Over the past few years, the idea of algorithmic bias—whether entirely real or mostly conspiratorial—is something that’s cropped up in conversations of niche internet groups and White House officials alike. And now, researchers and tech journalists are legally free to investigate these issues to their heart’s content—within reason, at least. After a nearly year-long battle between the ACLU and Attorney General William Barr, a federal court finally ruled that probing sites to uncover their biases isn’t a violation of the Computer Fraud And Abuse Act, or CFAA.
In a statement, one ACLU staff attorney, Esha Bhandari, said the decision will help “ensure companies can be held accountable for civil rights violations in the digital era.”
“Researchers who test online platforms for discriminatory and rights-violating data practices perform a public service,” she added. “They should not fear federal prosecution for conducting the 21st-century equivalent of anti-discrimination audit testing.”
Since last May, the ACLU’s been going toe-to-toe with the AG on behalf of “academics, researchers, and journalists,” who might’ve needed to say, violate a platform or site’s TOS as part of their probing. Under CFAA, something like scraping a site’s publicly available intel, creating multiple accounts, or even submitting false information, “exceeds authorized access” under the law, which could technically be construed as a criminal offense.
Put another way, if a researcher wanted to investigate whether a site discriminated against users on the left or right of the political spectrum (or users that are one race versus another) they’d technically have to violate the site’s terms of service—and CFAA—to do so.
To be fair, there are some good reasons that these sites have provisions against things like multiple accounts per user baked into their TOS. Twitter, for example, adopted this provision to keep spam on its platform down, as did Facebook. And while the threat of possible consequence certainly hasn’t stopped scammers from buying, selling and hoarding multiple accounts at any given time, the threat of a CFAA-based crackdown has certainly given researchers pause in the past—and kept them from auditing and investigating the sites and services they research, according to the ACLU.
This was the same finding of DC-area judge John Bates this past weekend, who reached the decision that a proper reading of the CFAA wouldn’t criminalize the majority of academic research—even if that research violates a site’s TOS.
It’s still unclear if the government plans on contesting the ruling, or if any private companies are going to voice their own arguments against it. This month, LinkedIn attempted to appeal its own CFAA ruling, which found that third-party analytics firm hiQ was, in fact, not violating CFAA by scraping publicly available data on its site. At least according to the Bates ruling, a company like LinkedIn is still free to boot these companies—or individual researchers—off their networks, but they can’t use a federal mandate to do it.