Share a hyperlink, go to prison?

buster keaton behind bars with URLDon’t look now, but there’s a crime wave surging across the Webbernets. Everywhere you look people are recklessly sharing dangerous and illegal hyperlinks. Lock up your children, barricade the doors and windows, throttle your broadband connection, and pray that the FBI gets to these scofflaws in time. 

Am I being a bit too sarcastic? Maybe. But not if you ask Barrett Lancaster Brown, former self-anointed spokesperson for the Anonymous movement. Last week a federal grand jury in Dallas indicted Brown on 10 counts of aggravated identity theft, one count of “access device fraud,” and one count of trafficking in stolen “authentication features” related to Anonymous’s hack of Stratfor Global Intelligence last December.

Broken down into its essentials, the indictment says Brown had 15 or so credit card numbers and card verification values (CVVs) in his possession, which were taken from Stratfor during the Anonymous hack. It doesn’t say he broke into Stratfor’s computers and stole them. It doesn’t say he attempted to use them to purchase something. It doesn’t say he tried to sell them for a profit. It merely says he had possession of them. And that, according to federal law, is enough to put him away for 15 years or more.

But it’s the last count that’s got everyone’s attention, because the court is accusing Brown of violating the law by copying a URL from one IRC chat session and pasting it into another. That Web address was a link to a data dump consisting of 5,000+ credit card numbers for subscribers to Stratfor’s newsletters. Per the grand jury indictment,

“…by transferring and posting the hyperlink, Brown caused the data to be made available to other persons’ online without the knowledge and authorization of Stratfor Global Intelligence and the card holders.”

Brown is no great gift to humanity, as you can learn by watching the YouTube video he posted last September in which he threatens FBI agent Robert Smith (leading to his initial arrest). But the notion that you are guilty of a crime merely by linking to evidence of it is more than a bit troubling.

Taking that to its logical extreme, anyone who posts a link to information obtained through less-than-legal means could be subject to prosecution. That touches a great many journalists, including yours truly.

Personally, I try to be careful about what I link to. For example, if I write about some hacker who has posts credit card numbers or other personally identifiable information to Pastebin, I make it a point to not include links to that cache, to avoid doing further damage to his or her victims. I can’t swear I’ve done a perfect job of that, though, and I know other journos who are less scrupulous about that sort of thing. 

Most of the time the lines are pretty fuzzy. For example: The Anons posted 5 million illegally obtained Stratfor emails to WikiLeaks last March. It’s extremely likely there was personally identifiable information – possibly even credit card numbers – in some of those emails. Am I now suddenly liable for damage caused by the spilling of those emails because there’s a hyperlink to them in this post? That’s nuts.

Then there are whistleblower sites like WikiLeaks and Cryptome that routinely post actual information obtained “without the knowledge and authorization” of their owners, not just links to it. Are they headed straight for the pokey too?

Someone asked Cryptome’s John Young this question last week. His answer:

The purpose of Cryptome is to publish what officials don’t want published. Cryptome welcomes publication by you and others of Barrett Brown’s hyperlinks as well as links to Cryptome’s files and thereby encourage others to join the opposition to official chilling of free speech online and elsewhere — the very thing Stratfor did and does for profit…. Of course, why else flaunt democracy on the Internet than to heartburn the innards of authoritarians. Barrett Brown is a stellar burner of cold, cold hearts.

Last year when I wrote about the original hack attack, I described Stratfor as “the shadow spook organization that operates without government oversight at the behest of private corporations and occasionally Uncle Sam.” That was overstating it just a bit, as it turns out. Stratfor is really just a purveyor of $40 a month newsletter that analyzes how news events affect global security.

It does, however, command the attention of a lot of powerful folks in DC. Among its more notable subscribers was apparently one Paula Broadwell, national security analyst and former snugglebunny to desposed CIA jefe General David Petraeus. Her email address was allegedly one of those snagged by Anonymous.

You gotta figure there were a lot of well-connected people on that list of credit card numbers made public by Anonymous, which would explain the government’s keen interest in prosecuting the hackers over it. You don’t see nearly as much attention being paid to the dozens of other attacks perpetrated by the Anons and their offshoots.

That fact, combined with Brown’s public threats against one of the FBI’s own, are what’s behind this indictment as much as anything, I suspect. Somebody decided to make an example out of Brown, who is at best a bit player in this drama. To me, that’s abuse of power.

Worse, though, is the impact this prosecution could have on anyone who values freedom of speech, as well as those of us who make our living at it. If hyperlinks are illegal, then we are all criminals. See you in prison.

This post originally appeared on InfoWorld.

Comments are closed.