Crumbling Case Against Assange Shows Weakness of “Hacking” Charges Related to Whistleblowing
By 2013, the Obama administration had concluded that it could not charge WikiLeaks or Julian Assange with crimes related to publishing classified documents — documents that showed, among other things, evidence of U.S. war crimes in Iraq and Afghanistan — without criminalizing investigative journalism itself. President Barack Obama’s Justice Department called this the “New York Times problem,” because if WikiLeaks and Assange were criminals for publishing classified information, the New York Times would be just as guilty.
Five years later, in 2018, the Trump Administration indicted Assange anyway. But, rather than charging him with espionage for publishing classified information, they charged him with a computer crime, later adding 17 counts of espionage in a superseding May 2019 indictment.
The computer charges claimed that, in 2010, Assange conspired with his source, Chelsea Manning, to crack an account on a Windows computer in her military base, and that the “primary purpose of the conspiracy was to facilitate Manning’s acquisition and transmission of classified information.” The account enabled internet file transfers using a protocol known as FTP.
New testimony from the third week of Assange’s extradition trial makes it increasingly clear that this hacking charge is incredibly flimsy. The alleged hacking not only didn’t happen, according to expert testimony at Manning’s court martial hearing in 2013 and again at Assange’s extradition trial last week, but it also couldn’t have happened.
The new testimony, reported earlier this week by investigative news site Shadowproof, also shows that Manning already had authorized access to, and the ability to exfiltrate, all of the documents that she was accused of leaking — without receiving any technical help from WikiLeaks.
The government’s hacking case appears to be rooted entirely in a few offhand remarks in what it says are chat logs between Manning and Assange discussing password cracking — a topic that other soldiers at Forward Operating Base Hammer in Iraq, where Manning was stationed, were also actively interested in.
The indictment claims that around March 8, 2010, after Manning had already downloaded everything she leaked to WikiLeaks other than the State Department cables, the whistleblower provided Assange with part of a “password hash” for the FTP account and Assange agreed to try to help crack it. A password hash is effectively an encrypted representation of a password from which, in some cases, it’s possible to recover the original.
Manning already had authorized access to all of the documents she was planning to leak to WikiLeaks, including the State Department cables, and cracking this password would not have given her any more access or otherwise helped her with her whistleblowing activities. At most, it might have helped her hide her tracks, but even that is not very likely. I suspect she was just interested in password cracking.
Assange, however, never cracked the password.
That’s it. That’s what the government’s entire computer crime case against Assange is based on: a brief discussion about cracking a password, which never actually happened, between a publisher and his source.
Therefore, the charge is not actually about hacking — it’s about establishing legal precedent to charge publishers with conspiring with their sources, something that so far the U.S. government has failed to do because of the First Amendment.
As Shadowproof points out: In June 2013, at Manning’s court martial hearing, David Shaver, a special agent for the Army Computer Crimes Investigating Unit, testified that Manning only provided Assange with part of the password hash and that, with only that part, it’s not possible to recover the original password. It would be like trying to make a cappuccino without any espresso; Assange was missing a key ingredient.
Last week at Assange’s extradition trial, Patrick Eller, a former Command Digital Forensics Examiner at the U.S. Army Criminal Investigation Command, further discredited the computer crime charge, according to Shadowproof.
Eller confirmed Shaver’s 2013 testimony that Manning didn’t provide Assange with enough information to crack the password. He pointed out, “The only set of documents named in the indictment that Manning sent after the alleged password cracking attempt were the State Department cables,” and that “Manning had authorized access to these documents.”
Eller also said that other soldiers at Manning’s Army base in Iraq were regularly trying to crack administrator passwords on military computers in order to install programs that they weren’t authorized to install. “While she” — Manning — “was discussing rainbow tables and password hashes in the Jabber chat” — with Assange — “she was also discussing the same topics with her colleagues. This, and the other factors previously highlighted, may indicate that the hash cracking topic was unrelated to leaking documents.”
I’m not a fan of Julian Assange, particularly since his unethical actions and lies he’s told since the 2016 U.S. election. But I am a proponent of a strong free press, and his case is critically important for the future of journalism in this country.
Journalists have relationships with their sources. These relationships are not criminal conspiracies. Even if a source ends up breaking a law by providing the journalist with classified information, the journalist did not commit a felony by receiving it and publishing it.
Whether or not you believe Assange is a journalist is beside the point. The New York Times just published groundbreaking revelations from two decades of Donald Trump’s taxes showing obscene tax avoidance, massive fraud, and hundreds of millions of dollars of debt.
Trump would like nothing more than to charge the New York Times itself, and individual journalists that reported that story, with felonies for conspiring with their source. This is why the precedent in Assange’s case is so important: If Assange loses, the Justice Department will have established new legal tactics with which to go after publishers for conspiring with their sources.
Micah Lee is First Look Media’s Director of Information Security. He is a computer security engineer and an open-source software developer who writes about technical topics like digital and operational security, encryption tools, whistleblowing, and hacking using language that everyone can understand without dumbing it down. He develops security and privacy tools such as OnionShare, Dangerzone, and semiphemeral.
The Intercept is an award-winning news organization dedicated to holding the powerful accountable through fearless, adversarial journalism. The kind of journalism we do is costly, and readers’ support keeps The Intercept strong and independent. We established our membership program to make it easy for you to invest in courageous, quality reporting you can trust. Please click here to become a member.