This Week in Technology + Press Freedom: April 5, 2020
For up-to-date resources related to the COVID-19 pandemic, please see our dedicated landing page, which features recommendations for journalists, legislators, and courts to ensure that the press and the public’s right of access to information is protected. The Reporters Committee also published a special analysis last week discussing the expansive government powers that could be invoked in a public health emergency and how they could theoretically implicate newsgathering and press freedom.
Here’s what the staff of the Technology and Press Freedom Project at the Reporters Committee for Freedom of the Press is tracking this week.
A significant ruling involving the Computer Fraud and Abuse Act
A federal court in Washington, D.C., ruled that violating websites’ terms of service does not trigger criminal liability under the federal anti-hacking law.
The lawsuit was initially brought in 2016 by the American Civil Liberties Union on behalf of a media organization and academic researchers who wanted to investigate discrimination on the internet. Specifically, they sought to engage in audit testing by creating fictitious accounts or profiles in order to determine whether hiring websites were discriminating against users on the basis of race, gender, or other characteristics protected by civil rights laws.
The plaintiffs alleged that their intended testing method would violate many consumer websites’ terms of service or use, which could subject them to criminal prosecution under the Computer Fraud and Abuse Act. They asked the court to declare that the provision in the law that would trigger liability, as applied to them, unconstitutionally restricts their First Amendment right to free speech.
Because the court concluded that the plaintiffs’ intended actions are not criminal under the CFAA, the court found that there were no longer “live” issues, and dismissed the lawsuit as moot without reaching the constitutional question.
Although the court declined to weigh in on the constitutionality of the access provision, this new ruling is significant in at least two ways.
First, the ruling signals that the law’s prohibition on accessing a protected computer “without authorization” or in a manner that “exceed[s] authorized access” should not cover terms of service violations like those at issue in the lawsuit.
Significantly, the court found that the “without authorization” provision is primarily concerned with “theft of information” from non-public websites, and that a user does not become a hacker unless the user bypasses a “permission requirement” like a password.
Second, in holding that the plaintiffs had “standing” to pursue their First Amendment claim, the court emphasized that the requirement for establishing “standing” in the First Amendment context is more relaxed and that plaintiffs can demonstrate a credible fear of criminal consequences even where the government has never invoked the challenged statutes before.
— Linda Moon
Quick Hits
The San Francisco Board of Supervisors last week approved a $369,000 payout to freelance journalist Bryan Carmody over the police raid of his home and office. The Reporters Committee filed a friend-of-the-court letter in the case and separately moved to unseal five search warrants, including one that authorized a search of his phone. Last fall, the Reporters Committee also filed a Freedom of Information Act lawsuit seeking records that may shed light on the FBI’s involvement in the raid. The Carmody raid was prominently featured as one of the most concerning incidents in 2019 in the Reporters Committee’s third annual report analyzing threats against press freedom using data from the U.S. Press Freedom Tracker.
—
Google’s threat analysis group recently stated that it sent Google account holders almost 40,000 warnings in 2019 concerning targeted and government-backed hacking efforts. “Upon reviewing phishing attempts since the beginning of this year, we’ve seen a rising number of attackers … impersonating news outlets or journalists,” the group stated.
—
As many health care workers have taken to social media to discuss a lack of protective equipment, supplies, and tests in the fight against COVID-19, Bloomberg reported last week that some have been fired for giving interviews to the media regarding their posts and observations.
—
A little over a week ago, Vice’s tech blog Motherboard reported that the iOS app version of Zoom, the video-conferencing software, sent user data to Facebook regardless of whether users had a Facebook account or not. A day later, Zoom updated the code for the app to halt this practice. This and other privacy concerns led Sen. Richard Blumenthal (D-Conn.) to send a letter to Zoom’s CEO inquiring about its data privacy practices.
—
Washington Gov. Jay Inslee signed a law which requires law enforcement to seek a warrant before using facial recognition technology. Many civil liberties critics say the law does not go far enough and call for a moratorium until those who may be most impacted are given a chance to weigh in.
—
Members of the U.S. House of Representatives left Washington without authorizing a Senate-approved temporary extension of surveillance authorities in the Foreign Surveillance Intelligence Act. As detailed in previous newsletters, the main provision at issue permitted collection of “business records,” including mass collection of call detail records. This round of reauthorization also comes amid the latest audit of FISA applications from the Justice Department’s inspector general finding many errors, such as “inadequately supported facts.”
—
The Saudi government has reportedly been exploiting a vulnerability in cell phone networks to conduct “systematic” surveillance on its citizens traveling in the U.S., something lawmakers have warned would be possible. The revelation comes just a few days after Turkish prosecutors charged 20 suspects, including two former aides to Saudi Crown Prince Mohammed bin Salman, in the murder of Jamal Khashoggi, Washington Post Global Opinions contributing columnist and former broadcaster. Some have alleged that the regime used phone spyware to track Khashoggi prior to his murder.
—
The United Nations special rapporteur on the right to freedom of opinion and expression called upon several countries to lift restrictions on internet access, arguing the need to transmit information about the COVID-19 pandemic outweighs the national security justifications.
—
Gif of the Week: We’ve spent a lot of time with our new WFH colleagues.
Like what you’ve read? Sign up to get This Week in Technology + Press Freedom delivered straight to your inbox!
The Technology and Press Freedom Project at the Reporters Committee for Freedom of the Press uses integrated advocacy — combining the law, policy analysis, and public education — to defend and promote press rights on issues at the intersection of technology and press freedom, such as reporter-source confidentiality protections, electronic surveillance law and policy, and content regulation online and in other media. TPFP is directed by Reporters Committee Attorney Gabe Rottman. He works with Stanton Foundation National Security/Free Press Fellow Linda Moon and Legal Fellows Jordan Murov-Goodman and Lyndsey Wajert.