Skip to content

Barrett Brown Prosecution Threatens Right to Link, Could Criminalize Routine Journalism Practices

July 20, 2013

BY HANNI FAKHOURY AND TREVOR TIMM

Twitter was abuzz yesterday when an unknown person published what were alleged to be a group of passwords for the email accounts of Congressional staffers. Multiple journalists, including reporters from the Daily Beast and Buzzfeed, commented on the list while linking to it.

While one would assume linking to the list is a First Amendment-protected activity—given the journalists had nothing to do with stealing the passwords—Barrett Brown is currently under indictment, in part, for remarkably similar behavior. And if he is convicted, it could have dire consequences for press freedom.

Brown, who has written for Vanity Fair and the Guardian among other publications, started a website called “Project PM” in 2009, which crowdsourced public information about security contractors who worked with government agencies like the NSA. Part of what Brown and other Project PM users investigated were leaked emails from security contractors like HB Gary and Stratfor.

Now, it’s important to note that, despite his fascination with Anonymous, Brown has never been accused of participating in any hacking. In fact, he lacks the expertise to even do so. Northwestern professor Peter Ludlow described what happened after Stratfor emails were leaked online by Anonymous: “When the contents of the Stratfor leak became available, Brown decided to put ProjectPM on it. A link to the Stratfor dump appeared in an Anonymous chat channel; Brown copied it and pasted it into the private chat channel for ProjectPM, bringing the dump to the attention of the editors.”

The link, it turned out, contained credit card numbers, among the wealth of information on the company itself. But by merely transferring the link from one chat room to another, Brown was indicted for trafficking in stolen authentication features (specifically the credit card verification values (“CVV”), or the three-digit number on the back of a credit card), access device (i.e., credit card) fraud and aggravated identity theft. (He is also indicted in two separate criminal cases with making online threats to an FBI agent and obstruction of justice, but those have no bearing on the charges being discussed here.)

The government’s prosecution theory isn’t limited to credit card numbers. The same theory could potentially be used against the Daily Beast or Buzzfeed journalists yesterday, or against any journalist that has linked to stolen material of a similar nature. That’s because the federal identity theft statute, 18 USC § 1028, is remarkably broad.

The statute criminalizes knowingly transferring an “authentication feature” known to be stolen or taken without lawful authority. “Authentication feature” means any “symbol,” “code” or “sequence of numbers or letters” used to authenticate a means of identification. And “means of identification” is defined as “any name or number that may be used alone or in conjunction with any other information, to identify a specific individual” including a “unique electronic identification number, address, or routing code.” The government has argued before—specifically in its prosecution of Andrew “Weev” Auernheimer—that this definition covers email addresses.

Under the government’s theory in Barrett Brown’s case, all journalists (and anyone else for that matter) tweeting out the link to the list of Congressional staffer email addresses and passwords were trafficking in authentication features and are guilty of a felony. While it turns out that many of the passwords in this case may not have been accurate, this lesson holds true anytime someone links to groups of stolen passwords posted online, which seems to happen fairly frequently. Read the rest at the Electronic Frontier Foundation.

Advertisements

From → News

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s