Stories
Slash Boxes
Comments

SoylentNews is people

Ninth Circuit Doubles Down: Violating a Website’s Terms of Service Is Not a Crime

posted by Fnord666 on Thursday January 11 2018, @08:38PM   Printer-friendly
from the clarifying-things dept.

"MrPlow" writes:

Submitted via IRC for FatPhil

Good news out of the Ninth Circuit: the federal court of appeals heeded EFF's advice and rejected an attempt by Oracle to hold a company criminally liable for accessing Oracle's website in a manner it didn't like. The court ruled back in 2012 that merely violating a website's terms of use is not a crime under the federal computer crime statute, the Computer Fraud and Abuse Act. But some companies, like Oracle, turned to state computer crime statutes—in this case, California and Nevada—to enforce their computer use preferences.

This decision shores up the good precedent from 2012 and makes clear—if it wasn't clear already—that violating a corporate computer use policy is not a crime.

Source: https://www.eff.org/deeplinks/2018/01/ninth-circuit-doubles-down-violating-websites-terms-service-not-crime

Original Submission

 
This discussion has been archived. No new comments can be posted.
Ninth Circuit Doubles Down: Violating a Website’s Terms of Service Is Not a Crime | Log In/Create an Account | Top | 46 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by Justin Case on Thursday January 11 2018, @09:09PM (4 children)

    by Justin Case (4239) on Thursday January 11 2018, @09:09PM (#621086) Journal

    Read TFA. Didn't read all the linked legalese.

    But it seems to me if I put some info on my web site, and I don't want $JOE to get it, then when $JOE comes asking, my web server shouldn't give it to him. If I configure my web server to allow all requests, then I've consented to $JOE's request.

    They can apparently distinguish the requests they don't like, otherwise how would they know they are occurring? So don't respond to the unwanted requests.

    Is the court saying you must treat all clients equally? Or merely that you can't use the courts to do things you neglected to do in your web server config?

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 4, Informative) by frojack on Thursday January 11 2018, @09:44PM

    by frojack (1554) on Thursday January 11 2018, @09:44PM (#621115) Journal

    Is the court saying you must treat all clients equally? Or merely that you can't use the courts to do things you neglected to do in your web server config?

    I think its the latter. The courts do not concern themselves with trivialities. De Minimis Non Curat Lex [duhaime.org] and are not about to get involved with evaluating 7 billion versions of terms of service and alleged violations there of.

    Its not law, its not even contract law, its just wishful thinking of websites.

    This was never an issue until ad-blockers became a thing. (Yes people got turfed for bad behavior on some sites, but nobody won that court case either. And the court now said the sites aren't going to win when going after their patrons.

    But bear in mind, that this is the 9th. And the with a 79% reversal rate, there's no reason to believe this will stand. Big business depends on the ability to enforce some rules on their sites and some transgressions by users approach injury to revenue. So expect an appeal. The ruling is probably too broad and Oracle has the money and lawyers to burn.

    --
    No, you are mistaken. I've always had this sig.

  • (Score: 2) by jelizondo on Thursday January 11 2018, @09:46PM (2 children)

    by jelizondo (653) Subscriber Badge on Thursday January 11 2018, @09:46PM (#621118) Journal

    After reading the legalese, the answer is bit more subtle: using a website or its contents contrary to the Terms of Use does not constitute criminal activity while it might be grounds for civil action.

    The crux of the matter rests on the law being considered (expressly California and Nevada) which make it a crime to access computers (i.e. a website) without authorization, but since you agreed to the Terms of Use, you were therefore authorized and therefore committed no crime; of course the computer owner may sue you for damages, copyright infringement or take other actions against you.

    In this particular case, the website was being accessed by the defendant using a valid customer ID, so clearly it was authorized to use the website.

    • (Score: 4, Informative) by frojack on Thursday January 11 2018, @10:03PM (1 child)

      by frojack (1554) on Thursday January 11 2018, @10:03PM (#621127) Journal

      In this particular case, the website was being accessed by the defendant using a valid customer ID, so clearly it was authorized to use the website.

      Exactly.

      They had valid access.

      They broke house rules. So kick them off, and the matter is finished, there is no recourse to the courts for this.

      The panel reversed the district court’s judgment after
      trial with respect to Oracle’s claims under the California
      Comprehensive Data Access and Fraud Act, the Nevada
      Computer Crimes Law, and California’s Unfair Competition
      Law. The panel held that taking data from a website, using
      a method prohibited by the applicable terms of use, when the
      taking itself generally is permitted, does not violate the
      CDAFA or the NCCL.

      Now Oracle still won a copyright terms violation portion, but the
      penalties were tossed out.

      The panel affirmed the district court’s partial summary
      judgment and partial judgment after trial on Oracle’s claims
      that Rimini infringed its copyright by copying under the
      license of one customer for work performed for other
      existing customers or for unknown or future customers,
      rather than restricting such copying to work for that
      particular customer. The panel concluded that Rimini’s
      activities were not permissible under the terms of the
      licenses Oracle granted to its customers.

      So Rimini must copy software EACH time it provides an approved Oracle patch
      to a licensed Oracle customer, and it can't cache the patches for use on multiple
      licensed customers. (or at least pretend to do so).

      --
      No, you are mistaken. I've always had this sig.

      • (Score: 4, Interesting) by stormreaver on Thursday January 11 2018, @10:17PM

        by stormreaver (5101) on Thursday January 11 2018, @10:17PM (#621140)

        So Rimini must copy software EACH time it provides an approved Oracle patch
        to a licensed Oracle customer, and it can't cache the patches for use on multiple
        licensed customers. (or at least pretend to do so).

        That's one of many reasons my company dropped Oracle and moved to PostgreSQL, which I had been using for many year prior to that. I had actually snuck it into production when nobody was looking, and no one noticed a thing. Then, years later, Management audited our software license usage, which was when I told them about PostgreSQL. Several years after that, Oracle pulled one too many evil stunts, and we booted the whole lot of them.

        It's been database nirvana ever since.