Skip to content
LPBN-Icon-v1 (1)
Legal Profession Blog
A Member of the Law Professor Blogs Network

Outsmarting A Narcissist: The FBI And Fake News

By Michael Frisch

The United States Court of Appeals for the District of Columbia Circuit held that the FBI did not adequately search for information concerning “fake news” operations

In 2007, Seattle-area Timberline High School began receiving anonymous bomb threats, which prompted daily evacuations. See U.S. Department of Justice, Office of the Inspector General, A Review of the FBI’s Impersonation of a Journalist in a Criminal Investigation 1 (2016) (“OIG Report”), Joint Appendix (J.A.) 538. Unable to trace the emailed threats to their sender, local authorities called in cybercrime experts from the FBI’s Seattle Division. Id. Sensing the handiwork of a narcissist, the FBI agents devised a plan: if they could flatter the culprit into clicking a link to what appeared to be press coverage suggesting that he had outsmarted the authorities, they could, in turn, outsmart him by secretly delivering specialized malware that would reveal his computer’s location. Id. at 11–12, J.A. 548–49. Warrant in hand, an FBI Special Agent contacted an anonymous social media account associated with the threats, identified himself as an Associated Press “Staff Publisher,” and requested input on a draft article accessible through an emailed link. Id. at 14–15, J.A. 551–52. The suspect took the bait, clicking the link and unwittingly downloading the malware. Id. at 16, J.A. 553. Within hours, the FBI had its man. Id.

The court recounts that the matter received little notice until an ACLU technologist learned of the ruse.

Flash forward seven years to October 2014, when an American Civil Liberties Union technologist spotted a reference to the FBI’s ruse—which had previously drawn little public attention—in a set of FBI documents released years earlier to an electronic privacy organization. Troubled, the technologist took to Twitter, and within days, news of the media impersonation tactics employed at Timberline prompted headlines nationwide. Facing outcry from news outlets, interest groups, and members of Congress, then–FBI Director James Comey, Jr., penned a letter to the New York Times justifying the tactics. But the public’s interest had already been roused.

A FOIA request followed

Among those wanting to learn more were the Reporters Committee for Freedom of the Press and the Associated Press, appellants here…

During the course of litigation, the FBI eventually located and released some responsive records, most pertaining to Timberline and none identifying any other instances of media impersonation. The Reporters Committee insisted that the FBI’s search efforts were insufficient, but the district court disagreed and granted summary judgment to the agencies.

The court

The Reporters Committee argues that the FBI failed to justify its decision to limit its search for Group One records, i.e., “records concerning the FBI’s utilization of links to what are, or appear to be, news media articles or news media websites to install” malware, to the Tech Division, while searching more broadly for “documents referring to the decision to create the fake [Associated Press] news article in the Timberline High School case.” First Hardy Decl. ¶ 34, J.A. 110–11. Because the former set of requested records encompasses the latter, the Reporters Committee insists, the FBI acted illogically in declining to consider that locations reasonably likely to hold Timberline-specific records would be similarly likely to hold records pertaining more generally to other instances of media impersonation.

We agree that the FBI could have better justified its search methods. For Timberline documents, the Records Section ordered targeted searches of a number of Bureau divisions, including the Office of General Counsel, the Tech Division, the Behavioral Analysis Unit, the National Covert Operations Section, and the Training Division, id. ¶ 43, J.A. 114–15; by contrast, for the broader set of Group One documents, Records ordered a targeted search of the Tech Division alone, id. ¶ 38, J.A. 112–13. Attempting to justify this distinction, the FBI points out that the Group One request sought records linking media impersonation to the installation of malware, whereas the Timberline request sought records relating only to the decision to impersonate the press in the first place. Because “the FBI’s policy specifically states that [the Tech Division] is solely responsible for the deployment and collection of all lawfully conducted electronic surveillance [B]ureau wide,” Second Hardy Decl. ¶ 4, J.A. 491, the FBI reasoned, nowhere else was likely to hold records regarding the use of malware.

This does not follow. Certainly, the Tech Division’s role in approving malware use makes it likely to hold relevant records. But that hardly means that “no other FBI Divisions or personnel would reasonably likely possess records” regarding the tactics used to deploy such malware. First Hardy Decl. ¶ 40, J.A. 113. Indeed, the Timberline incident provides a ready illustration of just what those other divisions might be. For example, record evidence demonstrates that the agents involved in the Timberline investigation conferred with the Behavioral Analysis Unit regarding how best to deliver malware. See OIG Report at 12, J.A. 549. Further undermining its claim that malware-related records were likely to appear nowhere but the Tech Division, the Bureau on its own accord elected to group the request for “an accounting of the number of times . . . that the [FBI] has impersonated media organizations or generated media-style material . . . to deliver malicious software,” First Hardy Decl. ¶ 34, J.A. 111 (emphasis added), with the Group Two requests for which it ordered multiple targeted searches and not with the Group One request for which it searched only the Tech Division.

Put simply, given the FBI’s determination that certain divisions were “reasonably likely” to hold records relating to a specific instance where media impersonation was used to deliver malware, its failure to search these very same divisions for records relating to other such instances leaves us unable to conclude, barring some explanation, that the FBI searched for the latter records in a manner “reasonably expected to produce the information requested.” Oglesby, 920 F.2d at 68…

Finding that material factual questions remain as to the adequacy of the FBI’s search, we reverse and remand to the district court for further proceedings consistent with this opinion.

Circuit Judge Tatel authored the opinion joined by Circuit Judge Kavanuagh and Senior Judge Silberman.   (Mike Frisch)

Posted in:
Current Affairs