We Should All Step Back from Security Journalism

...While it’s not been key to my reporting for the last 18 months, much of my career as a journalist has involved reported pieces on legal and illegal hacking, activist and otherwise.
Part of Barrett Brown’s 63 month sentence, issued yesterday, is a 12 month sentence for a count of Accessory After the Fact, of the crime of hacking Stratfor. This sentence was enhanced by Brown’s posting a link in chat and possessing credit card data. This, and a broad pattern of misunderstanding and criminalizing normal behavior online, has lead me to feel that the situation for journalists and security researchers is murky and dangerous.

Barrett Brown crossed lines that journalists shouldn’t cross, and when he threatened the family of a man whom he hated, he crossed a line humans shouldn’t cross. But in holding that he had done something potentially criminally wrong in posting a link, the government has also crossed a line. They threatened a behavior basic to the operation of the net, by conflating pointing at data and examining it, with using that data for fraudulent purposes.

In seeking to punish people who find themselves in receipt of information such as credit card data, or perhaps hack logs and vulnerability information, with charges as if they’d broken in and gotten the information themselves, the government chills the basic techniques used every day to keep us safer and more informed.

As the legal system drifts further out of sync with reality, the danger slowly but surely grows. When many journalists working on national and commercial cyber and security issues, and just about everyone working in security is an unindicted felon, such indictments will drift into the area of political suppression and corporate backlash. This is a process well under way in the American system.