The U.S. Court of Appeals for the Ninth Circuit ruled Tuesday it is a federal crime to access a website knowing the site’s proprietor has asked you not to visit the page.
Steven Vachani is the CEO of a startup called Power Ventures, which administers a networking platform called Power.com, a service which allows user to combine all of their social media contacts. Users authorized Power.com to access their Facebook accounts, collect data, and message other users. Facebook does allow third parties to access content by enrolling in the site’s Facebook Connect program, but Power never registered with the system and conducted activities beyond the program’s scope. On discovering the activity, Facebook sent a cease-and-desist letter to Power, and blocked its IP address. Power simply created a new IP and continued.
Facebook brought a claim against Power in 2008, alleging a violation of the Computer Fraud and Abuse Act (CFAA). The CFAA makes intentionally accessing a computer without authorization a crime. The Ninth Circuit found in Facebook v. Vachani that, after receiving the cease-and-desist letter from Facebook and proceeding with normal operations anyway, Power broke federal law.
“The record shows unequivocally that Power knew that it no longer had authorization to access Facebook’s computers, but continued to do so anyway,” the ruling read. “In requests for admission propounded during the course of this litigation, Power admitted that, after receiving notice that its use of or access to Facebook was forbidden by Facebook, it ‘took, copied, or made use of data from the Facebook website without Facebook’s permission to do so.’”
The court further explained its rationale through a real world analogy. Supposing an individual arrives at a bank to access a friend’s safety deposit box (with the friend’s authorization) carrying a gun. The bank would be well within its rights to refuse the individual entry. In order to access the safety deposit box, the individual would need the consent of the box owner (the Facebook user) and the bank (Facebook.)
George Washington University Law School professor Orin Kerr, an expert on computer crime, finds the ruling troubling. “If read broadly, the case seems to say that if you want to make it a crime for someone to visit your website, you just need to give them notice that you don’t want them to visit,” he said at the Volokh Conspiracy, a blog of law professors moderated by The Washington Post. “I gather that as long as you phrase the notice as a command to cease and desist, rather than as just general terms of use, it becomes legally binding.”
“I think this decision is wrong, and that it has big implications going forward,” his analysis reads.
Send tips to kevin@dailycallernewsfoundation.org.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.