Computer security researchers and journalists play a critical role in uncovering flaws in software and information systems. Their research and reporting allows users to protect themselves, and vendors to repair their products before attackers can exploit security flaws. But all too often, corporations and governments try to silence reporters, and punish the people who expose these flaws to the public.
This dynamic is playing out right now in a court in India, where a company is seeking to block Indian readers from accessing journalism by the American security journalist known as Dissent Doe. If it succeeds, more than a billion people in India would be blocked from reading Dissent Doe’s reporting.
Here’s what happened: last summer, Dissent Doe discovered that an employee wellness company was leaking patients’ private counseling information on the publicly available Web. Dissent alerted the company, called 1to1Help, so that it could secure its patients’ records. After Dissent repeatedly contacted the company, it finally secured the confidential data, a month after Dissent first notified them of the breach.
At that point—once the leak was fixed, and the data was no longer available to malicious actors—Dissent wrote about the breach on the website DataBreach.net, where Dissent reports on significant security flaws.
At first, 1to1Help seems to have recognized the strong public interest in having these types of vulnerabilities exposed. After fixing the breach, the company emailed Dissent to express its thanks for alerting the company, and allowing it to strengthen its data security.
A few weeks later, however, the company took a different tack. It filed a meritless criminal complaint against Dissent in the Bangalore City Civil Court alleging that Dissent “hacked” its patient files—even though the complaint itself acknowledges that the patient files were available to anyone on the public Web, until Dissent alerted the company about this flaw. The criminal complaint also alleges that Dissent’s emails requesting comment for the DataBreach.net story were “blackmail.”
Thankfully, any judgment against Dissent Doe in India would be unenforceable in the United States thanks to the protections of an important law called the Securing the Protection of Our Enduring and Established Constitutional Heritage (SPEECH) Act. Under the SPEECH Act, foreign orders aren’t enforceable in the United States unless they are consistent with the free speech protections that the U.S. and state constitutions guarantee, as well as with state laws.
But the injunction that 1to1Help is asking for would prevent Dissent’s website, DataBreaches.net, from being accessed by anyone in India. And if 1to1Help’s meritless lawsuit succeeds, other companies would surely follow suit in order to block Indians’ access to journalism online.
We hope the court in India decides to adhere to global principles of freedom of speech, and of the press. It should throw this dangerous lawsuit out of court.
The Electronic Frontier Foundation is the leading nonprofit organization defending civil liberties in the digital world. Founded in 1990, EFF champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development. We work to ensure that rights and freedoms are enhanced and protected as our use of technology grows. Visit https://www.eff.org
This post has been republished with implied permission from a publicly-available RSS feed found on EFF. The views expressed by the original author(s) do not necessarily reflect the opinions or views of The Libertarian Hub, its owners or administrators. Any images included in the original article belong to and are the sole responsibility of the original author/website. The Libertarian Hub makes no claims of ownership of any imported photos/images and shall not be held liable for any unintended copyright infringement. Submit a DCMA takedown request.