It has recently been disclosed that the FBI, in conducting a sting operation some years ago, may have stepped over the line separating acceptable law enforcement procedure from entrapment. In doing so they may have jeopardized the integrity of a major news organization in their zeal to apprehend a bomb-threat suspect.
News outlets and privacy advocates reacted sharply yesterday to the revelation that the FBI in 2007 tricked a school-bombing suspect into revealing his whereabouts by getting him to click on a link to a fake Associated Press article infected with tracking software. The move is just the latest example of abuse of authority by a US government agency, and it underscores the need to rein-in such practices. The judge who issued the warrant allowing the computer tap was not made aware that the computer would become infected by the tap.
The FBI action is especially loathsome because in linking to a news site, in this case the Associated Press (AP), they run the risk of undermining one of the lynchpins of democracy- a free press which can be trusted. “We are extremely concerned and find it unacceptable that the FBI misappropriated the name of the Associated Press and published a false story attributed to the AP,” spokesman Paul Colford said in a statement. This ploy violated AP’s name and undermined AP’s credibility.”
The FBI Seattle field office created a false AP news story with headlines that served as click-bait: “Bomb threat at high school downplayed by local police department” and “Technology savvy student holds Timberline High School hostage.” By clicking on the link, the 15 year-old suspect unwittingly downloaded malware, a computer bug which enabled FBI agents to identify his IP address. Deception has long been employed by law enforcement, but this level of subterfuge raises alarms as it takes the issue to extremes. One wonders what the limits of cyberspace intrusion by authorities are considered acceptable or appropriate!
The fact that the juvenile pleaded guilty to making bomb threats does not let the FBI off the hook. As a concerned citizenry we want the FBI to investigate matters thoroughly, especially when it comes to things as serious as bomb threats. But the ends must justify the means. By planting a false story in such a way, the credibility of the press is damaged, and with it, democracy.
FBI officials said the other day they were reviewing the policy on whether an agent could impersonate a news organization. This is par for the course but should, at the very least, be mandatory. The fact that it is a practice used infrequently does not alter the fact that this is a dangerous, deceptive practice. The FBI pointed to the recent school shooting in Marysville, a Seattle suburb, as evidence for a need for vigilance and extraordinary techniques in combating crime. But it’s a lame excuse and quite a bit late.
The FBI’s Office of Operational Technology (OTD) created the malware tool which allowed the agents to obtain the suspect’s IP address. Agents have used the “network investigative technique” in other cases, including one involving another bomb suspect-this time in Colorado. What is upsetting to privacy advocates and lawyers is that, as in the aforementioned Seattle case, a judge was not informed of the intent to hack the computer. This is unacceptable.
In any such law enforcement situation sticky decisions must be made and risks weighed. The guidelines governing such dubious practices and the risk-reward relationship have been on the books for a dozen years. It seems though, as time goes on agencies-be it CIA, NSA, or FBI – become more emboldened by their excesses and freedoms are at peril. Nary a week goes by these days without some instance of authorities and spy agencies molesting constitutional guarantees or putting freedom at risk. Law enforcement is leap-frogging the judiciary in this regard and the outlook is bleak.