As part of their jobs, journalists routinely dig through government websites to find newsworthy documents and share them with the broader public. Journalists and Internet users understand that publicly available information on government websites is not secret and that, if government officials want to protect information from being disclosed online, they shouldn’t publicly post it on the Internet.
But a California city is ignoring these norms and trying to punish several journalists for doing their jobs. The city of Fullerton claims that the journalists, who write for a digital publication called Friends for Fullerton’s Future, violated federal and state computer crime laws by accessing documents publicly available to any Internet user. Not only is the civil suit by the city a transparent attempt to cover up its own poor Internet security practices, it also threatens to chill valuable and important journalism. That’s why EFF, along with the ACLU and ACLU of Southern California, filed a friend-of-the-court brief in a California appellate court this week in support of the journalists.
The city sued two journalists and Friends for Fullerton’s Future based on several claims, including an allegation that they violated California’s Comprehensive Computer Data and Fraud Act when they obtained and published documents officials posted to a city file-sharing website that was available to anyone with an Internet connection. For months, the city made the file-sharing site available to the public without a password or any other access restrictions and used it to conduct city business, including providing records to members of the public who requested them under the California Public Records Act.
Even though they took no steps to limit public access to the city’s file sharing site, officials nonetheless objected when the journalists published publicly available documents that officials believed should not have been public or the subject of news stories. And instead of taking steps to ensure the public did not have access to sensitive government documents, the city is trying to stretch the California computer crime law, known as Section 502, to punish the journalists.
EFF’s amicus brief argues that the city’s interpretation of California’s Section 502, which was intended to criminalize malicious computer intrusions and is similar to the federal Computer Fraud and Abuse Act, is wrong as a legal matter and that it threatens to chill the public’s constitutionally protected right to publish information about government affairs.
The City contends that journalists act “without permission,” and thus commit a crime under Section 502, by accessing a particular City controlled URL and downloading documents stored there—notwithstanding the fact that the URL is in regular use in City business and has been disseminated to the general public. The City claims that an individual may access a publicly available URL, and download documents stored in a publicly accessible account, only if the City specifically provides that URL in an email addressed to that particular person. But that interpretation of “permission” produces absurd—and dangerous—results: the City could choose arbitrarily to make a criminal of many visitors to its website, simply by claiming that it had not provided the requisite permission-email to the Visitor.
The city’s interpretation of Section 502 also directly conflicts with “the longstanding open-access norms of the Internet,” the brief argues. Because Internet users understand that they have permission to access information posted publicly on the Internet, the city must take affirmative steps to restrict access via technical barriers before it can claim a Section 502 violation.
The city’s broad interpretation of Section 502 is also dangerous because, if accepted, it would threaten a great deal of valuable journalism protected by the First Amendment.
The City’s interpretation would permit public officials to decide—after making records publicly available online (through their own fault or otherwise)—that accessing those records was illegal. Under the City’s theory, it can retroactively revoke generalized permission to access publicly available documents as to a single individual or group of users once it changes its mind or is simply embarrassed by the documents’ publication. The City could then leverage that revocation of permission into a violation of Section 502 and pursue both civil and criminal liability against the parties who accessed the materials.
Moreover, the “City’s broad reading of Section 502 would chill socially valuable research, journalism, and online security and anti-discrimination testing—activity squarely protected by the First Amendment,” the brief argues. The city’s interpretation of Section 502 would jeopardize important investigative reporting techniques that in the past have uncovered illegal employment and housing discrimination.
Finally, EFF’s brief argues that the city’s interpretation of Section 502 violates the U.S. Constitution’s due process protections because it would fail to give Internet users adequate notice that they were committing a crime while simultaneously giving government officials vast discretion to decide when to enforce the law against Internet users.
The City proposes that journalists perusing a website used to disclose public records must guess whether particular documents are intended for them or not, intuit the City’s intentions in posting those documents, and then politely look the other way—or be criminally liable. This scheme results in unclear, subjective, and after-the-fact determinations based on the whims of public officials. Effectively, the public would have to engage in mind reading to know whether officials approve of their access or subsequent use of the documents from the City’s website.
The court should reject the city’s arguments and ensure that Section 502 is not abused to retaliate against journalists, particularly because the city is seeking to punish these reporters for its own computer security shortcomings. Publishing government records available to every Internet user is good journalism, not a crime, and using computer crime laws to punish journalists for obtaining documents available to every Internet user is dangerous—and unconstitutional.