After a little more experimentation, I discovered that every instance of the character string "power.com" is blocked in Facebook. Therefore, every time I put "power.com" into my status reports or in comments to those status reports--even if it's the only content in the post/comment--I get the "blocked content" message. However, it's easily avoided; I can post "power . com" (notice the spaces before and after the period) just fine. Basically, Facebook is using a very dumb word filter.

In other words, it may be a crime to circumvent technological barriers imposed by a website, even if those measures are taken only to enforce the terms of service through code. There's nothing inherently wrong or unlawful about avoiding IP address blocking, and there are valid reasons why someone might choose to do so, including to sidestep anticompetitive behavior by other Internet services. As long as an end user is authorized to access a computer and the way she chooses doesn't cause harm, she should be able to access the computer any way she likes without committing a crime.

This is not an esoteric business issue, because the legal theories Facebook is pushing forward would make it a crime not to comply with terms of service. People have already faced criminal charges for violating a site's terms of use policy. For example, in United States v. Lori Drew, a woman was charged with violating the federal computer crime law for creating a false profile that was used to communicate inappropriately with a teenager who eventually committed suicide. EFF filed an amicus brief in that case arguing that terms of service do not define criminal behavior, and the charges were eventually dismissed. We also defended Boston College computer science student Riccardo Calixte, whose computers, cellphone and iPod were seized by local police who claimed that he violated criminal law by giving a fake name on his Yahoo account profile. A justice of the Massachusetts Supreme Judicial Court ordered police to return the property after finding there was no probable cause to search the room in the first place.

Using criminal law to enforce private website operators' terms of use puts immense coercive power behind measures that may be contrary to the interests of consumers and the public. EFF believes that users have the right to choose how they access their own data, and that services like Power's give users more options. So long as the add-on service does not access off-limits information and is not harmful to server functionality, authorized users who choose add-on technologies like Power's commit no crime. Frighteningly, under Facebook's theory, millions of Californians who disregard or don't read terms of service on the websites they visit would risk criminal liability.

"California's computer crime law is aimed at penalizing computer trespassers," said EFF Civil Liberties Director Jennifer Granick. "Users who choose to give their usernames and passwords to aggregators like Power Ventures are not trespassing. Under Facebook's theory, millions of Californians who disregard or don't read terms of service on the websites they visit could face criminal liability. Also, any Internet company could use this argument as a hammer to prevent its users from easily leaving the service as well as to shut down innovators and competitors."

Even the simple use of the automatic login feature of most browsers would constitute a violation under Facebook's theory, since those services are "automatic means" for logging in. But the risk for users is even broader. If any violation of terms of use is criminal, users who shave a few years off their age in their profile, claim to be single when they are married, or change jobs or addresses without updating Facebook right away would also have violated the criminal law.