Forgot your password?
typodupeerror
This discussion has been archived. No new comments can be posted.

Appeals Court Rules TOS Violations Aren't Criminal

Comments Filter:
  • by Anonymous Coward on Tuesday April 10, 2012 @04:48PM (#39636449)

    And therefor, violating a TOS can't automatically be seen as criminal activity. Kudos to the Ninth Circuit Court of Appeals for having their head on straight.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Unfortunately the 9th Circuit is the most overturned court in the USA. I'm not having high hopes that the SCOTUS will affirm the ruling.

      • by AuMatar (183847) on Tuesday April 10, 2012 @05:15PM (#39636775)

        No it isn't. The 9th circuit court is by far the largest appellate court in the country, so while it has the most appeals overturned, it also has the most cases. By percentage it's actually in the middle of the pack.

    • by Baloroth (2370816) on Tuesday April 10, 2012 @04:59PM (#39636607)

      And therefor, violating a TOS can't automatically be seen as criminal activity. Kudos to the Ninth Circuit Court of Appeals for having their head on straight.

      Actually, the question is whether the law on the books that makes it illegal if an action "exceeds authorized access" applies to TOS violations, since the TOS outline what counts as authorized access. You can argue very easily that using a service in a manner that breaks the TOS does, in fact, violate the law (by exceeding what you were authorized in the TOS), but this court argues that the language is somewhat ambiguous and in the case of criminal law, you should always err on the side of leniency unless Congress makes itself clear. Basically, an action cannot be criminal unless the law clearly and explicitly states it is.

      The case has nothing to do with corporations ability to make an action illegal, specifically, but rather whether an action (violating the TOS) is already criminal under the current law. Agreed about the court having it's head on straight, this judge seems extremely rational.

      • by AmiMoJo (196126)

        The case has nothing to do with corporations ability to make an action illegal, specifically, but rather whether an action (violating the TOS) is already criminal under the current law.

        That's the same thing. TOS say "making a backup copy is illegal" or "one install only, if your PC dies you buy a new license" and doing otherwise becomes illegal. Or not, as the court has said.

        • by Baloroth (2370816)

          You seem to be thinking of EULAs, which are different from TOS. Terms of Service are for... well, services that you run on computers (notably, in this case, computers you do not own, such as using Facebook). For example, Facebook can have it in their TOS that you cannot host, say, a picture of your butt on Facebook. If the Computer Fraud and Abuse Act was interpreted broadly, it could be a crime to put such a picture on their servers (it would count as "unauthorized access"). Making backup copies of softwar

          • by rtb61 (674572)

            Still really, violation of a term of service should only be a criminal act if that actual violation is legislated as such otherwise it should just be a civil breach of contract.

            Private corporation should not be able to just stick in arbitrary terms of service, things like you are not allowed to publicly criticise the company whilst using it's services etc. etc.

      • by nschubach (922175)

        Doesn't the "exceeds authorized access" apply to owned property? (ie: a server, mainframe...) I'm sure this is going to border on that ever popular "ownership" aspect of software.

        • by Baloroth (2370816)

          I'm not sure exactly what you mean. I think in this case the question is whether an action that effectively takes place on a server you do not own, that happens to violate the TOS of whatever service you took the action under, counts as "unauthorized access" of that server. For example, uploading porn to Facebook (I presume that is against their TOS, anyways). In that case, Facebook could argue that they did not authorize you to upload porn, and therefore you accessed their server in an unauthorized fashion

      • by 91degrees (207121)
        It is an important question.

        Reading the law as widely as possible would mean I'm breaking federal law by setting up a second gmail account, or not using my real name on facebook. This clearly wasn't the intent of the law. It was a reaction to hackers breaking into systems that they had absolutely no rights to at all. At the time, public access services weren't that common. Those that were typically had a TOS agreement that was fairly narrow in scope.

        I'm not sure how much the courts are allowed to t
      • by DM9290 (797337)

        The law could theoretically give the power of making things illegal to a corporation. but probably such a law would need to be written in such a way that it was clear that the corporation has that power, and which corporation it was, and how that corporation performs this task. So that way it is not vague as to whether or not any particular action was illegal.

        even if facebook happened to have clearly written TOS that themselves are not vague. that doesn't guarantee that the statute isn't also enforcing cr

    • by swb (14022)

      Sure they do.

      They buy the politicians, and the politicians pass laws in a way that allows them to structure their policies and contracts in a way that makes violating them a criminally enforceable action, allowing them to use the government's police powers to guarantee compliance to their policies.

      Ultimately the US is going to be just like China; same corrupt style of government, complete with in-name-only ideological justifications for repression ("stability" there, "war on terrorism" here), same group of

  • Ex post facto (Score:5, Insightful)

    by NoNonAlphaCharsHere (2201864) on Tuesday April 10, 2012 @04:48PM (#39636459)
    If a corporation can unilaterally change a TOS agreement AFTER someone has signed up for the service (which they do all the time), how can anybody then claim that violating it is a criminal offense?
    • Don't corporations regularly write into the TOS agreement that they can change the terms with minimal (if any) notification to the customer, thus putting the responsibility of terminating the agreement onto the customer?
      • Re:Ex post facto (Score:5, Informative)

        by dbet (1607261) on Tuesday April 10, 2012 @05:03PM (#39636639)
        They can amend the contract, however, you are allowed to not accept the new version. So for example you're one year into a 2 year contract with AT&T, and they change the terms. You are now free to walk away. Because of this they usually grandfather in people who are in existing contracts.
        • by tepples (727027)

          They can amend the contract, however, you are allowed to not accept the new version.

          However, by continuing to use the service after the new terms are published, a user is considered to have accepted the new terms.

    • Re:Ex post facto (Score:4, Informative)

      by JoeMerchant (803320) on Tuesday April 10, 2012 @04:54PM (#39636523) Homepage

      If a corporation can unilaterally change a TOS agreement AFTER someone has signed up for the service (which they do all the time), how can anybody then claim that violating it is a criminal offense?

      Even more, how can a corporation (say: JoeMerchantCorp) create a TOS and then get the police and courts of the land to enforce it for them? My TOS can state that you must dance on your hands naked in the waiting room after a late payment or your account will be revoked... and it can be a criminal offence to violate it?

      • by Surt (22457)

        If it weren't unconscionable or illegal (and in this case both), yes.

        • At what point does unconscionable start? AT&T tripled their rates without telling me until I got the bill - should I have to pay that triple expected bill? How about 10x? How about 100x? Where's the line?

          TOS are modified at a dizzying pace, if there were one TOS to read for a service per 10 years and 10 services with TOS in your average daily life, sure, that's fine. As it is, I have 2 hours of reading a month to do for my PS3, another 3-4 for my Apple products, about 10 hours a month for the variou

          • by Surt (22457)

            http://legal-dictionary.thefreedictionary.com/unconscionable [thefreedictionary.com]

            "An unconscionable contract is one that no person who is mentally competent would enter into and that no fair and honest person would accept."

            You're probably stuck with your contracts so long as your carrier is able to attract significant numbers of new people to sign on to the same terms, as that pretty much blows the unconscionable requirements.

            Personally, I don't use any services with frequent TOS changes. It's not that hard to avoid.

            • This sounds pretty slippery to me, not sure how often it changes, I never even looked at it before:

              http://geek.net/index.php/terms-of-use/ [geek.net]

              Geeknet, Inc. comprised of the internet sites Geek.net, Sourceforge.net, Slashdot.org, ThinkGeek.com, and freecode.com (the "Sites"), provides the information and services on the Sites to you, the user, conditioned upon your acceptance, without modification, of the terms and conditions of use applicable to such Sites. Your use of any of the other Sites constitutes agreeme

              • by Surt (22457)

                Thankfully that's not a contract I've accepted.

                • While I would disagree in principle, they say you have:

                  Use of Geeknet Sites constitutes full acceptance of and agreement to the Terms;

                  Stuff like that is what bothers me.

                  • by Surt (22457)

                    Yeah, there's no chance of that holding up, particularly since they've never forced me to see either the use requirement or the actual contract. Click-through has a small chance of holding up, but this? None.

                    • Yeah, there's no chance of that holding up, particularly since they've never forced me to see either the use requirement or the actual contract. Click-through has a small chance of holding up, but this? None.

                      And, what I intensely dislike about that is that, regardless of merit, suit can still be brought and you are compelled to defend, and usually appear. In my opinion, just being compelled to appear is a major nuisance.

                      Having all this, presently, meritless basis for suit generated as regular course of business should be in some way discouraged. A few bad decisions out of the courts could basically strip everyone of their rights by making everyone criminals due to violation of B.S. TOS (yes, it should be a ci

                    • by Surt (22457)

                      My solution if things are headed that way will be to set up my own terms of service for sending me web pages over my internet connection. I will make sure my terms are at least equally visible and available.

      • by Beardo the Bearded (321478) on Tuesday April 10, 2012 @05:09PM (#39636715)

        I would hand-dance naked in my living room for you.

        I mean for a late payment. For a late payment.

      • by Sique (173459)

        One of the main reasons to have a state and a judicary is to have contracts enforced. There is a whole body of law just for contract disputions, it's called Civil Law.

    • They can't without permission, but continuing to use the service can represent permission.

    • by FunPika (1551249)
      They will probably just try to make "Ignorantia juris non excusat" apply to the TOS as well and be like "You didn't read the updated TOS? Your fault".
      • by Surt (22457)

        Which seems entirely reasonable. I don't use any websites subject to unilaterally modifiable TOS without reading those TOS every single time, and neither should anyone else.

        • When I got my iPod touch*, I got to see the agreement to use the app store. Ninety-nine pages long. That was one of the shorter ones.

          *Don't worry, it was a freebie with something else and went on eBay.
      • They will probably just try to make "Ignorantia juris non excusat" apply to the TOS as well and be like "You didn't read the updated TOS? Your fault".

        Which is, as we all know, complete bullshit.

        "Ignorantia juris non excusat" is only legitimate when applied across the board, without exceptions, and we all know that's not the case.

    • So? Laws change unilaterally all the time too, it doesn't make them ex post facto. Only if the corporation takes action against a user over a violation of the new TOS that ocurred before the new TOS was instated (and agreed to by the user). Only then would it be ex post facto.
    • by Anonymous Coward

      I dunno that I like this argument. I agree with the conclusion, but the reasoning you take for it is a bit scary.

      I mean, I *can* change my terms and make you a criminal /if/ you persist. In computing it's as simple as "John, you're fired--don't login as administrator"

      A very simple alternate meatspace analogy is trespass.

      If I invite you to my home, you're welcome there. If I then order you to leave, you have a reasonable amount of time to gather your things and exit. If you delay unduly, or refuse--you'v

      • A very simple alternate meatspace analogy is trespass.

        No; trespassing is a criminal matter, not a civil one (unless we're talking trespass to chattels, which you are not). "Analogy" implies a commonality.

        A real meatspace analogy would be if you offered me access to your property in writing, then at some point changed the contract to revoke my access.

        The difference is, with a written (paper) contract between two individuals, changing the terms requires the physical signature of both parties; in terms of service, one party can unilaterally change their policy,

    • I can't wait to re-read the parent comment after the supreme court rules it is a criminal offense. I'll have myself a nice little cry then. It'll be cathartic.
  • Lower courts have held that violating a (basically TOS) is a crime? Is there ever real world logic applied to these decisions or is it basically (let's rewrite every law when it applies to the internet). "What are you in for?" "Leaving food stuffs in the fridge after 5pm on friday, clearly against company policy".
    • by CanHasDIY (1672858) on Tuesday April 10, 2012 @04:56PM (#39636555) Homepage Journal

      Lower courts have held that violating a (basically TOS) is a crime?

      Not just a crime, a felony crime. Which means being convicted of ToS violations not only takes away your physical freedom, but also damages your ability to find a job upon release, makes it impossible to own a gun, removes your right to vote (although some states restore that right after a prescribed period of time), and all the other wonderful disadvantages that come with being a convicted felon.

      Land of the Free, my enslaved ass.

      • by Jeng (926980) on Tuesday April 10, 2012 @05:11PM (#39636749)

        Ya know, if they want to charge you with a felony you might as well commit one and kill the motherfucker who wrote the TOS.

      • by Trepidity (597)

        Fortunately it does at least require that it be a TOS violation "with intent to defraud", which provides a bit higher burden of proof. It's still better not to have the CFAA in this mess at all, though. If you want to ban fraud, then write a law banning fraud (which already exist, naturally), not criminalize random things just because "with a computer" is tacked on.

        • by jamstar7 (694492)

          If you want to ban fraud, then write a law banning fraud (which already exist, naturally), not criminalize random things just because "with a computer" is tacked on.

          But it's ok to 'create' and 'patent' something already out there by adding 'on a computer hooked to the internet or not'?

  • by LostCluster (625375) * on Tuesday April 10, 2012 @04:52PM (#39636507)

    A court ruling out of line with three other rulings is certainly a sign that the court wants a higher court to look at this... 3-1 scores don't matter, just that the case got there.

  • Violating terms of use is not a criminal offense.

    It's a civil matter known as breach of contract, the solution for which is getting sued.

    Now if you were forging a mac address in an attempt to masquerade as another subscriber, or hacked the service to get free internet or evade a service termination, that would be different and probably *would* qualify as criminal.

    Breaking TOS and having your service yoinked is like going shopping at a grocery store and getting thrown out by security for swearing, or like ge

    • by X0563511 (793323)

      Aaah, but you forgot! The magic words! "With a computer" change everything!

    • by GiMP (10923)

      Without any contract, you have no authority access. If you breech the contract, you have no authorization to access. Access without authorization is a felony.

      I tend to agree that the other courts were probably right. Whether or not the Computer Fraud and Abuse Act is too broad is another matter and something for higher courts and the legislative branch to determine.

      • I've discussed this many times. Any while your interpretation could be valid, I most strongly disagree with it. I agree with the OP and the 9th CC, this is not a crime, it's a contract dispute, which makes it a civil case, not a criminal case. That's how it should be handled, breach of contract.

        Consider what happens if it's the other way around, what if the company violates their responsibilities under the TOS? Is that automatically a crime? No. In some cases, if you can show they were willfully misleading,

        • by jamstar7 (694492)

          Consider what happens if it's the other way around, what if the company violates their responsibilities under the TOS? Is that automatically a crime? No. In some cases, if you can show they were willfully misleading, to a large group of customers, then it might be treated as criminal fraud. But the company violating the TOS is not automatically a crime, it's a civil breach of contract.

          I'd have an attorney read over the TOS before suing, though. I've read some that have a clause saying that by using the se

          • by causality (777677)

            Consider what happens if it's the other way around, what if the company violates their responsibilities under the TOS? Is that automatically a crime? No. In some cases, if you can show they were willfully misleading, to a large group of customers, then it might be treated as criminal fraud. But the company violating the TOS is not automatically a crime, it's a civil breach of contract.

            I'd have an attorney read over the TOS before suing, though. I've read some that have a clause saying that by using the service I accept the TOS and agree to hold the provider blameless in anything that may come up, up to and including the Second Coming of Elvis.

            I'm not a lawyer and this isn't legal advice, yadda yadda. Owing to the legally protected freedom of speech, they may write whatever they want into a document. That doesn't necessarily mean it will hold up in court. Some states are better than others about rejecting unreasonable clauses in such contracts.

  • Not a TOS (Score:5, Insightful)

    by Desler (1608317) on Tuesday April 10, 2012 @04:57PM (#39636575)

    Once again a terrible title and summary. This had nothing to do with a TOS. It was about trying to prosecute someone criminally for violating their workplace's authorized access policy.

    • by gatfirls (1315141)
      An "access policy" is basically "terms of service". You are right though the word "policy" is enough of a description to make a criminal charge (an upheld appeals) seem ridiculous.
      • by Desler (1608317)

        No, a ToS is in common use an agreement between a company and a consumer when providing you a service. This was about an internal company policy for its employees. It's not the same.

        • by gatfirls (1315141)
          You do know that "basically" and "same" have very different meanings right? The point is that neither of them (should) carry a criminal penalty for the violation of them unless the violation actually violates the law. The problem here is that they are using their *policy* to stipulate what is illegal. ....using very ambiguous overreaching laws. Even though using criminal courts in place of civil is all the new rage.
    • by tacokill (531275)
      Mod this up. The fact that an employer / employee is involved changes everything. This is not a case of TOS and Customers violating said TOS.
      • by gatfirls (1315141)
        Exactly what does it change? They're both loose "contracts" on what is authorized for the service/network/etc. Using horribly vague, ambiguous and broad laws to cover civil matters (especially big corporate civil matters) is a crazy concept that people seem to just ignore as "welp don't break the law" until they get snagged up in it.
      • Re:Not a TOS (Score:5, Insightful)

        by urulokion (597607) on Tuesday April 10, 2012 @06:20PM (#39637567)

        No. The fact that is an employer/employee type setup doesn't change a thing. An employee violating a company policy in regards to accessing information they are authorized to to access via their computer credentials isn't a violation of the CFAA. Let's take another CFAA case involving the Social Security Adminstration. Certain employees in the SSA have access to personal information of people in regards to SSN payroll deductions, benefit payouts, etc. They have authorization via their computer credentials to look at virtually anyone's personal information. But the SSA has policies in place they speel out when it is proper to access that personal information. When an employee is working a case that is assignment to them, they policies says they can access personal information about persons related to that case as an example.

        Now if an SSA employee starts to just access information about celebrities or other persons in the new just because they are curious. They would be a clear violation of SSA policy. Remember that the employee's credentials allow access to virtually anyone. The employee used their assignen credentials to access the information. They didn't breach any technological measure to access the measure. They didn't "hack" to gain access to the information. Their access is a violation of SSA policies, may be violations of criminal statutes of misusing government data, violations of the Privacy Act, etc. But their access was not a violation of the CFAA. That was what the 9th Circuit ruled on.

        The 9th Circuit got this one right. Yes, I'm shocked as much as you are. If this ruling goes to the US Supreme Court, I don't think it'll be overruled.

      • by Trepidity (597)

        It doesn't change anything, as the decision notes. The question is whether exceeding authorization to use a computer, by violating the terms of a policy authorizing you to use that computer, is a federal crime. Whether the policy is a workplace policy for employee usage of computers, or a user policy for customer usage of computers, doesn't make a difference.

    • by Trepidity (597)

      If you read the court's opinion, it discusses both ToS and workplace access policies, and holds that the CFAA applies to neither, for similar reasons.

  • by istartedi (132515) on Tuesday April 10, 2012 @04:57PM (#39636585) Journal

    So you're not in jail. Big deal. They can still take all your money via the civil courts. Then you're homeless. It's like jail except that the cell has poor climate control and the 3 hots and a cot are unreliable. Nothing will change until civil suits are reformed. For starters, guaranteed right to a jury trial with the possibility of nullification required to be informed to the jury from the bench (not the bench lying and saying that it doesn't exist). Also, reasonable doubt, not prepoderance. Also, no civil trial for the same matter already settled in criminal courts.

    Wow, it might actually be a free country again if we could pull that off. Oh and look, I expressed it in one paragraph that everybody can understand. Just like back in the 1700s. Imagine that!

    • by gl4ss (559668)

      well.. at least then you get to still vote that should be changed?

      usa style settling in criminal cases is bullshit. it distorts statistics, history and murkies wtf actually happened so badly... that should only happen in civil, non criminal, disagreements.

    • Has anyone ever been rounded up for violating an access TOS?
      • From the ruling:

        In a recent Florida case, after an employee sued her employer for
        wrongful termination, the company counterclaimed that plaintiff violated
        section 1030(a)(2)(C) by making personal use of the Internet at work --
        checking Facebook and sending personal email -- in violation of company
        policy. See Lee v. PMSI, Inc., No. 8:10-cv-2904-T-23TBM, 2011 WL
        1742028 (M.D. Fla. May 6, 2011)
        . The district court dismissed the counterclaim,
        but it could not have done so if "exceeds authorized access"
        included viola

    • by mark-t (151149)
      They can't take your home away if you don't own it... and they can't garnish your wages below what is necessary to survive, taking into consideration standard costs of living in your area.
  • Damn it (Score:5, Funny)

    by Fned (43219) on Tuesday April 10, 2012 @05:09PM (#39636721) Journal

    I was so looking forward to forcefully citizen's-arresting the next HR asshole to demand my Facebook login.

    • by Elldallan (901501)
      That has not changed, unless the HR asshole has Facebook he never had a TOS with FB so he could always(and still can) demand your account details. You would however be in breach of the TOS if you gave it to said HR asshole so you would be the one tossed in jail.

      BUT what has not changed is the fact that if said HR asshole did access FB(with your account details) without having a contract with FB in the first place it will still be a felony.
      Things gets muddy if he has his own Facebook since he would techni
      • He's not violating the TOS, but he's certainly accessing the computer system without authorization, which is the actual felony crime being discussed. If anything, his guilt is even more unambiguous.

    • by MobyDisk (75490)

      Allow me to play devil's advocate here: what is to say they don't arrest you for giving the information out? Asking for it probably doesn't violate the TOS. Either giving it out, or using it are more likely to violate it.

    • by darkonc (47285)
      It's not just the asshole who demands your Facebook login that gets charged with counselling a felony. You can also go after the asshole who set the policy (usually further up the food chain). Now that should get the attention of legal (especially if it was legal who set the policy).
  • by Anonymous Coward

    "Credit card companies are not authorized to have their mail access my (physical) mailbox, unless they enclose a cashier's check for $1,000 in my name."

    Now go ahead send me another one of these credit card offers!

  • So, those employers that demand access to your social networking accounts, or, say, bank accounts, personal e-mail accounts, etc. They get a free pass at violating those sites' Terms of Use and can sign on with employees' access credentials ... NO PROBLEM?

    • by GiMP (10923)

      Those companies are not violating the TOS, the employee is. What the company is doing is worse, the company is arguably accessing without agreeing to the TOS at all, which falls under unauthorized access and is criminal under the Computer Fraud and Abuse Act. I think. IANAL

    • by mark-t (151149)

      If you're going to work for a company that expects access to such accounts, then I would think that your best course of action is to just not have any such accounts. Even better is to just not work at such a company.

      In at-will states, employers can fire you for pretty damn near any reason they want, or no reason at all. I'm pretty sure that not supplying them with access to your facebook account doesn't quality as some form of legal discrimination (even though they might be able to obtain some informat

      • by HexaByte (817350)

        If you're going to work for a company that expects access to such accounts, then I would think that your best course of action is to just not have any such accounts. Even better is to just not work at such a company.

        Tell your employer" I won't give you the keys to my house, my car, my bank accounts nor other personal accounts unless you do the same for me."

        Should they agree to this, drain their accounts, take everything from their house that you want, put it in their car and take off for the border. When you get there, post (as them) on their facebook and tweet from their account that they love Hitler and the Nazis, hate minorities and women and are having an affair with someone of the same sex in the workplace. Cha

    • So, those employers that demand access to your social networking accounts, or, say, bank accounts, personal e-mail accounts, etc. They get a free pass at violating those sites' Terms of Use and can sign on with employees' access credentials ... NO PROBLEM?

      Not at all. If I give you my Facebook password, then I am in violation of the Facebook TOS - which as discussed is not a crime. But _you_ have no authorization to log into my account. I can give you the password, but I cannot give you the authorization to log in, because it is not my server that you are logging in to. So by accessing my account, using the password I gave you, _you_ are committing the crime of unauthorized access to a computer.

  • stuff on the level traffic tickets should not be a felony.

    Now lot's of tos violation are on the level of some traffic tickets where most people don't follow the rules 100% and some of them are very technical when you get down to them.

  • and therefore violating terms of service and corporate use policies is not a federal crime.

    If it was a Federal Crime, Basically what it would lead to, is private entities been able to send people to jail for breaking rules not set by the government (ie laws...). If this does start to happen, then the corporations have effectively directly taken over law making in this country, and could even possibly put in jail terms and penlites for breaking their tos's.

  • violating TOS can only be seen as breach-of-contract. That makes it a civil offense.

Outside of a dog, a book is man's best friend. Inside of a dog, it is too dark to read.

Working...