A quick catch up for those of you who might not know. The City of Fullerton is suing this blog, myself and David Curlee. We’re being sued for allegedly clicking on links on the internet and for this blog then allegedly publishing things from those links.
The city’s argument is, essentially, that we didn’t have permission to click links.
In discussing this issue lately I was reminded about a case from here in California from back when Arnold Schwarzenegger was Governor. What happened was somebody accidentally put an audio file online on the governor’s website that wasn’t supposed to be there and somebody from the Phil Angelides for Governor campaign found it and sent it to the press.
I’ve been pretty quiet since the City of Fullerton decided to sue me, David Curlee and this blog. We were under a Temporary Restraining Order (TRO) so knowing what I could and could not post was up for legal debate. Yet at the same time the TRO was active, the City Attorney, Kim Barlow, was out in the open calling us hackers and thieves to our friends, neighbors and the world at large. Yay illegal prior restraints in violation of the 1st Amendment.
The basic issue here is that City Hall screwed up and then decided to smear and scapegoat us to cover their own bureaucratic hindquarters.
To this end they hired some experts to bloviate about BS in an attempt to confuse people and obscure the truth about what is actually being alleged against us and City Council bought it hook, line and sinker.
The ink on the City’s Press Release hit-piece was barely dry before The Fullerton Observer uncritically reprinted it and in an effort to attempt cover the story they brought in their own “expert” who copy and pasted the City’s nonsense in order to paint us as hackers and villains with malicious intentions and evil schemes.
But now I’ll tell you what is actually being alleged; The City is alleging that we went to it’s website and clicked links.
All of their preening about VPNs/TOR, link hashes, network security – All Of It – is a smokescreen. Despite the nonsense about needing to delay the lawsuit to secure the city’s network, the city never alleges that the their network was ever breached or hacked.
The real meat and substance of their argument and allegations is that we “exceeded authorized access” and are therefore “thieves” and “hackers” under the Computer Fraud and Abuse Act as well as the California Comprehensive Computer Data Access and Fraud Act.
We allegedly “exceeded access” because they say we went to a link on the city’s own website, a link they themselves claim that they told us about, and allegedly clicked on files and folders they put there for the whole world to see plain as day. The argument is that we should have known better and shouldn’t have clicked on the files they put on the internet at the website they told us about. That is literally their allegations. That’s it.
We’re apparently supposed to have known what a $1Million+/year worth of government employees & lawyers didn’t know – that some files the city put online shouldn’t have been accessible from the city’s own website.
To bypass the obvious First Amendment issues in this lawsuit and to obtain their TRO the city made the claim that we accessed files that contain privileged medical records of police and their families, etc.
This is why they claim to have needed the prior restraint against us publishing data – to mitigate financial risks to the city. But there is no evidence this blog has published any such information made in the city’s grand accusations. Information, mind you, that the City themselves claim to have put on the internet for the entire world to access. By their logic we shouldn’t be allowed to do as journalists what they themselves have already admitted to doing as incompetents.
The City is trying to unring a bell here and blaming those who allegedly heard it instead of admitting they caused the commotion when they bonked their own heads.
Even if what the city alleges is true, that we allegedly went to the city’s own website and clicked links, the liability and financial risks to the city are of their own doing by their own admissions. It is not the responsibility of journalists or even the public to safeguard the city’s corruption and secrecy after the city itself has put it on display for the entire world.
To call the allegation that we went to their website and clicked links “hacking” and “stealing” is absurd. To demand myself, David Curlee, my former co-worker, this blog at large and unnamed Does 1-50 turn over our entire digital lives (phones, computers, hard drives, flash drives, CDs/DVDs, etc) to the city to cure this alleged link clicking is ludicrous on top of the absurd. And frankly it’s insulting and malicious.
Fullerton is rotten to the core when it actively buries misconduct by employees and officers but attacks bloggers & journalists for revealing truths. That our council would vote 5-0 to pursue this lawsuit and then vote 4-1 to continue it says a lot about our supposed leadership.
Thankfully the TRO was stayed by the Appellate Court and we are free to resume publishing. This is going to continue at least until 21 November and we’ll keep you posted as to the status of this ridiculous lawsuit.
Meanwhile I’m now out of a job thanks to this lawsuit while bills and attorney fees stack up. A good friend and all around great guy, Erik Wehn, set up a GoFundMe account and I’ll incur his wrath if I don’t mention it [HERE] so there it is and thank you to all of the people who have supported myself and this blog financially, emotionally and spiritually in these trying times. Sincerely thank you.
On Sunday, 03 November 2019, the Reporters Committee on Press Freedom released an article [HERE] outlining their read on the case against us. They see the overreach and concern to journalists being posed by Fullerton’s read on the law.
“The prior restraint sought here is, of course, concerning. But this is the first case we’re aware of where the computer crime laws have been misused so brazenly against members of the news media. First, the conduct alleged — accessing publicly available documents over the public internet — is clearly not hacking. A court finding that accessing publicly available documents over the public internet constitutes hacking would pose serious concerns for data journalists.”
Two days later, 05 Nov, the same day the City Council voted 4-1 to continue the lawsuit against this blog and two of your humble friends, the RCPF filed an amicus brief supporting us in our appeals court effort to overturn the Temporary Restraining Order issued against us.
You can read the entire RCFP Amicus Brief [HERE]. Some highlights are as follows.
“The essence of the City’s allegations in this case is that bloggers reporting on newsworthy matters of clear public interest (namely, potential government misconduct) violated federal and state hacking laws by accessing information that was made available online by the City to all the world. The City claims it is entitled not only to an extraordinary prior restraint on publication but also damages, in part for claims against the City for breach of confidentiality caused by the City’s own cybersecurity lapses.”
This was not hacking:
“If Amicus’s reading of the declaration of the City’s information technology expert is correct, one did not even need a username or password to access files in the Dropbox account maintained by the City, in which it commingled allegedly sensitive and privileged information with material that it affirmatively invited public records requesters to download.”
The theft from a “house” analogy doesn’t work:
“A public website, including the Dropbox account here, is not like a “house.” When an entity chooses to make information available to the public on the internet, without a technical access restriction like a password, that information can legally be accessed by anyone.”
VPNs/TOR are industry practice:
“It is true that the use of a VPN and Tor serves to protect user anonymity, and that “even some journalists routinely use” them. Id. Indeed, the use of such services is not only commonplace among journalists—it is a recommended industry practice.”
“Everyone should be using encrypted services and applications to protect their communications. In fact, in 2017, the American Bar Association’s Committee on Ethics and Legal Responsibility recommended that lawyers use “high level encryption” or other “strong protective measures” to protect sensitive client information.”
Read the whole thing, it’s worth it. We’ll bring more updates as they happen.