Facebook Abusing Computer Crime Law To Block Useful Service

from the it's-not-hacking dept

We noted recently that the courts (and plaintiffs in lawsuits) have been stretching computer hacking laws in dangerous ways. The laws that were clearly intended to cover situations of malicious hackers breaking into a computer system they have no right to be in are being twisted around, such that contractual language is being used to make all sorts of access "unauthorized" under the terms of the law. For example, we noted a case where using an employer's computer to access information for personal use... could be seen as "unauthorized access" and, thus, criminal computer hacking.

Last year, we wrote about a bizarre lawsuit where Facebook sued Power.com, a website that tried to aggregate various social networks into a single interface. That could be pretty useful. Facebook didn't like it and sued. But just because Facebook doesn't like something, it doesn't make it illegal. What if users want to access Facebook that way? Facebook tossed out a variety of legal theories, including the idea that this was criminal hacking, because it was unauthorized access. How is it unauthorized? Well, here Facebook got creative. It has, hidden within its terms of service the note that accessing Facebook through "automatic means" is forbidden. Facebook says that Power.com's aggregator is "automatic means" (which seems questionable), and thus accessing Facebook via Power.com is no longer authorized. Since the access is not authorized, then it's... unauthorized access, aka hacking, and a crime under California's computer crime statute.

The EFF has now filed an amicus brief in the case, pointing out that this would be a ridiculous stretch of California's computer crime law:
"California's computer crime law is aimed at penalizing computer trespassers," said EFF Civil Liberties Director Jennifer Granick. "Users who choose to give their usernames and passwords to aggregators like Power Ventures are not trespassing. Under Facebook's theory, millions of Californians who disregard or don't read terms of service on the websites they visit could face criminal liability. Also, any Internet company could use this argument as a hammer to prevent its users from easily leaving the service as well as to shut down innovators and competitors."

Even the simple use of the automatic login feature of most browsers would constitute a violation under Facebook's theory, since those services are "automatic means" for logging in. But the risk for users is even broader. If any violation of terms of use is criminal, users who shave a few years off their age in their profile, claim to be single when they are married, or change jobs or addresses without updating Facebook right away would also have violated the criminal law.
Hopefully, the court agrees...
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: computer crime, hacking, unauthorized access
Companies: facebook, power.com


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    NBurns (profile), 5 May 2010 @ 12:24pm

    Connect?

    I find it very interesting that the 'automated means' access restriction is located in the section labeled 'Safety' and is couched in language which implies only automated scraping and collection is forbidden, not all automated access. This is especially strange considering the fact that Facebook offers this exact functionality (aggregated user data in small sets) as part of its Facebook Connect service, which is an automated means for you to access Facebook through other sites and 3rd-party apps. Very shady.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Essential Reading
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.