Users of the website have to first accept the terms before being able to access the site. The problem is that it requires users to agree to the copyright clause, which previously forbade users from copying, reproducing, republishing, posting, retransmitting or distributing information found on the site without permission.
David Loy, legal director at the nonprofit First Amendment Coalition, said as a public agency, any records Palomar Health produces, such as meeting minutes and agendas, are public records and not subject to copyright.
Palomar has since updated its copyright clause to say that information presented on the site is considered public domain unless otherwise indicated and may be distributed or copied as permitted by law.
"I appreciate that the district has clarified that public records belong to the public and cannot be limited based on claims of copyright," Loy said. "The public health district itself should not be claiming copyright in public records that it generates for the public's benefit."
Loy previously told KPBS that the old copyright clause could pose a Brown Act violation for the district. The Brown Act requires public agencies to distribute and make meeting announcements and agendas freely accessible to the public.
In a statement to KPBS, Palomar said asking users to agree to the usage terms is routine for any public agency.
"The only difference here is Palomar has chosen to be very upfront and clear with its user terms — instead of burying it in 8-point font at the bottom of a page," the statement said. "The legal effect on Palomar’s users is no different than with their use of any other government website."
Loy said he appreciates the transparency and that it's "certainly always better to be more transparent than not about terms of service." He said public agencies should bear in mind that they are serving the public and the terms of service should reflect that.
In addition, Palomar Health said asking the public to accept the terms before accessing the site helps protect the agency from distributed denial of service attacks, otherwise known as DDoS attacks. That’s when hackers launch a large amount of traffic against a site, crashing the server.
Nikolas Behar, a cybersecurity professor at the University of San Diego, said having a pop-up could help DDoS attacks if there is a firewall between the pop-up and the server. In analyzing the website, he said there was no such firewall on Palomar Health's website.
“It looks like this pop-up is being loaded from the same web server as the website," Behar said. "And when the pop-up actually comes up, there's still components of the website that are loading behind the pop-up. So, it doesn't do a lot to try to prevent a distributed denial of service attack."
Palomar said it implemented the pop-up to benefit its patients and the district.