I received a handful of good questions and comments in response to my Geekwire commentary: Outrage over FBI’s online tactics highlights knee-jerk Internet culture (also on Slashdot). I made some additional inquiries to Media Spokesperson Ayn Dietrich-Williams at the FBI about these and would like to respond to the most pertinent reader points below.

Levi Pulkkinen at Seattle PI also wrote this detailed, informative piece which I recommend. For context, it’s helpful to know this case consisted of an ongoing series of bomb threats, writes Pulkkinen, “His threats had forced Timberline to evacuate daily for nearly two weeks. With police unable to identify him, the FBI fired up the spyware.”

Q: Did the FBI have a warrant?

A. Yes, the court approved a warrant for the FBI to deploy a CIPAV to the suspect’s machine.

Here’s what the FBI said the CIPAV would do (see page 12-13 here):

“cause the activating computer to send network level messages, including the activating computer’s originating IP address and MAC address, other variables, and certain registry-type information … it will conduct a one-time search of the activating computer and capture the information described … after the one time search, the CIPAV will function as a pen register device and record the routing and destination addressing information for electronic communications originating from the activating computer”

Q: If the FBI knew he had a Myspace account and had his MySpace ID (since, after all, they emailed him there), why didn’t they just ask MySpace (and by “ask”, I mean “force them to hand it over with no recourse to question the ‘request'”) to hand over IP address?

A: The FBI did. See page 12 again. The suspect was sophisticated enough to use compromised computers to mask his true IP address.

Q. Was The Seattle Times impersonated?

People were confused by initial tweets about this. While FBI agents in private emails used The Seattle Times AP content as a model, the times itself was not used in the operation in any way. There was no fake Seattle Times website or fake page.

Q. Was there a fake AP website?

A: A webpage was created with a fake AP article.  A link to this page was sent via MySpace email to an account holder claiming responsibility for the bomb threat. The link said “article” and the url did not include any words similar to The Seattle Times or Associated Press. The only way the public would have seen this fake site is if the suspect had shared the link on MySpace or somewhere else.

So, yes, there was a fake website set up for a known bombing suspect to visit.

But, no, there wasn’t really a fake website that the public would likely encounter – though it was possible – specifically if the suspect shared the URL on MySpace.

Q. Did the FBI agent impersonate the media in some other way?

A. The FBI can’t reveal anything else about undercover agent who sent the email or the details of the operation.

Personally, I think it’s most likely that the agent posed as another MySpace user who emailed the article link. I think it’s less likely the agent posed as a journalist.

Q. Does publishing a fake AP blurb on a web page that only a known bomb suspect sees qualify as “impersonating the media”?

A. In my opinion, only in the very slightest way. The PI quotes Seattle Times Editor Kathy Best as saying, “Small as it was, the fake report chips away at the media’s credibility, Best said. Enough chips, and the foundation might crumble.” I think that’s overly alarmist given the facts of this particular case. Journalism is stronger than this. Read more on this point further below.

Geekwire commenter Rick said: “the main issue is that the FBI did not get permission from the AP to use their name. Impersonating someone without letting them know is an ethical no-no, it doesn’t matter how you slice it.”

I disagree. I think this is the kind of smart police work we want to see. I think it’s well understood by the public that catching bad guys requires cleverness and some level of subterfuge. We accept the concept of undercover agent. Would we eliminate all undercover agents purporting to be something they are not?

On Twitter, the ACLU’s Christopher Soghoian and Freedom of the Press’ Trevor Timm posted a few questions and comments.

Q. Does the fact that the FBI kept the judge in the dark about how they planned to deliver their malware change your analysis? The court had no idea the FBI would impersonate the press. The search warrant application doesn’t mention that.

The FBI said that it does not disclose details of its operational or deployment tactics in affidavits for search warrants. While not transparent, this is understandable; lest the bad guys learn their tactics.

My understanding is that the agent must appear before a judge and sign the affidavit in front of them. The judge has an opportunity to ask questions of the agent but there is no public record of the content of this discussion.

So, we don’t know what the judge knew or didn’t know. In the absence of information, even with as much faith as I’ve lost in Congress and the Supreme Court, I generally will give the benefit of the doubt to judges to be smart and responsible.

Soghoian: you won’t find the word “hack” or “exploit browser flaw” in any of the FBI’s malware warrant applications.

On Twitter and in online discourse – people often want to shout their views and convince everybody that they’re right and the other is wrong. It’s really okay for us technologists to have different views and values on issues such as these.

I personally am okay with the government exploiting technology to fight crime. I also understand that transparency can’t always be provided in these circumstances. But, I’m a believer that government should offer as much transparency as it can and a lot more than it does today.

If you want to dive into specifics on which technology exploits are okay and which aren’t – that’s fine – but I was only calling attention to the issues of this case.

Again, the judge would likely have had a chance to question the merits and details of the warrant request.

Soghoian: The type of case doesn’t matter. Impersonating the press, clergy or doctors should be off limits to the government.

Timm: some good points, but i think the main issue is impersonating news orgs not that they were targeting him.

Again, I think it’s okay for us to have differing opinions – and to support making space for  different opinions in our online discussions.

I’m not going to accept black/white thinking on the issues of press, clergy or medical impersonation. I know the damage caused by the CIA using vaccinations as a guise to surveil Bin Laden’s compound in Pakistan. I’m not sure I’d condemn the tactic in that case. A different tactic might have been better but I don’t think I’m in a place to make a clear judgment. Remember in the Soprano’s when Tony would go to his doctor’s to talk to his mob family to avoid surveillance? I’m not willing to draw a black/white line on this either.

Scott Greenfield tweeted this today in response to Soghoian: “Why binary thinking may be fine for geeks but monumentally bad for humans.” I agree with him here.

I personally think it’s smart, effective government/law enforcement when these tactics are appropriately applied … and I think this particular case showed checks and balances involved (the court warrant), restraint (the operation was escalated after other avenues were exhausted) and it was an appropriate use of technology (it was precisely targeted) to catch a perpetrator of a series of serious threats.

I’ve worked with journalists off and on since 1995. I’ve spent time in a number of newsrooms. I’ve been a three time grantee of the John S. and James L. Knight Foundation, a journalism foundation. I’ve written three cover stories for Seattle Weekly. I care deeply about the fourth estate. I’ve also found that journalists tend to be self-important blowhards (update: this was perhaps too harsh – instead, I’ll say many have a tendency towards self-importance). They’ll call for a ban on government impersonation of themselves and then they’ll go off and write listicles or delay vital information for “news at 11”.

What GeekWire cut from my piece was this paragraph: Anyone that’s followed The Seattle Times over the years knows that it’s hardly a consistent site for journalistic integrity. In 2012, the paper gave more than $75,000 in free advertising to Republican gubernatorial candidate Rob McKenna in the guise of marketing its advertising business, it’s editorial page has been a long time critic of the estate tax on behalf of its billionaire publisher and it chose not to report on Microsoft’s billion dollar Nevada tax dodge while making the director of the company’s tax dodging operation a Seattle Times Luminary.

The failures in ethics at The Seattle Times hasn’t managed to destroy journalism in Seattle. Nor has the existence of Fox News. Good journalism cannot be undermined. It wins on its merits. I have complete faith in this.

One person said I was “Astroturfing for the FBI

I contacted the FBI. They didn’t contact me. Just to be super clear, this is called journalism not astroturfing. Here are my past disclosures (sorry, I know they are a bit out of date – but I have no relationship with the agency).

I thought the outrage at the FBI was misplaced and out of scale for what happened in this case. Given the mass unconstitutional blanket NSA data collection that most of us are outraged and fighting against – I think it’s important that we pick and choose our battles carefully and not make mountains out of molehills; lest we be seen as crying wolf.

I think what happened in this case is an example of the precision police work we should be encouraging – the kind of smart tactical work the NSA should be doing instead of its blanket data collection.


Posted by Jeff Reifman

Jeff is a technology consultant based in the Pacific Northwest.

Leave a reply

Your email address will not be published. Required fields are marked *