FPF demands appellate court lift secrecy in reporter’s privilege case
FOR IMMEDIATE RELEASE:
The federal appellate court for the D.C. Circuit recently affirmed a ruling requiring investigative journalist Catherine Herridge to disclose the sources for her reporting on scientist Yangping Chen’s alleged ties to the Chinese military while an online college Chen founded received federal funds.
The court got it wrong by holding Herridge in contempt for not burning her sources, and Herridge is rightly seeking a rehearing. Worse yet, the misguided ruling was informed by documents about the FBI’s investigation of Chen that were filed under seal, even though the investigation is over and the documents aren’t classified. The appellate court even held a portion of its hearing to decide whether to order Herridge to testify in closed court.
Freedom of the Press Foundation (FPF), represented by Schaerr | Jaffe LLP, filed a motion to intervene and unseal the documents and hearing transcript yesterday.
The following statement can be attributed to Seth Stern, director of advocacy for FPF.“Journalist-source confidentiality is about safeguarding the public’s right to be informed. Its fate should not be decided in secret hearings about secret documents. Americans deserve to know whether the damages Chen claims to have suffered were because of alleged leaks to Herridge or because of the outcome of the government investigation she reported on. If the latter, it raises the question of whether the court is ordering Herridge to out her sources to aid Chen in pursuing a baseless lawsuit. Surely the bar for compelled disclosure of journalistic sources must be higher than that.“Opponents of the reporter’s privilege often dream up convoluted hypothetical scenarios to call it a national security risk. But here we see someone suspected of ties to a foreign military able to use the courts to try to find out who in the government U.S. reporters are talking to and the content of those conversations. It goes to show that the real national security risk is the lack of a statutory privilege, which allows courts to issue misguided rulings. Congress should step up and reintroduce and pass the PRESS Act.”
H. Christopher Bartolomucci, a partner at Schaerr | Jaffe, added:“Public access and government accountability are fundamental to the rule of law, and the notion of ‘secret law’ is anathema to our system of justice. By denying the public access to important judicial records in this case, the court is keeping members of the public from judging for themselves the strength or weakness of the court’s reasoning.”
You can read FPF’s motion here.
Please contact us if you would like further comment.
freedom.press/issues/fpf-deman…
Is the GDPR “Reform” Rolling Out a Welcome Carpet for Cyber Scammers?A Sneak Peek into Cyber Threat:
“EU Tax Notice: Our records show you owe an outstanding balance. Failure to clear this amount immediately will result in legal action. Your case is being prepared for submission to the Court of Law.” – because you were in some database as an entrepreneur.
“This is an urgent official alert! We have found irregularities in your residency or identification documents. You must pay the penalty fee today to avoid deportation or further action against your family.” – because your immigration status was registered somewhere.
“This is <ABC bank>’s security team. We have detected a suspicious withdrawal attempt on your account. To stop your funds from being frozen, please verify your card details and security code immediately.” –because payment information was kept after purchase completion.
These scripts are examples of the increasingly advanced methods cyber scammers use in the EU.
Cyber scams in the EU are becoming more advanced. Using an emergency, authoritative identities, and extremely dire consequences – A tailor-made situation for people to panic and fall victim to the tricks of cyber scammers. Scammers use stolen personal data to craft these digital traps, making them appear convincing. These scams are designed to push individuals to respond quickly, share sensitive details, or transfer money. As digital systems grow and more information moves across platforms, it is becoming harder to distinguish a genuine alert from a carefully crafted scam.
But there is more to dig into and understand about the cyber threats the world faces at the cusp of the digital revolution.
Whenever the words cyber and threat appear in the same sentence, the general perception is of digital scams/frauds (like the few mentioned earlier) that have a financial impact. Cyber crimes encompass a broader range of dangerous activities beyond money theft. It includes data theft for malicious and anti-social activities, ransomware, supply-chain attacks, and many more similar activities.
A cyber threat is any potential malicious act that seeks to damage, disrupt, or gain access to a computer system, network, or digital data by violating the security protocols.
It is a broad term that covers any vulnerability, attack, or activity that poses a risk to digital information and infrastructure.
Key Components of A Cyber ThreatComponentDefinitionExamplesConfidentialityStealing or disclosing sensitive information to unauthorized parties.Data breaches, corporate espionage.IntegrityIllegitimately altering or destroying data, making it unreliable or unusable.Tampering with financial records, modifying system files.AvailabilityPreventing legitimate users from accessing systems or data when needed.Denial-of-Service (DoS) attacks, ransomware.
Recent Examples
In September 2025, a ransomware attack on Collins Aerospace’s MUSE check-in system collapsed operations at several major European airports (including hubs in Brussels, Berlin, London Heathrow, and Dublin. Thousands of travelers were stranded at airports. Airport authorities resorted to manual checks, leading to widespread delays, cancellations, and chaos.
In August 2025, a cyberattack targeted Miljödata, an IT service provider in Sweden used by approximately 80% of Swedish municipal administrations. This attack disrupted essential services across over 200 municipalities by denying access to sensitive administrative data. The attackers demanded a ransom of approximately 146,000 euros to prevent the data leak.
According to the EU’s judicial cooperation agency (Eurojust), cybercrime remains among the top five crime categories handled across member states. In 2024 alone, the number of cybercrime cases in comparison to the previous year increased by 25%.
These handful of examples explain the far-reaching and devastating impact cybercrime can have on individual users, administrative bodies, businesses, and nations. The underlying point is that cyber scams are about more than just money theft.
These incidents prove that the actual cost of cybercrime is the erosion of public trust and security. When breaches enable identity theft and profiling, attacks on critical infrastructure and vulnerable supply chains become rampant. This systemic failure and the escalating threat environment must serve as a point of reference for any change to be incorporated into the laws pertaining to the digital space and data security.
Considering this broader picture, the digital reforms now underway under the ‘Digital Omnibus’ that aim to rework existing GDPR frameworks raise serious questions. Granting greater access to user data now opens a new Pandora’s box.
Digital rights advocates like the European Pirates andEDRI warn that the reforms proposed in the Digital Omnibus package are primarily a rollback of the GDPR rules that have so far kept data secure. Citizens must understand the risks involved.
What Could GDPR Rollback Mean?
In the context of an expanding net of cyber threats across the EU, the proposed GDPR reforms could mean easier access to data, with fewer implications for data leaks and a greater risk of misuse.
More data access, less control: If companies are allowed easier access to personal data, or if consent/logging requirements are relaxed, more individuals’ information could become available, giving scammers richer material for phishing, identity theft, or social engineering.
Lower accountability and weaker security hygiene: With less onus on companies (small to mid-cap) to document data processing or adopt rigorous security measures, data is more prone to exploitation. Poor security practices can lead to breaches and the leaking of personal or financial data, which criminals can then exploit.
Ease for supply-chain or infrastructure attacks: As the 2025 airport ransomware case shows, malware or ransomware attacks often exploit systemic dependencies. Therefore, it’s not only about individual banking or shopping fraud. If data protection and regulation are weakened, the “attack surface” for system-wide harm increases.
Increased profitability and scale for cybercriminal operations: With abundant data and lax oversight, fraudsters can run more convincing scams on a larger scale, boosting their success rates and returns.
Conclusion: Data Protection Is A Matter Of Security
The Digital Omnibus debate often emphasizes convenience, competitiveness, and lighter regulation for businesses. But data protection laws like GDPR have always served a dual purpose: protecting privacy and defending citizens from cyber threats. Weakening them may reduce compliance burdens for some companies today. But in the long run, it could also open the door to more scams, data theft, and large-scale cyber disruption.
If Europe values both individual rights and collective security, then scrapping or diluting these protections deserves scrutiny.
europeanpirates.eu/is-the-gdpr…
