Future Tense

How Strong Is the Government’s Technical Case Against Julian Assange?

Assange is accused of conspiring to violate the Computer Fraud and Abuse Act. Proving that may be tricky.

Julian Assange, bearded, seen through a van window.
Julian Assange sits in a police van after he was arrested by British police in London on Thursday. Henry Nicholls/Reuters

WikiLeaks founder Julian Assange was arrested in London on Thursday, after hiding out in the Ecuadorian Embassy in London since 2012. U.S. authorities now want to charge the man whose website had published hundreds of thousands of classified and sensitive U.S. government documents. U.S. lawmakers have long regarded the large-scale leaks published by WikiLeaks as a threat to national security, but it was not entirely clear what crime they would be able to charge him with—Assange himself, so far as anyone knew, had not stolen any information but instead merely published it. It seemed possible that he might be charged under the Espionage Act for something like “unauthorized communication of national defense information” (one of the things Edward Snowden was charged with), but that could have frightening implications for journalists who publish classified documents or information given to them by sources.

So it was a relief to many when, on the same day as Assange’s arrest, the U.S. Department of Justice unsealed an indictment charging Assange with conspiracy to commit computer intrusion and made no mention of the Espionage Act. University of Texas law professor Stephen Vladeck, for instance, tweeted in response to the charges, “the key is that this isn’t about the Espionage Act, or the publication of classified national security information—it’s not a direct threat to the press.”

But what has Assange been charged with, if not disseminating classified government materials? The answer lies at the intersection of conspiracy law and the Computer Fraud and Abuse Act, which Assange was charged with conspiring to violate. Typically, to violate the CFAA a person has to access a computer without authorization or in excess of their authorization—something that Assange did not clearly do while running WikiLeaks. He published lots of stolen information but did not steal it himself. However, Assange has not been charged with violating the CFAA but merely with conspiring to violate the CFAA, which makes the case more plausible and perhaps also a little bit more confusing.

In the relatively brief six-page indictment, the Justice Department outlines how, in 2010, Assange and Chelsea Manning discussed Manning’s efforts to leak sensitive military materials that would later be uploaded to WikiLeaks. Manning, who was charged under both the Espionage Act and the Computer Fraud and Abuse Act, clearly did the lion’s share of the technical work to access and download the stolen documents from military networks. However, according to the indictment, at one point in March 2010, Assange agreed to help Manning try to crack a password stored on Department of Defense computers connected to the military’s classified Secret Internet Protocol Router Network. Manning gave Assange a hash value for the password in question, and Assange later reported back that he had had “no luck so far” trying to figure out the password from the hash value. The indictment says he “requested more information from Manning related to the password.”

That was the extent of Assange’s involvement in anything technical—a single failed attempt to help Manning figure out a password. That could make it difficult to pin a CFAA charge on Assange since there’s no evidence that he ever used a stolen password or cracked it (or even really tried to crack it!) to access a computer without authorization. But a person can be found guilty of conspiring to commit a crime even if they do not actually commit that crime, Harvard Law School lecturer Kendra Albert explained.

“A successful conspiracy charge does not require you to actually violate the underlying statue,” Albert told me. “The government doesn’t need to prove that the CFAA was actually violated.”

Instead, to prove a conspiracy charge, the government needs only to show that Manning and Assange agreed to violate the CFAA and then one of them (not necessarily Assange!) took an overt act to advance that plan. So, Manning’s steps to access classified government materials without authorization are enough to support conspiracy charges against Assange. That could still be concerning to some journalists who discuss classified materials with their sources—could those conversations be used as grounds for a conspiracy charge even if they themselves don’t take any overt acts to steal that information?

Probably not—that’s why the password cracking agreement is so central to this indictment.

“What the password cracking does is it helps establish that Assange also had the intent to violate the CFAA,” Albert said. It also gives the Justice Department a way to charge Assange and minimize the slew of controversial and complicated First Amendment questions related to freedom of the press that would come up around Espionage Act charges.

Instead, the Justice Department has made a very deliberate and careful move to focus not on WikiLeaks or Assange’s publication of classified documents but instead on the one moment in March 2010 when he appeared to briefly cross the line into computer hacking himself (and not very successfully, at that). It’s an interesting strategy and one that may create other problems for the Justice Department related to extradition and the statute of limitations, but it tries to sidestep concerns about what going after Assange might mean for journalists—a surprisingly cautious and measured choice for this Justice Department.

Future Tense is a partnership of Slate, New America, and Arizona State University that examines emerging technologies, public policy, and society.