SAN FRANCISCO (08/09/2000) -
"I think any time you expose vulnerabilities it's a good thing."--Attorney General Janet Reno "Those who would sacrifice liberty for temporary safety deserve neither liberty nor safety."--Benjamin Franklin The U.S. Department of Justice can't seem to catch a break. First there was Ruby Ridge, then the disastrous Waco screw-up. Next came the Elian Gonzalez case, where attempts to demonstrate Janet Reno's testosterone resulted in a picture saying a thousand words about US justice. The DoJ has clearly demonstrated that it cannot handle conventional domestic issues competently. It was recently revealed that several government buildings, including the headquarters of the FBI, the CIA, the State Department, the Pentagon, and the DoJ itself, were vulnerable to unauthorized access.
That small detail does not deter the Feds from seeking to expand their reach into cyberspace. Carnivore, the FBI's Internet wiretapping program, is supposedly a special diagnostic tool developed by the FBI to intercept and monitor the Internet traffic of a specific person -- presumably someone the FBI has been authorized to investigate. It will ignore the traffic of other individuals -- or so the Bureau says. We'll just have to take the FBI's word for it, since it refuses to open the code to the industry at large for inspection. The FBI feels that such an act would make Carnivore susceptible to exploitation by Internet criminals.
But wait a minute! The FBI's own Website says that "the system is not susceptible to abuse because it requires expertise to install and operate." Let me get this straight: the FBI thinks keeping the source private protects the system from being exploited? I suggest the Bureau's people have a chat with Microsoft.
In reality, the FBI has a miserable track record in tracing Internet crime and is attempting to compensate for its lack of technical skill by abusing the First and Fourth Amendment to the US Constitution.
Nowhere is this more clearly demonstrated than in the appalling shakedown of a reporter to reveal his source in a case that the FBI is desperate to solve.
What does this case involve, you may wonder? Child pornography? Organized crime? Drug trafficking? None of the above. It's Website defacement.
That's right, the Department of Justice wants to call reporter Adam Penenberg before a federal grand jury to help establish leads in solving the defacement of the New York Times' Website. I'm not kidding.
While employed as senior editor of Forbes magazine, Penenberg wrote a remarkable story detailing the attack on the Times' Website, based on interviews with the people who claimed responsibility -- Slut Puppy and Master Pimp.
These interviews were conducted under the time-honoured journalistic pledge to protect the confidentiality of the sources. The DoJ claims that it only wants Penenberg to confirm the facts of the story. Yeah, right. "We're from the government. Trust us." I don't think so.
Penenberg was confident that Forbes would back him all the way in his refusal to appear before a grand jury. This is the kind of fight that publishers dream of, the kind of fight that is guaranteed to generate support from the media at large. He was wrong. Forbes's libel attorney, Tennyson Schad, made a deal with the DoJ to have Penenberg testify to the truthfulness of the article. Although not an attorney, even Penenberg knew the dangers of appearing before a grand jury. Anyone who followed the Whitewater proceedings knows what happened to Susan McDougal for refusing to answer questions. Penenberg seemed to feel that an attorney with a background in civil cases (libel) might not be qualified to handle criminal cases. How unreasonable of him. Next, he'll want to work for a publisher that actually cares about the First Amendment. Penenberg chose to engage his own counsel, James Rehnquist, a former DoJ attorney.
I asked Susan Brenner, a professor and associate dean at the University of Dayton School of Law, to clarify the legal aspects of grand juries in relation to this story. Her initial reaction was shock: "They're using a federal grand jury for a Web defacement? That boggles the mind." Ms. Brenner went on to explain the special features of a grand jury. She confirmed that any deal made by the prosecutor was meaningless. The grand jurors are not bound by such a deal; they can ask questions about anything outside the scope of the deal and the witness may not have counsel present during questioning. Ms. Brenner instructs her students to refer clients who receive such a subpoena to a lawyer specializing in grand juries. Know your limitations, she cautions. She felt that Penenberg made a prudent move by engaging qualified counsel.
Forbes attorney Tennyson Schad apparently felt qualified to handle the situation. He is not. While Schad may be a fine libel attorney, he has no clue about grand juries. Schad was miffed that Penenberg sought outside counsel and Forbes refused to commit to covering Penenberg's legal expenses. If I hadn't read the attorney's letters myself, I wouldn't have believed that Schad was that naive.
Penenberg resigned and let Forbes learn of his resignation in the same manner that he learned of its deal with the DoJ -- after the fact. Forbes, like everyone else, read about Penenberg's resignation in the Washington Post.
Forbes wasn't happy and attempted to paint Penenberg as an unreasonable prima donna grandstanding for the media.
"Forbes is such a cynical place that they can't believe someone would quit a six-figure job on principle. They brokered an agreement with the Department of Justice behind my back, a deal that could have eviscerated my credibility as a journalist -- and they weren't even paying my legal bills. The question shouldn't be why did I quit. It should be, after what Forbes did, how could I have possibly stayed?" Adam Penenberg's letter of resignation: http://www.b-m-e.com/features.411.forbes_penenberg_doj.html#letter About the author Carole Fennelly is a partner in Wizard's Keys Corp., a company specializing in computer security consulting. She has been a Unix system administrator for almost 20 years on various platforms, and provides security consultation to several financial institutions in the New York City area. Visit Carole's Web Security discussion in the Unix forum, hosted on ITworld.com.