AP Sues FBI Over Impersonating An AP Reporter With A Fake AP Story

from the stop-impersonating-us dept

Last fall, we wrote about how the FBI had set up a fake AP news story in order to implant malware during an investigation. This came out deep in a document that had been released via a FOIA request by EFF, and first noticed by Chris Soghoian of the ACLU. The documents showed the FBI discussing how to install some malware, called a CIPAV (for Computer and Internet Protocol Address Verifier) by creating a fake news story:

It later came out that the way the FBI used this was an undercover agent pretended to be an AP reporter and sent the suspect -- a 15 year old high school kid... -- a "draft" of the article to review. And when the kid opened it, the malware was deployed.

In response to this, FBI director James Comey defended the practice, saying that it was legal "under Justice Department and FBI guidelines at the time" and, furthermore, that this bit of deception worked. Comey also said that while guidelines had changed, and such impersonation would require "higher-level approvals," it was still something the FBI could do.

The AP has now sued the FBI, along with the Reporters Committee on Freedom of the Press (RCFP) over its failure to reveal any more details about this effort following a FOIA request. For reasons that are beyond me, even though it's the AP filing the lawsuit and the AP writing about the lawsuit, reporter Michael Biesecker apparently doesn't think its readers can handle the actual filing, so they don't include it (this is bad journalism, folks). However, you can read the actual lawsuit here.

In short, the AP made a FOIA request for documents related to this specific case above, as well as "an accounting of the number of times" that the FBI "has impersonated media organizations or generated media-style material" to deliver malware. The FBI said it was working on it, and then bizarrely told the AP that the request was being "closed administratively" because it was being combined with someone else's FOIA request, which left the AP reasonably confused, since they had not initiated that request and had no idea who had.
In a letter from Mr. Hardy dated December 10, 2014, the FBI stated that, even though the request had yet to be fulfilled, the AP Request was unilaterally “being closed administratively,” because the “material responsive to your request will be processed in FOIA 1313504-0 as they share the same information.”

The combining of Mr. Satter’s request with Request No. 1313504-0 occurred despite the fact that Mr. Satter had not filed Request No. 1313504-0 and was given no information about the identity of the requester underlying FOIA Request No. 1313504-0.
When the AP asked the FBI for more info, it was told that "the estimated completion time for large requests is 649 days." And still refused to reveal who had sent in the other FOIA request. The AP filed a formal appeal, and a week ago was told that there was nothing to appeal because the FBI had not completed Request No. 1313504-0 (which, again, the AP had not actually sent in). Hence the lawsuit.

The RCFP FOIA request received a somewhat more standard "no responsive records" response, to which the RCFP pointed out that the FBI was clearly lying, given that the earlier response (to the EFF FOIA, which kicked off this whole thing) showed that there was, in fact, such responsive results (I know this experience all too well).

And thus, both organizations are now suing to force the FBI to actually turn over the damn documents. Can't wait to find out all the national security reasons (or will they be redacted) for why the FBI won't respond, and why it combined the AP's FOIA request with some totally unknown party's.

Filed Under: fbi, foia, impersonating, malware
Companies: ap, rcfp


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 27 Aug 2015 @ 12:20pm

    Somewhere, in all the jabberwocky this case will generate, some DOJ flunky will put into proper legalese the government's full and final reasoning: "Because fuck you."

    reply to this | link to this | view in chronology ]

  • icon
    Get off my cyber-lawn! (profile), 27 Aug 2015 @ 12:27pm

    I'm guessing

    they combined the requests so that they could give a null response to the "other party" and claim they are unable to share the "other parties" information with AP.

    reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 27 Aug 2015 @ 12:36pm

    Causes for national-security redactions will be redacted for national-security causes.

    Yeah. That message is pretty clear.

    reply to this | link to this | view in chronology ]

  • icon
    lucidrenegade (profile), 27 Aug 2015 @ 12:38pm

    Request No. 1313504-0
    Request filed by: James Comey

    reply to this | link to this | view in chronology ]

    • icon
      Chris-Mouse (profile), 27 Aug 2015 @ 1:51pm

      Re:

      Request No. 1313504-0
      Request filed by: James Comey
      Documents requested: All publicly releasable documents.
      Documents found: No responsive documents.

      reply to this | link to this | view in chronology ]

  • icon
    afn29129 (profile), 27 Aug 2015 @ 12:47pm

    Mr Paper Shredder

    Mr Paper Shredder was the other requester.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Aug 2015 @ 12:48pm

    "In response to this, FBI director James Comey defended the practice, saying that it was legal "under Justice Department and FBI guidelines at the time" and, furthermore, that this bit of deception worked."

    So the fact that it worked makes it perfectly ok?

    By that logic it would be perfectly fine for someone to rob a bank to pay off their mortgage, just as long as it 'works'.

    reply to this | link to this | view in chronology ]

    • icon
      nasch (profile), 28 Aug 2015 @ 8:21am

      Re:

      So the fact that it worked makes it perfectly ok?

      It was legal and it worked, not it was legal because it worked.

      reply to this | link to this | view in chronology ]

      • icon
        Groaker (profile), 31 Aug 2015 @ 10:13am

        I hope that I missed the /s on "It was legal and it worked."

        Do you really believe that law enforcement adheres to the law? Or tells the truth?

        It was legal at the time? DOJ and FBI guidelines do not supercede the Constitution. SCOTUS ruled that law enforcement was permitted to lie under certain, limited circumstances. That does not mean that LEOs can lawfully lie to anyone and everyone (including SCOTUS) about everything.

        That they get away with it merely demonstrates the power that law enforcement has developed and stolen over the past 35 years.

        reply to this | link to this | view in chronology ]

        • icon
          nasch (profile), 31 Aug 2015 @ 11:07am

          Re:

          I hope that I missed the /s on "It was legal and it worked."

          The government claimed both that it was legal and that it worked, they did not claim that it was legal because it worked. Is that better?

          reply to this | link to this | view in chronology ]

  • icon
    OldMugwump (profile), 27 Aug 2015 @ 12:56pm

    Valid defamation claim?

    Would AP have a valid defamation claim here?

    If the FBI goes around claiming they're the AP as part of an investigation, I'd think after a while AP would have trouble doing real reporting - sources would think the reporter might be a FBI agent.

    This would seem to do real harm to AP's business. Something they should be able to claim compensation from.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Aug 2015 @ 12:59pm

    That link's destination...

    I know several corporate email servers that would quarantine that email due to the link's destination. An admin would have to review and approve it for delivery.

    Even if not quarantined sharp eyed readers would (or should) think that email a phishing attempt.





    (For those who still haven't seen it: the news story is about a bomb threat or hostage situation but the link goes to webteensex?)

    reply to this | link to this | view in chronology ]

  • identicon
    Crazy Canuck, 27 Aug 2015 @ 1:09pm

    FOIA requestors hate him for this one trick!

    FBI 1: Someone has filed a FOIA request for one of those sneaky things we have done.

    FBI 2: Quick! Be sneaky and file another FOIA anonymously for the same report plus every other record that has the letter combination "FU" in it. That should keep it tied up for a while until everyone hopefully forgets about it.

    reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 27 Aug 2015 @ 2:07pm

    Always wondered

    If these agencies are so PROUD of what they do...
    Why does it take a TON of effort to get them to TELL US..
    Why do they have to Erase so much in the effort..
    I mean, that ITS NOT supposed to feel like we have the SS, and the Spanish inquisition in the middle of our country..
    Does it??

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Aug 2015 @ 4:49pm

    In a normal reality the notion that the FBI routinely break laws that would send the average citizen to jail for a decade or more would cause society to fix this corruption of the legal process.

    In this reality most People seem to go "meh I don't care as it does affect me". I am pretty sure we all know that ultimately leads to Godwyn's law when society stops caring about those entrusted with the laws that protect it keep breaking them while murdering anyone that does break the exact same laws.

    reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 27 Aug 2015 @ 5:11pm

    The spirit of Godwin's law

    Sometimes crossing the Godwin threshold (making a comparison to Nazi policy or behavior) is Justified.

    This isn't the first time that someone on Techdirt has been haunted by the terrible realization that it can happen here.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Aug 2015 @ 9:26pm

    FOIA 1313504-0 was probably filed by an undercover FBI agent, impersonating an AP reporter.

    reply to this | link to this | view in chronology ]

  • identicon
    Rekrul, 28 Aug 2015 @ 1:36am

    It later came out that the way the FBI used this was an undercover agent pretended to be an AP reporter and sent the suspect -- a 15 year old high school kid... -- a "draft" of the article to review. And when the kid opened it, the malware was deployed.

    Can someone please explain to me how opening a draft of a story deploys malware?

    I would hope that in this day and age, no email program on the planet actually executes EXE attachments anymore. Especially considering that among the general population, probably about 99.99% of them use a web-based email.

    Did they send him a file in MS Word format (because naturally every single person on the planet has Word!) with malware attached to it? If so, how does that work? Does Word load a file and think "Hmm, text, OK, I'll display that. Some images, yup I'll show those. Oh hey, here's some code that is completely unnecessary for my job of writing documents, but I'll just run it anyway!"?

    Maybe I'm biased since I don't use Word and every program that I use would treat executable code in a data file as corrupt data and ignore it. Or at worst it would try to render it and crash. And if someone were going to send me a draft of an article they were working on, I'd tell them to send it to me in plain text because I don't have Word.

    Did they somehow craft an executable file that magically manages to guess which icon his system gives to documents, and that when clicked, installs the malware and then magically guesses which program on his system it should load to mimic the results of clicking on a pure data file? I'm sure that would be super easy, especially considering that different versions of Windows and Word use different icons for the same types of files...

    reply to this | link to this | view in chronology ]

  • icon
    Groaker (profile), 28 Aug 2015 @ 2:37am

    Obvious

    Who would want to be identified as an FBI agent when they could claim to be anything else?

    reply to this | link to this | view in chronology ]

  • identicon
    AJ, 28 Aug 2015 @ 3:57am

    Funny how when the Gov wants information from the public, they can do the very things they put their citizens in jail for doing. It's very hard for the people to take the law seriously when the people that are supposed to be setting the example don't even take it seriously.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.