A new tendency by governments to charge
journalists with hacking when they expose problems is a threat to the free flow of information, according to a report written by Grayson Clary for the Reporters Committee for Freedom of the
The issue is central to a incident involving Josh Renaud, a reporter for the St. Louis Post Dispatch.
Renaud discovered a state agency website that allowed citizens to look up a teacher’s credentials exposed educators’ Social Security numbers in the source code.
His report was met with “ threats of criminal or civil liability under Missouri’s anti-hacking laws,” Clary continues.
This seems foolish, given the error in the source code clearly needed to be corrected. But it’s not the only case of its type.
In May, as reported here, the city of Fullerton, California, dropped a lawsuit against two bloggers who published police misconduct records.
The municipality agreed to pay $350,000 to settle the civil case it filed in 2019 against bloggers Joshua Ferguson and David Curlee from the website Friends for Fullerton’s Future. And it will retract and apologize for allegations that Ferguson and Curlee were guilty of criminal hacking.
This issue concerned ‘access to a Dropbox folder the city chose to host at a publicly accessible URL,” Clary states.
“The idea that viewing a site’s source code amounts to hacking is, to put it gently, ridiculous,” Clary writes. “As TheWashington Post’s Philip Bump explains, that information is very much delivered to you on purpose when you visit the URL; your browser needs it to display the site in the way its designer intends.”
Clary adds: “If you’re reading this on the Reporters Committee’s site, feel free to take a look at ours.
The dangerous premise behind such threats: “A site owner’s private preferences ought to be the measure of reporters’ rights — no matter what a site has, in fact and in practice, made visible to the public,” per Clary.
However,” as the U.S. Supreme Court observed in a recent case, answering a related question under the CFAA, letting private parties exercise that kind of veto would criminalize a ‘breathtaking amount of commonplace computer activity.’”