In the on-going sound battle between craigslist and 3taps , a new courtopinionmakes clear that people are “ authorized ” under theComputer Fraud and Abuse Act(CFAA ) to get at a public site . But what the court throw with one hand it took with the other , as it also rein that sending a cease - and - desist letter and blocking an IP computer address is enough to “ reverse ” this authorization .
3taps collects tangible - estate of the realm data from craigslist and makes it available to other company to habituate . One of those troupe , Padmapper , republished craigslist flat poster over a map to enable substance abuser to take in apartment listings geographically , a feature then unavailable on the craigslist web site . Craigslist ’s terms of serve prohibits masses from “ junk ” or replicate datum from craigslist ’s site .
After learning about 3Taps and its client , craigslist send 3taps a cease - and - desist varsity letter demanding they stop using craigslist data this way and then blocked 3taps ’ IP address from accessing the craigslist web site . at long last , craigslist sued 3taps in federal court , arguing that 3taps had break the CFAA . 3taps move to drop the grammatical case , argue that under the Ninth Circuit Court of Appeals determination inUnited States v. Nosal , 3taps could not be apt under the CFAA for violating craigslist ’s terms of service .
While the court agreed with 3taps on this decimal point , it question whether the CFAA even protected information available on a publicly accessible website like craigslist in the first stead . After the court agreed to accept additional briefing on this tip , we along with a turn of constabulary prof , filedanamicus briefwith the Margaret Court urging it to rule that everyone is “ empower ” to claver a public internet site under the CFAA .
Last week , the tribunal ruled that this interpretation of the CFAA “ makes sense , ” intend that everyone starts out as “ authorized ” to get at a publicly accessible site . But it found that , with respect to 3taps , craigslist had used its “ mogul to annul , on a case - by - case basis , the universal permit it granted to the public to reach the info on its website ” by sending the cease and abstain letter and block off 3taps ’ IP address . The determination is certainly a miscellaneous bag .
First the positive .
It is encouraging to see tribunal accredit that the CFAA — which make both civic and felonious liability — doesn’t criminalize accessing information from a in public accessible website . The government activity used that precise theory to prosecuteAndrew “ Weev ” Auernheimerfor exposing an AT&T security defect that publically revealed one thousand of customers ’ email addresses . The possibility of imposing CFAA financial obligation on someone from using selective information made freely available on the web posed a major threat on the openness and conception of the Internet .
Moreover , by focus on the IP block , the court of law essentially agreed with the basic principle we’vesuggestedas a agency to determine the reaching of the CFAA : that there must be circumvention of a technological roadblock before a person can be found to have “ access ” information or data “ without authorisation . ” In fact one marriage offer to reform the CFAA currently before Congress , “ Aaron ’s Law , ” defines “ access without dominance ” to entail precisely that : “ knowingly sidestep one or more technological or physical measures that are designed to boot out or prevent unauthorized individuals from obtaining that information . ” The royal court take on this theme in principle when it discover that craigslist ’s CFAA claim was base on something more than violating the terms of table service of a in public approachable web site , and indeed something more than the cease and desist letter alone .
Now for the troubling part of the court ’s notion .
We trust that the CFAA requires hack — doing something that breaches a technological barrier , like cracking a word or read reward of a SQL injection .
exchange your information science address is simply not hack . That ’s because mask your IP savoir-faire is an easy , uncouth thing to do . And there ’s plenty oflegitimatereasons to do so , whether its to protect your privacy , uphold founding oravoidprice discrimination . Plus , in the context of this case , craigslist ’s IP name and address blocking and cease - and - desist letter blend to fundamentally act as as a “ use ” limitation . In other word , craigslist rely on these two things to enforce its terms of service upon 3taps .
There ’s a serious potential for devilment that is further by this decision , as ship’s company could willy-nilly decide whose authority to “ reverse ” and need only write a letter of the alphabet and block an IP address to evoke the power of a felony felonious statute in what is , at good , a civil business dispute .
Hopefully future court of law thinking about these event can use the serious view of this decision to recognise that ravish a technical measure is necessary . But they need to cogitate more critically about whether IP address block , even if twin with a cease and desist letter , is enough for a CFAA violation .
Accessing a public website is n’t a offence . Neither is hiding your online identity .
Reproducedfrom Electronic Frontier Foundationunder Creative Commons license . Image : by alexskopje / Shutterstock
SHUTTERSTOCK
Daily Newsletter
Get the best tech , science , and finish news in your inbox day by day .
News from the future , delivered to your present .
Please select your trust newssheet and submit your email to upgrade your inbox .
You May Also Like
