According to Reuters: Those who filed suit to prevent President Trump from barring his detractors on Twitter have moved on to Facebook.
The Knight First Amendment Institute disclosed Monday’s letter to Facebook CEO Mark Zuckerberg, in which it proposed modifying Facebook’s terms of service to establish a protected zone for journalists and researchers studying the social networking site, on Tuesday. The letter warned that under Facebook’s present policies, investigators risk not only being banned from the site but also facing legal consequences under the Computer Fraud and Abuse Act. Knight is advocating for a change in Facebook’s policies that would make it possible for legitimate journalists and researchers to scrape data and create temporary accounts for study purposes.
The letter stressed the importance of “digital journalism and research” in helping the general people comprehend Facebook’s platform and its societal impact. The tools that are typically necessary for this kind of journalism and study are explicitly forbidden by Facebook’s terms of service.
Three journalists, including New York Times’ Kate Conger and Gizmodo’s Kashmir Hill, as well as researchers from Princeton and the University of Michigan, were represented in Knight’s letter. Hill of Gizmodo published a story shortly after Knight revealed its letter, detailing how Facebook had tried to pressure Gizmodo into taking down an open source tool it had developed as part of its investigation into the company’s People You May Know feature on the grounds that it violated Facebook’s terms of service. (Anyone who downloaded the app would be able to see if Facebook suggested them as friends to those whose profiles they had seen.) The tool is still available, but Hill argues that the incident demonstrates the need for a safe haven for journalists and researchers.
I questioned Ramya Krishnan from Knight if the safe harbor could be used by competitors of Facebook or data-mining organizations looking to make money off of Facebook user data. (The Cambridge Analytica issue involving Facebook is probably still fresh in your mind.) Knight suggests the following safe harbor qualification criteria: Researchers must have a public interest rather than a commercial one, and they must take reasonable precautions to not mislead Facebook users about the identity of the people behind their temporary research profiles. According to Krishnan, these caveats would ensure that negative actors are not afforded the safe harbor. If suspicious behavior is uncovered, the Knight Institute envisions Facebook-employed monitors deciding whether or not it merits safe harbor protection.
The question of whether or not Cambridge Analytica would have been protected under the safe harbor has been considered, Krishnan added. A resounding “no”
Of course, this is all speculation. The only action taken by Knight so far has been a request to modify the service’s terms. The firm is under no obligation to respond to the letter, and it’s hard to picture Facebook inviting fresh criticism by declaring itself the final authority on whether or not journalists and researchers who scrape data and utilize masked accounts are legitimate.
In spite of Knight’s letter, Facebook shows no signs of rushing to alter its current policies. In an email response, Facebook said, “We appreciate the Knight Institute’s ideas.” Campbell Brown is Facebook’s head of global news partnerships. “Journalists and researchers play an important role in holding us accountable when we get things wrong and in educating the public about corporations and their goods. We do have stringent constraints on how third parties can use people’s information, and we do acknowledge that these sometimes come in the way of this effort. According to the company’s statement, Facebook already provides some resources for journalists and promises to provide a new software-building tool to examine the performance of political ads on the platform. There was no indication in the announcement that talks with Knight about a media and academic safe haven would be initiated.
No matter what the future holds for Facebook and the Knight Institute, the threat of civil and possibly criminal liability under the CFAA for terms of service violations is raised by Knight’s letter. You may remember (as I explained in an article last August) that the definition of “hacking” in the 1986 anti-hacking law is vague. While it may be obvious that hackers using stolen credentials obtained from the dark web are breaking the CFAA, what about a data scraper mining publicly available information, as was the case in a lawsuit filed against LinkedIn last year? Or consider Gizmodo, whose open source tool first required Facebook users to enter their login credentials so that the program could access the site automatically.
Gizmodo was not accessing or even collecting data from individual Facebook accountholders’ computers. Hill claimed on Tuesday that Gizmodo feared legal action after Facebook warned it that their tool breached Facebook’s terms of service.
Although Knight’s letter recognized that Facebook had not made that allegation in litigation against a journalist or researcher, it did note that both Facebook and the Justice Department have cited the CFAA in connection with terms of service violations. (The most well-known instance of the company’s use of the statute was in a case against the then-emerging social networking site Power.com; the 9th U.S. Circuit Court of Appeals found Power.com liable for CFAA violations, 844 F.3d 1058, because it had continued accessing Facebook computers despite having been sent a cease-and-desist letter.)
Due to concerns about criminal liability under the CFAA for violations of terms of service, a group of journalists and researchers filed a lawsuit against the Justice Department in 2016, arguing that the CFAA violates the First Amendment to the extent that it forbids the collection of publicly-available data related to online discrimination. While dismissing most of the plaintiffs’ claims in Sandvig v. Sessions (2018 WL 1568881), U.S. District Judge John Bates of Washington in March kept alive First Amendment allegations by two researchers who said they feared prosecution if they carried out plans to create fake user accounts to test discrimination at employment websites. The Department of Justice has requested that Judge Bates allow discovery into which places the investigators want to visit.
Similar research methods and public-benefit objectives are mentioned in both the Sandvig suit and the Knight letter. Is the Institute thinking about going to court to get the same shield from CFAA civil liability that Sandvig’s ACLU attorneys are trying to get for him in the criminal context?
No comment from Krishnan at Knight just yet. She emailed me to tell me that the institute is still waiting for Facebook to respond to its “safe harbor” proposal. “The suggestion is made in good faith and with constructive intentions,” she stated. We’ll observe how Facebook reacts before making any further plans.