Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Wednesday April 01 2020, @08:31AM   Printer-friendly
from the legislation-inspired-by-a-fictional-movie dept.

Court: Violating a site's terms of service isn't criminal hacking

A federal court in Washington, DC, has ruled that violating a website's terms of service isn't a crime under the Computer Fraud and Abuse Act[*], America's primary anti-hacking law. The lawsuit was initiated by a group of academics and journalists with the support of the American Civil Liberties Union.

[...] rather than addressing that constitutional issue, Judge John Bates ruled on Friday that the plaintiffs' proposed research wouldn't violate the CFAA's criminal provisions at all. Someone violates the CFAA when they bypass an access restriction like a password. But someone who logs into a website with a valid password doesn't become a hacker simply by doing something prohibited by a website's terms of service, the judge concluded.

"Criminalizing terms-of-service violations risks turning each website into its own criminal jurisdiction and each webmaster into his own legislature," Bates wrote.

[...] This isn't the first time a court has held that violating a website's terms of use is not a criminal hacking offense. In 2009, a California federal judge rejected a CFAA prosecution against Lori Drew, a woman who contributed to a MySpace hoax that led to the suicide of 13-year-old Megan Meier. Prosecutors had argued that Drew violated MySpace's terms of service.

In 2014, the Ninth Circuit Court of Appeals—which includes California—rejected another CFAA prosecution based on a terms-of-service violation. In that case, an employee had used a valid password to access confidential information, which the employee then used in ways that violated the employer's policies.

A 2015 ruling by the Second Circuit Court of Appeals interpreted the CFAA in a similar way. It overturned the conviction of a cop who had used a police database to look up information about women he knew personally. While his creepy behavior violated police department policies, the court held, that didn't make it a violation of the anti-hacking law.

"The government's construction of the statute would expand its scope far beyond computer hacking to criminalize any unauthorized use of information obtained from a computer," the appeals court concluded.

From the Wikipedia article on the Computer Fraud and Abuse Act, I would observe . . .

The original 1984 bill was enacted in response to concern that computer-related crimes might go unpunished.[2] The House Committee Report to the original computer crime bill characterized the 1983 techno-thriller film WarGames—in which a young teenager (played by Matthew Broderick) from Seattle breaks into a U.S. military supercomputer programmed to predict possible outcomes of nuclear war and unwittingly almost starts World War III—as "a realistic representation of the automatic dialing and access capabilities of the personal computer."[3]

The CFAA was written to extend existing tort law to intangible property, while, in theory, limiting federal jurisdiction to cases "with a compelling federal interest-i.e., where computers of the federal government or certain financial institutions are involved or where the crime itself is interstate in nature.", but its broad definitions have spilled over into contract law. (see "Protected Computer", below). In addition to amending a number of the provisions in the original section 1030, the CFAA also criminalized additional computer-related acts.

[*] Computer Fraud and Abuse Act.

It's a good thing the courts protect us from ever expanding legislation created out of fear from watching a movie.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by Jay on Wednesday April 01 2020, @07:02PM (1 child)

    by Jay (8679) on Wednesday April 01 2020, @07:02PM (#978127)

    It's abundantly clear that TOS are not a contract, and there's nothing contractual about the arrangement between the parties. TOS are polite requests at best.

    First, for there to be a contractual relationship between two parties, both need to be aware of the terms, and both must agree to them. (By reading this sentence crafoo agrees to the terms and conditions laid out on this paper on my desk.) If a contract changes, both need to be aware of the changes and agree to them.

    You can't win a criminal nor civil case if someone did something you didn't like. "Dave walked on my lawn the other day." doesn't get you anywhere. You need to show damages. So any website where their TOS were violated, if it came to a trial, would be demonstrating how the defendant's actions caused them harm. They wouldn't talk about the TOS, because those aren't in any way legally binding.

    When someone is putting up stupid shit on their website between me and what I'm going there to look at, I generally just toggle off JS and there's the content. Sometimes I make a quick uBlock Origin filter. Sometimes it's an ad, sometimes it's "sign up for this newsletter", sometimes it's a baffling attempt to steer me to something I didn't come there for, and sometimes it's to make me aware of their TOS. Doesn't matter, I banish it, and go read what I want to read.

    If that ever went to court, the questions would be, 1) Prove that those were the terms that you presented to me. 2) Prove that I saw them and agreed to them.

    That's the sort of case that gets laughed out of a courtroom. "Your honor, I swear he agreed to those exact terms. I can just feel it in my bones!"

  • (Score: 2) by crafoo on Saturday April 04 2020, @04:35PM

    by crafoo (6639) on Saturday April 04 2020, @04:35PM (#979058)

    Well, unfortunately they have not been laughed out of court, they have generally been upheld by the courts.