A Journalist-Agitator Facing Prison Over a Link
nytimes.comI sympathize with Barret Brown; the NY times article unfortunately is rife with the attitude that 'journalists' (as in 'the class of people that gets that special 1st Amendment protection 'of the press') have certain characteristics or accreditations - whereas, his actions should be protected by the 1st amendment regardless of whether or not he is a journalist.
A constructionist view of the Constitution is that "press" is short for "printing press". Ben Franklin is probably rolling in his grave at this cheap attempt to limit expression to a few "legitimate" journalists.
"The article was based on, and linked to, documents that were stolen by Edward J. Snowden..."
"...are suggesting that to share information online is the same as possessing it or even stealing it."
I find the choice of the verb "steal" rather bizarre, particularly given the slant of this article. If leaking information is theft, then the New York Times is a frequent recipient and trafficker of stolen goods. I'm not necessarily criticizing their decision to steal the Pentagon Papers, but I think it would be cool if they returned them.
Probably the difference being whether the information taken is considered newsworthy or not. There's a difference between publicly showing documents that suggest illegal activities by the government and credit card numbers.
If the information can be considered newsworthy then there are several legal protections that kick in that make getting convictions difficult and the government isn't likely to bother. Especially if it would hurt the mutually beneficial relationship between government and the news media.
Brown has done things that put him outside of mainstream news media, many of these actions were quite illegal. He's not in trouble for sharing leaked documents. He's in trouble for sharing credit card numbers and information that can be used for identity theft. I'm pretty sure that type of information is not newsworthy and not for sharing.
If he had scrubbed that information then I would imagine there wouldn't be an issue. That and stop threatening FBI agents.
> But keep in mind that no one has accused Mr. Brown of playing a role in the actual stealing of the data, only of posting a link to the trove of documents...And the magnitude of the charges is confounding. Jeremy Hammond, a Chicago man who pleaded guilty to participating in the actual hacking of Stratfor in the first place, is facing a sentence of 10 years.
I was surprised to see Aaron Swartz's name not mentioned once...the parallels between Brown's and Swartz's cases -- at least in the post-indictment phase and the seemingly disproportionate charges -- are hard to ignore.
The problem is that max sentences are often abused as tool of intimidation to get plea bargains. So even if there is no way in he will get 100 years the possibility scares some people into plea bargains.
Ridiculous max sentences which almost never happen do not work well together with plea bargains.
> The problem is that max sentences are often abused as tool of intimidation to get plea bargains.
I get why people are concerned with plea bargains, but I don't understand why people think that defense attorneys are not familiar with the concept of federal sentencing guidelines. Even a public defender (especially a public defender?) should be able to explain the basics of sentencing to their client when their client is considering a plea.
Still it is intimidating. If I show you a sledge hammer you won't risk to hit you on the head with it to find out whether it is made of steel or Styrofoam.
Yes. It's good to read "XXX faces YYY years in prison" as "There is no possible way XXX could go to prison for more than YYY years." Though that's more comforting when YYY is something like 5, rather than 100.
The linked article makes the point that these sentences are used as a tool of intimidation but don't generally reflect actual sentences. I'm not convinced that's a reason to ignore them: it seems to me that the correct response of a less credulous observer would be to attack the system. Piling bullshit charges on to get extra years and extract a plea bargain is reprehensible. Are they trying to serve justice or collect scalps?
The linked article makes the point that the "100 years" Brown faces has no relation to reality. What the NYT is reporting is literally a misreading of the sentencing guidelines.
I don't follow.
You wrote a canned reply that misses the forest for the tree.
Had your username been green, the comment would now be [dead].
No, it would not have been, and no, it didn't.
Perhaps, whatever...
I realize I'm in a bad mood for unrelated reasons, and I ended up venting here.
Sorry for the noise.
Why does this feel like Aaron Swartz all over again? In this case, I'm not even sure I see the crime, but in both cases the government chose to jump on "people they didn't like".
An anonymous donor was willing to match 20,000 dollars in donations, but only if 20,000 dollars were donated by others. The deadline for reaching the mark is September 22 2013. As of August 30 2013 they had 3,000 dollars toward the goal; though this was prior to the recent burst of news thanks to the gag order.
http://freebarrettbrown.org/fundraising-drive/
I don't know how far they've gotten in the meantime, but I'm happy to see this issue getting more attention.
Meanwhile, the new Project PM website --wiki.project-pm.org-- appears to be back up! I'm hoping to do some cross-referencing of the various releases of the past few years. See if anything has been missed or passed over.
If someone posts that same link on HN, and we all comment on it, are we all guilty? This seems like a very slippery slope. Wake up America, please!
These types of articles are depressing to me because they mask what could be a good moral and legal question behind claims which border on dishonest.
Saying that the Feds are charging Barrett for the crime of "posting a URL" is like saying that the Norwegian police would be charging Breivik for "pulling a metal lever" hundreds of times. I mean sure, he did that, but that's not what the claimed "crime" is.
Imagine a guy gets passed the key to a storage locker by his friends, and is told that the storage locker holds stolen trade secrets, credit cards, etc. This guy had nothing to do with the theft itself, but he knows about it.
Let's say further that this guy duplicates the key and mails it to a gang to do with as they will. If providing that gang access to that locker is illegal then homeboy here has certainly "aided & abetted" in that behavior, even though he did nothing more himself than a) duplicating a key (normally legal) and b) using the mail (normally legal).
The author brings up the point that newspapers have to deal with this issue, but it's not really as much of an "issue" for them at all, as being passed classified data is not inherently illegal, and newspapers still make an effort to avoid printing information which would be dangerous if publically-available. Even the NYT/Guardian's recent reporting about NSA capabilities with regard to crypto didn't spill all the beans, and what links were posted by the newspapers were to documents that the newspapers screened for safety instead of a link to "all the goods".
But certainly the papers wouldn't publish credit card numbers of victims of an identity theft scheme, would they?
Likewise our intrepid, noble and completely objective storywriter uses the maximum legally-possible sentence as a FUD factor without so much as a single reference to the sentencing guidelines which would be used to determine an actual eventual sentence.
There is a question to be asked here: Should these types of forcibly-exfiltrated secrets have any special inherent legal protection? If no, then posting a link to that data should be fine (assuming no other legal protection category applies). If yes, then posting a link to protected data would certainly be a no-no.
The answer isn't obviously "no" either, by the way, otherwise our current protections against identity theft could hardly apply, not to mention the Privacy Act of 1974, medical record protections, etc. But it deserves a better answer than what we have now, which seems to be "throw whatever vague law might fit at it".
The relevance of your analogy of a storage locker filled with trade secrets hinges on a crucial question: Did Brown have specific knowledge that the file dump contained credit card numbers, and if so, was his intent in posting the link to the chatroom to disseminate those credit card numbers for the purpose of furthering identity theft?
Because if not, then given the crimes he's been charged with (aside from those related to the threatening the FBI agent, of course), he doesn't have the mens rea to warrant a conviction, to my — IANAL — understanding.
(There's, I think, a further question in terms of whether or not, and to what extent, posting the URL to a chatroom intended presumably for the internal communications and coordination of Project PM counts as publishing them, but that's irrelevant to his mens rea.)
I forget the fancy legalese for it, but some crimes do not require mens rea (or have a lesser charge for an action without the required mens rea). I'm not sure if that applies to the data in question in this case though, but it's a great point to consider for the general question.
"Strict liability" is the term of art I think.
>Imagine a guy gets passed the key to a storage locker by his friends, and is told that the storage locker holds stolen trade secrets, credit cards, etc. This guy had nothing to do with the theft itself, but he knows about it.
I can imagine, but it's not what happened. LulzSec shotgunned the release out onto the web, where everyone picked it up, not just Brown.
>Let's say further that this guy duplicates the key and mails it to a gang to do with as they will. If providing that gang access to that locker is illegal then homeboy here has certainly "aided & abetted" in that behavior,...
It isn't illegal. LulzSec is responsible for the release. Specifically, Jeremy Hammond has been charged and convicted with the actual crime of hacking into Stratfor and releasing the material. He was facing a life sentence and received 10 years and 2.5 million dollars in restitution upon pleading guilty. The liklihood that he could ever get that restitution dropped, via bankruptcy or other means, is minimal. Financially, he has effectively been given a life sentence. Brown no more aided and abetted anyone than Cryptome or any of the other numerous actors that linked to and received the link or, heaven forbid, downloaded the material, and yet Brown is facing punishment of similar magnitude to the guy who actually committed the crime.
>Likewise our intrepid, noble and completely objective storywriter uses the maximum legally-possible sentence as a FUD factor without so much as a single reference to the sentencing guidelines which would be used to determine an actual eventual sentence.
What typically happens is irrelevant. It shouldn't be possible for someone like Hammond to face life in prison, or Manning to face the death penalty, or Brown to face 105 years at all. To make that possible is to make a "lighter" sentence of 10 years for Hammond (and 2.5 million dollars), or 35 years for Manning, or 5 years for Brown, seem graciously reasonable. The constant whiny poo-pooing that "they won't really get that much," and cheeky linking to blog posts intended to inform the uninformed masses about the federal sentencing guidelines, is nothing more than noise. It truly intends to give an appearance of solidity to pure wind.
>There is a question to be asked here: Should these types of forcibly-exfiltrated secrets have any special inherent legal protection?
>The answer isn't obviously "no" either, by the way, otherwise our current protections against identity theft could hardly apply, not to mention the Privacy Act of 1974, medical record protections, etc.
It really is an obvious "no." Hacking into customer databases and pilfering the contents is a crime. A crime that has been tried in court with the accused convicted and serving time in prison. Once information is out in the clear, it makes absolutely zero sense to try and claim some sort of retroactive "special inherent legal protection." The protection already exists, with punishment for its violation. The crime is for putting documents into the clear, not propagating them, no matter their contents.
==========================================
http://cryptome.org/0005/stratfor-hack.htm
|
|->http://pastebin.com/f7jYf5Wd
Do I get N decades in prison for that? Do I get N months for that? N days? If my sentence is anything other than "0 days" and "absolutely no harassment" then justice has not been upheld.| |->http://ibhg35kgdvnb7jvw.onion/lulzxmas/stratfor_full.tar.gzManning never faced the death penalty. Not for a single day.
This goes back to what I was saying about advocates being near to dishonesty, by the way. You probably read at some point Manning was facing the death penalty, and despite having years and years to correct your initial misperception, you continue to not only remember that incorrectly, but to parrot it as truth.
> Once information is out in the clear, it makes absolutely zero sense to try and claim some sort of retroactive "special inherent legal protection."
When Barrett pasted that link, was that information already publically available? I don't mean "a URL one could theoretically have wardialed"... did all the others in that IRC chat room already have that data, or did they not?
If that data were already out in public and he was simply referencing it I'd probably agree with your interpretation in this case. But if that data were 'news' to the rest of the chat room then it seems that 'hacking and pilfering' would apply, except that no hacking was needed in this case.
But either way involvement in criminal enterprises has always been itself a crime, to avoid diversion of responsibility in the way you would allow.
E.g. a bank robbery, the guy driving the getaway car gets in trouble too even though driving a car isn't illegal, otherwise you could split up your criminal ring in a kind of 'process separation' scheme and have only a few take the risk of the actual crime while the rest aid as much as they can with normally-legal activity.
> You probably read at some point Manning was facing the death penalty, and despite having years and years to correct your initial misperception....
Manning was charged with "aiding the enemy". This is a capital crime, and while prosecutors stated they would not "recommend" the death penalty, they do not determine sentencing and the military judge could have ignored their recommendation were Manning found guilty.
It entirely true that Manning faced the death penalty.
> This is a capital crime, and while prosecutors stated they would not "recommend" the death penalty, they do not determine sentencing and the military judge could have ignored their recommendation were Manning found guilty
Go read the Manual for Court-Martial yourself. Specifically Rule 1004. Death penalty determinations must be made at the beginning of the trial (specifically, on both referral of charges and on arraignment). The judge doesn't get to enter a death penalty plea on behalf of a wary prosecution.
And, even in cases where the death penalty is on the table, the jury (not the judge) must unanimously agree with the sentence. There's a reason the military hasn't managed to execute anyone since the middle of the Cold War when the civilian system has been busy sending people to the executioner's chair.
What I can't figure out is how you're so convinced you're right based only on what seems to be an "educated layman's knowledge" (at best) of military law. I'd understand being confused by someone else, but I'm telling you the source material you need to go read and you're arguing instead of reading...
You're right. It was not referred as a capital case although it could have been. And I was not aware the judge did not have the leeway to override the prosecution as a result.
>Manning never faced the death penalty. Not for a single day.
Yes. He did. He was charged with the capital offense of aiding the enemy. And yes. I know that the prosecution declined to seek the death penalty. And that the trial did not begin with the required paperwork to do so.
>This goes back to what I was saying about advocates being near to dishonesty, by the way. You probably read at some point Manning was facing the death penalty, and despite having years and years to correct your initial misperception, you continue to not only remember that incorrectly, but to parrot it as truth.
The prosecution declined to seek the death penalty. Instead, they ultimately asked for 60 years. Now, the distinction between being lethally injected and left to rot for 60 years is minimal in my mind (and the injection seems almost preferable), but there's nothing dishonest or near dishonest about the fact that Manning faced the death penalty. It was the (surely merciful) prosecution that had the choice and declined to fill out the necessary paper work. Every day prior to their decision to merely seek an effectively life-long prison sentence, rather than an immediate execution, was a day Manning spent uncertain even of whether he would be executed or not, much less whether he'd spend the remainder of his life in a six by eight foot cage.
I am not remembering anything incorrectly. I'm merely refusing to let misconceptions spawned from paralegal pedantry trump justice.
>When Barrett pasted that link, was that information already publically available?
Yes. The entire debacle was already blowing up between Christmas Eve and Christmas Day on 2011. Stratfor itself was aware of the problem on Christmas Eve and alerting its subscriber base to the breach and what they were doing about it. Dozens of people were reporting about this "on or about December 25 2011" as the indictment describes, when it lists "http://wikisend.com/download/597646/stratfor_full_b.txt.gz" as the link that got Brown in trouble when he copy-pasted it from #AnonOps to #projectpm and in so doing, in the eyes of the indictment, became guilty of aiding and abetting in charges relating to "Traffic in Stolen Authentication Features," "Access Device Fraud," and "Aggravated Indentity Theft." (indictment: http://freebarrettbrown.org/files/bb_indictment2.pdf). Take a look at the various reports from December 24 2011 to December 25 2011 to the query "stratfor hack" on Google:
(google query: http://www.google.com/search?q=stratfor+hack&tbs=cdr%3A1%2Cc...)
>did all the others in that IRC chat room already have that data, or did they not?
>But if that data were 'news' to the rest of the chat room then it seems that 'hacking and pilfering' would apply, except that no hacking was needed in this case.
How so? The standard is not whether it's "news" to whoever is listening, be they readers of a newspaper or users in an IRC channel. That's like saying that I'm aiding and abetting Snowden's release of the NSA files because, before Snowden, Greenwald, Poitras et alia released the materials, I was unaware of their existence.
>But either way involvement in criminal enterprises has always been itself a crime, to avoid diversion of responsibility in the way you would allow.
There is no "diversion of responsibility" taking place here. Those responsible for the initial hack into stratfor have already been tried and convicted. Hammond was also involved in utilizing the credit card data to lodge donations to various entities, along with other "co-conspirators" that the FBI presumably has yet to identify. And are we also forgetting that the FBI was complicit in this whole charade with Stratfor? Sabu was already their man at this point, and when Hammond approached Sabu about vulnerabilities in Stratfor's infrastructure, the FBI set up their own servers with which to store the information that was to be exfiltrated! Hell, according to the FBI's own press release, Hammond and Co. were responsible for the initial leak of information:
"HAMMOND and his co-conspirators also publicly disclosed some of the confidential information they had stolen."
(press release: http://www.fbi.gov/newyork/press-releases/2012/six-hackers-i...)
Is Brown to be considered a co-conspirator for talking about something that dozens if not hundreds or even thousands of others were also talking about at the same time? The indictment's line of reasoning swallows itself whole: who's going to indict those responsible for listing the link in the indictment? Or those who link to the indictment? Or host it? Is anyone going to go after the FBI for knowingly and willingly permitting the breach and release of materials belonging to a protected corporation of the United States that thereby caused undue economic distress to said corporation?
The prosecution has to make it a capital case or not when they file formal charges. Until Manning was charged there was no way for a death penalty to be on the table, but the prosecution couldn't "pre-charge him" with a capital case and drop the death penalty the week after, it had to be at the same time. So no, not for a single day.
However if there was public awareness of the link itself (and its contents) at the time Barrett pasted the link then I would agree that it makes no sense to charge him with pointing out information that's already out there, as by then he's not the source or someone with involvement, but an observer.
Bullshit. Typing out http://some.website should never be a crime. Period. Look up the first amendment.
Nobody is saying its a crime. But that doesn't mean it can't be a piece of a larger course of action that is itself a crime. Circumstances are not irrelevant.
So if I should find out someone is HIV positive and looking for employment, I should be able to type out the preceding sentence to the HR departments of all prospective employers due to my First Amendment rights?
How about inciting a lynch mob (you know, the kind that hang 'uppity' persons off of trees)? It's just speech, right?
Inciting a lynch mob is conspiracy to commit murder, so it's not a restriction on free speech that would prevent you from doing so.
Telling everyone an applicant has HIV is disgustingly immoral but I don't know if/why you should be barred from doing it. That's a much better question than the lynch mob.
> Inciting a lynch mob is conspiracy to commit murder, so it's not a restriction on free speech that would prevent you from doing so.
On the contrary! The inciter doesn't explicitly call for the killing, rather they froth the crowd up into a frenzy by lies and emotion and then ask what that crowd is going to do about it... right about the time that a convenient victim from the "oppressor group" (Jews/blacks/etc.) comes into the scene.
http://en.wikipedia.org/wiki/United_States_free_speech_excep...
Discrimination of that type in hiring contexts is illegal already, IIRC.
Jesus. What do either of those situations have to do with this case? (Spoiler: nothing at all.)
There's a cute Churchill quote about hiring a prostitute, that seems to apply here.
In short, the comment implied that the First Amendment has an absolute and total protection of speech as a way of saying my larger point is ridiculous.
But speech doesn't enjoy total protection, even in the U.S. And most people would identify some category of thing that they simply wouldn't let people say about another, whether it's stuff like personal and private IM/emails, information useful for identity theft, financial information, etc.
Almost everyone has something that they would say the First Amendment doesn't protect. So now the question people should ask themselves is what kind of other speech would they say warrants no protection? They've already agreed to prostitute their absolute protection of speech, now they need only negotiate on the 'cost'.
Neither of those actions are 'just speech', quite in fact they are punishable through the existing legal framework and in neither case is the crime specifically the speech. The crime is what you use the speech to do, whether it is oppress someone, punish them, or bring harm to them.
Pasting a link to the stratfor archive - content that was already available in lots of places - does not do measurable harm to anyone. The idiots at Stratfor who stored CC information without proper security, or the people who leaked that information without paying attention, are the ones who did harm. Once that information was out there on the internet, no single link was going to magnify or increase the magnitude of that disclosure.
While this is a reasonable opinion, the parent was responding to a claim that "typing out http://some.website should never be a crime. Period." Since the harm supposedly caused by pasting the link is contested, this was presumably meant to mean that the consequences of typing out a link should not be considered, so the parent was reasonable in rebutting it with that example.
My PoV is that the link itself IS irrelevant; you can just look at whether it inflicted harm to the owners of those credit cards, and in this case it obviously did not - the information was already available.
Yeah, that's one of the things that would make pasting a link just fine in my opinion/analysis, is if that data were already publically-known (and not otherwise legally restricted somehow). I'm not diving into 40 pages of indictments to research again, court PDFs are driving me batty, but to the extent that information was already out there somehow I don't see justification for charging Barrett for simply pointing that out.
The new Rolling Stone has a pretty decent (long) article about Barrett Brown: http://www.rollingstone.com/culture/news/barrett-brown-faces...
I suggest representing "dangerous links" as numbers. use goo.gl or bitly, get the URL. turn it into a hex, turn it into one long integer. turn that integer into a series of simple mathematical equations involving additional and multiplication. one day the government is going to have to outlaw even simple numbers if they want to restrict information.
You could always do what Phil Z. did with PGP and write a book. :)
I would point out that the charge itself doesn't have a problem with the link per se, as much as the data located at the link. If the link pointed to something completely innocuous (such as Wikipedia's front page) then even our overbearing prosecutor here would be laughed out of the courtroom if he tried filing charges.
Yes that was a mistake on his part you should never threaten you should only do. Back on topic...
So the take away from this is security by obscurity is now officially protected by law and linking to leaked information is illegal according to the government.
My America how far you have fallen.