Barrett Brown sentencing: The U.S. government overreaction to hackers.

The Nerd Scare: How the U.S. Government Is Overreacting to Hackers and Journalists

The Nerd Scare: How the U.S. Government Is Overreacting to Hackers and Journalists

The citizen’s guide to the future.
Jan. 23 2015 4:12 PM
FROM SLATE, NEW AMERICA, AND ASU

Bad, Bad Barrett Brown 

The sentencing of someone who couldn’t hack his way out of a paper bag is the latest sign that we’re in the middle of a nerd scare. 

150123_FT_BarrettBrown
Barrett Brown isn’t a hacker, but he’s being punished like one.

Photo illustration by Lisa Larson-Walker. Photo by Theta00/Wikimedia Commons (http://commons.wikimedia.org/wiki/File:Barrett_Brown

Among both American and British law-enforcement communities, the temptation runs strong to treat hackers and hacktivists in simplistic terms. The public was offered a rare glimpse of this reductive tendency by a published cache of leaked NSA and GCHQ documents. In a presentation slide evaluating various uses of the anonymizing tool Tor, hacktivists like Anonymous are slotted firmly and unambiguously into the “bad” category—immediately adjacent to both pedophiles and criminals.

On Thursday, this moral binary was once again rehashed in a Dallas courthouse, when Judge Samuel Lindsay handed down a stiff sentence to journalist and rabble-rousing activist Barrett Brown. Brown had originally faced 17 charges and was convicted of three crimes: making threats against an FBI agent, obstruction of a search warrant, and assisting the Anonymous hackers who infiltrated and gutted Austin, Texas–based intelligence company Stratfor. (It must be said that the threats, delivered as a video tirade, were hyperbolic and preposterous but illegal.) Brown, who has already been behind bars for more than two years, received an additional 35 months in jail and a fine of nearly $1 million to be paid to Stratfor. The judge ruled that Brown “more than merely reported the hackers’ activities”—he helped organize them.

With Thursday’s sentencing, the state confirmed a notable new trend: the willingness to single out and prosecute not only politically motivated hackers, but also geeks and journalists who work closely with them—like Brown. He wasn’t a hacker, nor was he officially charged with hacking crimes. (His prosecution did not rely on the controversial Computer Fraud and Abuse Act, responsible most recently for ensnaring Aaron Swartz, a well-respected hacktivist who committed suicide.) Far from it. As an anthropologist who was embedded in Anonymous’ Internet Relay Chat channels for more than two years, I watched Brown lend a helping hand during many political operations initiated by the faceless collective. But it remained a running joke in Anonymous that Barrett could not “hack” himself out of a paper bag.

Advertisement

And yet, Barrett Brown is nonetheless the latest victim of what advocate and lawyer Gráinne O’Neill has dubbed “the nerd scare”: Over the past couple of years, scores of hackers have been arrested in a single, unprecedented, cohesive swoop—and largely in direct retaliation to politically motivated hacks, such as those organized by the collective Anonymous. These hacks are not about getting rich—they are digital direct action intended to increase transparency and to protest censorship and corruption.

Brown’s role in Anonymous was as an avid strategist and organizer. The creator of an online think tank and crowdsourced wiki called Project PM, Brown was particularly committed to exposing the growth and corruption of private security and intelligence firms like Stratfor. What private military contractors like Blackwater are to the U.S. military, private intelligence firms are to institutions like the National Security Agency. Edward Snowden worked for one such contractor. And Brown aimed to uncover any evidence of malfeasance in this industry through the scraps of information provided by leakers and hackers.

Let me state again that Brown did not coordinate—much less partake in—the actual infiltration of Stratfor, which took place in December 2011. During the incursion, Anonymous hackers swiped credit card numbers, emails, and other information, then distributed the material online. Most notoriously, they used thousands of the stolen credit card numbers to donate money to nonprofit and charity organizations. (It’s entirely possible that the cards weren’t all used for such Robin Hood–esque purposes, of course, but evidence suggests that donations were made.)

Brown was mostly interested in the emails, but he did share a link to the credit card numbers that had been stolen by Anonymous hackers. At one point, he faced a charge for posting that link. Out of all of the 17 counts he originally faced, this one was the most controversial: He had not stolen or used the credit card information but was simply reposting a widely circulated link from one chat room to another. This charge was dropped in March 2014, but the judge nevertheless agreed with the prosecution’s arguments on Thursday that linking to the stolen data had aided the hackers.

Advertisement

Once the hack had been completed, Brown sought the emails to scour for evidence of abuse and corruption. Brown, operating unabashedly and under the mantel of his given name, was not the only one to believe the emails were vital to the public interest. WikiLeaks eventually published many of them, and their contents demonstrate Brown’s journalistic instincts. They describe Stratfor’s involvement in a range of disconcerting activity, including the criminal monitoring of activists. A 1984 explosion at a Union Carbide India Ltd. plant in Bhopal, India—widely considered the worst industrial disaster in world history—left thousands dead and more than 500,000 exposed to deadly chemicals. Stratfor was hired by Dow Chemical to keep tabs on activist groups like the Yes Men and Bhopal Medical Appeal—which were actively working to publicize the issue and assist the victims.

Soon after WikiLeaks posted the emails, Stratfor issued a terse statement saying that it was unwilling to verify the authenticity of the leaked emails: “Some of the emails may be forged or altered to include inaccuracies; some may be authentic. We will not validate either. Nor will we explain the thinking that went into them.”

According to journalist Steve Horn, who sifted through thousands of Stratfor emails and wrote a two-part series examining the tactics deployed by the firm and its predecessors, the majority of company emails show that “the most important service Stratfor provides is its sociological analysis in service to corporate power and capital, not the dirty on-the-ground work,” as he put it. Indeed, only a smattering of emails point to direct, though low-level, involvement in the monitoring of activists. Still, between emerging examples of abuse and the enormous difficulty in accessing corporate records, we should, at a minimum, be troubled by actions that punish journalistic attempts to bring such information into the public domain. Brown is certainly not a journalist in the strict traditional sense. But he (and his Project PM) contributed to a burgeoning “fifth estate”: the hackers, leakers, independent journalists, and bloggers increasingly working with “the fourth estate,” the mainstream news, to inform the public about wrongdoing.

Hacker arrests are nothing new, but never before have they been so intensely concentrated. Raids were more sporadic throughout the 1980s, 1990s, and 2000s, and usually took one of two distinct forms: Law enforcement would target lone, apolitical hackers like Kevin Mitnick and Gary McKinnon, or aim to cripple infrastructures used by whole groups of underground hackers—closing down the bulletin-board systems where they congregated and otherwise disrupting their often-illegal activities. The largest and most famous of these American raids was Operation Sundevil. Carried out across 14 U.S. cities on May 8, 1990, the operation resulted in 27 search warrants executed and four arrests made. Worldwide, hackers wielding their skills for political aims were largely ignored by law enforcement. (Of course, every rule has its exceptions, as demonstrated by the 30 counts of computer crimes brought against a young Julian Assange in 1991.)

Advertisement

This approach changed with the appearance of Anonymous. In 2011 and 2012, its successes spurred a multinational coordinated crackdown that delivered more than 100 arrests around the world. In the U.S., all those put behind bars as part of this “nerd scare” have been actual hackers—with the exception of Barrett Brown.

Had he simply had the fortune of being born and residing on the other side of the Atlantic, say in the United Kingdom or Ireland, where some Anonymous hackers have been tried, his punishment in all likelihood would have been less severe. Comparatively speaking, the Irish and British Anonymous cases were remarkably mild. Two Irish hackers who defaced a website received no jail time. In May 2013, after pleading guilty to one charge of hacking the Pentagon and conspiring to hack Sony, Britain’s National Health Service, and Rupert Murdoch’s News International, Ryan “Kayla” Ackroyd was sentenced to 30 months in British jail, of which he served 10; notably, he received no fine or fee. Brown’s restitution fee will virtually guarantee years of indentured servitude.

Like so many hackers, whistleblowers, journalists, and hacktivists who have recently dared to take a stand for press freedom, accountability, and increased transparency, Brown is now paying a steep price. But he wasn’t a hacker. In fact, in 2013 an American hacker, Jeremy Hammond, pleaded guilty to this crime and is currently serving a 10-year sentence for it. Yet Brown still has to pay close to $1 million to Stratfor as if he had been the one to do it. If Stratfor’s vice president of intelligence, Fred Burton, truly lives by the code, “Admit nothing, deny everything and make counter-accusations”—as one email purports—then we can see the importance of the leaks and whistleblowing activities of Anonymous, and also the actions of those like Barrett Brown, who both assisted the collective, and utilized their work in the interest of the public.

This article is part of Future Tense, a collaboration among Arizona State University, New America, and Slate. Future Tense explores the ways emerging technologies affect society, policy, and culture. To read more, visit the Future Tense blog and the Future Tense home page. You can also follow us on Twitter.