Leaks, geeks, & reporters

Leaks, geeks, & reporters

The recent spat of Washington D.C. leaks is “unusually active,” according to FBI Director Mr. James Comey. Even if the leaks are as normal as they are in an allergic nose dealing with New Orleans spring pollen, what are the legal and ethical issues in leaking such confidential information, unknowingly reverse engineering it, or in publishing the leaks?

Generally speaking, liability for the leaker inside the government is clear. Numerous federal laws apply to confidential information circulated within the labyrinth of the federal government, and they generally hold such leakers criminally liable for the willful, and sometimes even negligent, disclosure (or even handling) of such information, including the identity of a Central Intelligence Agency (“CIA”) “covert agent” or President Trump’s tax returns.

However, what about geeks who reverse engineer publicly available information and then end up discovering government secrets and/or strategies through such analysis?

Imagine a modern day Matthew Broderick from WarGames (1983) who correctly intuits a covert government strategy to liquidate foreign ambassadors or heads of state via proxies and then warns how such molehill practices have on prior occasions caused mountains of problems. In the 13 century, Iraqis killed Genghis Khan’s chief envoy and had the beards of the others burned so they could travel back to him humiliated. Thereafter, Mr. Khan massacred almost all of the 200,000 to 1,000,000 inhabitants of Baghdad in one week, at the time the “House of Wisdom” in Islam’s Golden Age. Or take the assassination of Archduke Franz Ferdinand of Austria and his wife in 1914. Many believe that this killing led to the start of World War I, in which nine million combatants and seven million civilians died.

In such instances of geeky reverse engineering of covert government strategies, criminal liability will generally be lacking because such a geek would have no contractual or statutory responsibility to keep quiet, and his speech about an issue of grave public concern – potentially preventing a global conflict — would be protected by the First Amendment. Even so, would be geeks are well advised to consider reprisals from said officials, whether via Nixon type IRS audits or otherwise, and how to protect themselves against them. (Genghis Khan 2.0 protection is one way.)

That’s the leaker and the geek. What about the reporter?

The law in this area is murkier. While there are federal statutes which some have argued would impose criminal liability on a reporter for publishing confidential information, such as a Department of Defense (“DOD”) plan to defeat ISIS, prosecutions have been rare. The First Amendment generally protects the publication of such intelligence. However, in a case where the reporter and leaker work in concert (think offer-acceptance) to violate federal law, a conspiracy case can be brought against the reporter. What is more, prosecutions have been brought against reporters to reveal their confidential sources, as happened with Ms. Judith Miller of The New York Times when she refused to identify the source of information leading to the unmasking of a CIA covert agent, as many say happened in the case of Mrs. Valeire Plame under President George H. Bush’s tenure.

But even if there is no legal liability for the media professional, there is also the question of unintended consequences. Take, for example, a DOD strategy to replace ISIS with “new sheriff in town” Eddie Murphy. Assume a person within President Trump’s DOD, or CIA, who dislikes the President, and/or his political agenda, leaks such the details about the “Murphy Plan” to an unwitting New York Times reporter. The reporter is likely protected in publishing the plan, but should it be published? Asymmetrical information is the key to effective conflict, whether you are in the courtroom, on the battlefield, or in a chess match. Disclosing such a plan, especially if it is already being carried out but even if it hasn’t, would risk the lives of military personnel and/or threaten the security of major cities like New York, Boston, Chicago, and Los Angeles.

Any professional working in media would be well served not only to consider the legalities of reporting leaked information, but also such unintended but foreseeable potential blow back.

FBI v. Apple — can doesn’t mean should obey.

FBI v. Apple — can doesn’t mean should obey.

The FBI investigates a grizzly murder. You are a bank president. The murderer stored his phone book in your bank’s safety deposit box, the code for which is encrypted with copyrighted proprietary software, before he committed the murder. The FBI demands that you provide it with the master code for the box, which can be used to unlock other boxes, too. You can give the FBI the code, but should you? Apple CEO Tim Cook is asking himself the same question, his answer is rightly “no.”

On February 14, 2016, United States Magistrate Judge Sheri Pym ordered Apple to provide the FBI the means to circumvent the iPhone 5c’s encryption technology. That way, the FBI can obtain Mr. Syed Rizwan Farook’s phone contacts to see who else, if anyone, conspired with him on the December 2, 2015 killings. So the FBI’s endgame is understandable, justified, and a matter of public safety. At the same time, Judge Pym’s February order is constitutionally questionable, for these reasons.

First, there are less invasive and more reasonable means of obtaining the evidence. While the February order is ostensibly based on the “All Writs Act,” it was issued to give effect to a warrant directing Apple to give the FBI “reasonable technical assistance.” If the February order permits the FBI to unreasonably search and seize Apple’s property, it is constitutionally defective under the Fourth Amendment. Whether the ordered search is unreasonable depends on if there are other less invasive means of gathering the evidence.

Here, there are at least three other less invasive methods. First – the FBI could back its way into Mr. Farook’s contact list by getting from Verizon, his cell phone carrier, phone calls, texts, or e-mails to or from his phone. Second — Apple can provide the FBI the desired information from the Mr. Farook’s iPhone. This would be akin to you, as the bank president, copying the murderer’s phone book and providing copies to the FBI. Third – have the court review Mr. Farook’s phone information in camera, that is behind closed doors, and cross-reference that information with the phone records around the time of the killings to determine relevance. Once that is done, some or all of the phone’s information can be produced to the FBI.

Second, there is a strong presumption in federal copyright law against allowing circumvention of encrypted copyrighted software. The Digital Millennium Copyright Act (“DMCA”) forbids devices from being made, imported, or marketed to the public which are primarily designed to circumvent technology that controls access to copyrighted content, such as Apple’s software. Because Apple manufactures the phone, and owns the copyrights to the software located within, Apple is free to circumvent it’s own technology under the DMCA. But Apple shouldn’t be forced to so by the FBI. That’s because the DMCA shows how important copyright encryption is to content creators like Apple, to Congress, and the consuming public. As a result, Apple’s interest in protecting the integrity of its iPhone 5c — and potentially other generations of iPhone – isn’t mere “marketing strategy,” as stated by the FBI.

Third, there is no telling how far the government will go if the February order stands without being overturned. According to Apple, the FBI has sought to access to 11 other iPhones since September, and states attorney generals are biting at the bit to do the same. Given this rising tide, the elephant in the room is a lack of trust in what the government will do with the new path it is foraging. While some 51% of Americans apparently side with the FBI on the unlocking of Mr. Farook’s iPhone 5c, American trust in the federal government in general is at an historical low of 19%, according to NPR.

Seen more broadly, the magistrate judge’s February order can be the first rock in an Orwellian rockslide where the government requires all phone makers to make such backdoors to the encrypted software as a matter of policy. The unstated and yet real concern with such a domino effect is that executive agencies will not only use this information for criminal investigation purposes, but to violate the Constitutional and privacy rights of Americans. These concerns aren’t academic. Nor are they paranoid. President Richard Nixon used the Internal Revenue Service go after American citizens he deemed to be his enemies, which led to his articles of impeachment. There is no telling what another Nixon would do with such unfettered power. Thus, Mr. Cook’s concern about the magistrate’s order setting “dangerous precedent” should not be taken lightly.

In the end, it is a shame that Apple and the FBI didn’t partner up outside of court to craft a mutually beneficial solution that would maintain the integrity of Apple’s iPhone 5c and also give FBI the evidence it needs. But amicable solutions like this won’t happen as long as executive agencies like the FBI downplay legitimate concerns of corporate citizens like Apple as “marketing strategy,” and then pursue heavy-handed discovery tactics not because they should and need to – but because they can. It is up the judiciary to stop them by ensuring that the government’s right to know is balanced against citizens’ legitimate intellectual property and Constitutional rights. In the meantime, just because Apple can obey the likely unconstitutional February order doesn’t mean it should. Instead, Apple should get a higher court to overturn and limit it.

The emperor still has no clothes!

The emperor still has no clothes!

Recently, a jury found Mr. Ross Ulbricht guilty of running the black market website Silk Road. Many observers claim that the government’s theory expanded liability for third parties like Mr. Ulbricht online. As I mention in a recent GizMoto interview, the government’s theory of liability wasn’t new, but “whether the government obtained the evidence that they wish to use to prove this narrative . . . in a lawful way consistent with the Fourth Amendment” is still up for debate.

On Silk Road, you could buy everything from cyanide, to marijuana, to, yes, some say hit men! The site was dubbed the Amazon of the black market. While diary entries from Mr. Ulbricht showed that he initially intended to launch the site so that he could sell mushrooms, the factual issue in the trial was whether he was the infamous Dread Pirate Roberts who continued to captain the site after it got up and running — and after Mr. Ulbricht supposedly bailed out.

Some have claimed that the government’s theory of liability “would expand legal liability for commerce in contraband online,” and that the outcome of the trial shows that “anonymity is dead.” Under this view, it is a slippery slope to hold Mr. Ulbricht liable for the conduct of people on Silk Road. That means all folks running websites have to be nannies who oversee all that is done on the site or risk criminal prosecution.

Maybe so. The Silk Road verdict makes it tougher to be a libertarian provider of a virtual platform where people can freely — and anonymously — transact. The freewheeling atmosphere on Silk Road was facilitated via the use of Bitcoin as the medium of payment. Some in the financial industry have sought similar anonymity with their “dark pool” methods of trading, where “the trading volume created by institutional orders . . . are unavailable to the public.” Dark pools, too, have come under legal scrutiny.

Contributory liability under copyright makes a third party — here Mr. Ulbricht — liable for infringements that occur under their control that they are aware of, or should be aware of. There is no intentional ostrich defense — “I chose not see or hear criminality!” — to such liability, nor is there such a defense to aiding and abetting violations of federal law. If Mr. Ulbricht was, in fact, Dread Pirate Roberts, then he intentionally facilitated the illegal transactions. In this respect, the case did not “expand legal liability for commerce in contraband online,” and so the emperor still has no clothes, contrary to what others say.

However, Silk Road did suggest new methods of potential government overreaching in the digital age. According to some pundits, the F.B.I. was mysteriously able to uncover the Silk Road servers supposedly via a software flaw on a site’s login page that, in turn, revealed an IP address. Supposedly, the IP address led the feds to an Iceland location where the server for Silk Road was located. Whether this cookie crumb trail created by the feds violated the Fourth Amendment is an issue that will likely be raised on appeal.

Regardless of the outcome of that appeal, Silk Road illustrates the tension between being able to conduct business in private online without the government unlawfully snooping, and society’s interest in regulating virtual transactions that have negative externalities — nasty effects — on all but the transacting parties.

Take a bite out of crime — not Apple.

Take a bite out of crime — not Apple.

We all know the old saying: take a bite out of crime. Unfortunately, today a New York federal court took a bite out of Apple, Inc., instead. The court found that Apple violated antitrust laws when it entered into contracts with major book publishers to distribute e-books using the agency model. The opinion is misguided in failing to see these vertical arrangements as efficient and reasonable methods of competing against and responding to Amazon’s below cost e-book pricing, which the government has to date ignored.

The opinion says that two wrongs don’t make a right. On the one hand, Amazon has overwhelming market share in the e-book market. What is more, it can subsidize losses in that product market with profits it makes in other anything but the kitchen sink markets. On the other hand, book publishers don’t have equal e-book market power — nor do they have equal ability to finance below cost pricing of e-books with profits from other diversified product markets.

Nonetheless, in the court’s view, the fact that Amazon was pricing e-books below cost didn’t justify Apple’s contracting with the settling book publishers to stabilize the price of print and e-books at above cost levels. The reason: Apple or the publishers could have either reported Amazon to the Department of Justice, or could have filed their own lawsuit.

The court’s argument assumes that the government is an impartial observer who doesn’t favor one entity over others in this grudge match. Objections to the government’s settlement with the book publishers raised concerns that the Department of Justice was and has been aware of Amazon’s below cost pricing of e-books but didn’t lift — and hasn’t lifted — a finger to address it.

Given the inability of Apple — and the publishers — to get the police officer to take action, they took matters into their own hands. As previously explained in this blog, the market should decide who wins this billion-dollar fight between Godzilla and King Kong — not one judge sitting in the Southern District of New York.

Dude, where’s my 1.2 billion?

Dude, where’s my 1.2 billion?

“Dude, where’s my car?” This was the famous question asked by the stoners in the 2000 movie called Dude, Where’s My Car?We ask the same question of Mr. Corzine: “Dude, where’s my $1.2 billion?” According to the USA Today, he recently testified that “I simply do not know where the money is” in front of Congress. Of course, this may be true. But the question is whether that will be enough to get him off the hook for civil and/or criminal claims that may arise from the downfall of MF Global.

Embezzlement is the first crime that comes to mind. In New York, there is no civil cause of action for embezzlement. But the state could bring a criminal case against Mr. Corzine if it could prove: (1) the $1.2 billion involved belonged to investors; (2) the money was converted or used for Mr. Corzine’s purposes; (3) Mr. Corzine was in a position of trust and possessed legal possession of (or access to) the money; and (4) the Mr. Corzine knowingly defrauded the owner of the property.

Of course, we don’t know the full factual picture of the situation with MF Global. But assume for the purpose of discussion that Mr. Corzine did not know where the money went, which roughly covers elements (2) and (4). Certainly some of his underlings knew. The issue in the case would then be whether their knowledge could, under the circumstances, be imputed to Mr. Corzine. After all, intent is generally a mental state that juries infer from the circumstances, since folks rarely state point blank: “now I know I am embezzling money and that what I am doing is illegal.” But it might be difficult to show that he knew or should have known what his underlings were doing, depending on how far down the totem pole they were and where the money ended up.

Regardless, it seems to run afoul of common sense that MF Global could not trace such a large amount of money as though they forgot in which parking spot they put the car at the shopping mall. Certainly, Mr. Corzine will face additional questioning from authorities. But what remains odd in the whole scenario is how they are approaching him with kid gloves. It seems if either dude in Dude, Where’s My Car? were overseeing an institution that misplaced such a large amount of money, they would likely be sitting in jail until the money was accounted for.

Antitrust should police Internet hogs, not the FCC.

Antitrust should police Internet hogs, not the FCC.

Recently, the Washington Lawyer ran a great piece called Net Neutrality: Who Should Be Minding Online Traffic?   The article goes back and forth between the extremes of: (1) heavy handed Orwellian like regulation of the Internet by the Federal Communications Commission (“FCC”), and (2) self-regulation and content discrimination by greedy Internet Service Providers (“ISP”). This seems to be a false dichotomy. Even in the absence of heavy handed FCC regulation, which can crush innovation, the Sherman Act (“Act”) is an available tool to punish unlawful Internet hogging or collusion by ISPs.

The Internet is a public good.  It was created by the government.   Before, it was called ARPANET.   It was a tool of the military.    As a result, the Internet is akin to a public park.   At the same time, there are now Internet Service Providers (“ISP”) who provide Internet users with differentiated access to this public good.   Think of the ISPs as competing private tour guides in Central Park.   Some tours will be faster but more pricey than other slower tours.

The net neutrality debate wrongly omits how the Sherman Act can help police the ISP market without the need for heavy handed regulation by the FCC.   To the extent an ISP has market power and tries to keep competing companies out of the market, the essential facilities doctrine would likely apply.   To the extent that there is an oligopoly of price fixing ISPs, then there will be claims under Section 1 of the Act.   If an ISP tries to obtain too much market power through a merger, the government can oppose it.   The problem with too much regulation by the FCC is that it discourages technological innovation by ISPs who compete for customers by providing better service at a lower price.   If the FCC requires such companies to take a one size fits all approach to every customer, competitive innovation will likely suffer.  So, too, will consumers seeking faster rides through the Central Park that is the Internet.

Too big to fail, too small to succeed.

Too big to fail, too small to succeed.

Peter J. Wallison, a scholar at the American Enterprise Institute, wrote Dodd-Frank’s Threat to Financial Stability, in which he argues that the Financial Stability Oversight Council (“FSOC”) ruins the competitive landscape by picking those companies that are too big too fail. In so doing, the FSOC also picks those that are too small to succeed. Adam Smith would also not likely approve.

Under Mr. Smith’s theory, a highly competitive marketplace is more or less atomistic — small players with no monopoly power compete against one another. The FSOC ruins this picture. By picking certain companies that are too big to fail, the government is essentially underwriting some businesses over others. To make matters worse, these businesses likely already had market power in the first place. The FSOC only increases this power. As Mr. Wallison points out in his article, this gives unfair competitive advantage to those companies who receive the government’s blessing. And those that are too small to succeed? Well, the FSOC is apparently not to concerned with those companies. The marketplace can afford to lose them, in the FSOC’s view. At the same time, such companies are often the lead innovators because they are quicker to respond to marketplace currents. What is more, small businesses are the largest employer in the country, employing 53% of the American workforce. But even if such companies were objectively worthless, which they are not, is it the proper place of the government to pick winners and losers? Mr. Smith would likely say no. Leave that to the marketplace, not elected officials.