The journalism world has been rightly outraged by the Justice Department dragging the Associated Press (and now a Fox News reporter) into one of its sprawling leak investigations. As we wrote last week, by obtaining the call records of twenty AP phone lines, "the Justice Department has struck a terrible blow against the freedom of the press and the ability of reporters to investigate and report the news."
But there are several other important lessons that this scandal can teach us besides how important free and uninhibited newsgathering is to the public's right to know.
1. Weak Privacy Laws That Doomed AP Affect Everyone
The AP detailed in its letter to the Justice Department how its privacy was grossly invaded even though the government accessed only the call records of its reporters and not the content of their conversations. We completely agree. Unfortunately, this isn't just a problem in the AP investigation. Law enforcement agencies routinely demand and receive this information about ordinary Americans over long periods of time without any court involvement whatsoever, much less a full warrant.
For example, according to information released by the phone companies to Rep. Ed Markey, Sprint alone received a staggering 500,000 subpoenas for call records data last year.
The DOJ's decision to dive into these call records shows the growing need to update our privacy laws to eliminate the outmoded Third Party Doctrine--which holds that anything you give to a service provider, or that a service provider collects as part of providing you a service--can retain no reasonable expectation of privacy. In an era where email is stored by our providers, cellphone companies keep records that track our location and cloud services hold our documents, it's long past time to bring our interpretation of the Fourth Amendment and statutory electronic privacy laws in compliance with the 21st Century.
In response to the AP scandal, a bipartisan coalition in Congress just introduced a bill to partially fix this problem called The Telephone Records Protection Act. The bill would require the Justice Department to get a judge's approval before seeking these records. At EFF, we think the government should have to go even further than a court order: a judicial warrant showing the kind of probable cause required by the Fourth Amendment should be the standard. But this bill is certainly an improvement over administrative subpoenas, which don't need a sign-off from a judge at all and allow the Executive branch to seek information without any external check.
2. Phone Companies May Give Up Your Information Without Telling You
As the New York Times reported, the AP is still examining if and when any telephone companies tried to push back on the overbroad requests for its call records. "But at least two of the journalists' personal cellphone records were provided to the government by Verizon Wireless without any attempt to obtain permission to tell them so the reporters could ask a court to quash the subpoena," the Times said. And it also seems clear that the AP itself wasn't given notice before their phone company turned over the records.
In EFF's 2013 "Who Has Your Back" report, which tracks several ways in which communications companies can help protect user privacy, we give a star for promising to notify users about government demands for data whenever whenever the company is not legally prevented from doing so. Notably, Verizon does not have such a notification policy and did not receive a star. In fact, Verizon was the only company to receive zero stars.
This isn't a small problem or just a problem for journalists. Verizon received 260,000 similar subpoenas for call records last year. The government requests this information with regularity, and given the phone companies control the data, communications company policies are all that stand between you and governmental overreach.
Users should demand that their communications companies notify them when the government comes seeking information, unless they are legally barred by a court order.
3. Government often Overstates National Security Claims, Overclassifies Information
We've written many times about the many ways "national security" has been invoked--and exaggerated--in order to cover up government embarrassment or wrongdoing, or to assert powers that would normally not be granted under the Constitution. The government routinely overclassifies information that should never be secret, according to reports commissioned by the White House itself.
The most glaring example for EFF is our lawsuit over the NSA warrantless wiretapping program, where the government won't admit or deny that the program even exists, citing the danger to national security, despite thousands of pages of public evidence. The government has argued the same thing in cases about torture and the CIA drone program where, many times, the same information that they claim is secret is on the front pages of the nation's newspapers.
In the AP's case, while Attorney General Holder says this leak put "lives at risk," John Brennan said the opposite around the time of the story ("Brennan said the plot was never a threat to the U.S. public or air safety," reported Reuters). The AP also held its story for six days until the CIA told them it was safe to publish and the White House had a news conference planned the day after the story to announce the successful counterterrorism operation.
As the late Supreme Court Justice Huge Black once said, "The word 'security' is a broad, vague generality whose contours should not be invoked to abrogate the fundamental law embodied in the First Amendment."
4. There's Not Much Recourse For Prosecutorial Misconduct
In this case, just like the case of Aaron Swartz, there has been widespread criticism that the Justice Department has abused its authority and aggressively pursued parties in an unprofessional manner. As we detailed last week, it seems the Justice Department didn't follow its own guidelines when issuing subpoenas about[?] the reporters, or at least went to the very edge of its own guidelines.
Just like in the Swartz case, the specific prosecutor has a history of over-aggressive prosecutions (even being accused of overzealous prosecution by Eric Holder himself when he was in private practice). Yet when Congress asked Holder at a hearing about the allegations, just like in the Swartz case, he did not admit to any wrongdoing, and was able to deflect questions about his department's handling of the case. Unfortunately, there is not much recourse for meaningful remedy for the public in these situations, and this case is just the latest example.
5. Journalists Need to be Pro-Active in Protecting Their Digital Security
In an age where warrantless surveillance is skyrocketing and governments potentially have access to an astonishing amount of information, journalists must learn to proactively protect both themselves and their sources.
The Committee to Protect Journalists Journalist Security Guide is an excellent place to start. It addresses concerns faced by journalists working inside the United States and internationally.
Wired published an op-ed last week about the care one needs to take from the source's end if one wishes to send information to the press undetected. Much of the advice is applicable to reporters talking to sources as well. Additionally, the New Yorker has just released a promising--but un-tested--anonymous leak submission system, coded by Aaron Swartz before he tragically died in January. In certain circumstances physical mail remains the safest option.
Overall, the final lesson is that journalists, and sources, need to take security seriously. Trusting that the government won't come after you because you're engaged in journalism, serving the public interest, or helping reveal wrongdoing is plainly not sufficient.