Wikileaks, IT pro not ‘in any danger’ in Coleman leak, lawyer says
Monday, March 16, 2009 at 4:19 pm
- 10 Comments
Richards' appearance on The Rachel Maddow Show last week
Hacker. Unprofessional. Immoral. A “black hat” villain. For her role in finding Norm Coleman’s unsecured donor database in January, IT consultant Adria Richards has been the target of anger from Coleman supporters, including some who had their personal information revealed in the Web site breach. She received a phone call on Friday from one such man. The caller was irate, offering the vague threat, “I live less than a mile away from you!” She later calmed him down.
Despite the vitriol aimed her way, what Richards did wasn’t illegal, nor were the actions of the Web site Wikileaks.org, which received the database and shared its contents with the world — at least not if similar cases and the word of a top digital-rights lawyer, are any indicator.
Jennifer Granick is the civil liberties director for the Electronic Frontier Foundation (EFF), the country’s leading digital-rights advocacy group. She immediately dismissed the term “hacker” to describe anyone — whether Richards, who spotted and shared info about the unprotected database, or Wikileaks.org — in this case.
“It’s not a term I use,” she said. “It’s not a legal term and it doesn’t answer the question whether it’s unlawful.”
She looks to the federal law, particularly the Computer Fraud and Abuse Act, which deals with accessing sensitive data by unauthorized individuals for the purpose of defrauding others, aiding in criminal activity or causing damage to the contents of a “protected computer.”
Based on her knowledge of this case, as well as the law, Granick said it was legal for Richards to view the Web directory on which Coleman’s donor list resided.
“There has to be some kind of indication that information is locked away,” she said.
For comparison, she offered a similar story of politics and unprotected online information. In the 2006 gubernatorial election in California, aides to Democratic candidate Phil Angelides found personal audio files on Gov. Arnold Schwarzenegger’s Web site through “backward browsing”–shortening the URL for a page of the governor’s speeches to find a directory of files. The captured conversations, from a speech-writing session, included Schwarzenegger opining about a Latina city official’s “hot” temperament: “I mean, they [Cubans and Puerto Ricans] are all very hot…they have the, you know, part of the black blood in them and part of the Latino blood in them and together that makes it.”
Like Coleman’s donor list up until late on Jan. 28, the Schwarzenegger files were on an open directory: Users seeking to download the files were not asked to enter a password.
The California governor asked the California Highway Patrol (CHP), the agency in charge of protecting state property, to investigate the case. After a four-month study, they chose not to file charges, finding that Angelides’ staffers broke no law in downloading the audio files, and advised the governor’s office to improve the “overall security of their computer network.”
Civil courts have interpreted the Computer Fraud and Abuse Act in differing ways, though, said Granick. Some cases have tried to argue that the intent of the Web site’s creator should be considered. In Coleman’s case, the database’s listing of supporters’ credit card numbers and three-digit security codes could suggest that the site operator intended this information to be protected.
“But without any indication of any kind of blocking of information, it’s hard for a user to know what the owner wants,” Granick said. “The statute is really designed to protect the integrity of a computer system, not to protect the desires” of the site’s owner.
While Richards only pointed out that the security breach existed, Wikileaks.org published some of the database’s contents.
“I don’t think Wikileaks is in any danger here,” said Granick. “I’m not aware of something that prevents you from publishing information that you obtained legally as long as that publication isn’t part of a conspiracy or attempt at identity theft or crime.”
Regardless of how Wikileaks obtained the database — as long as the site was an “innocent receiver” of the information and didn’t solicit the data — there’s legal precedent protecting it. Granick said it’s part of a “long journalistic tradition,” including, most notably, the Supreme Court case ruling on the Pentagon Papers, a classified report on 20 years of U.S. political and military actions in Vietnam that was leaked in 1971.
“The law could not stop The New York Times from publishing it. And that’s national security information,” said Granick. “Wikileaks benefits from that tradition… Once it’s out, we let history decide if it’s better kept secret or not.”
“American law tries to be extremely narrow about what speech we prohibit,” she added. “It’s dangerous to punish the republication of information, especially if the publisher obtained the information legally. Even if you have info that was taken improperly, it may be of public concern.”
Some have questioned Richards’ motives as well as those of others who’ve reported on this story. Bob Collins at Minnesota Public Radio, for instance, questioned the ethics of crunching the numbers obtained from the Wikileaked spreadsheets. Before raising the topic with Smart Politics’ Eric Ostermeier, who looked at where Coleman’s funders live and what they do, he pondered whether there’s a “compelling public interest” in Wikileaks’ releasing partial information from the database.
Granick pondered these questions.
“It’s a really serious privacy concern… because many people perhaps contributed to the campaign anonymously or confidentially,” she said, referencing FEC rules that require candidates to disclose donors’ identities only after they they give more than $200 per election cycle. “That’s protected political speech. The First Amendment has long supported the right to this kind of speech.”
“But if the information’s up there and it’s published, people are going to want to check it and see if they’re in the database… There’s a legitimate reason for people to want to look at it.”
10 Comments
Comment posted March 16, 2009 @ 4:59 pm
“It’s a really serious privacy concern… because many people perhaps contributed to the campaign anonymously or confidentially.’
How does one go about contributing anonymously to a political campaign? Jennifer Granick makes sense in everything except that statement.
Comment posted March 16, 2009 @ 5:31 pm
PJN: That’s my error, not Ms. Granick’s. I’ve altered the post to include mention of FEC laws, which say donors who give more than $200 total over a cycle have to be disclosed. Small donors do, essentially, give anonymously. Thanks for pointing it out so I could fix it.
Comment posted March 16, 2009 @ 8:35 pm
Paul: OK that makes better sense. One could probably still quibble with the definition of small donors as “anonymous” because an individual who donates numerous small amounts must still be accounted for in the event those small donations eventually exceeed $200 during the cycle… But the point you make stands, all else is semantics.
Thanks for the clarification Paul.
Comment posted March 16, 2009 @ 9:06 pm
So BoB Collins of MPR is so ethical he would not investigate. Well, maybe that is why Madoff and
Normy’s pal Kazeminy got away with it all this time.
So just keep not investigating Bob, you do not want to compromise your ethics.
Comment posted March 16, 2009 @ 9:33 pm
so Bob notCollins – He, MPR’s Bob Collins, did not say he would not investigate, he said he would not publish name of the donors – finding the leak and reporting it is one thing, releasing names addresses (city, sst zip) of donors is an ethical choice that he said he would not cross. Was releasing the data really needed to prove the story? It was grand standing to get noticed, and maybe in todays world that is what passes for media, but it by most standards not ethicial. I say most because several people have said that they would have published the donors that were over $200.
Comment posted March 16, 2009 @ 11:49 pm
I can see a problem where proving the database was left unprotected requires showing the information. Maybe if there was a trusted third party who could confirm that a media organization has the information it says it has, then it could be withheld from the public, but I don’t know who Wikileaks could use as a trusted third party. On the other hand, other than the credit card numbers, I question whether the information was confidential. Does the legal requirement to reveal donors donating over $200 mean smaller donors have an expectation of privacy, or just that the campaign is breaking no laws by not revealing them? On the other hand, I can understand that some people are in circumstances where they want to keep a donation anonymous, whereas the campaign can’t just take an anonymous envelope of cash.
Comment posted March 17, 2009 @ 9:17 am
Besides, these aren’t contributions to a political campaign are they? Aren’t the contributions in question for his legal fund?
Comment posted March 17, 2009 @ 7:49 pm
During the Presidential election, it was the Republicans who whined that then-Senator Obama was not releasing ALL of his contributors.
The Republicans boasted about how they had a national searchable database of all contributors.
For the Coleman campaign and small contributors to whine now about releasing their names is both ironic and stupid. Their national party made that decision months ago. As usual, Norm just didn’t read the memo.
Kinda like Norm whining that Franken should concede when all the votes weren’t in on election night and Norm thought he was ahead. Why doesn’t Norm take both his own and his party’s advice.
Pingback posted March 22, 2009 @ 3:08 am
[...] Source – The Minnesota Independent [...]
Pingback posted April 2, 2009 @ 5:10 pm
[...] Jennifer Granick, the civil liberties director for the Electronic Frontier Foundation told the Minnesota Independent that the actions of Richards and Wikileaks were not illegal because the information was in an [...]
RSS feed for comments on this post.
Sorry, the comment form is closed at this time.
