Did WikiLeaks Break Federal Criminal Law using P2P Networks?

Bloomberg reporter Michael Ray writes that a Pensylvania firm may have discovered evidence that could be used to prosecute Wikileaks under US law.

Tiversa Inc., a company based in Cranberry Township, Pennsylvania, has evidence that WikiLeaks, which has said it doesn’t know who provides it with information, may seek out secret data itself, using so-called “peer-to-peer” networks, Chief Executive Officer Robert Boback claimed. He said the government is examining evidence that Tiversa has turned over.

The aricle goes on to quote Paul Ohm, an expert in cyber crime at the University of Colorado in Boulder and a writer for Freedom to Tinker, a blog sponsored by the Center for Information Technology Policy at Princeton University.  Responding via blog post Mr. Ohm clarifies the statements he made to Michael Ray.

The question presented by the reporter to me (though not in these words) was: is it a violation of the CFAA to systematically crawl a p2p network like Limewire searching for and downloading files that might be mistakenly shared, like spreadsheets or word processing documents full of secrets?

I don't think so. With everything I know about the text of this statute, the legislative history surrounding its enactment, and the cases that have interpreted it, this kind of searching and downloading won't "exceed the authorized access" of the p2p network. This simply isn't a crime under the CFAA.

Author:Khürt Williams

A human who works in information security and enjoys photography, Formula 1 and craft ale.