Journalists who are ordered by a judge to cooperate with an official investigation face a set of unenviable choices. They can become the government's eyes and ears and identify their confidential sources, or do jail time and tempt financial ruin for failing to comply. Consider these harrowing cases of reporters who found themselves on the working end of a court order.
Toni Locy was ordered to reveal her sources for articles she wrote for USA Today in 2001 about Steven Hatfill, who was (falsely) implicated as the anthrax mailer and later sued the US government. Hatfill wanted to know who had given his name to Locy. When she refused to say, a judge ordered her to pay fines totaling up to $5,000 a day for every day she didn't comply. He also prohibited Locy's employer from reimbursing her--the money had to come out of Locy's own pocket. The decision was stayed pending a decision from an appeals court, which eventually vacated the judge's order after Hatfill settled his lawsuit with the government.
In 2004, reporter Jim Taricani of WJAR-TV in Providence, Rhode Island, an NBC affiliate, received a six month house arrest sentence because he refused to say who gave him a secret FBI video recording of a local official taking a bribe. The judge said he would have sent Taricani to jail, but he showed mercy because the journalist, who had heart transplant surgery, was in poor health.
Judith Miller of the New York Times spent 85 days in jail in 2005 for refusing to identify her sources in the "Plamegate" affair. Miller didn't earn much sympathy among some colleagues for her flawed reporting on Iraq's alleged weapons of mass destruction program. But she still did hard time, which is maybe the second worst thing to bankrupting oneself.
In August 2006, Joshua Wolf, a freelance videographer, went to jail after he refused to turn over video footage of a protest in San Francisco in which a police car was burned and an officer was injured. Wolf spent 226 days in prison. He was released when he finally agreed to turn over his uncut footage.
Beginning in 2008, James Risen, a New York Times reporter and book author, began fighting a legal battle that earned him two subpoenas demanding he identify a source for a book on the CIA. Bush White House officials were so incensed by what Risen had written in that they considered trying to stop the book's production. Risen faced years of legal battles and the possibility of jail time. A judge ultimately limited the questions the government was able to ask Risen in court, and he has appealed to keep that decision in place. The case could end up in the Supreme Court.
The Justice Department's investigation into who disclosed information to the Associated Press for a 2012 story about a CIA operation in Yemen could end up exposing more confidential sources for other AP stories, according to former federal prosecutors and media law experts.
When Justice Department officials obtained the personal and business phone records of several AP journalists, they were presumably looking for connections to a limited number of government employees who disclosed information for a specific story or stories. But if in the course of their investigation officials come across new names and phone numbers of people they didn't know had been in touch with the AP, they can investigate them, as well.
"If [investigators] get the records, they get the records. They can go over them" and follow up on any news leads, said Joseph diGenova, a former US attorney for the District of Columbia.
With a valid subpoena, even if the only motivation is to get information on one confidential source, nothing precludes investigators from using the phone records they obtained for another purpose, said Baruch Weiss, a former US attorney in the Southern District of New York. "If they find something that leads them down a different criminal road, they're not limited in their use."
Government investigators could have entrée into the reporting of some of the country's top journalists, many of whom have broken news that relied on confidential sources. "Potentially, they’ve exposed the reporters' entire contact list to investigation," says Chuck Tobin, a lawyer with Holland & Knight, who has represented journalists trying to resist subpoenas. Tobin is not representing the AP in the current matter, though his firm has worked for the news organization in the past.
Gary Pruitt, the president and CEO of the AP, calls the government's search of phone logs a "massive and unprecedented intrusion by the Justice Department . . ." The government obtained two months worth of phone logs that covered 20 lines and at least four AP offices, as well as the personal phones of some journalists.
"This is the widest ranging subpoena, I believe, in history ever issued to a news organization for electronic information," diGenova says. "It is a staggering subpoena. I have no idea what the justification is for it. ... They better have a damn good reason."
Justice Department guidelines require that before officials seek a subpoena they negotiate with a news organization to try to find some arrangement by which the government can obtain the information it needs while still respecting journalists' obligation to report the news, which often requires promise of confidentiality to sources. But in the case of the AP, the government waited until months after the records were obtained to give notice, and there was no chance to mount a legal challenge. The Justice Department told the AP about the subpoena last Friday.
"It seems obvious the administration didn’t want to face a court challenge," says Tobin. "It’s hard to imagine a justification [for the subpoena] if the phone records are not going to go away because they notify the AP."
Justice Department guidelines state that negotiations should continue as long as they "would not pose a substantial threat to the investigation at issue." During a press conference today, attorney general Eric Holder said he was "confident that all the people who are involved in the investigation . . . followed all of the appropriate Justice Department regulations and did things according to DOJ rules." Holder said he had recused himself from the decision on whether to authorize the subpoena—which normally requires the attorney general's sign-off—because the FBI had interviewed him in connection with the leak probe. The decision was delegated to the deputy attorney general, Jim Cole.
In a letter to Pruitt of the AP, Cole wrote, "The subpoenas were limited to a reasonable period of time and did not seek the content of any calls," meaning the spoken words. Justice Department guidelines require that a subpoena may only be issued after investigators have exhausted all other reasonable means of determining who disclosed classified information. Officials have not offered any insights into how they arrived at their decision to obtain the AP's phone records.
The Justice Department secretly obtained the phone records of several Associated Press journalists, apparently in an investigation of who disclosed to the organization information about a classified counterterrorism operation in Yemen. According to the AP, investigators "obtained two months of telephone records of reporters and editors . . . in what the news cooperative's top executive called a 'massive and unprecedented intrusion' into how news organizations gather the news."
This is a significant threat to journalists' ability to shield the identify of their sources. But it is not surprising and was probably inevitable.
Last year, a Justice Department official said the administration was "out for scalps" in its zealous investigation of leaks and subsequent prosecutions. Identifying those who disclose classified information to journalists is easier today because the government has several means of legally accessing electronic records, such as phone logs, and more sophisticated software for analyzing who was communicating with whom.
When an agency reports a leak of classified information to investigators, they first look at the so-called BIGOT list, which contains the names of all individuals who are read in on any classified program, and how much information they're authorized to know. That helps them determine, among other things, whose phone records to examine.
It's not clear on what grounds the Justice Department was able to subpoena the AP's phone records, but investigators may already have had some notion who was on the other end of any calls to reporters or editors.
"The records obtained by the Justice Department listed incoming and outgoing calls, and the duration of each call, for the work and personal phone numbers of individual reporters, general AP office numbers in New York, Washington and Hartford, Conn., and the main number for AP reporters in the House of Representatives press gallery, according to attorneys for the AP," the organization reports.
The breadth of these records is what's most perplexing. In the past, investigators have obtained access to a specific reporter's records, but I can't think of any case where the government got so much information and from so many offices, as well as private lines. Do investigators really have reason to believe that their suspected leaker or leakers were talking to at least six journalists in at least four different AP offices? To get a media subpoena, they'd have to persuade a judge, and the attorney general, that this was so, and that the only way to know for sure who was disclosing the secrets was to seize all these journalists' records.
There's no indication from the AP report that investigators were listening in on journalists' conversations. But they wouldn't have to in order to determine that a reporter and a particular government employee have a relationship. The phone log will tell them that.
“I’ve done investigations like this, and I know that the longer I stay on phone with you, the more suspicious it looks,” Steven Tyrrell, a former Justice Department prosecutor who had been in charge of two high-profile leaks cases, told me last year. During the second term of the Bush administration, Tyrrell led the Justice Department's case that reportedly scrutinized the phone records of New York Times reporter James Risen, in an attempt to find out who gave him classified information about a CIA operation in Iran.
Risen's case has some important lessons for the AP, which has demanded that the Justice Department return the phone records and destroy all copies. According to a former intelligence official, when the Justice Department first sought a subpoena to compel Risen to identify his source to a grand jury, in 2008, investigators already had a suspect. They "already know who it is," the former official said, adding that the person was a former CIA employee.
Seeking a subpoena under these circumstances may have breached the Justice Department's own guidelines on when prosecutors can try to compel reporters to disclose their sources. The guidelines state that the government must have exhausted all other reasonable means of identifying a suspect. Prosecutors must also get the approval of the Attorney General. Media subpoenas are a tool of last resort, and they are supposed to be narrowly crafted.
The subpoena for Risen's testimony expired at the end of the Bush administration, but then, during the first term of the Obama administration, prosecutors sought to renew it. A judge resisted prosecutors' second attempt, ordering them to get Eric Holder's sign-off. According to another former official, the judge thought the government had enough information to go ahead and indict their suspect without forcing Risen to testify.
Prosecutors ultimately charged Jeffrey Sterling, a former CIA employee, with disclosing secrets.
The pattern here suggests that prosecutors are getting more aggressive not just about finding the source of leaks, but about making journalists tools of their investigations.
Almost 24 hours after the bombings in Boston, we're hearing few details about potential suspects. An intelligence official tells me that while the attack is clearly an act of terrorism, there was no hard information, as of last evening, about whether the perpetrator(s) is a foreigner or a homegrown terrorist--or perhaps someone inspired by a foreign group. The number of leads seems troublingly slim.
This is precisely the moment in these kinds of investigations when vague, loosely sourced details of a "person of interest" begin to emerge, and when readers--and especially journalists--should be on guard. Consider the textbook example offered by the 1996 Centennial Olympic Park bombing during the summer games in Atlanta, a bombing that, similar to the attacks in Boston, used a small explosive device placed low to the ground in a crowded public area.
Within a few days of the explosion, federal law enforcement officers turned their attention to a security guard, Richard Jewell, who'd initially been hailed as a hero for alerting police to a suspicious package and then helping to evacuate people from the scene after the bomb went off. Then, like now, investigators were under extraordinary pressure to frame a high-profile act of domestic terrorism around a suspect. They offered up Jewell, and in off-the-record chats with reporters and through authorized leaks of details in the investigation, spun a story about a disgruntled, fame-seeking security guard who'd decided to kill innocent people in order to make himself famous.
None of it was true.
The Atlanta-Journal Constitution was the first to report, 72 hours after the explosion, that Jewell was a focus of the investigation. In credulous language that looked like it could have been dictated to the reporters by an FBI agent, the paper said Jewell "fits the profile of the lone bomber. This profile generally includes a frustrated white man who is a former police officer, member of the military or police 'wannabe' who seeks to become a hero."
Jewell sure seemed to fit that profile; after all, the paper noted, he'd "become a celebrity in the wake of the bombing," appearing on the "Today Show" and approaching newspapers, including the Journal-Constitution, "seeking publicity" for his actions at the scene.
FBI agents bolstered this theory in part with their own interviews with Jewell's "acquaintances," which they shared with the newspaper. "FBI agents are reviewing hours of professional and amateur video tape to see if Jewell is spotted setting down the military-issue backpack that contained the bomb. Acquaintances have told agents that he owned a similar knapsack."
You can argue about which was worse: The journalists' too-eager reporting, or officials' propagation of half-baked speculation about Jewell. Neither group acquitted themselves admirably. And there were severe consequences for their rush to judgment.
After the Journal-Constitution story ran, a media frenzy ensued, and Jewell found no peace. He was surrounded by reporters at his home. Jewell wouldn't talk, but federal agents kept leaking details about what they were learning of Jewell from their now massive investigation. A vicious cycle was set in motion. Jewell was essentially tried in the press.
As it turned out, the real Olympic bark bomber was Eric Rudolph, a serial bomber and terrorist. He was arrested in 2003, when he was on the FBI's Most Wanted list for the Atlanta attack as well as the bombings of two abortion clinics and a lesbian bar.
Jewell was exonerated publicly. His story has been taught to journalism students as a cautionary tale. Jewell sued several media organizations, including the Journal-Constitution, for libel, which is extremely difficult to prove in court. Some settled. The suit with the Journal-Constitution was eventually dismissed in 1997. Jewell had died four months earlier.
The broad lesson here isn't that reporters shouldn't believe their sources. It's that they should remember the extraordinary pressure that law enforcement officers are under to make progress in a high-profile case such as this. And readers should remember that, too. This fast-paced environment is primed for mistakes and poor judgment, and it can induce otherwise upstanding people to commit deceptions. The same pattern repeated itself in the wake of the anthrax attacks, in 2002, when the government's focus on a military scientist as the culprit turned out to be wildly misplaced.
Today, press attention has turned towards a Saudi man who was reportedly injured in one of the two blasts in Boston, and whose apartment in Revere was searched last night by federal officers. Investigators are now indicating he may have been a frightened bystander, and isn't considered a suspect. But other reports are laced with vague, suggestive language that, like the Jewell reporting, seems designed to make an argument, not to report facts. That is risky business. And it reminds me of an adage in investigative journalism: The first story is rarely the right one.
I'd like to take a moment of personal privilege here and congratulate my friend Patrick Pexton, who yesterday ended his two-year tenure as ombudsman of The Washington Post. Patrick was my editor for five years at National Journal, where I was the intelligence and homeland security correspondent. He was the magazine's deputy editor and oversaw all our national security and foreign affairs coverage, mentoring and editing some of the best journalists in the field, including James Kitfield, Sydney Freedberg, Bruce Stokes, Corine Hegland and others over the years. I can honestly say that every reporter who worked for Patrick did ground-breaking work, and nearly every one of them won an award of some kind from their journalism peers.
Patrick wrote a farewell memo to the Post staff, picked up here by Jim Romenesko. It has some invaluable advice for journalists, particularly young ones.
"Strive always for quality. Make the extra phone call, double check the fact, make the sentence clearer, more precise, more artful."
Having worked for Patrick, I can testify that he practiced his own advice. And he demanded that his reporters do to the same. More and more these days we find examples of reporters not going the extra mile, of not taking the time to find what more there is to know. No one is perfect in this regard, and we all have deadline pressures. But reporters should all take note of Patrick's advice, and remember it, especially in the moments when we think we've got all the bases covered.
I was 29 when I went to work with Patrick; not exactly a rookie anymore, but still young enough to get a huge benefit from the hands-on attention that seems rarer in newsrooms today. When my mentor at the time, the editor who taught me reporting 101, learned I was taking the job at National Journal her only advice was, "Make sure Patrick is your editor."
I have no doubt there are more young journalists out there who will get the same chance I did.
Here's proof that not everything coming from China these days is bad for the U.S. news business.
At first glance, I thought this article in today's print edition of the Wall Street Journal (photo above) was another story about Chinese cyber spies. That wouldn't be surprising, since the paper has been on the receiving end of Chinese espionage and routinely covers that subject.
Look closer, though, and you'll see this article actually is a paid advertisement by China Watch, which is prepared by China Daily, a state-controlled publication that has taken out similar ads in the Washington Post, and the New York Times, both of which claim, like the Journal, that they were hacked by Chinese sources.
The advertisement in the Journal is a mostly laudatory take about Lenovo Group, which the ad says surpassed U.S.-based Hewlett-Packard last year as the world's largest manufacturer of personal computers, "the first time a Chinese company has taken the industry lead."
I've seen China Daily's stand-alone newspaper floating through my office over the past few years. It's a quite dependable publication: Dependably uncritical of Chinese authorities, and unfailingly enthusiastic about Chinese business interests in the United States. James Fallows, a seasoned China watcher, has a long-running and very amusing appreciation of the state-run enterprise on his blog.
Not that I had expected to see it, but there's no mention in the advertisement that the Obama administration believes China is the source of "an onslaught" of cyber break-ins and industrial espionage targeted at U.S. technology companies.
However, China Daily this month has run several articles refuting a report by computer security firm Mandiant that one of the most prolific Chinese hacker groups is run by the country's military. Those articles cite Chinese officials, such as a military spokesman, and other Chinese media. The Journal, and other U.S. news organizations, have covered these denials. Another recent article in China Daily claimed "that China is actually the real victim of cyber attacks," citing statistics from a Chinese computer network center that appeared in Xinhua, the official Chinese press agency.
The Post got dinged a few years ago by the Nieman Journalism Lab for not more clearly showing that the China Daily copy was paid advertisement/advertorial. Today's ad in the Journal carries a disclaimer that it "did not involve the news or editorial departments" of the newspaper.
China Daily only took up about three-fourths of the page. But the bottom quarter has an ad from Air China, promoting it's non-stop New York-to-Bejing service for business executives.
In the wake of news that the New York Times' computer networks were infiltrated by Chinese cyber spies, three more news organizations have reportedly had their networks infiltrated as part of what is being described as a broad campaign of espionage targeting American media companies.
The Wall Street Journal reports that its networks were infiltrated, "apparently to monitor its China coverage." The Journal also quotes a spokeswoman for Thomson Reuters PLC saying the Reuters news service was hacked twice last year.
Today, security journalist Brian Krebs reports that the Washington Post was hit, as well. According to a former Post information technology employee, Krebs reports:
"[A]ttackers compromised at least three servers and a multitude of desktops, installing malicious software that allowed the perpetrators to maintain access to the machines and the network.
"They seemed to have the ability to do anything they wanted on the network. 'They transmitted all domain information (usernames and passwords),' the former Post employee said on condition of anonymity. 'We spent the better half of 2012 chasing down compromised PCs and servers. [It] all pointed to being hacked by the Chinese. They had the ability to get around to different servers and hide their tracks. They seemed to have the ability to do anything they wanted on the network.'"
Security companies and government investigators responded to the breach, Krebs reports. And in a move that is sure to raise eyebrows in the Post newsroom, particularly among reporters covering national security and cyber espionage, "experts from the National Security Agency and Defense Department took one of the Post's servers for forensic analysis."
Krebs doesn't say whether the FBI was involved with the Post investigation. Presumably the bureau would have the lead in a case such as this. The Defense Department has the biggest and arguably most sophisticated computer forensics agency in the government, but the FBI has that capability, as well. It's not immediately clear why DOD agencies would take the computer equipment. But the DOD could be assisting the FBI.
There's news out of the New York Times this morning--about the New York Times. A long article details how hackers, whom the paper's bosses believe are in China, stole the passwords of Times employees, accessed the e-mail accounts of some reporters, and rooted around the Times networks for four months. The intruders appeared to be looking for the names of people who might have given information to a Times reporter working on a major expose of a top Chinese government official.
From the paper:
"The timing of the attacks coincided with the reporting for a Times investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, China's prime minister, had accumulated a fortune worth several billion dollars through business dealings.
"Security experts hired by The Times to detect and block the computer attacks gathered digital evidence that Chinese hackers, using methods that some consultants have associated with the Chinese military in the past, breached The Times's network. They broke into the e-mail accounts of its Shanghai bureau chief, David Barboza, who wrote the reports on Mr. Wen's relatives, and Jim Yardley, The Times's South Asia bureau chief in India, who previously worked as bureau chief in Beijing."
As a journalist--that is, someone who goes to considerable lengths to protect the information I collect and the identities of people I talk to--this is a chilling revelation. Deeply unsettling. And sadly, not at all surprising.
Foreign intelligence services have been targeting US corporations, members of Congress and their staff, think tanks and law firms, and defense contractors for years. In every instance, the spies are after secret, proprietary information, with an eye towards getting strategic advantage over US companies and the government. News reporters, particularly those in regular contact with foreign and US sources in governments and the private sector, would be prime targets for any credible intelligence service. I reported in 2011 that spies may have tried to impersonate a well-known Washington journalist, Bruce Stokes, in order to spy on the State Department. We journalists are low-hanging fruit.
"Security experts found evidence that the hackers stole the corporate passwords for every Times employee and used those to gain access to the personal computers of 53 employees, most of them outside The Times's newsroom."
Presumably, any reporter working in China is exercising some strong operational security. Hopefully, he's not keeping notes on a computer, not exchanging e-mails with sources, and limiting electronic communications. But it sounds like once the spies got into the network, via spear phishing, they had freedom to roam and gather information about many reporters.
"Computer security experts found no evidence that sensitive e-mails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied," said Jill Abramson, the Times's executive editor. That's somewhat surprising, considering how long the intruders were inside the network.
Note, though, Abrams says no "sensitive" e-mails were accessed. That doesn't mean other, non-sensitive emails weren't read. And the Times article doesn't say--nor could experts know--whether the spies were able to glean any insights about a reporter's sources by examining the names of people sending e-mails, which one could see just by looking at the inbox, without having to open the e-mail or copy it.
It could be that the paper's security consultant, Mandiant, was able to prevent any massive exfiltration of sensitive information. Or maybe the spies just managed to find what they were looking for and didn't need to siphon off files. The Times article gives a pretty broad description of the cat and mouse game between the spies and the security experts.
"To get rid of the hackers, The Times blocked the compromised outside computers, removed every back door into its network, changed every employee password and wrapped additional security around its systems."
It seems that reporters weren't alerted to the ongoing investigation, which makes sense if Mandiant didn't want to tip anyone off to the investigation. (These are reporters, after all.) One Times scribe I know only found out about the past months events after reading the paper this morning.
Reporters' passwords were reset, apparently to the frustration of some.
"I would like to apologize to the NYT computer support folks I snapped at after they reset my password without warning," national reporter John Schwartz wrote in a tweet.
In reply, national security reporter Charlie Savage, tweeted, "Explains a lot of bustling yet somewhat inexplicably furtive activity by the IT support staff in recent months."
"[Y]es, and a lot of yelling by writers on deadline!" wrote Schwartz.
It would seem, based on the Times account, that the intruders were only interested in reporting about the Wen family. Mandiant found "no evidence" that those stolen passwords were used to seek any other kind of information. That suggests that this intrusion was targeted and disciplined.
However, the Times called the intrusion "part of a broader computer espionage campaign against American news media companies that have reported on Chinese leaders and corporations."
"Last year, Bloomberg News was targeted by Chinese hackers, and some employees' computers were infected, according to a person with knowledge of the company's internal investigation, after Bloomberg published an article on June 29 about the wealth accumulated by relatives of Xi Jinping, China's vice president at the time. Mr. Xi became general secretary of the Communist Party in November and is expected to become president in March. Ty Trippet, a spokesman for Bloomberg, confirmed that hackers had made attempts but said that 'no computer systems or computers were compromised.'"
No customer data was stolen from the Times, security experts said.
If the Times's reporting is accurate, we should presume that the attacks on it and Bloomberg are the tip of the proverbial iceberg. I'd imagine news rooms across town and across the country today are going to search their networks for any suspicious activity. For its part, the Times became suspicious after learning of warnings from Chinese government officials that the investigation of Wen would "have consequences." On October 24, 2012, executives at the paper asked AT&T, which monitors the Times's networks, "to watch for unusual activity."
At least one security expert is sounding a skeptical note on all this, saying the Times has no basis for pointing the finger at China. Jeffrey Carr wrote on his blog:
"This article appears to be nothing more than an acknowledgment by the New York Times that they found hackers in their network (that's not really news); that China was to blame (that's Mandiant's go-to culprit), and that no customer data was lost (i.e., the Times isn't liable for a lawsuit).
"I think that Mandiant does good incident response work . . . however their China-centric view of the hacker world isn't always justified in my opinion."
Carr goes on to dissect the article and explain why he thinks other countries would have a motive to spy on the Times.
In his confirmation hearing this morning, Defense Secretary nominee Chuck Hagel was asked about cyber threats against the United States, although the question tended towards threats to physical infrastructure rather than espionage.
"Cyber, I believe represents as big a threat to this country as any one specific threat," Hagel said, promising that he'd put "high priority" on the issue if confirmed. "It's an insidious, quiet kind of a threat threat we've never quite seen before. It can paralyze a nation a second."
Hagel said that the current Congress has to pick up cyber legislation that failed to pass last year. "You must, and you know that."