Tow Report

Corporate Control of Public Information

May 11, 2023

Executive Summary

Today, journalists are facing increased threats in the world. As New York Times publisher A.G. Sulzberger stated in his May 2023 speech before UNESCO for World Press Freedom Day, “All over the world, independent journalists and press freedoms are under attack.1 A.G. Sulzberger, 2023 World Press Freedom Day Keynote Address. (May 2, 2023), But what this statement fails to capture is that journalists’ work is under threat not just abroad, in dangerous parts of the world, but within the United States on a daily basis in much less visible ways. American journalists are increasingly prevented from accessing the information they need to hold the powerful to account. As Daniel Ellsberg said in an April 2023 investigative journalism conference in California, there has to be more reporting on our country’s systems of secrecy. This paper looks at some of the ways corporate secrecy has been leveraged against reporters seeking to tell the full story.

One system of increasing secrecy involves corporate actors holding space for more of our lives that now take place online. While this trend has led to an increase in data creation, it has also led to more walls being erected, thwarting access to information that was previously public. Since the pandemic, week-long conferences, investor calls, and court hearings that were all once held in person often now take place online. Although the ease of this information sharing can be a cause for celebration, this bounty of data is increasingly kept locked away. Through new legal and technological measures, private actors can more easily stop public access to growing troves of data. Such techniques create deleterious new barriers for journalists, academics, and policymakers tasked with reporting on powerful entities that shape all aspects of public life. Without access to this information, society becomes at risk of being unable to verify the truth, at the same time that artificial intelligence makes the proliferation of false information easier than ever.2At the same time that this opacity continues, “authorities and society at large have been pursuing increased transparency and disclosure,” to combat various social harms that can occur without greater awareness or knowledge. Anneka Randhaw, Jonah Anderson, & Laura Higgins, Four major changes to corporate transparency in 2022. WHITE & CASE (Mar. 30, 2022),  

This paper hopes to reveal how corporate control over information has been used to legally stymie access to data in the United States, at the same time that our lives online have created more data than ever before. This paper will excavate five specific ways through which corporate actions have thwarted public transparency, including (1) the rise of company towns withholding electronic data; (2) legal threats made under the Computer Fraud and Abuse Act (CFAA) and state laws; (3) the growth and manipulation of trade secrecy law and confidential business information exemptions; (4) the increasing passage of Congressional laws blocking corporate transparency; and (5) the recent Supreme Court decisions stymieing the possibility for state transparency laws alongside the ballooning incidence of shell companies used to withhold crucial financial information from the public. 

To look deeper at these issues, this paper uses various case studies, including several from the author’s own legal practice as the general counsel of The Center for Investigative Reporting (CIR), the oldest nonprofit newsroom in the country. In her role as general counsel, the author has assisted and defended reporters working on various investigations and observed how reporters have increasingly been thwarted from doing their jobs by having corporations block access to data, often online. The author delves into these case studies and the surrounding body of law to explain how newsrooms face increased challenges in obtaining information held by at least in part by private companies. 

The five key findings of this paper:

  • Companies are creating private towns that control the same number if not more responsibilities as local governments, but unlike local governments, demand contractual secrecy from local governments that bar disclosure under local public records acts.
  • Moving live events to online spaces has left reporters more susceptible to being excluded from access to information under the CFAA as well as other state laws.
  • Since 2019 there has been an expansion in trade secrecy law and confidential business information exceptions which permit for the withholding information that previously would have been public.
  • In the past decade Congress has passed various statutes that require data secrecy and circumvent general public-access laws.
  • In the last five years the Supreme Court has issued two decisions that make it more difficult for states to pass transparency laws. At the same time, there has been a rise in shell companies over the past quarter century which permit anonymity in a way that corrupts various finance sectors (such as real estate and public health) undermining a healthy marketplace. 
Sign up for CJR's daily email

In conclusion, while this paper is not a holistic map of corporate secrecy — nor does it come close to encapsulating all the transparency needs in the United States — it is the beginning of a study that demands further observation, i.e. how our existence on the Internet is creating more opacity in our society. At the same time as more of our democratic landscape is led and controlled by actors online, more transparency is needed than ever.


A 2020 survey of dozens of investigative journalists working on financial crime and corruption in 41 countries asked respondents to name the main source of threats against them. Seventy-one percent of respondents identified3 Susan Coughtrie & Poppy Ogier, Unsafe for Scrutiny: Examining the pressures faced by journalists uncovering financial crime and corruption around the world. THE FOREIGN POLICY CENTRE (Nov. 2020), This was followed by organized crime groups and the government, jointly, at 51 percent. threats from corporations as more ubiquitous than threats from other entities like organized crime groups or governments. Similar recent reports by UNESCO and the Committee to Protect Journalists (CPJ) showed that repression tactics used to prevent journalists around the world from doing critical reporting4 UNESCO, Journalism is a public good: World trends in freedom of expression and media development. Paris, 2022. have started to include not only violent physical attacks but also informational attacks conducted by corporate actors on reporters, such as legal threats against reporters or stymieing access to information.5 Id. at 93, 96. (Both state and nonstate actors use these tactics to gain access to confidential information and intimidate journalists.) The United States is no outlier to this trend. Various aspects of newsgathering online for U.S. reporters have been thwarted by corporate actors more often than in decades before when these avenues were not available, especially as our lives have gone almost ubiquitously online since the beginning of the COVID pandemic. 

This paper aims to provide a review of five ways private actors have manipulated the law to obfuscate information from journalists and create more opacity: 

  • the control of government functions through the growth of company towns;
  • the rise of potential claims under the Computer Fraud and Abuse Act (CFAA) and other statutes as more events take place online in the post-COVID era;
  • the expansion of trade secrecy and “confidential business information” exemptions under the Freedom of Information Act (FOIA); 
  • the passage of new laws to override FOIA’s presumption of openness; and 
  • two recent Supreme Court rulings that make the state transparency laws more difficult to pass at the same time that shell companies are frequently used to obfuscate unfair dealings.

These problems listed above are all exacerbated by the fact that an increasing number of government tasks have been delegated to private contractors. The privatization of the federal government’s public functions is no secret. For instance, just looking at America’s penal system, the number of individuals housed in private prisons since 2000 has increased 14 percent.6 Mackenzie Buday & Ashley Nellis, Private Prisons in the United States. THE SENTENCING PROJECT (Aug. 23, 2022), Indeed, “the largest prison system relying on privatization is the federal Bureau of Prisons (BOP), which has increased its reliance on private facilities by 79 percent since 2000.”7 Id. (Starting in 2021, President Biden signed an executive order to phase out private prisons used by BOP.) 

With this shift of responsibility to the private sector, public information concerning even our most vulnerable populations is now swiftly being passed from government to private entities. By handing off such information to contractors, the government can defer questions of access to corporate actors who eschew responsibility and are not held accountable to the public.

Many of the examples used to display this growing opacity are taken from the reporting at The Center for Investigative Reporting (aka CIR or Reveal, its radio program and podcast), where the author is employed as general counsel. Increasingly, the cases tackled by CIR’s newsroom show that as private actors are contracted to do more government work, and as more of the Internet becomes an active place of growth (particularly since the COVID pandemic began), more public information is being withheld from Americans. This paper aims to show how and where those changes have taken place, and to inspire possible solutions for change.


Corporate actors creating company towns

In recent years, corporations have built company towns around the United States through which they are able to act as pseudo-governors. In creating these towns, they contract with governing bodies like state or local townships and impose obligations for government officials to withhold public information,8Caroline O’Donovan, When Cities Sign Secret Contracts With Big Tech Companies, Citizens Suffer. BUZZFEED NEWS (Nov. 20, 2018), including from journalists, often in contravention of local public records laws.9Matt Drange, ‘A gag order for life’ — How nondisclosure agreements silence and control workers in Silicon Valley. BUSINESS INSIDER (July 27, 2021), Many employees are similarly gagged from speaking about these agreements.10Id. As a journalist for Business Insider reported, one such contract explicitly required “Employee may state only ‘I can’t discuss it’ or ‘I would prefer not to discuss the matter.’”11Matt Drange (@mattdrange). TWITTER (July 27, 2021, 4:50 PM), This secrecy is acutely problematic where companies are in control of every aspect of towns, including municipal technologies that can violate citizens’ privacy and other rights. 

A. Background on Company Towns and Legal Precedent

In the early twentieth century, United States corporations often built company towns designed “as both social and physical” spaces that included “centers with social and community facilities and … numerous parks, playgrounds, and other recreational amenities.”12 Margaret Crawford, The “New” Company Town. 30 PERSPECTA 48, 49 (1999),​​ In doing so, they “hoped that appealing and well-designed communities would build loyalty and stability and thus head off more strikes.”13Id Over the first few decades of the twentieth century, more than 40 new industrial towns were created.14Id However, “[b]y the end of the 1920s, the new company town was all but dead,” being viewed as “outdated” and engaging in “excessive paternalism.”15 Id. at 55. These towns of the 1920s, however, sparked a major question of debate in the country that continues to reverberate today: When a company takes on responsibilities generally assigned to the government, who is accountable to the public — and what must the company disclose?16Id. at 51. 

That question is more alive than ever as more government functions are ascribed to private companies, and as corporations like Google and Facebook17Also referred to as Alphabet and Meta. seek to acquire entire towns under their ownership, as was done in the late nineteenth century. This widespread growth of company control revives the dilemma of whether corporations can be held responsible in the same way that local governments are held accountable to the public.

The first attempt to answer this question came from a case originating from Chickasaw, Alabama, a company town that was the subject of the 1946 Supreme Court case Marsh v. Alabama. Chickasaw was owned by Gulf Shipbuilding Corporation, which controlled the streets, sidewalks, and stores.18Molly Shaffer Van Houweling, Sidewalks, Sewers, and State Action in Cyberspace. THE BERKMAN KLEIN CENTER FOR INTERNET & SOCIETY (2000), In 1945, when Grace Marsh, a Jehovah’s Witness, entered Chickasaw and started passing out leaflets, she was arrested for trespassing and distributing literature on Gulf Shipbuilding’s property. Signs around town identified the town as “private property” where “solicitation of any kind” was off-limits.19Id.

Marsh sued the town as a government actor that was responsible for censoring her speech under the First Amendment. When the case came before the Supreme Court, the main question was whether the town could be sued as a state actor under the “state action doctrine,” a rule that holds that the First Amendment and all other constitutional protections apply exclusively to the government. Under the state action doctrine, private actors are not prohibited from limiting a citizen’s rights. Applying this rule to itself as a shield, Gulf Shipbuilding Corporation claimed that the state action doctrine barred a ruling against it because they were a private company. 

In Marsh, the Court decided, for the first time, in an unique but narrow ruling that a corporation could be held liable under the state-action doctrine. The Court held that because a company-owned town was akin to a normal government-owned town, Gulf Shipbuilding Corporation had to be treated like a normal government that would be held accountable for censoring speech. The Court found that the private ownership of Chickasaw was a mere technicality that could not let the company circumvent responsibility that other government-run towns faced. In essence, when the company looked, smelled, and acted like a government-owned town, it was one. Justice Hugo L. Black’s opinion, writing for the Court, stated that “many people” live in “company-owned towns,” and these towns “must make decisions which affect the welfare of community and nation.”20Marsh v. Alabama, 326 U.S. 501, 508 (1946) (stating signs identified the town as “private property” where “solicitation of any kind” was off-limits).

B. The Rise of Modern Company Towns

Today, various corporate towns around the world are considering these exact questions: Who is responsible in a company town, for what, and what must they disclose to the public? 

In 2017, a twelve-acre plot of land in Toronto became a subject of hot debate when a “provincial not-for-profit corporation,”21 Ellen P. Goodman & Julia Powles, Urbanism Under Google: Lessons from Sidewalk Toronto. FORDHAM L. REV. 88 (2) 457, 458-60 (2019), Waterfront Toronto (WT), decided to join Sidewalk Labs LLC, a self-proclaimed “urban innovation firm” owned by Google, to develop the land into a modern “urban development” that would be a “testbed for emerging technologies, materials and processes.”22 Id. To bring the project to fruition, the LLC signed an agreement (the “Sidewalk Toronto agreement”) with the city to define the parameters of the development. The Sidewalk Toronto agreement was harshly criticized as the town intended to overstep citizens’ privacy rights, and the agreement would gravely stymie individuals’ access to information about the project, perfectly demonstrating the danger in corporate control over traditional government functions. 

Complaints about the Toronto project ultimately centered on two key issues involving the collection of data from private citizens: how the company’s collection of data infringed on privacy and the strict secrecy around the held information.23 Id. at 466-68 From the outset, activists and the press complained that the plan for the project was itself shrouded in secrecy. In fact, the initial agreement between WT and Sidewalk Labs was not released in full: “[T]he parties contracted to keep the full twenty-nine-page agreement confidential, sharing it with government staff only in a limited fashion.”24Id. at 464. The Framework Agreement was only released to the public on the day it was replaced by the Plan Development Agreement. Id. at 469-70. To make matters more opaque, it included references to other agreements to which the public had not received access.25Id. WT’s constitution further exempted its records from FOIA requests, so it did not need to disclose its agreements unless it chose to do so.26 Id. City residents subsequently “expressed concerns about data, secrecy, scope, the corporate role in planning, and the absence of public accountability.”27 Id. at 466.

Additionally concerns grew around the privacy violations involved with the data collection. The Sidewalk Toronto project was meant to create a “digital layer” of infrastructure where data would become “the foundation for all downstream production of goods and service.”28 Id. at 476, 478. This layer would include the set of data, sensors, cameras, data storage, and wireless and wired infrastructure, among other “things data touches.”29 Id. at 476. Through this arrangement, the urban governance would track any person that enters the city and “facilitat[e] the collection and transmission of data to applications and services that run on top of the platform” of the city.30 Id. at 479. In other words, the data of any tracked person would be shared freely with the company. While the agreement referenced “general and vague principles” of data privacy, it did not include any specific information31 Id. at 466-67. and while the project stated it would create a “Privacy by Design” policy,32 Id. at 467. one of the key people hired to develop it resigned after the project failed to meet its promises regarding de-identifying data.33 Id. at 474. By keeping key details secret about the project, these and other privacy concerns were more easily able to be withheld from the public. 

By turning over public governance to a private platform, the Sidewalk Toronto project was completely kept free from public accountability. “Whoever controls the ‘digital layer’ of the city exerts control over the activities transacted through it.”34 Id. at 479. Such privatization would largely exclude the public from contributing to the direction of the development, and from regulation and enforcement matters. For instance, Sidewalk, rather than a traditional public zoning body, would determine factors like land use.35 Id. at 480-82. Thus, by having Sidewalk in control, it would most likely be “optimized for efficiency and the efficient production of material value, which would serve the private interest rather than the public.” 36 Id. at 487.

While the Sidewalk Toronto project has been canceled, the problems that came with it are far from over. Throughout the United States, several companies and organizations have begun or proposed taking over their surrounding towns and developing them as company-run communities. This section describes efforts by Facebook, Google, and Blockchains LLC to develop these types of programs.

While the Sidewalk Toronto project has been canceled, the problems that came with it are far from over.37Daniel L. Doctoroff, Why we’re no longer pursuing the Quayside project — and what’s next for Sidewalk Labs. MEDIUM (May 7, 2020), (The Sidewalk CEO attributed the decision to end the project to “unprecedented economic uncertainty” that “set in around the world and in the Toronto real estate market” due to COVID-19.) See also Andrew J. Hawkins, Alphabet’s Sidewalk Labs Shuts Down Toronto Smart City Project. THE VERGE (May 7, 2020) (stating Waterfront Toronto indicated it did not contribute to the decision to end the project), Throughout the United States, several companies and organizations have begun or proposed taking over their surrounding towns and developing them as company-run communities. This section describes efforts by Facebook, Google, and Blockchains LLC to develop these types of programs.

1. Google

Google has taken various steps to expand its presence within and outside of its Silicon Valley community. In September 2020, Google announced its newest proposed community, Middlefield Park, which would include about 1.3 million square feet of offices and six residential buildings comprising 1,675 to 1,850 residences.38Kevin Forestieri, Google unveils massive mixed-use housing and office village in East Whisman. MOUNTAIN VIEW VOICE (Sept. 1, 2020), The plan additionally called for retail, restaurant, and community/civic spaces, along with parkland and a private utility system.39See City of Mountain View, Google Middlefield Park Master Plan,, accessed Jan. 10, 2023. In July 2021, Google hosted public meetings to receive input on its plan.40 Id. 

In addition to this new plan, Google in 2019 formally applied to build a second headquarters in San Jose, which would include up to 7.3 million square feet of office space, up to 5,900 units of housing, and 15 acres of park and green space.41Jennifer Elias, Google expands plans for its massive second headquarters in San Jose. CNBC (Oct. 11, 2019), It would further include hotel rooms and retail and “cultural” spaces.42 Id. Since much of the housing would likely be for Google employees, one article describes the campus as “a next-generation company town”43Veena Dubal, Google as a landlord? A looming feudal nightmare. THE GUARDIAN (July 11, 2019), where Google will function as the residents’ “employer and landlord — and also the creator, owner and disseminator of their data.”44 Id. By relegating ownership over data to the private company managing the community, Google’s plan in San Jose resembles its sister company’s effort in Toronto.

This San Jose expansion was the subject of local controversy and litigation because of Google’s furtive nature in pursuing the project. Google “made extensive use of nondisclosure agreements in negotiations for its planned second campus in San Jose.”45Elizabeth Dwoskin, Google reaped millions in tax breaks as it secretly expanded its real estate footprint across the U.S. THE WASHINGTON POST (Feb. 15, 2019), This secrecy at early stages of the development process resembles the issues that arose with Sidewalk Toronto. To combat this problem, the First Amendment Coalition, a public interest organization committed to freedom of speech, filed a lawsuit with other public interest groups in 2018 against the City of San Jose under the California Public Records Act. The plaintiffs sought records about the new Google campus and any nondisclosure agreements (NDAs) signed by city officials.46The First Amendment Coalition (FAC), FAC And Local Community Group Sue San Jose Over Secret Negotiations With Google (Nov. 13, 2018), While the judge dismissed the complaint, the city did release thousands of pages of documents. See Janice Bitters, Judge sides with San Jose on transparency lawsuit over Google negotiations, SAN JOSE SPOTLIGHT (Aug. 20, 2019), They also separately alleged violations of the Brown Act, California’s law requiring open meetings.47 Id. 

Beyond the development of new spaces in California, Google has continued to deliberately withhold information as it expands elsewhere with new offices and data centers. Its “development spree has often been shrouded in secrecy, making it nearly impossible for some communities to know, let alone protest or debate, who is using their land, their resources, and their tax dollars until after the fact.”48 Dwoskin, supra note 44. For instance, Google has required public officials in eight cities to sign NDAs during its real estate transactions, and has further used shell companies to conceal its identity in transactions in Iowa, Tennessee, and North Carolina, among other locations.49 Id. Google’s identity would only be revealed at a later point in the process when there would no longer be public debate over its deals.50 Id. Moreover, the North Carolina city of Lenoir “agreed to treat as a trade secret information about [Google’s] energy and water use, the number of workers to be employed by the data center, and the amount of capital the company would invest”; Google’s subsidiary then pushed to make those trade secrets exempt from disclosure under public records requests.51 Id.

2. Facebook

As Facebook has expanded its physical location, it has moved to take over and control public services in its neighborhood, slowly leaking into the role of governor. In these arrangements Facebook has often employed NDAs, as it has customarily done with its employees in other circumstances.52Michelle Dean, Contracts of Silence. COLUMBIA JOURNALISM REVIEW (Winter 2018), NDAs are used even in the most seemingly innocent settings involving land. For instance, Facebook CEO Mark Zuckerberg required NDAs from farmers and small-business owners he met when he toured the United States in 2017.53 Id.

Since 2013, Facebook has funded many government-like services, including a police substation in the Belle Haven neighborhood of Menlo Park near Facebook’s main campus.54Sarah Emerson, How Facebook Bought a Police Force. VICE (Oct. 23, 2019), In 2014, it granted $600,000 to the city to fund the hiring of a community safety officer for up to five years at the substation, which at the time may have been the only privately funded full-time policing role in the country.55 Id. Critics feared the possibility of preferential treatment.56Id. Meanwhile, beginning in 2016, Facebook sought to fund a new unit of the Menlo Park Police Department to service the area around its campuses. When the city council considered the issue in 2017, it negotiated a deal with Facebook for the unit to be funded by a “general in-lieu sales tax agreement” for $11.2 million to be paid to Menlo Park’s “unrestricted general fund.” Under the arrangement, Facebook would not technically be paying directly for the police unit, and the city would not be under a legal obligation to use the money for the police force. The unit was fully staffed by August 2019. 

But even more concretely, Facebook is developing its plans for the creation of Willow Village, a retail, recreational, residential, and professional community in Menlo Park.57See David Streitfeld, Welcome to Zucktown. Where Everything Is Just Zucky. NEW YORK TIMES (Mar. 21, 2018), The community would include “1,729 housing units, 1.25 million square feet of office space, a 193-room hotel, shopping space, including a grocery store, as well as a publicly accessible neighborhood park, elevated park area, dog park, and town square.”58 Kate Bradshaw, Facebook’s Willow Village now includes giant glass dome, “High Line” path and more. PALO ALTO ONLINE (Jan. 12, 2021), This development is designed to emphasize public spaces, replacing industrial warehouses and office buildings with “a town square and main street where the business, housing and ground-floor retail areas would connect.”59 Id. Facebook would not manage the retail stores but would own the property.60Streitfeld, supra note 56.

Willow Village shares some similarities and differences with the Sidewalk Toronto project. This project, like Sidewalk Toronto, demonstrates an attempt by a major technology company to create an urban environment under its control. Just as Sidewalk Labs would have likely controlled much of users’ data from the area, Facebook would own and operate the physical area under its geographic control.61 Unlike Sidewalk Labs, reports have not indicated that Facebook would manage the data of those in the Willow Village community. 

To the extent that Facebook as a private entity fulfills responsibilities traditionally performed by a city, and has enough power to shape the actions of the city, the Willow Village project could succumb to the same concerns of privatization and secrecy as the Sidewalk Toronto project did. One local advocate explained that “Corporations are paying for things that the city or county and state used to pay for,” and noted that the corporations have more money and more power than the city — leaving them especially vulnerable to abusing those powers when governing with no checks and balances.62Id. Bradshaw, supra note 57. Nevertheless, the process of developing Willow Village seems at least somewhat more responsive to public engagement than the Sidewalk Toronto project. While Sidewalk Toronto obscured its plans from public view, Facebook has modified its plans in response to public feedback. For example, it expanded the number of housing units and lessened the size of office space following concerns about the region’s traffic and “already high ratio of jobs to housing units.”

 3. Blockchains

Blockchains LLC, a fledgling cryptocurrency company based in Nevada, developed a proposal to create a city driven by blockchain technology.63Sam Metz, Nevada governor wants lawmakers to study ‘Innovation Zones.’ ASSOCIATED PRESS (Apr. 26, 2021), Jeffrey Berns, the founder of Blockchains, purchased 67,000 acres of land in Storey County, Nevada, which he sought to develop into a “smart city.”64Joshua Nevett, Nevada smart city: A millionaire’s plan to create a local government. BBC (Mar. 18, 2021), Under his vision, the city would ultimately house more than 36,000 residents who would rely on blockchain-supported apps to access city services.65 Id. 

To create this city, Blockchains called for Nevada to establish “innovation zones”66It stated, “Any private sector applicant pursuing emerging technologies such as blockchain, autonomous vehicles, and artificial intelligence would be allowed to develop a mixed-use community, so long as it clears minimum investment and greenfield land requirements.” See Laura Bliss, In Nevada, A Utopian Vision Gets a Blockchain Twist. BLOOMBERG CITYLAB (Mar. 9, 2021), where companies could assume local governance powers and pursue blockchain innovations. Early language even “proposed allowing three county commission-like board members — two of whom would be from the company itself — to create court systems, impose taxes, build infrastructure and make land and water management decisions.”67Metz, supra note 62. While the new city would include traditional utility services, like water and power, the group had not yet determined how that infrastructure would be operated.68 Bliss, supra note 65.

Nevada Governor Steve Sisolak initially endorsed the plan, saying it would diversify the state’s economy and make it a “hub for cryptocurrency.”69 Id. See also Metz, supra note 62. But local leaders in Storey County voted in March 2021 against supporting the “separatist” government on the Blockchains-owned land.70 Nevett, supra note 63. 

Other skeptics pointed to concerns about the democratic implications for turning over land to a company to develop into a municipality, and referenced the Sidewalk Toronto project as a “cautionary tale[]” after it “was abandoned last year after fierce opposition from privacy advocates and financial pressures.”71 Id. Sisolak later called instead for a committee to study the “innovation zones” to make an informed opinion on the opportunity.72 Metz, supra note 62. 

The Nevada proposal, which was ultimately withdrawn,73Sam Metz, Tech company asks to withdraw ‘Innovation Zones’ plan for Northern Nevada. ASSOCIATED PRESS (Oct. 7, 2021), presented a unique parallel to the Sidewalk Toronto plan. Like that proposal, the Blockchains plan would seemingly transform city operations into a series of data-driven transactions. While the use of blockchain technology would theoretically mean “residents would control their own data with their devices, with their digital identity” rather than rely on “middlemen,”74 Nevett, supra note 63. the proposal still required private entities to assume power, which would implicate the same privatization considerations. Governor Sisolak emphasized that the innovation zones would need to comply with the open meetings and ethics laws that govern traditional cities, but it is unclear from the proposal whether public information would be restricted.75 Bliss, supra note 72.

C. Legal Transparency Obligations of Company Towns

Some might wonder what company towns have to do with newsgathering, but today, as company towns begin to percolate around the United States, the concern over press access and corporate accountability in these towns is higher than ever. The case of Marsh v. Alabama is particularly relevant in this context, as it enlivens the question of whether and when private entities taking on government roles also take on public responsibility and must speak to the press and grant them privileges. 

Applying the rule of Marsh, many scholars have argued that companies should be responsible to the public and the press. This argument is even more heightened, as courts around the country have issued differing rulings on whether social media companies can be regulated without offending the First Amendment.76 In 2022, a national debate was spurred over whether legislatures can regulate social media companies and implement certain requirements under the First Amendment. For instance, the Fifth Circuit decision Netchoice v. Paxton, ridiculed on the Techdirt podcast as “the single dumbest court ruling” ever seen, upheld a Texas law regulating social media companies. This stands in contrast with an Eleventh Circuit decision ruled in May 2022 that held similar provisions in a Florida law were unconstitutional as they violated the companies’ First Amendment rights. While most First Amendment and media attorneys disagreed with the Fifth Circuit ruling, many also agree that there must be some accountability and restrictions placed on the outsized power of these companies. See Mike Masnick, 5th Circuit Rewrites A Century Of 1st Amendment Law To Argue Internet Companies Have No Right To Moderate. TECHDIRT, at 4:43 (Sept. 16, 2022),; Genevieve Lakier, The Non-First Amendment Law of Freedom of Speech. 134 HARV. L. REV. 2320-24 (2021),; Press Statement, Knight Institute, Knight Institute Asks Federal Court to Strike Down Florida’s Social Media Law (Nov. 16, 2021),; Charlie Werzel, Is This the Beginning of the End of the Internet? THE ATLANTIC (Sep. 28, 2022), This paper poses one separate but related question: Could government transparency requirements also apply to a private company taking over municipal responsibilities? 

Further supporting this position is a more recent case, Moss v. University of Notre Dame Du Lac.77Moss v. University of Notre Dame Du Lac, 130 HARV. L. REV. 1768, (2017), Like Marsh, it involves a First Amendment challenge against a private actor, albeit a private university rather than a corporate town. 

In Moss, several individuals committed a racist act against members of an African American student group. Moss, a school administrator, spoke out against the incident and claimed that the school had retaliated against him by denying him a promotion and threatening to terminate his employment, in abrogation of the First Amendment.78 Id. at 1768-69. Once the case reached federal court, Moss argued that “Notre Dame is a state actor like the company town in Marsh” and therefore owed him various protections, unlike a private institution that has fewer obligations as to who or how it fires a person.79 Id. at 1769.

The district court in Indiana denied Notre Dame’s motion to dismiss the complaint, and “rejected the University’s argument that Marsh cannot apply to private universities.”80Id. at 1768-69. The judge considered that the university could possibly be a company town because “‘Notre Dame’s campus is … open to the public and … similar to a traditional town, containing public roads, stores, restaurants, a post office, [and] a police department,’ as well as a fire department, a health center, the state’s second-largest tourist attraction, ‘and more.’”81 Id. at 1770 (quoting Moss, 2016 WL 5394493, at *1, *4).

Moss, which was ultimately settled,82 Moss v. Notre Dame, No. 3:13CV1239-PPS, Order (D. N. Ind. 2017). This case is now closed. may expand what responsibilities can trigger the state action doctrine under Marsh. In essence, where private companies begin — like Notre Dame, Gulf Shipping Company, or Google — to take on more responsibilities of a government actor, it is more likely a court would require them to be publicly accountable, like a governor. In such instances, can the press seek access to records, apply for press passes, and demand more information from private companies in a way they can from their state counterparts? As argued in a recent article in the Harvard Law Review, Moss shows that Marsh could be applied more broadly by not just focusing on municipal services offered by the company.83 Moss v. University of Notre Dame Du Lac, supra note 76, at 1771. Instead, a more “holistic appraisal of the way a place looks and functions from the point-of-view of its inhabitants and visitors” should be considered.84 Id. 

Moss describes how Notre Dame houses 6,000 students, maintains an open campus, employs a police force, contains streets that connect with nearby municipalities, and hosts sporting events that are open to tens of thousands of members of the public.85 Id. at 1770-71. Thus, Moss asks whether “the privately-owned place is visually and experientially indistinguishable from a typical municipality and its public sphere.”86 Id. at 1772.  

As Silicon Valley companies continue to expand into company towns, media lawyers representing reporters may consider whether First Amendment obligations are triggered under a more holistic application of Marsh demanding more accountability to the public and press.87 Id. at 1775. “Notre Dame provides sewer, water, and power utilities; it has parks. Visitors can stay at Notre Dame’s hotel, enjoy its museum and performing arts center, and catch up on local happenings in the newspaper. These facts reflect much of the substance of municipal life, and they, along with evidence that would show how people interact with the space, may or may not add up to a company town. Judge Moody’s opinion seems to operate on this holistic, experience-oriented view. As Moss and similar cases move forward, courts would do well to expand beyond a “company town” inquiry focused solely on service provision. In order to do so, they can go back to the origins of this branch of the state action doctrine to find that appearance and experience matter.” 

Under this theory, attorneys might argue that transparency is a key obligation in our democracy and under the First Amendment. While the First Amendment does not currently require constitutional transparency in America, unlike most countries around the world, this might be a change to codify.88 Article 19 of the United Nations’ Universal Declaration of Human Rights (UDHR) states: “Everyone has the right to freedom of opinion and expression; this right includes freedom to … seek, receive and impart information.” Universal Declaration of Human Rights (10 Dec. 1948), U.N.G.A. Res. 217 A (III) (1948), Article 19 of the International Covenant on Civil and Political Rights (ICCPR), ratified by 173 countries, recognizes “the right to seek, receive, and impart information” as one of the three core tenets inherent to human dignity. International Covenant on Civil and Political Rights (New York, 16 Dec. 1966) 999 U.N.T.S. 171 and 1057 U.N.T.S. 407, entered into force 23 Mar. 1976, This author and other academics have argued for this kind of constitutional transparency.89D. Victoria Baranetsky, Keeping the New Governors Accountable: Expanding the First Amendment Right of Access to Silicon Valley. KNIGHT FIRST AMENDMENT INSTITUTE AT COLUMBIA UNIVERSITY (Aug. 21, 2019), Under that set of principles, companies would be obligated to disclose public records,90 Some states have already begun instituting provisions demanding corporate transparency, such as California’s California Privacy Rights Act and California Consumer Privacy Act, which more recently included advanced transparency requirements akin to California’s Public Records Act, which requires disclosure of government records. See CPPA Issues Its First Draft of CPRA Regulations. AKIN GUMP (July 11, 2022), just as the government is required to under various freedom of information acts.


Increased numbers of online meetings cut off from access because of CFAA and other legal concerns

Since the start of the Covid-19 pandemic in 2020, our lives have increasingly taken place online. In tandem with that change, there has been a natural spike in newsgathering taking place over the Internet. Journalists have been investigating and reporting stories by reviewing website content and joining Zoom calls, e-conferences, and online conversations. Some have been chastised for some of their online newsgathering methods, with critics arguing that they amount to hacking or undercover reporting. For instance, in April 2020, the Financial Times suspended a journalist for listening in to a rival outlet’s Zoom call.91 Mark Sweney, FT suspends journalist accused of listening to rival outlets’ Zoom calls. THE GUARDIAN (Apr. 27, 2020); Financial Times reporter accessed private calls at Independent and Evening Standard. THE INDEPENDENT (Apr. 27, 2020), In November 2020, a login code was accidentally made public, so a Dutch journalist who joined the confidential call of EU defense ministers was accused of hacking the meeting.92 Dutch journalist gatecrashes EU defence video conference. BBC NEWS (Nov. 21, 2020), In May 2021, reporters went undercover on a Zoom call with Prince Michael of Kent, the Queen’s cousin, posing as businessmen seeking royal connections in order to write a story about his supposed financial malfeasance.93 Sylvia Hui, Queen’s cousin accused of willingness to sell Kremlin access. ASSOCIATED PRESS NEWS (May 9, 2021), In February 2022, Josh Renaud from the St. Louis Post Dispatch was warned by the governor that he’d “hacked” the government’s website when exposing its security weakness.94 Alex Heuer, Journalist accused by Gov. Pason speaks out: ‘He’s done me wrong.’ ST. LOUIS ON THE AIR (Feb. 16, 2022), These forms of news reporting took on a new flavor, in part because of increasing time spent online, as well as law enforcement encouraging the closure of online meetings. In 2020, the FBI advised people not to “make meetings public” and to “manage screen sharing” to protect against Zoom bombing.95 WCVB Channel 5 Boston, YOUTUBE (Mar. 30, 2020),

With these calls, many meetings and phone calls that were traditionally open to the general public have been made private, creating hacking and undercover reporting risks for reporters. For instance, company investor calls and other previously public meetings now take place online in password-protected Zoom calls or behind click-through pages requiring privacy. In several instances, reporters have been advised not to join such calls or conferences — creating serious hurdles to their journalistic work — because entering could trigger risk of crimes, such as trespass, fraud, or the Computer Fraud and Abuse Act (CFAA). 

This closure of information and the increased risk of potential criminal or civil liabilities under the CFAA and other areas of law are discussed below. While this is not the first time the CFAA has posed a risk to reporters’ work, it is in some ways an expansion of that problem as more events take place online. This issue is particularly concerning given that the Supreme Court’s recent opinion in Van Buren v. United States continues to permit possible liability through cease-and-desist letters and other threats of litigation. 

The Computer Fraud and Abuse Act, a broad and poorly drafted anti-hacking law, has long posed a grave risk to journalism. The 1986 law imposes liability onto anyone who enters a computer “without authorization.”96 8 U.S.C. § 1030(a)(2)(C). This gives corporations broad powers to limit public access to information by simply creating barriers to entry of otherwise public data. 

Spurred by the 1983 Hollywood blockbuster War Games, Congress initially passed the CFAA out of fear of the unknown risks associated with hacked computers, including such dire consequences as nuclear war.97 See Riana Pfefferkorn, America’s anti-hacking laws pose a risk to national security. TECHSTREAM (Sept. 7, 2021),; see also Jamie Williams, Our Fight to Rein In the CFAA: 2016 in Review. ELECTRONIC FRONTIER FOUNDATION (Dec. 28, 2016), While various policy initiatives have been waged against the CFAA, the statute is still often wielded by corporations to shield data often crucial to the public interest, even after Van Buren.

A. The importance of data to journalism

To understand how the CFAA poses jeopardy to journalism, it is important to recount how much reporters rely on data to tell stories, and have done so for centuries — particularly as data is often able to unveil narratives that otherwise are hard to tell. In 1895, investigative journalist Ida B. Wells compiled public records to publish the groundbreaking narrative on racism in America, A Red Record: Tabulated Statistics and Alleged Causes of Lynching in the United States, 1892-1893-1894. Through systematic data collection, Wells revealed for the first time the number of Black men who were lynched — painting a larger and more endemic story about racism in America.98 Brief of Amicus Curiae The Markup in Support of Petitioner, Van Buren v. United States (No. 19-793) (July 8, 2020),  

In the modern era, data collection has only become more central to tell otherwise unseen stories, particularly as these numbers are what catalog, quantify, and comprehend our world. Reporters in recent years have used a technique sometimes called web scraping — using online tools to crawl publicly accessible pages and create a dataset — to report on topics of public interest such as racial gaps in housing, racial biases in facial recognition technologies, and discrimination imbued in online advertisements.99 Brief of Amicus Curiae The Knight Institute, et al. In Support of Petitioner, Van Buren v. United States (No. 19-793) (July 7, 2020), Data scraping has also been used to unveil other major social wrongs, including doctors who sexually abused patients,100 See Carrie Teegardin, Behind the scenes: how the Doctors & Sex Abuse project came about. ATLANTA JOURNAL-CONSTITUTION (Dec. 17, 2016), unsavory prison conditions,101 See David Eads, How (and Why) We’re Collecting Cook County Jail Data. PROPUBLICA (July 24, 2017), unfair credit scores,102 See Michelle Singletary, Credit scores are supposed to be race-neutral. That’s impossible., THE WASHINGTON POST (Oct. 16, 2020), and broadband access bias.103 Leon Yin & Aaron Sankin, Dollars to Megabits, You May Be Paying 400 Times As Much As Your Neighbor for Internet Service, THE MARKUP (Oct. 19, 2022),

In addition to being able to uncover stories that would otherwise be difficult to tell, data reporting is a crucial tool as it creates accountability, permitting journalists to show their work and diminishing their chances of legal liabilities. This attribute of data reporting is crucial. When Reveal’s reporters scraped Facebook data to show the overlap between membership in law enforcement groups and extremist groups, the journalists were able to demonstrate to readers how they had reached their conclusions.104 Will Carless & Michael Corey, To protect and slur, REVEAL NEWS (June 14, 2019), In the three-part series, the reporters devoted an entire article to not only discuss how they used web-scraping tools to find their results, but also how they sought reaction from more than 150 law enforcement agencies about their involvement. Without this kind of proof checking, stories of this scale are often rife with libel claims.105 Will Carless & Michael Corey, These police officers were members of extremist groups on Facebook. REVEAL NEWS (June 27, 2019),  

Third, data reporting has the added advantage of building trust with readers. The transparency accompanying data reporting goes a long way to show how reporters reach their conclusions and permit the public to double check. In 2020, when Reveal used web-scraping techniques to find that Detroit residents were wrongly charged hundreds of millions of dollars in property taxes, the reporters published the code they used to make the analysis.106 Accountability, The lost homes of Detroit. REVEAL, (Jan. 11, 2020), This information reinforced the story by not only making it more legally robust, but also helped readers determine how reporters reached these conclusions. Ironically, it is this kind of radical transparency about reporters’ tactics that makes them more vulnerable to companies who can identify them and use cease-and-desist letters to “close the digital gates.” Such threats are concerning, particularly following the Supreme Court’s recent decision in Van Buren

B. How Van Buren v. United States still permits the CFAA to hinder data journalism

In June 2021, the Supreme Court issued its opinion in Van Buren v. United States,107 141 S. Ct. 1648, 1649 (2021). which narrowed the scope of the CFAA but left open opportunities for corporations to continue to wield it and limit access for reporters and the public. 

The defendant in the case, Van Buren, was a police officer who accessed a police database to sell license plate information to a private citizen for thousands of dollars, in violation of department policy.108 Id. While the defendant had the lawful ability to enter the database itself, he misused his access for a wrongful purpose, and therefore was claimed by the government to have entered “without authorization.” 

The relevant question before the Court was whether Van Buren had exceeded his “authorized access” as defined by the CFAA when his use of the data extended beyond the intended scope of the policy — or whether he hadn’t, because he had legitimate access to the database.

The majority opinion held that Van Buren did not violate the CFAA. As a police officer, he had the requisite credentials to access the database, even though he had done so for a prohibited purpose. The opinion, written by Justice Amy Coney Barrett, explained that because the government conceded Van Buren had accessed the law enforcement database system with authorization, that was the end of the inquiry.109 Id. at 1649. An individual “exceeds authorized access,” she continued, only when he accesses “particular areas of the computer — such as files, folders, or databases — that are off-limits to him.” This definition of “access” essentially turns on a “gates up or down” approach, she wrote. To violate the CFAA, a person must enter an area they would not otherwise be able to enter without additional circumvention. 

Van Buren settled an ongoing dispute over whether the CFAA is a statute that creates liability through trespass or contract law. The importance of this distinction might seem highly academic, but in practice it has a large impact on journalists. The crux of the question is whether entering a computer is similar to a person crossing a property line (trespass) or violating a website’s terms of service (contract). Justice Barrett’s opinion seems to answer that question by holding that the CFAA is fundamentally a trespass statute.110 For decades prior to Van Buren, scholars questioned whether the basic wrong targeted by the CFAA is transgressing a person’s property boundary by essentially breaking a closed gate or breaking a promise made to the company through its terms of service. Therefore, Van Buren essentially decided that what the CFAA is concerned about is whether a person has crossed a website boundary, and not whether a reporter or other individual violates a website’s terms of service. 

In general, this is good news for journalists. It means the law penalizes them only if they don’t have access to the website, and if they took a wrongful act to gain access to the site, perhaps by unlawfully obtaining a login code. On the other hand, simply accessing publicly accessible data even though it violates a site’s terms of service is not enough to cause liability. For example, if Facebook’s terms of service states no person can use its data for researching bias online, a violation of that policy is not enough to create a CFAA claim. “The statute is all about gates,” writes law professor Orin Kerr. “When a gate is closed to a user, the user can’t wrongfully bypass the gate.”111 Orin S. Kerr, The Supreme Court Reins in the CFAA in Van Buren. THE VOLOKH CONSPIRACY (June 9, 2021),

The ostensible purpose of this approach is that it penalizes the “so-called outside hackers” who lack “access privileges” and operate “without any permission at all.”112 Id. Journalists benefit greatly from this rule as they are able to scrape publicly available information from a website without hacking it, but often could be in violation of the company’s terms of service. Therefore, the trespass rule of Van Buren was widely preferred by many civil society organizations and amici-representing journalists, who were concerned about the contract approach to the CFAA because of how broadly terms of services could be applied. 

In many cases, companies have drafted far-reaching terms of service where the “interpretation [was] so broad that it [swept] in ordinary journalistic activity that is essential to the newsgathering process.”113 Brief of Amicus Curiae Reporters Committee in Support of Petitioner, Van Buren v. United States (No. 19-793) (July 8, 2020), They began stating in their terms of service that even though online data was public, it still could not be used by the public. As the Reporters Committee for Freedom of the Press, a nonprofit organization that provides pro bono legal representation and resources to journalists, wrote in its brief, “If that interpretation is permitted to stand, it would significantly chill the exercise of speech and press rights protected by the First Amendment, dramatically altering the way in which government officials and corporate whistleblowers relate to the press, the means by which the press gathers and reports the news, and the degree of newsworthy information made available to the public.”114 Id. 

Even though Van Buren’s determination makes it seem that a violation of the CFAA would be much harder to prove, companies have been able to create more barriers as events move online. Increasingly as public information and in-person conferences have moved to sites requiring passcodes or private Zoom calls companies can take advantage of the “behind a gate” approach. In several instances, Reveal’s reporters have been thwarted from attending Zoom calls for events that previously would have been public, such as earnings calls, which are now often password-protected. Similarly, a state prison in Pennsylvania required phone calls (previously open to the public and allowed to be recorded) to be accessed only through Zoom calls that require visitors to consent to a list of checkboxes, including statements that attest “the making of a 3-way call” and “the recording … sharing … or … distributing of this visit is not authorized.”115 Screenshot on file with the author. Attending such online conferences, or Zoom calls while violating one of the checkboxes would now, under the rule of Van Buren, likely create a potential CFAA violation, in addition to giving rise to other legal claims. Reporters have therefore been unable to freely enter without risk. 

Van Buren left another important question open: Can a website’s terms of service still have some negative impact under the CFAA? Can corporations still close their gates by drafting terms of service that are so broad that they are easily broken, such as by journalists scraping website data? Justice Barrett, writing for the Court, leaves this door ajar to corporations who wish to wield such broad provisions. She writes: “We need not address whether this inquiry turns only on technological (or ‘code-based’) limitations on access, or instead also looks to limits contained in contracts or policies.”116 141 S. Ct. 1648, 1659 n.8 (2021). Judge Barrett’s single line permits a corporation to ostensibly still continue to use “contracts or policies” to limit journalists’ access to their data.

The easiest way of doing this today is by sending cease-and-desist letters to individuals, such as reporters, advising them that their behavior violates the terms of service, and so any advance onto the website could also amount to trespass.

For example, in 2016, in Facebook v. Power Ventures, the Ninth Circuit found that a cease-and-desist letter threatening suit and revoking authorization was sufficient to create a CFAA violation, even though Power Ventures had not clearly violated Facebook’s terms of service.117 Facebook, Inc. v. Power Ventures, Inc., 844 F.3d 1058, 1067 (9th Cir. 2016). In that way, Van Buren leaves open the door to companies’ blocking access by simply sending a bullying letter to a reporter. As the Electronic Frontier Foundation wrote in June 2021, “Service providers will likely argue that this is the sort of non-technical access restriction that was left unresolved by Van Buren.118 ​​Aaron MacKey and Kurt Opsahl, Van Buren is a Victory Against Overbroad Interpretations of the CFAA, and Protects Security Researchers. EFF (June 3, 2021).; Issie Lapowsky, Van Buren v. United States: The SCOTUS case splitting the privacy world in two. PROTOCOL (Nov. 30, 2020), Similarly, law professor Eric Goldman wrote in 2021, “I think courts are likely to continue treating C&Ds [cease and desist letters] as sufficient to withdraw authorization for CFAA purposes.”119 Eric Goldman, Do We Even Need the Computer Fraud & Abuse Act (CFAA)?–Van Buren v. US. TECHNOLOGY AND MARKETING LAW BLOG (June 9, 2021), But “[t]his stance always strikes me as backwards,” he continued. “It means that C&Ds — unilateral demands from the sender that are often only loosely tethered to the law — have greater legal effect than properly formed bilateral contracts (TOSes).”120 Id.

This feared hypothetical came to pass when Facebook cited the CFAA in an October 2020 cease-and-desist letter sent to New York University academics who were researching the impact of advertisements on Facebook. The research, conducted by the NYU Ad Observatory, recruited more than 6,500 volunteers to collect data from Facebook about the political ads the platform showed them. Facebook’s letter stated that the NYU research had violated the company’s terms of service and put it at risk of violating its own consent decree with the Federal Trade Commission. The letter came at a time when Facebook advertisements were under intense public scrutiny just a month before the U.S. presidential election. 

Empowered by Van Buren’s position, Facebook subsequently disabled the accounts of the academics in August 2021. While many researchers and journalists continue to rely on access to Facebook’s data and programming software, such as Application Program Interfaces (APIs) and other information on the platform, to understand matters of public importance (like the discriminatory impact of online housing ads121 Julia Angwin and Terry Parris Jr., Facebook Lets Advertisers Exclude Users by Race. PROPUBLICA (Oct. 28, 2016), and the traction of fake news online)122 Issie Lapowsky, The most engaging political news on Facebook? Far-right misinformation. PROTOCOL (Mar. 3, 2021), Van Buren creates a blueprint for other companies to use the threat of a cease-and-desist letter to stifle reporting.

Some of these questions may have been resolved in hiQ Labs, Inc. v. LinkedIn, which was remanded by the Supreme Court to the Ninth Circuit Court of Appeals in 2021.123 hiQ Labs, Inc. v. LinkedIn Corp., No. 17-16783, 2022 WL 1132814 (9th Cir. Apr. 18, 2022). Central to this litigation was hiQ, a small startup scraping LinkedIn data to make a human resources tool to sell to employers. When LinkedIn found out, it sent hiQ a cease-and-desist letter; hiQ filed suit to prevent LinkedIn from taking legal action against it under the CFAA for scraping LinkedIn’s publicly available data.

While the district court ultimately ruled in hiQ’s favor by finding that scraping of public data didn’t violate the law, a decision affirmed by the U.S. Ninth Circuit Court of Appeals, LinkedIn petitioned the Supreme Court to take up the case. On June 14, 2021, the Supreme Court remanded the case back down to the Ninth Circuit in light of Van Buren. In April 2022, the Ninth Circuit held Van Buren affirmed that the hiQ Labs case was correctly decided and that “the concept of ‘without authorization’ does not apply to public websites,”124 Id. at *14. particularly where “access is open to the general public [then] permission is not required.”125 Id.

In reaching this conclusion, the Ninth Circuit expressed a concern over “information monopolies.”126 Id. at *17. The opinion by U.S. District Judge Edward M. Chen noted that, while the public has an interest in preventing bad-actor hacking or improper use of data, there is no public benefit in LinkedIn or other companies having “free rein to decide, on any basis, who can collect and use data — data that the companies do not own.”127 Id. 

While the Ninth Circuit’s opinion is good news for reporters, how other courts of appeals interpret Van Buren remains to be seen, and whether they adopt the Ninth Circuit’s is similarly to be determined. Moreover, the facts of this case stress the Ninth Circuit’s view of whether information is “public” may vary if the user “demarcate[s the information more clearly] … as private,” including through “authentication system[s]” like usernames and passwords readily available on Zoom and other software.128 Id. at *14, 16. 

While hiQ affirms that CFAA claims are less likely where information is public and easily accessible, it encourages companies to simply put more and more information behind closed gates — leaving liability in those instances to be more complicated, even under Van Buren

In 2022, a federal district court in Virginia held in Carfax, Inc. v. Accu-Trade, LLC that a company that once had access to data that had “since been rescinded by the information provider” could have a CFAA claim established against it if “affirmative notice of the revocation” had been made.129 Carfax, Inc. v. Accu-Trade, LLC, 2022 WL 657976, at *14 (E.D. Va. 2022). Relatedly, in WhatsApp LLC v. NSO Group Technologies Ltd.,130 WhatsApp Inc. v. NSO Group Technologies Ltd., No. 4:19-cv-07123 (N.D. Cal.). WhatsApp successfully litigated a CFAA claim against NSO, an Israeli spyware company, for its hacking of WhatsApp users. NSO brought their arguments all the way up to the Supreme Court, but the Court denied the petition for certiorari in January 2023. These cases all seem to show that while application of the CFAA is context-dependent, the more a company can put information behind walls, the easier it is to allege a claim.

In addition to claims under the CFAA, reporters embedding themselves in various private Zoom calls and closed online events are increasingly at risk of being held liable under other areas of law, such as state law claims of fraud, trespass, conspiracy, and breach of contract. These kinds of cases have historically arisen in the rare instances of undercover reporting,131 Desnick v. American Broadcasting Companies, 44 F.3d 1345 (7th Cir. 1995); Food Lion v Capital Cities/ABC, Inc., 194 F.3d 505 (4th Cir. 1999). but today these fact patterns have become more common with the proliferation of online events.

Such a case was decided in August 2022 by the Ninth Circuit National Abortion Federation v. Center for Medical Progress.132 National Abortion Fed’n v. Center for Med. Progress, Case No. 15-cv-03522-WHO (N.D. Cal. Aug. 27, 2015). In that case, David Daleiden, an anti-abortion activist, went undercover to the National Abortion Federation (NAF) conference, obtaining 500 hours of surreptitious footage and then publishing it online, claiming the publication was protected under the First Amendment.133 Id. Daleiden had posed as a procurer of human fetal tissue for a fake biomedical research company to infiltrate the conference. 

In the district court, NAF successfully sought an injunction against him for illegally obtaining the information in breach of contract on the website hosting the conference, and claiming release would cause damage.134 Id. Two years earlier in 2019, a federal jury awarded Planned Parenthood nearly $2 million after finding the same activist had caused the organization substantial harm, letting the judge reach its conclusion that similar harm would result. See Maria Dinzeo, Jury Finds Abortion Foes Harmed Planned Parenthood, Awards Over $2 Million. COURTHOUSE NEWS SERVICE (Nov. 15, 2019), Daleiden appealed to the Ninth Circuit, arguing that the First Amendment protected his ability to newsgather, but the Court held that his First Amendment rights had been knowingly, voluntarily, and intelligently waived by signing the agreements with NAF in its terms of service online.  In essence by signing the terms and conditions Daleiden, the Court held, unambiguously prohibited him from disclosing recordings, and from disclosing any information he received from NAF.

Although journalists are generally discouraged from conducting undercover reporting135 Food Lion v. Capital Cities/ABC, Inc., 887 F. Supp. 811 (M.D.N.C. 1995) (holding that claims against the news outlet for doing undercover reporting did not warrant dismissal, but that plaintiff could not recover damages for injuries to its reputation as result of broadcast). Daleidin’s case demonstrates a likely hurdle for reporters who wish to engage in undercover reporting even if aided with extensive editorial, ethical, and legal review. These kinds of liability, i.e. claims of fraud and breach of contract, like the kind Daleiden incurred, are increasingly more common in our online world. As more companies are holding conferences and events online, requiring password-protected entrance to events and terms and conditions that prohibit filming and distribution, these events become closed to reporters. Violating these terms could induce liability even if done undercover.  This is especially aggravating when many of these events used to be open to the public.

For instance, more investor calls, as previously discussed, are password protected and require terms and conditions to be signed prohibiting disclosure. Similarly, other online events like panels or conferences now require visitors to agree not to publish information that they gather. As stated earlier, one such statement required a visitor to attest that “the recording … sharing … or … distributing of this visit is not authorized.” By agreeing to these kinds of statements, reporters are then vulnerable to claims like the kind alleged against Daleiden. Thus with companies being able to more easily close these online events to the public, reporters must increasingly be careful not to violate the CFAA and dozens of other potential civil or criminal state laws. 

C. Conclusion

In conclusion, the problem of the CFAA is that it essentially transforms research, journalism, and fact-finding into criminal behavior and puts the power of categorizing that criminalization into the hands of corporations. Companies incentivized by financial gain, avoidance of corporate embarrassment, and protection of proprietary information are given tools beyond their scope. In the case of Van Buren, the primary legal violation was that of an employee who disclosed information behind a private wall. As Eric Goldman wrote, “The fact that Van Buren committed these violations using a computer database feels mostly irrelevant. … For that reason, shoehorning Van Buren’s activity into the CFAA feels gratuitous.” Similarly, shoehorning journalists’ research of data that is mostly visible online seems like an unconstitutional way to threaten the press from writing truthful stories on important public information. 

While an immediate solution is unlikely, the most obvious answer would be for Congress to revise the CFAA to remove these ambiguities, as various activist and civil society organizations have long advocated. In addition to a legislative fix, companies should stop sending frivolous letters that only intimidate reporters and deny access to information important to the public, as well as changing previously public events to private. 

Finally, courts interpreting Van Buren should clarify that its narrow ruling clearly suggests that access to information should not be stifled where members of the public have gained access freely and with ability.


Expansion of withholding data as “confidential business information” and “trade secret” under the Freedom of Information Act’s Exemption 4

Perhaps the largest block to critically important corporate information stems from the expansion of trade secrecy law, particularly under the Freedom of Information Act (FOIA), a statute that generally requires the government to disclose public records unless one of FOIA’s nine exemptions apply

In 2019, the Supreme Court case Food Marketing Institute v. Argus Leader Media expanded FOIA’s Exemption 4, which permits the government to withhold records containing trade secrets and confidential business information.136 Food Marketing Institute v. Argus Leader Media, 139 S. Ct. 2356 (2019). Previously, Exemption 4 required the government to show that the disclosure of the information would substantially harm the industry. Under Argus Leader’s new test, however, companies are allowed to simply rubber-stamp information as “confidential” to have the government exempt it from disclosure requirements. 

Increasingly, federal and state governments have used this expansion of “confidential business information” to withhold records involving important health information, corporate pollution records impacting the environment, corporate injury records, and diversity statistics of federal contractors. Generally, Exemption 4 records are often held by states when corporations perform government work in lieu of the government, so their information inherently demands accountability as these companies are performing government work. Additionally, the state may demand these records for corporate accountability around matters of public interest. However, the Argus Leader decision permits companies to withhold under Exemption 4 of FOIA. The statute has nine narrowly drawn exemptions, the fourth of which permits the government to withhold trade secrets and confidential business information. Several cases have been litigated interpreting this decision in the lower courts, slowly hemming in the overly expansive view of the decision. This section of the paper will delve into the history of Argus Leader and possible reinterpretations of the case, based on these lower court decisions.

In 2019, the Supreme Court relaxed its requirements for when the government can withhold public information under Exemption 4 of FOIA. In general, Exemption 4 protects “trade secrets and commercial or financial information obtained from a person [that is] privileged or confidential.”137 The Freedom of Information Act, 5 U.S.C. § 552(b)(4) (1967). Because the term “confidential” is not defined in FOIA, courts over the years have applied various tests to determine what qualifies as confidential.138 At least part of the confusion surrounding Exemption 4 must be attributed to what has been described as “the tortured, not to say obfuscating, legislative history of the FOIA.” 9 to 5 Organization for Women Office Workers v. Board of Governors, 721 F.2d 1, 6-7 (1st Cir. 1983), quoting American Airlines, Inc. v. National Mediation Board, 588 F.2d 863, 865 (2d Cir. 1978). Justice Stephen Breyer summed it up well by stating that the definition of “confidential” within the meaning of Exemption 4 has troubled the courts since the enactment of FOIA. For many years, courts of appeals determined records were “confidential” if the government provided an express or implied promise of confidentiality to the submitting company.139 General Services Administration v. Benson, 415 F.2d 878, 881 (9th Cir. 1969). Subsequently, courts considered whether the information was of the type customarily released to the public.140 Sterling Drug, Inc. v. FTC, 450 F.2d 698, 709 (D.C. Cir. 1971); see also M.A. Schapiro & Co. v. Securities & Exchange Com’n, 339 F. Supp. 467, 471 (D.D.C. 1972). 

In 1974, however, these earlier tests were supplanted by National Parks & Conservation Association v. Morton,141 Nat’l Parks & Conservation Ass’n v. Morton, 498 F.2d 765, 770 (D.C. Cir. 1974). which put in place the “substantial harm” test for confidentiality under Exemption 4 and became the leading case on the issue for multiple decades until the Supreme Court’s recent decision. In National Parks, the Court of Appeals for the District of Columbia Circuit held that information would qualify as confidential if it would substantially harm the competitive position of the company if disclosed.142 See id. at 767. So for example, if the records included a secret budget document or business plan (like implementing a change to Coca Cola’s recipe) that would substantially hurt the company’s bottom line if disclosed, the records were exempt from disclosure

This test was in place for nearly half a century when in 2018, the Supreme Court granted certiorari to hear Argus Leader. The records at issue involved grocery store data. The underlying controversy arose when the Argus Leader, a South Dakota newspaper, filed a FOIA request for the names and addresses of retail stores that participated in the Supplemental Nutrition Assistance Program (SNAP), the national food assistance program, and each store’s annual SNAP redemption data from fiscal years 2005 to 2010. The U.S. Department of Agriculture (USDA) produced the names and addresses of participating retailers but refused to disclose the store-level SNAP data, invoking Exemption 4. The newspaper then sued the USDA in federal court. 

Applying the National Parks test, the lower court ordered disclosure, agreeing that the disclosure of store-level data could cause competitive harm but that any resultant harm would not be substantial. The Food Marketing Institute (FMI), a trade association representing grocery retailers, intervened and filed an appeal. When the Eighth Circuit Court of Appeals upheld the trial court’s decision, the FMI escalated its fight to the Supreme Court. 

 In the majority 6-3 decision, written by Justice Neil Gorsuch, the Court ruled for the FMI, discarding the National Parks “substantive competitive harm test” and rejecting it as “a relic of a ‘bygone era of statutory construction’” that is “inconsistent with the terms of the statute.”143 Food Marketing Institute v. Argus Leader Media, 139 S. Ct. 2356, 2361–64 (2019). The Court adopted a new standard under which contractors can withhold any information they provide to the government — even where it was paid for by tax dollars and pertains to public functions — so long as they simply attest that the information is private. 

This new test is devastating for public access to government information, because increasingly more government work is contracted out to private entities. Federal contractors are paid hundreds of billions of taxpayer dollars annually and employ roughly a quarter of the U.S. workforce144 See U.S. Treasury, Data Lab – Contract Spending Analysis,; U.S. Treasury, Data Lab – Contract Explorer,; Neil Damron, Delivering for Taxpayers: Taking On Contractor Fraud and Abuse and Improving Jobs for Millions of America’s Workers. National Employment Law Project (Sept. 2018), to provide public goods and to complete a wide range of social services.145 Id. For a discussion of how contractors step into the government’s shoes, see generally Stephen Osborne, PUBLIC-PRIVATE PARTNERSHIPS: THEORY AND PRACTICE IN INTERNATIONAL PERSPECTIVE (Routledge, 2000),; Timothy Besley & Maitreesh Ghatak, Government versus private ownership of public goods. QUARTERLY JOURNAL OF ECONOMICS 116 (4), 1343-1372 (2001),; Scott M. Sullivan, Private Force/Public Goods. CONNECTICUT LAW REVIEW 42 (3), 853 (2010), To complete these public functions, contractors come into control of countless numbers of public records and data that are now hidden from the public under Exemption 4, including contracts about Immigration and Customs Enforcement (ICE)’s detainment of children, contracts materials about building the border wall, and agreements about public utilities.146 While Justice Gorsuch claimed that this new test comports with the ordinary meaning of the statute’s terms, reviewing legislative history makes it seem highly unlikely that this was the intended meaning of the framers of FOIA. In direct contradiction to the Argus Leader test, the Senate struck the word “customarily” from prior versions of Exemption 4, but the word was not removed from committee reports. Relying on the committee reports thus gives an inaccurate impression, namely a broader version of Exemption 4 than Congress enacted. Even worse, this trend has expanded to state public records laws.147 USC Center for Health Journalism et. al. v. Local Initiative Health Authority LA Cnty., 22-ST-CP-01429 (Sup. Ct. CA 2022) (Defendants denying performance records from L.A. Care’s health providers, including quality and access to care as “confidential business information” and trade secret).

Argus Leader’s resulting opacity immediately garnered substantial criticism. In addition to civic society organizations, members of Congress have spoken out about the case.148 Beryl Lipton, Supreme Court ruling draws criticisms, calls for Congressional protection of FOIA. MUCKROCK (July 2, 2019), Senator Chuck Grassley (R-IA) told the Senate in 2021, “I am an advocate for the FOIA and the public’s business being public, and this Supreme Court decision inhibited that.”149 Id. Grassley partnered with Senators Patrick Leahy (D-VT), John Cornyn (R-TX), and Dianne Feinstein (D-CA) to co-sponsor a bill, the Open and Responsive Government Act (S. 2220). The bill was meant to reverse the impact of the Argus Leader and “restore the public’s right to access confidential commercial information through the Freedom of Information Act.”150 Id. A new bill was recently proposed by Grassley was being considered among members of Congress. 

Despite these possible reforms to the law, the Argus Leader decision is in lockstep with a line of recent Supreme Court cases expanding corporate power and corroding democratic principles protected under the First Amendment, such as Hobby Lobby and Citizens United. While Argus Leader is not a First Amendment case, in all of these decisions the autonomy of the corporation and corporate speech is elevated over the public interest and democratic principles.151 While it is well established that corporations are legal persons, these cases increasingly fail to account for the importance of other democratic values, including transparency, which might trump corporate privacy rights. Moreover, FOIA has long been used as a tool for corporate advantage, to the detriment of the public good, in contravention of the law’s purpose. See generally Margaret B. Kwoka, FOIA, Inc. 65 DUKE L. J. 1361, 1379 (2016), (discussing the phenomenon of competitor firms using public records requests for commercial advantages). Indeed, the most fundamental concern with Argus Leader is that, at its core, it contradicts FOIA’s “basic purpose” to promote “full agency disclosure” to create an informed public.152 Dep’t of the Air Force v. Rose, 425 U.S. 352, 360-61 (1976) (internal citations and quotation marks omitted).  

Argus Leader perverts FOIA’s basic purpose to redistribute power to the public through the spread of information from the consolidated hands of government and corporations.153 Jack Balkin, The First Amendment Is an Information Policy. 41 HOFSTRA L. REV. 1 (2012), (“The emergence of democracies changed the purpose of knowledge and information policy. In a democracy, sovereignty rests in the people. But if the people are the rulers, they need information in order to hold their representatives accountable. The public needs access to information about public issues, and about what government officials are doing in their name; it needs relatively inexpensive ways to communicate with other citizens, organize, discuss, protest, and form public opinion. In a democracy, political legitimacy necessarily depends on the free flow of information, and on the maintenance of a robust public sphere of discussion and opinion. In fact, the first democracy in Ancient Athens also pioneered techniques for spreading information among its citizens”) (citing Josiah Ober, Democracy and Knowledge: Innovation and Learning in Classical Athens 26-38 (2008),, explaining how Athenian democracy developed knowledge distribution for social welfare.) This opinion has instead promoted a perverse policy of secrecy where there is consolidation of government and corporate actors, even though their combined power should demand more transparency to prevent corrupt decisionmaking. As the Department of Justice boldly argued in a recent case involving Argus Leader, “Exemption 4 is intended to protect the interests of both the government and submitters of  information [i.e. corporations].”154 Gov’t Brief in Center for Investigative Reporting v. Dep’t of Labor, No. 3:19-cv-05603-SK (N.D. Cal. March 4, 2020), Dkt. 26 at 12, Gov’t Motion for Summary Judgment (March 4, 2020); see also id. at 24 (“This concern lies at the heart of the Exemption 4” that “when Congress enacted FOIA it sought a ‘workable balance’ between disclosure and other governmental interests — interests that may include providing private parties with sufficient assurances about the treatment of their proprietary information so they will cooperate in federal programs and supply the government with information vital to its work.”). This is a surprising interpretation of FOIA which has the “basic purpose … to ensure an informed citizenry, vital to the functioning of a democratic society, needed to check against corruption and to hold the governors accountable to the governed.”155 NLRB v. Robbins Tire & Rubber Co., 437 U.S. 214, 242 (1978). 

But even more concerning than contravening the legislative intent of FOIA, Argus Leader is worrisome as it coincides with a recent trend of corporations performing increasingly more government functions, risking the withholding of growing swaths of public information in the hands of corporations that previously would have been disclosable if performed by government. 

In 2009, Jody Freedman and Martha Minow highlighted this trend of private vendors performing government functions as “government by contract.”156 See Jody Freeman & Martha Minow, eds., GOVERNMENT BY CONTRACT: OUTSOURCING AND AMERICAN DEMOCRACY (Harvard University Press, 2009), Today, more and more companies like Amazon, Palantir, and Google are stepping into the lucrative role of quasi-governors and partnering with government to provide crucial public services.

For instance, private companies provide services for sentencing timelines, prisons, detention centers, and other crucial parts of the criminal justice system.157 Vera Eidelman, Secret Algorithms Are Deciding Criminal Trials and We Aren’t Even Allowed to Test Their Accuracy. ACLU (Sept. 15, 2017), As Deepa Varadarajan has noted, various corporations help the government calculate Medicaid benefits and bail amounts and assess educator performance — all of which may now become hidden data.158 Deepa Varadarajan, Business Secrecy Expansion and FOIA. 68 UCLA L. REV. 462 (2021). 

The U.S. Department of Defense (DOD) provides a good example of this contractor growth. The DOD conducted a state-by-state analysis of the department’s spending, including awards to private contractors.159 U.S. Dep’t of Defense, Defense Spending by State — Fiscal Year 2019 (2019), The analysis shows that a majority of DOD’s spending was used on compensating private contractors for DOD responsibilities. In 2016, $378.5 billion was spent on subcontractors and payroll in all 50 states, of which $258.2 billion was paid to private contractors for various government products and services. By 2018, DOD had spent $500 billion in tax dollars, of which $358.9 billion was spent on private contracts. And in 2019, DOD spent $550.9 billion, with $403.9 billion going to private contractors.160Id

This growing corporate spending on private contractors to perform government functions, in combination with Argus Leader’s new test under FOIA Exemption 4, yields a scenario where government and corporations are more able to withhold records as “business information” that would otherwise be disclosed under FOIA as public, government information. As Judge William Alsup, a federal district judge in the Northern District of California, lamented in the first case applying the new Exemption 4 standard:

The Court is sympathetic to plaintiff’s steep uphill battle under the new Exemption 4 standard. Under Food Marketing, it appears that defendants need merely invoke the magic words — “customarily and actually kept confidential” — to prevail. … The undersigned judge has learned in twenty-five years of practice and twenty years as a judge how prolifically companies claim confidentiality, including over documents that, once scrutinized, contain standard fare blather and even publicly available information. Nevertheless, we are not writing on a clean slate. Food Marketing mandates this result.161 Am. Small Bus. League v. U.S. Dep’t of Def., 411 F. Supp. 3d 824, 832 (N.D. Cal. 2019).

As Judge Alsup’s order suggests, Argus Leader runs contrary to the letter and spirit of the law. Disclosure of information is crucial for oversight of government tasks in order for the public to accurately hold representatives accountable.162 See generally Brief for the AI Now Institute et. al. as Amici Curiae Supporting Respondents, Food Marketing Institute v. Argus Leader Media, 139 S. Ct. 2356 (2019) (No. 18-481), 2, (“Because the government so often relies on private vendors or contractors to carry out core governmental functions, it is impossible to adopt an expansive interpretation of Exemption 4 without doing violence to FOIA’s core purpose.”)

Since the Supreme Court issued its decision, various agencies have deployed the Argus Leader framework to withhold important public records. In weighing these arguments, district courts will more easily find information confidential — as long as a company simply provides an affidavit attesting that the information is private.

For instance, in a case involving the Food and Drug Administration, the government submitted an affidavit from a contractor simply stating the information was “secret” and attested to the Court that this affidavit “alone is sufficient to establish that the information is confidential within the meaning of Exemption 4.”163 Seife v. Food and Drug Administration et al, Docket No. 1:17-cv-03960 (S.D.N.Y. May 25, 2017), Dkt. 146, Gov’t Motion for Summary Judgment (Sept. 30, 2019), 10, 16. In a Department of Energy case, the government again argued that the National Nuclear Security Administration had withheld documents regarding nuclear laboratories, based on such laboratories’ assurances of confidentiality.164 Center for Public Integrity v. U.S. Department Of Energy, Docket No. 1:17-cv-00286 (D.D.C. Feb 15, 2017), Dkt. 29-1, Gov’t. Memorandum Of Points And Authorities In Support Of Defendant’s Renewed Motion For Summary Judgment (Sept. 30, 2019), 9-10. In Gellman v. Department of Homeland Security, the Court held that bulletins prepared for the department by an outside vendor are considered confidential because the vendor closely holds the formatting, design, and organization of the bulletins and does not produce the bulletins publicly.165 Gellman v. Department of Homeland Security. 2020 U.S. Dist. LEXIS 48492 *1, 32-33 (D.D.C. 2020).

Courts have even gone so far as to state that although the confidential information has been disclosed to a third party, the information may still be confidential.166 Seife v. FDA, 2020 U.S. Dist. LEXIS 184884 *1 (S.D.N.Y. 2020); Stevens v. United States Dep’t of State, 2020 U.S. Dist. LEXIS 51305 *1, 22-24 (N.D. Ill. Mar. 23, 2020). In other words, courts will not waive a document’s status as confidential even if it is no longer a secret.167 See generally id. For example, in Seife v. FDA, the Court noted that a drug manufacturer’s clinical trial process and documents remained confidential even though the manufacturer had publicly shared the information when it collaborated with third parties in an application for market approval.168 Seife, 2020 U.S. Dist. LEXIS 184884 at *15-17. Similarly, in Stevens v. United States Department of State, the Court held that course materials distributed to paying students at a university were confidential because they were disclosed to a limited group but not to the public at large.169 Stevens, 2020 U.S. Dist. LEXIS 51305 at *22-24 (records dealing with the State Department’s relationship with the foreign campuses of American universities).  

Despite Argus Leader’s resulting opacity some courts have interpreted the case in a way that might slightly temper these expanding parameters of secrecy. Among them are a case against the Department of Labor involving diversity statistics reports submitted by federal contractors; another case against the Department of Labor regarding reports detailing the number of accidents and injuries that take place on company property; and a case against Customs Border Protection for documents pertaining to the building of the border wall between the United States and Mexico. These are among a multitude of other cases percolating in district and appellate courts where records have been found to not qualify as confidential business information. 

Below are examinations of why courts reached these conclusions in these cases and how their rules can be understood and applied in other circumstances.

A. Successful Challenges of Exemption 4 Material Following Argus Leader

i. Department of Labor and Diversity Statistics

In 2017, the Center for Investigative Reporting (CIR) filed a FOIA request for the EEO-1 forms that federal contractors are required to fill out before they start working for the government.170 Center for Investigative Reporting v. Dep’t of Labor, No. 3:18-cv-02008 (N.D. Cal. Dec. 21, 2018). These one-page diversity reports break down company workforces by race, gender, and broad job category. Since 1966, certain large corporations have been required to file these reports annually with the Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP). Today, approximately 200,000 federal contractors who receive approximately $500 billion in taxpayer dollars every year must submit these forms.171 See generally U.S. Government Accountability Office, Equal Employment Opportunity: Strengthening Oversight Could Improve Federal Contractor Nondiscrimination Compliance (Sep. 22, 2016),  

Federal contractor diversity data has a significant role in lending insight into the government workforce, especially given the steady increase in outsourcing government work to private contractors.172 U.S. Treasury, Data Lab — Contract Spending Analysis,; see also Neil Damron, Delivering for Taxpayers: Taking On Contractor Fraud and Abuse and Improving Jobs for Millions of America’s Workers. NATIONAL EMPLOYMENT LAW PROJECT (Sept. 6, 2018), Public disclosure has been an especially valuable tool for Congress in deterring discrimination and encouraging diversity.173 The Glass Ceiling Commission, A Solid Investment: Making Full Use of the Nation’s Human Capital. (Nov. 1, 1995), 42, Through these reports, numerous academics have been able to study diversity trends in employment impacting women and persons of color in the workforce.174 See, e.g., Ronald Edwards et al., Employer Information Report (EEO-1): Data Overview. SSRN (Social Science Research Network), Nov. 2, 2007,; Bliss Cartwright et al., Job and industry gender segregation: NAICS categories and EEO-1 job groups. MONTHLY LABOR REV., U.S. DEPARTMENT OF LABOR, BUREAU OF LABOR STATISTICS 134 (11) (2001),; Corre L. Robinson et al., Studying Race or Ethnic and Sex Segregation at the Establishment Level: Methodological Issues and Substantive Opportunities Using EEO-1 Reports. WORK AND OCCUPATIONS 32 (1) (2005),; Fidan Ana Kurtulus and Donald Tomaskovic-Devey, Do Female Top Managers Help Women to Advance? A Panel Study Using EEO-1 Records. AM. ACAD. POL. SOC. SCI 639(1) (2012), For these reasons, diversity reports have not traditionally been treated as confidential — and for the past half-decade, momentum has been growing to make the reports accessible to keep federal contractors accountable to the public. 

Since 1974, courts have required EEO-1 Type 2 reports to be disclosed under FOIA.175 As the Office of Federal Contract Compliance Programs (OFCCP) explains on its Freedom of Information Act (FOIA) Frequently Asked Questions page, “[C]ourts have ruled that the Title VII prohibition against disclosure does not apply to OFCCP’s collection of EEO-1 data.” (last visited May 3, 2023) Congress, legislative commissions, and civil rights activists have all called for continued access.176 Members of Congress have called for greater access to diversity reports via companies’ proactive disclosures and via OFCCP’s disclosures under FOIA. See, e.g., Jessica Guynn, Barbara Lee calls on Apple, tech holdouts to release diversity data. USA TODAY (Aug. 4, 2015),; see also The Glass Ceiling Commission, A Solid Investment: Making Full Use of the Nation’s Human Capital (Nov. 1, 1995), (The Federal Glass Ceiling Commission, created by the Civil Rights Act of 1991, stated in its 1995 report that the government should “explore the possibility of mandating public release of EEO-1 forms for Federal contractors and publicly-traded corporations.”); Salvador Rodriguez, Jesse Jackson Gives Uber a Diversity Deadline.INC. (Jan. 5, 2017), (Jackson has called on companies to release diversity statistics); see also Emanuel Cleaver II, Letter from Emanuel Cleaver II, Member of Congress, U.S. House of Representatives, to Alexander Acosta, Secretary, U.S. Department of Labor (Mar. 6, 2019), Many companies including Google, Apple, and Microsoft also post numbers derived from these reports online as part of their own commitments to social responsibility.177 For example, Intel proactively began posting its diversity reports online in 2008. Google began posting its diversity data in 2014 after a similar FOIA lawsuit, and Microsoft followed in 2015. See e.g., Murrey Jacobson, Google finally discloses its diversity record, and it’s not good. PBS NEWSHOUR (May 28, 2014),; Laura Lorenzetti, Microsoft releases diversity stats: How the tech giant sizes up. FORTUNE (Jan. 5, 2015),

Among the companies named in CIR’s 2017 lawsuit was Palantir, a data analysis company that has been awarded billions of dollars in federal government contracts. Palantir, primarily known for supplying government intelligence agencies with some of the most invasive spying tools in their arsenal, adamantly asserted its records were confidential. 

Palantir sent a letter (that it also attempted to keep secret) to the U.S. Department of Labor objecting to the release of the Diversity Reports claiming that the reports fell under Exemption 4 because “competitors could identify where Palantir has made significant progress in hiring women and minorities and target recruitment strategies at specific job categories to steal this talent from Palantir.”178 Guadalupe Gonzalez, Why Oracle and Palantir Claim Their Diversity Numbers Are Trade Secrets: They’re Embarrassing. INC. (Jan. 8, 2019), In essence, the diversity patterns of the company’s employees were a trade secret. CIR eventually obtained Palantir’s 2015 Diversity Report along with all of the other reports requested through a settlement reached with the government and found that Palantir had only one woman in its management class.179 Center. for Investigative Reporting v. Dep’t of Labor, No. 3:18-cv-02008 (N.D. Cal. Dec. 21, 2018). 

Despite the disclosure of the EEO-1s in this case, the agency continued to object to disclosure. CIR filed another lawsuit in 2018 for the following calendar year’s batch of diversity reports from other technology companies. Because this case was filed after Argus Leader was issued by the Supreme Court, the Department of Labor again invoked Exemption 4 to withhold CIR’s new FOIA request, now with a robust new test to aid it. 

After months of briefing, CIR won the case in federal district court, with the federal court ruling in December 2019 that “the Government failed to make a showing that the demographic information contained in the EEO-1 reports is commercial,” so reports had to be “produced unredacted.”180 Center for Investigative Reporting v. Dep’t of Labor, 424 F. Supp. 3d 771, 779 (N.D. Cal. Dec. 10, 2019). All but one of the companies consented to the release of the reports. The government chose not to appeal, but the lone holdout, software company Synopsys, intervened and appealed the case to the Ninth Circuit Court of Appeals, arguing that its diversity statistics from four years ago remained confidential business information.181 The intervening company’s ability in this case to act as a single holdout, just as the intervenor in Argus Leader, shows that companies can single-handedly insert themselves into these cases to withhold information improperly to assert their own interest — despite the public interest. In 2022, CIR won the case on procedural grounds.182 Center for Investigative Reporting v. Dep’t of Labor, 34 F.4th 762, 772 (9th Cir. 2022). 

In December 2022, CIR filed yet a third lawsuit to disclose EEO-1 reports. Reporter Will Evans again submitted a request for EEO-1 data, but this time for all federal contractors in the United States that are required to submit the forms. In July 2022, the agency stated that its office estimated there were more than 100,000 responsive records and so disclosure would be unduly burdensome, despite there being no need for redactions. The agency added that the December 2019 ruling requiring disclosure of the records had no “precedential effect,” and that the agency was instead obligated to consult with each individual federal contractor in response to Evans’ request for aggregate data. 

CIR filed a letter with the Department of Labor asserting that the data withholding was improper, after which the agency published the request on its federal register, along with all of the agency’s communications with CIR.183 Notice of Request Under the Freedom of Information Act for Federal Contractors’ Type 2 Consolidated EEO-1 Report Data, 87 Fed. Reg. 51145 (Aug. 19, 2022), In late 2022 CIR filed a lawsuit in federal court. The case is now pending before Judge Alsup and a briefing schedule is set to start in August 2023.

ii. OSHA and work injury reports

Following Argus Leader, CIR succeeded in a separate lawsuit demanding disclosure of workplace illnesses and injury reports submitted to the Department of Labor. The department’s Occupational Safety and Health Administration (OSHA) has long required certain employers to record employees’ injuries and illnesses on a series of forms. Form 300 is a “log of work-related injuries and illnesses,” and Form 301 is a more granular report that “provides additional details about each case recorded on the OSHA Form 300.”184 OSHA, Improve Tracking of Workplace Injuries and Illnesses, 81 Fed. Reg. 29624 (May 12, 2016) (to be codified at 29 C.F.R. §§ 1902, 1904), Form 300A is a more generalized form with an anonymous summary of all the logs, which employers are required to post in their workplaces.185 The form requires a “summary report of all injuries and illnesses,” and contains data “total[ing] numbers of deaths, lost-workday cases, cases resulting in work restriction or transfer … as well as the total number of lost or restricted workdays; the classification of cases (injury, skin disorder, respiratory, poisoning, hearing loss, or other illnesses); the number of employees; and the total hours worked.”  

OSHA has routinely disclosed its 300 forms to members of the public through FOIA requests.186 Will Evans & Allysa Jeong Perry, Tesla says its factory is safer. But it left injuries off the books. REVEAL NEWS (Apr. 16, 2018), One year prior to its lawsuit, CIR obtained eight years of Goodyear Tire and Rubber Co.’s OSHA reports from the agency.187 Jennifer Gollan, Treading dangerously: Lax safety inside Goodyear’s tire plants. REVEAL NEWS (Dec. 14, 2017), Similarly, Bloomberg Environment obtained Amazon’s 2018 Form 300A from a FOIA request.188 OSHA, FOIA Report – Q4 2018 (2018), OSHA released Forms 300, 300A, and 301 from Microsoft, Amazon, PepsiCo, Nestlé, and Intel in response to a May 2017 request by Perkins Coie LLP.189 OSHA, FOIA Report – CY 2017 (2017), MuckRock, a nonprofit news organization, obtained Bartlett Grain Elevator’s Form 300A in 2013.190 Bartlett Grain Elevator Inspection Reports. MUCKROCK (Apr. 16, 2013), In 2019, PBS Frontline obtained Amazon’s 300A form through a public records request.

OSHA also requires employers to make the 300A forms publicly accessible to employees by posting them “in a conspicuous place or places where notices to employees are customarily posted” and ensuring they are not covered by any other material.191 29 C.F.R. § 1904. The 300A forms must be posted for at least three months. The employer must also disclose the reports to current and former employees upon request within 24 hours of receiving such a request.192 29 C.F.R. § 1904.35. OSHA states that “Publication of worker injury and illness data will encourage employers to prevent injuries and illnesses among their employees through several mechanisms.”193 81 Fed. Reg. 29,625-31; see also id. at 29, 630-31 (listing seven ways through which the public disclosure will lead to fewer workplace injuries).

In 2016, OSHA amended its record-keeping regulations. Employers were now required to electronically submit these forms annually to the government because “OSHA intend[ed] to post the establishment-specific injury and illness data it collects under this final rule on its public Web site at”194 See 81 Fed. Reg. 29, 625 (“2016 Final Rule”). The agency issued a second final rule delaying compliance with the 2016 Final Rule, Improve Tracking of Workplace Injuries and Illnesses: Delay of Compliance Date, 82 Fed. Reg. 55,761 (Nov. 24, 2017), (to be codified at 19 C.F.R. § 1904), before issuing the final rule currently in effect in early 2019. See Tracking of Workplace Injuries and Illnesses, 84 Fed. Reg. 380 (Jan. 25, 2019), (to be codified at 19 C.F.R. § 1904) (“2019 Final Rule”). The agency highlighted the importance of making the information publicly available, stating that this rule would provide workers, researchers, the public, and workplace safety regulators with “critical information” about “dangerous workplaces.”195 Press Release, OSHA, OSHA’s final rule to ‘nudge’ employers to prevent workplace injuries, illness (May 11, 2016), OSHA stated, “Just as public disclosure of their kitchens’ sanitary conditions encourages restaurant owners to improve food safety, OSHA expects that public disclosure of work injury data will encourage employers to increase their efforts to prevent work-related injuries and illnesses.”196 Id. The agency, however, neglected to keep its promise, and in 2018, CIR filed a lawsuit to compel public disclosure of all of these forms. 

In its brief, the Department of Labor argued that the requested data was confidential business information, so the reports were “commercially sensitive information.”197 Center for Investigative Reporting v. Department of Labor, Case No. 18-cv-02414-DMR (N.D. Cal. June. 4, 2020), Dkt. 26, Defendant’s Motion for Summary Judgement (Sept. 10, 2019), 21. It sought to support its assertion with explanatory quotes from selected corporations targeted by the request. Many companies claimed that their workforce headcounts and employee hours worked could be deduced from the data. One said that the availability of such information would harm its businesses by helping competitors assess its insurance costs. Another complained that overall capacity and productivity could be revealed by this data, without further elaboration as to how that was possible. Others made conclusory claims that the publication of the data was simply harmful and proprietary. 

In 2019, CIR won the case in federal district court.198 Center for Investigative Reporting v. Department of Labor, Case No. 18-cv-02414-DMR, 2020 WL 2995209 (N.D. Cal. June. 4, 2020); see also Jennifer Gollan & Melissa Lewis, Many US workplaces required to report injuries flouted new Labor Department rule, REVEAL (Aug. 25, 2020), The court found that the records were not properly withheld under Exemption 4, as the government had previously promised to disclose the records, so they were not confidential.199 Id. Following the decision, the agency disclosed the hundreds of thousands of 300A reports — and created a public portal to the records. 

While CIR had to file yet another lawsuit for Amazon’s OSHA forms, after it lost,200 Center for Investigative Reporting v. U.S. Department of Labor, 470 F. Supp. 3d 1096, 1112 (N.D. Cal. 2020) OSHA later conceded in a letter to a FOIA requester, “OSHA was involved in litigation regarding the release of the materials. … OSHA has now made all Form 300A data for calendar years 2016 through 2020 available to the public for downloading from OSHA’s webpage, Establishment Specific Injury and Illness Data website.201 Dep’t of Labor, Establishment Specific Injury and Illness Data (Injury Tracking Application), Each calendar year of data is provided as a CSV (comma-separated value) file, which can be loaded into a spreadsheet application for viewing and searching.   

iii. Customs and Border Protection and border wall records

During the Trump Administration there was extensive reporting and public discussion concerning the border between the United States and Mexico, given President Trump’s call to build a more expansive wall between the countries. This campaign led to increasing concern over the operations of the U.S. Customs and Border Protection (CBP) agency at the border, including the amount of federal dollars to be spent on building a new border wall.202 See, e.g., Andrew Becker, Trump’s wall is wrong path for immigration reform, analysts say. REVEAL (Jan. 25, 2017),; Michael Corey & Andrew Becker, Senate Democrats answer questions, raise concerns with Trump’s wall. REVEAL (Apr. 19, 2017),; Andrew Becker & David Rodriguez, Feds hunt down mystery landowners in bid to build border wall. REVEAL (June 21, 2017),  

In March 2017, the CBP issued two Requests for Proposals (RFPs), calling for contract proposals from private companies “to design and build prototypes for a new border wall on the U.S.-Mexico border near Chula Vista, California.”203 Center for Investigative Reporting v. U.S. Customs and Border Prot., 436 F. Supp. 3d 90, 111 (D.D.C. 2019). The government explicitly wrote in its calls for proposals that all submitted documents would not be proprietary, would be in the public domain, and would “not [be] confidential.”204 Id. To report on the agency’s call, CIR filed a request for the submissions. In response, the CBP asserted that 110 pages of emails sent to enquiring about the RFPs were withheld under Exemption 4. 

After CIR filed a lawsuit, in 2019 U.S. District Judge Beryl Howell issued an order against CBP finding that the records were not properly withheld under Exemption 4, as there was no assurance of privacy in the government communications. “The defendants provide no foundation for their confidentiality claims. They do not, for instance, indicate that the submitters told CBP that portions of the questions and concerns were confidential,” Chief Judge Howell wrote in her ruling.205 Id. “In fact, a reasonable submitter may well have assumed that information stored in such a public-facing email account would not be confidential by default.”206 Id. The case stands as a useful reminder that not every piece of information submitted by a company to the government should fall under a shroud of secrecy. 

B. Continued Rise in Exemption 4 Withholdings

Regardless of these successes for reporters, companies and industry representatives are consistently using Argus Leader to immunize their records from disclosure.207 Brownstein client alert, Protecting Confidential Business Information (July 18, 2019), Most frequently, companies submit declarations to the government claiming that their records are confidential business information.208 See, e.g., Supplemental Request for Confidential Treatment, In re Enova International, Inc., 2021-MISC-Enova International, Inc.-0001 (Sept. 20, 2021), In addition, companies often file “reverse FOIA” cases209 Reverse FOIA cases are lawsuits where private actors bring claims stating that their information is wrongfully sought under FOIA and that one of its nine Exemptions apply, properly justifying the withholding of the material. and motions to intervene in FOIA cases to obtain orders from the court barring disclosure of records, regardless of the agency’s position. 

In a 2020 case before the Ninth Circuit, the National Association for Biomedical Research argued that Exemption 4 required the U.S. Fish and Wildlife Service to withhold data that had been previously released for more than a decade.210 In 2020, the Ninth Circuit Court of Appeals remanded the case back to the district court for additional review and application of Argus Leader. Ctr. for Biological Diversity v. National Biomedical Research, et al, No. 18-15997 (9th Cir. May 31, 2018), Dkt. 28 NABR Opening Brief (Aug. 26, 2019); see also Ctr. for Biological Diversity v. U.S. Fish & Wildlife Serv., No. CV-16-00527-TUC-BGM, 2018 BL 114964 (D. Ariz. Mar. 30, 2018). Based on this fact alone, the district court had previously considered “the possibility of competitive harm” to be “corporate speculation”; see also Humane Soc’y Int’l v. U.S. Fish & Wildlife Serv., Civil Action No. 16-720 (TJK) (D.D.C. Mar. 29, 2021). In a 2019 motion to intervene to oppose the release of Federal Trade Commission documents, Facebook cited Argus Leader to shield disclosure about its own practices.211 Reply Brief in Support of Facebook, Inc.’s Motion to Intervene, Elec. Priv. Information Ctr. v. Fed. Trade Comm’n, 2019 WL 3237108 (D.D.C.) No. 18-942 (TJK). July 12, 2019 (“EPIC does not dispute that the redacted documents at issue here are documents that Facebook treated as private … and provided to the government under an assurance of privacy.” Food Marketing Institute, 139 S. Ct. at 2366[.] . . . . Nothing more is required to invoke Exemption 4.”). In 2021, in response to a FOIA request filed by Cat Ferguson at the MIT Technology Review, the Centers for Disease Control responded that the consulting company Deloitte claimed its records regarding creating a software contract service for COVID were “confidential business information.”212 Cat Ferguson, US covid contract details are a “trade secret”—according to the contractors. MIT TECHNOLOGY REVIEW (Apr. 12, 2021), USAID has exempted similar information by Deloitte for its Request for Proposal to Improve Private Sector Competitiveness as confidential business information.213 Id. ProPublica journalist Jeremy Merrill similarly received a FOIA Exemption 4 denial for a Facebook advertisement run by the Marine Corps Recruiting Command in February 2018 and related contracts.214 Email dated June 16, 2021, from Jeremy Merrill to D. Victoria Baranetsky, on file with author. 

In general, these changes in Exemption 4 have mirrored the trend of corporate parties advocating for a concept of trade secrecy even broader than its civil counterpart, granting owners the ability to control public information.215 Charles Tait Graves & Sonia K. Katyal, From Trade Secrecy to Seclusion, 109 GEORGETOWN L. REV. 1337 (2021),; Deepa Varadarajan, Business Secrecy Expansion and FOIA, 68 UCLA L. REV. 462 (2021), But this secrecy is anathema to FOIA’s conception of democracy. And while “intellectual property” may serve the democratic value of the “diffusion of knowledge,” withholding public information from the masses thwarts a truly democratic culture.216 Balkin, supra note 152, at 2. (discussing that the Progress Clause of the U.S. Constitution Article I, Section 8 “was designed to decentralize and democratize innovation and information production. Instead of relying on royal patronage to generate art and science, or tie up innovation through royal favoritism and crown monopolies, Congress wanted to use markets to create incentives for intellectual production and diffusion of knowledge.”) (citing Neil Weinstock Netanel, Copyright and a Democratic Civil Society, 106 YALE L.J. 283, 387 (2016),, stating “In adopting the Constitution’s Copyright Clause and enacting the first federal copyright statute, the Framers were animated by the belief that copyright’s support for the diffusion of knowledge is essential to the preservation of a free Constitution.”).

C. Possible Solutions Post-Argus Leader

Given these concerns, as FOIA cases move through the judiciary, courts implementing Argus Leader should review three things:

  • the ongoing custom of the specific company withholding the material, and whether it actually treated the information as secret by not sharing it with anyone outside the executive level; 
  • the overall industry custom with regard to keeping this type of information private when considering whether the information is customarily secret, rather than focusing on the custom of a single holdout corporation;
  • the value of the information to the public good.217 Courts are currently split on how to determine whether information is “customarily and actually treated as private by its owner,” as required by Argus Leader. Some courts have stated that this turns on “how the particular party customarily treats the information, not how the industry as a whole treats the information.” Flyers Rights Educ. Fund Inc. v. FAA, No. CV 19-3749 (CKK), 2021 WL 4206594, at *6 (D.D.C. Sept. 16, 2021), citing Ctr. for Auto Safety v. Nat’l Highway Traffic Safety Admin., 244 F.3d 144, 148 (D.C.Cir.2001). However, Argus Leader itself mentioned the industry association members’ treatment of the information to determine if information was customarily treated as confidential. Argus Leader, 139 S. Ct. 2356, 2363 (“[T]here’s no question that the Institute’s members satisfy this condition; uncontested testimony established that the Institute’s retailers customarily do not disclose store-level SNAP data or make it publicly available.”). Three federal district court judges have also suggested that it is relevant to examine a competitors’ disclosures practices. As Senior District Judge William Alsup stated in Am. Small Bus. League v. United States Dep’t of Def., 411 F. Supp. 3d 824, 832 (N.D. Cal. 2019), plaintiffs can “possibly point to other competitors who release the information” to stop defendants from crying confidential for every document. Magistrate Judge Sallie Kim also took industry comments into account regarding how businesses treat injury reports, but ultimately found they had little utility. Center for Investigative Reporting v. Dep’t of Labor., No. 18-CV-02414-DMR, 2020 WL 2995209, at *4 (N.D. Cal. June 4, 2020), (quoting Am. Small Bus. League). Another judge in the Southern District of New York endorsed Judge Alsup’s idea. New York Times Co. v. U.S. Food & Drug Admin., No. 19-CV-4740 (VEC), 2021 WL 1178126, at *15 (S.D.N.Y. Mar. 29, 2021) (Caproni, J.). Just as is the test with other Exemptions, courts should balance the public interest against any potential injuries to the industry.

Finally, courts should also consider whether the disclosure would cause foreseeable harm.218 In 2016 Congress passed the FOIA Improvement Act, which created an independent requirement under FOIA for the defendant to show that even in cases where an exception existed that the records create a “foreseeable harm” to warrant withholding. Section 552(a)(8) commands agencies to release records unless “the agency reasonably foresees that disclosure would harm an interest protected by an exemption[.]” See also Judicial Watch, Inc. v. U.S. Dep’t of Com., 375 F. Supp. 3d 93 (D.D.C. 2019).


Passing laws that stymie transparency, overrunning FOIA

Exemption 3 of FOIA has also increasingly become a statutory foothold for corporate secrecy.219 Under FOIA, there is a general presumption of openness. On his first full day in office on January 21, 2009, President Barack Obama issued a memorandum to the heads of all departments and agencies on the Freedom of Information Act (FOIA), directing that it “should be administered with a clear presumption: In the face of doubt, openness prevails.” President Obama’s FOIA Memorandum and Attorney General Holder’s FOIA Guidelines, (last updated July 28, 2021). In general, the Exemption permits the government to withhold information if Congress has passed a statute that “specifically exempt[s]” the material from disclosure.220 5 U.S.C. § 552(b)(3). Over the past several years, Congress has passed hundreds of these kinds of statutes circumventing FOIA’s general presumption of openness. While Exemption 3 is necessary to permit Congress to make exceptions for national security or other private information, lobbyists have advocated for more laws that “protect narrow, special interests.”221 “Exemption 3,” FOIA.Wiki, Retrieved Jan. 16, 2023. In recent years, as lobbyists have successfully proposed more Exemption 3 statutes that abuse FOIA’s main purpose, several members of Congress have enumerated concerns over “exemption creep,” because such statutes pose a serious threat to accessing information that is crucial to having an informed democracy.

A. Exemption 3 and Legislative Creep by Corporations Corroding FOIA’s Presumption of Openness

FOIA Exemption 3 permits for an agency to withhold records if Congress has passed a law exempting their disclosure. As originally enacted in 1966, Exemption 3 reads that records are properly withheld if they are “specifically exempted from disclosure by statute.”222 5 U.S.C. § 552(b)(3). According to FOIA, whether Exemption 3 applies and precludes disclosure of certain records involves a two-part inquiry.223 See also Carlson v. U.S. Postal Service, 504 F.3d 1123, 1127 (9th Cir. 2007). Courts first determine the statute itself  “meets the requirements of the Exemption 3”224 Id. to qualify as a withholding statute and then courts “determine whether the requested information falls within the scope of the withholding statute.”225 Id.

Since its passage, however, Congress has been wary of the ballooning of Exemption 3 and the ability of the exemption to swallow the general rule. For this reason, Congress has amended Exemption 3 multiple times to make more stringent requirements. In 1976,226 Exemption 3 was amended to provide that information may be withheld under Exemption 3 statute only when that statute either “(A) requires that matters be withheld from the public in such a manner as to leave no discretion on the issue or (B) establishes particular criteria for withholding or refers to particular types of matters to be withheld.”5 U.S.C. § 552(b)(3). The first subpart of Exemption 3, referred to as the “no discretionary release” requirement, is absolute— stating that the information “shall not be disclosed” unless the agency shows that the statute contained a mandate that this particular type of information must not be disclosed. Congress demanded withholding statutes include “sufficiently definite standards” as to which records are properly withheld, rather than granting “broad discretion” to an agency to withhold any and all records.227 Consumer Product Safety Commission v. GTE Sylvania, Inc., 447 U.S. 102 (1980); see also Sciba v. Board of Governors of the Federal Reserve System, 2005 WL 758260 (D.D.C. 2005), (quoting Wisconsin Project on Nuclear Arms Control v. U.S. Dept. of Commerce, 317 F.3d 275, 280 (D.C. Cir. 2003) The statute must be “the product of congressional appreciation of the dangers inherent in airing particular data and must incorporate a formula whereby the administrator may determine precisely whether the disclosure in any instance would pose the hazard that Congress foresaw.” In essence, Congress required that “a statute’s actual words determine Exemption 3 applicability” rather than permitting for a statute to be stretched in ways to permit for all kinds of withholding.228 See Reporters Committee for Freedom of the Press v. U.S. Department of Justice, 816 F.2d 730, 735 (D.C. Cir. 1987) ([modified, 831 F.2d 1124 (D.C. Cir.1987), rev’d on other grounds, 489 U.S. 749 (1989). All of these changes focused on the particular language of the withholding statute to ensure each didn’t overreach its ability to withhold public information.

Despite these attempts to limit the potential for abuse of Exemption 3, by 2009 Congress had identified an even more serious concern over Exemption 3, or what Senator Patrick Leahy dubbed “exemption creep.”229 Sen. Patrick Leahy, “Remarks in the Senate,” Congressional Record, daily edition, March 17, 2009, p. S3164. In essence, in 2009 Congress had identified an alarming number of statutes passed permitting withholding despite FOIA. In response, Congress introduced and passed an amendment, the OPEN FOIA Act of 2009, which was meant to essentially require Congress to double-check its work and expressly state its intention to explicitly override FOIA’s transparency requirement.230 The OPEN FOIA Act requires that any statute “enacted after the date of enactment of the OPEN FOIA Act of 2009” must “specifically cite to this paragraph [5 U.S.C. § 552(b)(3)].” 5 U.S.C. § 552(b)(3)(B). 

The OPEN FOIA Act of 2009 requires Congress to cite Exemption 3 in the body of the withholding statute to permit for proper withholding. This exacting standard was intended as a response to Senator Leahy’s thought that “(b)(3) statutory exemptions should be clear and unambiguous, and vigorously debated before they are enacted into law.”231 155 Cong. Rec. S3175- 876 (2009). In essence, the Act’s express purpose was to make Congress think seriously before permitting another withholding statute to be written onto the books.232 Id. As Congress stated, the statute was meant to “shine more light on the process of creating legislative exemptions to FOIA” by making sure that exemptions are clear and explicit.

Since 2009, Congress has come into compliance with this requirement in certain instances. The Dodd Frank Act of 2010, the National Defense Authorization Act of 1961,233 Pub. L. No. 113-254. Enacted December 18, 2014 for Fiscal Year 2012, Pub. L. No. 112-81, 125 Stat. 1298, 1600–01, 1604 (2011). and the Protecting and Securing Chemical Facilities From Terrorist Attacks Act of 2014234 Protecting and Securing Chemical Facilities From Terrorist Attacks Act of 2014 – Pub. L. No. 113-254. Enacted Dec. 18, 2014, all include the specific citation to Exemption 3 in accordance with the OPEN FOIA Act. But an accelerating number of Exemption 3 statutes are still being passed every year without the required language. Moreover, since 2009, courts have regularly found statutes to qualify as Exemption (b)(3) statutes even if they don’t contain that language.235 U.S. Department of Justice, Statutes Found to Qualify under Exemption 3 of the FOIA. (December 2016), Based on these circumstances, federal agencies have calculated that approximately 79 statutes are used as Exemption (b)(3) statutes, even when a vast majority of these statutes do not contain the required language. Indeed, “agencies often rely on statutes as a basis for Exemption 3 withholding without a court having determined whether the nondisclosure statute qualifies as an Exemption 3 withholding statute.”236 Gina Stevens, The Freedom of Information Act and Nondisclosure Provisions in Other Federal Laws. (Sept. 24, 2010),

  Even more numerous than the quantity of Exemption 3 statutes that are passed is the growing number of times these statutes are employed. The DOJ calculated that between 2010 and 2019, 91 federal agencies reported withholding information using at least one of 256 statutes more than 525,000 times.237 U.S. Government Accountability Office, Freedom of Information Act: Update on Federal Agencies’ Use of Exemption Statutes. (Feb. 11, 2021), The DOJ also found that agencies’ overall use of (b)(3) exemptions more than doubled from fiscal year 2012 to fiscal year 2019. Additionally, in fiscal year 2019, agencies used FOIA’s nine exemptions nearly 970,000 times, and of this total, agencies cited the (b)(3) exemption nearly 72,000 times, which was 7.4 percent of exemptions used governmentwide.

Freedom of Information Act Requests Processed, Partial Denials, Full Denials, and Use of (b)(3) Exemptions, Fiscal Years 2012-2019.

In addition, the DOJ’s report makes clear that the exemption is often being used as a corporate shield. For instance, agencies have vastly multiplied the number of the times they invoke the Bank Secrecy Act (BSA),238 31 U.S.C. § 5319. a statute which exempts information pertaining to companies’ financial transactions. The BSA was used 235 percent more times over the period of one year; in 2016 agencies cited the BSA 958 times to withhold records, increasing  by 2017 to 3,209 times. Similarly, of all the (b)(3) statutes cited in fiscal years 2010 through 2019, the one used by the greatest number of agencies was 41 U.S.C. § 4702, which allows privileged or confidential commercial information on contractor proposals to be withheld. This statute was cited more than 3,000 times by 44 agencies. 

One of those instances was in the 2018 case CIR v. U.S. Customs and Border Protection239 Center for Investigative Reporting v. U.S. Customs & Border Protection, 436 F. Supp. 3d 90, 96-97 (D.D.C. 2019). where the CBP used Exemption 3 to withhold contractor information. CIR’s request sought records related to President Donald Trump’s campaign to build an updated border wall, including Requests for Proposals (RFPs) “to design and build prototypes for a new border wall.”240 Id. at 90. Contractors submitted more than 150 proposals to CBP, which “included potential designs and materials to be used in construction, as well as more basic information about which companies were submitting proposals.”241 Id. at 96-97. The agency had stated on its website that all of the submitted information would be public, but after CIR submitted its request CBP notified all the contractors in order to provide them an opportunity to object. The agency subsequently denied the request, relying on Exemption 3 and 41 U.S.C. § 4702 to withhold 5,482 of the 5,588 pages of bidders’ proposals. CBP claimed that the “federal procurement law expressly protects the confidentiality of proposals submitted in response to Federal Government Requests for Proposals.”242 Id. at 112-13. Unable to easily oppose this statute, CIR was forced to concede that the records were properly withheld pursuant to Exemption 3, despite the importance of the records, simply because they fell under the language of the statute.

However, at least one recent ruling from the Ninth Circuit Court of Appeals shines some optimism on the problem of exemption creep. The case ultimately helps enforce the OPEN FOIA Act of 2009. That decision resulted from CIR’s reporter Alain Stephens, who requested data from the Bureau of Alcohol, Tobacco and Firearms (ATF) in 2016. Stephens had learned from a source that large numbers of guns confiscated by law enforcement had been sold back into the marketplace and went on to be used in crimes across the country. He sent a public records request to the ATF to simply understand: How many guns once seized by police departments had been recorded at crime scenes? After receiving no response for more than a year, CIR filed a lawsuit on his behalf against the ATF for this “statistical aggregate data.” In court, the ATF argued that under Exemption 3 and the Tiahrt Amendment, the agency was prohibited from releasing any data to the public — even though the Tiahrt Amendment did not cite back to Exemption 3.243 Center for Investigative Reporting v. United States Dep’t of Justice, 14 F.4th 916, 922 (9th Cir. 2021).

The Tiahrt Amendment, which was passed in the 2003 Consolidated Appropriations Act, prohibits the disclosure of all gun data held in the agency’s trace database, which traces guns from manufacturer to owner.244 That year Congress included in the Consolidated Appropriations Act a rider prohibiting ATF from disclosing individual or identifiable firearm trace data in order to protect the privacy of individuals, gun manufacturers, and law enforcement investigations. As a result, this rider, known as the Tiahrt Amendment, made individual trace data a government secret. Disclosure is prohibited — even if it is used for academic research. “It was extraordinary, and the most offensive thing you can think of,” said Chuck Wexler, director of the Police Executive Research Forum, a nonprofit group for police chiefs.245 James V. Grimaldi & Sari Horwitz, Industry pressure hides gun traces, protects dealers from public scrutiny. THE WASHINGTON POST (Oct. 24, 2010),  As Wexler explained, the law “kept the data from being used by cities and interest groups to sue the firearms industry, an avenue of attack modeled after the lawsuits against tobacco companies.”246 Id.  

“In the late ’90s, more than 40 cities, including New York, San Francisco, and St. Louis, used trace reports as the basis for a flurry of lawsuits that accused the gun industry of knowingly oversaturating markets and arming criminals.”247 Alain Stephens, Reveal sued the ATF for crime gun data. The court’s decision could greatly expand government transparency. REVEAL NEWS (Dec. 9, 2020), The bill was proposed in the wake of these lawsuits. Defenders of the bill argued that the database should be “kept secret to protect undercover officers,” but the then-ATF director Bradley A. Buckles said his agency had not asked for the amendment.248 Quoted in The Washington Post, Guns in America e-book (2013), “It just showed up,” he said. Ultimately, the Tiahrt Amendment barely passed with a slim majority of 31-30 in July 2003.249 Id. After the vote, Rep. James P. Moran Jr. (D-Va.) objected. “It was not the subject of hearings. It has no support from law enforcement. It has no support from Attorney General [John] Ashcroft. It really serves to protect only the most corrupt gun dealers at the expense of all other legitimate gun dealers.” Id.

While the original law generally required the ATF not to disclose any trace data, Congress modified the language of the statute in 2008 to permit for the disclosure for three exceptions. The third exception explicitly permits the ATF to release certain kinds of information, including “statistical aggregate data,”250 Consolidated Appropriations Act, 2008, Pub. L. No. 110–161, 121 Stat. 1844, 1903-04 (“2008 Appropriations Act”). It should be noted that the language of the statute never explicitly prohibited ATF from releasing statistical or aggregate trace data. See, e.g., Consolidated Appropriations Act, 2005, Pub. L. No. 108–447, 118 Stat. 2809, 2859–60 (“2005 Appropriations Act”), but the 2008 version clarified that exception. and repeatedly included this language in subsequent versions of the amendment.251 See Consolidated Appropriations Act, 2010, Pub. L. No. 111–117, 123 Stat. 3034, 3128-29. Under the most recent Tiahrt Amendment, adopted in 2010, the ATF still cannot release anything but aggregate data to the public. The Tiahrt Amendment states, “No funds appropriated under this or any other Act may be used to disclose part or all of the contents of the Firearms Trace System database maintained by the National Trace Center of the Bureau of Alcohol, Tobacco, Firearms and Explosives,” but then carves out three categories of information that shall not be prevented from release: (A) statistical information concerning total production, importation, and exportation of firearms; (B) information exchanged between various law enforcement agencies; or (C) statistical reports or statistical aggregate data regarding firearms misuse and firearms traffickers. 125 Stat. 552, 609-610. 

Over the past two decades, researchers have agreed that access to “statistical aggregate data” about gun ownership is paramount to government accountability, permissible, and does not disclose any identifying information, but no case had previously tried to test whether the exception applied to FOIA requests for statistical aggregate data because of the presumed strength of the Tiahrt Amendment.252 See, e.g., John Diedrich, Wiped Clean. MILWAUKEE JOURNAL SENTINEL (Jan. 3, 2010), (quoting former ATF officials and a 2004 Department of Justice Inspector General report on the ATF). This was especially the case after 2009, when no amendment to the Tiahrt had included the requirement of the OPEN FOIA Act.

While the district court ruled in 2018253 Center for Investigative Reporting v. United States Dep’t of Justice, No. 17-CV-06557, 2018 WL 3368884 at *10 (N.D. Cal. 2018). for the ATF, the U.S. Ninth Circuit of Appeals overturned that decision on December 3, 2021, ruling on three important holdings, including that the records could be released as “statistical aggregate data” under the Tiahrt Amendment.254 Center for Investigative Reporting v. United States Dep’t of Justice No. 18-17356, 2020 WL 7064638 (9th Cir. Dec. 3, 2020). But most importantly for future Exemption 3 cases, the Ninth Circuit held that the Tiahrt Amendment did not satisfy the OPEN FOIA Act of 2009 because it did not cite to Exemption 3 and therefore failed to qualify as an Exemption 3 statute.255 Supra note 252 at *9-10. The Court pointed out that Congress satisfied the OPEN FOIA Act with other statutes, for example when it passed the National Defense Authorization Act for Fiscal Year 2012 and cited Exemption 3. 

This Ninth Circuit holding is especially important because it was the first U.S. Circuit Court of Appeals case to state that the OPEN FOIA Act’s clear requirements to thwart exemption creep must be taken seriously, even in cases involving statutes with corporate interests. Ostensibly applying this ruling moving forward, all other withholding statutes passed after 2009 that fail to cite to Exemption 3 cannot justify the withholding of government data. This ruling may help stop the growing number of Exemption 3 statutes, particularly those not fully considered by Congress and aided by corporate lobbyists.


The Supreme Court’s Recent Rulings Make It Harder for States to Pass Transparency Laws, So Corporate Vehicles Can More Easily Hide Information in the Public Interest

Over the past five years, the Supreme Court has issued two decisions that make it harder for states to pass transparency laws that could ensure more corporate accountability. On June 26, 2018, the United States Supreme Court voted in Nat’l Inst. of Family & Life Advocates v. Becerra to strike down the FACT Act, a California state law intended to protect low-income women that required reproductive health facilities to inform clients about free or low-cost reproductive services.256 Nat’l Inst. of Family & Life Advocates v. Becerra, 138 S. Ct. 2361, (2018); Laura C. Morel, How Anti-Abortion Pregnancy Centers Can Claim to Be Medical Clinics and Get Away With It. REVEAL NEWS (Dec. 15, 2022), Pregnancy centers around the state felt burdened by the transparency requirements of the statute, and challenged the law by stating it violated their First Amendment privileges. California asserted that the law was seeking only to regulate “professional speech,” but the court’s majority, led by Justice Clarence Thomas, ruled that the law violated the First Amendment.257 Id. “The ruling created huge new hurdles to passing laws protecting center clients,” said Stephanie Toti, a constitutional lawyer who has argued reproductive rights cases before the Supreme Court.258 Id. 

Similarly in 2021, the Supreme Court issued a new opinion, Americans for Prosperity v. Bonta, that found another California disclosure law requiring the names of nonprofit donors to be disclosed was unconstitutional. A group of 15 U.S. senators, led by Sheldon Whitehouse (D-R.I.), urged the court in an amicus brief to uphold the disclosure requirements, warning that since corporations have been able to independently spend on influencing elections, “powerful influencers” have been spending money anonymously — funds that are sometimes referred to as “dark money.”259 Amy Howe, Justices to consider constitutionality of donor disclosure rule. SCOTUSBLOG (Apr. 25, 2021), (citing Brief of Amicus Curiae U.S. Senators in Support of Petitioner, Ams. Prosperity Found. v. Bonta (No. 19-251) (March 31, 2021), The Court held that the law was invalid because the disclosure impinged on the donors’ First Amendment association rights, and that the requirements were not narrowly tailored to an important government interest.260 Ams. Prosperity Found. v. Bonta, 594 U.S. _____, 141 S.Ct. 2373, 2383 (2021) (quoting Doe v. Reed, 561 U.S. 186, 196 (2010)). The Court stated that this disclosure requirement “dramatically mismatch[ed]” to the state’s interest in preventing charitable fraud and self-dealing and imposes an unjustifiable “widespread burden on donors’ associational rights.”261 141 S. Ct. at 2389. In her dissent, Justice Sonia Sotomayor argued that the majority opinion allows regulated entities to avoid obligations “by vaguely waving toward First Amendment ‘privacy concerns.’”262 141 S. Ct. at 2392.

Today, these two opinions make corporate accountability harder than ever before. This is especially the case as these legal rulings have converged with the emergence of various individuals increasingly operating under the cloak of shell companies, which make obtaining information about their transactions and our world more difficult to unearth.

Perhaps the most pervasive issue that has arisen with this kind of anonymity that demands increased transparency is the hiding of property ownership through shell companies, obfuscating the identity of the property owner.263 Financial Crimes Enforcement Network, The Role of Domestic Shell Companies in Financial Crime and Money Laundering: Limited Liability Companies (Nov. 2006), An LLC is a business structure in the U.S. that protects its owners from personal responsibility for its debts or liabilities. In many states, LLCs and other similar corporate entities “are not required to disclose their owners to [state] regulators.”264 Jon Swaine, Michael Cohen case shines light on Sean Hannity’s property empire. THE GUARDIAN (Apr. 23, 2018), When those same LLCs are then used to buy property, the owner is not registered in public recording logs. Instead, ownership is often attributed to the name of a representing law office, the name of the LLC, or a wealth management company associated with the LLC, while the name of the true or “beneficial owner” is obfuscated.265 A beneficial owner is a member of a business entity who enjoys the benefits of property ownership, even though the title to the property is in the name of the company.  

U.S. property ownership records have historically been open to the public. It is a basic tenet for anyone who owns a house: that the identity of who owns real estate is public information published in local registries. In the last decade, the federal government has identified an emerging trend that has corrupted these local recording systems. Increasingly, individuals who purchase residential real estate in the United States through shell companies can paper over ownership and even engage in various fraudulent and financial real estate crimes.266 Id. In 2017, the U.S. Treasury stated that anonymous shell transactions accounted for “one in four residential … purchases” nationwide,267 FinCEN, FIN 2017-A003, Advisory to Financial Institutions and Real Estate Firms and Professionals, Aug. 22, 2017, “totaling hundreds of billions of dollars.”268 Id. Fraudulent actors have “use[d] the secrecy afforded to shell companies” to file fraudulent deeds and trick vulnerable homeowners into signing over their properties.269 Stephanie Saul, Real Estate Shell Companies Scheme to Defraud Owners Out of Their Homes. N.Y. TIMES (Nov. 7, 2015),  

In many states, because LLCs and other shell companies are not required to disclose the names of their real owners to state regulators, these transactions are able to move forward anonymously.270 Liz Confalone, Forming an Anonymous Company Can Be Easier Than Getting a Library Card. N.Y. TIMES (Apr. 17, 2016), As a result, shell companies have become the perfect vehicle for corruption.271 Id. Criminals can use anonymous property purchases to shelter money for financial crimes and escape legal responsibility.272 See Emily Badger, Anonymous Owner, L.L.C.: Why It Has Become So Easy to Hide in the Housing Market. N.Y. (Apr. 30, 2018), (“L.L.C.s shield property owners from personal liability while obscuring their identities. In some cases, so much anonymity also enables money laundering, and it can mean that tenants struggle to hold landlords accountable, that cities fail to fix blight and that researchers can’t answer basic questions about the housing market.”) As former U.S. Representative Carolyn Maloney (D-NY) warned, “The illicit use of anonymous shell companies is one of the most pressing national security problems we currently face.”273 See House Passes Maloney Bill to Crack Down on Anonymous Shell Companies, Rep. Carolyn B. Maloney Newsroom (Oct. 22, 2019), The opacity of housing ownership incentivizes individuals to “park illicit money, driv[e] up housing costs and limit[] availability.”274 Id. 

LLCs also appear to be less likely to comply with housing codes, particularly in low-income neighborhoods.275 Id. Their anonymity makes it difficult, if not impossible, to identify predatory landlords and reclaim stolen property. These actors often “hide behind inscrutable mazes of [LLCs] … post office boxes and fake addresses,” causing serious harm to the housing market. 276 Id.

On a larger scale, these corporate bodies also permit large-scale international financial crimes.277 Joseph Spangers & Dev Kar, Illicit Financial Flows from Developing Countries: 2004-2013. GLOBAL FINANCIAL INTEGRITY (Dec. 8, 2015), Several recent investigations have unveiled various shell companies linked to individuals with suspected connections to organized crime and corruption, such as the former Russian senator and banker Vitaly Malkin, who used LLCs to purchase high-end real estate and conceal capital in the United States.278 Louise Story & Stephanie Saul, Stream of Foreign Wealth to Elite New York Real Estate. N.Y. TIMES (Feb. 7, 2015), The U.S. Government Accountability Office expressed concern in a 2006 report that “criminals are increasingly using U.S. shell companies to conceal their identity and illicit activities.”279 Government Accountability Office, Company Formations: Minimal Ownership Information Is Collected and Available. GAO-06-376, April 2006, 

Many reporters have identified and reported on this concerning trend over the last several years, particularly since the start of the COVID pandemic.280 See Ben Casselman & Connor Dougherty, Want a House Like This? Prepare for a Bidding War with Investors. N.Y. TIMES (June 20, 2019),; Emily Badger, Anonymous Owner, L.L.C.: Why It Has Become So Easy to Hide in the Housing Market, N.Y. TIMES (Apr. 30, 2018),; Lou Fancher, Why Home Ownership Has Kept Declining, EAST BAY EXPRESS (Nov. 12, 2019), (tracing all-cash buys of residential property by shell companies to the decline of home ownership and other economic problems facing millions of Americans in the aftermath of the housing crisis); Brian Mykulyn and Elora Raymond, When Landlords Hide Behind LLCs, Shelterforce (Aug. 23, 2022),; Fay Walker and Eleanor Noble, Ensuring Safe and Affordable Housing Stock Starts with Understanding Who Owns Rental Units, Urban Institute (Sept. 6, 2022),; Fara Stockman, American Real Estate Was a Money Launderer’s Dream. That’s Changing. N.Y. TIMES (Aug. 28, 2022), Similarly, on October 11, 2022, employees of the IMF discussed this issue on a panel titled “Unmasking Control: How Beneficial Ownership Transparency Can Help Counter the Abuse of Corporate Structures.” See Unmasking Control: A Guide to Beneficial Ownership Transparency (Oct. 7, 2022), Former CIR reporter Aaron Glantz began investigating this matter, particularly how ownership of American property could no longer be identified because of the exponential increase in shell company purchases.281 In 1991, individual investors owned 92 percent of all rental properties. See Bureau of the Census, Who Owns the Nation’s Rental Properties? 1 (1996), Since then, individual investor ownership has dropped markedly, to 71 percent, with corporate entities quintupling their share, from 3 percent to 16 percent. Compare id. to Bureau of the Census, Rental Housing Finance Survey (RHFS) 2018 National — Ownership and Management (Sept. 1, 2020), The trend is even more marked when individual property units are considered: Shell companies now own 18 million out of 48 million rental units, or nearly 40 percent of rental stock. That means that more than a third of renters may be unable to ascertain the true identities of their landlords. See also See Bureau of the Census, 2018 Rental Housing Finance Survey (Sept. 1, 2020),

A. The Lawsuit: Center for Investigative Reporting v. Department of the Treasury

In 2018, CIR reporter Aaron Glantz discovered that the U.S. Department of the Treasury had been monitoring the “use of shell companies” after noting that they threatened to gravely impact the American economy.282 FinCEN, FIN 2017-A003, Advisory to Financial Institutions and Real Estate Firms and Professionals (Aug. 22, 2017), As the department wrote that year, the use of LLCs and their “decrease[d] transparency” enables money laundering, corruption, and other financial crimes.283 Id. One specific office of the Treasury, the Financial Crimes Enforcement Network (FinCEN), established in 1990 to combat money laundering and other financial crimes, expanded its enforcement efforts to target LLCs that are used to purchase American property. More specifically, FinCEN, pursuant to the Bank Secrecy Act of 1970 (BSA),284 31 U.S.C. §§ 5311 et seq. an anti-money-laundering law, was tasked with the responsibility to collect names and other information about LLC owners from banks and other financial institutions. 

Glantz suspected that FinCEN had begun collecting information on the real beneficial owners of the LLCs, including their names, in an internal agency spreadsheet. He knew that FinCEN issues Geographic Targeting Orders (GTOs), forms that require financial institutions to report more detailed information about large transactions, including who owns the LLCs used to make that purchase,285 Id. and further suspected that FinCEN created a separate spreadsheet containing these names. On July 17, 2019, he submitted a FOIA request to FinCEN on behalf of CIR for the spreadsheet, specifying that the request was for records outside the BSA’s jurisdiction — it did not request GTOs. 

In July 2019, the Treasury Department denied the request, stating “FinCEN can neither confirm nor deny the existence of the materials that you seek” (also known as a Glomar response).286 Center for Investigative Reporting v. United States Dep’t of the Treasury, No. 19-cv-08181-JCS, 2021 U.S. Dist. LEXIS 13575 (N.D. Cal. Jan. 22, 2021)). The Glomar response is a term that originates from the CIA’s refusal to confirm or deny the existence of records in response to a FOIA request relating to the Hughes Glomar Explorer, a ship used in a classified [CIA] project in 1974 to “raise a sunken Soviet submarine from the floor of the Pacific Ocean to recover the missiles, codes, and communications for United States military and intelligence experts.” Roth v. U.S. Dep’t of Justice, 642 F.3d 1161, 1171 (D.C. Cir. 2011) (internal citation omitted). Usually, Glomar responses have been reserved for withholding national security and classified records. The denial stated that any records were collected under the Bank Secrecy Act, and that FinCEN was “prohibited by law.”287 Center for Investigative Reporting v. United States Dep’t of the Treasury, No. 19-cv-08181-JCS, 2021 U.S. Dist. LEXIS 13575, 11 (N.D. Cal. Jan. 22, 2021). Two months later, CIR administratively appealed the denial, but after FinCEN failed to respond CIR filed suit. 

In litigation, the Treasury finally admitted that it held a spreadsheet with 41,000 pages containing the names of beneficial owners, but asserted that the spreadsheet still was properly withheld under the Bank Secrecy Act, 31 U.S.C. § 5319 and the Freedom of Information Act Exemption 3.288 Id.

In its briefing, CIR argued that the records should be disclosed for two primary reasons. First, the Bank Secrecy Act does not “specifically exempt” the spreadsheet and so the Treasury had improperly stretched its reach.289 Dep’t of Air Force v. Rose, 425 U.S. 352, 361 (1976) (“Exemption 3 differs from other FOIA exemptions in that its applicability depends less on the detailed factual contents of specific documents; the sole issue [is] the inclusion of the withheld material within the statute’s coverage.”); see also Bloomer v. U.S. Department of Homeland Security, 870 F. Supp. 2d 358, 365 (D. Vt. 2012) (quoting Wilner v. NSA, 592 F.3d 60, 72 (2d Cir. 2009)). Second, CIR argued that the beneficial ownership is intrinsically public information, and so no foreseeable harm could occur from disclosure, in accordance with a separate requirement under FOIA.290 See Reporters Comm. for Freedom of the Press v. FBI, 15-cv-1392-RJL, 2020 WL 1324397, at *8 (D.D.C. Mar. 20, 2020); see also Spencer Woodman, A roundup of FinCEN Files reporting from North America. THE INTERNATIONAL CONSORTIUM OF INVESTIGATIVE JOURNALISTS (Sept. 29, 2020),  

Despite CIR’s efforts, the Court ruled in favor of the government, finding that the agency could withhold the records under the BSA and it further chose to ignore the foreseeable harm requirement. 

In California, state Assemblyman Mike Gipson (D-Carson) responded to CIR’s lawsuit and introduced a disclosure bill in 2021 to require the secretary of state to collect and publish beneficial ownership information in an online searchable database.291 See Assembly Bill 1199, Homes for Families and Corporate Monopoly Transparency Excise Tax, Cal. Legis. 2021-22 Regular Session,; D. Victoria Baranetsky, Op-Ed: You should have the right to know your landlord’s name, LOS ANGELES TIMES (Feb. 24, 2021), Assembly Bill 1199 required the creation of a searchable database that would disclose the identity of the beneficial owners and the number of properties they owned, and would be updated yearly.292 Id. The proposed bill stated that this database was lawful under the California State Constitution as it is necessary for “immediate preservation of the public peace, health, or safety.”293 Id.  

The bill did not pass, but legislators in California and other states are considering similar transparency bills.294 In 2023, CA’s legislature introduced a new bill SB-594 requiring disclosure of beneficial owners. See Chris Micheli, SB-594: Beneficial Owners. CA GLOBE (April 1, 2023),; see also Phila. Code § 9-3900 (requiring beneficial ownership disclosure when entities obtain new or renew existing property or commercial rental licenses); N.Y. Tax Law § 1409 (McKinney 2020) (requiring disclosure in tax filings); D.C. Code § 29-102.01 (requiring disclosure to the Department of Consumer and Regulatory Affairs for all newly formed domestic entities and all foreign entities doing business in D.C.); see also U.S. Government Accountability Office, Company Formations: Minimal Ownership Information Is Collected and Available (2006), (stating that Alaska, Connecticut, Kansas, Maine, and New Hampshire require some reporting of LLCs ownership interests). The State of New York passed legislation requiring LLCs to disclose beneficial owners in a mandatory tax form, but only if and when the LLC buys or sells real property.295 See Elizabeth Kim, New York State Law Seeks to Unmask Property Owners Behind LLCs. GOTHAMIST (Oct. 9, 2019), The form requires the LLC to identify its members, managers, and other authorized persons. At the municipal level, the District of Columbia passed legislation in 2018 that requires all LLCs to disclose their membership to the Department of Consumer and Regulatory Affairs.296 Alex DuFour, Jackson Siegal, & Cozen O’Connor, New D.C. Law Will Require Disclosure of Ownership of LLCs. JD SUPRA (Jan. 30, 2020), D.C. requires this disclosure for all LLCs, not just owners of residential units,297 D.C. Code Ann. § 29-102.01 (West). The District of Columbia Council passed the Real Estate LLC Transparency Amendment Act of 2018, which called for additional disclosure requirements for LLC filings. This act was incorporated into the Department of Consumer and Regulatory Affairs Omnibus Amendment Act of 2018, which effectuated in 2020. and makes the information publicly available, as it is subject to the Freedom of Information Act.298 Publicly Available Documents. DCRA. (last visited February 22, 2023).

Several members of Congress have also proposed laws requiring corporate transparency. One bill introduced in 2022, the Kleptocrat Liability for Excessive Property Transactions and Ownership Act (KLEPTO Act), requires disclosure of beneficial ownership information as well as the names of real estate professionals who facilitate such deals.299Kleptocrat Liability for Excessive Property Transactions and Ownership Act (“KLEPTO Act”), S.4075, 117th Cong. (2022), 

Multiple experts have also urged Congress to specifically create beneficial ownership information (BOI) registries. In August 2022, Professor Matthew Desmond of Princeton University advised the Senate Banking Committee “to make beneficial owner information … publicly available,” specifically citing CIR’s research.300 Testimony of Matthew Desmond before the U.S Senate Committee on Banking, Housing, and Urban Affairs. Aug. 2, 2022, Similarly, in a hearing before the House Financial Services Committee in June 2022, Assistant Professor Elora Raymond of Georgia Tech advised that such registries would be a “useful policy response” to the secrecy created by “corporate vehicles.”301 Testimony of Elora Raymond before the U.S. House Committee on Financial Services, Subcommittee on Oversight and Investigations. June 28, 2022, At the same hearing, Jim Baker, executive director of the Private Equity Stakeholder Project, supported legislation that would “require corporate landlords to disclose beneficial ownership through landlord registries.”302 Testimony of Jim Baker before the U.S. House Committee on Financial Services, Subcommittee on Oversight and Investigations. June 28, 2022,

While Congress has made some efforts by passing the Corporate Transparency Act (CTA) in 2021,303 Jay Adkisson, Congress Passes Corporate Transparency Act To Require Beneficial Ownership Filings For LLCs And Corporations. FORBES (Jan. 26, 2021), a well-intentioned statute, it simply does not go far enough. The CTA requires a database of beneficial ownership information be accessible to law enforcement and banks in order to thwart “terrorist financing, money laundering, and organized crime.”304 Press Release, Rep. Carolyn B Maloney’s office, Maloney Cracks Down on Money Laundering with Corporate Transparency Act (Dec. 11, 2020), This non-public, restricted-use database contains a series of problems. First, the CTA contains a bundle of 24 carve-outs,305 Jim Richards & Ross Delston, The Corporate Transparency Act is a gift to would-be money launderers. AMERICAN BANKER (Feb. 11, 2022), including those for “money transmitters (including crypto exchanges)” and “charitable organizations that happen to lobby Congress.”306 Id. Large and public companies, including those with more than 20 employees that operate in the United States, are also exempt.307 Id. Astonishingly, the information submitted to the database will also be “unverified and unverifiable,” since the CTA fails to require FinCEN or “register companies to conduct any sort of due diligence.”308 Id. Finally, any financial institution wishing to access the register must obtain the consent of its customer,309 Id. which presents a strong deterrence to gathering information before alerting law enforcement.310 Casey Michel, How to Stop Kleptocrats Stashing Their Cash in America. THE NEW REPUBLIC (Sept. 18, 2019), 

This type of opacity is also completely out of step with international standards. Indeed, the United States is a “global laggard” when it comes to BOI transparency internally, per the Treasury Department’s recent characterization.311 U.S. Treasury Department, National Strategy for Combating Terrorist and Other Illicit Financing. (May 2022), More than 50 nations require disclosure of beneficial ownership information of shell companies. Countries like the United Kingdom and Sweden even require that this information be included in publicly accessible databases.312 A new book shows how Britain came to welcome dirty money. THE ECONOMIST (Mar. 12, 2022), (book review). These countries have found that transparency can help prevent tax evasion and keeping public registries of names deters money laundering.

While a new legislative initiative in the United States would be a victory, the most recent Supreme Court opinions in Becerra and Bonta present an even more sweeping legal concern to transparency and accountability. These recent rulings seriously impede the future ability of states to pass important transparency laws in a wide variety of contexts, preferring corporate interests over public interests in information concerning topics ranging from public health to anti-corruption policies. 

Preventing such transparency laws from passage would be a grave disservice to Americans, particularly where there is intense public and government interest in disclosure, such as in the case with beneficial owner information.313 See, e.g., Ben Casselman & Connor Dougherty, Want a House Like This? Prepare for a Bidding War with Investors, N.Y. TIMES (June 20, 2019),, stating that anonymous real estate purchases have a powerful ripple effect on economy, housing, and homelessness; Lou Fancher, Why Home Ownership Has Kept Declining, EAST BAY EXPRESS (Nov. 12, 2019), tracing purchases by shell companies to economic problems; Aaron Glantz, ‘Homewreckers,’ a new book from Reveal reporter Aaron Glantz, REVEAL NEWS (Oct. 19, 2019), (book review). Without Congress and the courts requiring the public release of this vital information,314 On August 22, 2022, CIR sent a letter to members of the Congressional banking committee to advocate for such changes. Letter on file with author. various aspects of our lives will be shielded from public view. Access to information would preserve the basic principle that the public should be informed about the world they live in and the choices they face in the real world that impact their health, safety, shelter, and financial decision-making.



In summation, over the last few years there has been a rise in corporate secrecy that has stymied access to information important to the public good. Traditionally, the fourth estate has been concerned about government withholding information, but in recent years the private sector has grown to be a threat to journalism by withholding data. 

In the five spheres listed above, reporters are consistently prevented from getting the truth. This is especially the case when companies take over public functions. While all reporters must concede that complete access to information is not always possible or even advisable, they require more access than is available to them today. Access can expose mistakes, even out power imbalances, and enhance democracy. Access also promotes public reason by creating an informed citizenry. It may often stop corruption entirely, and encourage self-regulation and discipline. But perhaps more importantly, access to public information promotes accountability and makes for a responsive actor rather than a complacent one. Today, more than ever, an engaged electorate is necessary.

Victoria Baranetsky

About the Tow Center

The Tow Center for Digital Journalism at Columbia's Graduate School of Journalism, a partner of CJR, is a research center exploring the ways in which technology is changing journalism, its practice and its consumption — as we seek new ways to judge the reliability, standards, and credibility of information online.

View other Tow articles »

Visit Tow Center website »