Should the FBI be permitted to impersonate the news media in order to nab criminals?
That is the question being raised after an American Civil Liberties Union analyst reviewed documents showing that the FBI created a fictitious online news story in 2007 under the guise of The Seattle Times. The FBI hoped that the story would entice a teen bomb-threat suspect to click on the link, and as a result implant spyware (known as CIPAV software) on his computer.
The tactic worked––the story appeared in the suspect’s MySpace feed, which lead to the arrest and conviction of a 15-year-old who had been sending bomb threats to Timberline High School in Lacey, Washington. However, The Seattle Times was unaware that the FBI created the counterfeit URL, or that it was using the Times’ brand to implant spyware on the suspect’s computer.
In 2007, after Wired reported on evidence that the FBI was able to use “secret spyware” to track the source of emailed bomb threats against Timberline High School, the Electronic Freedom Foundation (EFF) submitted a Freedom of Information Act request for information on the technology. The documents EFF received discuss endpoint surveillance technology the FBI calls a “web bug” or a “Computer and Internet Protocol Address Verifier” (CIPAV), which appears to have been in use since at least 2001. The EFF published the documents on its website in 2011. It was not until recently that ACLU Technologist Christopher Soghoian noticed that the documents reveal the FBI’s use of a false news article. He published his findings on Twitter recently, claiming the tactic was “outrageous.” That prompted The Seattle Times to express its outrage and garner a response from the FBI.
The FBI maintains that its fake news article was justified. Frank Montoya Jr., the special agent in charge of the FBI in Seattle, defended the investigation and the technique. “Every effort we made in this investigation had the goal of preventing a tragic event like what happened at Marysville and Seattle Pacific University,” Montoya said. “We identified a specific subject of an investigation and used a technique that we deemed would be effective in preventing a possible act of violence in a school setting. Use of that type of technique happens in very rare circumstances and only when there is sufficient reason to believe it could be successful in resolving a threat,” he said.
Ayn Dietrich-Williams, the spokeswoman for the FBI-Seattle, pointed out that the bureau did not use a “real Seattle Times article, but material generated by the FBI in styles common in reporting and online media.” However, the FBI tactic still raises legal implications, specifically in the potentially illicit use of a trademark. Moreover, it can be argued that this tactic damaged the newspaper’s reputation and reduced the public’s trust in the authenticity of its articles. The documents indicate the Seattle FBI did obtain a search warrant to “deploy” the CIPAV software after receiving a public tip about the suspect. In seeking the warrant, the bureau said it would send a “communication” to the suspect’s computer, but the warrant does not say that “communication” would be a fake news story appearing to be published by The Seattle Times.
These actions brought harsh criticism from the newspaper. “We are outraged that the FBI, with the apparent assistance of the U.S. Attorney’s Office, misappropriated the name of The Seattle Times to secretly install spyware on the computer of a crime suspect,” said Seattle Times Editor Kathy Best. She stated, “Not only does that cross a line, it erases it.”