A new tendency by governments to charge
journalists with hacking when they expose problems is a threat to the free flow of information, according to a report written by Grayson Clary for the Reporters Committee for Freedom of the
Press.
The issue is central to a incident involving Josh Renaud, a reporter for the St. Louis Post Dispatch.
Renaud discovered a state agency website that allowed citizens to look up a teacher’s credentials exposed educators’ Social Security numbers in the source code.
His report was met with “ threats of criminal or civil liability under Missouri’s anti-hacking laws,” Clary continues.
This seems foolish, given the error in the source code clearly needed to be corrected. But it’s not the only case of its type.
advertisement
advertisement
In May, as reported here, the city of Fullerton, California, dropped a lawsuit against two bloggers who published police misconduct records.
The municipality agreed to pay $350,000 to settle the civil case it filed in 2019 against bloggers Joshua Ferguson and David Curlee from the website Friends for Fullerton’s Future. And it will retract and apologize for allegations that Ferguson and Curlee were guilty of criminal hacking.
This issue concerned ‘access to a Dropbox folder the city chose to host at a publicly accessible URL,” Clary states.
“The idea that viewing a site’s source code amounts to hacking is, to put it gently, ridiculous,” Clary writes. “As TheWashington Post’s Philip Bump explains, that information is very much delivered to you on purpose when you visit the URL; your browser needs it to display the site in the way its designer intends.”
Clary adds: “If you’re reading this on the Reporters Committee’s site, feel free to take a look at ours.
The dangerous premise behind such threats: “A site owner’s private preferences ought to be the measure of reporters’ rights — no matter what a site has, in fact and in practice, made visible to the public,” per Clary.
However,” as the U.S. Supreme Court observed in a recent case, answering a related question under the CFAA, letting private parties exercise that kind of veto would criminalize a ‘breathtaking amount of commonplace computer activity.’”
Wow, someone who actually gets it. The story is not whether a reporter hacked a state database, which it's highly unlikely that the reporter knew how to do and is illegal. The story is state (and federal officials, such as Trump) making false and libelous allegations about journalists. That is the story. Thanks to Grayson Clary for writing a report and Ray Schultz for covering it.