Ben Grubb, a technology journalist with the Fairfax group, was detained by Queensland Police last night at the AusCERT conference on the Gold Coast in relation to his report demonstrating the ease with which Facebook security could be bypassed to access photos from anyone's account.
Although denied by Police, Grubb believed he was under arrest tweeting "I've been arrested by Queensland Police for a story I wrote today. They've also seized my iPad. #AusCERT" at around 6pm yesterday. It appears he has still not been reunited with his iPad, which was probably the only device he brought in order to perform his job.
Here's how the scenario seems to have played out. Grubb was one of about 20 people who attended a presentation by Christian Heinrich on Sunday evening where the ability to view supposedly hidden photos on Facebook was demonstrated. He then wrote a short report which was published on Tuesday. Within a couple of hours, he was being interviewed by local Police who claimed to be responding to a complaint.
Commenting on Grubb's arrest, Darren Burden, the general manager for news at Fairfax Digital, said: ''Ben was a guest of AusCERT at the conference at the Gold Coast. He was at a conference, reporting on something actually said and presented at that conference. It's fundamental for journalists to be able to report these events.'' The SMH article also confirms that Grubb was indeed under arrest for a brief period.
Something of a tweet-storm erupted following Grubb's initial message and one of the strangest messages came from the Police Media unit, who claimed in relation to the seizure, "Police can legally seize material which may be evidence of a crime. It will be returned as soon as we can do so."
Ummm'¦ what crime?
It may have escaped the attention of Queensland Police, but Grubb was REPORTING on another person's presentation and demonstration. He had no part in the supposed privacy breach. Another media outlet contacted Heinrich in Sydney and he has confirmed to them that at no time has Queensland Police been in contact with him over the event.
One can only assume that the exposure of such security and privacy flaws is perfectly legal, but the reporting of them is not. Shooting the messenger is so easy, and it avoids having to confront the actual problem.