By Mark Rasch
Oct. 1, 2003
Citing a provision of the Patriot Act, the FBI is sending
letters to journalists telling them to secretly prepare to turn over their
notes, e-mails and sources to the bureau. Should we throw out the First
Amendment to nail a hacker, writes SecurityFocus columnist Mark Rasch.
Frequent readers of this space know that I am no apologist for hackers like
Adrian Lamo, who, in the guise of protection, access others' computer systems
without authorization, and then publicize these vulnerabilities.
When Lamo did this to the New York Times, he violated two of my cardinal
rules: Don't make enemies with people appointed for life by the President
of the United States; and don't make enemies of people who buy their ink
by the gallon.
Now, in the scope of prosecuting Lamo, the FBI is doing the hacker one better
by violating both of these precepts in one fell swoop.
The Bureau recently sent letters to a handful of reporters who have written
stories about the Lamo case -- whether or not they have actually interviewed
Lamo. The letters warn them to expect subpoenas for all documents relating
to the hacker, including, apparently, their own notes, e-mails, impressions,
interviews with third parties, independent investigations, privileged conversations
and communications, off the record statements, and expense and travel reports
related to stories about Lamo.
In short, everything.
The notices make no mention of the protections of the First Amendment, Department
of Justice regulations that restrict the authority to subpoena information
from journalists, or the New York law that creates a "newsman's shield"
against disclosure of certain confidential information by reporters.
Instead, the FBI has threatened to put these reporters in jail unless they
agree to preserve all of these records while they obtain a subpoena for
them under provisions amended by the USA-PATRIOT Act.
The government also officiously informed the reporters that this is an "official
criminal investigation" and asks that they not disclose the request
to preserve documents, or the contents of the letter, to anyone -- presumably
including their editors, directors, or lawyers -- under the implied threat
of prosecution for obstruction of justice.
That's why you're reading about the letters for the first time here.
They do this despite the fact that, had they actually obtained and issued
a subpoena for these documents, the federal criminal procedure rules would
have prohibited the imposition of any obligation of secrecy unless the Justice
Department obtained a "gag" order on the press -- a rare event
All of this began the day after the Attorney General advised all United
States Attorney's Offices to prosecute each and every criminal offense with
the harshest possible penalties, instead of the previous policy of prosecuting
cases with the penalties that most accurately reflect the seriousness of
the offense. Thus, journalists be forewarned -- your government may be seeking
to throw the book at you!
Believe it or not, this isn't even the worst of it.
The demand that journalists preserve their notes is being made under laws
that require ISP's and other "providers of electronic communications
services" to preserve, for example, e-mails stored on their service,
pending a subpoena, under a statute modified by the USA-PATRIOT Act.
The purpose of that law was to prevent the inadvertent destruction of ephemeral
electronic records pending a subpoena. For example, you could tell an ISP
that you were investigating a hacking case, and that they should preserve
the audit logs while you ran to the local magistrate for a subpoena.
It was never intended to apply to journalist's records.
Similarly, the letters go on to inform the reporters that the FBI intends
to get an order for production of records under the Electronic Communication
Transactional Records Act, a statute that applies only to ISPs. Citing that
law, they insist that the journalist is mandated to preserve records for
at least the next three months and possibly longer. This demand is all the
more egregious in that it comes more than a year after the articles and
interviews first appeared -- after any actual Internet logs would have been
There are times -- few and far between -- when it may be essential in a
criminal investigation or prosecution to subpoena a member of the press.
Say, for example, a cameraman gets a picture of a crime in progress, and
the photograph or videotape is published or broadcast, and the prosecution
seeks to use it at trial. Or suppose that O.J. Simpson, after the murders
in Brentwood, chose to unload his soul to Barbara Walters. That admission
may require hauling Ms. Walters to the stand, if -- and this is a big "if"
-- there is no other way to obtain crucial evidence.
But before a subpoena can be issued to a reporter under federal regulations
and internal DOJ guidelines, not only must the Attorney General personally
approve the subpoena, but prosecutors are instructed to use all reasonable
efforts to get the information from other sources. The New York State newsman's
shield law that applies to the Lamo prosecution requires essentially the
Even if such a subpoena is issued, government regulations mandate that,
absent exigent circumstances, it must be limited to the verification of
published information, and to such surrounding circumstances as relate to
the accuracy of the published information.
Breaking the Rules
And yet, the FBI is demanding that reporters preserve every scrap of documentation
about everything having to do with Adrian Lamo -- and has expressly told
them that if they fail to do this for at least three months, and perhaps
longer, they can expect to be prosecuted for contempt of court.
The DOJ guidelines also mandate that before a subpoena is issued, even for
public information (e.g., a copy of a Dateline NBC videotape), there has
to be a good faith effort to obtain the records by negotiation with the
reporter. But no negotiation has occurred in this case.
I wish I could say this was a first. But in May of 2002, prosecutors investigating
the very same Lamo case issued an unauthorized subpoena to MSNBC.com's Bob
Sullivan for his notes and records. The subpoena was hastily withdrawn when
it was noted that it had never been approved by the Attorney General, as
mandated by regulation, and that the prosecutor -- who was reported as "inexperienced"
-- didn't even realize that he had to obtain such approval.
And in March of 2001, the Department of Justice subpoenaed then-Wired.com
reporter Declan McCullagh to testify in a criminal case, also in violation
of the regulations.
While the FBI has reportedly told reporters that this time they will seek
Attorney General approval before issuing subpoenas, there does not appear
to have been any effort to obtain any that approval before threatening to
prosecute these reporters with obstruction of justice under a statute that
facially does not apply to them.
It's as though the FBI believes that Attorney General approval is a mere
formality, ignoring the regulations that require negotiations with reporters
first, and reportedly stating that all reporters can expect to be required
to "turn it all over."
So why would the government need to put a reporter on the stand to testify
that she interviewed Adrian Lamo, and that Lamo confessed?
Presumably to demonstrate that Lamo in fact hacked into the New York Times.
I would certainly hope that the government would be able to prove this through
other means -- like the IP logs. But if you peruse the affidavit submitted
by the FBI to arrest Adrian Lamo, you begin to wonder. The affidavit is
rife with references to articles written by Security Focus reporter Kevin
Poulsen, and MSNBC.com's Sullivan, as their principal "evidence"
of Lamo's guilt.
Might it be helpful to the government to enlist all journalists Lamo spoke
to as criminal investigators -- doing the prosecutors' job for them? Sure.
Would it make the FBI's job easier? No doubt. But the law requires that
the information sought by subpoena be highly relevant and not available
elsewhere. The government has not even tried to make this showing.
Nor have they limited their request to preserve evidence to verification
of the published information. In fact, if all they wanted was verification
of published information, no document preservation would be necessary. You
simply call the reporter to the stand and ask, "Hey, when you said
in your article that Lamo confessed, was that true?" End of subpoena.
So there must be a more sinister motive behind this preservation request.
And there must be a more sinister motive behind using the ISP statute to
There are really only three reasons the government would invoke the ISP
statute against journalists. All of these possibilities are frightening
in their implications.
They may think that reporters who write stories for online publications
or who use e-mail to communicate with sources (and whose news organizations
maintain their own Internet connections) are, in fact, "providers of
electronic communications" under the law. The statute is clearly geared
at mandating the preservation of ephemeral electronic records by ISP's,
but perhaps the Department of Justice is attempting to use the fact that
reporters use electronic communications as a jurisdictional hook to order
them to preserve their physical notes -- a dramatic, unprecedented and unwarranted
expansion of the statute.
More sinister is the possibility that these letters were never intended
to go to the reporters at all, but rather were actually intended to go to
their ISPs. You see, the regulation that mandates Attorney General approval
applies only to subpoenas to reporters, or to telephone companies to get
a reporter's telephone records. Because the regulation is 20-years-old,
it does not address the possibility that you could actually get the content
of a reporters communications from a third party -- an ISP -- without subpoenaing
the reporter herself. So the whole thing could be intended as an end-run
around for the First Amendment.
Finally, it is possible that the FBI knew that the ISP statute didn't apply
to the reporters, but simply wanted to threaten or intimidate them with
the possibility of an obstruction of justice prosecution. But, as the Enron
auditors at Arthur Anderson learned, all the government has to do is tell
the reporters that their information may be relevant to the prosecution
or defense of the case, and this would put them on notice that destroying
their records in anticipation of litigation would constitute obstruction.
There was no need for the heavy handed threat.
None of this explains the cloak of secrecy the FBI has thrown over the whole
affair. Reporters are being told that this is an official criminal investigation,
and asked not to tell anyone. Even the DOJ's proposals for secret administrative
subpoenas announced this month as part of USA-PATRIOT II would allow recipients
of such subpoenas to confer with their own lawyers and others necessary
to enforce the subpoena. The FBI request here made it clear that they didn't
want the reporters talking to anyone, because that would supposedly harm
the ongoing criminal investigation.
And yet the FBI publicly announced to the world, through a Wired.com reporter,
their intention to subpoena every journalist who ever talked to Adrian Lamo.
Apparently, the FBI can talk about their intention to subpoena reporters,
and mention specific reporters' names in the Lamo affidavit, but if journalists
have the temerity to mention it to their own lawyers, this could devastate
I've never spoken to Adrian Lamo, but I am sure that by writing this article,
I am making myself a target for subpoenas, search warrants (government,
take note that the law prohibits search warrants for reporter's notes) and
demands to preserve evidence. All I have to say is, quoting President George
W. Bush, "Bring it on."
All information posted on this web site is
the opinion of the author and is provided for educational purposes only.
It is not to be construed as medical advice. Only a licensed medical doctor
can legally offer medical advice in the United States. Consult the healer
of your choice for medical care and advice.