Sandvig v. Barr — Challenge to CFAA Prohibition on Uncovering Racial Discrimination Online
What's at Stake
The ACLU has filed a lawsuit challenging the constitutionality of the Computer Fraud and Abuse Act, which makes it a federal crime to access a computer in a manner that “exceeds authorized access.” This provision of the law often prohibits and chills academics, researchers, and journalists from testing for discrimination on the internet. The lawsuit was filed in the U.S. District Court for the District of Columbia in June 2016. The plaintiffs are academic researchers, computer scientists, and journalists who wish to investigate companies’ online practices through standard academic and journalistic techniques, but are limited by the terms of service of target websites.
Stay informed about our latest work in the courts.
By completing this form, I agree to receive occasional emails per the terms of the ACLU's privacy statement.
Summary
The CFAA provision in question has been interpreted to prohibit an individual from visiting a website in a manner that violates the terms of service or terms of use established by that website. However, robust audit testing and investigations to uncover online discrimination require violating common website terms of service.
The CFAA’s “exceeds authorized access” provision delegates power to private websites to set terms of service that are then enforced through the criminal law. Many common website terms of service prohibit such activities as gathering or recording publicly available information, creating multiple accounts, or providing false information, even though these activities are often necessary for robust audit testing to uncover discrimination on the internet.
In the offline world, audit testing has long been recognized as a crucial way to uncover racial discrimination in housing and employment, and to vindicate civil rights laws such as the Fair Housing Act and Title VII’s prohibition on discrimination in employment. Courts and Congress have long encouraged such socially useful testing and investigations.
In the online world, however, conducting the same kind of audit testing can subject individuals to prosecution under the CFAA. This inhibits the public’s access to information about discrimination online, while also prohibiting a range of speech and expressive activity protected by the First Amendment.
For these reasons, our lawsuit seeks to remove the barriers posed by the CFAA’s overbroad criminal prohibitions, so that the public can continue to learn about new forms of discrimination and ensure that civil rights protections remain effective.
The plaintiffs in the case are researchers from the University of Michigan, the University of Illinois, and Northeastern University, as well as First Look Media, which publishes The Intercept.
On March 30, 2018, the district court denied in part and granted in part the government’s motion to dismiss, allowing the case to proceed to address the merits of one of the First Amendment claims.
In spring 2019, the plaintiffs and the government cross-moved for summary judgment. The plaintiffs seek a ruling that the First Amendment grants them the right to provide false information to websites in the course of testing for discrimination on the basis of race, gender, and other characteristics protected under civil rights laws.
Legal Documents
Press Releases
Federal Court Rules ‘Big Data’ Discrimination Studies Do Not Violate Federal Anti-Hacking Law
Judge Allows ACLU Case Challenging Law Preventing Studies on ‘Big Data’ Discrimination to Proceed
ACLU Challenges Law Preventing Studies on ‘Big Data’ Discrimination
