We had a similar challenge at FCC, where controversial notices often received many comments with varying coordination. Members differed on how to account for that. My view was that comment volume was a rough public opinion barometer, at most, and we should focus on substantive facts and arguments.

I used to work on the Hill. It was common for doors to have confusing signage and sometimes be closed. That’s a quite plausible explanation for this mistake. The incident should have a nonpartisan investigation by the Capitol Police and Sergeant at Arms, not political releases of manipulated media.

In computer crime law, it’s normal to consider access and fraud to be separate elements from receiving information. CFAA expressly draws that distinction. These are legal concepts based on a logical construct of systems and data within systems. They don’t neatly match underlying technical details.

The legislative purpose, it seems to me, is straightforward. Reporters who come into possession of ill-gotten or contraband material, through no doing of their own, have some protection from law enforcement search for that material. Essentially the fact pattern in Bartnicki v. Vopper.

I read the text and purpose of that PPA exception-to-the-exception somewhat differently. The term “consists of” is exclusive (the usual meaning), and it precedes specific offense elements. If a computer offense exceeds those elements, which it would (e.g., access or fraud), then police can search.

The PPA’s text and history (Senate report, Conference report, and DOJ implementation) all contemplate searches of a suspect’s materials. None address the proper scope of a search like that. The “possession” qualifier helps, but could break down if the news org is a suspect or the newsroom is small.

There are further indicia that the newsroom was acting in good faith. After they realized the tip was problematic, they declined to run a story and they reported it to law enforcement. That makes the aggressive raids even more unconscionable.

The PPA exception for people suspected of committing criminal offenses is, presumably, grounded in an assumption that there’ll always be a risk of evidence tampering. One of the many unusual aspects of this episode is that the assumption may be wrong. The newsroom has been open about what happened.

One wrinkle I’ve been mulling over is “possession” under the PPA. It’s possible that the searches were lawful with respect to some materials (i.e., devices used by the reporter who accessed the website) and not others. Another wrinkle is the good faith defense, compounded by the search warrant.

Could you say more about why you think the Privacy Protection Act would apply? I’m with you on policy considerations, but under the (current) law, there is a statutory exception when law enforcement is investigating an alleged crime by a person who would otherwise be covered by the law.

As I said (several times!), I’m not condoning what the Marion Police Department did here. This was a terrible mistake. The media consequences will reverberate for years, and the personal toll is tragic.

Policy and law are different. A law enforcement action can be bad policy and permitted by law.

In closing, I want to reemphasize that I in no way support what happened. More facts will come out. Even if this was a properly predicated investigation, there may be other problems with the searches. I just want to offer some perspective on the legal dimensions of what happened and might happen.

If that's what the Marion Police Department is investigating, that would explain searching (at least some) electronic devices in the newsroom. That would also explain the department's position that the Privacy Protection Act didn't apply, because it was investigating alleged crimes by a reporter.

While the DPPA’s exceptions are notoriously broad, it doesn't look like any apply to these circumstances. Pretexting to circumvent the DPPA could plausibly violate Kansas criminal law, such as the identity fraud law (if posing as the driver) or the computer fraud law (access without authorization).

Second, here’s the Kansas state government website for obtaining a driver’s history. Look closely at the user interface design. There’s a notice about the DPPA, and then the user has to affirmatively attest to the specific DPPA exception that makes them eligible to obtain a person’s driving records.

Here’s where two critical issues, which I haven’t seen discussed, come into play.

First, there is a federal privacy law that covers driving records held by a state government. The Driver’s Privacy Protection Act prohibits disclosing these records to third parties, subject to various exceptions.

These are the (seemingly) undisputed facts: A source provided information about a person’s driver’s license and past driving offenses to the newsroom. A reporter then looked up and confirmed the information on a state government website. Local police are investigating the lookup as a possible crime.

Before I get to the law: I do not condone this newsroom search. The Marion Police Department appears to have demonstrated terrible judgment, inconsistent with a commitment to a free press. More bad facts could emerge. I also think this area of law needs a revamp. Ok, back to the legal analysis.

The state-of-the-art research methods for spotting AI-generated writing aren’t nearly good enough for a high-stakes & adversarial setting like academic discipline. OpenAI’s in-house model has 26% recall & a 9% false positive rate in their own evaluation! I wouldn’t trust Turnitin’s black box at all.