This Week in Technology + Press Freedom: June 21, 2020
The Reporters Committee urged a federal court on Friday to deny the Trump administration’s request for an emergency order that would block the publication and dissemination of a highly anticipated memoir written by former National Security Adviser John Bolton. In a friend-of-the-court brief filed with the U.S. District Court for the District of Columbia, the Reporters Committee argued that the requested injunction amounts to an unconstitutional prior restraint.
“Such an extraordinarily broad injunction would be a clear prior restraint that violates long-settled constitutional law,” said Bruce Brown, executive director of the Reporters Committee for Freedom of the Press. “The court must reject this effort to censor the free flow of information to the public about government activities.”
On Saturday, a federal judge denied the government’s request.
Here’s what the staff of the Technology and Press Freedom Project at the Reporters Committee for Freedom of the Press is tracking this week.
Journalists targeted in large-scale hacking operation
After a journalist contacted The Citizen Lab at the University of Toronto in 2017 about a suspicious phishing attempt, researchers recently uncovered a huge hack-for-hire operation, dubbed “Dark Basin,” that targeted thousands of people in journalism, business, banking, law, and especially the nonprofit sector.
Researchers linked Dark Basin to BellTroX InfoTech Services, an Indian tech firm owned by Sumit Gupta. Gupta, who in 2015 was indicted on federal hacking charges in California, denied the allegations in an interview with Reuters.
Dark Basin targeted a range of organizations and, in several cases, the journalists connected to them. For example, hackers attempted to infiltrate American environmental advocacy groups, including the Rockefeller Family Fund, Greenpeace, and 350.org, as well as “multiple major US media outlets” who covered the groups’ work on the #ExxonKnew climate change campaign. The hackers also targeted Free Press and Fight for the Future, organizations that advocate for open internet policies.
Other targets included financial and business journalists covering irregularities at the German company Wirecard AG, along with hedge funds, investigators and short sellers connected to the investigation. According to some of the targets, the hackers obtained and altered emails, including correspondence between journalists and sources. These were then published on various platforms as part of a “leaks” campaign.
In addition to these campaigns, researchers found Dark Basin targeted lawyers, government officials, oligarchs, and energy executives, all with varying degrees of sophistication. The hackers made numerous phishing attempts by sending emails from custom URL shorteners. Some of the phishing emails imitated colleagues, while others were disguised as horoscopes or pornographic websites.
“In our investigation, we determined that hiring hackers may be a relatively common practice for many private investigators,” John Scott-Railton, the report’s lead author, told the New York Times. “The sheer scale of it is remarkable to us.”
Despite the danger, a recent report by the Tow Center for Digital Journalism found that many journalists are not particularly careful with their digital security. In newsrooms short on time and money, digital security may seem like an unnecessary burden, and some journalists believe as long as they are not covering “sensitive” topics they will not be targeted. Often newsrooms that adopt security protocols do so informally, with some journalists becoming trainers for others.
This episode highlights the information security risks for journalists, and the continuing need for threat modeling and appropriate security protections in newsrooms.
— Abe Kenmore
Quick Hits
A San Francisco police memo obtained by the Reporters Committee through a public records request last week revealed that officers were instructed not to use body-worn cameras during last year’s illegal raid of journalist Bryan Carmody’s home because the video footage could compromise the “confidential investigation.” All five search warrants, some of which targeted Carmody’s phone records, were later deemed illegal under California’s shield law. In March, the city of San Francisco agreed to pay Carmody $369,000 to settle with him.
—
The New York City Council enacted a law requiring the New York Police Department to share with the public its surveillance tools and any privacy safeguards it employs to protect the rights of citizens. The Brennan Center for Justice has already catalogued many of the ways the NYPD surveils residents, including with the use of facial recognition technology and social media monitoring.
—
On Monday, Filipino journalists Maria Ressa and Reynaldo Santos Jr. were convicted of “cyber libel” for a story they published in Rappler, a Philippines-based news outlet that Ressa founded. Look for further analysis next week on the implications of cyber libel claims for journalists globally.
—
Six former eBay employees are facing federal charges for allegedly harassing a husband and wife who published an e-commerce newsletter. The Department of Justice alleges the ex-employees retaliated against the couple for negative coverage of eBay by threatening them through Twitter, then sending them a bloody pig mask, a box of cockroaches, pornography, and a funeral wreath, among other objects. eBay said all six employees were fired in September 2019.
—
Twitter recently asked a Virginia judge for the second time to dismiss the defamation claims brought against it by Rep. Devin Nunes (R-Calif.) involving two anonymous parody accounts and other tweets. Lawyers for the social media company said Section 230 of the Communications Decency Act provides immunity from Nunes’ claims.
—
The Trump campaign demanded that CNN retract and apologize for a recent poll that showed him lagging behind presumptive Democratic presidential nominee Joe Biden, though the network refused to do so.
—
An internal CIA report, published in 2017 after former CIA analyst Joshua Schulte was accused of leaking material about the agency’s hacking tools to WikiLeaks, found the cybersecurity of its elite hacking unit lacking. Schulte’s attorneys noted this in his trial earlier this year, pointing out that other employees could have accessed and downloaded the leaked data. Jurors deadlocked on whether Schulte provided the material to WikiLeaks.
—
The director and deputy director of Voice of America resigned last week after congress confirmed Michael Pack, a conservative activist, as the new leader of the agency that oversees the federally funded news service. Their departures follow White House criticism of VOA and news last Sunday that the Centers for Disease Control and Prevention instructed communications staff to ignore media requests from the outlet.
? Smart read ?
According to recently published reports by Gallup and the Knight Foundation, 74% of Americans are “very concerned about the spread of misinformation on the internet.” The reports present other data, including numbers on how Americans view technology companies and content moderation.
—
Gif of the Week: To all the dads out there: Thanks for putting up with us always being on our phones — and Happy Father’s Day!
Like what you’ve read? Sign up to get This Week in Technology + Press Freedom delivered straight to your inbox!
The Technology and Press Freedom Project at the Reporters Committee for Freedom of the Press uses integrated advocacy — combining the law, policy analysis, and public education — to defend and promote press rights on issues at the intersection of technology and press freedom, such as reporter-source confidentiality protections, electronic surveillance law and policy, and content regulation online and in other media. TPFP is directed by Reporters Committee Attorney Gabe Rottman. He works with Stanton Foundation National Security/Free Press Fellow Linda Moon, Legal Fellows Jordan Murov-Goodman and Lyndsey Wajert, Policy Interns Abe Kenmore and Joey Oteng, and Legal Intern Sasha Peters.