Attorney Mark Rasch on the Indictment of Freelance Journalist Tim Burke

Mark Rasch headshot
Photo courtesy of Mark Rasch, Cybercrime Attorney, Bethesda MD

By Susanna Granieri

Freelance investigative journalist Tim Burke, who has previously reported for Deadspin and The Daily Beast, was indicted in February on federal conspiracy and computer crimes. The nature of the case has raised concerns about possible violations of the First Amendment, and press freedom advocates have warned of its possible chilling effect on investigative journalism.

Photo by Melissa Lyttle, courtesy of Tim Burke

Following a raid of his Tampa, Florida home in May, in which FBI agents searched Burke’s home and seized several of his electronic devices used for newsgathering, Burke was charged with one count of conspiracy, six counts of accessing a protected computer without authorization, and seven counts of intentionally disclosing illegally intercepted wire, oral, or electronic communication. The affidavit used by the DOJ to obtain the search warrant has reportedly been provided to Burke, but it does not appear on the court docket, leaving the legal justification for the raid unclear.

While the indictment lacks details, the charges are reportedly the result of his dissemination of unreleased interviews conducted by then-FOX News host Tucker Carlson. One of them, an unaired interview with Ye, the artist formerly known as Kanye West, made national headlines after VICE published video of the musician making antisemitic remarks in conversation with Carlson.

First Amendment Watch spoke with Burke’s attorney, Mark Rasch, who has decades of experience in litigation involving computer crimes, data security and electronic privacy law. Rasch outlined the charges against Burke, discussed the DOJ’s department policy guidelines protecting journalists, and expressed concern over how questions regarding Burke’s status as a journalist could lead to a broader erosion of press freedom in the United States.

Editor’s note: This interview has been edited and condensed for length and clarity.

FAW: Does the government’s arrest and indictment of Tim Burke violate First Amendment protections for a free press. How?

MR: The short answer is it absolutely violates protection of free press, and in a number of ways. First of all, it was the way the government obtained the information from Mr. Burke, and that is the idea that simply by accusing somebody of wrongdoing, they appear to have bypassed all of the protections that are intended to protect journalists and to protect journalists’ activities. So there’s two problems here. One is that they executed a search warrant on a journalist, and number two they executed a search warrant to seize reporting materials. And both of those infringe on First Amendment freedoms, but also act as a chilling effect on other journalists who want to collect and disseminate information.

FAW: Does the government’s actions violate statutory protections, like the Privacy Protection Act? How so? 

MR: Well, here’s the interesting thing. The Privacy Protection Act has an exception if the journalist is accused of wrongdoing, other than the receipt of information. So if a reporter breaks into somebody’s office and steals information, and there’s a criminal investigation of that activity, the Privacy Protection Act doesn’t shield the reporter. A reporter is not allowed to commit a crime in connection with their reporting. However, there’s a recent trend of the government using computer crime statutes, which include ambiguous language like “without authorization” or “in excess of authorization,” not to prosecute hacking, but to prosecute the reporting of the information without permission.

This idea that doing research or finding things on the web or going to websites requires the express consent, or the permission to click on a link, or permission to find information … The nature of investigative journalism is to find stuff that other people don’t know is there. And a modern digital journalist is looking for stuff in areas of the web that may or may not be known to others. Now look, they can’t hack, they can’t break in. But by using terms like access without “authorization,” or worse, what the government’s arguing here, access without “permission,” which is an even different thing. That kind of interpretation puts all journalists’ activities at risk. So something important to point out in this case, what the government is asserting in the indictment, is that Timothy Burke was alerted to the fact that an organization had published its access credentials to a particular streaming video site on its own website. They publish their user ID and password on their own website. And that when Tim used that published user ID and password, he was violating the computer crime statute. That’s the government’s argument, that he commits a felony when he uses a publicly published credential.

FAW: The indictment accuses Burke and the source of utilizing “the Internet to search protected computers and otherwise to secure credentials (usernames and passwords).” The indictment does not at any point state that the footage or login credentials were not publicly available. What does that mean to your argument?

MR: That’s the whole point. It uses this term “compromised credentials.” Well, imagine when you go to a Starbucks and you see the user ID and password to log into the internet, and saying, “Oh, you used compromised credentials.” 

FAW: Did he himself locate their credentials or did this source tell him how to locate them?

MR: Both. They’re still there by the way. They’re still on the internet. I don’t know if they still work, but they’re still there. It’s important to note that these are not regular credentials. These are what are called demo credentials. It’s not like it’s John Smith’s credentials. These are group credentials for an entire enterprise that are provided by the people setting it up. They’re called demo credentials. If you were to go online and say, “Where do I find demo credentials for …” whatever service it is, you’ll find demo credentials. Lots of people publish demo credentials online all the time. Our understanding is that the source told him where they were and he checked and said, “Yep, they’re there.”

FAW: Because the source told him where they were, would that cause a wrinkle in his defense under the precedent set in Bartnicki v. Vopper?

MR: There’s a two step process if you read the indictment carefully. The first step is logging into the streaming site, using credentials to log into the streaming site. The second step is watching the streams. Those are two different things. So as we have said in our pleadings, once he logs into the streaming site using the demo credentials, the streaming site automatically downloads to him a list of all the other streams that are going on in that site. Now many of those streams are encrypted which requires a user ID and password. Others are not encrypted, meaning that if you have a URL, all you need is a URL, you no longer need any user ID and password. You don’t have to be logged into the streaming site. If you have the URL, you can watch the stream.

FAW: And so this URL was given to him by a source?

MR: No. Let me explain. The user ID and password to log into the streaming site was published by one of the subscribers to the streaming site on their own website. Let’s call it So some subscriber to, let’s call the subscriber XYZ company. If you go to, their own webpage, they’ll say, “By the way, here’s a link to our StreamCo account, and my StreamCo user ID is “user @ XYZ company” and my password is “XYZ!” So XYZ has published on its own website its user ID and password to StreamCo. So it’s alleged that Tim was provided that user ID and password and actually went and looked at XYZ’s web page and saw the credential, and logged in and used it. And again, this is where the government is using the “without authorization” saying look, “Who gave him permission to use the user ID and password that we published?” Claiming that he had no permission to use the user ID and password that was published. So you see where we get into this question of permission and consent as being almost bizarre. That it was published, it was publicly accessible, publicly available, but he lacked permission to use it. That’s the first crime, which is logging into StreamCo. So the first crime is that he logged into StreamCo because he lacked permission to use a published credential.

FAW: According to the Reporters Committee for Freedom of the Press, there is the possibility of trespass if a journalist, for example, accessed a “closed” website with a code. What is the difference between Burke’s action here, and the charges under the Computer Fraud and Abuse Act versus trespassing liability?

MR: He’s charged under the Computer Fraud and Abuse Act. That is a trespassing liability. That’s what they’re looking at, that he trespassed onto StreamCo, when he used XYZ’s credentials that XYZ had published, because even though the credentials were published, he didn’t have permission to use the published credentials. That’s the government’s argument.

FAW: Could one argue that because the credentials were publicly available that that is considered express consent?

MR: Not only can one, one will. First of all, the law doesn’t require express consent. When you walk over to a hotel and you sit down in the lobby to meet a friend, do you have the express consent of the hotel to sit in the lobby? No. Why do you think you’re allowed to do it? Because you are. Because the default is that it’s open, and that’s how the internet works. So that’s crime number one. Crime number two is even more absurd. Crime number two is, once he has logged onto StreamCo, the government alleges that he was able to see a list of streaming videos, live streams. Now, it’s important to note what the government says and does not say about those live streams. The live streams were not encrypted, and this is important, required no user ID and password to view them. And, you do not have to be logged into the StreamCo to see them. In other words, you didn’t need the StreamCo user ID and password to see them. Just the publicly available, but hard to guess, URL. So the government is here saying that going to a publicly accessible, internet addressable, but hard to guess URL, constitutes hacking … What the indictment says is that he put his browser into developer mode. So the crime he committed was putting his browser into developer mode. And with developer mode, he was able to see the otherwise hidden URLs.

FAW: The indictment notes that the conversations between Burke and his source were done over Twitter direct messages. Do you know if those records get subpoenaed, or how those direct messages were accessed?

MR: That’s the question: where did they get those? You can’t subpoena them. They have to be done by warrant. In other words, what the government is saying is, it has obtained the direct messages between a journalist and their source by search warrant, which means that they would have had to get the approval of the Attorney General to do that under the DOJ press policy.

FAW: And their argument for doing so would then be under the alleged violation of the Computer Fraud and Abuse Act?

MR: Correct. There’s two issues. One is, should the AG approve it? Second question is, did they ever even ask?

FAW: Has that not been made clear through the filings in the case at all?

MR: Nope. Because what they have argued in the United States Court of Appeals for the Eleventh Circuit is that they have complied with the DOJ policy. That doesn’t mean that they actually did it. They could have made the conclusion that the DOJ policy didn’t apply, and therefore it wasn’t required for them to do anything.

FAW: Burke is currently a freelancer, so does his status in the news media matter here? Does it matter under the DOJ policy guidelines?

MR: First of all, we reject the idea that he’s a former journalist. And it’s been reported a lot that he’s a former journalist, and the answer is, he’s a journalist. By any definition he’s a journalist. He may not work for a specific news organization, but he’s a freelance journalist, number one. Number two, as we made clear in our pleadings, the crime he’s alleged to have committed was collecting and publishing information. So the crime is journalism. Number three, even if he was a former journalist, which he’s not, when the government got the search warrant, it knew that it was going to collect information not only of stuff related to this particular incident, but to all the work that he’s done over the years. So it was seizing a journalist’s records, even if it didn’t think he was a journalist anymore. So my point is, the definition of a journalist under the Privacy Protection Act is a person who collects information for the purposes of disseminating it to the public through a book, magazine or something similar. The crime he’s alleged to have done is to have disseminated information to the public. Plus, the magistrate judge has made a finding that he is in fact a journalist. The government has said they complied with [DOJ press protection guidelines] but they’ve also said they don’t think that Tim is a journalist. So again, they could have complied with them by simply ignoring them: “That only applies to journalists. We don’t think he’s a journalist. So we complied with them by not doing anything.”

FAW: Do you think there’s a reason the indictment lacks the term “journalist”?

MR: Yes. Again, I’m not going to comment on what the indictment doesn’t say and why it doesn’t say that. But I think the indictment speaks for itself, both in what it says and what it fails to say.

FAW: Has Burke received any of his materials back?

MR: He’s had some of them but a lot of them have never been returned.

FAW: Have you received the affidavit for the search warrant yet?

MR: We have, but it’s very weird. If you take a look at the district court magistrate, the judge ordered it to be unsealed. But there’s a pleading filed [March 6] in the [11th Circuit] Court of Appeals, where we argue that we don’t know whether it’s been sealed or unsealed. The government has argued in the court of appeals that the affidavit has been unsealed. That’s the best way to put it. One would think unsealed means unsealed, and yet it does not appear on the docket. 

FAW: What do you think this case means for journalists accessing digital information?

MR: There’s some broader questions for journalists here. The first one is that the government takes it upon itself to decide whether or not somebody is or is not a journalist. That’s dangerous for journalists. It’s particularly dangerous for digital journalists. And it’s particularly dangerous for stringers and those who don’t have a specific employment by a particular journalistic organization. Whereas the law takes a very broad definition of journalists as a person who collects information for the purposes of disseminating it to the public, which would include bloggers, posters, people like that. So that’s number one. Number two, is the DOJ has specific guidelines, where there’s a close case, if a person is a journalist, or whether their activity is protected, and whether they’re engaged in journalistic activity, that requires approval at a very high level within the DOJ for any form of compulsory process, which includes subpoenas or search warrants for source information, subpoenas or search warrants for journalistic information. Right now, we don’t know whether or not that was complied with. Number three, is that the government is treating information as property and therefore, information received from sources without the permission of the, we’ll call it, owner of the information, as stolen property. That’s extremely dangerous for journalists. Because it means every leak and every source who gives you information, even if they just read it to you over the phone. You run the risk the government will treat the information as stolen property. Because you didn’t have the permission of the owner of the property to have it. Interesting. So this idea of information as property and reporting as transporting stolen property is very dangerous for reporters. As is the idea of not breaking into computers, but that you need permission to obtain information. The search warrant itself actually authorized the government to seize information related to downloading of information without permission. Which is not a crime. Breaking into a computer is a crime. Downloading information without permission is not a crime. The other thing is the government is also taking the position that people that journalists talk to are co-conspirators rather than sources. So if you take a look at the Pentagon Papers case, that would treat Daniel Ellsberg as a co-conspirator in the unlawful dissemination of the Pentagon Papers. It allows the government to go after not just the whistleblower, but the news organization that publishes what the whistleblower has given them, as stolen information.

More on First Amendment Watch: