA.
We'll Do Better, Fibbed the Feds
Seemingly chastened, the Department of Justice implemented a policy pledging, in part, that it "will not charge defendants for accessing 'without authorization' under these paragraphs unless when, at the time of the defendant's conduct, the defendant was not authorized to access the protected computer under any circumstances by any person or entity with the authority to grant such authorization."
Additionally, after numerous abuses and complaints, in a 2021 news media policy announcement the Department of Justice promised, subject to some exceptions, it "will not use compulsory legal process for the purpose of obtaining information from or records of members of the news media acting within the scope of newsgathering."
That's why, in October, after the raid but before the indictment, FPF joined with EFF and numerous other press and civil liberties groups to "call for greater transparency from the Department of Justice, regarding the raid of journalist Tim Burke's home, and seizure of equipment and work product." The coalition's letter cautioned that because of the government's conduct "journalists around the country are left uncertain about whether they could be prosecuted for acts of routine journalism on the mistaken grounds that they violated state or federal computer crime laws."
The formal indictment appears to be the government's response to both Burke's legal filings and the coalition's letter. Nowhere does it recognize that Burke was engaged in journalism (which might invoke the news media policy), and it seems to imply that he had no right to publish the information he discovered unless he asked for explicit permission to use tidbits left lying around for anybody to find (a novel interpretation of authorized access).
Begging for Permission Isn't Journalism
"An investigative journalist's job is to find information that powerful people would prefer to be kept secret," points out FPF Deputy Director of Advocacy Caitlin Vogus. "It's a safe bet that if journalists need to ask permission to publish information that casts public figures in a negative light, the answer will often be 'no.' Journalists should be encouraged to use the internet to find newsworthy information—not prosecuted for doing so."
The powers that be have long tried to treat the release of inconvenient information, or even the casual discovery of their own sloppy security practices, as the equivalent of espionage. The misuse of a law against hacking to target those who do journalism without prior authorization is an inevitable escalation in the war between people who publish secrets and those who seek to keep them.
The post Feds Target Journalist Tim Burke With Law Intended for Hackers appeared first on Reason.com.