In Britain, Rupert Murdoch’s empire has paid $1.5 million to silence three public figures whose telephones were illegally tapped. In addition, private investigators hired by Murdoch’s newspapers “[unlawfully accessed] confidential personal data, including tax records, social security files, bank statements and itemised phone bills.”
In California, Michael Arrington published confidential documents stolen from Twitter. The worst-case scenario under state law appears to be be one year in jail with a $10,000 fine. For the thief, not TechCrunch.
If ever there was an example of law not keeping up with the times, this may be it.
If tapping our phones is illegal (and it is if done without a warrant), then hacking into our computers — in any form — should be equally illegal. For example, intercepting email is considered felony wiretapping; a former AMX VP was sentenced to three years probation last month “after pleading guilty to felony wiretapping for intercepting emails.”
However, rather than truly protecting the integrity of our computers (and the property contained within), Congress has been far more focused on fighting cyberporn. Over and over, even after the courts tossed out their efforts with nary a blink, Congress sought to restrict cyberporn under the guise of protecting children. Then there’s the DMCA.
The Department of Justice has a Computer Hacking and Intellectual Property (CHIP) Program. Its most recent “news” is from June 2006. Sounds effective, eh?
The 1984 Computer Fraud and Abuse Act protects government computers and those owned by financial institutions. Even in 1984, this was insufficient scope. In 2009, the scope is laughable for two reasons. First, computers are ubiquitous, not monopolized by government and financial institutions. Second, more and more information is stored in the cloud, on networked servers not owned by the person who owns the data.
If you have jewelry in a bank’s safety deposit box, it’s still your property. And its theft isn’t any less illegal than if the jewelry had been in your own home. Both cases are criminal theft.
This is a central issue in the Twitter case: the computers in question that were hacked were not owned by the people damaged by the theft. They were owned and managed by Google. [Note: Google did nothing wrong.] This theft should not be treated any differently than if the hacker had picked a physical lock and removed paper documents from Twitter’s filing cabinets, then scanned them before offering to the highest bidder.
Leaks v Theft
At least one “journalist” compared the Twitter document theft with corporate leaks from employees that are subsequently published by the press, usually anonymously. Not the same. So unalike that I should not have to write this paragraph.
Others may think of the Twitter case as a form of corporate espionage. Those cases where employees abscond with documents are sometimes civil suits, not criminal, although I believe 99% of us would call their actions “theft.”
But last week, a former Boeing engineer was the first person convicted of economic espionage, 13 years after the federal law passed, for stealing thousands of pages of documents. You probably won’t be surprised to learn that the documents were defense-related. However, the Economic Espionage Act has a section on trade secrets that might apply here (bear with the tortured English that follows):
§ 1832. Theft of Trade Secrets
a) Whoever, with intent to convert a trade secret, that is related to or included in a product that is produced for or placed in interstate or foreign commerce, to the economic benefit of anyone other than the owner thereof, and intending or knowing that the offense will, injure any owner of that trade secret, knowingly–
- 1. steals, or without authorization appropriates, takes, carries away, or conceals, or by fraud, artifice, or deception obtains such information;
- 2. without authorization copies, duplicates, sketches, draws, photographs, downloads, uploads, alters, destroys, photocopies, replicates, transmits, delivers, sends, mails, communicates, or conveys such information;
- 3. receives, buys, or possesses such information, knowing the same to have been stolen or appropriated, obtained, or converted without authorization;
- 4. attempts to commit any offense described in paragraphs (1) through (3); or
- 5. conspires with one or more other persons to commit any offense described in paragraphs (1) through (3), and one or more of such persons do any act to effect the object of the conspiracy,
shall, except as provided in subsection (b), be fined under this title or imprisoned not more than 10 years, or both.
b) Any organization that commits any offense described in subsection (a) shall be fined not more than $5,000,000.
Is Twitter a “product”? Are financial and marketing and strategic planning documents “trade secrets”?
Journalistic Privilege
Some analysts believe that journalistic “privilege” might keep Arrington off the legal hook, even though he knew the docs had been stolen.
I don’t see the case for journalistic privilege.
Twitter’s financial and marketing documents do not fall under a “public right to know” or “public interest.” Arrington hasn’t asserted that there is malfeasance or wrong-doing. Instead, there is only curiosity and money-to-be-had from page views. To that end, section 1832(a)(3) seems spot on for Arrington’s actions, doesn’t it, assuming any of these documents would be considered “trade secrets”?
And shame on the Washington Post, which is still syndicating TechCrunch.
Disclaimer: IANAL (I am not a lawyer)