Here’s what the staff of the Technology and Press Freedom Project at the Reporters Committee for Freedom of the Press is tracking this week.
Iranians pose as journalists in latest hacking attempt
This week saw continued reports about government-directed attempts to hack dissidents critical of their regimes. In the latest instance, Reuters reports that Iranian government hackers posed as journalists in emails to their targets. Many of those who received emails are Iranians living abroad who are highly critical of the current government.
At least two individuals were contacted by someone impersonating Farnaz Fassihi, a journalist who has worked at the Wall Street Journal and is currently at the New York Times. Others were targeted by an account appearing to be CNN national security analyst Samantha Vinograd. Fortunately, those targeted realized something was amiss because of the invasive nature of the requests, including one email that asked for a Google password to access interview questions.
Multiple cybersecurity firms independently concluded these impersonations stemmed from a hacking group called Charming Kitten, “which has long been associated with Iran.”
Over the past few weeks, we’ve detailed similar behavior emanating from other countries, including Saudi Arabia’s alleged hack of Amazon CEO and Washington Post owner Jeff Bezos and an attempted hack of New York Times reporter Ben Hubbard, which may have also been conducted by Saudi Arabia. The latter case was a phishing attack similar to the one this week, and involved a text message appearing to send a news article from a news service called Arabnews.
The rise in hacking is concerning on two fronts. One, the compromise of electronic communications could identify a journalist’s confidential sources. The Reporters Committee made this argument in a 2018 friend-of-the-court brief on the dangers to newsgathering in warrantless searches of electronic devices at the border.
Second, as more hackers masquerade as journalists, sources may be less willing to communicate with reporters. Not only will potential sources be wary of journalists, but this behavior can create the perception that members of the media are acting at the behest of government or other malicious agents. The Reporters Committee has fought hard to obtain information about law enforcement officials impersonating reporters for precisely this reason.
— Jordan Murov-Goodman
Privacy and Surveillance
The reports of hacking by foreign governments has drawn the attention of the FBI, which Reuters reports is investigating the NSO Group, a company alleged to have supplied Saudi Arabia and others with the spyware used to target Bezos and others. The NSO Group is already facing a civil lawsuit from WhatsApp, alleging that its products were used to hack the instant messaging app.
Ajit Pai, chairman of the Federal Communications Commission, recently informed lawmakers that an agency investigation concluded that one or more wireless carriers may have violated federal law by sharing customers’ real-time location data with outside parties without their consent. Pai said he intends to propose fines against the companies. Many have called for action by the FCC following reporting that revealed how subscriber data can be used by third parties.
Some in the tech community are sounding the alarm about a new draft bipartisan bill that could impact technology companies and social media platforms. Commentators have noted that the EARN IT Act could amend Section 230 of the Communications Decency Act in a way that could indirectly force technology companies to create encryption “back doors.”
Virginia is the latest state working to enact legislation that would permit courts to quickly dismiss harassing lawsuits targeting speech. Two notable suits in Virginia, one by Rep. Devin Nunes (R-Ca.) and the other by the actor Johnny Depp, have brought considerable attention to Virginia’s weak anti-SLAPP law. (SLAPP stands for strategic lawsuit against public participation.) Such cases can have an outsize impact on small online news organizations that lack the resources to defend themselves against frivolous lawsuits.
A judge in Brazil ruled that a prior Supreme Court order barring law enforcement from investigating Glenn Greenwald based on his reporting on a controversial anti-corruption probe meant federal prosecutors there had to drop cybercrimes charges against him. For more on the underlying case and the implications for the press, check out the Reporters Committee’s special analysis.
“Deepfake” technology may have yet another alarming application, with some raising concerns that it could be used to parrot another person’s voice with audio-cloning technology. While this technology has beneficial uses, like creating synthetic voices for people with speech or voice impairments, it is also subject to misuse. At least one company has sought to aid journalists covering deepfakes by developing software that would help them identify when an image has been manipulated in some way.
National Security and Leaks
The trial of accused “Vault 7” leaker Joshua Schulte started last week, with federal prosecutors claiming that Schulte gave WikiLeaks a trove of classified information on the CIA’s hacking operations. The trial witnesses include covert CIA employees who will testify under fake names, and according to the New York Times, “reporters will not be allowed to describe their physical appearance.”
The University of Missouri’s Reynolds Journalism Institute published an analysis examining how journalists could be impacted by the Federal Aviation Administration’s tentative plan to require “in-the-air, live identification for all but the smallest drones.”
Gif of the Week: Just a reminder that if you receive a text/email/message that looks phishy fishy, don’t click it!
Like what you’ve read? Sign up to get This Week in Technology + Press Freedom delivered straight to your inbox!
The Technology and Press Freedom Project at the Reporters Committee for Freedom of the Press uses integrated advocacy — combining the law, policy analysis, and public education — to defend and promote press rights on issues at the intersection of technology and press freedom, such as reporter-source confidentiality protections, electronic surveillance law and policy, and content regulation online and in other media. TPFP is directed by Reporters Committee Attorney Gabe Rottman. He works with Stanton Foundation National Security/Free Press Fellow Linda Moon and Legal Fellows Jordan Murov-Goodman and Lyndsey Wajert.