Policy

Caitlin Vogus is the deputy director of advocacy at Freedom of the Press Foundation and a First Amendment lawyer. Jennifer Stisa Granick is the surveillance and cybersecurity counsel with the ACLU’s Speech, Privacy, and Technology Project. The opinions in this piece do not necessarily reflect the views of Ars Technica.

Imagine a journalist finds a folder on a park bench, opens it, and sees a telephone number inside. She dials the number. A famous rapper answers and spews a racist rant. If no one gave her permission to open the folder and the rapper’s telephone number was unlisted, should the reporter go to jail for publishing what she heard?

If that sounds ridiculous, it’s because it is. And yet, add in a computer and the Internet, and that’s basically what a newly unsealed federal indictment accuses Florida journalist Tim Burke of doing when he found and disseminated outtakes of Tucker Carlson’s Fox News interview with Ye, the artist formerly known as Kanye West, going on the first of many antisemitic diatribes.

The vast majority of the charges against Burke are under the Computer Fraud and Abuse Act (CFAA), a law that the ACLU and Freedom of the Press Foundation have long argued is vague and subject to abuse. Now, in a new and troubling move, the government suggests in the Burke indictment that journalists violate the CFAA if they don’t ask for permission to use information they find publicly posted on the Internet.

According to news reports and statements from Burke’s lawyer, the charges are, in part, related to the unaired segments of the interview between Carlson and Ye. After Burke gave the video to news sites to publish, Ye’s disturbing remarks, and Fox’s decision to edit them out of the interview when broadcast, quickly made national news.

According to Burke, the video of Carlson’s interview with Ye was streamed via a publicly available, unencrypted URL that anyone could access by typing the address into your browser. Those URLs were not listed in any search engine, but Burke says that a source pointed him to a website on the Internet Archive where a radio station had posted “demo credentials” that gave access to a page where the URLs were listed.

The credentials were for a webpage created by LiveU, a company that provides video streaming services to broadcasters. Using the demo username and password, Burke logged into the website, and, Burke’s lawyer claims, the list of URLs for video streams automatically downloaded to his computer.

And that, the government says, is a crime. It charges Burke with violating the CFAA’s prohibition on intentionally accessing a computer “without authorization” because he accessed the LiveU website and URLs without having been authorized by Fox or LiveU. In other words, because Burke didn’t ask Fox or LiveU for permission to use the demo account or view the URLs, the indictment alleges, he acted without authorization.

But there’s a difference between LiveU and Fox’s subjective wishes about what journalists or others would find, and what the services and websites they maintained and used permitted people to find. The relevant question should be the latter. Generally, it is both a First Amendment and a due process problem to allow a private party’s desire to control information to form the basis of criminal prosecutions.

The CFAA charges against Burke take advantage of the vagueness of the statutory term “without authorization.” The law doesn’t define the term, and its murkiness has enabled plenty of ill-advised prosecutions over the years. In Burke’s case, because the list of unencrypted URLs was password protected and the company didn’t want outsiders to access the URLs, the government claims that Burke acted “without authorization.”

Using a published demo password to get a list of URLs, which anyone could have used a software program to guess and access, isn’t that big of a deal. What was a big deal is that Burke’s research embarrassed Fox News. But that’s what journalists are supposed to do—uncover questionable practices of powerful entities.

Journalists need never ask corporations for permission to investigate or embarrass them, and the law shouldn’t encourage or force them to. Just because someone doesn’t like what a reporter does online doesn’t mean that it’s without authorization and that what he did is therefore a crime.

Still, this isn’t the first time that prosecutors have abused computer hacking laws to go after journalists and others, like security researchers. Until a 2021 Supreme Court ruling, researchers and journalists worried that their good faith investigations of algorithmic discrimination could expose them to CFAA liability for exceeding sites’ terms of service.

Even now, the CFAA and similarly vague state computer crime laws continue to threaten press freedom. Just last year, in August, police raided the newsroom of the Marion County Record and accused its journalists of breaking state computer hacking laws by using a government website to confirm a tip from a source. Police dropped the case after a national outcry.

The White House seemed concerned about the Marion ordeal. But now the same administration is using an overly broad interpretation of a hacking law to target a journalist. Merely filing charges against Burke sends a chilling message that the government will attempt to penalize journalists for engaging in investigative reporting it dislikes.

Even worse, if the Burke prosecution succeeds, it will encourage the powerful to use the CFAA as a veto over news reporting based on online sources just because it is embarrassing or exposes their wrongdoing. These charges were also an excuse for the government to seize Burke’s computer equipment and digital work—and demand to keep it permanently. This seizure interferes with Burke’s ongoing reporting, a tactic that it could repeat in other investigations.

If journalists must seek permission to publish information they find online from the very people they’re exposing, as the government’s indictment of Burke suggests, it’s a good bet that most information from the obscure but public corners of the Internet will never see the light of day. That would endanger both journalism and public access to important truths. The court reviewing Burke’s case should dismiss the charges.