"A person commits the offense of tampering with computer data if he or she knowingly and without authorization or without reasonable grounds to believe that he has such authorization"

No one could possibly prove beyond a reasonable doubt that the reporter did not have "reasonable grounds to believe that he has such authorization". The reporter did not know that the website had private information on it when he accessed the page.

The law does allow for a civil action to be taken by the owner of the computer system (In this case the state) which would lower the standard of evidence to more likely than not- but given the facts of the case, I don't think it comes even close to meeting that bar.

That said, it seems like a prosecutor could articulate an argument that the reporter accessed information he had no reasonable grounds to believe he was authorized to access because he deliberately decoded some Base64-encoded strings that the reporter expected to contain sensitive information. Further, that because the reporter knew the site was using encoding to "protect" this information, by decoding the information he had believed might contain unauthorized information, he had "examined information about another person" that he had no "reasonable grounds" to believe he was authorized to access.

For every objection that is coming to your mind reading this, think to yourself whether you are confident you could convince a tech-illiterate prosecutor (who is looking to "hold fake news accountable") to see things your way. Further, is a jury or a judge going to be able to find salient AND relevant differences between "decoding" and "decrypting" or "client-side" vs "server-side" software? And are those differences great enough to affect their interpretation of the reporters actions in the context of the statute? Judges, prosecutors, and juries cannot be relied upon to unwrite bad tech laws.

“It is difficult to get a man to understand something when his salary depends upon his not understanding it.”

— Upton Sinclair

From a mathematical or CS perspective, i.e. from the perspective of objectivity and rigor, the Base64-encoded strings contain precisely the same information as the decoded version.

Even from a lay perspective... it's as if the state issued a public declaration in Chinese, and translating to English was "accessing" different information than the Chinese original.

Ask the prosecutor if sharing stolen Base64-encoded SSNs would be _legal_ because Base64-encoding makes them _different information_ than the original SSNs.

You won't be able to convince the prosecutor of anything ever, but you won't get a straight answer to that question either.

As a juror your job is to convict or acquit based upon the law and jury instructions given to you. Your job is not to convict or acquit based upon your opinion on what the law should be.

I suppose it's true, though, that poorly-encrypted ciphertext still contains the original information as the plaintext.

Encryption has the clear intent of removing all the plaintext information from ciphertext, producing a random string that is useless without a secret key, but this may fail, and then the plaintext information remains.

However, encoding information (in Base64 or otherwise) has the intent of removing no information.

My original formulation of argument was flawed, since it made no reference to or distinctions of intent.

If the law is overly broad about unauthorized access of the information and if by default the information being accessed is not plainly readable without conversion requiring special knowledge or software, I think a conviction might be likely and justified.

What does "raise eyebrows" mean?

You hypothesize a jury that simply doesn't understand the word "encoding," and can't be taught its meaning because it sounds like "encryption"?

If a message were broadcast in Morse code, then you could be convicted for unlawful access if you were to decode that into letters, right? Because it's Morse "code," an encoding.

I guess juries might not convict in that case because they've heard of "Morse code", but not "Base64 encoding"?

Anyway, if communication with juries is this fragile (and maybe it is) then a jury conviction really means nothing and the trial system as a whole is pretty hopeless and certainly cannot justify imprisonment of anyone.

To use a metaphor—if a state building is closed, but a person with certain knowledge knows that the windows on the building are easily opened by lifting and pulling in a certain way. Then, that person opens the window, enters the building, takes pictures of sensitive information, and later tells the government about the window, then writes to the world later after the government replaces the windows about how easy it was for them to enter and find that sensitive information, would they be guilty of breaking in and stealing information? I think yes.

Even if their intent was not malicious, and ultimately resulted in more secure data, they did something that was not authorized and then capitalized on it after. If the law doesn’t have a caveat for that situation and if the jury is doing its job and doesn’t have an instruction to allow the out, a conviction is likely.

> I think the standard lay person on a jury would not necessarily be open to a defense attorney attempting to explain that the word “decode” in goes against their base understanding of the word.

If they're not "open" to understand what Base64-decoding means, then they're not open to understand what the defendant did. Maybe that's true. If so it's a very deep indictment of the process. If what you are saying is true, the judge should not allow the prosecution to use the word "decode."

> To use a metaphor—if a state building is closed, but a person with certain knowledge knows that the windows on the building are easily opened

We don't need a metaphor. I used another actual example (not metaphor) of a encoding -- Morse code. A person who takes a transmission in Morse code and writes it down on paper has decoded it.

Is decoding Morse code allowed "without authorization"? Do I have a right to broadcast information on my HAM radio and then demand prosecution of any people who decode it?

It seems you would argue yes. Or else "no, but only because juries have heard of Morse but not Base64."

If the state, in this case, had used strings of "." and "-" to encode the data in Morse code, instead of Base64, do you think they would have the same case?

Or what if they had used Greek instead of English? (I think if you insisted to use a metaphor for encodings, that would actually be a good one.)

But all of that still doesn’t matter if that reporter was in possession of data he was not authorized to have and the law prohibits that . So what you have is decoded data in possession by someone who wasn’t allowed to have it but could be valid for him to have possession if it was encoded. If that is the way the law is written or the jury instruction is given…it’s a hill for the defense to climb.

But I can say with a very high level of confidence that ultimately this case has no legs to stand on.