This post was originally published over on EFF’s Deeplinks blog, and is cross-posted here.
As the extradition hearing for Wikileaks Editor-in-Chief Julian Assange unfolds, it is increasingly clear that the prosecution of Assange fits into a pattern of governments selectively enforcing laws in order to punish those who provoke their ire. As we see in Assange’s case and in many others before this, computer crime laws are especially ripe for this form of politicization.
The key evidence in the U.S. government’s cybercrime conspiracy allegations against Assange is a brief conversation between Julian Assange and Chelsea Manning in which the possibility of cracking a password is discussed, Manning allegedly shares a snippet of that password with Assange, and Assange apparently attempts, but fails, to crack it. While breaking into computers and cracking passwords in many contexts is illegal under the Computer Fraud and Abuse Act, few prosecutors would ever bother to bring a case for such an inconsequential activity as a failed attempt to reverse a hash. But the government has doggedly pursued charges against Assange for 10 years, perhaps because they fear that prosecuting Assange for publishing leaked documents is protected by the First Amendment and is a case they are likely to lose.
With this allegation, the government is attempting to dodge around the First Amendment protections by painting Assange as a malicious hacker and charge him for conspiracy to violate computer crime law. This is a pattern we’ve seen before.
Cybercrime laws are a powerful tool used by authoritarian governments to silence dissent, including going after journalists who challenge government authority. The Committee to Protect Journalists has documented how a computer crime law in Nigeria was used to harass and press charges against five bloggers who criticized politicians and businessmen. Human Rights Watch has described how the Saudi Arabian government used vague language in an anti-cybercrime law to prosecute Saudi citizens who used social media to speak out against government abuses. And in Ecuador, Amnesty International has joined EFF in raising awareness about the case of Ola Bini, a Swedish open source software developer who garnered government ire and is now facing a politically-motivated prosecution for supposed computer crime violations.
This is in alignment with EFF’s 2016 whitepaper examining the prosecution history of Arab countries such as Jordan, Saudi Arabia, and Tunisia. We found these governments selectively enforced anti-terrorism and cybercrime laws in order to punish human rights attorneys, writers, activists, and journalists. The pattern we identified was that authorities would first target an activist or journalist they wanted to silence, and then find a law to use against them. As we wrote, “The system results in a rule by law rather than rule of law: the goal is to arrest, try, and punish the individual—the law is merely a tool used to reach an already predetermined conviction.”
Cybercrime laws can turn innocent exploration, and journalistic inquiry into sinister-sounding (and disproportionately punished) felonies, just because they take place in a digital environment that lawmakers and prosecutors do not understand. The Intercept’s Micah Lee described the computer crime charges against Assange as “incredibly flimsy.” The conspiracy charge is rooted in a chat conversation in which Manning and Assange discussed the possibility of cracking a password. Forensic evidence and expert testimony make it clear that not only did Assange not crack this password, but that Manning only ever provided Assange with a piece of a password hash – from which it would have been impossible to derive the original password.
Furthermore, recent testimony by Patrick Eller, a digital forensics examiner, raises questions about whether the alleged password cracking attempt had anything to do with leaking documents at all, especially since the conversation took place after Manning had already leaked the majority of the files she sent to Wikileaks.
Testimony from the Chelsea Manning court martial make it clear that lots of soldiers in Manning’s unit were routinely using their government computers to download music, play games, download chat software, and install other software programs they found useful, all of which was not permitted on these machines. This included logging into computers under an administrator account and then installing what they wanted, and sometimes deleting the administrator account, so that the military sysadmin had to wipe and reimage computers again and again. Eller even noted that one of Manning’s direct supervisors even asked Manning to download and install software on her computer. Indeed, the activity Assange is accused of was not even important enough to be included in the formal CFAA charges leveled against Manning.
Prosecutors don’t go after every CFAA violation, nor do they have the resources to do so. They can choose to pursue specific CFAA cases that draw their attention. And Assange, having published a wealth of documents that embarrassed the United States government and showed widespread misconduct, has been their target for years.
Assange is charged with 18 violations of the law. The majority of these counts relate to obtaining classified government information and disclosing that information to the world. As we’ve written before, the First Amendment strongly protects the rights of journalists, including Assange, to publish truthful information of clear public interest that they merely receive from whistleblowers, even when the documents are illegally obtained. This has been upheld in the Supreme Court cases New York Times Co. v. United States (finding the government could not enjoin the New York Times from publishing Vietnam war documents from whistleblower Daniel Ellsberg) and Bartnicki v. Vopper (in which a radio journalist was not liable for publishing recordings of union conversations plotting potential violence). Indeed, Wikileaks had every right to publish the leaked documents they received, and to work directly with a source in the process just as any journalist could.
The lone conspiracy to commit a computer crime allegation has become a major focus of attention in this case, and in fact a computer crime was the only charge against Assange when he was first arrested. The charge is drawing that attention because it’s the only charge that isn’t directly about receiving and publishing leaks. But as the court assesses these charges against Assange, we urge them to see this case within the context of a repeated, known pattern of governments enforcing computer crime law selectively and purposely in order to punish dissenting voices, including journalists. Journalism is not a crime, and journalism practiced with a computer is not a cyber-crime, no matter how U.S. prosecutors might wish it were.