Did A Former National Parks Employee Violate The CFAA By Tweeting About Climate Change?
from the the-tweets-heard-round-the-world dept
As you may have heard, over the past few days, there’s been a lot of talk about various US government Twitter feeds “going rogue” in what many believe is an attempt at a bit of civil disobedience following gag orders being sent from the White House to various federal departments and agencies, with a particular ban on social media. Soon after that came out, the Twitter feed of the famed Badlands National Park in South Dakota, started tweeting about climate change:
Those tweets have since been deleted, but they certainly caused quite a stir, and there’s even what claims to be a private rogue National Parks Service twitter feed that won’t be silenced at @AltNatPartSer. That’s apparently inspired other government employees to set up similar “rogue” Twitter accounts. As I write this, there are about two dozen such accounts on this list, with some personal favorites being the @Alt_FDA, the @RogueNASA and @AltFedCyberz. Now, it’s important to state that there’s no direct proof that these are actually run by federal employees, but the whole thing is fascinating to watch.
But, that alone doesn’t necessarily make it worthy of a Techdirt post (yes, there’s a possible Streisand Effect angle on all of this, but it remains to be seen how strong that really is). What caught my eye, however, was how the National Park Service eventually explained those original Badlands tweets, telling BuzzFeed that they were done by an ex-employee who had retained his password, but wasn’t authorized to tweet from the account:
National Parks says the @BadlandsNPS climate tweets were deleted because a former employee "compromised" the accounthttps://t.co/4YF1sMJaYa pic.twitter.com/F3fl5f6gnP
— BuzzFeed News (@BuzzFeedNews) January 25, 2017
Now, the exact wording of that statement also made my ears perk up, because “not currently authorized to use the park’s account” could have pretty serious legal consequences. As reporter Matt Pearce unfortunately, but correctly, points out, this could be interpreted, by some, to be a violation fo the CFAA.
Oy. Under CFAA, that could be interpreted as criminal hacking, yes? https://t.co/XwJa9B7MDP
— Matt Pearce (@mattdpearce) January 25, 2017
You remember the CFAA, of course. That’s the “anti-hacking” Computer Fraud and Abuse Act, that has an unfortunately long history of being twisted and questionably interpreted to mean that just about anything people don’t like that you do on a computer is potentially a violation. In particular, many cases have focused specifically on what constitutes “without authorization” or “exceeds authorized access” under the law. The fact that the NPS directly claims that this person was “not currently authorized” certainly could be seen to trip the “without authorization” or “exceeds authorized access” lines.
Of course, the CFAA has different sections — and most of the cases we talk about tend to focus on 1030(a)(4) which covers accessing information whose value is over $5,000. It’s difficult to see how one could twist the Badlands tweets as being about accessing information valued at more than $5,000, but there is also 1030(a)(3), which one would hope also would not apply… but where you could see an overzealous DOJ try to make it stick. That’s the section that says it’s a violation of the CFAA to access a computer that “is used by or for the Government of the United States and such conduct affects that use by or for the Government of the United States.”
Now, it’s pretty clear that the intent here is to go after someone who hacks into a system and somehow interferes with the government making use of that computer (and, remember, the entire reason we have a CFAA is because some clueless politicians — including Ronald Reagan — freaked out about the very, very fictional movie War Games). But, given how the DOJ has stretched the interpretation of the CFAA in the past, would it be possible for them to try to claim that by making unauthorized access to a Twitter account, and tweeting those tweets, it was using a computer that “is used by the Government” and the “conduct affects that use by or for the Government of the United States” and that the access was “without authorization”? It… seems unfortunately possible.
So far, the administration doesn’t seem too concerned about this… but just the fact that this is even possible is yet another reminder of just how ridiculous the CFAA is, and how it is in desperate need of serious reform.
Filed Under: cfaa, climate change, donald trump, former employee, national park service, tweets, unauthorized access
Comments on “Did A Former National Parks Employee Violate The CFAA By Tweeting About Climate Change?”
WarGames is not very, very fictional
Almost everything in that movie is based on an actual event. It’s just not that all the events were the same person.
Saying that WarGames is very, very fictional is a gross overstatement that obscures the fact that hacks similar to all of those shown in the movie had, in fact, already happened to a similar level (although nukes didn’t almost get launched, someone did hack into a server that helped control nukes).
Re: WarGames is not very, very fictional
I think that step between getting into the server and almost launching the nukes, is a very wide, abyssal one, and that’s what makes Wargames particularly fictional.
very, very maybe hyperbole, but very, very is very, very seldom not hyperbole.
Re: WarGames is not very, very fictional
True stories, but heavily fictionalised. But, I’d argue that the things people need to learn from WarGames are not the ones that they seem to be getting.
While you should remain cautious of course, the lesson shouldn’t be that there’s a teenager ready to hack into you at a moment’s notice. The lesson should be that in that story a teenager inadvertently accessed a backdoor that was left accessible from public phone lines. Therefore, it’s a bad idea to have such accessibility, and even worse to be able to actually launch weapons from something the hacker will believe is simply a game with no real life consequences.
Instead, we seem to have people willing to leave wide open backdoors in case they need one, but strip rights away from everyone else in case they happen to access them.
it was using a computer that "is used by the Government"
Unless he still has his government issued computer, then all he did was access a (somewhat) random Twitter server. I actually want to see the government argue that every server accessed by the government falls under this statute. That would pretty clearly lead to about 80% of the internet by volume falling under this rule.
Fired
That statement could also be true if the former employee had been fired between that last tweet going out and the offending tweets going out.
Sooner or later, the Trump administration is going to decide...
…that someone it dislikes used a computer, and that’s grounds enough to imprison them for a long time via the CFAA.
Rarely-enforced oft-committed crimes are merely tools for current administrations to rid themselves of enemies with a sense of legitimacy.
The appropriate response to this “hack”:
“Hey, knock that off.”
Re: Re:
…followed by “hey, maybe we should change the passwords for our public facing communications when we fire the person who’s using them”. Sadly, I know how rare it is for that to happen efficiently in the private sector, let alone public.
Trump's straw-man reality is burning!
Some deep thinkers want to encourage other people to think more deeply. However, there are also deep thinkers who prefer other people to think less deeply, the better to manipulate and take advantage of those people.
The worst (and most dangerous) case is people who are shallow thinkers, but who think they are deep thinkers, and #PresidentTweety is one of those people. Trump is not at war with the media. He is at war with reality. Trump wants to create belief in a straw-man fake reality of horror and collapse so he can then claim improvements by tweaking the fake beliefs back towards reality.
At least Duterte killed (alleged) evildoers and Mussolini made the trains run on time! That’s not the reality of America. (Well, actually the American trains aren’t so reliable, but Trump’s supporters in flyover country are the least likely to use trains.)
My favorite sig should make it obvious, but I’m on the side of more deep thinking. You have to think deeply to understand your free choices in a meaningful way and to understand the constraints and their sources. (That’s why “freedom of speech” is so confusing to many people, because the “speech” may be opinions or lies just as freely as it may be true.)
So far my best effort at a constructive “solution” is the design of the deep-thinking cap, but it’s yet another “morally neutral” tool. While I think I would use the cap to support more deep thinking, maybe I would just use it to sleep a lot. Some people might use it to listen to more loud and mindless music while ignoring other people, even though the cap could be used as a better communication device, too.
—
#1 Freedom = (Meaningful – Coerced) Choice{5} ≠ (Beer^4 | Speech | Trade)
Re: Trump's straw-man reality is burning!
o_o
Some stuff at the beginning there sounded right but by the end I had no idea what you are on about.
There’s deep thinking, and then there’s deep up your own ass thinking…
Re: Trump's straw-man reality is burning!
Not worth responding to ACs, but real questions from real people will normally receive responses.
Extending the typology, there are also super-shallow people who, having nothing to say, insist upon saying nothing. Usually ACs, but TechDirt doesn’t seem to have any convenient way to render the ACs invisible.
Re: Re: Trump's straw-man reality is burning!
“real questions from real people will normally receive responses.
“
Thank god for that.
“TechDirt doesn’t seem to have any convenient way to render the ACs invisible”
What else could we do to make your visit here more comforting? Sounds sorta like Trump complaining about the media not treating him fairly, he just might be able to have them “disappeared”.
Re: Re: Re: Trump's straw-man reality is burning!
Thanks for putting it in exactly same way I would have addressed those comments without me having to take the time and thought you saved me. Thank you also Techdirt for respecting my privacy.
Re: Re: Trump's straw-man reality is burning!
Obviously I can rest my case on the AC responses, but…
Don’t you sometimes wonder why the trolls? Not a lot of wonder. Not worth it.
Streisand Effect? Oh, Please!
I can’t believe that nobody here sees this for what it is. He’s routing out the moles.
Each of those posts will be traced back to an employee, and that employee will be FIRED FOR CAUSE.
It’s a strategy designed to catch idiots – and it’s extremely effective at doing so.
For me, the shoe fits...
I know that when the CFAA was written social media had never been considered. That being said, (And without using any car analogies.) the average person would see what happened as either the NPS rebelling against an elected President or an employee disobeying his/her employer. Both get you fired, one might be a crime in it’s own right. Add in the former employee factor and that is a bigger problem, jail time becomes a real possibility even in the corp world.
deep thinking cap
does it run on lemon juice?
but how will you defeat the thought activated automated face smackers? *surely someone in the trump admin’s working on those. probably 42 people.
Ah the CFAA that brings a tear to my eye.
I remember how the Prenda gang abused that statue when the Judges caught onto their trolling efforts and Steele & Hansmeier used the CFAA to sue BitTorrent down loaders by saying the down loaders hacked into Guava servers and thus Prenda could get the subscriber info from the ISP’s to get the extorion -er-settlement letters out to the victims
Authoritarians hate it when others have any freedom, because as everyone knows you have to follow their rules or suffer their wrath.
Re: Re:
Not much new here. Obama had the departments towing the party line and now Trump. It would be nice to think that some of these departments weren’t political but they all are these days.
Re: Re: Re:
” It would be nice to think that some of these departments weren’t political but they all are these days.”
Always have been – no?
Government organizations tent to be political, not really news is it? That is not a valid reason to eliminate the dept.
Re: Re: Re: Re:
Not true. Govt. departments need to be non-partisan in order to get stuff done; the administration of policy and legal obligations needs to continue even when the reps, etc., are on holiday or have been voted out.
Those departments that have been politicized have been made that way the better to implement partisan policy. This is deliberate as the people who work for them — administrators like myself — can’t be fired and replaced very easily, while the directors can. This means that, even in a Congress ruled by t’other side, the policies of the party favoured by the department will continue no matter what. For this reason, it ought to be illegal to politicize a department, the better to ensure government by the people for the people rather than government by the party for the party.
For the record I don’t care which side does this, it’s profoundly undemocratic and only tends to entrench the status quo, hence Trump. People get fed up of the party games after a while and demand change at any cost. I think we’re at the “counting the cost” stage now. It’ll get worse before it gets better but when the Great Overhaul finally happens, it needs to include the de-politicization of government departments.
I wonder, this is clearly an act of civil disobedience. Protest if you will. How would this fit into the CFAA? Could the administration twist already bad laws like the espionage act and prosecute the person even more aggressively than previous whistleblowers (even if it isn’t really blowing the whistle)?
I hope TD keeps an eye on the developments of this case.
Re: Re:
This actually happened; https://www.techdirt.com/articles/20160923/16132835608/congressional-rep-mike-honda-sues-challenger-ro-khanna-cfaa-violation-over-access-to-his-donor-list.shtml
https://www.techdirt.com/articles/20160423/16370634255/rhode-island-attorney-general-pushing-state-level-cfaa-that-will-turn-researchers-whistleblowers-into-criminals.shtml
Have a good look through these: https://www.techdirt.com/blog/?tag=cfaa&start=10
Bring a hankie, you’ll need it.
What was the “crime” here?
Some one did something that upset someone else who happens to be in a position of power and influence ….
So they have someone else look into what laws could be used to go after those horrible horrible mouthy people for what they did. Sounds a bit juvenile doesn’t it?
If whoever did it wipes their hard disk with KillDisk, rendering any evidence unrecoverable.
Doesn't Seem Too Ridiculous
This doesn’t seem like it’s that much of a twisted use of the CFAA. While it is not really “hacking” it seems to me that this is very clearly access without authorization. If the ex-employee story is true. However I don’t understand your second to last paragraph. Where you claim that based on prior interpretations of the CFAA by the DOJ the tweet would have been “using a computer that “is used by the Government””. What sort of interpretations have they used that would make this seem plausible? If it was an ex-employee I very much doubt they would have had physical access to a government computer. I guess they could say that Twitters servers are “technically” used by the government and there for the first condition is fulfilled. That seems very dubious to me. But who knows what sort of backwards logic the government runs on. So if you have examples of this please feel free to chime in.
Maybe not
As someone mentioned in a previous comment. If you carefully read the wording of the Tweet, the following is a POSSIBLE scenario.
The person was an employee (and authorized) when they tweeted. Then they got fired. And then the tweets were deleted. And then the Tweet which says they are an ex-employee who is not currently authorized.
Somehow, I don’t think they would have included the “currently” in the Tweet if the person had never been authorized. So the question is what is the timing.
Is it possible that the tweet about the global warming is really the meat and potatoes here and not the CFAA?
Re: Re:
Yep. The CFAA can be used to violate the hell out of the First Amendment. Awesome, isn’t it?