A recent federal court order barring contacts between dozens of senior federal officials and social media companies on matters related to protected speech could chill efforts underway to forge public-private information sharing initiatives on cybersecurity threats, security experts told Nextgov/FCW.
A federal judge in Louisiana issued an injunction on Tuesday in response to a lawsuit from two Republican state attorneys general that restricts the Cybersecurity and Infrastructure Security Agency — along with its director, Jen Easterly — from working with or asking companies like YouTube and Facebook about content on their platforms considered protected by the First Amendment.
The injunction also names officials at the White House, the FBI, the Justice Department, the Centers for Disease Control and Prevention and more, and additionally restricts those federal entities from working with academic research groups like the Stanford Internet Observatory and the Election Integrity Partnership.
The ruling does provide some exceptions: It allows CISA to contact platforms about criminal efforts to suppress voting and national security risks, like threats to public safety and election security. But the injunction also leaves many unanswered questions about the future of public-private collaboration on key issues, according to Chris Hauk, consumer privacy champion at the security firm Pixel Privacy.
“In the case of national security threats or criminal activity, these types of communications are usually black and white, with few gray areas,” Hauk told Nextgov/FCW. “However, other subjects, such as voter suppression, have many more gray areas.”
“Social networks will now bear much of the decision process when it comes to post moderation, as they will no longer be able to play the ‘government told me to do it’ card,” Hauk said.
The lawsuit alleges that federal entities have encouraged social media platforms to remove conservative-leaning posts and suppress content about the COVID-19 pandemic that did not comport with government guidance. Federal agencies and companies like Meta have pushed back on those claims and said their collaborative efforts largely focus on combating dis- and misinformation.
“Securing elections is a nonpartisan activity,” Easterly said at an event in 2022, while describing online influence operations targeting U.S. elections as a “significant concern.”
“We don’t work with platforms on what they do around content, that is entirely their decision,” she added.
The implications of a final ruling in the case currently underway in Lousiana’s Western District could go far beyond First Amendment-protected posts on social media sites, experts said.
“We have begun to hear major concerns across the industry that the injunction will lead to less information and greater hesitancy to work with the IT sector in general,” said Ari Schwartz, a former White House official and coordinator of the Cybersecurity Coalition.
It remains unclear whether the decision will prevent CISA from proceeding with any of its ongoing public-private partnerships or communications with companies and social media platforms. Some security experts said the injunction should not prevent the nation’s cyber defense agency from continuing to interact with any public or private organizations to improve their resilience against cyber threats.
Still, the ruling could create an environment that hinders information-sharing efforts between the public and private sectors around cybersecurity, according to Roger Grimes, data-drive defense expert at KnowBe4. “The injunction itself might result in too much caution, erring on the side of potentially getting in the way of the free sharing of information that could be used by potential victims to better protect themselves,” Grimes told Nextgov/FCW.
Lawmakers have already warned that online misinformation and other cyber threats could impact the 2024 elections at an unprecedented rate. In previous election cycles, government agencies worked with platforms to identify the spread of misinformation, and to assist in combating disinformation campaigns.
With social media companies left to their own devices, users could see a very different response to misleading, controversial or downright factually incorrect content, Paul Bischoff, consumer privacy advocate at Comparitech, told Nextgov/FCW.
“Social media companies will still try to moderate content on their own, but might have less awareness and information to work with,” Bischoff said.
CISA declined to comment for this story.