The military trial in the case of Wikileaker Bradley Manning continued earlier this week. An interesting legal point in the case has arisen, as Manning’s defense lawyers pushed back against tweets that the prosecution wanted introduced as evidence.
Allow me first to provide a little bit of background on why the tweets in question are even being discussed in the case.
One of the key issues in the case has been the relationship between Army Private First Class Bradley Manning and Wikileaks, and its founder Julian Assange. Prosecutors have alleged that Manning was influenced by Wikileaks to leak some of the confidential documents. (Manning has already admitted to leaking the documents, but has denied more serious accusations, including that he knowingly aided the enemy).
Previously released chat logs between Manning and ex-hacker Adrian Lamo, who earlier testified in the case, have established that Manning had been in contact with Wikileaks, but there remains contention between prosecution and defense about to what extent and when that contact occurred. They also continue to argue over whether or not Manning’s actions were influenced by Wikileaks, or if there was any collusion between the two. This has been a crucial point as well for federal prosecutors seeking to build a case against Julian Assange.
On Tuesday, prosecutors and defense attorneys argued over a couple of tweets in particular. One of those tweets, alleged to have been posted from the Wikileaks Twitter account on 7/8/2010, asks for the public to assist in providing .mil email addresses to Wikileaks. Another on 1/8/2010 posted by Wikileaks referenced having an encrypted video of a U.S. air attack (referring to what we now know was the “Collateral Damage” video, one of the items in the files leaked by Manning and later edited and published by Wikileaks). Prosecutors argue that this further emphasizes evidence of a leak, and that it should be admissible as part of its broader argument on the point.
Special Agent Mark Mander of the Army Criminal Investigative Command testified about how he went about determining the tweets were from Wikileaks’ account. In the past, he first went to the Wikileaks Twitter account directly and saw the tweet personally; then he more recently collected it from a Google cache version and the content in both was the same. Mander testified that Google cache is something that he has used regularly in his capacity as a CID agent investigating computer intrusions and computer crimes. He also explained a variety of other steps he took, in addition to obtaining cached versions of the tweets, to cross-check the authenticity of the tweets as being that of Wikileaks.
But Manning’s defense attorneys challenged the authenticity of such tweets.
“Anyone can create a Web page…that looks like WikiLeaks or that looks like Twitter,” argued defense attorney Captain Joshua Tooman when the government sought to admit a May 7, 2010 tweet from WikiLeaks seeking military Internet addresses, and the Web page of the Internet archive site archive.org that showed a 2009 WikiLeaks “Most Wanted” list of items it was seeking from the public.
Tooman said a government investigator had accessed the tweets indirectly, through Google, rather than directly through Twitter or WikiLeaks. He said the evidence failed to meet the test of authenticity since there was no way of knowing what the website looked like when the tweet or page was published.
The argument from the defense about the tweets’ authenticity raises an interesting legal point that could potentially influence similar arguments in civilian cases.
While it’s accurate that anyone can create a web page that mimics a legitimate site – in fact we’ve seen this in other circumstances that have been the subject of recent news reports, such as when Wikileaks Punked the NY Times – there surely needs to be some acceptable standard for authenticating tweets and other content that has since been archived and may no longer be available online. Most would assume that the standard tools regularly used to find archived content, like Google cache and the Internet Archive (formerly the WayBackMachine), would be acceptable in these instances, coupled of course with additional cross-checking. But the Manning defense team argues that it’s not.
If the judge determines that Google cache and other such tools are not an acceptable way to authenticate archived tweets, it poses an interesting question about how this might influence similar arguments going forward (not necessarily as precedent, but just as a general point).
You can read the entire day’s testimony in this particular argument in the unofficial court transcript for 6/18 provided by Freedom of the Press Foundation.
It will be interesting to see what the decision is on this matter. Proceedings resume in the Manning trial on June 26th.