Researcher Still Being Pursued By Russian Bank Over Last Year's Mistaken Trump Connection Story
from the every-weapon-deployed dept
The war on security researchers continues. But then, it’s never really shown any sign of abating, has it? Report after report comes in of security researchers being threatened with lawsuits or arrest simply for finding and reporting security breaches.
The war on Jean Camp continues to this day, with the researcher on the receiving end of multiple legal threats from the American law firm representing Kremlin-linked Alfa Bank. Camp came under fire from the bank last year, after a story came and went mistakenly insinuating a Trump server was in engaged in lively conversation with Alfa Bank’s servers during the run-up to the presidential election.
That was back in March. Law firm Kirkland & Ellis sent legal threats and communication retention demands to Camp. In addition to demanding she retain all communications possibly relevant to Alfa Bank’s vendetta, the firm also threatened to file CFAA charges.
Nothing has improved over the last several months. The law firm’s tactics now apparently include the use of FOIA laws to grab even more of Camp’s communications. The Intercept reports on the latest developments in the Alfa Bank case.
Alfa’s lawyers went beyond scary lawyer boilerplate, demanding that Camp not only turn over all of her related communications with members of the media, but also divulge her full correspondence with the anonymous Tea Leaves, presumably for the purpose of unmasking and pursuing them. As a professor at a publicly funded university, Camp’s official correspondence is subject to public disclosure.
Alfa Bank seems keen on discovering who the mysterious security researcher “Tea Leaves” is. The pseudonymous researcher was instrumental to the mistaken claims published by Slate in its original report on the supposed link between Trump and the Russian bank. A letter sent by the law firm in May demands Camp turn over “Tea Leaves'” real name, title, and work address if she’s in possession of that information.
Another letter in June expanded Alfa’s demands, ordering Camp to turn over communications and other information related to her work with other security researchers. The latest letter, dated August 3, shows Alfa — through Kirkland & Ellis — serving up a public records request for
“All emails sent, received, or deleted by Professor Camp from University computers or systems using her University or personal email accounts that include any of the keywords “Alfa,” “Alpha,” “Alfa Bank,” “Alpha Bank,” “Trump,” “Clinton,” “Russia” or “Tea Leaves.”
Considering this all took place shortly before the election, this request has the potential to sweep up a great number of communications not directly related to Alfa Bank’s case. But even if it were more limited, it would still be disturbing. Alfa is looking to out other security researchers Camp has been in contact with, presumably in hopes of nailing a few of them to the wall for drawing mistaken conclusions about Trump server traffic.
The Intercept’s Sam Biddle notes this clearly isn’t what legislators had in mind when crafting public records laws.
Although public records laws typically don’t distinguish between U.S. citizens and foreign entities that use them, the purpose and spirit of such laws are generally understood to be a means of making government activities transparent for the public interest. Camp works for a public university and is a government employee, of course, but it’s hard to imagine laws like Indiana’s Access to Public Records act drafted with the well-being of Russian financial mega-institutions in mind.
This is likely true, but ultimately it makes no difference. The law cannot forbid companies from using public records laws to obtain information. (And companies know it.) After all, companies are made up of people and proxy records requests aren’t just for bullying by foreign banks. Muckrock does this all the time, acting as an intermediary for requesters who don’t live in the states they’re requesting records from. Some laws prevent out-of-state requests. Muckrock’s proxies work around this limitation. The use of a US law firm is more of the same, even though most records requesters aren’t normally looking to destroy the target of their requests.
Oddly, the PR firm representing Alfa Bank has been the only entity to respond to requests for comment. And it has done so with as much spin as possible. As Biddle reports, BGR Public Relations claims the nearly-yearlong issuance of threats and demands to Jean Camp isn’t illustrative of Alfa Bank’s end goals. It just wants to “get the facts straight.” Apparently, straightening things out means endangering Camp’s career and, potentially, the livelihoods of every researcher she spoke to about Alfa Bank server traffic.