Tuesday, 27 August 2019

Marcy Wheeler: THE DANGERS OF THE ASSANGE INDICTMENT (Apr. 12, 2019)

https://www.emptywheel.net/2019/04/12/the-dangers-of-the-julian-assange-indictment/


THE DANGERS OF THE JULIAN ASSANGE INDICTMENT

I was traveling yesterday when Julian Assange was arrested and pretty fried once I got back. Thanks to bmaz andRayne for interesting pieces on his arrest. My initial thoughts on his indictment are influenced by CNN’s early report that DOJ expects to add charges and WaPo’s report on how this case moved forward in the last year, along with Orin Kerr’s opinion — which I share — that this is just a placeholder indictment. I’m going to do two or three posts laying out my thoughts on the indictment. This post will argue that the indictment, as written, is both dangerous and counterproductive to what I presume is a larger effort on DOJ’s behalf to go after Assange for actions that are far more removed from core journalistic ones.
Back in November, I laid out four possible theories of prosecution for Assange (I’ve since came to realize we may see more theories, but these are a good rubric for now) as a way to understand how dangerous such an indictment might be for journalism.
  1. Receiving and publishing stolen information is illegal
  2. Conspiring to release stolen information for maximal damage is illegal
  3. Soliciting the theft of protected information is illegal
  4. Using stolen weapons to extort the US government is illegal
In my opinion, this indictment, as written, is closest to the third theory, which I described this way.
Then there’s the scenario that Emma Best just hit on yesterday: that DOJ would prosecute Assange for soliciting hacks of specific targets. Best points to Assange’s close coordination with hackers going back to at least 2011 (ironically, but in a legally meaningless way, with FBI’s mole Sabu).
This is, in my opinion, a possible way DOJ would charge Assange that would be very dangerous.
At its core, Assange is accused of entering into a password cracking conspiracy with Chelsea Manning on March 8, 2010 to be able to access more files on SIPRNet using someone else’s username and password.
On or about March 8, 2010, Assange agreed to assist Manning in cracking a password stored on United States Department of Defense computers connected to the Secret Internet Protocol Network, a United States government network used for classified documents and communications, as designated according to Executive Order No. 13526 or its predecessor orders.
[snip]
The portion of the password Manning gave to Assange to crack was stored as a “hash value” in a computer file that was accessible only by users with administrative-level privileges. Manning did not have administrative-level privileges, and used special software, namely a Linux operating system, to access the computer file and obtain the portion of the password provided to Assange.
Cracking the password would have allowed Manning to log onto the computers under a username that did not belong to her. Such a measure would have made it more difficult for investigators to identify Manning as the source of disclosures of classified information.
Now, I say this is a dangerous indictment for the reasons I laid out in my earlier post. In cases where the sheer act of obtaining leaked files amounts to a crime — as it is in the case of BuzzFeed source Natalie Edwards leaking Suspicious Activity Reports — then a journalist encouraging his source’s leaks, as Jason Leopold allegedly did when he asked Edwards to look up Prevezon, may be criminalized by this indictment.
That said, actually cracking a password (or trying to do so) is something different than simply directing content requests. Making a journalistic request is not itself a criminal act. Attempting to crack a password with the intent to assume the identity of the person probably amounts to identity theft. So while this indictment, as charged, poses real dangers for Leopold, there is a difference of degree.
What is alleged here is perhaps better translated into the brick-and-mortar situation of a journalist going undercover. There are sometimes real ethical problems when doing so, but going undercover is also sometimes necessary to really get to important stories. Going undercover and committing crimes adds yet another ethical problem — but that, too, might be justified ethically if the law itself is designed to protect the powerful or systematic governmental crime (for example, in the case of some financial misconduct or abusive prison conditions). But going undercover using the real identity of someone else to get a story that amounts to committing a crime is something else entirely, because by doing so, you may end up framing the person whose identity you assume in the crime of obtaining that information.
That said, attempted identity theft is not charged here, and so the indictment, as laid out, is closer to the Jason Leopold situation and so poses real risks for important journalism.
DOJ made the risks worse by language describing the matter and means of the conspiracy to include operational security like using Jabber and deleting chat logs and — worst of all — “Assange encourag[ing] Manning to provide information and records from departments and agencies of the United States.” I think all this language, which describes the techniques many journalists working in classified areas may use — could become important to DOJ’s larger project down the road. But I also think including it in this bare bones indictment unnecessarily exposes DOJ to claims that it is trying to criminalize core journalistic behaviors. It also exhibits DOJ’s long-standing suspicion of civilians, of any sort, who take reasonable measures using legal tools to preserve privacy. DOJ is effectively making a normative judgment about privacy tools when it is in the business of making legal judgments.
Moreover, including these descriptions of non-criminal conduct legitimately opened DOJ up for justifiable panic among journalists, who are focusing on this language rather than the password cracking language that is the overt act alleged in the conspiracy, that this indictment sets a dangerous precedent. This is not an indictment for publishing true information that a source broke the law to provide, as many responses to the indictment are claiming, but the press can be excused for describing it as such because of this extraneous language that does relate to core journalistic functions (this is basically the argument Margaret Sullivan makes in this great column).
Finally, one more thing contributed to the justifiable panic among the press. The indictment itself charges only conspiracy to commit computer intrusion and violations of the Computer Fraud and Abuse Act (which Kerr, in his thread, suggested may be aggressive charges in and of themselves). But then in the body of the indictment, it states,
to intentionally access a computer, without authorization and exceeding authorized access, to obtain information from a department and agency of the United States in furtherance of a criminal act in violation of the laws of the United States, that is, a violation of Title 18, United States Code, Sections 641, 793(c), and 793(e).
While it otherwise doesn’t allege a violation of the Espionage Act, here it invokes it, effectively shifting the described crime from CFAA to Espionage. There are likely tactical reasons why DOJ did this, which I’ll address in the second posts of this series. But whatever reason they had for invoking the Espionage Act, it rightly heightened the panic among journalists.
Had DOJ done it differently, it might have gotten a different response to the Assange arrest, but now, because of its bone-headed suspicion of civilians using privacy measures and premature invocation of the Espionage Act, DOJ rightly lost the initial round of PR in what will likely be a long campaign and caused justifiable panic among the press.
But as I said above: this indictment is likely just the first installment of a larger set of descriptions of what Assange has done.
image_print

No comments:

Post a Comment