Employee mistakenly sent the link when replying to a records request.
The city of Fullerton, California, has agreed to pay $350,000 to settle a lawsuit it brought against two bloggers it accused of hacking the city’s Dropbox account.
Joshua Ferguson and David Curlee frequently made public record requests in the course of covering city government for a local blog, Friends for Fullerton’s Future. The city used Dropbox to fulfill large file requests, and in response to a June 6, 2019, request for records related to police misconduct, Ferguson and Curlee were sent a link to a Dropbox folder containing a password-protected zip file.
But a city employee also sent them a link to a more general “Outbox” shared folder that contained potential records request documents that had not yet been reviewed by the city attorney. The folder wasn’t password protected or access restricted. At the time, there were 19 zip files in the outbox, five of which were not password protected.
The bloggers downloaded the files related to their records request and the 19 zip files in the outbox link. In the unprotected files, Ferguson and Curlee found emails relating to police internal affairs investigations and an insurance claim regarding an automobile crash involving an allegedly drunk city employee, among others. Throughout June 2019, the bloggers published posts using the documents as source material.
". . .As the case made its way through the courts, both the Electronic Frontier Foundation and the Reporters Committee for Freedom of the Press filed amicus briefs earlier this year in support of the bloggers. The EFF’s brief was particularly pointed.
> “The City’s interpretation would permit public officials to decide—after making records publicly available online (through their own fault or otherwise)—that accessing those records was illegal,” the group wrote.
> “The City proposes that journalists perusing a website used to disclose public records must guess whether particular documents are intended for them or not, intuit the City’s intentions in posting those documents, and then politely look the other way—or be criminally liable.”
The city of Fullerton faced increasingly long odds of winning the lawsuit, and last week, the city council voted 3-2 to settle the suit. Under the terms of the settlement, the city will pay the defendants $230,000 in attorneys costs and $60,000 each in damages. The city will also post a public apology on its website."
-------------------------------------------------------------------------------------------------------------------------------
ADDENDUM: There are 86 comments that can be viewed using the following link
No comments:
Post a Comment