One of the challenges the US government faces is to successfully try someone using the Espionage Act of 1917. There have been few successful convictions in such cases: though not none as is sometimes erroneously reported. In 1919, the US Supreme Court ruled that the Espionage Act did not contravene the First Amendment to the US Constitution (which prohibits the making of any law which infringes freedom of the press or freedom of speech, amongst other things).
The leaking of classified material into the public domain is clearly an offence under the Espionage Act (and ways to prevent this from a technology and process perspective were covered in Excelgate’s previous article WikiLeaks: Is There a Silver Bullet?). The law clearly was never designed for the Internet age. There remain loopholes in the law, concerning the re-publication of already leaked material. This has been recognised in the US Congress: with Senators proposing a new SHIELD Act which will specifically target those publishing already leaked material. Amongst the aims of the new Act is to “make it illegal to publish the names of U.S. military and intelligence informants.” The debate now rages in the US as to whether or not such an Act would curtail freedom of the press and thus be deemed unconstitutional.
In the UK things are more clear-cut concerning the issue of publication of already leaked classified material. The Official Secrets Act was revised in 1989, repealing the “public interest” defence from the former act of 1911. In addition, in section 5, it makes for provisions that potentially allow for prosecution of newspapers or journalists who publish secret information leaked to them by a Crown servant or government contractor, in contravention of any section of the act. This would include (under section 3) the disclosure of information concerning international relations. This does however, only apply to UK citizens, or if the disclosure takes place in the UK, the Channel Islands or its overseas territories.
The UK is not immune, however, from laws which lag behind the realities of the technology of the 21st Century. Earlier this month, the UK Deputy Prime Minister, Nick Clegg, discussed changes to the UK’s libel laws, which currently work against scientists and others, who publish their findings online. There have been cases brought against UK citizens by foreign companies whereby the publishers’ ISPs are effectively told to remove the content and thus act as an intermediate judge and jury. The current UK libel laws have attracted much attention, with more than 50,000 backing the Libel Reform campaign. The US also passed a bill protecting its citizens from these laws, by decreeing that foreign libel laws are not enforceable in the US.
Once again the issue here is that technology has evolved so quickly that the law has not kept up. When the libel laws were drafted in the UK, written publications tended to be well-thought through, drafted and checked by their publishers and legal team prior to publication. Publications were limited to the national media: print, then radio, then television. Very rarely did John Smith’s opinions appear in print, and if it did it would have been checked by a team of editors.
In 1996, it was estimated that there were 30 million Web pages, located on 275,000 servers, as indexed by the Alta Vista search engine. In 2011, it is estimated that the World Wide Web now consists of 13.03 billion web pages, as of January, 2011. Prior to the World Wide Web, it was straightforward what constituted a reasonable case for defamation: a false statement made which damaged reputation. It was easy to prosecute too: no supporting evidence to back that claim. Discussions between scientists were unlikely to surface into the public domain, without prior checking by their publisher. What remained as a private discussion between two scientists remained so. With the proliferation of online blogging, this approach to publishing no longer occurs, and in some cases the current laws are abused. Emails too are also in some ways a dangerous form of communication: they tend to be the 21st century equivalent of a previously spoken discussion – sometimes flippant, and for some people, tend to reflect what they only would have spoken prior to the Internet. However, emails can be forwarded: opening the way for libel action.
As this article is being written, it is being reported that 5 men in the UK have been arrested in connection with allegedly participating in the Anonymous’ Denial of Service (DoS) attacks which were mounted against PayPal, Amazon and MasterCard, in support of WikiLeaks. In a DoS attack, a hacker, or group of hackers aim to bring down a website or service by flooding that site with traffic, so that the site is longer able to respond. Such attacks are illegal under both US and UK Law. In the UK, the Police and Justice Act of 2006 makes it illegal to engage in a DoS attack, with a maximum sentence of up to 10 years imprisonment. Part of the reason for that Act was that it was felt at that time that the Computer Misuse Act of 1990 had potentially a loophole which did not cover DoS attacks. Such attacks in the US are covered under the Computer Abuse and Fraud Act.
The interconnectivity of the Internet and the WikiLeaks issue both illustrate that it is impossible for one jurisdiction acting alone to deal with what is a global problem. As with the financial crisis, co-ordinated action worldwide is needed across governments and geographies to deal with this problem. Those who seek to engage in criminal damage to computer systems should feel the force of the law, irrespective of where the attack took place from. Perhaps 2011 is the year where governments worldwide need to think about how their current legislation reflects data publication and Internet usage and abuse? Policy, process, and procedures are all very well, but the law also needs to reflect the realities of the 21st century. As with the birth of the international electronic communications in the form of telegraphy, only when there is a global consensus will there be a way forward.