Facebook Abusing Computer Crime Law To Block Useful Service

from the it's-not-hacking dept

We noted recently that the courts (and plaintiffs in lawsuits) have been stretching computer hacking laws in dangerous ways. The laws that were clearly intended to cover situations of malicious hackers breaking into a computer system they have no right to be in are being twisted around, such that contractual language is being used to make all sorts of access "unauthorized" under the terms of the law. For example, we noted a case where using an employer's computer to access information for personal use... could be seen as "unauthorized access" and, thus, criminal computer hacking.

Last year, we wrote about a bizarre lawsuit where Facebook sued Power.com, a website that tried to aggregate various social networks into a single interface. That could be pretty useful. Facebook didn't like it and sued. But just because Facebook doesn't like something, it doesn't make it illegal. What if users want to access Facebook that way? Facebook tossed out a variety of legal theories, including the idea that this was criminal hacking, because it was unauthorized access. How is it unauthorized? Well, here Facebook got creative. It has, hidden within its terms of service the note that accessing Facebook through "automatic means" is forbidden. Facebook says that Power.com's aggregator is "automatic means" (which seems questionable), and thus accessing Facebook via Power.com is no longer authorized. Since the access is not authorized, then it's... unauthorized access, aka hacking, and a crime under California's computer crime statute.

The EFF has now filed an amicus brief in the case, pointing out that this would be a ridiculous stretch of California's computer crime law:
"California's computer crime law is aimed at penalizing computer trespassers," said EFF Civil Liberties Director Jennifer Granick. "Users who choose to give their usernames and passwords to aggregators like Power Ventures are not trespassing. Under Facebook's theory, millions of Californians who disregard or don't read terms of service on the websites they visit could face criminal liability. Also, any Internet company could use this argument as a hammer to prevent its users from easily leaving the service as well as to shut down innovators and competitors."

Even the simple use of the automatic login feature of most browsers would constitute a violation under Facebook's theory, since those services are "automatic means" for logging in. But the risk for users is even broader. If any violation of terms of use is criminal, users who shave a few years off their age in their profile, claim to be single when they are married, or change jobs or addresses without updating Facebook right away would also have violated the criminal law.
Hopefully, the court agrees...


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Anonymous Coward, May 5th, 2010 @ 10:55am

    If a human initiated the access, how is it automatic?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, May 5th, 2010 @ 10:57am

    Ummmm

    "Facebook says that Power.com's aggregator is "automatic means" (which seems questionable), and thus accessing Facebook via Power.com is no longer authorized. Since the access is not authorized, then it's... unauthorized access, aka hacking, and a crime under California's computer crime statute."

    If this is the case, then wouldn't the facebook/power.com customer be guilty of hacking?

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Sneeje (profile), May 5th, 2010 @ 11:42am

    Wouldn't this mean that browsers that retain credentials or password solutions like KeePass would also be illegal? Fail.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, May 5th, 2010 @ 12:21pm

    They done this with a bunch of really useful services.

    There was one I used that kept you twitter/facebook/etc status messages in sync. Facebook didn't like it, I stopped using facebook.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    NBurns (profile), May 5th, 2010 @ 12:24pm

    Connect?

    I find it very interesting that the 'automated means' access restriction is located in the section labeled 'Safety' and is couched in language which implies only automated scraping and collection is forbidden, not all automated access. This is especially strange considering the fact that Facebook offers this exact functionality (aggregated user data in small sets) as part of its Facebook Connect service, which is an automated means for you to access Facebook through other sites and 3rd-party apps. Very shady.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Sped, May 5th, 2010 @ 1:47pm

    Put in frame?

    Facebook gives you no control over your page. And they keep jerking us around on format.

    I want to see friend status updates, period. There is no way to make it default view. they want to have you go to your selected "news feed" crap.

    I tried with frames. Facebook direct to status updates, Google reader in another. Facebook at least renders but had a dark image over it. Google reader you have to scrape and strip some crap out, as it won't render in a frame at all.

    Why is this so hard?

    PS, if anyone knows how to get rid of that darkness when facebook is in a frame, let me know.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    gunslinger lawman, May 5th, 2010 @ 2:38pm

    Continuing allowance of breaches of privacy

    OK this morningi goto play a facebook game

    up pops this maessage about
    "Allow extended permissions and earn (5) honor points!"

    no explanation, no idea why it requires or wishes it. THIS is the kind a thing some kid ( who may not own his box thus the parent didn't have a choice ) would do and hten you might have data YOU dont even know what being slugged around. JUST put links to why and what that does and ok or not.

    they need to real in these app makers and say HEY we know your wanting to get wealthy but um er law and privacy need some say

    its not like were conservatives telling women to fuck off or anything after all.

    once i get my webserver functioning im going to create a my own private thing with all the rule of law and strict arse privacy a user could wish for. BUT ITS only for my members the real ones not some people dropping into a open group on facebook haha...ya right.

    -----------------------
    explain the darkness you mean....
    --------------------------
    @2 it depends btw what the sites terms a service say BUT heres a way Canada deals with ti and why there is still a big stink about it and some remedies to think of

    First I am not a lawyer more of a study of certain areas of law pertaining to internet.

    Privacy law in Canada requires that any use of a persons data must have written permission EACH TIME it is used. a terms of service cannot legally say any time i want i can come get your data. THATS ILLEGAL. EACH time it requires a written authorization or its a FINE, a big one 50000 per instance.

    THE solution here would be each time someone access your data or wishes too you are given a popup request ...YES or NO and who and for what the data is required for.

    THATS THE LAW and the neat thing is what a Canadian does anywhere on the net our law has us subject to OUR LAWS NOT YOURS. NICE isn't it.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    NAMELESSONE, May 5th, 2010 @ 2:39pm

    p.s. if you have ideas shoot them too me

    i have been asked to partake ina kind of governance council so if i see useful ideas i'll pass them along

    :)

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Bart Jellema, May 12th, 2010 @ 8:50am

    I'm leaving facebook if this continues

    I've put a group together and we're all leaving facebook if they don't drop this lawsuit. I have got to draw the line somewhere and I cannot be associated with a company like Facebook.

    http://www.facebook.com/group.php?gid=123205857691804

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    pasquale, Sep 6th, 2010 @ 4:24am

    I made this little software to write public POST-it in any website, i'm adding tools to have your social networks in one window, in ANY window.
    have fun!
    http://english.spost.it

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This