AP Sues FBI Over Impersonating An AP Reporter With A Fake AP Story
from the stop-impersonating-us dept
Last fall, we wrote about how the FBI had set up a fake AP news story in order to implant malware during an investigation. This came out deep in a document that had been released via a FOIA request by EFF, and first noticed by Chris Soghoian of the ACLU. The documents showed the FBI discussing how to install some malware, called a CIPAV (for Computer and Internet Protocol Address Verifier) by creating a fake news story:
In response to this, FBI director James Comey defended the practice, saying that it was legal "under Justice Department and FBI guidelines at the time" and, furthermore, that this bit of deception worked. Comey also said that while guidelines had changed, and such impersonation would require "higher-level approvals," it was still something the FBI could do.
The AP has now sued the FBI, along with the Reporters Committee on Freedom of the Press (RCFP) over its failure to reveal any more details about this effort following a FOIA request. For reasons that are beyond me, even though it's the AP filing the lawsuit and the AP writing about the lawsuit, reporter Michael Biesecker apparently doesn't think its readers can handle the actual filing, so they don't include it (this is bad journalism, folks). However, you can read the actual lawsuit here.
In short, the AP made a FOIA request for documents related to this specific case above, as well as "an accounting of the number of times" that the FBI "has impersonated media organizations or generated media-style material" to deliver malware. The FBI said it was working on it, and then bizarrely told the AP that the request was being "closed administratively" because it was being combined with someone else's FOIA request, which left the AP reasonably confused, since they had not initiated that request and had no idea who had.
In a letter from Mr. Hardy dated December 10, 2014, the FBI stated that, even though the request had yet to be fulfilled, the AP Request was unilaterally “being closed administratively,” because the “material responsive to your request will be processed in FOIA 1313504-0 as they share the same information.”When the AP asked the FBI for more info, it was told that "the estimated completion time for large requests is 649 days." And still refused to reveal who had sent in the other FOIA request. The AP filed a formal appeal, and a week ago was told that there was nothing to appeal because the FBI had not completed Request No. 1313504-0 (which, again, the AP had not actually sent in). Hence the lawsuit.
The combining of Mr. Satter’s request with Request No. 1313504-0 occurred despite the fact that Mr. Satter had not filed Request No. 1313504-0 and was given no information about the identity of the requester underlying FOIA Request No. 1313504-0.
The RCFP FOIA request received a somewhat more standard "no responsive records" response, to which the RCFP pointed out that the FBI was clearly lying, given that the earlier response (to the EFF FOIA, which kicked off this whole thing) showed that there was, in fact, such responsive results (I know this experience all too well).
And thus, both organizations are now suing to force the FBI to actually turn over the damn documents. Can't wait to find out all the national security reasons (or will they be redacted) for why the FBI won't respond, and why it combined the AP's FOIA request with some totally unknown party's.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: fbi, foia, impersonating, malware
Companies: ap, rcfp
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
I'm guessing
[ link to this | view in chronology ]
Causes for national-security redactions will be redacted for national-security causes.
[ link to this | view in chronology ]
Request filed by: James Comey
[ link to this | view in chronology ]
Re:
Request filed by: James Comey
Documents requested: All publicly releasable documents.
Documents found: No responsive documents.
[ link to this | view in chronology ]
Mr Paper Shredder
[ link to this | view in chronology ]
So the fact that it worked makes it perfectly ok?
By that logic it would be perfectly fine for someone to rob a bank to pay off their mortgage, just as long as it 'works'.
[ link to this | view in chronology ]
Re:
It was legal and it worked, not it was legal because it worked.
[ link to this | view in chronology ]
Do you really believe that law enforcement adheres to the law? Or tells the truth?
It was legal at the time? DOJ and FBI guidelines do not supercede the Constitution. SCOTUS ruled that law enforcement was permitted to lie under certain, limited circumstances. That does not mean that LEOs can lawfully lie to anyone and everyone (including SCOTUS) about everything.
That they get away with it merely demonstrates the power that law enforcement has developed and stolen over the past 35 years.
[ link to this | view in chronology ]
Re:
The government claimed both that it was legal and that it worked, they did not claim that it was legal because it worked. Is that better?
[ link to this | view in chronology ]
Valid defamation claim?
If the FBI goes around claiming they're the AP as part of an investigation, I'd think after a while AP would have trouble doing real reporting - sources would think the reporter might be a FBI agent.
This would seem to do real harm to AP's business. Something they should be able to claim compensation from.
[ link to this | view in chronology ]
Re: Valid defamation claim?
[ link to this | view in chronology ]
That link's destination...
Even if not quarantined sharp eyed readers would (or should) think that email a phishing attempt.
(For those who still haven't seen it: the news story is about a bomb threat or hostage situation but the link goes to webteensex?)
[ link to this | view in chronology ]
FOIA requestors hate him for this one trick!
FBI 2: Quick! Be sneaky and file another FOIA anonymously for the same report plus every other record that has the letter combination "FU" in it. That should keep it tied up for a while until everyone hopefully forgets about it.
[ link to this | view in chronology ]
Always wondered
Why does it take a TON of effort to get them to TELL US..
Why do they have to Erase so much in the effort..
I mean, that ITS NOT supposed to feel like we have the SS, and the Spanish inquisition in the middle of our country..
Does it??
[ link to this | view in chronology ]
In this reality most People seem to go "meh I don't care as it does affect me". I am pretty sure we all know that ultimately leads to Godwyn's law when society stops caring about those entrusted with the laws that protect it keep breaking them while murdering anyone that does break the exact same laws.
[ link to this | view in chronology ]
The spirit of Godwin's law
This isn't the first time that someone on Techdirt has been haunted by the terrible realization that it can happen here.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Can someone please explain to me how opening a draft of a story deploys malware?
I would hope that in this day and age, no email program on the planet actually executes EXE attachments anymore. Especially considering that among the general population, probably about 99.99% of them use a web-based email.
Did they send him a file in MS Word format (because naturally every single person on the planet has Word!) with malware attached to it? If so, how does that work? Does Word load a file and think "Hmm, text, OK, I'll display that. Some images, yup I'll show those. Oh hey, here's some code that is completely unnecessary for my job of writing documents, but I'll just run it anyway!"?
Maybe I'm biased since I don't use Word and every program that I use would treat executable code in a data file as corrupt data and ignore it. Or at worst it would try to render it and crash. And if someone were going to send me a draft of an article they were working on, I'd tell them to send it to me in plain text because I don't have Word.
Did they somehow craft an executable file that magically manages to guess which icon his system gives to documents, and that when clicked, installs the malware and then magically guesses which program on his system it should load to mimic the results of clicking on a pure data file? I'm sure that would be super easy, especially considering that different versions of Windows and Word use different icons for the same types of files...
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Obvious
[ link to this | view in chronology ]
[ link to this | view in chronology ]