AP Sues FBI Over Impersonating An AP Reporter With A Fake AP Story
from the stop-impersonating-us dept
Last fall, we wrote about how the FBI had set up a fake AP news story in order to implant malware during an investigation. This came out deep in a document that had been released via a FOIA request by EFF, and first noticed by Chris Soghoian of the ACLU. The documents showed the FBI discussing how to install some malware, called a CIPAV (for Computer and Internet Protocol Address Verifier) by creating a fake news story:
In response to this, FBI director James Comey defended the practice, saying that it was legal “under Justice Department and FBI guidelines at the time” and, furthermore, that this bit of deception worked. Comey also said that while guidelines had changed, and such impersonation would require “higher-level approvals,” it was still something the FBI could do.
The AP has now sued the FBI, along with the Reporters Committee on Freedom of the Press (RCFP) over its failure to reveal any more details about this effort following a FOIA request. For reasons that are beyond me, even though it’s the AP filing the lawsuit and the AP writing about the lawsuit, reporter Michael Biesecker apparently doesn’t think its readers can handle the actual filing, so they don’t include it (this is bad journalism, folks). However, you can read the actual lawsuit here.
In short, the AP made a FOIA request for documents related to this specific case above, as well as “an accounting of the number of times” that the FBI “has impersonated media organizations or generated media-style material” to deliver malware. The FBI said it was working on it, and then bizarrely told the AP that the request was being “closed administratively” because it was being combined with someone else’s FOIA request, which left the AP reasonably confused, since they had not initiated that request and had no idea who had.
In a letter from Mr. Hardy dated December 10, 2014, the FBI stated that, even though the request had yet to be fulfilled, the AP Request was unilaterally ?being closed administratively,? because the ?material responsive to your request will be processed in FOIA 1313504-0 as they share the same information.?
The combining of Mr. Satter?s request with Request No. 1313504-0 occurred despite the fact that Mr. Satter had not filed Request No. 1313504-0 and was given no information about the identity of the requester underlying FOIA Request No. 1313504-0.
When the AP asked the FBI for more info, it was told that “the estimated completion time for large requests is 649 days.” And still refused to reveal who had sent in the other FOIA request. The AP filed a formal appeal, and a week ago was told that there was nothing to appeal because the FBI had not completed Request No. 1313504-0 (which, again, the AP had not actually sent in). Hence the lawsuit.
The RCFP FOIA request received a somewhat more standard “no responsive records” response, to which the RCFP pointed out that the FBI was clearly lying, given that the earlier response (to the EFF FOIA, which kicked off this whole thing) showed that there was, in fact, such responsive results (I know this experience all too well).
And thus, both organizations are now suing to force the FBI to actually turn over the damn documents. Can’t wait to find out all the national security reasons (or will they be redacted) for why the FBI won’t respond, and why it combined the AP’s FOIA request with some totally unknown party’s.
Filed Under: fbi, foia, impersonating, malware
Companies: a&p, rcfp
Comments on “AP Sues FBI Over Impersonating An AP Reporter With A Fake AP Story”
Somewhere, in all the jabberwocky this case will generate, some DOJ flunky will put into proper legalese the government’s full and final reasoning: “Because fuck you.”
I'm guessing
they combined the requests so that they could give a null response to the “other party” and claim they are unable to share the “other parties” information with AP.
Causes for national-security redactions will be redacted for national-security causes.
Yeah. That message is pretty clear.
Request No. 1313504-0
Request filed by: James Comey
Re: Re:
Request No. 1313504-0
Request filed by: James Comey
Documents requested: All publicly releasable documents.
Documents found: No responsive documents.
Mr Paper Shredder
Mr Paper Shredder was the other requester.
“In response to this, FBI director James Comey defended the practice, saying that it was legal “under Justice Department and FBI guidelines at the time” and, furthermore, that this bit of deception worked.”
So the fact that it worked makes it perfectly ok?
By that logic it would be perfectly fine for someone to rob a bank to pay off their mortgage, just as long as it ‘works’.
Re: Re:
So the fact that it worked makes it perfectly ok?
It was legal and it worked, not it was legal because it worked.
Re: Re:
I hope that I missed the /s on “It was legal and it worked.”
Do you really believe that law enforcement adheres to the law? Or tells the truth?
It was legal at the time? DOJ and FBI guidelines do not supercede the Constitution. SCOTUS ruled that law enforcement was permitted to lie under certain, limited circumstances. That does not mean that LEOs can lawfully lie to anyone and everyone (including SCOTUS) about everything.
That they get away with it merely demonstrates the power that law enforcement has developed and stolen over the past 35 years.
Re: Re: Re: Re:
I hope that I missed the /s on “It was legal and it worked.”
The government claimed both that it was legal and that it worked, they did not claim that it was legal because it worked. Is that better?
Valid defamation claim?
Would AP have a valid defamation claim here?
If the FBI goes around claiming they’re the AP as part of an investigation, I’d think after a while AP would have trouble doing real reporting – sources would think the reporter might be a FBI agent.
This would seem to do real harm to AP’s business. Something they should be able to claim compensation from.
Re: Valid defamation claim?
Would that not be Felony Business Interference?
That link's destination...
I know several corporate email servers that would quarantine that email due to the link’s destination. An admin would have to review and approve it for delivery.
Even if not quarantined sharp eyed readers would (or should) think that email a phishing attempt.
(For those who still haven’t seen it: the news story is about a bomb threat or hostage situation but the link goes to webteensex?)
FOIA requestors hate him for this one trick!
FBI 1: Someone has filed a FOIA request for one of those sneaky things we have done.
FBI 2: Quick! Be sneaky and file another FOIA anonymously for the same report plus every other record that has the letter combination “FU” in it. That should keep it tied up for a while until everyone hopefully forgets about it.
Always wondered
If these agencies are so PROUD of what they do…
Why does it take a TON of effort to get them to TELL US..
Why do they have to Erase so much in the effort..
I mean, that ITS NOT supposed to feel like we have the SS, and the Spanish inquisition in the middle of our country..
Does it??
In a normal reality the notion that the FBI routinely break laws that would send the average citizen to jail for a decade or more would cause society to fix this corruption of the legal process.
In this reality most People seem to go “meh I don’t care as it does affect me”. I am pretty sure we all know that ultimately leads to Godwyn’s law when society stops caring about those entrusted with the laws that protect it keep breaking them while murdering anyone that does break the exact same laws.
The spirit of Godwin's law
Sometimes crossing the Godwin threshold (making a comparison to Nazi policy or behavior) is Justified.
This isn’t the first time that someone on Techdirt has been haunted by the terrible realization that it can happen here.
FOIA 1313504-0 was probably filed by an undercover FBI agent, impersonating an AP reporter.
Re: Re:
Yeah, it’s kinda obvious.
Can someone please explain to me how opening a draft of a story deploys malware?
I would hope that in this day and age, no email program on the planet actually executes EXE attachments anymore. Especially considering that among the general population, probably about 99.99% of them use a web-based email.
Did they send him a file in MS Word format (because naturally every single person on the planet has Word!) with malware attached to it? If so, how does that work? Does Word load a file and think “Hmm, text, OK, I’ll display that. Some images, yup I’ll show those. Oh hey, here’s some code that is completely unnecessary for my job of writing documents, but I’ll just run it anyway!”?
Maybe I’m biased since I don’t use Word and every program that I use would treat executable code in a data file as corrupt data and ignore it. Or at worst it would try to render it and crash. And if someone were going to send me a draft of an article they were working on, I’d tell them to send it to me in plain text because I don’t have Word.
Did they somehow craft an executable file that magically manages to guess which icon his system gives to documents, and that when clicked, installs the malware and then magically guesses which program on his system it should load to mimic the results of clicking on a pure data file? I’m sure that would be super easy, especially considering that different versions of Windows and Word use different icons for the same types of files…
Re: Re:
It was probably a javascript-based exploit.
Obvious
Who would want to be identified as an FBI agent when they could claim to be anything else?
Funny how when the Gov wants information from the public, they can do the very things they put their citizens in jail for doing. It’s very hard for the people to take the law seriously when the people that are supposed to be setting the example don’t even take it seriously.