The items requested and justifications given in this warrant are incredibly vague and broad in scope in relation to the evidence that would be required to prove the crime that is alleged. Afaict, they aren’t even making a specific claim as to what they’re searching for–it just says they’ll take every device and storage medium, copy it, and keep it forever. I don’t think that’s how computer searches work but maybe there’s a second warrant coming that deals with that part.
Yeah that’s the one. I agree it’s very broad. IANAL but like I said I assume there’s just a “get the computer stuff” warrant that they cut and paste for any computer crime and then return the stuff they don’t need. Not necessarily in this case, but in computer crime cases in general, it wouldn’t be a great idea to rely on fat-necked police grunts who can barely work an iPhone to decide what is and isn’t relevant at the scene.
Edit: Also it looks like the affiant is actually an FDLE guy but is a member of the “FBI Cyber Task Force”.
Man this feels like really squishy justification to seize a bunch of a citizen’s lawful property. “We are far too dumb to know what we should take so we’d better just get it all to be safe!”
Note that I don’t disagree that is why these things are worded so broadly.
I’m certainly not here to defend Jones but according to this article the justification for the warrant looks extremely bad. The login she used to send the message was publicly available according to this. If this is bs someone tell me why as I admittedly have not followed this much but had a leftie on my feed post this:
I think the article is pretty terrible. It takes the premise of “anyone could have done what they’re accusing her of,” which is OJ searching for the real killer level stuff.
Maybe she was expertly framed! But, its more likely she used credentials she knew, to send a message to her former colleagues and didn’t use a VPN.
She knew, you knew, I knew, they knew, mom knew, dad knew…
As Ars Technica reports, Redditors discovered that not only does the Florida Department of Health have a single shared username and password, but that username and password is also freely accessible on the web.
But if was definitely a crime to do… whatever it is she’s accused of
I asked the FDLE to explain how it could have been accessed illegally — if the email address might have required someone to use private credentials somehow — but it declined, citing the active investigation. A spokesperson simply stated that my suggestions were “not accurate,” and that “this was not simply an email.” The Florida Department of Health didn’t respond to a request for comment.
This is pretty feeble reporting for not following up on this point beyond what’s here, tho.
I am just guessing here as a half-ass law bro not familiar with Florida law but I doubt they can prove the “without authorization” element of the crime. The law they got the PC search warrant on is Florida Statute 815.06(2)(a), which makes it a third-degree felony to access computer systems without authorization.
If it’s a shared email account with publicly available login info, login info published in multiple places on the web by the agency itself, it’s hard for me to see that sticking. It’s a horribly designed system obviously. Should Jones have done what she probably did? Of course not. But to me it doesn’t meet what I perceive to be the elements of that crime. By publically publishing the info she used to send the message you are implicitly authorizing use. Especially in 2020 with strong passwords/2fa requirements the norm.
I’m not sure how this is any different than if I had a sticky note on my desk with my password and someone logged into my computer with it. That’s still unauthorized right?
If I have a WichitaDM website and I post in 7 different places the login to a shared WichitaDM listserv type email account/server on my website for people to discuss everything WichitaDM and someone logs in and sends a message to the listserv is it unauthorized?
To me that seems like the closer analogy. That’s basically what this account system was right? A giant Florida Department of Health listserv? She didn’t access anyone’s private account or any private information of any kind. She didn’t have to peep at anyone’s sticky note on their computer and soft-steal the login info. The authorization is implicit in the multiple instances of publically publishing the login info to it.
I’m really not wanting to get too into defending Jones because I think she sucks. I just doubt this really met the PC standard for getting a warrant based on what we know and fuck the cops.
My understanding is she sent the email to, essentially, a listserv, but the email came from some kind of official account. It’s more like an email blast from HR or whatever.
I think if she sent the email to the listserv from a personal email account and only used the public login info to get access to the listserv to send it, I’d be with you here. I think using the login info to send an email from an official account is still “unauthorized” even if that login info was public.
And to be clear, while I think that should be a crime, it’s the kind of thing that she should be offered community service for and walk away without a record.
The information available makes it hard to know. If it came as a official FL Dept of Health message to everyone I agree that changes my opinion and makes it unauthorized and was not how I read that article(which who knows how accurate that article really is). If she sent it from a random sock puppet or personal email account to a publically available listserv I don’t see how it could be unauthorized.
Regardless like you say even in the most favorable to the government interpretation of the statute this isn’t some heinous crime. Having 12 armed police serve a search warrant is ridiculous. That part of it makes it seem politically motivated even if it actually isn’t.
What about not charging her but instead just scooping all of the electronic equipment to make permanent copies of her private life like contacts, text conversations, emails, search history, financial data, health data, personal photos / videos, and unpublished sex manifestos?
If she wasn’t authorized to use the system it doesn’t matter if it had a password on it or not. You can be trespassing in an open field if the owner revokes their permission for you to be there. IF the can prove she sent the message the login information doesn’t really matter, it’s the not being authorized to use the system.
Let me say it another way: the most troubling thing here isn’t the guns drawn stormtrooper shit–it’s the carte blanche seizing of electronics from a journalist / scientist on the lightest amount of evidence. If this was Julie Brown you all would be freaking the fuck out.
Here is why I asked this question twice: you can’t credibly claim to be interested in proving unauthorized access if you don’t take the modem / router.
Lewis, the former cybercrimes investigator, also questioned why authorities seized thumb drives and memory cards to investigate accessing an online messaging system. “The only things I think that you would have had probable causes to seize would be the router and the computers” as well as the modem. Jones’ router and modem weren’t seized.
Like this is basically everything I suspected. More from that article:
Filipkowski, in his resignation letter, said he reviewed the warrant, and said the raid was “unconscionable.”
“It’s broadened out to allow them to basically seize any of her devices including zip drives, including things that really are wholly unrelated to that criminal statute,” he said. “There’s no minimization.”
“I think they intentionally worded it that broadly because they are on a fishing expedition, because they’re not just looking at violations of that statute. They’re looking for communications that are between state employees and Rebekah,” he said.
They are straight up trying to obtain compromising info on a journalist and identify her sources which is first chapter material in the Despot’s Handbook. See also:
It is definitely weird that the warrant allowed them to take flash drives but not the modem/router, I assumed the text of the warrant was just cut and paste boilerplate but it seems like that maybe isn’t the case. The story that they’re trying to “silence Rebekah” makes no sense to me but I could believe they’re on a fishing expedition trying to find out who in the DoH is providing her with information, something like that.
Briefly on the other stuff posted:
That Verge article is terrible and amounts to “there’s an email address with the same name as the group she sent the message to” which, so what. That name would be used on a bunch of stuff.
The “zomg IP addresses are unreliable” stuff is highly abstract objections that are unlikely to apply in this case and an IP address in a log could easily constitute probable cause.
“Unauthorized access” to a computer system does not revolve around possessing the username and password, just like leaving your house key carelessly lying on a table does not grant someone entry to your house.