Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Wednesday April 01 2020, @08:31AM   Printer-friendly
from the legislation-inspired-by-a-fictional-movie dept.

Court: Violating a site's terms of service isn't criminal hacking

A federal court in Washington, DC, has ruled that violating a website's terms of service isn't a crime under the Computer Fraud and Abuse Act[*], America's primary anti-hacking law. The lawsuit was initiated by a group of academics and journalists with the support of the American Civil Liberties Union.

[...] rather than addressing that constitutional issue, Judge John Bates ruled on Friday that the plaintiffs' proposed research wouldn't violate the CFAA's criminal provisions at all. Someone violates the CFAA when they bypass an access restriction like a password. But someone who logs into a website with a valid password doesn't become a hacker simply by doing something prohibited by a website's terms of service, the judge concluded.

"Criminalizing terms-of-service violations risks turning each website into its own criminal jurisdiction and each webmaster into his own legislature," Bates wrote.

[...] This isn't the first time a court has held that violating a website's terms of use is not a criminal hacking offense. In 2009, a California federal judge rejected a CFAA prosecution against Lori Drew, a woman who contributed to a MySpace hoax that led to the suicide of 13-year-old Megan Meier. Prosecutors had argued that Drew violated MySpace's terms of service.

In 2014, the Ninth Circuit Court of Appeals—which includes California—rejected another CFAA prosecution based on a terms-of-service violation. In that case, an employee had used a valid password to access confidential information, which the employee then used in ways that violated the employer's policies.

A 2015 ruling by the Second Circuit Court of Appeals interpreted the CFAA in a similar way. It overturned the conviction of a cop who had used a police database to look up information about women he knew personally. While his creepy behavior violated police department policies, the court held, that didn't make it a violation of the anti-hacking law.

"The government's construction of the statute would expand its scope far beyond computer hacking to criminalize any unauthorized use of information obtained from a computer," the appeals court concluded.

From the Wikipedia article on the Computer Fraud and Abuse Act, I would observe . . .

The original 1984 bill was enacted in response to concern that computer-related crimes might go unpunished.[2] The House Committee Report to the original computer crime bill characterized the 1983 techno-thriller film WarGames—in which a young teenager (played by Matthew Broderick) from Seattle breaks into a U.S. military supercomputer programmed to predict possible outcomes of nuclear war and unwittingly almost starts World War III—as "a realistic representation of the automatic dialing and access capabilities of the personal computer."[3]

The CFAA was written to extend existing tort law to intangible property, while, in theory, limiting federal jurisdiction to cases "with a compelling federal interest-i.e., where computers of the federal government or certain financial institutions are involved or where the crime itself is interstate in nature.", but its broad definitions have spilled over into contract law. (see "Protected Computer", below). In addition to amending a number of the provisions in the original section 1030, the CFAA also criminalized additional computer-related acts.

[*] Computer Fraud and Abuse Act.

It's a good thing the courts protect us from ever expanding legislation created out of fear from watching a movie.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Wednesday April 01 2020, @03:11PM (1 child)

    by Anonymous Coward on Wednesday April 01 2020, @03:11PM (#978049)

    What if you typed a random URL that takes you to a page bypassing the password logon?

  • (Score: 2) by Runaway1956 on Wednesday April 01 2020, @03:21PM

    by Runaway1956 (2926) Subscriber Badge on Wednesday April 01 2020, @03:21PM (#978054) Journal

    That's how I log in here! I forgot my password long ago, so I go to the backdoor, knock a short code, and the bots open the door to let me in. At that point, I announce that I'm Runaway1956, and Exec whistles and beeps agreement, Starwars style, and I'm logged in.

    Just don't tell TMB, or he's likely to lock the backdoor.