Did A Former National Parks Employee Violate The CFAA By Tweeting About Climate Change?

from the the-tweets-heard-round-the-world dept

As you may have heard, over the past few days, there's been a lot of talk about various US government Twitter feeds "going rogue" in what many believe is an attempt at a bit of civil disobedience following gag orders being sent from the White House to various federal departments and agencies, with a particular ban on social media. Soon after that came out, the Twitter feed of the famed Badlands National Park in South Dakota, started tweeting about climate change:

Those tweets have since been deleted, but they certainly caused quite a stir, and there's even what claims to be a private rogue National Parks Service twitter feed that won't be silenced at @AltNatPartSer. That's apparently inspired other government employees to set up similar "rogue" Twitter accounts. As I write this, there are about two dozen such accounts on this list, with some personal favorites being the @Alt_FDA, the @RogueNASA and @AltFedCyberz. Now, it's important to state that there's no direct proof that these are actually run by federal employees, but the whole thing is fascinating to watch.

But, that alone doesn't necessarily make it worthy of a Techdirt post (yes, there's a possible Streisand Effect angle on all of this, but it remains to be seen how strong that really is). What caught my eye, however, was how the National Park Service eventually explained those original Badlands tweets, telling BuzzFeed that they were done by an ex-employee who had retained his password, but wasn't authorized to tweet from the account:

Now, the exact wording of that statement also made my ears perk up, because "not currently authorized to use the park's account" could have pretty serious legal consequences. As reporter Matt Pearce unfortunately, but correctly, points out, this could be interpreted, by some, to be a violation fo the CFAA.

You remember the CFAA, of course. That's the "anti-hacking" Computer Fraud and Abuse Act, that has an unfortunately long history of being twisted and questionably interpreted to mean that just about anything people don't like that you do on a computer is potentially a violation. In particular, many cases have focused specifically on what constitutes "without authorization" or "exceeds authorized access" under the law. The fact that the NPS directly claims that this person was "not currently authorized" certainly could be seen to trip the "without authorization" or "exceeds authorized access" lines.

Of course, the CFAA has different sections -- and most of the cases we talk about tend to focus on 1030(a)(4) which covers accessing information whose value is over $5,000. It's difficult to see how one could twist the Badlands tweets as being about accessing information valued at more than $5,000, but there is also 1030(a)(3), which one would hope also would not apply... but where you could see an overzealous DOJ try to make it stick. That's the section that says it's a violation of the CFAA to access a computer that "is used by or for the Government of the United States and such conduct affects that use by or for the Government of the United States."

Now, it's pretty clear that the intent here is to go after someone who hacks into a system and somehow interferes with the government making use of that computer (and, remember, the entire reason we have a CFAA is because some clueless politicians -- including Ronald Reagan -- freaked out about the very, very fictional movie War Games). But, given how the DOJ has stretched the interpretation of the CFAA in the past, would it be possible for them to try to claim that by making unauthorized access to a Twitter account, and tweeting those tweets, it was using a computer that "is used by the Government" and the "conduct affects that use by or for the Government of the United States" and that the access was "without authorization"? It... seems unfortunately possible.

So far, the administration doesn't seem too concerned about this... but just the fact that this is even possible is yet another reminder of just how ridiculous the CFAA is, and how it is in desperate need of serious reform.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    PRMan, 26 Jan 2017 @ 12:11pm

    WarGames is not very, very fictional

    Almost everything in that movie is based on an actual event. It's just not that all the events were the same person.

    Saying that WarGames is very, very fictional is a gross overstatement that obscures the fact that hacks similar to all of those shown in the movie had, in fact, already happened to a similar level (although nukes didn't almost get launched, someone did hack into a server that helped control nukes).

    reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 26 Jan 2017 @ 12:45pm

      Re: WarGames is not very, very fictional

      I think that step between getting into the server and almost launching the nukes, is a very wide, abyssal one, and that's what makes Wargames particularly fictional.

      very, very maybe hyperbole, but very, very is very, very seldom not hyperbole.

      reply to this | link to this | view in chronology ]

    • icon
      PaulT (profile), 27 Jan 2017 @ 1:13am

      Re: WarGames is not very, very fictional

      True stories, but heavily fictionalised. But, I'd argue that the things people need to learn from WarGames are not the ones that they seem to be getting.

      While you should remain cautious of course, the lesson shouldn't be that there's a teenager ready to hack into you at a moment's notice. The lesson should be that in that story a teenager inadvertently accessed a backdoor that was left accessible from public phone lines. Therefore, it's a bad idea to have such accessibility, and even worse to be able to actually launch weapons from something the hacker will believe is simply a game with no real life consequences.

      Instead, we seem to have people willing to leave wide open backdoors in case they need one, but strip rights away from everyone else in case they happen to access them.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 26 Jan 2017 @ 12:24pm

    it was using a computer that "is used by the Government"

    Unless he still has his government issued computer, then all he did was access a (somewhat) random Twitter server. I actually want to see the government argue that every server accessed by the government falls under this statute. That would pretty clearly lead to about 80% of the internet by volume falling under this rule.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymouse, 26 Jan 2017 @ 12:28pm

    Fired

    That statement could also be true if the former employee had been fired between that last tweet going out and the offending tweets going out.

    reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 26 Jan 2017 @ 12:49pm

    Sooner or later, the Trump administration is going to decide...

    ...that someone it dislikes used a computer, and that's grounds enough to imprison them for a long time via the CFAA.

    Rarely-enforced oft-committed crimes are merely tools for current administrations to rid themselves of enemies with a sense of legitimacy.

    reply to this | link to this | view in chronology ]

  • icon
    Vidiot (profile), 26 Jan 2017 @ 12:54pm

    The appropriate response to this "hack":

    "Hey, knock that off."

    reply to this | link to this | view in chronology ]

    • icon
      PaulT (profile), 27 Jan 2017 @ 1:25am

      Re:

      ...followed by "hey, maybe we should change the passwords for our public facing communications when we fire the person who's using them". Sadly, I know how rare it is for that to happen efficiently in the private sector, let alone public.

      reply to this | link to this | view in chronology ]

  • icon
    shanen (profile), 26 Jan 2017 @ 1:11pm

    Trump's straw-man reality is burning!

    Some deep thinkers want to encourage other people to think more deeply. However, there are also deep thinkers who prefer other people to think less deeply, the better to manipulate and take advantage of those people.

    The worst (and most dangerous) case is people who are shallow thinkers, but who think they are deep thinkers, and #PresidentTweety is one of those people. Trump is not at war with the media. He is at war with reality. Trump wants to create belief in a straw-man fake reality of horror and collapse so he can then claim improvements by tweaking the fake beliefs back towards reality.

    At least Duterte killed (alleged) evildoers and Mussolini made the trains run on time! That's not the reality of America. (Well, actually the American trains aren't so reliable, but Trump's supporters in flyover country are the least likely to use trains.)

    My favorite sig should make it obvious, but I'm on the side of more deep thinking. You have to think deeply to understand your free choices in a meaningful way and to understand the constraints and their sources. (That's why "freedom of speech" is so confusing to many people, because the "speech" may be opinions or lies just as freely as it may be true.)

    So far my best effort at a constructive "solution" is the design of the deep-thinking cap, but it's yet another "morally neutral" tool. While I think I would use the cap to support more deep thinking, maybe I would just use it to sleep a lot. Some people might use it to listen to more loud and mindless music while ignoring other people, even though the cap could be used as a better communication device, too.

    --
    #1 Freedom = (Meaningful - Coerced) Choice{5} ≠ (Beer^4 | Speech | Trade)

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 26 Jan 2017 @ 1:16pm

      Re: Trump's straw-man reality is burning!

      o_o

      Some stuff at the beginning there sounded right but by the end I had no idea what you are on about.

      There's deep thinking, and then there's deep up your own ass thinking...

      reply to this | link to this | view in chronology ]

    • icon
      shanen (profile), 26 Jan 2017 @ 11:34pm

      Re: Trump's straw-man reality is burning!

      Not worth responding to ACs, but real questions from real people will normally receive responses.

      Extending the typology, there are also super-shallow people who, having nothing to say, insist upon saying nothing. Usually ACs, but TechDirt doesn't seem to have any convenient way to render the ACs invisible.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 27 Jan 2017 @ 4:53am

        Re: Re: Trump's straw-man reality is burning!

        "real questions from real people will normally receive responses.
        "

        Thank god for that.



        "TechDirt doesn't seem to have any convenient way to render the ACs invisible"

        What else could we do to make your visit here more comforting? Sounds sorta like Trump complaining about the media not treating him fairly, he just might be able to have them "disappeared".

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 27 Jan 2017 @ 10:55am

          Re: Re: Re: Trump's straw-man reality is burning!

          Thanks for putting it in exactly same way I would have addressed those comments without me having to take the time and thought you saved me. Thank you also Techdirt for respecting my privacy.

          reply to this | link to this | view in chronology ]

      • icon
        shanen (profile), 27 Jan 2017 @ 7:00pm

        Re: Re: Trump's straw-man reality is burning!

        Obviously I can rest my case on the AC responses, but...

        Don't you sometimes wonder why the trolls? Not a lot of wonder. Not worth it.

        reply to this | link to this | view in chronology ]

  • icon
    Bamboo Harvester (profile), 26 Jan 2017 @ 2:17pm

    Streisand Effect? Oh, Please!

    I can't believe that nobody here sees this for what it is. He's routing out the moles.

    Each of those posts will be traced back to an employee, and that employee will be FIRED FOR CAUSE.

    It's a strategy designed to catch idiots - and it's extremely effective at doing so.

    reply to this | link to this | view in chronology ]

  • icon
    Ben (profile), 26 Jan 2017 @ 2:18pm

    For me, the shoe fits...

    I know that when the CFAA was written social media had never been considered. That being said, (And without using any car analogies.) the average person would see what happened as either the NPS rebelling against an elected President or an employee disobeying his/her employer. Both get you fired, one might be a crime in it's own right. Add in the former employee factor and that is a bigger problem, jail time becomes a real possibility even in the corp world.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 26 Jan 2017 @ 4:00pm

    Re: deep thinking cap

    does it run on lemon juice?

    but how will you defeat the thought activated automated face smackers? *surely someone in the trump admin's working on those. probably 42 people.

    reply to this | link to this | view in chronology ]

  • icon
    Anon E. Mous (profile), 26 Jan 2017 @ 4:40pm

    Ah the CFAA that brings a tear to my eye.

    I remember how the Prenda gang abused that statue when the Judges caught onto their trolling efforts and Steele & Hansmeier used the CFAA to sue BitTorrent down loaders by saying the down loaders hacked into Guava servers and thus Prenda could get the subscriber info from the ISP's to get the extorion -er-settlement letters out to the victims

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 26 Jan 2017 @ 5:00pm

    Authoritarians hate it when others have any freedom, because as everyone knows you have to follow their rules or suffer their wrath.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 26 Jan 2017 @ 5:36pm

      Re:

      Not much new here. Obama had the departments towing the party line and now Trump. It would be nice to think that some of these departments weren't political but they all are these days.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 27 Jan 2017 @ 5:01am

        Re: Re:

        " It would be nice to think that some of these departments weren't political but they all are these days."

        Always have been - no?
        Government organizations tent to be political, not really news is it? That is not a valid reason to eliminate the dept.

        reply to this | link to this | view in chronology ]

        • identicon
          Wendy Cockcroft, 30 Jan 2017 @ 5:38am

          Re: Re: Re:

          Not true. Govt. departments need to be non-partisan in order to get stuff done; the administration of policy and legal obligations needs to continue even when the reps, etc., are on holiday or have been voted out.

          Those departments that have been politicized have been made that way the better to implement partisan policy. This is deliberate as the people who work for them — administrators like myself — can't be fired and replaced very easily, while the directors can. This means that, even in a Congress ruled by t'other side, the policies of the party favoured by the department will continue no matter what. For this reason, it ought to be illegal to politicize a department, the better to ensure government by the people for the people rather than government by the party for the party.

          For the record I don't care which side does this, it's profoundly undemocratic and only tends to entrench the status quo, hence Trump. People get fed up of the party games after a while and demand change at any cost. I think we're at the "counting the cost" stage now. It'll get worse before it gets better but when the Great Overhaul finally happens, it needs to include the de-politicization of government departments.

          reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 27 Jan 2017 @ 3:28am

    I wonder, this is clearly an act of civil disobedience. Protest if you will. How would this fit into the CFAA? Could the administration twist already bad laws like the espionage act and prosecute the person even more aggressively than previous whistleblowers (even if it isn't really blowing the whistle)?

    I hope TD keeps an eye on the developments of this case.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jan 2017 @ 5:06am

    What was the "crime" here?

    Some one did something that upset someone else who happens to be in a position of power and influence ....
    So they have someone else look into what laws could be used to go after those horrible horrible mouthy people for what they did. Sounds a bit juvenile doesn't it?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jan 2017 @ 7:18am

    If whoever did it wipes their hard disk with KillDisk, rendering any evidence unrecoverable.

    reply to this | link to this | view in chronology ]

  • identicon
    Blue, 27 Jan 2017 @ 8:37am

    Doesn't Seem Too Ridiculous

    This doesn't seem like it's that much of a twisted use of the CFAA. While it is not really "hacking" it seems to me that this is very clearly access without authorization. If the ex-employee story is true. However I don't understand your second to last paragraph. Where you claim that based on prior interpretations of the CFAA by the DOJ the tweet would have been "using a computer that "is used by the Government"". What sort of interpretations have they used that would make this seem plausible? If it was an ex-employee I very much doubt they would have had physical access to a government computer. I guess they could say that Twitters servers are "technically" used by the government and there for the first condition is fulfilled. That seems very dubious to me. But who knows what sort of backwards logic the government runs on. So if you have examples of this please feel free to chime in.

    reply to this | link to this | view in chronology ]

  • icon
    Kathy (profile), 27 Jan 2017 @ 10:34am

    Maybe not

    As someone mentioned in a previous comment. If you carefully read the wording of the Tweet, the following is a POSSIBLE scenario.

    The person was an employee (and authorized) when they tweeted. Then they got fired. And then the tweets were deleted. And then the Tweet which says they are an ex-employee who is not currently authorized.

    Somehow, I don't think they would have included the "currently" in the Tweet if the person had never been authorized. So the question is what is the timing.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jan 2017 @ 11:05am

    Is it possible that the tweet about the global warming is really the meat and potatoes here and not the CFAA?

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.