City of Fullerton v. Friends for Fullerton’s Future
Court: California Court of Appeal, Fourth Appellate District, Division Three
Date Filed: Nov. 5, 2019
Updates: On March 12, 2020, an Orange County Superior Court judge reissued an order that prevents the Fullerton, California, blogger from publishing confidential documents he accessed through an unprotected folder on the city of Fullerton’s file-sharing account.
On Jan. 4, 2021, the Reporters Committee filed a second friend-of-the-court brief in the case, this time urging the California Court of Appeals to vacate the Superior Court judge’s preliminary injunction. The brief argues, among other things, that interpreting the federal and state hacking laws to impose liability for routine newsgathering would raise constitutional concerns. “[T]he City’s interpretation of the CFAA and CDAFA threatens to criminalize a wide range of ordinary journalistic practices that serve the public interest without offering any safe harbor for reporters’ First Amendment activities,” Reporters Committee attorneys write in the brief.
On May 12, 2021, the city of Fullerton agreed to drop its lawsuit against the local bloggers, “retracti[ing] any and all assertions” that the defendants had “acted illegally in accessing the documents.”
Background: City officials in Fullerton, California, filed a lawsuit against a local blog called Friends for Fullerton’s Future and two of its contributors, alleging violations of the Computer Fraud and Abuse Act and California’s Comprehensive Computer Data Access and Fraud Act, among other claims.
The city alleges that the bloggers violated federal and state anti-hacking laws when they accessed unreleased and sensitive documents hosted and shared through an account on the file-sharing website Dropbox. Notably, however, it does not appear that the Dropbox page was password protected, and, while the city officials assert that they limited access by providing links to only specific folders, they also shared the top-level address for the site with public records requesters, including one of the defendants.
An Orange County Superior Court judge granted a temporary restraining order prohibiting the blog from posting or reporting on the city’s documents. Attorneys for the blog filed a writ asking a California court of appeals to intervene in the case by vacating the temporary restraining order.
Our Position: The appeals court should vacate the temporary restraining order against the bloggers.
- The alleged conduct does not amount to hacking.
- The court should reject the city’s overly broad, incorrect interpretation of the Computer Fraud and Abuse Act.
- The court should reject the city’s overly broad, incorrect interpretation of the California Comprehensive Computer Data Access and Fraud Act.
- The use of virtual private networks, Tor and other encryption software or applications are accepted best practices for information security, particularly for journalists.
Quote: “Amicus is not aware of any case where federal or state hacking laws have been misused so brazenly to target routine newsgathering activities — namely, the collection of government information available to any internet user. Journalists, and data journalists in particular, who often use computer programs to collect large amounts of data online (known as “scraping” or “spidering”), however, have long expressed concern that such laws could be misused to penalize the collection of publicly available information on the internet — a concern shared by Amicus and other news media organizations and press freedom advocates.”
Jan. 4, 2021, brief:
Nov. 5, 2019, brief: