Appeals Court Rules TOS Violations Aren't Criminal 120
Trepidity writes "In a decision today (PDF), the Ninth Circuit Court of Appeals ruled that the Computer Fraud and Abuse Act 'does not extend to violations of use restrictions,' and therefore violating terms of service and corporate use policies is not a federal crime. Law profesor Orin Kerr cheered the decision, but since three other Courts of Appeals have reached opposite decisions, it might be heading to the Supreme Court."
Re:Ex post facto (Score:4, Informative)
If a corporation can unilaterally change a TOS agreement AFTER someone has signed up for the service (which they do all the time), how can anybody then claim that violating it is a criminal offense?
Even more, how can a corporation (say: JoeMerchantCorp) create a TOS and then get the police and courts of the land to enforce it for them? My TOS can state that you must dance on your hands naked in the waiting room after a late payment or your account will be revoked... and it can be a criminal offence to violate it?
Re:Corporations don't make law (Score:5, Informative)
And therefor, violating a TOS can't automatically be seen as criminal activity. Kudos to the Ninth Circuit Court of Appeals for having their head on straight.
Actually, the question is whether the law on the books that makes it illegal if an action "exceeds authorized access" applies to TOS violations, since the TOS outline what counts as authorized access. You can argue very easily that using a service in a manner that breaks the TOS does, in fact, violate the law (by exceeding what you were authorized in the TOS), but this court argues that the language is somewhat ambiguous and in the case of criminal law, you should always err on the side of leniency unless Congress makes itself clear. Basically, an action cannot be criminal unless the law clearly and explicitly states it is.
The case has nothing to do with corporations ability to make an action illegal, specifically, but rather whether an action (violating the TOS) is already criminal under the current law. Agreed about the court having it's head on straight, this judge seems extremely rational.
Re:Ex post facto (Score:5, Informative)
Re:Corporations don't make law (Score:5, Informative)
No it isn't. The 9th circuit court is by far the largest appellate court in the country, so while it has the most appeals overturned, it also has the most cases. By percentage it's actually in the middle of the pack.
Re:Corporations don't make law (Score:4, Informative)
1. Accessing a computer system without authorisation from the owner is a crime.
2. A ToS specifies what a user can do, and upon violation becomes invalid - thus, the user is no longer authorised, legally. Even if their account still exists.
3. So any access breaking the ToS is, in legal fact, unauthorised - and indistinguishable from if they had, say, used an exploit or guessed a password. The means by which unauthorised access is granted is legally unimportant - it doesn't matter if it's via sophisticated hacking, script-kiddie work, social engineering, finding someone's password on a postit or pure luck in guessing. The important part is that the user, having broken the ToS, is no longer authorised by the system owner to access that computer system. See point one.