Slashdot Mirror
PA Seizes Newspaper's Computers
twitter writes "Computer equipment from the Lancaster Intelligencer Journal was seized for alleged improper data access and disclosure. From the article: 'If the reporters used the Web site without authorization, officials say, they may have committed a crime.' Journalist are understandably upset that confidential information, that has nothing to do with the investigation, will be found and used for retribution."
This seems to me like impounding your car to take it apart to prove that you drove 7Mls over the speed limit.
Or in other words: Harrassement!
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
That seems to be the slogan. After all, without them, some not really legal actions taken by governments could be more easily covered up.
So if you can give them the impression that even when a newspaper grants you anonymity, the feds will somehow find out who you are. Sure, you can still execute your freedom of speech.
But will you dare to when it pretty much means your career is over because it's this easy for the government to grab any kind of information they want? So take your share of the cake and shut up. It's better for you.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
If a newspaper company commits a crime, infiltrating password-protected government computers in this case, should it be allowed to continue because of the First Amendment guarantee of Freedom of the Press?
According to the 4th Amendment, the right to be secure in our belongings is still subject to the will of a judge to issue a warrant. The warrant was issued in this case, and the judge has taken personal responsibility to act as escrow for the information that reaches the prosecutors.
I don't know what else can really be guaranteed the newspaper, except that they will have their day in court. Their protests about informant confidentiality is a red herring, designed to take our attention away from the possibility that they were involved in illegal activities.
First off, if the coroner had indeed provided the system's password, wasn't he the one contravening security policy (if not the law)?
Their justification for the computer seizure doesn't explain it at all. If they were concerned about a possible breach (even one obtained through some fraud or password sharing), they'd be able to ascertain the truth more reliably and certainly via access logs from the host systems, or even the intervening logs from the newspaper's ISP. Period.
Searching through the hard drives would be a last ditch effort for a legitimate investigation, since the cache could have been modified or deleted (thus requiring a forensic examination of the suspect systems).
The investigators are either stupid or lying about their true motivations. I can smell a lawsuit of significant proportion.
in the Constitution. Freedom of the press means simply what it says, freedom of the (printing) press. It's an extension to freedom of speech. What good is a guarantee that you won't be imprisoned for speaking if you have to get a license from Congress to circulate your opinion?
The freedom of the press was also the freedom to publish books in our founders' times. There was no journalism as it has come to be known today. The "newspapers" back then were so bad they make the National Enquirer look respectable.
And sure, a free media doing reporting is necessary for a strong democratic system. Too bad we don't have one thanks to reporters' willingness to schmooze with politicians of both parties and obsession with certain political viewpoints over real reporting. Instead of hard-hitting information on Bush or Clinton, what do we get? "Rich white girl kidnapped, film at 11!"
Besides, what they did was a crime and they knew it. Who in their right mind would have accessed a private police network to publish public reports? Gee, you'd think as a reporter that maybe the coroner is setting you up there and you might want to contact the police to get him nailed and not you.
Contrary to the /. headline, Philadelphia did not sieze the four hard drives.
Philadelphia is a city.
Pennsylvania is a commonwealth.
Surprisingly enough, the Pennsylvania Attorney General's Office works for the Commonwealth of Pennsylvania, not the City of Philadelphia. I know it's confusing; after all: they both start with the same letter.
-=Maggie Leber=-
The paper doesn't seem to be denying accessing the site, merely if it had been given permission. The only possible reason for this would be to check who accessed the site using the login and when, something which the government's own server logs should reveal.
It looks like the state is trying to investigate leaks from inside its offices. Last time I checked, wasn't there some sort of confidentiality/privlage attached when you're an "Unnamed Source" for a paper? Wouldn't this be violating a few people's Constitituinal rights?
Warning: Corny karma killing post above.
I wonder how many reporters are using encryption on their Filesystems these days? If they are not, now is the time to start. A bit of a hassle, but maybe less hassle than spending 3 years in prison.
I prefer the "u" in honour as it seems to be missing these days.
One of the lessons in this story is that any organization involved in investigative reporting needs to keep its data systems under heavy cryptographic lock and key. Quite separate from any possible legal wrongdoing on the part of one or more of their reporters, all their other stories and investigations are now severely comprimised by the seizure, as others have pointed out. Their whole business could be at risk because of the ease with which computer equipment can be taken away.
This inevitably brings to mind today's story about Amazon's new storage service. If Lancaster Intelligencer Journal had stored their encrypted records and work files on such a storage service, would Amazon (or Google etc) have got raided and their computers taken away?
Obviously not (I think), but where does the boundary between yes and no actually lie? What if LIJ stored their encrypted data at some small 3rd party outfit?
This whole area is likely to become a tangled quagmire, as well as sadly a legal goldmine.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
Hack into their website.
Whatever happened to 1st Amendment rights? Should people be afraid of what they write?
They need to contact http://www.firstamendmentcenter.org/
He who knows best knows how little he knows. - Thomas Jefferson
All I know is this'll sure make a good news story. Oh; wait, nevermind.
What doesn't seem to be passing most people's minds is the fact that this is a criminal investigation, not a civil one. As such, its target will be individuals, not the newspaper itself. If the newspaper is anything normal in this day and age, they lawyered up at first notice, and certainly didn't reveal the individuals within the newspaper who were responsible for the illegal access. As for server logs, they don't prove much. How, for instance, will the logs at the server level produce any compelling evidence as to who was physically using the workstations involved? As a criminal investigation with major possible jailtime involved, they can't arrest the entire newspaper, and have to go after individual users. And heck, even if they did have what they believed was sufficient evidence, federal prosecutors tend to want to have all the evidence they can get in case a defense attorney punches a hole through the legitimacy of a given piece of evidence. It's unfortunate that such events would effect the entire newspaper for actions of a few, but if the newspaper had knowledge, they're getting what they sowed...
Pretty sad when newspapers in this country have to start worrying about encrypting their source data. Welcome to Republican Amerika, formerly known as the land of the free.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
I think the biggest lesson here is that ALL your files that are important or private MUST be encrypted on your computer. Because the federalies will come looking through them sooner or later. Using a encryption system that gives you plausable deniability like True Crypt is a better choice as you can lead them astray. you can give them a fake password that lets them into the encrypted file but only gives up worthless information keeping the secure documents hidden.
Finally, with today's fervor over terrorism it's best for you to not write anything down, record nothing and deny, deny, deny.
Do not look at laser with remaining good eye.
All analogies are bad and that was a Really bad analogy.
Yep - Using analogies is like comparing apples and oranges.
Contrary to the /. headline, Philadelphia did not sieze the four hard drives.
Philadelphia is a city.
Pennsylvania is a commonwealth.
Surprisingly enough, the Pennsylvania Attorney General's Office works for the Commonwealth of Pennsylvania, not the City of Philadelphia. I know it's confusing; after all: they both start with the same letter.
but then so does Pontiac Plymoth and Ptomaine
Diplomacy is the art of saying "Nice doggie" until you can find a rock. Will Rogers
I keep reading people write "Freedom of the press" like that trumps any illegal activity. Am I missing something here? A couple reporters gets the username/password of the local coroner (with or without his knowledge is in debate right now) and proceed to access a restricted web site. How is this not illegal?
/and on the subject of server logs... This is slashdot, I thought you guys knew better. Even if you track the IP back to the newspaper, all that says is someone connected to that IP accesssed the system, not which system behind the firewall it was (and do they have free wireless in their lobby?)
Is a reporter allowed to run red lights? Can they break into the mayors office to rummage thru his files? How is this any different???
The encryption is invisable to the users. When the box is rebooted, the encrypted shares simply vanish and are not seen on the network until the password is input from the web interface. Another snip from Toms site;
I was initially a little confused about how an encrypted share would work. Would the client have to enter the encryption password, as well as the user password, when mounting the network share? I saw no provision for this, but what I had to do became clear the next time I rebooted the box. When the SimpleShare rebooted, I received an e-mail from it telling me that I had to go into the administration screen and enter the encryption password. Once I did this, the share was available for clients. So this feature is meant to protect your data if someone walks off with your drive - without the password, they won't be able to access it.
end snip
That's the way to survive a raid. Packing it up breaks it if they find it.
I know from experiance (i made a configuration error) that using the reset to reset it to factory defaults does not open the encrypted share. It stays encrypted and can only be opened and mounted by entering the encryption key.
The truth shall set you free!
But how could you do that? Everyone knows that apples are BETTER than oranges, so there is no comparison! (God, I hope I don't have to use a smiley to show that this was meant as humor. Holy crap, is this thing still on...)
A link for Simple Share NAS would be great, though I'm going to google it as soon as I finish writing this. Also, how strong is the encryption and have there been any administrative issues, flakiness, etc.?
t inas250/
The only flakieness I know about is one I did and had to send it in to be recovered. Use share passwords if you are using an encrypted drive. Do not do like I did and make some shares, provide passwords, then create users with user privilages, and then create an encrypted pool. It loops the software and no longer talks to the LAN. The magic reset to factory defaults does not recover from that. Other than that, read the Tom's Networking review. The rest of it is right on. The other thing a little weird is the 250G drive has a 3 year warranty but the 160G drive has only 1 year.. Go figure. Anyway the link;
http://www.tomsnetworking.com/2005/04/15/review_s
The truth shall set you free!
Our sleepy little town made slashdot...wow!
Here's the paper's website. Nothing is mentioned about it there.
http://lancasteronline.com/index.php
When did Philadelphia take over the rest of Pennsylvania and rename it?
The state of Philadelphia should sieze the hard drives of the Slashdot Editors for lousy journalism.
Slashdot = alt.religion.windows.mpaa.riaa.sucks
On the one hand:
"This is horrifying, an editor's worst nightmare," said Lucy Dalglish, executive director of the Reporters Committee for Freedom of the Press in Washington. "For the government to actually physically have those hard drives from a newsroom is amazing. I'm just flabbergasted to hear of this."We have the potential for confidential sources and other non-related data to be exposed to the light of day. On the other hand:
The grand jury is investigating whether the Lancaster County coroner gave reporters for the Lancaster Intelligencer Journal his password to a restricted law enforcement Web site. The site contained nonpublic details of local crimes. The newspaper allegedly used some of those details in articles.If the reporters used the Web site without authorization, officials say, they may have committed a crime.
We have reporters, eager to scoop the competition to drive up circulation by exposing little know details of crimes, committing a crime themselves in cahoots with the coroner, who must have been getting something out of the deal.
Either way you cut it, it's a legal quagmire and a constitutional nightmare.
GetOuttaMySpace - The Anti-Social Network
It's called "probable cause" to believe that an entity (the paper) was involved in the crime. The state can not know whether the newspaper's computers were also used illegally as the state is claiming the coroner's password was. I can easily guess that some hacker that got the password might also hack some news corp's site that had weak security. Why? Cuz anyone would know that the state will (or should) use extra care when kicking in the doors of the press.
Something else you're missing is called "Innocent until proven guilty".
The paper is innocent, and the siezure would obviously have a serious impact on their business. A judge should take this into account before signing a warrant, especially when the criminal could so easily be someone else.
Even if non-public facts were disclosed by the newspaper, the state does not "know" that hacking was the source unless there is clear evidence. Even if hacking was the source, what indication does the state have that it was the newspaper that did the hacking? They may have been hacked too.
The coroner claims he didn't share the password. Who else would know?
Pavlov wouldn't be so famous if he'd used a can opener instead of a bell.
And presumably that unrelated confidential information wouldn't fall under the scope of the warrant. But the cops *definitely* have enough for a warrant. They have traced blatantly illegal activity back to a computer and seized it. Any private citizen would have faced the same. Freedom of the press isn't a blanket right to break the law with complete impunity and immunity.
I mean, think about what you're saying. It's like saying anyone with confidential information in their house (ie, everyone) shouldn't ever be subject to a legal, warranted search. There are mechanisms to restrict the scope of warrants.
In general, if one is worried about such confidential information, I'd strongly suggest not doing completely illegal shit with the computer containing it.
Want to make any bets that the manufacturer has a masterkey, or key reclamation mechanism, and will share it with law enforcement if there is a subpoena involved?
I was thinking too slow.. The software is GPL. Download the source and take a look. I'm not making any bets, but the odds against a back door are heavily in my favor.
The truth shall set you free!
I thought this was interesting, since the Intelligencer Journal's HQ is about 2 miles from my house. Anyway, it sounds more like the reporter's computers were stolen, rather than Intelligencer Journal's.
State agents raided Kirchner's home outside Lancaster last month and took computers, he said. He said he had had no other contact with authorities since.
I can see the issue of having confidential secrets being found by the government, but at the same time being in the press does not absolve you from having evidence collected on you. The best thing the government can do is find a 3rd party to do the evidence collection (that is trusted by both sides).
More chilling than law enforcement seizing assets from a newspaper for inspection is the sheer arrogance of individuals in the media industry believing that they are above the law. Literally. The first amendment has - time and again - protected our media from censorship. I cannot possibly imagine how one could arrive at the conclusion that the first amendment also protects the media (or anyone else) from criminal investigations. I'm a member of the computer forensics community; I know what is going to happen to the computers in Harrisburg, and the ridiculous allegations thrown about by a few individuals discredit the media community as a whole. I'm sure you're aware of the adage "A bad apple spoils a bunch?" It holds especially true in the media. You have a larger audience than a nameless person unheard by the masses. To see wild claims from someone in the media about government conspiracies and constitutional violations over a matter of criminal investigation do a great discredit to your once noble profession. If the seized computer's slack space, RAM, or more simple tracking means contain data showing access to the web page in question, someone (or several someones) are going to spend an exquisitely long time in prison. Invest in soap-on-a-rope now. Honestly though...simply for the belief that the First Amendment somehow grants the media immunity from criminal behavior, I sincerely wish that the rest of your industry would scorn you, decry you as unworthy, and distance themselves from such unethical beliefs. Unfortunately, I don't think they will. Thus, the growing scorn for American media. Thanks for being a part of the division.
The following link is from the Lancaster papers' website. It has greater detail on the case and more information about what Judge Feudale actually authorized, which was a relatively limited search and in camera review of the findings prior to allowing them to be turned over to the Commonwealth.
r neyID=24) that he knows bupkis about criminal law. Barley Snyder attorneys are usually pretty sharp folks, but they are not who I would select for this sort of case, either for the newspaper company or the journalists in the underlying criminal case.
http://local.lancasteronline.com/4/21327
In addition, the Lancaster papers' attorney failed to secure any witness or provide any testimony that could demonstrate that the computer forensics work could be done in the newspapers' offices as opposed to taking the drives to the AG's forensics lab. You have to at least put up a fight to win. I think that the attorney for the paper knows bupkis about technology and he was completely unprepared to fight the subpoena on that basis. It's an example of having the wrong lawyer and being outgunned by people who specialize in this sort of criminal prosecution.
I suspect also, having read the bio of the attorney (George C. Werner) on his firm's (Barley Snyder) website (http://www.barley.com/attorney/bios/bio.cfm?atto
GF.
Lots of petrified grits
Encryption wouldn't do much good when a judge will just order you to reveal the password(s) under pain of a contempt charge and jail until you concede, regardless of claims of bad memory, etc.
Can't you plead the 5th when asked to give passwords? I've always wondered about that... Can you be forced to give information to the authorities? From my understanding you cannot be forced to testify against yourself.
Or maybe the "right to remain silent" doesn't always apply to certain situations?
Can anyone shed light on this?
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
I'm not sure if your NAS device is IDE based or SCSI based (internally). ATA drives use a locking mechanism that is not actually on the disk, but on the circuit boards surrounding the disk (I have some experience with locking/unlocking drives for Xbox repair/modification). Some drives dont lock, others will lock, but do not unlock when supplied with the correct password. I haven't had a new drive go into a persistant lock state, but a referbished drive was persistantly locked the first time I locked it, and a older 8gb drive failed to work in a system simply because it would not unlock.
You should be especially careful with any data you keep on a system of this type. I would reccomend at least keeping a mirror of the box to make sure you dont loose the whole thing.
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
The very last line in the article is chilling - "In a one-page order dated Wednesday, the Supreme Court declined to hear the case on procedural grounds, freeing the state to examine the hard drives."
First the elections in 2000, and now aiding and abetting the dismantling of the right to free speech.
Way to go, GW - you really packed the court with "objective" jurists - as long as they rule to keep restricting freedoms.
"Let us raise a standard to which the wise and honest can repair" - George Washington