Grubb's arrest, which was reported in the Sydney Morning Herald, followed an article he wrote on a presentation at the AusCERT security conference in Brisbane on Sunday 15 May 2011 by security expert Christian Heinrich, in which Heinrich displayed a private photo he obtained from a Facebook page without being a 'friend' of the user.
In his presentation, Heinrich demonstrated that even where Facebook account settings are set at the highest level of privacy, information can still be extracted from Facebook's content delivery network (CDN). CDNs replicate content across the globe, so that when a user looks at a photo, it is retrieved from the closest computer server – rather that from the server on which the photo was originally posted.
Fairfax Media did not attend the conference session, but was given a private presentation of the security breach by Heinrich later in the day. Grubb then included the photo in an article published on smh.com.au about the security breaches. (The photo has since been removed.)
Grubb was still at the AusCERT conference when he was telephoned by Queensland Police requesting a meeting to discuss a complaint made by Chris Gatford (the husband of the woman whose Facebook photo Heinrich accessed and SMH published) about how the private account was accessed. In a pivotal move, Grubb requested to record the entire conversation on his iPhone – and later published the transcript!
In the interview, Detective Senior Constable Errol Coultis explained the complaint like this:
that [Gatford's] wife's Facebook account has been unlawfully accessed without either his or her permission. His MySpace account has been unlawfully accessed without his permission. And his Flickr account has been accessed without his permission. He has nominated a person by the name of Christian Heinrich who has done this. And he has done this and brought it into Queensland and displayed it for other people to view at a conference.Why Grubb was questioned over this incident, rather than Heinrich himself, is rather strange. Although it was later discovered that Heinrich was on a plane at the time of questioning and had left the jurisdiction, the incident shows that the journalist is the easy target – a matter of shooting the messenger.
In fact, during his interview, Grubb repeatedly urged the police to contact Heinrich himself rather than continue asking him unanswerable questions:
... you're better off asking Christian these questions, I mean I've got his mobile number if you want. I seem to be the informant here rather than, you should be contacting Christian if you want to go straight to the horse's mouth.
Detective Coultis: But is the fact that the accounts are requiring a log-on and a password and that there are privacy settings within these individual websites to secure the photographs that are being placed or the content – it's not the photographs I suspect. Is that not an attempt to secure the property? Those particular items?From reading the transcript, it seems that eventually the only reason for holding Grubb was to ascertain whether he had or has a copy of the Facebook photo that Heinrich gave him. Even after explaining that the image was publicly available on the SMH website, and that 'it's in the cloud', the police continued to press questions of how the photo was received (USB, CD or email). Grubb finally acknowledged that he had a personal copy of the file on 'an electronic device that he owns or can access' – namely, his iPad.
Grubb: I don’t need to answer that one. That's not my responsibility.
Detective Coultis: No. Ok. Alright. You don't think that that is the case?
Grubb: That's your job to figure out.
And this is where the case gets messy …
The police inform him that 'we believe Christian has committed an offence here, in fact a number of offences here in Queensland and we will be investigating that matter further'. They then ask Grubb a series of leading questions, which led him to reveal his source – 'Heinrich gave it to me'. And once Grubb confirms that he had kept notes of his conversation with Heinrich on his iPad, the police seize this as the grounds they need to place him under arrest for the purpose of retaining the device. Section 443 of the Police Powers and Responsibilities Act 2000 (Qld) states that
Police Officer May Search Person in Custody: a police officer may seize from the person anything found during the search that the police officer reasonably suspects may provide evidence of the commission of an offence.The arrest and detention of the iPad are timely reminders about the importance of journalist/source confidentiality and the ability of police to seize journalist's property containing confidential information. The Commonwealth Evidence Act was amended in April 2011 so that:
If a journalist has promised an informant not to disclose the informant’s identity, neither the journalist nor his or her employer is compellable to answer any question or produce any document that would disclose the identity of the informant or enable that identity to be ascertained.Although this incident is subject to Queensland law, and the Evidence Act amendment only covers Commonwealth proceedings, there is still huge potential for conflict with the new Shield Laws, which protect anyone who publishes information revealed to them by a source, from not having to disclose the identity of that source.
Grubb did inform police that 'as I think you'll probably understand, I'm a journalist and I write about maybe even you – and I talk with other people … I talk with people and I have sources and I write notes'. The iPad was nevertheless retained.
Since being released from custody, Grubb said:
I feel like I have been unfairly targeted. Journalists must be able to report what they observe – that's what they've been doing for ages and so to see this kind of policing occurring is very alarming. I believed that, as a journalist, I had protections. But it seems not. And to lose a device that contains not only private but work-related information is also another seriously alarming development for a journalist.What is also interesting about the incident is the use of Twitter by Queensland police – who originally tweeted:
We can find no reference to an arrest of @bengrubb. If anyone can provide more info, we can chase up further?And then later:
@The_Knuckle @bengrubb no, police talk to people for a range of reasons. We interview witnesses all the time
Police can legally seize material which may be evidence of a crime. It will be returned as soon as we can do so
Our bad @bengrubb was arrested for questioning briefly Our tweet last night was based on information provided at the time Apologies #AuscertAnd in a complete 360:
This morning’s tweet was simply an attempt to frankly and openly admit we got it wrong in our previous response, provide updated information, apologise for the mistake, and use the appropriate hashtag, all within 140 characters. Our earlier tweet responding to questions about the arrest were made after seeking information and clearance from the appropriate section. The information was provided in good faith as being accurate. When we became aware that the information we were provided was incorrect, we took steps to immediately correct it at the first available opportunity, as we always do in cases where we inadvertently provide incorrect information. It was relating simply to our previous tweet, not the arrest, and was no way intended to be flippant or unprofessional – just a mea culpa.At the time of publishing this blog, Heinrich still hadn’t been questioned, arrested or charged, and Grubb still hadn't received his iPad back! We will be updating this as the matter progresses and looking, in more detail, at the various legal issues this bizarre and worrying incident has raised.
Partner: Paul Kallenbach
0 comments:
Post a Comment