When is journalism hacking? – The Verge

Share via:


Some laws operate like hidden trap doors — everyone walks across the trap at one point or another, but only a handful of us actually fall through. For the rich, it’s the law against insider trading; for the rest of us plebs, it’s the Computer Fraud and Abuse Act

On Thursday, federal law enforcement arrested journalist Tim Burke and arraigned him in court in handcuffs. Twelve of the 14 charges levied against him in the since-unsealed indictment are under the Computer Fraud and Abuse Act (CFAA), the federal anti-hacking statute. 

The story begins with Tucker Carlson’s extremely cursed interview of Kanye West in 2022. Most interviews are edited for clarity; in this case, the interview was cut to exclude a rambling, antisemitic rant. That unaired clip and others made their way to Vice and Media Matters through Burke, who downloaded them from LiveU, a streaming service that media companies use to share video files. The FBI raided Burke’s home last year, seizing phones, laptops, hard drives, and notes. 

The indictment is an incredible example of how the CFAA tortures the English language. It accuses Burke of “repeatedly utiliz[ing] the compromised credentials to gain unauthorized access to the Victim Entities’ protected computers.” Burke and his lawyers have maintained that he found the video clips after using demo login credentials that had been posted publicly on the internet, and that the files could be shared via unsecured, public URLs. 

If so, that probably wasn’t the ideal IT setup for the media outlets that were using LiveU. They may have, in fact, objected very strongly to strangers being able to access their outtakes. But is that enough to establish “unauthorized access”? Should it be?

For a good long time, it was ambiguous whether violating a website’s terms of service could be a felony

The universe of wack CFAA prosecutions is rich and diverse because the CFAA is so easy to weaponize. The statute hinges on access “without authorization” or access that “exceeds authorization.” It doesn’t really specify what a “protected computer” is. (A better question might be: what’s an unprotected computer?) For a good long time, it was ambiguous whether violating a website’s terms of service could be a felony with serious jail time. The 2021 Supreme Court decision in Van Buren v. United States narrowed the CFAA down enough that that’s no longer a concern. (The timing was inadvertently clutch, as shortly thereafter Netflix began to crack down on password sharing and everyone started getting whipped up over AI companies scraping websites against operators’ wishes.) 

Because Burke is a journalist, what may come to mind first is the case against journalist Matthew Keys, convicted in 2015 after he posted the content management system credentials for his erstwhile employer into a public chatroom while urging others to deface the website. Keys, whose actions there resemble neither hacking nor journalism, was prosecuted under a provision of the CFAA prohibiting “damage without authorization.” It’s a different section of the law, though the same sticky problem with the meaning of “authorization” pops up yet again. 

But Burke’s case is much more analogous to those of much-lamented and admired Aaron Swartz (sometimes called “the internet’s own boy”) or the unlamented and less-admired Andrew “weev” Auernheimer (often called “a notorious troll” and “a terrible person”), both of whom were famously prosecuted under the CFAA for scraping readily available information. 

Auernheimer’s conviction stemmed from a script that automatically accessed a series of public URLs that unfortunately contained AT&T customer information. Swartz was prosecuted for scraping JSTOR, a paywalled academic database that could be freely accessed on MIT’s campus network. Theoretically, his access began to “exceed authorization” when he signed into the network as Gary Host (G. Host, or Ghost), and then when, after campus IT attempted to block his computer for excessive server requests, he spoofed his DNS.

Swartz and Auernheimer aren’t known as journalists, though both are associated with media publications — Swartz was a contributing editor to the left-wing magazine The Baffler, and Auernheimer sometimes writes for the Daily Stormer, a white supremacist website he has helped manage on the technical side. Their respective prosecutions speak to that side of their personalities. Swartz scraped JSTOR in hopes of liberating scholarship for the whole world; Auernheimer, who did not write any of the code he was jailed for, acted as the official hype man for the AT&T breach because he loves attention. 

Auernheimer’s conviction was overturned in 2014 by an appeals court on a technicality; Swartz’s case never went to trial because he died in 2013. Aaron’s Law — a bill to reform the CFAA — was proposed in the wake of his suicide but stalled in Congress.

If these two men had been written into a novel, their characters would be derided as ham-fisted symbols of the noble and ignoble instincts that drive journalism. As it is, it’s maybe shocking that journalists aren’t being prosecuted all the time. When you define “authorization” that loosely, of course a journalist will end up on the hook — journalism in the modern day is the act of using your computer in a way someone somewhere would really rather you did not. 

The case against Tim Burke is almost a bizarre historical throwback. On all sides — the legislature, the courts, and even the DOJ — people seem to know that there is something wrong with the CFAA. It’s a law that can be made to fit a dizzying array of scenarios, to take down progressive idealists and literal neo-Nazis with equal efficacy. And here we are again, squinting at websites and asking, “Is this a protected computer?”



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

When is journalism hacking? – The Verge


Some laws operate like hidden trap doors — everyone walks across the trap at one point or another, but only a handful of us actually fall through. For the rich, it’s the law against insider trading; for the rest of us plebs, it’s the Computer Fraud and Abuse Act

On Thursday, federal law enforcement arrested journalist Tim Burke and arraigned him in court in handcuffs. Twelve of the 14 charges levied against him in the since-unsealed indictment are under the Computer Fraud and Abuse Act (CFAA), the federal anti-hacking statute. 

The story begins with Tucker Carlson’s extremely cursed interview of Kanye West in 2022. Most interviews are edited for clarity; in this case, the interview was cut to exclude a rambling, antisemitic rant. That unaired clip and others made their way to Vice and Media Matters through Burke, who downloaded them from LiveU, a streaming service that media companies use to share video files. The FBI raided Burke’s home last year, seizing phones, laptops, hard drives, and notes. 

The indictment is an incredible example of how the CFAA tortures the English language. It accuses Burke of “repeatedly utiliz[ing] the compromised credentials to gain unauthorized access to the Victim Entities’ protected computers.” Burke and his lawyers have maintained that he found the video clips after using demo login credentials that had been posted publicly on the internet, and that the files could be shared via unsecured, public URLs. 

If so, that probably wasn’t the ideal IT setup for the media outlets that were using LiveU. They may have, in fact, objected very strongly to strangers being able to access their outtakes. But is that enough to establish “unauthorized access”? Should it be?

For a good long time, it was ambiguous whether violating a website’s terms of service could be a felony

The universe of wack CFAA prosecutions is rich and diverse because the CFAA is so easy to weaponize. The statute hinges on access “without authorization” or access that “exceeds authorization.” It doesn’t really specify what a “protected computer” is. (A better question might be: what’s an unprotected computer?) For a good long time, it was ambiguous whether violating a website’s terms of service could be a felony with serious jail time. The 2021 Supreme Court decision in Van Buren v. United States narrowed the CFAA down enough that that’s no longer a concern. (The timing was inadvertently clutch, as shortly thereafter Netflix began to crack down on password sharing and everyone started getting whipped up over AI companies scraping websites against operators’ wishes.) 

Because Burke is a journalist, what may come to mind first is the case against journalist Matthew Keys, convicted in 2015 after he posted the content management system credentials for his erstwhile employer into a public chatroom while urging others to deface the website. Keys, whose actions there resemble neither hacking nor journalism, was prosecuted under a provision of the CFAA prohibiting “damage without authorization.” It’s a different section of the law, though the same sticky problem with the meaning of “authorization” pops up yet again. 

But Burke’s case is much more analogous to those of much-lamented and admired Aaron Swartz (sometimes called “the internet’s own boy”) or the unlamented and less-admired Andrew “weev” Auernheimer (often called “a notorious troll” and “a terrible person”), both of whom were famously prosecuted under the CFAA for scraping readily available information. 

Auernheimer’s conviction stemmed from a script that automatically accessed a series of public URLs that unfortunately contained AT&T customer information. Swartz was prosecuted for scraping JSTOR, a paywalled academic database that could be freely accessed on MIT’s campus network. Theoretically, his access began to “exceed authorization” when he signed into the network as Gary Host (G. Host, or Ghost), and then when, after campus IT attempted to block his computer for excessive server requests, he spoofed his DNS.

Swartz and Auernheimer aren’t known as journalists, though both are associated with media publications — Swartz was a contributing editor to the left-wing magazine The Baffler, and Auernheimer sometimes writes for the Daily Stormer, a white supremacist website he has helped manage on the technical side. Their respective prosecutions speak to that side of their personalities. Swartz scraped JSTOR in hopes of liberating scholarship for the whole world; Auernheimer, who did not write any of the code he was jailed for, acted as the official hype man for the AT&T breach because he loves attention. 

Auernheimer’s conviction was overturned in 2014 by an appeals court on a technicality; Swartz’s case never went to trial because he died in 2013. Aaron’s Law — a bill to reform the CFAA — was proposed in the wake of his suicide but stalled in Congress.

If these two men had been written into a novel, their characters would be derided as ham-fisted symbols of the noble and ignoble instincts that drive journalism. As it is, it’s maybe shocking that journalists aren’t being prosecuted all the time. When you define “authorization” that loosely, of course a journalist will end up on the hook — journalism in the modern day is the act of using your computer in a way someone somewhere would really rather you did not. 

The case against Tim Burke is almost a bizarre historical throwback. On all sides — the legislature, the courts, and even the DOJ — people seem to know that there is something wrong with the CFAA. It’s a law that can be made to fit a dizzying array of scenarios, to take down progressive idealists and literal neo-Nazis with equal efficacy. And here we are again, squinting at websites and asking, “Is this a protected computer?”



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Entrepreneur Marc Lore on ‘founder mode,’ bad hires, and...

Entrepreneur Marc Lore has already sold two companies...

Australian government drops misinformation bill

The Australian government has withdrawn a bill that...

Latin America fintech will be a market to watch...

Midway through 2024, Mike Packer, a partner at...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!