The FBI is ramping up its efforts to find out who leaked information about the Stuxnet worm used to attack Iranian nuclear facilities in 2010, and that has reignited debate over whether the Obama administration's aggressive pursuit of those who leak classified information is trampling privacy rights.
U.S. Attorney General Eric Holder announced a criminal probe last June, shortly after a lengthy article by The New York Times' chief Washington correspondent, David Sanger, reported that anonymous, high-level sources in the Obama administration had told him that the U.S. and Israeli governments had used the Stuxnet worm to attack centrifuges at Iran's Natanz nuclear plant.
But the intensity of that probe has increased in recent weeks, the Washington Post reported. Jody Westby, CEO of Global Cyber Risk and a consultant on privacy, said that is a good thing.
"The Times' report on Stuxnet was shocking because of the quotes being attributed to officials from what had to be high levels of government," she said. "It was clear the article was revealing information that was surely classified. The people who provided this information have put us at risk. The DoJ (Department of Justice) inquiry is appropriate."
But Glenn Greenwald, writing in The Guardian this past Sunday, argued that one of the last remaining ways for citizens to hold the government accountable for misconduct is through unauthorized leaks. "That is why the Obama administration is waging an unprecedented war against it -- a war that continually escalates -- and it is why it is so threatening," he wrote.
"Virtually every significant revelation of the bad acts of the U.S. government over the last decade [came from leaks,]" he said, including the Bush administration's use of waterboarding and the National Security Agency's (NSA) eavesdropping on Americans without the warrants required by the criminal law.
"Silencing government sources is the key to disabling investigative journalism and a free press," Greenwald wrote.
He and a number of others contend it is those who expose misconduct who are punished, instead of those guilty of the misconduct itself. Their most recent example is former CIA officer John Kiriakou, who was recently sentenced to 30 months in prison, in connection with CIA policies on waterboarding because he spoke publicly about it, while none of those who actually did it were sanctioned or punished.
Another major element of the debate is over the government's surveillance powers. Finn, writing in the Post, said the FBI and prosecutors have "interviewed several current and former senior government officials in connection with the disclosures, sometimes confronting them with evidence of contact with journalists, according to people familiar with the probe."
"Investigators, they said, have conducted extensive analysis of the email accounts and phone records of current and former government officials in a search for links to journalists," he wrote.
The government does not need a warrant to look at government emails and phone records on government-issued devices. But, once it has any evidence of contact between a suspect and a journalist, it can then obtain a warrant to examine private email, phone and text records.
Gen. David H. Petraeus knows all about that. He resigned as CIA director after the FBI discovered emails in what he thought was an anonymous account, which implicated him in an extramarital affair.
Critics of the administration's tactics also contend that its investigation and prosecution of leaks is highly selective. They say the administration is a world-class leaker when it serves its interests.
"[The Obama administration] is a prolific exploiter of exactly those kinds of leaks -- when they can be used to propagandize the citizenry to glorify the president's image as a tough guy, advance his political goals or produce a multi-million-dollar Hollywood film about his greatest conquest ("Zero Dark Thirty," about the killing of Osama bin Laden)," The Guardian's Greenwald wrote.
While Westby supports the investigation into the Stuxnet leak, she says that today's technology means there are risks to individual privacy, partially because the Electronic Communications Privacy Act (ECPA) "is very convoluted."
"If people want to ensure their constitutional rights are upheld against unlawful search and seizure and freedom of the press, they need to download all email into their laptop or servers and be sure it is deleted from all ISP servers," she said. Then it becomes a matter of search and seizure and probable cause and requires a court order."
"This is why reporters should never use Gmail or other email services that may, through their lengthy and also convoluted terms of service, say they can keep a copy for whatever purpose they want," she said.
Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.
Join the Computerworld LinkedIn Group. This group is open to IT Leaders, MIS & IT Managers, Network & Infrastructure Managers who share insights, discuss challenges & wins and keep abreast of cutting edge technologies.