When President Joe Biden said “journalism is not a crime” last April, federal prosecutors in Tampa, Florida, apparently took that as a challenge. Not a crime yet.
The next month, FBI agents raided the home of journalist Tim Burke. He is scheduled to be arraigned in the coming weeks under the Computer Fraud and Abuse Act (CFAA) and wiretap laws for finding and disseminating unaired Fox News footage of Kanye West’s antisemitic rant to Tucker Carlson. The indictment doesn’t accuse Burke of hacking or deceit. Instead, its theory is that he didn’t have permission to access the video, even though it was at a public, unencrypted URL that he found using publicly posted demo credentials.
But finding things that the powerful don’t want found is essentially the definition of investigative journalism—which, as Biden said, is not criminal in this country.
A recent court filing heightens concerns about whether prosecutors hid from the judge who authorized the raid that Burke was a journalist. By doing so, they may have avoided scrutiny of whether their investigation—and eventual indictment—of Burke complied with the First Amendment, federal law, and the Department of Justice’s own policies.
Honestly I’m all for freedom of the press bit there’s a lot of nuance here as to whether what he did was legal… He didn’t explicitly have permission to access what he accessed so it’s definitely a gray area which is exactly what the courts are supposed to decide.
Nuance? Yeah, no. Fox published it to a publicly accessible URL. Permission is irrelevant. Nothing more than a large corporation manipulating the system to cover their ass.
This is pretty standard for the government going after people with the CFAA. It doesn’t matter if it was publicly accessible to the law, it only matters if he had actual permission, just because a computer allows it isn’t a defense. It’s a bit like if you take a laptop at Starbucks while the owner is in the bathroom.
Even then, is it so bad compared to Kanye’s antisemitic rant?
Bad and illegal are 2 different things.
Exactly, the people that conflate legality with morality have the poorest of moral compasses. It’s sad how many people just stop at this stage of moral development.
In these times, with what is being made legal(child labor) and illegal(abortion) that should be more obvious than ever.
Two separate issues.
Agree, but it says something about the world that one man, rich, can say awful things and have almost no apparent lasting consequences, while another man, not rich, doesn’t seem to be afforded even the basic protections of the law in the pursuit of journalism.
I’m pretty sure he has a lawyer and will have a day in court, which is literally the basic protections of the law. Kanye is a piece of shit, we don’t prosecute for that.
That’s just as much bullshit as when that asshole racist white nationalist fuck weev (I’m not providing links because fuck him) accessed a bunch of ATT endpoint on their website that had customer information on them. As I recall (I won’t research because fuck him), they were sequentially labeled. He made this public and got jailed for hacking. He did no hacking. Again, fuck him, but that asshole saw a bad security practice and took advantage.
And before you say this is like walking through an unlocked door, no it isn’t. That’d be like being shown a credential window that accepted a null (empty) password and clicking through. This is more like having shit on your front lawn, but your address is unpublished so someone needed to know where to go to see your lawn.
Fuck weev. Fuck white nationalism. Fuck the DOJ. Fuck Israel.
It’s not “gray” at all. This has been a settled matter of Law since the 1980s. Accessing systems without permission, no matter how you acquired the credentials, is illegal.
This can be separate from the videos. If they were publicly available, intentionally or not, then he should be clear on those charges but that doesn’t change the unauthorized access part.
If they were behind any sort of credential, they’re not publicly available. It doesn’t matter that the website was poorly configured.
This would be like arguing a property is public because the maintenance key box still uses the default password.
It’s a bit confusing but as I understand it this is how it worked.
The video files were publicly available BUT the URL’s to them were unknown. You could get to them without signing into the system IF you knew the URLs…which nobody did.
This guy signed into the Content Management System, which he wasn’t authorized to do, using default “demo” credentials he found elsewhere. After doing that he could see the URLs for the files and was then able to download them without logging in. He may also have distributed the URLs so that other people could download them, again without having to log in.
Him signing into the CMS without Authorization was likely a crime but the downloading of the videos likely wasn’t since they were publicly available if you knew they existed and how to reach them.
That is incorrect.
They were never actually aired or released to the public.
Fox News never released them. The service used by Fox (StreamCo) routinely has uploads that are never released, they upload them live so as to expedite streaming while people ax whatever doesn’t work for whatever reason.
Again, to use the luggage analogy, this would be like someone grabbing your luggage off the checked baggage carousel, plugging in the default password, copied addresses, whose doors were unlocked. It doesn’t matter that the doors are unlocked- those files are still private.
The files themselves were never intended to be publicly released. He bypassed security in the system by exploiting flaws and accessing data he was not authorized to access.
There is no gray area there. Is Kanye West a raging bigot? Yes. Did Burke break the law to reveal that? Also yes.
Freedom of the Press and first amendment protection doesn’t mean they can break the law. It’s unfortunate because he seems to be one of the good ones.
They were publicly available, without credentials, if you knew how to get to them.
The luggage analogy sucks. A better analogy is someone taking a stack of paperwork and putting it behind a chair in a coffee shop. You can’t see the papers and don’t know they are there unless someone tells you about them. The papers aren’t intended for public consumption but they’re being stored in a publicly available space.
Why are you acting like I don’t agree with you on this? You can read my other comments in here and see that I do.
He apparently accessed a system with credentials that he wasn’t authorized to use and that’s a crime. What may not be a crime is downloading the videos. If those were available to the public, no matter how obscured, without needing credentials to access them then they were in fact publicly available.
It’s two separate actions and one is likely criminal while the other may not be.
I don’t give a shit about Kanye and I addressed Burke in a previous comment.
In your example, the papers are probably mislaid property, not abandoned property. Taking them would still be a crime, but somebody stumbling on them, there probably wouldn’t be any crime in reading them (similar to opening a lost wallet to pull the driver’s license. Now, if they contacted the owner, and they said “keep it” or something, or if they couldn’t identify the owner, that’s different, but didn’t happen here)
Unlike the luggage, which wasn’t misslaid- the files were where they were supposed to be.
As for accessing the files, that becomes a crime because he had to use knowledge taken from the prior crime. It doesn’t matter if your car is parked in a public lot; I steal your proximity keys (the URLs), that’s a crime. The car letting me in doesn’t suddenly make driving the car off not a crime.
There was no reasonable means of getting those files without first figuring out what urls they were at, and he knew that. He’s not some kid plugging in random URLs and stumbling in.
There’s not that much nuance, actually.
It’s equivalent to someone plugging in the default password to luggage locks knowing full well it’s not their luggage.
He wasn’t authorized to access those files, it really doesn’t matter how he came by the credentials.
It also really doesn’t matter that he’s a journalist. Journalists aren’t allowed to break the law, even if he’s going after a scumbag like West.
This differs from the Marion county raid in that they accessed public information (actual public information. That the server interacts with the public doesn’t make it public) and received files from people who were authorized to access it. No crimes were committed by the journalists.
This differs from Assange in that Assange merely received the files and published them. Assange didn’t steal the files himself.
If I go to an old site on the wayback machine, that no longer exists because the original webmaster took it offline at some point and doesn’t want anyone to go there anymore, am I breaking the law because they didn’t include a robots.txt to show they didn’t want the site to be crawled?
There should be no expectation of privacy for a publicly hosted URI.
If you make a separate webpage with an anchor link to that public URI without accessing it yourself, or even if you just post the text to the URL to public forum like this one, or Twitter or Reddit or Facebook or Instagram or YouTube where it just gets converted to a hyperlink automatically, when someone else then clicks the link and accesses it, who does the law hold responsible?
If you talk to a live chat representative at the actual company that has exposed that file for public access, and let them know about the URI by sending it to them in chat, and they clicked it to confirm, are they now accessing something illegally that their own company didn’t authorize them access to?
How absolutely cretinous would the lawmakers have to be, to write a law like that?
It’s my responsibility to secure my own shit, to a reasonable degree. If I leave a dollar on the ground in a public park and come back a month later and it’s been taken by someone who saw it and picked it up, have they stolen from me?
That’s not how the archive works.
When you access an old website, they saved a snapshot of that website on their servers. You are not accessing 3rd party servers.
You understand that all a URL is, is a forwarding address? Do you have no expectation of privacy if you’re in the phone book? What if your front door is unlocked? (If you’re in the US, yes you do. Most the world I imagine.)
When you plug a URL in, your browser goes to a DNS server, looks, for the domain name in question, then tells your. Browser what the current/best IP address is for that.
That’s as far as “public” as it is. When you’re taking about domain names all it means bejng “public” is that you’re registered with a DNS service. Your server is still yours. That is all that’s “public” about it.
The streaming service relies, apparently, on security through obscurity.
That they have shitty security protocols doesn’t change that he wasn’t supposed to get it, and that it wasn’t public.