Greenwald, who won a Pulitzer Prize for reporting on leaked documents from former National Security Agency contractor Edward Snowden in 2014, says the charges are baseless. “Even in democracies —let alone in the authoritarian world — there’s a real struggle to make the law fit criminalizing leaks of this sort,” he said.
Greenwald, who lives in Rio de Janeiro, is facing charges stemming from his reporting on leaked cellphone messages that raised doubts about a corruption investigation that aided the rise of Brazil's far-right President Jair Bolsonaro. Greenwald is accused of being part of a "criminal organization" that allegedly hacked into public officials' cellphones last year to copy messages that were published on his news site, the Intercept Brazil, as my colleagues Miriam Berger and Paul Farhi report.
Greenwald compared the Brazilian charges against him to the Trump administration’s controversial decision to prosecute WikiLeaks founder Julian Assange last year under the main U.S. anti-hacking law, the 1986 Computer Fraud and Abuse Act.
“I’ve been particularly concerned given the Bolsonaro government’s subservience to and admiration for the Trump government that they’d look to the precedent the Trump government used to indict Julian Assange,” he told me, “trying to concoct a dubious or tenuous theory that he went beyond passing information to participating in the crime itself.”
The charges come as officials in the United States and elsewhere have faced years of criticism for not updating decades-old hacking laws, which critics say are overly broad and can be used to criminalize innocuous work by anyone who deals with computer networks or large digital files including security researchers and journalists.
Brazilian prosecutors allege Greenwald crossed a line by encouraging his anonymous sources to delete their copies of stolen messages to evade detection. That explanation drew quick criticism from press freedom advocates in the United States and Brazil who said it criminalized reporters advising their sources on how to work securely. Greenwald told me he’d scrupulously followed Brazilian law and called the charges “an obvious attempt to attack a free press.”
In the Assange case, meanwhile, U.S. prosecutors say he violated the law by offering to help then-military intelligence analyst Chelsea Manning decipher a password so she could get greater access to a military database and pass more secrets to WikiLeaks. Cybersecurity experts at the time criticized the Trump administration for stretching the 34-year-old CFAA law to fit a situation its authors never could have envisioned.
Press freedom advocates were less eager than Greenwald to draw a comparison between the charges against him and Assange. Gabe Rottman, technology and press freedom director at the Reporters Committee for Freedom of the Press, said that Assange's offer to help a source crack a password could be deemed illegal under a reasonable reading of the CFAA, while Greenwald's alleged advice to sources on security does not violate ethical or legal principles. Rottman, who’s written extensively about the Assange charges, says he takes this view even though he considers the CFAA so out of pace with modern technology that it can be applied in an unconstitutional manner in many cases.
Greenwald acknowledged there may be important distinctions between his actions and Assange’s, but he described the two cases as on the same “slippery slope.” Greenwald also warned they could lead to reporters being prosecuted for common journalistic practices such as urging sources to contact them using encrypted apps or accepting document leaks through online tools that anonymize the sender.
“There’s a general aversion to defending Assange by press freedom groups because they don’t see Assange as a journalist and they do see me as one,” he said. “But there’s no question the [Assange] indictment encourages governments to criminalize a person in the role of a journalist.”
Greenwald added in a statement that he hasn’t been detained and plans to keep publishing.
Though Greenwald has ruffled some feathers in Washington with his reporting on leaked information, he is getting strong support from many lawmakers.
Rep. Ro Khanna (D-Calif.) said the charges will have a “chilling effect” on journalism and said he’s crafting legislation to protect journalists from prosecution.
Rep. Don Beyer (D-Va.) called the charges “a step backwards that hurts Brazil.”
“No journalist should face prosecution for reporting critical facts about the government or politicians,” Sen. Ron Wyden (D-Ore.) said in an emailed statement reported by the Intercept.
Advocacy groups also came to Greenwald’s defense.
The American Civil Liberties Union called the charges an “outrageous assault on the freedom of the press.”
The Electronic Frontier Foundation called them “a threat to democracy” that “discourages journalists from using technology to best serve the public.”
Even some former intelligence community officials jumped in. Here’s former NSA attorney Susan Hennessey, a senior fellow at the Brookings Institution who runs the Lawfare blog:
PINGED, PATCHED, PWNED
House impeachment managers and President Trump’s defenders agreed early this morning on ground rules for his historic Senate impeachment trial. That trial’s sure to delve into conspiracy theories the president embraced that cast doubt on Russia’s hacking and disinformation campaign against the 2016 election and hacking threats facing 2020. Here’s other big cybersecurity news to start your day.
PINGED: The crown prince of Saudi Arabia, Mohammed bin Salman, may have personally helped to hack the phone of Amazon CEO Jeff Bezos in 2018, a United Nations report to be released Wednesday will find, my colleagues Marc Fisher and Steven Zeitchik report.
The report details a forensic investigation that found Bezos’s cellphone was hacked in 2018 after he got a WhatsApp message containing a malicious file that came from an account purportedly belonging to MBS, as the crown prince is known. The Guardian was first to report the findings, which appear to confirm suspicions raised by Bezos’s private investigators that Saudis were involved in leaking intimate text messages between Bezos and his girlfriend to American Media Inc., which owns the National Enquirer tabloid, in early 2019.
The hack occurred just five months before the killing of Washington Post contributing columnist Jamal Khashoggi, a veteran Saudi journalist who was highly critical of the royal court.
“Bezos, who owns The Washington Post, has alleged through his security consultant, Gavin de Becker, that the Saudi government had ‘access to Bezos’s phone, and gained private information,’" my colleagues reported. De Becker wrote in the Daily Beast that the Saudis were “intent on harming Jeff Bezos since . . . the Post began its relentless coverage” of Khashoggi's murder.
The revelation could put pressure on the White House, which has maintained friendly ties with the Saudi royal family despite concerns about its human rights record. Bezos's spokesman Jay Carney declined to comment.
PATCHED: Hillary Clinton had some potent advice for this year’s candidates in a Hollywood Reporter interview yesterday: “If your emails haven’t been stolen yet, they will be.”
Clinton’s campaign was upended in 2016 after Russian hackers stole troves of emails from her chairman, John Podesta, and dribbled them out to cause as much damage as possible.
“You’ve got to deal with the theft of your personal information, particularly your emails,” she said in the interview connected with an upcoming documentary about her campaign. “Then you've got to worry about the propaganda, the fake news, the made-up stories. Now you have the additional worry of the deepfakes, and people putting words in your mouth.”
Clinton also warned that Russia is already trying to manipulate the 2020 contest, referring to a suspected Russian hack into computers at Ukrainian gas company Burisma that may have been aimed at digging up dirt on former vice president Joseph Biden, a 2020 candidate, and his son Hunter.
Clinton said she has given the warning about emails personally to most of the 2020 Democratic contenders, including Sens. Amy Klobuchar (Minn.) and Elizabeth Warren (Mass.)
PWNED: Apple reversed plans to allow iPhone users to encrypt backups of their data on iCloud two years ago after the FBI complained that it would hamper investigations, people familiar with the matter tell Joseph Menn at Reuters. The decision demonstrates Apple’s willingness to help U.S. law enforcement despite its public refusal to build police backdoors into its encryption system.
The people he talked to offered varying reasons for why Apple dropped the plan.
“They decided they weren’t going to poke the bear anymore,” one person said, referring to Apple’s court battle with the FBI in 2016 over access to an iPhone used by one of the suspects in a mass shooting in San Bernardino, Calif. Another said Apple’s legal team killed the plan, though the FBI’s criticism was never explicitly cited as the cause.
Apple most recently gave the FBI the iCloud backups of two phones belonging to a gunman behind a shooting at a Florida military base last month but refused to help the bureau hack into messages on the phones themselves.
An Apple spokesman declined to comment. The FBI did not respond to Reuters’s requests for comment.
— The software industry group BSA launched a “Global Data Alliance” today to lobby governments around the world to promote policies that safeguard companies’ ability to transfer data across borders without legal constraints.
Founding members include Microsoft, American Express, AT&T, Cisco, Mastercard, Panasonic, United Airlines, Verizon and Visa.
— More cybersecurity news from the public sector:
— Cybersecurity news from the private sector:
THE NEW WILD WEST
— Cybersecurity news from abroad:
- The Senate Commerce Committee will host a hearing on “The 5G Workforce and Obstacles to Broadband Deployment” at 10 a.m.
— Coming up:
- New America’s Open Technology Institute will host an event titled “Privacy’s Best Friend: How Encryption Protects Consumers, Companies, and Governments Worldwide” on Feb. 4 at 12 p.m.
- RSA Conference 2020 is scheduled for Feb. 24-28 in San Francisco.