Did A Former National Parks Employee Violate The CFAA By Tweeting About Climate Change?

from the the-tweets-heard-round-the-world dept

As you may have heard, over the past few days, there’s been a lot of talk about various US government Twitter feeds “going rogue” in what many believe is an attempt at a bit of civil disobedience following gag orders being sent from the White House to various federal departments and agencies, with a particular ban on social media. Soon after that came out, the Twitter feed of the famed Badlands National Park in South Dakota, started tweeting about climate change:

Those tweets have since been deleted, but they certainly caused quite a stir, and there’s even what claims to be a private rogue National Parks Service twitter feed that won’t be silenced at @AltNatPartSer. That’s apparently inspired other government employees to set up similar “rogue” Twitter accounts. As I write this, there are about two dozen such accounts on this list, with some personal favorites being the @Alt_FDA, the @RogueNASA and @AltFedCyberz. Now, it’s important to state that there’s no direct proof that these are actually run by federal employees, but the whole thing is fascinating to watch.

But, that alone doesn’t necessarily make it worthy of a Techdirt post (yes, there’s a possible Streisand Effect angle on all of this, but it remains to be seen how strong that really is). What caught my eye, however, was how the National Park Service eventually explained those original Badlands tweets, telling BuzzFeed that they were done by an ex-employee who had retained his password, but wasn’t authorized to tweet from the account:

Now, the exact wording of that statement also made my ears perk up, because “not currently authorized to use the park’s account” could have pretty serious legal consequences. As reporter Matt Pearce unfortunately, but correctly, points out, this could be interpreted, by some, to be a violation fo the CFAA.

You remember the CFAA, of course. That’s the “anti-hacking” Computer Fraud and Abuse Act, that has an unfortunately long history of being twisted and questionably interpreted to mean that just about anything people don’t like that you do on a computer is potentially a violation. In particular, many cases have focused specifically on what constitutes “without authorization” or “exceeds authorized access” under the law. The fact that the NPS directly claims that this person was “not currently authorized” certainly could be seen to trip the “without authorization” or “exceeds authorized access” lines.

Of course, the CFAA has different sections — and most of the cases we talk about tend to focus on 1030(a)(4) which covers accessing information whose value is over $5,000. It’s difficult to see how one could twist the Badlands tweets as being about accessing information valued at more than $5,000, but there is also 1030(a)(3), which one would hope also would not apply… but where you could see an overzealous DOJ try to make it stick. That’s the section that says it’s a violation of the CFAA to access a computer that “is used by or for the Government of the United States and such conduct affects that use by or for the Government of the United States.”

Now, it’s pretty clear that the intent here is to go after someone who hacks into a system and somehow interferes with the government making use of that computer (and, remember, the entire reason we have a CFAA is because some clueless politicians — including Ronald Reagan — freaked out about the very, very fictional movie War Games). But, given how the DOJ has stretched the interpretation of the CFAA in the past, would it be possible for them to try to claim that by making unauthorized access to a Twitter account, and tweeting those tweets, it was using a computer that “is used by the Government” and the “conduct affects that use by or for the Government of the United States” and that the access was “without authorization”? It… seems unfortunately possible.

So far, the administration doesn’t seem too concerned about this… but just the fact that this is even possible is yet another reminder of just how ridiculous the CFAA is, and how it is in desperate need of serious reform.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Did A Former National Parks Employee Violate The CFAA By Tweeting About Climate Change?”

Subscribe: RSS Leave a comment
PRMan (profile) says:

WarGames is not very, very fictional

Almost everything in that movie is based on an actual event. It’s just not that all the events were the same person.

Saying that WarGames is very, very fictional is a gross overstatement that obscures the fact that hacks similar to all of those shown in the movie had, in fact, already happened to a similar level (although nukes didn’t almost get launched, someone did hack into a server that helped control nukes).

PaulT (profile) says:

Re: WarGames is not very, very fictional

True stories, but heavily fictionalised. But, I’d argue that the things people need to learn from WarGames are not the ones that they seem to be getting.

While you should remain cautious of course, the lesson shouldn’t be that there’s a teenager ready to hack into you at a moment’s notice. The lesson should be that in that story a teenager inadvertently accessed a backdoor that was left accessible from public phone lines. Therefore, it’s a bad idea to have such accessibility, and even worse to be able to actually launch weapons from something the hacker will believe is simply a game with no real life consequences.

Instead, we seem to have people willing to leave wide open backdoors in case they need one, but strip rights away from everyone else in case they happen to access them.

Anonymous Coward says:

it was using a computer that "is used by the Government"

Unless he still has his government issued computer, then all he did was access a (somewhat) random Twitter server. I actually want to see the government argue that every server accessed by the government falls under this statute. That would pretty clearly lead to about 80% of the internet by volume falling under this rule.

shanen (profile) says:

Trump's straw-man reality is burning!

Some deep thinkers want to encourage other people to think more deeply. However, there are also deep thinkers who prefer other people to think less deeply, the better to manipulate and take advantage of those people.

The worst (and most dangerous) case is people who are shallow thinkers, but who think they are deep thinkers, and #PresidentTweety is one of those people. Trump is not at war with the media. He is at war with reality. Trump wants to create belief in a straw-man fake reality of horror and collapse so he can then claim improvements by tweaking the fake beliefs back towards reality.

At least Duterte killed (alleged) evildoers and Mussolini made the trains run on time! That’s not the reality of America. (Well, actually the American trains aren’t so reliable, but Trump’s supporters in flyover country are the least likely to use trains.)

My favorite sig should make it obvious, but I’m on the side of more deep thinking. You have to think deeply to understand your free choices in a meaningful way and to understand the constraints and their sources. (That’s why “freedom of speech” is so confusing to many people, because the “speech” may be opinions or lies just as freely as it may be true.)

So far my best effort at a constructive “solution” is the design of the deep-thinking cap, but it’s yet another “morally neutral” tool. While I think I would use the cap to support more deep thinking, maybe I would just use it to sleep a lot. Some people might use it to listen to more loud and mindless music while ignoring other people, even though the cap could be used as a better communication device, too.

#1 Freedom = (Meaningful – Coerced) Choice{5} ≠ (Beer^4 | Speech | Trade)

shanen (profile) says:

Re: Trump's straw-man reality is burning!

Not worth responding to ACs, but real questions from real people will normally receive responses.

Extending the typology, there are also super-shallow people who, having nothing to say, insist upon saying nothing. Usually ACs, but TechDirt doesn’t seem to have any convenient way to render the ACs invisible.

Anonymous Coward says:

Re: Re: Trump's straw-man reality is burning!

“real questions from real people will normally receive responses.

Thank god for that.

“TechDirt doesn’t seem to have any convenient way to render the ACs invisible”

What else could we do to make your visit here more comforting? Sounds sorta like Trump complaining about the media not treating him fairly, he just might be able to have them “disappeared”.

Ben (profile) says:

For me, the shoe fits...

I know that when the CFAA was written social media had never been considered. That being said, (And without using any car analogies.) the average person would see what happened as either the NPS rebelling against an elected President or an employee disobeying his/her employer. Both get you fired, one might be a crime in it’s own right. Add in the former employee factor and that is a bigger problem, jail time becomes a real possibility even in the corp world.

Anon E. Mous (profile) says:

Ah the CFAA that brings a tear to my eye.

I remember how the Prenda gang abused that statue when the Judges caught onto their trolling efforts and Steele & Hansmeier used the CFAA to sue BitTorrent down loaders by saying the down loaders hacked into Guava servers and thus Prenda could get the subscriber info from the ISP’s to get the extorion -er-settlement letters out to the victims

Wendy Cockcroft (user link) says:

Re: Re: Re: Re:

Not true. Govt. departments need to be non-partisan in order to get stuff done; the administration of policy and legal obligations needs to continue even when the reps, etc., are on holiday or have been voted out.

Those departments that have been politicized have been made that way the better to implement partisan policy. This is deliberate as the people who work for them — administrators like myself — can’t be fired and replaced very easily, while the directors can. This means that, even in a Congress ruled by t’other side, the policies of the party favoured by the department will continue no matter what. For this reason, it ought to be illegal to politicize a department, the better to ensure government by the people for the people rather than government by the party for the party.

For the record I don’t care which side does this, it’s profoundly undemocratic and only tends to entrench the status quo, hence Trump. People get fed up of the party games after a while and demand change at any cost. I think we’re at the “counting the cost” stage now. It’ll get worse before it gets better but when the Great Overhaul finally happens, it needs to include the de-politicization of government departments.

Ninja (profile) says:

I wonder, this is clearly an act of civil disobedience. Protest if you will. How would this fit into the CFAA? Could the administration twist already bad laws like the espionage act and prosecute the person even more aggressively than previous whistleblowers (even if it isn’t really blowing the whistle)?

I hope TD keeps an eye on the developments of this case.

Blue says:

Doesn't Seem Too Ridiculous

This doesn’t seem like it’s that much of a twisted use of the CFAA. While it is not really “hacking” it seems to me that this is very clearly access without authorization. If the ex-employee story is true. However I don’t understand your second to last paragraph. Where you claim that based on prior interpretations of the CFAA by the DOJ the tweet would have been “using a computer that “is used by the Government””. What sort of interpretations have they used that would make this seem plausible? If it was an ex-employee I very much doubt they would have had physical access to a government computer. I guess they could say that Twitters servers are “technically” used by the government and there for the first condition is fulfilled. That seems very dubious to me. But who knows what sort of backwards logic the government runs on. So if you have examples of this please feel free to chime in.

Kathy (profile) says:

Maybe not

As someone mentioned in a previous comment. If you carefully read the wording of the Tweet, the following is a POSSIBLE scenario.

The person was an employee (and authorized) when they tweeted. Then they got fired. And then the tweets were deleted. And then the Tweet which says they are an ex-employee who is not currently authorized.

Somehow, I don’t think they would have included the “currently” in the Tweet if the person had never been authorized. So the question is what is the timing.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...