People engaged in journalism often acquire information that others would never like to see the light of day. This often means picking up tips in violation of workplace rules or through other people’s carelessness. This can lead to legal battles and, in the age of technology and cybercrime, governments prosecuting snoopers with tools built for malicious hackers. This appears to be the case for Tim Burke, who was targeted by a controversial law by the feds after gathering information via electronic means.
The rattle is a weekly newsletter from JD Tuccille. If you care about government excesses and tangible threats to everyday freedom, this is for you.
Scoop or Hack?
“Federal prosecutors in Florida have secured a disturbing indictment against prominent journalist Tim Burke,” the Freedom of the Press Foundation (FPF) warned last week. “The indictment could have significant implications for press freedom, not only putting digital journalists at risk of prosecution, but allowing the government to permanently seize a journalist’s computers.”
Specifically, in the February 15 indictment, federal prosecutors allege that Burke “intentionally intercepted, attempted to intercept, and caused another person to intercept and attempt to intercept the contents of a wire, oral, and electronic communication while it was done by means of a device, namely a computer.”
Burke’s home was raided last year after he distributed wiretapped videos, including clips of rapper Ye (formerly Kanye West) making anti-Semitic comments during an interview with Tucker Carlson while the host was still with Fox News. Burke has built a reputation on his online presence and distinctive style. He has also irritated some people with his reporting and, perhaps, the means by which he acquires material. But prosecutors pursuing Burke are also accused of using questionable tactics, including reliance on the Computer Fraud and Abuse Act, an anti-hacking law.
Creative interpretation of the law
“The Computer Fraud and Abuse Act is a vague and ambiguous law, and the Supreme Court and the Justice Department itself have warned prosecutors against testing its outer limits,” notes Seth Stern, director of FPF Advocacy. “Prosecutors should not experiment with the CFAA as a means to criminalize journalists who find information online that embarrasses public figures.”
In response to the indictment, Andrew Crocker of the Electronic Frontier Foundation (EFF) also questioned “whether the indictment is consistent with the DOJ’s much-vaunted policy of charging criminal violations of the Computer Fraud and Abuse Act (CFAA).”
Despite pressure for reform and restrictions, Crocker added, “the law remains vague, too often allowing prosecutors and private individuals to claim that individuals knew or should have known that what they were doing was unauthorized, even when no technical barriers prevented them from accessing a server or website.”
This is important, because Burke’s lawyers argue in court documents that “no leak or hacking occurred… Mr. Burke learned the Internet location (the URL) of the feed using a ‘demo’ credential. ‘ posted publicly online by the owner of the credential and not by any unauthorized person.”
Burke’s team added: “the hosting website (‘Website 1’) automatically delivered to any user, including users of their free demo service, URL lists of all live streams hosted on the service” and ” Access to these live streams was not restricted to site users.”
Clicking on a poorly secured website doesn’t meet most people’s definition of hacking. It also doesn’t satisfy the U.S. Supreme Court.
In Van Buren v. United States (2021), the court warned that the federal government’s creeping expansion of the definition of unauthorized access would “impose criminal sanctions on a breathtaking amount of common computing activities.” Using data made available in unapproved ways may violate policies, the court noted, but that doesn’t mean it’s actionable under the CFAA.
We’ll do better, we lied to the feds
Seemingly chastened, the Justice Department has implemented a policy pledging, in part, “not to charge defendants for ‘unauthorized’ access under these paragraphs unless, at the time of the defendant’s conduct, the The defendant was not authorized to access the protected computer under any circumstances by any person or entity having the authority to grant such authorization.”
Furthermore, after numerous abuses and complaints, in a 2021 Media Policy Announcement the Department of Justice promised, with certain exceptions, that it “will not use compulsory legal process for the purpose of obtaining information or records of members of the media acting in the ‘scope of news gathering.”
That’s why, in October, after the raid but before the indictment, the FPF joined with the EFF and numerous other press and civil liberties groups to “demand greater transparency from the Department of Justice regarding the raid in the home of journalist Tim Burke and the seizure of equipment and work products.” The coalition’s letter warns that because of the government’s conduct, “journalists across the country are left uncertain about whether they can be prosecuted for acts of routine journalism on the mistaken basis of having violated state or federal cybercrime laws.”
The formal charge appears to be the government’s response to both Burke’s legal filing and the coalition’s letter. Nowhere does it acknowledge that Burke was engaged in journalism (which might invoke media politics), and it seems to imply that he had no right to publish the information he uncovered unless he asked explicit permission to use tidbits left lying around for anyone. find (a new interpretation of authorized access).
Asking permission is not journalism
“An investigative journalist’s job is to find information that powerful people would prefer kept secret,” emphasizes Caitlin Vogus, FPF’s deputy director of advocacy. “It’s a safe bet that if journalists need to ask permission to publish information that highlights public figures in a negative light, the answer will often be ‘no.’ Journalists should be encouraged to use the Internet to find newsworthy information, not prosecuted for doing so.”
The powers that be have long sought to view the disclosure of inconvenient information, or even the casual discovery of their own sloppy security practices, as the equivalent of espionage. The abuse of an anti-hacking law to target journalists without prior authorization is an inevitable escalation in the war between those who publish secrets and those who try to keep them.