Slate Articles

Is Obama Coming Back From the Dark Side on Privacy?

Ryan Gallagher — Thu, 23 May 2013 22:10:32 GMT

President Obama’s Thursday speech has been widely billed as a drones address, but his remarks briefly touched on a couple of important issues involving privacy and surveillance. He seemingly acknowledged that his administration has come down too often on the side of secrecy over transparency, and of excessive security over liberty.

In the speech, delivered at the National Defense University in Washington, D.C., Obama appeared to directly support the FBI’s contentious proposal for enhanced Internet snooping powers. He said that it was necessary to review “the authorities of law enforcement, so we can intercept new types of communication.” He added, however, that it would be necessary at the same time to “build in privacy protections to prevent abuse"—in an apparent attempt to quell civil liberties advocates’ fears about the scope of the authorities’ powers.

Later, Obama indirectly addressed the recent revelations about the Justice Department’s spying on journalists as part of aggressive leak probes. He took a swipe at the DoJ, saying that he was “troubled by the possibility that leak investigations may chill the investigative journalism that holds government accountable” and that “journalists should not be at legal risk for doing their jobs." He went on to acknowledge that “expanded surveillance” in the aftermath of 9/11 had “raised difficult questions about the balance we strike between our interests in security and our values of privacy,” adding that some counter-terror tactics “compromised our basic values.”

Obama seemed to try to return to the values he had claimed to champion prior to his coming to power—and his speech was certainly long overdue. Back in 2006, before becoming president, Obama strongly criticized the Bush administration’s so-called warrantless wiretapping program as “accountable to no one and no law” and blasted Bush for what he viewed as “unbounded authority without any checks or balances.” But just a few years later, these same criticisms have been repeatedly leveled at Obama due to his own administration’s use (and occasional threats of using) state secrets privilege on surveillance and drone strikes. On Thursday the president tried to show that he is listening to his critics. His challenge now will be to match his words with meaningful action.

The Real Reason Gamers Should Rage About the New Xbox

Ryan Vogt — Thu, 23 May 2013 17:06:30 GMT

Usually, I have to wait until new video game systems hit the stores to be irritated by them. But I’m already annoyed by Sony’s PlayStation 4, which was unveiled earlier this year, and Microsoft’s Xbox One, which debuted Tuesday.

I mean, sure, both consoles offer some things to be excited about. My Slate colleague Farhad Manjoo calls the Xbox One “Steve Jobs’ dream device,” the unit that unites gaming, the Internet, and live TV, still the national pastime. Most impressively, the Xbox One’s voice-recognition capabilities render obsolete the game controller—and even the TV remote. Just as enticing is the One’s built-in camera system, with imaging capabilities so advanced, Xbox will know your heart rate just by looking at you.

It all sounds pretty good. But in Internet dens, another story is being told. Self-dubbed hard-core gamers are feverish with rage that Microsoft and Sony are finally doing something about the used-games market that’s been eating their lunch for years. Sony may block used games from the PS4 entirely, and Microsoft is planning to charge an as-yet-undetermined fee to play them. And who wants to pay a surcharge on top of GameStop’s already-outrageous near-retail prices?

On this point, at least the nerd rage is misdirected. Used games are heading for obsolescence no matter what. People are increasingly downloading games straight to their consoles, skipping the trip to the store.

Instead, let’s direct our collective fury at two things that won’t be moot in the immediate future. Indefensible move No. 1: Neither the PS4 nor the Xbox One has backward compatibility with the games of its immediate ancestors (PlayStation 3 and Xbox 360, respectively)—not even digital purchases made through the PlayStation Network and Xbox Live. Asked about backward compatibility in a Yahoo Live chat on Wednesday, Microsoft honcho Major Nelson said Xbox 360 discs won’t work in the Xbox One because “[g]ames are architected to take full advantage of the state of the art processors and infinite power of the cloud.” Awful corporatespeak aside, he’s a little bit right. The Wii U doesn’t have a slot for Nintendo Entertainment System cartridges. But I thought online services like the PlayStation Network existed in large part so we wouldn’t have to say goodbye to old games. I thought that once I had a dedicated account with Microsoft or Sony, with a username and password tied to my credit card, my purchases would be forever. But no. Tech heads can give me all kinds of excuses about how it would require superhuman feats of programming to make Chrono Cross, a PlayStation One masterpiece that worked great when I downloaded it onto my PlayStation 3, function on the PS4. It might even be true. But from a consumer standpoint, Microsoft and Sony telling me my digital games can’t be played on their new systems is like Apple telling me that the iPhone 6 will be too advanced to play my MP3s.

Sony says that it is oh-so-generously looking into ways to let us use the products we bought from its own store. Maybe that will even happen. But no matter what, Microsoft and Sony hope we’ll repurchase favorite games, like how I bought my digital version of Chrono Cross because my discs were so scratched up. My digital copy isn’t shredded, though, so there’s no way I’m buying this game a third time. But that seems to be where the entire industry is headed: Witness Nintendo’s outrageous requirement that Wii U owners cough up extra money to play “Wii U-optimized” versions of games they already bought on the original Wii’s Virtual Console.

The Xbox One is making some pretty seductive promises: It will let you play games while Skypeing, watching the NFL, and tracking your fantasy football team, all at once, and all by simple voice command. But it’s a trap! Microsoft is likely to require a $50-a-year Xbox Live Gold subscription for these cool new features. No big surprise: Microsoft already requires an Xbox Live Gold subscription to watch Netflix or Hulu on your Xbox 360. That’s right: a subscription to access your subscriptions.

Visions of executives rubbing their hands together have dashed my excitement for the next generation of game consoles. But it’s no use crying over used-games milk. It’s time for us to realize that our childhood dreamweavers have betrayed us, and we shouldn’t reward them for it. Don’t wait in line at midnight for the next big thing—instead, take a look at the $99, Kickstarted Ouya, a new system with an old-school ethos that promises not to pull all the stunts that the big boys do. And until Sony and Microsoft honor our digital purchases, I’m sticking with my Xbox 360, which still runs the download-only gem Spelunky, and my trusty PS3, where Chrono Cross can soothe my own nerd rage.

Government Plan to Build "Back Doors" for Online Surveillance Could Create Dangerous Vulnerabilities

Brian Duggan — Thu, 23 May 2013 13:17:00 GMT

Recently, the FBI has been attacking the “going dark” problem—that is, its inability to read all electronic communications—from both legal and technological angles. It wants to be able to fine communications companies for refusing to comply with subpoena requests for the content of customers’ emails and chats. It’s also trying to create ways of decrypting any communication sent via a Web service, like Gmail messages Facebook chats, or Twitter direct messages. It believes it can work with companies to build secure methods for lawfully intercepting communications on the Web.

But a report released last week by the Center for Democracy and Technology and some of the top names in computer security points out that building so-called "back doors" in to these Web services will also increase the risk that bad actors will gain access to the communications content of all users of these services. Creating a back door in software is like creating a lock to which multiple people hold the keys. The more people who have a key, the higher the likelihood that one will get lost. But this is precisely the power that would be granted by proposed extensions to the Communications Assistance for Law Enforcement Act (CALEA II).

Even the most trustworthy and reputable organizations can’t live up to the required level of vigilance to keep software keys safe. Take the National Institute of Standards and Technology, which the government designated as a key holder for the “Clipper chip,” a backdoor system for monitoring telephones. Key holders would distribute keys to wiretap individual phones to law enforcement if they could provide proper legal justification. (It's not clear that NIST ever actually became the key holder, but the designation demonstrates the government's trust in the organization's security.) In the 1990s, NIST heavily lobbied for the adoption of key escrow methods of enabling lawful interception. Recently, NIST fell prey to a malware attack that could have leaked sensitive information. Ironically, the intrusion forced NIST to temporarily restrict the availability of a computer security vulnerability database that it maintains.

Keys aside, there will be plenty of other opportunities for hackers to poke holes in the security of a system with a back door. Secure communication channels in software are incredibly difficult to implement. Indeed, the security software mechanisms everyday Web users trust to secure email, insurance transactions, banking information, and so on are riddled with vulnerabilities that can be exploited. By adding additional avenues for law enforcement to access those channels, you automatically increase the number of vulnerabilities.

The government has already demonstrated that it can’t really be trusted to design secure back doors. The aforementioned "Clipper chip," which was designed by the NSA in 1993, was a primitive and flawed attempt to create a way secure telephone conversations—and also allow government eavesdropping. If both callers used a special phone, anyone with a wiretap on either end of the call would hear garbled noise, unless the key for lawful intercept by authorities was used. Despite engineering by some of the most talented mathematicians and computer scientists in the world, Matt Blaze, then an AT&T engineer, soon found flaws in the design that allowed hackers to permanently disable the chip's lawful intercept capabilities—so the calls could take place, but government couldn’t eavesdrop. And since the voice-garbling encryption technology was built into the phone electronics, it was nearly impossible to patch the flaw. It’s been 20 years since NSA engineers designed the Clipper chip, but in the interim, implementing secure systems has only gotten more difficult, and the threats to those systems vastly more pervasive. As Timothy B. Lee notes on the Washington Post’s Wonkblog , “This is more than a hypothetical concern. In 2005, the Greek government discovered that an unknown party was intercepting the phone conversations of Prime Minister Kostas Karamanlis and dozens of other senior officials in the Greek government.”

In the end, the risks that come with intentionally creating back doors are too high to balance out an unknown increase in public safety that the practice would provide. The engineering expertise to design these kinds of locks simply does not exist, and it will be impossible to ensure the keys won't fall into the wrong hands. Policymakers shouldn’t waste any more time even talking about the proposal. The FBI has subpoenas, warrants, and National Security Letters to get email; pen registers, traditional wiretaps, and cell phone eavesdropping tools to get telephone data; and all of the powers set forth in the original CALEA to monitor most Internet communications. As the CDT report puts it, “The FBI’s desire to expand CALEA mandates amounts to developing for our adversaries capabilities that they may not have the competence, access, or resources to develop on their own.”

Tesla, the Anti-Solyndra, Just Repaid Its Government Loans Nine Years Early

Will Oremus — Wed, 22 May 2013 22:36:00 GMT

It's official: Tesla is the anti-Solyndra.

The Silicon Valley electric-car startup has often been lumped in with "losers" like Solyndra and Fisker when Fox News commentators and Republican presidential candidates criticize President Obama's green-energy subsidies. This has always been absurd, and maybe now it can finally be put to rest.

Today, Tesla wired the U.S. government some $452 million dollars, using a portion of the $1 billion it just raised on the debt and equity markets. That means that it has paid back its 2010 Department of Energy loan in full, with interest, nine years early.

The highly publicized failures of DoE loan and grant recipients such as Solyndra and Ener1 have lent Obama's green-energy programs a toxic tinge, especially among fiscal conservatives. Those bad bets have always been outnumbered by the good ones. But now, for the first time, the administration has a success story whose hype matches that of the busts. And it isn't just this administration. People often forget that the loan program actually started under George W. Bush.

The government's profits from Tesla's success—about $12 million—don't cover its losses it incurred from the loan recipients that failed. But that was never the point. The reason the Department of Energy was making these investments was to kickstart a fresh, promising, and environmentally responsible sector of the economy, not to reap a cash windfall.

As far as I can tell, there's no financial or legal reason that Tesla had to pay back this money so far in advance of the due date. Rather, the lump-sum payback is a symbolic act on the part of the company's brash CEO, Elon Musk. Bloomberg's Alan Ohnsman wrote that Musk is channeling Lee Iacocca, who made an early repayment of government loans as Chrysler CEO 30 years ago. From what I know of Musk, it might be more accurate to say he’s one-upping Iacocca, paying back his loans nine years early to Iacocca’s seven.

Then again, the situations are different. Chrysler was struggling to stay solvent, while Tesla has been on an upward trajectory from its inception in 2003. It might well have succeeded without any help from the government. Even so, the federal government deserves credit for its supporting role in one of the great American business success stories of the 21^st century so far—one that may be remembered long after Solyndra is forgotten.

Facebook to "Shed Spotlight" on Government Surveillance, Still Won't Publish Transparency Reports

Ryan Gallagher — Wed, 22 May 2013 22:20:07 GMT

Facebook is usually seen as more villain than hero when it comes to surveillance and privacy. But the social networking giant is attempting to shake off its Big Brother image.

In an announcement Wednesday, Facebook committed to expanding its human rights work—vowing to help expose excessive government snooping and censorship. The company said it was signing up to the Global Network Initiative, a Washington, D.C.-based organization that is dedicated to advancing freedom of expression and privacy rights, particularly focused on information technology companies that handle private data and communications. Other companies involved in the GNI include Google, Microsoft, and Yahoo, and they work alongside activists and academics.

By signing up to participate in the GNI, Facebook agrees to independent assessment on its adherence to a series of human rights principles and guidelines. The company said in a statement that it would, as part of its work with the GNI, help “shed a spotlight on government practices that restrict expression and seek over broad requests for user data,” and also detailed a few other steps it says it plans to take to further human rights, such as increasing funding for an awards program that has handed out funding for people with ideas to help counter and circumvent online surveillance and censorship.

In recent years, Facebook has been criticized on many occasions for its policies on data protection and privacy. (WikiLeaks founder Julian Assange branded it an “appalling spy machine” in 2011.) By joining the GNI, the California-based company may be attempting to change the perception that it is in cahoots with the government—but Zuckerberg and co. still have some convincing to do.

Unlike Google, Twitter, and most recently Microsoft, Facebook has failed to embrace the practice of releasing transparency reports that reveal the extent of government attempts to remove content from the Web or grab users’ private data. And that shows little sign of changing soon, despite Facebook’s new pledge to shed light on “overbroad requests for user data” as part of its work with the GNI. On Wednesday, while he was on a panel at an Internet freedom conference in Stockholm, Matt Perault, Facebook’s public policy manager, declined to commit to releasing transparency reports. He said only that it was an “ongoing conversation within the company” and questioned whether the reports were “the most useful way to highlight” censorship and surveillance. Eric King of rights group Privacy International responded by asking Perault what would be a better way to highlight these issues than though transparency reports. But Perault floundered—he didn’t have an answer.

Finally, a Half-Decent Way to Keep Your Twitter Account From Getting Hacked

Will Oremus — Wed, 22 May 2013 21:19:30 GMT

Twitter announced today that it is rolling out “login verification,” a.k.a. two-factor authentication. It’s a password-security measure that people have been clamoring for, especially given the recent wave of Twitter-account hijackings by the Syrian Electronic Army.

That’s bad news for celebrities who want plausible deniability when they tweet embarrassing things. But it’s good news for the average user, because it means that your Twitter account should be safe even if someone manages to steal your password. Once you’ve turned on login verification, signing into Twitter will require not only your password but also a code that will be sent to your phone via text message. That means password thieves will be stymied, unless they’ve somehow gotten hold of your phone, too.

The system isn’t perfect, though. As TechCrunch’s Josh Constine points out, it doesn’t yet work with mobile apps. And for now Twitter allows only one phone number per account, which is inconvenient for big organizations that need to give multiple employees access to their Twitter feeds. Finally, as my colleague Farhad Manjoo noted, you have to have a working cellphone signal in order to receive the text message, which is not the case with more advanced services like Google Authenticator.

So why doesn’t Twitter just use Google Authenticator instead? “We wanted to build this as part of the Twitter architecture,” spokesman Jim Prosser told me, because the engineering work that Twitter put into the login-verification feature will allow it to add more security measures in the future.

Login verification is being rolled out to Twitter users throughout the day. To turn it on, visit your account settings page and check the box that says, “Require a verification code when I sign in.” If you need help, consult the video below.

Then do yourself a favor and enable two-factor authentication for your email and Facebook accounts, too. PCWorld has a good primer on how to do that for the most popular services.

One last note: It's always prudent make these types of account changes by visiting the relevant website directly from within your browser, not by clicking a link in an email. Scammers are often quick to capitalize on security news like this by sending out bogus messages telling people to “click here” in order to change their password. Don’t do it, or you might end up like The Onion.

Amazon Plans Wild New Office Building in Downtown Seattle

Will Oremus — Wed, 22 May 2013 17:07:38 GMT

At a Seattle city meeting Tuesday night, Amazon presented plans for a futuristic, greenhouse-like sphere of a building in the middle of its new Seattle campus. According to the proposal, the five-story, tri-domed structure will be large enough to accommodate mature trees, allowing employees to “work and socialize in a more natural, park-like setting.” From the plans:

In addition to a variety of workplace environments, the facility will incorporate dining, meeting and lounge spaces, as well as a variety of botanical zones modeled on montane ecologies found around the globe.

Here’s what it will look like:

No doubt the suits (and hoodies) at Amazon’s headquarters will be thrilled if the plans are approved. Meanwhile, the company's warehouse workers will continue to sweat their days away in, let's say, slightly less Eden-like environs:

The Future of Food Is Here, and It’s Pizza

Jason Bittel — Wed, 22 May 2013 15:01:55 GMT

There’s a lot of talk these days about making a manned run at Mars (and the gerbils who are helping us get there). But even if we learn to survive 30 years in a space ship, what will we eat along the way? The answer, of course, is pizza—long lasting, self-assembling, 3-D printed pizza.

And if it’s not ready in 30 minutes or less, well, you’ll just wait, won’t you? Because in space, no one can hear you whine.

NASA has awarded a $125,000 grant to Systems & Materials Research Corp. to develop the 3-D printed pies. “Long distance space travel requires 15-plus years of shelf life,” Anjan Contractor told Quartz. “The way we are working on it is, all the carbs, proteins and macro and micro nutrients are in powder form. We take moisture out, and in that form it will last maybe 30 years.”

Obviously, pizza makes a good candidate for 3-D printing because it’s nothing if not a layered mess of calories. The proposed printer will be able to assemble different food items from cartridges of basic ingredient powders. With pizza, imagine a slurry of compounds whisked together to make dough, which is then printed onto a hot plate to cook. Next would come a layer of sauce that combines tomato concentrate, oil, and water. The Quartz piece by Christopher Mims makes no mention of cheese. Instead, he says the “pizza” is topped with some ominous concoction known only as the “protein layer.”

Did you hear that? That’s the sound of 78,000 volunteers withdrawing their applications for the one-way trip to Mars. But at least astronauts have bathrooms now.

Unfortunately—or fortunately, depending on your perspective—3-D printed food may one day be the norm here on Earth. As the world’s population rises and we struggle to feed the billions, Contractor and his team believe their work could conserve valuable resources. Hypothetically, 3-D printed food could also be tailored to the nutritional needs of each individual—like a pregnant woman or an elderly man. And an organization in the Netherlands is already imagining ways to 3-D print food using more sustainable sources such as algae, beet leaves, and insects.

Only one thing is certain: If the project remains open-source as Contractor intends, someone will perfect bacon cartridges long before the food apocalypse. Which means that while everyone is fighting over 3-D printing technology that can build a gun, what we should be worried about is the 3-D printing technology that can build this.

Steve Jobs’ Dream Device Has Arrived

Farhad Manjoo — Tue, 21 May 2013 22:59:00 GMT

Just before he died, Steve Jobs told his biographer Walter Isaacson about his dream for revolutionizing television. His fantasy device would control all the many doodads that crowd your living room—DVRs, game consoles, Blu-ray players—and would connect to the vast world of entertainment available online. Best of all, it would be drop-dead simple to control—no more futzing with the Input button to switch between different kinds of content, no more fiddling with different remotes to control your devices. “It will have the simplest user interface you could imagine,” Jobs said. “I finally cracked it.”

Today, I saw something very close to Steve Jobs’ dream device. Just like he envisioned, this machine turns itself into the hub of your living room. It plays video games, Blu-ray discs, TV shows, and everything you could possibly want from the Internet. It switches between this stuff seamlessly—you can forget about the Input button. And it does indeed have the simplest user interface imaginable, an eerily accurate voice recognition system that is far more intuitive than a remote control. Want to watch MTV? Want to see what’s on HBO? Want to switch between TV and a Blu-ray? Just tell it what to do, and it will respond instantly.

Before you say anything, though, you’ve got to say its name: Xbox.

That’s right: In a new device it’s calling the Xbox One, Microsoft has done what Apple has long been rumored to do. It has created a near-perfect living room machine, one that has the potential to finally make it simple for you to watch or play anything you want, from anywhere, very quickly. Here’s how it works: Go to your TV and say, “Xbox on.” Your TV and Xbox turn on immediately, with no pause for booting up or logging in. You’re presented with a menu—it looks very much like the Windows 8 home screen—featuring apps, games, and other stuff you’ve recently interacted with. Now go to town. Say, “Watch CNN.” Your TV goes to the channel instantly. Say, “Xbox game,” and the device switches to the game you were playing. Say “Snap Skype” and the One brings up Skype in a panel to the side of your screen. Now tell it to call your mom. The One can also add its own elements on top of a TV broadcast—for instance, it can show your fantasy football stats as you’re watching an NFL game.

What’s remarkable about this is how quickly the device switches from input to input—going from TV to a Netflix show is as quick as changing the channel on your TV, and it happens with natural language commands.

In addition to letting you watch and play, the One also connects to social networks and lets you browse the Web (which you’d never want to do on your TV, but I suppose it looks cool in a demo). While it’s not very attractive—it’s got a boxy, early-VCR aesthetic—it does solve some of the persistent problems with using a video game system as a set-top box. Unlike its predecessor, the Xbox 360, Microsoft says the One is nearly silent, and it turns itself and your TV on instantly, with a single voice command.

Still, while Microsoft’s launch event was impressively bombastic, it left many questions unanswered. The company showed a flawless live demo onstage—the One never misinterpreted a spoken command—but I didn’t get an up-close look at a working device. (Microsoft promised to reveal more at the E3 video game conference next month.) The company was also cagey about how the One will interact with your crappy cable box. Unlike in Jobs’ perfect system, the Xbox One won’t replace your box. It will let you switch channels by voice, and it will be able to layer its own content on top of what’s on TV. But as the Verge’s Nilay Patel points out, the One likely won’t act as a DVR that saves TV shows to its drive, and you will still likely have to interact with your set-top box’s clunky user interface.

There are also a couple of aspects of the Xbox One that gamers won’t like. First, the device won’t play Xbox 360 games, so if you want to go back to those titles, you’ll still have to keep that console around—in which case the One really isn’t the all-in-one system it promises to be. (The company says it couldn’t maintain backward compatibility because the new system has a different processing “architecture.”) Also, when you put a new game into the One, the game is automatically installed on your hard drive, meaning that you don’t have to keep inserting the disc when you want to play. This sounds nice, but there’s one catch: If you want to install the game on another Xbox One—that is, if you sell your game—you’ll have to pay a fee to do so, as Microsoft told Wired in a statement. (The company didn’t specify the fee, and it didn’t say whether you could play the used game from the disc without “installing” it to the One’s hard drive.) On the other hand, Microsoft did quash rumors that the One would need a constant connection to the Internet—you can play single-player games without connecting, it says.

More unknowns: the One’s price and release date. Microsoft said the One would come out “later this year,” though I’m guessing that doesn’t mean tomorrow. It gave no hint on pricing. When it released the Xbox 360 in 2005, that device started at $299, and it now sells for as little as $179.

I suspect the company won’t charge more than $399 for it. Indeed, I think it’d be crazy if it does. That’s because Microsoft’s best chance at making the One a truly perfect living-room device is to sell a whole lot of them very quickly. If it achieves this ubiquity, it could encourage cable and satellite companies to create apps for the Xbox. These apps would essentially turn your cable box into software that lives on your Xbox—you’d be able to get your recorded shows, on-demand content, and maybe even live TV without interacting with a physical device from your cable or satellite provider. (Last year, Comcast created just such an app for the Xbox 360; if the Xbox One gains a huge market share, other cable providers might decide to jump in, too.)

The other reason I’m hoping for a low price is that Microsoft needs to make the most of its head start. The One isn’t perfect, but it might be the closest thing we’ve seen, so far, to the living-room computer of our dreams. Microsoft needs to get it out to as many people as possible before Apple and Google create similar devices. There’s Sony, too, whose upcoming PlayStation 4 is staking out a similar gaming-plus-media-device niche—though Sony’s device looks far less intuitive than Microsoft’s. (Nintendo, meanwhile, looks out of the game at this point; its Wii U has been a flop.) What’s more, the opportunity is huge. Americans watch TV more often than they do nearly anything else, and when they’re not watching TV, they’re often playing games. The Xbox One is the first device I’ve seen to bridge these two activities in a way that isn’t clunky. If Microsoft can own that overall experience, the giant of the American tech scene could reawaken.

Journalists Find Massive Data Security Lapse, Get Threats Instead of Thanks

Ryan Gallagher — Tue, 21 May 2013 21:02:19 GMT

A “thank you” might be in order if you find a massive leak of a company’s sensitive customer records on the Internet and raise alarm so the problem can be fixed. But that’s not how it always goes down, as a team of investigative reporters for the Scripps News Service recently found out the hard way.

In a recent report, the Scripps journalists say they found through a basic Google search a gaping security hole exposing more than 170,000 records related to customers of and applicants for Lifeline, the federal program for low-income Americans that offers a discounted phone service. The information, involving people from at least 26 states, included Social Security numbers, scans of passports, driver’s licences, parole letters, food-stamp cards, tax records, home addresses, and financial accounts. Scripps reports that the records were “widely available online this spring after being collected for two phone carriers participating in the program: Oklahoma City-based TerraCom Inc. and its affiliate, YourTel America Inc.” A Scripps reporter first uncovered the records while searching for PDF files attached to the TerraCom website.

The data leak appears to have put hundreds of Lifeline customers at serious risk of identity theft and may constitute a violation of privacy and data protection laws. (Indiana’s attorney general is already reportedly probing the breach, and the FCC has commented that a single privacy violation could cost a company as much as $1.5 million.) Scripps says it notified the companies of the security hole and “within hours, [the records] no longer were publicly accessible.” But instead of thanking the journalists for flagging up the issue, Jonathan Lee, legal counsel for TerraCom and YourTel, sent an angry and threatening letter to Scripps, referring to “Scripps hackers” and accusing the reporters of “numerous violations of the Computer Fraud and Abuse Act.” In one bizarre passage, Lee even claims that it is Scripps, not the companies responsible for the data leak in the first place, that should expect to pay any fines:

Because the Scripps Hackers have put the Companies in the position of having to incur the costs of potentially complying with more than 20 state data breach notification laws, the Companies are likely to look to Scripps to reimburse them for those costs.

David Giles, Scripps’ deputy general counsel, responded to the accusation that the reporters “hacked” the information by calling on the companies to stop the “name calling and the legal posturing” and instead address the “apparent careless security practices” raised by the story. “Regardless of the flowery moniker you have used to characterize the bureau's newsgathering activities, the bureau's reporters have not violated the Computer Fraud and Abuse Act or any other law or regulation,” Giles wrote in a letter sent to TerraCom and YourTel’s lawyers earlier this month.

The Scripps case bears some resemblance to a separate similar incident involving Andrew “weev” Auernheimer, who was sentenced in March to 41 months in prison after he found a security flaw in AT&T’s public website and used it to harvest the email addresses of over 114,000 iPad users. Auernheimer passed the data to Gawker, and he was subsequently prosecuted under the Computer Fraud and Abuse Act. The feds accused Auernheimer of exploiting the security hole for personal gain to promote his security company. But Auernheimer’s supporters argue that his conviction illustrates the need to reform the “vague language, broad sweep, and heavy penalties” of the CFAA, which was also used in the controversial prosecution of Internet freedom activist Aaron Swartz, who committed suicide in January.

In an emailed statement Tuesday afternoon, Dale Schmick, CEO of TerraCom and YourTel, said the companies were in “ongoing discussions” with federal and state regulators and law enforcement regarding the incident. Schmick claimed that only a portion of the records—involving 270 Lifeline applicants—had been available through Internet searches and alleged that the Scripps reporters used “sophisticated computer techniques” to download some of the information.

Giles, Scripps’ deputy counsel, said in a letter that the search revealing the security hole “required no special skill and in no way ‘hacked’ or illegally accessed any server or database operated by TerraCom or any other company.”