Appeals Court Says Accessing Data In A Way The Host Doesn't Like Doesn't Violate Computer Crime Laws

from the if-access-is-still-permitted,-the-access-process-is-irrelevant dept

The Ninth Circuit Court of Appeals has ruled [PDF] that accessing publicly-accessible info in a way the hosting entity has said isn’t permissible isn’t a violation of the law. In this case, it’s a couple of laws, since Oracle’s bid to shut down a competitor involves two different states and two different computer crime laws.

Oracle sued Rimini Street alleging a bunch of computer law-related violations after it continued to harvest data without Oracle’s explicit permission. The EFF, which filed a brief in this case backing Rimini Street, breaks down the details of the alleged violation.

Oracle v. Rimini involves Oracle’s terms of use prohibition on the use of automated methods to download support materials from the company’s website. Rimini, which provides Oracle clients with software support that competes with Oracle’s own services, violated that provision by using automated scripts instead of downloading each file individually. Oracle sent Rimini a cease and desist letter demanding that it stop using automated scripts, but Oracle didn’t rescind Rimini’s authorization to access the files outright.

After ceasing/desisting for about a year, Rimini went back to automated downloading, allowing it to provide faster service for its customers. Oracle’s decision to continue to grant access to Rimini Street is what ultimately undoes its case. It tried to use two different states’ laws (Nevada and California) to force Rimini to go back to the old, slow, “permissible” downloading protocol. A jury found Rimini in violation of these laws, but the Appeals Court does not agree.

We hold that taking data using a method prohibited by the applicable terms of use, when the taking itself generally is permitted, does not violate the CDAFA. Because the same reasoning applies to the NCCL claim, we reverse the judgment as to both claims.

Oracle obviously disapproved of the method— automated downloading—by which Rimini took Oracle’s proprietary information. But the key to the state statutes is whether Rimini was authorized in the first instance to take and use the information that it downloaded.

That strikes down the violations alleged. It still leaves Oracle with a substantial award on its copyright infringement claims, but it will “only” end up with $22 million in damages instead of the $27 million awarded by the lower court.

This is a good decision that protects automated access of publicly-available information. Plenty of useful web/data tools rely on automation. Allowing companies to undercut competition and discourage innovation with bad applications of worse laws isn’t the answer. With very little legislative movement towards rewriting bad laws like the CFAA, it’s up to the courts to sort out these conflicts. In the meantime, companies like Oracle will continue to try to thwart competitors with lawsuits and criminal charges, rather than with better products and service.

Filed Under: , , , ,
Companies: oracle, rimini street

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Appeals Court Says Accessing Data In A Way The Host Doesn't Like Doesn't Violate Computer Crime Laws”

Subscribe: RSS Leave a comment
Anonymous Coward says:

How about covering how Susan Wojcicki and the rest of the codswallop at google/youtube just financially sodomized thousands of the smaller channels yesterday? Or are you gonna whitewash that one TOO? In before “it’s google/youtube’s site, and they’re legally entitled to be ingrates of unprecedented scale”, etc., etc., etc.,etc..

Anonymous Coward says:

Re: Re: Re:

Why would they offer a submit story link if they didn’t wan’t story ideas? At the same time, everyone knows Mike won’t do anything to jeopardize the cash he gets from google so if he does a story about them at all he’s going to find some way where he can attempt to sanitize googles bullshit at the same time. Pointing out his goddless hypocrisy is absolutely proper.

Richard (profile) says:

The free market and private enterprise

Despite their public protestations to the contrary, private sector companies don’t actually like the free market. They spend a large proportion of their energies trying to create or maintain a monopoly for themselves.

The evidence for this is precisely given by this type of case. Oracle don’t want to compete and they are prepared to spend quite a lot of money and effort on avoiding the need to.

Of course young start up companies behave differently – but I would contend that this is only because they have no choice. The moment they reach a size or a degree of market dominance that allows it they go straight into full monopolist mode. Often they do this whilst still talking about “the right to innovate”. The latter often means (in practice) the right to introduce innovations that actually prevent anyone else from innovating. cf Microsoft in the late 80’s and early 90’s.

Large Marge says:

Not quite right...

“The Ninth Circuit Court of Appeals has ruled [PDF] that accessing publicly-accessible info in a way the hosting entity has said isn’t permissible isn’t a violation of the law”

That is not what the decision says. It says a method of taking data, which is prohibited by terms of service, to which a defendant otherwise has the right to take, is not a violation of the CFAA. There is nothing in the decision that says a website can’t prohibit or place other restrictions on the taking of data, and the decision makes no reference to “publicly-accessible” data at all and there is no indication the downloads in the case were publicly-accessible at all.

Eldakka (profile) says:

Re: Not quite right...

Actually, on second thoughts (to my other reply), those may not be the exact words used by the NCCoA, but they fit within the meaning of the ruling.

By definition, publicly-accessible info is info that anyone is authorized to access.

Therefore that fits in with the "if you are authorized to access it" element of the ruling.

Therefore anyone can access public info, and any method used to access the info (manually, with a robot) is not illegal. (of course, this doesn’t protect the accessor against harming the hoster, e.g. if the effect was to cause a DoS then they might still be committing an illegal act)

Therefore the legal precedent set (IANAL) would allow accessing publicly-available information in a manner not authorized by the hoster.

The headline was not a quote from the NCCoA ruling, it is a headline about the ruling, the effect of the ruling, a description of the ruling, one of the consequences of the ruling. So the headline is correct in its description of an effect of the ruling. So the author of the article chose a headline that they felt covered the most important consequence of the ruling for them and for their reader base.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...