HOME
          
LATEST STORY
Opening up the archives: JSTOR wants to tie a library to the news
ABOUT                    SUBSCRIBE
March 3, 2014, 10:30 a.m.
Resized-U4Y69

Hacking in the newsroom? What journalists should know about the Computer Fraud and Abuse Act

At the NICAR conference this weekend, data journalists and legal professionals discussed the ethical and criminal implications of hacking in the newsroom.

Some people who scrape and publish information from the Internet go to jail. Others produce great journalism. It’s easy to understand why you might want to know which person you are — and whether or not you’re protected from prosecution or not — but that can be a difficult task.

That’s why there was a discussion on the topic at the Computer Assisted Reporting conference in Baltimore last week. ProPublica’s Scott Klein, Scripps Howard’s Isaac Wolf, and defense attorney Tor Ekeland participated in a conversation moderated by The Wall Street Journal’s Jeremy Singer-Vine.

Wolf is a Scripps News reporter who garnered some attention last spring when he reported on a major security breach at a company called TerraCom. In the course of a typical PDF search, Wolf discovered that personal information including Social Security numbers, addresses, and other account information had been left vulnerable. Publishing his findings led Wolf and his colleagues to be branded as “hackers.” Sarah Laskow wrote in CJR that the Scripps case may well be the first time a journalist was threatened under the Computer Fraud and Abuse Act.

The Computer Fraud and Abuse Act is a law that prohibits unauthorized access to information on a protected computer. It’s the statute under which Andrew Auernheimer, better known as weev, was prosecuted and sentenced to 41 months in prison for taking evidence of a security flaw in AT&T that left user email addresses vulnerable to Gawker. (It’s also the law that led to the prosecution of Aaron Swartz.)

One of Aurenheimer’s attorneys was Ekeland, who provided a legal perspective for the journalists at NICAR on issues around the CFAA. “It’s a very dangerous statute, because it’s so poorly written,” Ekeland said, “and they’re about to make it worse.”

Klein and Singer-Vine are both journalists who have worked on or edited stories that involved, in different ways, practices that could fall under the hacking umbrella. For example, ProPublica published MessageMachine, a project that used reverse engineering to figure out why certain people received specific personalized emails from the Obama campaign. Singer-Vine worked on a story about online pricing inequality on the Staples website.

The focus of the panel discussion was around how journalists interested in doing this kind of work can protect themselves and ensure that they’re on the right side of law. Because the law is nonspecific in its language — and widely decried as outmoded — interpretations of what’s legal and what’s not vary wildly. “The press is protected by virtue of the fact of who they are,” Ekeland said. “I don’t see any difference between what my client did and what Isaac did, except my client is an asshole.”

At ProPublica, there are deliberate rules about how a journalist seeking information online should represent themselves. Klein said that reporters there are banned from creating “straw men,” or programs that falsely suggest the existence of an actual person. That’s why, for the MessageMachine project, users were crowdsourced, and their information — information pertaining to real people — was used to analyze the campaign email algorithm. “I don’t feel like it would have been morally wrong to create straw people, but I can see why adopting these moral ethics…makes sense,” Klein said.

(Klein said they ultimately realized that creating fake users wouldn’t have worked anyway, and that the crowdsourced user base has more value and longevity.)

At The Wall Street Journal, Singer-Vine said he had a similar debate over self-representation. Ultimately, his team tracked Staples price differentials by modifying the cookies the system relied on to track users, a technique that they felt was significantly different from creating straw men. Whether a judge would consider that action acceptable under the CFAA or is less clear.

“Go find a journalism ethics book that says when you can find and manipulate a variable in a cookie,” said Klein. “Good luck! We’re working without a net.”

It’s worth noting an argument introduced by Ekeland on this topic. Framing the issue as a journalist lying to a computer, perpetuates the notion that they’re dealing with something other than a computer. In point of fact, machines don’t have a sense of truth — there are only inputs and outputs. “The computer isn’t being deceived, it’s doing what it was programmed to do,” he said. “We want there to be physical, real world analogies, but the computer people don’t do that.” Not all agreed, however:

Ultimately, the conventional wisdom seems to be that reporters hoping to stay out of court should be very upfront about their intentions, conservative in their judgments, and confident in the value of what they’re doing.

Klein, for example, explained how easy it can be to violate the law accidentally. ProPublica was working with a series of FCC filings at one point while developing a story about who pays for campaign TV ads. The stations are required to make this information publicly available, which is how ProPublica acquired the documents, only to discover later that scanned personal checks were included in the PDFs. Luckily, their reporters realized in time, and were able to do a search for the phrase “pay to the order of,” and delete the information from DocumentCloud. Clearly, there’s a need to proceed with caution as journalists continue to gain access to sensitive documents that are publishable on the web in full.

While the ethics of various methodologies were up for debate, and while interpretation of the law remains opaque, the panelists largely agreed on how journalists can best protect themselves right now.

“You want to be able to demonstrate that you’re using this information for a journalistic purpose,” said Wolf. “Assume that you’re going to be challenged. What is your story? You’re going to be prodded by the entity or company. Reporters elsewhere are going to be asking you questions.”

In addition, he recommends keeping track of process, so that a step-by-step narrative of what steps were taken and why can be presented if necessary. Journalists are protected, but ultimately, they’re only safe if it can reasonably be proven that leadership at their organization concurred that the measures taken were in pursuit of the public good — that the information is, in Scott Klein’s words, “not gossip — it’s not prurient.”

Just last month, the Department of Justice communicated its interest in working to narrow the scope of the CFAA. There are multiple cases in appeals court; as rulings come down, and as lawmakers push for reform, the hope is that the law will become less vague. As Wolf pointed out, if journalists want to be a part of shaping a statute that has the potential to curtail their tools for gleaning information, now is the time to get involved.

Image of a gavel by Joe Gratz used under a Creative Commons license.

POSTED     March 3, 2014, 10:30 a.m.
SHARE THIS STORY
   
Show comments  
Show tags
 
Join the 15,000 who get the freshest future-of-journalism news in our daily email.
Opening up the archives: JSTOR wants to tie a library to the news
Its new site JSTOR Daily highlights interesting research and offers background and context on current events.
Six fresh ideas for news design from a #SNDMakes designathon
New media and legacy media came together at the second weekend-long “hackathon” hosted by the Society for News Design.
Where you get your news depends on where you stand on the issues
A new study by the Pew Research Center examines how Americans’ news consumption habits correlate with where they fall on the political spectrum.
What to read next
1020
tweets
The newsonomics of the millennial moment
The new wave of news startups is aiming at a younger audience. But do legacy media companies have a chance at earning their attention?
803A mixed bag on apps: What The New York Times learned with NYT Opinion and NYT Now
The two apps were part of the paper’s plan to increase digital subscribers through smaller, targeted offerings. Now, with staff cutbacks on the way, one app is being shuttered and the other is being adjusted.
537Watching what happens: The New York Times is making a front-page bet on real-time aggregation
A new homepage feature called “Watching” offers readers a feed of headlines, tweets, and multimedia from around the web.
These stories are our most popular on Twitter over the past 30 days.
See all our most recent pieces ➚
Encyclo is our encyclopedia of the future of news, chronicling the key players in journalism’s evolution.
Here are a few of the entries you’ll find in Encyclo.   Get the full Encyclo ➚
The UpTake
Storify
The Nation
New West
Fox News
St. Louis Globe-Democrat
Investigative News Network
Wikipedia
TechCrunch
Publish2
Drudge Report
GlobalPost