On November 14, 2003, contents of memos obtained from computer files of two United States Senators were shared with and published by the Wall Street Journal and the Washington Times. On November 28, 2003, the Washington Post reported that an official investigation had begun and that Judiciary Committee Chairman Orrin G. Hatch (R-UT) had confirmed that a member of his staff "had improperly accessed some of the documents" and a second former staff member "may also have been involved." The memos, dated from 2001 through 2003, concerned Democratic strategies for opposing judicial nominees of President Bush. See Senate Opens Inquiry Into Leaked Memos.
The incident raises significant questions about circumstances under which one can have a reasonable expectation of privacy, digital security awareness and potential civil or criminal sanctions under existing law. (More ... )
According to a January 23 story in the Los Angeles Times, Senate Sergeant-at-Arms William Pickle has confiscated hard drives, enlisted forensic experts and conducted interviews in an attempt to pin down who accessed the 15 memos in question. Details of the investigation are still emerging.
The Boston Globe reported on January 22 that a hard drive in the office of Senate Majority Leader Bill Frist (R-TN) is reported to be among the material seized by the Sergeant-at-Arms investigation. The Globe also suggests that Senator Frist's chief judicial nominee adviser, Manuel Miranda, may have been involved.
The Globe quoted Miranda as denying any impropriety. "There appears to have been no hacking, no stealing, and no violation of any Senate rule," he told the Globe. "Stealing assumes a property right and there is no property right to a government document. . . . These documents are not covered under the Senate disclosure rule because they are not official business and, to the extent they were disclosed, they were disclosed inadvertently by negligent [Democratic] staff."
Democrats have tended to disagree with the analysis represented by Miranda's statement. Judiciary Chairman Orrin Hatch, (R-UT) was quoted by the Globe as stating that he was "mortified that this improper, unethical and simply unacceptable breach of confidential files may have occurred on my watch."
On Jan. 24, Richard Powelson of the Knoxville News-Sentinel quoted Sen. Patrick Leahy (D-VT) as referring to "cybertheft" of confidential Democratic memoranda.
Sabrina Pacifica points us to Robert Vamosi's piece on ZD Net, "Security breach on Capitol Hill: It's criminal" (Jan. 26, 2004) in which he asserts that the breach is "as wrong as a criminal hacker breaking into a corporation's Web site. If these allegations hold up under investigation, those responsible should be punished just as a criminal would." Vamosi suggests that the incident also points out issues with lax computer security. He contacted Chris Rouland, vice president of Internet Security Systems's X-Force, who observed that like many corporations, the Senate had focused their security efforts on the perimeter with few internal controls, creating what he called a "hard-candy shell with a soft chewy interior."
I'm no expert on the criminal law of computer file access, so I've some ignorant questions I hope our readers can help with via Comments or Trackback:
Q: Under what circumstances would some of the overt acts possibly committed here be regarded as criminal, and under which statutes?
Q: Regardless of legality, what does this say about the security practices in place at the United States Senate and among its staff?
Q: What internal controls on network computer use and on access to the records in question would have resulted in Senators having a greater expectation of privacy as to these politically sensitive files?
Comments or Trackback, please.Posted by dougsimpson at January 28, 2004 11:36 AM | TrackBack