Bias Auditors Challenge Computer Fraud Law

     WASHINGTON (CN) — By criminalizing the violation of a website’s terms of service, the U.S. government chills the work of discrimination watchdogs, several such researchers contend in a new federal complaint.
     Though auditors on the look out for disparate treatment may very well need to misrepresent themselves to gather data, the target of an investigation may have provisions in its terms of service that “prohibit providing false information, creating multiple user profiles, or using automated methods of recording the information displayed for different users,” the complaint states.
     There is a provision of the Computer Fraud Abuse Act (CFAA), however, that “creates liability when an individual, in accessing a protected computer, does so in a manner that ‘exceeds authorized access.'”
     First Look Media, a New York nonprofit that publishes Glen Greenwald’s investigative news outlet The Intercept, is among plaintiffs now calling this provision unconstitutional. The group filed suit on June 29, joined by Christian Sandvig, an associate professor at the University of Michigan; Kyratso Karahalios, an associate professor at the University of Illinois; Alan Mislove and Christopher Wilson, both associate professors at Northeastern University. They are represented by Arthur Spitzer with the American Civil Liberties Union.
     Citing trends by courts and federal prosecutors, the group says “individuals and organizations risk prosecution for conducting research into online discrimination where ToS prohibit their research techniques.”
     “They face prosecution even where, as in the case of plaintiffs’ activities, their research will not cause material harm to the target websites’ operations and where they have no intent to commit fraud or to access any data or information that is not made available to the public,” the complaint states.
     First Look Media and the others note that “the best way to determine whether members of protected classes are experiencing discrimination … is via outcomes-based audit testing, which enables researchers to discover how websites appear to different users.”
     Such research necessarily involves tactics contrary to CFAA rules, including “providing false information, creating multiple user profiles or using automated methods of recording the information displayed for different users,” according to the complaint.
     The group says researchers also must be free to compile data from a website, a process known as “scraping,” and house their findings offline for research purposes.
     Compounding the upward trend of sensitive transactions occurring online — in real estate, financial and employment, for example — is the “rise of big data has allowed for new forms of targeted marketing,” according to the complaint.
     The researchers say “some of these [big-data] models primarily focus on minority communities with lower incomes.”
     The plaintiffs hope to verify if there are algorithms in place on websites like or that use this data mining in both explicit and less explicit ways to discriminate.
     In the complaint, the plaintiffs refer to the potential dangers of a data broker’s ability to “append additional information about consumers for retailers and other clients including race, age, gender, religion or ethnicity.”
     This mined data, the complaint argues, can be stored in cookies on sites like These cookies, or small amounts of data which are sent from a web server to a user’s browser, stored there and then finally sent on back future requests, can be used as a discriminatory tracking method.
     This, the complaint explains, creates a slippery slope that makes it possible “to show particular content [on] to, for example, users who have visited the Black Entertainment Television (BET) website or who have recently purchased feminine hygiene products or have clicked on an article about LGBT rights.”
     Citing a possible socioeconomic prejudice, the researchers note that, “if a data set reflects that people who live in certain zip codes are likely to have lower credit scores, a creditworthiness algorithm may tag all people in those zip codes as less creditworthy.”
     Indeed, certain lenders have already secured a patent that permits them to make credit decisions based “on the credit ratings of members of an individual’s social network,” according to the complaint.
     The group filed their 47-page demand for an injunction against Attorney General Loretta Lynch.
     Alleging violations of the First Amendment and Fifth Amendment they say research is an exercise of free speech and that due-process violations will arise from the vague challenged provision.
     The group credits similar auditing practices with having laid the very groundwork for protections like the Fair Housing Act or Title VII of the Civil Rights Act, which respectively, make race or gender discrimination against a potential renter or home-buyer or job applicant illegal.
     Website owners also tend to write their own terms of service, which can include any number of stipulations, some of which can be wholly arbitrary, according to the complaint.
     The attorney general’s office did not return a phone call seeking comment Friday.

%d bloggers like this: