HOME
          
LATEST STORY
iOS 8: How 5 news orgs have updated their apps for Apple’s new operating system
ABOUT                    SUBSCRIBE
March 3, 2014, 10:30 a.m.
Resized-U4Y69

Hacking in the newsroom? What journalists should know about the Computer Fraud and Abuse Act

At the NICAR conference this weekend, data journalists and legal professionals discussed the ethical and criminal implications of hacking in the newsroom.

Some people who scrape and publish information from the Internet go to jail. Others produce great journalism. It’s easy to understand why you might want to know which person you are — and whether or not you’re protected from prosecution or not — but that can be a difficult task.

That’s why there was a discussion on the topic at the Computer Assisted Reporting conference in Baltimore last week. ProPublica’s Scott Klein, Scripps Howard’s Isaac Wolf, and defense attorney Tor Ekeland participated in a conversation moderated by The Wall Street Journal’s Jeremy Singer-Vine.

Wolf is a Scripps News reporter who garnered some attention last spring when he reported on a major security breach at a company called TerraCom. In the course of a typical PDF search, Wolf discovered that personal information including Social Security numbers, addresses, and other account information had been left vulnerable. Publishing his findings led Wolf and his colleagues to be branded as “hackers.” Sarah Laskow wrote in CJR that the Scripps case may well be the first time a journalist was threatened under the Computer Fraud and Abuse Act.

The Computer Fraud and Abuse Act is a law that prohibits unauthorized access to information on a protected computer. It’s the statute under which Andrew Auernheimer, better known as weev, was prosecuted and sentenced to 41 months in prison for taking evidence of a security flaw in AT&T that left user email addresses vulnerable to Gawker. (It’s also the law that led to the prosecution of Aaron Swartz.)

One of Aurenheimer’s attorneys was Ekeland, who provided a legal perspective for the journalists at NICAR on issues around the CFAA. “It’s a very dangerous statute, because it’s so poorly written,” Ekeland said, “and they’re about to make it worse.”

Klein and Singer-Vine are both journalists who have worked on or edited stories that involved, in different ways, practices that could fall under the hacking umbrella. For example, ProPublica published MessageMachine, a project that used reverse engineering to figure out why certain people received specific personalized emails from the Obama campaign. Singer-Vine worked on a story about online pricing inequality on the Staples website.

The focus of the panel discussion was around how journalists interested in doing this kind of work can protect themselves and ensure that they’re on the right side of law. Because the law is nonspecific in its language — and widely decried as outmoded — interpretations of what’s legal and what’s not vary wildly. “The press is protected by virtue of the fact of who they are,” Ekeland said. “I don’t see any difference between what my client did and what Isaac did, except my client is an asshole.”

At ProPublica, there are deliberate rules about how a journalist seeking information online should represent themselves. Klein said that reporters there are banned from creating “straw men,” or programs that falsely suggest the existence of an actual person. That’s why, for the MessageMachine project, users were crowdsourced, and their information — information pertaining to real people — was used to analyze the campaign email algorithm. “I don’t feel like it would have been morally wrong to create straw people, but I can see why adopting these moral ethics…makes sense,” Klein said.

(Klein said they ultimately realized that creating fake users wouldn’t have worked anyway, and that the crowdsourced user base has more value and longevity.)

At The Wall Street Journal, Singer-Vine said he had a similar debate over self-representation. Ultimately, his team tracked Staples price differentials by modifying the cookies the system relied on to track users, a technique that they felt was significantly different from creating straw men. Whether a judge would consider that action acceptable under the CFAA or is less clear.

“Go find a journalism ethics book that says when you can find and manipulate a variable in a cookie,” said Klein. “Good luck! We’re working without a net.”

It’s worth noting an argument introduced by Ekeland on this topic. Framing the issue as a journalist lying to a computer, perpetuates the notion that they’re dealing with something other than a computer. In point of fact, machines don’t have a sense of truth — there are only inputs and outputs. “The computer isn’t being deceived, it’s doing what it was programmed to do,” he said. “We want there to be physical, real world analogies, but the computer people don’t do that.” Not all agreed, however:

Ultimately, the conventional wisdom seems to be that reporters hoping to stay out of court should be very upfront about their intentions, conservative in their judgments, and confident in the value of what they’re doing.

Klein, for example, explained how easy it can be to violate the law accidentally. ProPublica was working with a series of FCC filings at one point while developing a story about who pays for campaign TV ads. The stations are required to make this information publicly available, which is how ProPublica acquired the documents, only to discover later that scanned personal checks were included in the PDFs. Luckily, their reporters realized in time, and were able to do a search for the phrase “pay to the order of,” and delete the information from DocumentCloud. Clearly, there’s a need to proceed with caution as journalists continue to gain access to sensitive documents that are publishable on the web in full.

While the ethics of various methodologies were up for debate, and while interpretation of the law remains opaque, the panelists largely agreed on how journalists can best protect themselves right now.

“You want to be able to demonstrate that you’re using this information for a journalistic purpose,” said Wolf. “Assume that you’re going to be challenged. What is your story? You’re going to be prodded by the entity or company. Reporters elsewhere are going to be asking you questions.”

In addition, he recommends keeping track of process, so that a step-by-step narrative of what steps were taken and why can be presented if necessary. Journalists are protected, but ultimately, they’re only safe if it can reasonably be proven that leadership at their organization concurred that the measures taken were in pursuit of the public good — that the information is, in Scott Klein’s words, “not gossip — it’s not prurient.”

Just last month, the Department of Justice communicated its interest in working to narrow the scope of the CFAA. There are multiple cases in appeals court; as rulings come down, and as lawmakers push for reform, the hope is that the law will become less vague. As Wolf pointed out, if journalists want to be a part of shaping a statute that has the potential to curtail their tools for gleaning information, now is the time to get involved.

Image of a gavel by Joe Gratz used under a Creative Commons license.

POSTED     March 3, 2014, 10:30 a.m.
SHARE THIS STORY
   
Show comments  
Show tags
 
Join the 15,000 who get the freshest future-of-journalism news in our daily email.
iOS 8: How 5 news orgs have updated their apps for Apple’s new operating system
ABC, the AP, Breaking News, The Guardian, and The New York Times have all updated apps (or introduced new ones) to take advantage of new features on iOS 8.
How the new Wall Street Journal iPad app is taking advantage of new features in iOS 8
The app, released with the operating system today, has more functionality in notifications and lets users continue reading articles across Apple devices.
The Baffler: The anti-innovation magazine embraces digital
With a brand new website, The Baffler seeks the audience and impact it missed the first time around.
What to read next
749
tweets
How a Norwegian public radio station is using Snapchat to connect young listeners with news
“A lot of people check their phones before they get out of the bed in the morning, and they check social media before the news sites.”
724When it comes to chasing clicks, journalists say one thing but feel pressure to do another
Newsroom ethnographer Angèle Christin studied digital publications in France and the U.S. in order to compare how performance metrics influence culture.
691Wearables could make the “glance” a new subatomic unit of news
“The audience wants to go faster. This can’t be solved with responsive design; it demands an original approach, certainly at the start.”
These stories are our most popular on Twitter over the past 30 days.
See all our most recent pieces ➚
Encyclo is our encyclopedia of the future of news, chronicling the key players in journalism’s evolution.
Here are a few of the entries you’ll find in Encyclo.   Get the full Encyclo ➚
Examiner.com
The Daily Voice
SF Appeal
Animal Político
Vox Media
Sports Illustrated
Suck.com
Byliner
PBS NewsHour
Ushahidi
Corporation for Public Broadcasting
The Fiscal Times