Leaks, geeks, & reporters

Leaks, geeks, & reporters

The recent spat of Washington D.C. leaks is “unusually active,” according to FBI Director Mr. James Comey. Even if the leaks are as normal as they are in an allergic nose dealing with New Orleans spring pollen, what are the legal and ethical issues in leaking such confidential information, unknowingly reverse engineering it, or in publishing the leaks?

Generally speaking, liability for the leaker inside the government is clear. Numerous federal laws apply to confidential information circulated within the labyrinth of the federal government, and they generally hold such leakers criminally liable for the willful, and sometimes even negligent, disclosure (or even handling) of such information, including the identity of a Central Intelligence Agency (“CIA”) “covert agent” or President Trump’s tax returns.

However, what about geeks who reverse engineer publicly available information and then end up discovering government secrets and/or strategies through such analysis?

Imagine a modern day Matthew Broderick from WarGames (1983) who correctly intuits a covert government strategy to liquidate foreign ambassadors or heads of state via proxies and then warns how such molehill practices have on prior occasions caused mountains of problems. In the 13 century, Iraqis killed Genghis Khan’s chief envoy and had the beards of the others burned so they could travel back to him humiliated. Thereafter, Mr. Khan massacred almost all of the 200,000 to 1,000,000 inhabitants of Baghdad in one week, at the time the “House of Wisdom” in Islam’s Golden Age. Or take the assassination of Archduke Franz Ferdinand of Austria and his wife in 1914. Many believe that this killing led to the start of World War I, in which nine million combatants and seven million civilians died.

In such instances of geeky reverse engineering of covert government strategies, criminal liability will generally be lacking because such a geek would have no contractual or statutory responsibility to keep quiet, and his speech about an issue of grave public concern – potentially preventing a global conflict — would be protected by the First Amendment. Even so, would be geeks are well advised to consider reprisals from said officials, whether via Nixon type IRS audits or otherwise, and how to protect themselves against them. (Genghis Khan 2.0 protection is one way.)

That’s the leaker and the geek. What about the reporter?

The law in this area is murkier. While there are federal statutes which some have argued would impose criminal liability on a reporter for publishing confidential information, such as a Department of Defense (“DOD”) plan to defeat ISIS, prosecutions have been rare. The First Amendment generally protects the publication of such intelligence. However, in a case where the reporter and leaker work in concert (think offer-acceptance) to violate federal law, a conspiracy case can be brought against the reporter. What is more, prosecutions have been brought against reporters to reveal their confidential sources, as happened with Ms. Judith Miller of The New York Times when she refused to identify the source of information leading to the unmasking of a CIA covert agent, as many say happened in the case of Mrs. Valeire Plame under President George H. Bush’s tenure.

But even if there is no legal liability for the media professional, there is also the question of unintended consequences. Take, for example, a DOD strategy to replace ISIS with “new sheriff in town” Eddie Murphy. Assume a person within President Trump’s DOD, or CIA, who dislikes the President, and/or his political agenda, leaks such the details about the “Murphy Plan” to an unwitting New York Times reporter. The reporter is likely protected in publishing the plan, but should it be published? Asymmetrical information is the key to effective conflict, whether you are in the courtroom, on the battlefield, or in a chess match. Disclosing such a plan, especially if it is already being carried out but even if it hasn’t, would risk the lives of military personnel and/or threaten the security of major cities like New York, Boston, Chicago, and Los Angeles.

Any professional working in media would be well served not only to consider the legalities of reporting leaked information, but also such unintended but foreseeable potential blow back.

FBI v. Apple — can doesn’t mean should obey.

FBI v. Apple — can doesn’t mean should obey.

The FBI investigates a grizzly murder. You are a bank president. The murderer stored his phone book in your bank’s safety deposit box, the code for which is encrypted with copyrighted proprietary software, before he committed the murder. The FBI demands that you provide it with the master code for the box, which can be used to unlock other boxes, too. You can give the FBI the code, but should you? Apple CEO Tim Cook is asking himself the same question, his answer is rightly “no.”

On February 14, 2016, United States Magistrate Judge Sheri Pym ordered Apple to provide the FBI the means to circumvent the iPhone 5c’s encryption technology. That way, the FBI can obtain Mr. Syed Rizwan Farook’s phone contacts to see who else, if anyone, conspired with him on the December 2, 2015 killings. So the FBI’s endgame is understandable, justified, and a matter of public safety. At the same time, Judge Pym’s February order is constitutionally questionable, for these reasons.

First, there are less invasive and more reasonable means of obtaining the evidence. While the February order is ostensibly based on the “All Writs Act,” it was issued to give effect to a warrant directing Apple to give the FBI “reasonable technical assistance.” If the February order permits the FBI to unreasonably search and seize Apple’s property, it is constitutionally defective under the Fourth Amendment. Whether the ordered search is unreasonable depends on if there are other less invasive means of gathering the evidence.

Here, there are at least three other less invasive methods. First – the FBI could back its way into Mr. Farook’s contact list by getting from Verizon, his cell phone carrier, phone calls, texts, or e-mails to or from his phone. Second — Apple can provide the FBI the desired information from the Mr. Farook’s iPhone. This would be akin to you, as the bank president, copying the murderer’s phone book and providing copies to the FBI. Third – have the court review Mr. Farook’s phone information in camera, that is behind closed doors, and cross-reference that information with the phone records around the time of the killings to determine relevance. Once that is done, some or all of the phone’s information can be produced to the FBI.

Second, there is a strong presumption in federal copyright law against allowing circumvention of encrypted copyrighted software. The Digital Millennium Copyright Act (“DMCA”) forbids devices from being made, imported, or marketed to the public which are primarily designed to circumvent technology that controls access to copyrighted content, such as Apple’s software. Because Apple manufactures the phone, and owns the copyrights to the software located within, Apple is free to circumvent it’s own technology under the DMCA. But Apple shouldn’t be forced to so by the FBI. That’s because the DMCA shows how important copyright encryption is to content creators like Apple, to Congress, and the consuming public. As a result, Apple’s interest in protecting the integrity of its iPhone 5c — and potentially other generations of iPhone – isn’t mere “marketing strategy,” as stated by the FBI.

Third, there is no telling how far the government will go if the February order stands without being overturned. According to Apple, the FBI has sought to access to 11 other iPhones since September, and states attorney generals are biting at the bit to do the same. Given this rising tide, the elephant in the room is a lack of trust in what the government will do with the new path it is foraging. While some 51% of Americans apparently side with the FBI on the unlocking of Mr. Farook’s iPhone 5c, American trust in the federal government in general is at an historical low of 19%, according to NPR.

Seen more broadly, the magistrate judge’s February order can be the first rock in an Orwellian rockslide where the government requires all phone makers to make such backdoors to the encrypted software as a matter of policy. The unstated and yet real concern with such a domino effect is that executive agencies will not only use this information for criminal investigation purposes, but to violate the Constitutional and privacy rights of Americans. These concerns aren’t academic. Nor are they paranoid. President Richard Nixon used the Internal Revenue Service go after American citizens he deemed to be his enemies, which led to his articles of impeachment. There is no telling what another Nixon would do with such unfettered power. Thus, Mr. Cook’s concern about the magistrate’s order setting “dangerous precedent” should not be taken lightly.

In the end, it is a shame that Apple and the FBI didn’t partner up outside of court to craft a mutually beneficial solution that would maintain the integrity of Apple’s iPhone 5c and also give FBI the evidence it needs. But amicable solutions like this won’t happen as long as executive agencies like the FBI downplay legitimate concerns of corporate citizens like Apple as “marketing strategy,” and then pursue heavy-handed discovery tactics not because they should and need to – but because they can. It is up the judiciary to stop them by ensuring that the government’s right to know is balanced against citizens’ legitimate intellectual property and Constitutional rights. In the meantime, just because Apple can obey the likely unconstitutional February order doesn’t mean it should. Instead, Apple should get a higher court to overturn and limit it.

Are you going to bark all day little doggie? Sony’s attempt to muzzle media has no legal basis.

Are you going to bark all day little doggie? Sony’s attempt to muzzle media has no legal basis.

Is David Boies going to bark all day by sending cease and desist letters to media on behalf of Sony, warning them not to use leaked Sony e-mails and other documents in their reporting, or is he going to bite by seeking an injunction?

The WSJ reported in Sony Tells Media Not To Use Leaked Documents that Mr. Boies sent a letter to media outlets barking: “If you do not comply with this request and the Stolen Information is used or disseminated by you in any manner,” then, “[Sony pictures] will have no choice but to hold you responsible for any damage or loss arising from such use or dissemination by you.”

The U.S. Supreme Court, in Bartnicki v. Vopper, 532 U.S. 514 (2001), held that the a radio station could not be liable for broadcasting a story using stolen information so long as the station did not partake in the theft. This is not to say that the hack wasn’t a horrible invasion and breach of an American company’s privacy and security, respectively. It is to say that a dangerous precedent would be set if media was muzzled by the law — or put in fear by frivolous lawsuits — under such circumstances.

In Reservoir Dogs, the noir movie directed by Quentin Tarantino, Mr. White, played by Harvey Keitel, says to Mr. Blonde, played by Michael Madsen: “You almost killed me! Asshole! If I knew what kind of a guy you were I never would’ve agreed to work with you!” Mr. Blonde’s response: “Are you gonna bark all day little doggie? Or are you gonna bite?” Mr. White doesn’t bite. Nor will Mr. Boies.

That’s because the law is not on Sony’s side.

Forget the market research, we’ll just hire an ex-CIA agent!

Forget the market research, we’ll just hire an ex-CIA agent!

As Inc. Magazine reports in Spy Games, companies are increasingly using stealth methods used by the likes of the Central Intelligence Agency (“CIA”) to conduct research on their competitors.    While aggressive competition is good for the market, the question remains whether such tactics end up in a race to the bottom.   Rather than focusing on improving product or service quality, these companies try to out sleuth one another, only to likely find out they are hiring the same former CIA talent.

The plot seems oddly similar to the Twilight Zone episode called Mr. Denton on Doomsday.    In the episode, gunslinger Al Denton is given another chance to be a top flight slinger by salesman Henry J. Fate.   Fate offers Dent a potion that will guarantee to make Dent the fastest gunslinger in the West, but only for ten seconds.   Denton swallows the potion when has to face Pete Grant, a younger gunslinger, in a duel.   Denton is the company who hires the ex-CIA agent.  But, to Denton’s surprise, the younger Grant is holding an empty bottle of the potion.   Grant is the competitor who has also hired the same ex-CIA agent.

In the end, each man has the same potion induced ability and shoots one another in the hand. The shots disable them both for the rest of their lives.   Fate, the salesman, rides off into the sunset. Perhaps those companies in the marketplace who are keen on regularly using sleuth tactics to get the upper hand on others will find that they are being played against one another by the former CIA agents the companies hire.  These ex-agents owe no fiduciary duties to their new employers and either go to the highest bidder, or service several at the same time, just like Fate.   In the end, these companies are left no better off than where they started, and sometimes worse off due to the opportunity costs.  They have may have expended valuable resources searching for the potion, rather than finding and practicing new gunslinging techniques or, failing that, hanging up the gun for another more prosperous service market.

Raj: the new Gordon Gekko?

Raj: the new Gordon Gekko?

Recently, Mr. Raj Rajaratnam was found guilty of violating insider trading laws, which seek to ensure that all members of the trading public, regardless if they are large or small, rich or poor, receive exactly the same information.   The goal is worthy, but is it realistic?    Whether we like it or not, connected people get better information, just as super connected legacy children get into Harvard.   At the very least, the government should make insider trading rules less ambiguous so as to not make every aggressive trader, like Mr. Rajaratnam, into a potential poster child of the new Gordon Gekko.

Various scholars, including Yale Law School’s Jonathan Macey in Deconstructing the Galleon Insider Trading Case, point out that the Securities Exchange Commission (“SEC”) has a more expansive and ambiguous view of insider trading than the U.S. Supreme Court. On the one hand, the SEC takes the view that everyone in the marketplace should have access to the same information, regardless of the effort they take to obtain it. As a result, non-public information should never be traded upon, regardless of how you get. On the other hand, the Supreme Court says having special access to non-public information is legal so long as you didn’t commit a crime to get it, such as when your lawyer steals your confidential information and trades on it. The SEC’s ambiguous insider trading rules have given it more unfettered discretion as to when to lower the gauntlet, and on whom. This is dangerous. As Mr. Macey points out in his article, much of what companies disclose in their filings is so watered down because of regulatory concerns that they leave you wanting to know the “real story” via other means. Like a good reporter, you may be able to get your hands on the scoop by interviews, or otherwise, whereas others are not. While the efficient market hypothesis posits market prices reflect all available material information, we all know this is not reality. Until that happens, which may be never, the SEC should develop a bright line rule more in accordance with the Court’s rulings so that folks can be aggressive in making good connections for much needed information without ending up in jail.