PA Seizes Newspaper's Computers

twitter writes "Computer equipment from the Lancaster Intelligencer Journal was seized for alleged improper data access and disclosure. From the article: 'If the reporters used the Web site without authorization, officials say, they may have committed a crime.' Journalist are understandably upset that confidential information, that has nothing to do with the investigation, will be found and used for retribution."

Logs?

[CaptainZapp]

Couldn't they prove their case with their own, damn webserver logs?

This seems to me like impounding your car to take it apart to prove that you drove 7Mls over the speed limit.

Or in other words: Harrassement!

Re:Logs?

[G)-(ostly]

You don't need to follow basic computer security principles involved in "proving" behaviors if you have enough guns at your disposal.

Re:Logs?

[thedletterman]

So a bank notices an employee key card is missing, and it was used to open the front door and the vault door. they even find a hundred thousand dollars missing from the bank, and a review of the security cameras reveals the offender. Should they bother to get a warrant to search their house, or is that just harrassment?

Re:Logs?

[Technician]

That's why I just bought an external NAS drive with encryption. If it lost power, it locks and can't be unlocked until the encryption key is re-entered. They may be able to delete my data, but they can't access it. As an additonal security, the little drive is hung remotely off the lan. Finding it to take it could be a challange.

Check out the Simple Tech SimpleShare NAS. Drop it in the janitor closet someplace locked.

Re:Logs?

[thedletterman]

I don't see where the article suggests the investigators did not check the logs. I'm pretty sure that's how they figured out whose password was used to access this website.

Re:Logs?

[Technician]

Exactly what do you have to hide, citizen?

1 Tax records
2 Full credit card information including card number, pin, phone numbers to call if lost or stolen.
3 Full bank details for online banking
4 Password list for various websites i log into once in a while. After all, I can't use Technician as a logon for AOL IM. So when I do use it on occasion, I need to look up my id.
5 Alarm system master password and user password. I seldom use the master password.

Can you think of any reason to leave any of that out for law enforcement or a burglar to dig through? It's nothing I would want either to have.

Re:Logs?

[Technician]

Certanly. Read the Tomsnetworking review. It's in about the 4th page of the review.

http://www.tomsnetworking.com/2005/04/15/review_st inas250/page4.html

Snip Digging deeper into the menus revealed some advanced functionality that didn't appear to be advertised anywhere on SimpleTech's web site or product brochures. I found menus for creating encrypted, mirrored and striped shares, which are RAID capabilities that I have not seen in other boxes of the same class. Selecting the Help button on this screen brought up a full help listing for all features of the box, including these advanced ones. Reading through the help menus indicated that the mirror and striping capabilities are designed to be used on external drives plugged into the box.

end snip

It's one of the main reasons I bought it. Raid, Encryption and easly hidden someplace to be left behind in a raid or burglary. What more could a geek want?

Re:Logs?

[ozmanjusri]

Exactly what do you have to hide, citizen?

"Give me six lines written by the most honorable of men, and I will find an excuse in them to hang him."
Cardinal Richelieu

Silence the whistleblowers!

[Opportunist]

That seems to be the slogan. After all, without them, some not really legal actions taken by governments could be more easily covered up.

So if you can give them the impression that even when a newspaper grants you anonymity, the feds will somehow find out who you are. Sure, you can still execute your freedom of speech.

But will you dare to when it pretty much means your career is over because it's this easy for the government to grab any kind of information they want? So take your share of the cake and shut up. It's better for you.

Re:Silence the whistleblowers!

[thedletterman]

How is this even relevant? The newspapers were discolsing secret details of crime investigations.. you know, those little details they use to confirm confessions that are sensitive to leads in the investigations? This newspaper, desperate to give more details than the others, compromised the police departments ability to investigate crimes. I'm scratching my head wondering how this should be glorified, and how whistleblowing applies?

Is the Freedom of the Press abridged?

[BadAnalogyGuy]

If a newspaper company commits a crime, infiltrating password-protected government computers in this case, should it be allowed to continue because of the First Amendment guarantee of Freedom of the Press?

According to the 4th Amendment, the right to be secure in our belongings is still subject to the will of a judge to issue a warrant. The warrant was issued in this case, and the judge has taken personal responsibility to act as escrow for the information that reaches the prosecutors.

I don't know what else can really be guaranteed the newspaper, except that they will have their day in court. Their protests about informant confidentiality is a red herring, designed to take our attention away from the possibility that they were involved in illegal activities.

Re:Is the Freedom of the Press abridged?

[SkankinMonkey]

I'm not going to argue with you on the main points because I agree with you on them BUT one thing has come along with digital media that really calls for other protections for defendants to be put into place. For one, since computers do store massive amounts of data, and many stories are theoretically being worked on with this computer, shouldn't the defense have some sort of representative available while said computer is being accessed to make sure that only relevant data is accessed OR to take note of data that was accessed as to make sure that their computers are being properly confiscated and this isn't just a setup for a SLAP suit?

Re:Is the Freedom of the Press abridged?

[BlueStrat]

Just another argument for encryption, and perhaps also for some method of storing information about seperate subjects seperately so that only some subset of the encrypted data need be decrypted, and not just everything.

Encryption wouldn't do much good when a judge will just order you to reveal the password(s) under pain of a contempt charge and jail until you concede, regardless of claims of bad memory, etc. There could also be destruction of evidence and obstruction of justice charges for wiping or destroying the hardrives.

Keeping the data private from investigators is possible, if one is willing to spend some serious time in the justice and penal systems. I'm all for standing on ones' principals, but when you're looking at a long stretch in prison, with a whole life, a career, and a family to consider, priorities can change in a hurry.

IANAL, YMMV, etc...

Strat

Re:Is the Freedom of the Press abridged?

[thedletterman]

I agree that the protests about all the data they don't want the government to find is a red herring. In reporting this story, it's pretty clear they're trying to shape public opinion of the big, bad, invasive government vs the good-natured press. What is really the story is that law enforcement (the REAL good guys, in case you didn't know) busted a reporter so desperate for information, that they violated the security of the municipality, and who knows what other laws they broke. The freedom of the press, isn't the freedom to be above the law... and just to help out the FUD, when you attempt to access a protected computing system, you will get a notice that reads something like this...

ATTENTION! THIS COMPUTING SYSTEM, INCLUDING ALL RELATED EQUIPMENT, NETWORKS, AND NETWORK DEVICES ARE PROVIDED ONLY FOR AUTHORIZED U.S. GOVERNMENT USE. ONLY AUTHORIZED USERS ARE PERMITTED ACCESS TO THIS SYSTEM. DOD COMPUTER SYSTEMS MY BE MONITORED FOR ALL LAWFUL PURPOSES, INCLUDING TO ENSURE THEIR USE IS AUTHORIZED.

I think it's pretty clear even if someone gave you a password, you should know you are not authorized to use it.

Re:Is the Freedom of the Press abridged?

[MathFox]

How many computers does the newspaper have left after the four computers are taken... Freedom of the press isn't worth a thing when all your ink is taken away "for investigation".

I agree that journalists should be punishable for crimes they commit, but "criminal investigation" is commonly used as an excuse for government intimidation. (Not often in the USA, but read the reports from Reporters without borders.) Is this happening here, the secrecy around all this makes me worry!

Re:Is the Freedom of the Press abridged?

[yuna49]

From TFA:
Feudale ruled Feb. 23 that the state could seize the computers but view only Internet data relevant to the case. The judge also ordered the agent who withdraws the data to show them to him first - before passing them to prosecutors - to ensure that the journalists' other confidential files are not compromised.

Personally I think the entire process ought to be handled by a third-party on behalf of the court, and not by the state which is a party at interest. How could anyone be sure that only the material shown to the judge is made available to the prosecutors? How can anyone be sure that a complete copies of the entire contents of the drives weren't made and handed to the prosecution on the sly?

I also had the same reaction as the initial commentators here. Why isn't it proof enough that webserver log entries exist showing access to the restricted areas from the IPs of the newspaper? Sure IP addresses don't give you any information about the actual identity of the person(s) accessing the site, but seizing the computers is no better. How can you prove that the use of the computers wasn't by an unauthorized person? In fact, if you're out to undermine a local newspaper, sneaking into their offices and accessing a protected government website and then claiming foul sounds like a good strategy.

And, for those of you who want to analogize this situation to a simple burglary, remember that there are important press freedom issues here that don't arise in normal criminal acts. When printing presses were invented, states first tried destroying them, then licensing them. Governments have a very strong incentive to restrict press access as much as possible. That's why we have a First Amendment.

Proof that there's no proof

[kafka47]

First off, if the coroner had indeed provided the system's password, wasn't he the one contravening security policy (if not the law)?

Their justification for the computer seizure doesn't explain it at all. If they were concerned about a possible breach (even one obtained through some fraud or password sharing), they'd be able to ascertain the truth more reliably and certainly via access logs from the host systems, or even the intervening logs from the newspaper's ISP. Period.

Searching through the hard drives would be a last ditch effort for a legitimate investigation, since the cache could have been modified or deleted (thus requiring a forensic examination of the suspect systems).

The investigators are either stupid or lying about their true motivations. I can smell a lawsuit of significant proportion.

/K

Re:Proof that there's no proof

[funkman]

The website had disclaimers on it (either during the login process or once you are signed in) that states unauthorized access is prohibited and that the web site is for official use only.

So a journalist (or anyone) using the site with someone's else's login credentials violates the terms of service of the site.

There is no way to plead ignorance for those who improperly accessed the site.

Re:Proof that there's no proof

[Half+a+dent]

Just because you have been given a key to a building by an employee does not mean you are not guilty of trespass if you go ahead and use it. Same deal here.

Seizure may be going too far though - all depends on the specifics of the case.

--

(I never read facts - they spoil my arguments)

There is no freedom to be a reporter

[MikeRT]

in the Constitution. Freedom of the press means simply what it says, freedom of the (printing) press. It's an extension to freedom of speech. What good is a guarantee that you won't be imprisoned for speaking if you have to get a license from Congress to circulate your opinion?

The freedom of the press was also the freedom to publish books in our founders' times. There was no journalism as it has come to be known today. The "newspapers" back then were so bad they make the National Enquirer look respectable.

And sure, a free media doing reporting is necessary for a strong democratic system. Too bad we don't have one thanks to reporters' willingness to schmooze with politicians of both parties and obsession with certain political viewpoints over real reporting. Instead of hard-hitting information on Bush or Clinton, what do we get? "Rich white girl kidnapped, film at 11!"

Besides, what they did was a crime and they knew it. Who in their right mind would have accessed a private police network to publish public reports? Gee, you'd think as a reporter that maybe the coroner is setting you up there and you might want to contact the police to get him nailed and not you.

Re:There is no freedom to be a reporter

[capt.Hij]

Besides, what they did was a crime and they knew it. Who in their right mind would have accessed a private police network to publish public reports? Gee, you'd think as a reporter that maybe the coroner is setting you up there and you might want to contact the police to get him nailed and not you.

Not only that but anybody who talks to a reporter should know that there is no guarantee that the reporter will not be forced to tell law inforcement their source. When reporters write something down it should be assumed that it may be investigated. This raises the question of why reporters would put information on a computer and not encrypt it. If they have sensitive information it should be encrypted. How hard is it to use pgp? That is the only way to insure that the information they have will remain private.

If reporters really want to protect their sources they will not rely on judges to back them up but take precautions to insure that their information is secure from prying eyes.

/. headline is wrong

[MaggieL]

Contrary to the /. headline, Philadelphia did not sieze the four hard drives.

Philadelphia is a city.

Pennsylvania is a commonwealth.

Surprisingly enough, the Pennsylvania Attorney General's Office works for the Commonwealth of Pennsylvania, not the City of Philadelphia. I know it's confusing; after all: they both start with the same letter.

This is massive overkill

[99luftballon]

The paper doesn't seem to be denying accessing the site, merely if it had been given permission. The only possible reason for this would be to check who accessed the site using the login and when, something which the government's own server logs should reveal.

From what I'm reading...

[RagingFuryBlack]

It looks like the state is trying to investigate leaks from inside its offices. Last time I checked, wasn't there some sort of confidentiality/privlage attached when you're an "Unnamed Source" for a paper? Wouldn't this be violating a few people's Constitituinal rights?

Re:From what I'm reading...

[sgant]

Um...no. When talking to a reporter you're not protected in any way. It's not like talking to a lawyer or a doctor...or even a clergyman for that matter. Reporters are threatened all the time with contempt-of-court unless they give up their sources. When was the last time a lawyer was threatened with contempt unless he spilled everything his client told him about a crime? It's privileged. That's protected. Talking to some yahoo who thinks he's the next Woodward & Bernstein from the Washington Post isn't privledged.

Of course, I'm not a lawyer, so I could be totally wrong about all this. Take my advice when I say: "Don't take my advice".

encryption for FSs

[WindBourne]

I wonder how many reporters are using encryption on their Filesystems these days? If they are not, now is the time to start. A bit of a hassle, but maybe less hassle than spending 3 years in prison.

Can remote 3rd party storage be siezed?

[Morgaine]

One of the lessons in this story is that any organization involved in investigative reporting needs to keep its data systems under heavy cryptographic lock and key. Quite separate from any possible legal wrongdoing on the part of one or more of their reporters, all their other stories and investigations are now severely comprimised by the seizure, as others have pointed out. Their whole business could be at risk because of the ease with which computer equipment can be taken away.

This inevitably brings to mind today's story about Amazon's new storage service. If Lancaster Intelligencer Journal had stored their encrypted records and work files on such a storage service, would Amazon (or Google etc) have got raided and their computers taken away?

Obviously not (I think), but where does the boundary between yes and no actually lie? What if LIJ stored their encrypted data at some small 3rd party outfit?

This whole area is likely to become a tangled quagmire, as well as sadly a legal goldmine.

Re:Can remote 3rd party storage be siezed?

[Red+Flayer]

"One of the lessons in this story is that any organization involved in investigative reporting needs to keep its data systems under heavy cryptographic lock and key."

Pointless, since it is illegal to not provide the key when asked by law enforcement who've gotten a warrant for it.

If you are concerned about your data being seized, you're better off having it on a portable storage device that you can either toss or give to someone else for safekeeping if you think the hammer's going to drop on your investigation.

Third parties would have to give up your files if they are prsented with a warrant for them. The key would be to use an offshore storage company, and do all your online activity through an offshore proxy. I'm sure they'll have tons of fun trying to serve a warrant then.

Re:Can remote 3rd party storage be siezed?

[Red+Flayer]

Warrants are not that specific. Warrants can be issued for entire computer systems looking for one tidbit. Law enforcement is only allowed to use the information that is covered by the warrant, but the only way they can verify that you've provided the keys to all the relevant files is to have a blanket warrant for all keys, and then check each file to see if it is relevant.

Same as standard home search warrants -- they don't issue a warrant to just search your sock drawer, because you told them that's the only place you'd keep the contraband they're looking for.

For more information...

[mwm158]

Hack into their website.

The Land of the Free?

[digitaldc]

Whatever happened to 1st Amendment rights? Should people be afraid of what they write?

They need to contact http://www.firstamendmentcenter.org/

I dont get it.

[TenLow]

They're punishing reporters for reporting? If they were given access when they shouldnt have had it, wouldnt it be the fault of the person who gave them access, not them for accessing it?

All I know is this'll sure make a good news story. Oh; wait, nevermind.

The lesson Learned here kids?

[Lumpy]

I think the biggest lesson here is that ALL your files that are important or private MUST be encrypted on your computer. Because the federalies will come looking through them sooner or later. Using a encryption system that gives you plausable deniability like True Crypt is a better choice as you can lead them astray. you can give them a fake password that lets them into the encrypted file but only gives up worthless information keeping the secure documents hidden.

Finally, with today's fervor over terrorism it's best for you to not write anything down, record nothing and deny, deny, deny.

Re:The lesson Learned here kids?

[blackest_k]

I wonder is it practical to use the spare space on a block for data?

perhaps with a 32k cluster size a dummy file might use 3k leaving 29k free for encrypted data if you had the program to access and decript the free space on a usb key say you could have potentially a very secure system especially if the key could be overwritten if the wrong password was entered.
the hd would look clean the key might even just monitor a key sequence without even offering a prompt.

or perhaps the key might be a jpg that would need to be copied to a specific location on the harddrive. probably needs to be automatically erased once access has been granted

just a thought :)

there must be ways and means

Re: Really bad analogy

[afaik_ianal]

All analogies are bad and that was a Really bad analogy.

Yep - Using analogies is like comparing apples and oranges.

Am I missing something???

[00Dan]

I keep reading people write "Freedom of the press" like that trumps any illegal activity. Am I missing something here? A couple reporters gets the username/password of the local coroner (with or without his knowledge is in debate right now) and proceed to access a restricted web site. How is this not illegal?

Is a reporter allowed to run red lights? Can they break into the mayors office to rummage thru his files? How is this any different???

/and on the subject of server logs... This is slashdot, I thought you guys knew better. Even if you track the IP back to the newspaper, all that says is someone connected to that IP accesssed the system, not which system behind the firewall it was (and do they have free wireless in their lobby?)

Re:More info.

[Technician]

The encryption is invisable to the users. When the box is rebooted, the encrypted shares simply vanish and are not seen on the network until the password is input from the web interface. Another snip from Toms site;

I was initially a little confused about how an encrypted share would work. Would the client have to enter the encryption password, as well as the user password, when mounting the network share? I saw no provision for this, but what I had to do became clear the next time I rebooted the box. When the SimpleShare rebooted, I received an e-mail from it telling me that I had to go into the administration screen and enter the encryption password. Once I did this, the share was available for clients. So this feature is meant to protect your data if someone walks off with your drive - without the password, they won't be able to access it.

end snip

That's the way to survive a raid. Packing it up breaks it if they find it.
I know from experiance (i made a configuration error) that using the reset to reset it to factory defaults does not open the encrypted share. It stays encrypted and can only be opened and mounted by entering the encryption key.

Two ways to look at it

[Billosaur]

On the one hand:

"This is horrifying, an editor's worst nightmare," said Lucy Dalglish, executive director of the Reporters Committee for Freedom of the Press in Washington. "For the government to actually physically have those hard drives from a newsroom is amazing. I'm just flabbergasted to hear of this."

We have the potential for confidential sources and other non-related data to be exposed to the light of day. On the other hand:

The grand jury is investigating whether the Lancaster County coroner gave reporters for the Lancaster Intelligencer Journal his password to a restricted law enforcement Web site. The site contained nonpublic details of local crimes. The newspaper allegedly used some of those details in articles.

If the reporters used the Web site without authorization, officials say, they may have committed a crime.

We have reporters, eager to scoop the competition to drive up circulation by exposing little know details of crimes, committing a crime themselves in cahoots with the coroner, who must have been getting something out of the deal.

Either way you cut it, it's a legal quagmire and a constitutional nightmare.

Journalists have freedom, not immunity

[Mr.+Underbridge]

"Journalist are understandably upset that confidential information, that has nothing to do with the investigation, will be found"

And presumably that unrelated confidential information wouldn't fall under the scope of the warrant. But the cops *definitely* have enough for a warrant. They have traced blatantly illegal activity back to a computer and seized it. Any private citizen would have faced the same. Freedom of the press isn't a blanket right to break the law with complete impunity and immunity.

I mean, think about what you're saying. It's like saying anyone with confidential information in their house (ie, everyone) shouldn't ever be subject to a legal, warranted search. There are mechanisms to restrict the scope of warrants.

In general, if one is worried about such confidential information, I'd strongly suggest not doing completely illegal shit with the computer containing it.

Re:Journalists have freedom, not immunity

[KagatoLNX]

While I don't disagree with the principle that seizure can be reasonable in the face of a real crime, the nature of seizure and of leaked confidential information makes this not so cut and dry.

Since businesses do a better job obtaining and preserving their protections than the public seems to do, just look to them for the precedent. They refuse to release things all the time claiming "irrepairable harm". Admittedly those are usually civil cases involving trade secrets and the like. However, the point stands. The Bill of Rights protects against unreasonable search and seizure for exactly that reason. Leaking information that can be used for retribution against citizen or, almost more importantly, against the press causes irrepairable harm. The belief of the paper is that the seizure, in this case, was far beyond what a constitution warrant would allow.

Admittedly computers and networks of them are very tightly integrated. It's hard to seize just the right parts of them. However, having witnessed the aftermath of a few police seizures of computer equipment I can assure you that it probably was overkill. People don't usually work well with things they don't understand. You can be that your average police department usually goes overboard in situations like this.

The claim could be made that the police made the most limited seizure practical, but I don't believe that's provides a defense against a clear Fourth Amendment claim (IANAL). The Fourth Amendment sends a clear message. Unfettered search and seizure is at odds with a citizen's ability to participate in a democracy because of the potential it creates for abuse. Any pretense of a crime can be used as a gateway to retribution. Especially considering that computers actually have made it easier to search and seize.

In the past, thousands of papers would have to meticulously found, catalogued, and archived. Now, digital copies can be made trivially, evidence integrity can be certified by third party signature, and search can be heavily automated. The sad fact is that the police are willfully ignoring the fact that they don't have to seize the entire computer so that they don't have to work as hard (not that they're lazy, but their resources ARE limited). Make no mistake, a single man can now seize libraries worth of data in minutes and search it just as quickly.

What nobody realizes about the Bill of Rights is that it was made to safeguard the ability of the people to revolt again if necessary. The government and courts has slowly disarmed the people, nibbled away at their speech protections, removed their autonomy, and generally preserve democracy by ensuring the government is subject to the will of the people--by force if necessary. This is always done in the spirit of "making people accountable", "keeping the peace", or "protecting people from criminals". The humbling reality is that every one of the founders of our government would have been dead if they were accountable to the government in their time. The peace would have been kept, it's true, but in a world where the people are made criminals for enjoying their freedom, what does it matter?

Re:Can't you plead the 5th?

[vertinox]

Encryption wouldn't do much good when a judge will just order you to reveal the password(s) under pain of a contempt charge and jail until you concede, regardless of claims of bad memory, etc.

Can't you plead the 5th when asked to give passwords? I've always wondered about that... Can you be forced to give information to the authorities? From my understanding you cannot be forced to testify against yourself.

Or maybe the "right to remain silent" doesn't always apply to certain situations?

Can anyone shed light on this?