CFAA

This week’s internal report by MIT on its handling of the Aaron Swartz case may be an appropriate time to note that the sound and fury over the Computer Fraud and Abuse Act (the “CFAA”) is not limited to its use in criminal cases like the Swartz prosecution. The controversy extends to the use of this law in civil cases as well.*

*The CFAA may be used as either a civil or a criminal law. However, the words of the statute must mean the same thing in each context. As the court noted in the case discussed in this post, “it is not possible to define authorization narrowly for some CFAA violations and broadly for others.”

In my July 2nd post on AMD v. Feldstein I noted that the case had given rise to two note-worthy decisions.  The May 15, 2013 decision, discussed in that post, involved the legalities of the former-AMD employees’ alleged solicitation of current AMD employees in violation of  non-solicitation agreements.… Read the full article

Yet another “data scraping” case is percolating in the Northern District of  California. Craigslist has sued the online aggregator 3Taps, Inc. (and others), claiming that they illegally copied Craigslist’s classified apartment listings. In effect, 3Taps was attempting to disintermediate Craigslist—to insert itself between Craigslist and its users.

3Taps filed a motion to dismiss the multiple claims asserted in the suit, most of which was denied in the decision linked below.

Of particular interest is the court’s refusal to dismiss Craigslist’s claim that 3Taps violated the Computer Fraud and Abuse Act (CFAA), a controversial federal “anti-hacker” statute that has been interpreted in conflicting ways by the federal courts (see an earlier post on this topic here), and which was the law Aaron Schwartz was accused of violating (contributing, many believe, to his suicide earlier this year).

The CFAA permits a civil cause of action against any person who “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains .… Read the full article

Sloppy Online Agreements Costs Plaintiff Its Breach of Contract and CFAA Claims

Last month I wrote a post titled “Online Agreements – Easy To Get Right, Easy To Get Wrong.” In that post I discussed two cases in which the plaintiff had failed to take appropriate steps to necessary to impose terms and conditions on its customers.

A recent case decided by the federal district court for the District of Pennsylvania provides yet another example of how sloppy online contracting can doom a claim based on an online agreement.

The case,  CollegeSource, Inc. v. AcademyOne, Inc., (E.D. Pa. October 25, 2012), involves the practice colloquially referred to as “screen scraping” — that is, copying information from displayed webpages, usually in large quantities for commercial use. See, e.g., Ef Cultural Travel Bv v. Explorica , 274 F.3d 577 (1st Cir. 2001) (describing screen scraping).

It’s easy — legally and technically — to prevent this by prohibiting it in the site’s online terms and conditions.… Read the full article

Yet another federal appeals court has attempted to parse the Computer Fraud and Abuse Act’s (“CFAA”) ambiguous statutory language.  The issue, on which the federal courts cannot agree, is whether an employee who has authorized access to a computer, but uses that access for an illegal purpose — typically to take confidential information in anticipation of resigning to start a competing company or join one — violates the CFAA.

The controversy is focused on the words “without authorization” and “exceeds authorized access” in the law:

[Whoever] knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value … shall be punished. 18 U.S.C. § 1030(a)(4).

Late last year, in a widely noted decision, the 9th Circuit adopted the “narrow” view of the CFAA, holding the law does not extend to an employee who has authorized access but uses that access to make unauthorized use. … Read the full article