* Forwarded (from: netmail) by Roy J. Tellason using timEd 1.10.y2k.
 (About a ton of HTML snipped...)

Citing a provision of the Patriot Act, the FBI is sending letters to
journalists telling them to secretly prepare to turn over their notes,
e-mails and sources to the bureau. Should we throw out the First Amendment
to nail a hacker, writes SecurityFocus columnist Mark Rasch.

Frequent readers of this space know that I am no apologist for hackers like
Adrian Lamo, who, in the guise of protection, access others' computer
systems without authorization, and then publicize these vulnerabilities. 

When Lamo did this to the New York Times, he violated
two of my cardinal rules: Don't make enemies with people appointed for life
by the President of the United States; and don't make enemies of people who
buy their ink by the gallon.

Now, in the scope of prosecuting Lamo, the FBI is doing the hacker one
better by violating both of these precepts in one fell swoop.

The Bureau recently sent letters to a handful of reporters who have written
stories about the Lamo case -- whether or not they have actually
interviewed Lamo. The letters warn them to expect subpoenas for all
documents relating to the hacker, including, apparently, their own notes,
e-mails, impressions, interviews with third parties, independent
investigations, privileged conversations and communications, off the record
statements, and expense and travel reports related to stories about Lamo.

In short, everything. 

The notices make no mention of the protections of the First Amendment,
Department of Justice regulations that restrict the authority to subpoena
information from journalists, or the New York law that creates a
"newsman's shield" against disclosure of certain confidential
information by reporters.

Instead, the FBI has threatened to put these reporters in jail unless they
agree to preserve all of these records while they obtain a subpoena for
them under provisions">http://www4.law.cornell.edu/uscode/18/2703.html">provisions
amended by the USA-PATRIOT Act.

The government also officiously informed the reporters that this is an
"official criminal investigation" and asks that they not disclose
the request to preserve documents, or the contents of the letter, to anyone
-- presumably including their editors, directors, or lawyers -- under the
implied threat of prosecution for obstruction of justice.

That's why you're reading about the letters for the first time here. 

They do this despite the fact that, had they actually obtained and issued a
subpoena for these documents, the federal criminal procedure rules would
have prohibited the imposition of any obligation of secrecy unless the
Justice Department obtained a "gag" order on the press -- a rare
event indeed.

All of this began the day after the Attorney General advised all United
States Attorney's Offices to prosecute each and every criminal offense with
the harshest possible penalties, instead of the previous policy of
prosecuting cases with the penalties that most accurately reflect the
seriousness of the offense. Thus, journalists be forewarned -- your
government may be seeking to throw the book at you!

Believe it or not, this isn't even the worst of it.

Patriot Games

The demand that journalists preserve their notes is being made under laws
that require ISP's and other "providers of electronic communications
services" to preserve, for example, e-mails stored on their service,
pending a subpoena, under a statute modified by the USA-PATRIOT Act.

The purpose of that law was to prevent the inadvertent destruction of
ephemeral electronic records pending a subpoena. For example, you could
tell an ISP that you were investigating a hacking case, and that they
should preserve the audit logs while you ran to the local magistrate for a
subpoena. 

It was never intended to apply to journalist's records.

Similarly, the letters go on to inform the reporters that the FBI intends
to get an order for production of records under the Electronic
Communication Transactional Records Act, a statute that applies only to
ISPs. Citing that law, they insist that the journalist is mandated to
preserve records for at least the next three months and possibly longer.
This demand is all the more egregious in that it comes more than a year
after the articles and interviews first appeared -- after any actual
Internet logs would have been routinely deleted.

There are times -- few and far between -- when it may be essential in a
criminal investigation or prosecution to subpoena a member of the press.
Say, for example, a cameraman gets a picture of a crime in progress, and
the photograph or videotape is published or broadcast, and the prosecution
seeks to use it at trial. Or suppose that O.J. Simpson, after the murders
in Brentwood, chose to unload his soul to Barbara Walters. That admission
may require hauling Ms. Walters to the stand, if -- and this is a big
"if" -- there is no other way to obtain crucial evidence.

But before a subpoena can be issued to a reporter under http://frwebgate6.access.gpo.gov/cgi-bin/waisgate.cgi?WAISdocID=50
4046176572+1+0+0&WAISaction=retrieve">federal
regulations and internal http://www.usdoj.gov/usao/eousa/foia_reading_room/usam/title9/13mcrm.htm
#9-13=2E400">DOJ guidelines, not only must the Attorney
General personally approve the subpoena, but prosecutors are instructed to
use all reasonable efforts to get the information from other sources. The
New York State newsman's shield law that applies to the
Lamo prosecution requires essentially the same thing.

Even if such a subpoena is issued, government regulations mandate that,
absent exigent circumstances, it must be limited to the verification of
published information, and to such surrounding circumstances as relate to
the accuracy of the published information.

Breaking the Rules

And yet, the FBI is demanding that reporters preserve every scrap of
documentation about everything having to do with Adrian Lamo -- and has
expressly told them that if they fail to do this for at least three months,
and perhaps longer, they can expect to be prosecuted for contempt of court.


The DOJ guidelines also mandate that before a subpoena is issued, even for
public information (e.g., a copy of a Dateline NBC videotape), there has to
be a good faith effort to obtain the records by negotiation with the
reporter. But no negotiation has occurred in this case.

I wish I could say this was a first. But in May of 2002, prosecutors
investigating the very same Lamo case issued an unauthorized subpoena to
MSNBC.com's Bob Sullivan for his notes and records. The subpoena was
hastily withdrawn when it was noted that it had never been approved by the
Attorney General, as mandated by regulation, and that the prosecutor -- who
was reported as "inexperienced" -- didn't even realize that he
had to obtain such approval.

And in March of 2001, the Department of Justice subpoenaed then-Wired.com
reporter Declan McCullagh to">http://www.mccullagh.org/subpoena/">to
testify in a criminal case, also in violation of the regulations.


While the FBI has reportedly told reporters that this time they will seek
Attorney General approval http://www.wired.com/news/privacy
/0,1848,60538,00.html">before issuing subpoenas, there
does not appear to have been any effort to obtain any that approval before
threatening to prosecute these reporters with obstruction of justice under
a statute that facially does not apply to them.

It's as though the FBI believes that Attorney General approval is a mere
formality, ignoring the regulations that require negotiations with
reporters first, and reportedly stating that all reporters can expect to be
required to "turn it all over."

So why would the government need to put a reporter on the stand to testify
that she interviewed Adrian Lamo, and that Lamo confessed?

Presumably to demonstrate that Lamo in fact hacked into the New York Times.
I would certainly hope that the government would be able to prove this
through other means --like the IP logs. But if you peruse the http://news.findlaw=2Ecom/hdocs/docs/cyberlaw/uslamo803cmp.pdf">
affidavit submitted by the FBI to arrest Adrian Lamo, you begin
to wonder. The affidavit is rife with references to articles written by
Security Focus reporter Kevin Poulsen, and MSNBC.com's Sullivan, as their
principal "evidence" of Lamo's guilt.

Might it be helpful to the government to enlist all journalists Lamo spoke
to as criminal investigators -- doing the prosecutors' job for them? Sure.
Would it make the FBI's job easier? No doubt. But the law requires that the
information sought by subpoena be highly relevant and not available
elsewhere. The government has not even tried to make this showing.

Nor have they limited their request to preserve evidence to verification of
the published information. In fact, if all they wanted was verification of
published information, no document preservation would be necessary. You
simply call the reporter to the stand and ask, "Hey, when you said in
your article that Lamo confessed, was that true?" End of subpoena.

So there must be a more sinister motive behind this preservation request.
And there must be a more sinister motive behind using the ISP statute to do
so. 

Secret Orders

There are really only three reasons the government would invoke the ISP
statute against journalists. All of these possibilities are frightening in
their implications.

They may think that reporters who write stories for online publications or
who use e-mail to communicate with sources (and whose news organizations
maintain their own Internet connections) are, in fact, "providers of
electronic communications" under the law. The statute is clearly
geared at mandating the preservation of ephemeral electronic records by
ISP's, but perhaps the Department of Justice is attempting to use the fact
that reporters use electronic communications as a jurisdictional hook to
order them to preserve their physical notes -- a dramatic, unprecedented
and unwarranted expansion of the statute.

More sinister is the possibility that these letters were never intended to
go to the reporters at all, but rather were actually intended to go to
their ISPs. You see, the regulation that mandates Attorney General approval
applies only to subpoenas to reporters, or to telephone companies to get a
reporter's telephone records -- Because the regulation is 20-years-old, it
does not address the possibility that you could actually get the content of
a reporters communications from a third party -- an ISP -- without
subpoenaing the reporter herself. So the whole thing could be intended as
an end-run around for the First Amendment.

Finally, it is possible that the FBI knew that the ISP statute didn't apply
to the reporters, but simply wanted to threaten or intimidate them with the
possibility of an obstruction of justice prosecution -- But, as the Enron
auditors at Arthur Anderson learned, all the government has to do is tell
the reporters that their information may be relevant to the prosecution or
defense of the case, and this would put them on notice that destroying
their records in anticipation of litigation would constitute obstruction.
There was no need for the heavy handed threat.

None of this explains the cloak of secrecy the FBI has thrown over the
whole affair. Reporters are being told that this is an official criminal
investigation, and asked not to tell anyone. Even the DOJ's proposals for
secret administrative subpoenas announced this month as part of USA-PATRIOT
II would allow recipients of such subpoenas to confer with their own
lawyers and others necessary to enforce the subpoena. The FBI request here
made it clear that they didn't want the reporters talking to anyone,
because that would supposedly harm the ongoing criminal investigation.

And yet the FBI publicly announced to the world, through a Wired.com
reporter, their intention to subpoena every journalist who ever talked to
Adrian Lamo. Apparently, the FBI can talk about their intention to subpoena
reporters, and mention specific reporters' names in the Lamo affidavit, but
if journalists have the temerity to mention it to their own lawyers, this
could devastate the prosecution. 

I've never spoken to Adrian Lamo, but I am sure that by writing this
article, I am making myself a target for subpoenas, search warrants
(government, take note that the law http://www4.law.cornell.edu/uscode/42/2000aa.html">
prohibits search warrants for reporter's notes) and demands to
preserve evidence. All I have to say is, quoting President George W. Bush,
"Bring it on."

Copyright 2003, Mark D. Rasch, J.D., is a former head of the Justice
Department's computer crime unit, and now serves as Senior Vice President
and Chief Security Counsel at Solutionary Inc.

---