- Citing a provision of the Patriot Act, the FBI is sending
letters to journalists telling them to secretly prepare to turn over their
notes, e-mails and sources to the bureau. Should we throw out the First
Amendment to nail a hacker, writes SecurityFocus columnist Mark Rasch.
-
- Frequent readers of this space know that I am no apologist
for hackers like Adrian Lamo, who, in the guise of protection, access others'
computer systems without authorization, and then publicize these vulnerabilities.
-
- When Lamo did this to the New York Times, he violated
two of my cardinal rules: Don't make enemies with people appointed for
life by the President of the United States; and don't make enemies of people
who buy their ink by the gallon.
-
- Now, in the scope of prosecuting Lamo, the FBI is doing
the hacker one better by violating both of these precepts in one fell swoop.
-
- The Bureau recently sent letters to a handful of reporters
who have written stories about the Lamo case -- whether or not they have
actually interviewed Lamo. The letters warn them to expect subpoenas for
all documents relating to the hacker, including, apparently, their own
notes, e-mails, impressions, interviews with third parties, independent
investigations, privileged conversations and communications, off the record
statements, and expense and travel reports related to stories about Lamo.
-
- In short, everything.
-
- The notices make no mention of the protections of the
First Amendment, Department of Justice regulations that restrict the authority
to subpoena information from journalists, or the New York law that creates
a "newsman's shield" against disclosure of certain confidential
information by reporters.
-
- Instead, the FBI has threatened to put these reporters
in jail unless they agree to preserve all of these records while they obtain
a subpoena for them under provisions amended by the USA-PATRIOT Act.
-
- The government also officiously informed the reporters
that this is an "official criminal investigation" and asks that
they not disclose the request to preserve documents, or the contents of
the letter, to anyone -- presumably including their editors, directors,
or lawyers -- under the implied threat of prosecution for obstruction of
justice.
-
- That's why you're reading about the letters for the first
time here.
-
- They do this despite the fact that, had they actually
obtained and issued a subpoena for these documents, the federal criminal
procedure rules would have prohibited the imposition of any obligation
of secrecy unless the Justice Department obtained a "gag" order
on the press -- a rare event indeed.
-
- All of this began the day after the Attorney General
advised all United States Attorney's Offices to prosecute each and every
criminal offense with the harshest possible penalties, instead of the previous
policy of prosecuting cases with the penalties that most accurately reflect
the seriousness of the offense. Thus, journalists be forewarned -- your
government may be seeking to throw the book at you!
-
- Believe it or not, this isn't even the worst of it.
-
- Patriot Games
-
- The demand that journalists preserve their notes is being
made under laws that require ISP's and other "providers of electronic
communications services" to preserve, for example, e-mails stored
on their service, pending a subpoena, under a statute modified by the USA-PATRIOT
Act.
-
- The purpose of that law was to prevent the inadvertent
destruction of ephemeral electronic records pending a subpoena. For example,
you could tell an ISP that you were investigating a hacking case, and that
they should preserve the audit logs while you ran to the local magistrate
for a subpoena.
-
- It was never intended to apply to journalist's records.
-
- Similarly, the letters go on to inform the reporters
that the FBI intends to get an order for production of records under the
Electronic Communication Transactional Records Act, a statute that applies
only to ISPs. Citing that law, they insist that the journalist is mandated
to preserve records for at least the next three months and possibly longer.
This demand is all the more egregious in that it comes more than a year
after the articles and interviews first appeared -- after any actual Internet
logs would have been routinely deleted.
-
- There are times -- few and far between -- when it may
be essential in a criminal investigation or prosecution to subpoena a member
of the press. Say, for example, a cameraman gets a picture of a crime in
progress, and the photograph or videotape is published or broadcast, and
the prosecution seeks to use it at trial. Or suppose that O.J. Simpson,
after the murders in Brentwood, chose to unload his soul to Barbara Walters.
That admission may require hauling Ms. Walters to the stand, if -- and
this is a big "if" -- there is no other way to obtain crucial
evidence.
-
- But before a subpoena can be issued to a reporter under
federal regulations and internal DOJ guidelines, not only must the Attorney
General personally approve the subpoena, but prosecutors are instructed
to use all reasonable efforts to get the information from other sources.
The New York State newsman's shield law that applies to the Lamo prosecution
requires essentially the same thing.
-
- Even if such a subpoena is issued, government regulations
mandate that, absent exigent circumstances, it must be limited to the verification
of published information, and to such surrounding circumstances as relate
to the accuracy of the published information.
-
- Breaking the Rules
-
- And yet, the FBI is demanding that reporters preserve
every scrap of documentation about everything having to do with Adrian
Lamo -- and has expressly told them that if they fail to do this for at
least three months, and perhaps longer, they can expect to be prosecuted
for contempt of court.
-
- The DOJ guidelines also mandate that before a subpoena
is issued, even for public information (e.g., a copy of a Dateline NBC
videotape), there has to be a good faith effort to obtain the records by
negotiation with the reporter. But no negotiation has occurred in this
case.
-
- I wish I could say this was a first. But in May of 2002,
prosecutors investigating the very same Lamo case issued an unauthorized
subpoena to MSNBC.com's Bob Sullivan for his notes and records. The subpoena
was hastily withdrawn when it was noted that it had never been approved
by the Attorney General, as mandated by regulation, and that the prosecutor
-- who was reported as "inexperienced" -- didn't even realize
that he had to obtain such approval.
-
- And in March of 2001, the Department of Justice subpoenaed
then-Wired.com reporter Declan McCullagh to testify in a criminal case,
also in violation of the regulations.
-
- While the FBI has reportedly told reporters that this
time they will seek Attorney General approval before issuing subpoenas,
there does not appear to have been any effort to obtain any that approval
before threatening to prosecute these reporters with obstruction of justice
under a statute that facially does not apply to them.
-
- It's as though the FBI believes that Attorney General
approval is a mere formality, ignoring the regulations that require negotiations
with reporters first, and reportedly stating that all reporters can expect
to be required to "turn it all over."
-
- So why would the government need to put a reporter on
the stand to testify that she interviewed Adrian Lamo, and that Lamo confessed?
-
- Presumably to demonstrate that Lamo in fact hacked into
the New York Times. I would certainly hope that the government would be
able to prove this through other means -- like the IP logs. But if you
peruse the affidavit submitted by the FBI to arrest Adrian Lamo, you begin
to wonder. The affidavit is rife with references to articles written by
Security Focus reporter Kevin Poulsen, and MSNBC.com's Sullivan, as their
principal "evidence" of Lamo's guilt.
-
- Might it be helpful to the government to enlist all journalists
Lamo spoke to as criminal investigators -- doing the prosecutors' job for
them? Sure. Would it make the FBI's job easier? No doubt. But the law requires
that the information sought by subpoena be highly relevant and not available
elsewhere. The government has not even tried to make this showing.
-
- Nor have they limited their request to preserve evidence
to verification of the published information. In fact, if all they wanted
was verification of published information, no document preservation would
be necessary. You simply call the reporter to the stand and ask, "Hey,
when you said in your article that Lamo confessed, was that true?"
End of subpoena.
-
- So there must be a more sinister motive behind this preservation
request. And there must be a more sinister motive behind using the ISP
statute to do so.
-
- Secret Orders
-
- There are really only three reasons the government would
invoke the ISP statute against journalists. All of these possibilities
are frightening in their implications.
-
- They may think that reporters who write stories for online
publications or who use e-mail to communicate with sources (and whose news
organizations maintain their own Internet connections) are, in fact, "providers
of electronic communications" under the law. The statute is clearly
geared at mandating the preservation of ephemeral electronic records by
ISP's, but perhaps the Department of Justice is attempting to use the fact
that reporters use electronic communications as a jurisdictional hook to
order them to preserve their physical notes -- a dramatic, unprecedented
and unwarranted expansion of the statute.
-
- More sinister is the possibility that these letters were
never intended to go to the reporters at all, but rather were actually
intended to go to their ISPs. You see, the regulation that mandates Attorney
General approval applies only to subpoenas to reporters, or to telephone
companies to get a reporter's telephone records. Because the regulation
is 20-years-old, it does not address the possibility that you could actually
get the content of a reporters communications from a third party -- an
ISP -- without subpoenaing the reporter herself. So the whole thing could
be intended as an end-run around for the First Amendment.
-
- Finally, it is possible that the FBI knew that the ISP
statute didn't apply to the reporters, but simply wanted to threaten or
intimidate them with the possibility of an obstruction of justice prosecution.
But, as the Enron auditors at Arthur Anderson learned, all the government
has to do is tell the reporters that their information may be relevant
to the prosecution or defense of the case, and this would put them on notice
that destroying their records in anticipation of litigation would constitute
obstruction. There was no need for the heavy handed threat.
-
- None of this explains the cloak of secrecy the FBI has
thrown over the whole affair. Reporters are being told that this is an
official criminal investigation, and asked not to tell anyone. Even the
DOJ's proposals for secret administrative subpoenas announced this month
as part of USA-PATRIOT II would allow recipients of such subpoenas to confer
with their own lawyers and others necessary to enforce the subpoena. The
FBI request here made it clear that they didn't want the reporters talking
to anyone, because that would supposedly harm the ongoing criminal investigation.
-
- And yet the FBI publicly announced to the world, through
a Wired.com reporter, their intention to subpoena every journalist who
ever talked to Adrian Lamo. Apparently, the FBI can talk about their intention
to subpoena reporters, and mention specific reporters' names in the Lamo
affidavit, but if journalists have the temerity to mention it to their
own lawyers, this could devastate the prosecution.
-
- I've never spoken to Adrian Lamo, but I am sure that
by writing this article, I am making myself a target for subpoenas, search
warrants (government, take note that the law prohibits search warrants
for reporter's notes) and demands to preserve evidence. All I have to say
is, quoting President George W. Bush, "Bring it on."
-
- Copyright © 2003
-
- Mark D. Rasch, J.D., is a former head of the Justice
Department's computer crime unit, and now serves as Senior Vice President
and Chief Security Counsel at Solutionary Inc.
-
- http://theregister.co.uk/content/55/33106.html
|
