The Sony Pictures hack is like "The Fast and The Furious" series, in that it feels like it might go on forever. The hackers got their hands on a ridiculous amount of data from the Hollywood studio and have been releasing it in waves online, labeling each new release "Gift of the GOP." GOP stands not for the political party but "Guardians of Peace," the name the hackers have given themselves. The newest releases, posted to Github on Monday and Pastebin on Wednesday, were titled "Their Privacy" and contained the emails of Sony Pictures honchos Amy Pascal and Stephen Mosko, as well as the inbox of the company's top lawyer.
The hackers claim they'll stop the leaks if Sony Pictures immediately stops "showing the movie of terrorism that threatens regional peace," which we can assume is James Franco and Seth Rogen's "The Interview," a comedic film about journalists who are asked by the U.S. government to assassinate North Korea's leader. However, the latest leak contains an extortion mail the hackers sent to Pascal days before the hack that makes no mention of "The Interview," casting doubt on the theory that killing the movie is really the hackers' motive. We know little about them beyond the fact that they routed their attack through a fancy hotel in Bangkok.
In addition to information that could be used to steal the identity of Sony Pictures' employees, the documents include tidbits like celebrities' phone numbers, the aliases Hollywood stars use to book hotel rooms, and the toxic, insulting emails moviemakers write about the people who star in their films and even about the president. If you're willing to wade through a lot of boring stuff, it's juicier than what you'd find in the tabloids.
But before you download the files, it's worth knowing this: the FBI recently paid a visit to someone who has been reviewing the files — Dan Tentler, a security expert who has commented at length about the Sony Pictures hack in the press, and who determined that Sony's own Playstation network was being used to distribute the stolen documents.
Over the weekend, while Tentler was out of town, FBI agents visited his home in San Diego. According to Tentler's tweets, they "started the conversation with the words 'illegal downloading.'"
Tentler is not commenting on the visit now, so it's unclear if the FBI was there to question him about his activities or to seek his expertise. Is the FBI keeping track of the IP addresses downloading the Sony Pictures' hacked documents? It's fairly simple to do if they're monitoring the file torrents that have been posted by the hackers.
Laura Eimiller, FBI spokesperson for the Los Angeles bureau, said she could not comment as the investigation of the Sony Pictures hack is ongoing.
If the FBI was there to discuss potential criminal behavior, what could they have meant by "illegal downloading?"
"There’s no crime of 'illegal downloading' per se," said Hanni Fakhoury, a lawyer at the Electronic Frontier Foundation. But he said there could be criminal liability for possessing stolen documents. "It certainly is a crime under state law to receive stolen property."
Stuart Karle, an adjunct media professor at Columbia University and former general counsel for the Wall Street Journal, disagreed. "Sony Pictures has lost control of its information. The documents have been published by the hackers," Karle said. "They are now public by virtue of being put on the Internet."
Karle compared the hackers posting internal emails and budget documents online to their putting them up on a billboard in a major city. "Do you really expect people to drive through L.A. and not look up at the information there? That’s Sony Pictures' fault. You have to take appropriate steps to keep your own secrets."
Where people could get into legal trouble would be in what they do with that public information, said Karle, by, for example, using exposed passwords to access Sony Pictures accounts or by sending employees' Social Security numbers on to an identity thief. Orin Kerr, a law professor at George Washington University and a former federal prosecutor, said employees of competing Hollywood studios could violate the Economic Espionage Act if they downloaded the documents to get at Sony Pictures' trade secrets.
Fakhoury pointed out that in a previous hack that exposed the emails of government contractor Stratfor Global Intelligence, prosecutors went after Barrett Brown, a blogger and once-spokesperson for Anonymous. Brown was charged with identity theft and "trafficking in stolen authentication features" just for posting a link to the emails stolen from Stratfor, which included tens of thousands of credit card numbers and their verification codes, even though his interest in linking to the emails was to expose the government contractor's discussion of discrediting journalists, activists and political leaders. The government later came to its senses and voluntarily dismissed those charges. But Brown signed a plea agreement earlier this year for related charges — acting as an accessory after the fact on the hack and obstructing a search warrant — and is due to be sentenced next week.
We don't know how many people have downloaded the Sony Pictures documents, but we do know journalists have been among them. Journalists' right to report on illegally obtained documents was established by a 2001 Supreme Court case, Bartnicki v. Vopper. In that case, the Supreme Court ruled that a radio commenter who was given a tape that was made in violation of the wiretapping act had the First Amendment right to play it on his show. The illegally recorded phone call contained a matter of public concern and safety, with a union worker on the call threatening to blow up the porches of local school board members' homes. "There's no liability for a journalist who has been given illegally obtained information," former federal prosecutor Orin Kerr said.
Lee Levine, a partner at Levine Sullivan Koch & Schultz, argued the Supreme Court case that established journalists' right to report on illegally obtained documents (as long as they didn't do the illegal obtaining themselves.) Levine says that journalistic reporting on matters of public concern is a protected area. What's novel in this situation is the document delivery system. The hackers have used throwaway email addresses to contact journalists and send them to public sites to download documents rather than sending documents directly through the mail or in an email, or leaving a package – or a thumb drive — with documents on their doorsteps. "The bottom line view is that, if the material addresses a matter of public concern and the information is otherwise publicly available, a court would be hard-pressed to say that a journalist could be criminally punished for it," he said.
It would "pose interesting questions," said Levine, if there were a law explicitly banning the downloading of hacked documents. Companies whose hearts have now been struck cold by the fear of being hacked will almost certainly push Congress for such a law very soon.
Levine cautioned that the more the documents are used for reporting news "that has no public interest beyond celebrity gossip, the less likely it is to get First Amendment protection."
First Amendment lawyer Stuart Karle, who said the documents are public thanks to their being posted on the Internet, says the question of whether journalists should report on the secrets revealed is not a legal matter but an ethical one. Journalists have pored through the personal email of Sony Pictures honcho Amy Pascal in recent days to expose a fight over the making of a movie about Steve Jobs and derogatory exchanges about stars Angelina Jolie and Kevin Hart. Journalists have to determine whether the information in the documents is worthy of public concern or not. In other words, Karle says, they have to ask themselves, "How icky is it to do this story?"