New Book About Data Mining To Find Love Online Has Author Admit To Possible CFAA Violations
from the seems-like-that's-a-problem dept
After figuring out just who she's seeking, Webb rejoins JDate, the Jewish dating site, as a man — creating 10 profiles for men she would want to date, with stock images and character sketches so elaborate you'd think she were outlining a novel. For example, we learn from the spreadsheet she makes for LawMan2346 that he and his younger brother, Mark, "didn't get along great as kids, but they're best friends now. Mark is the total opposite of him — plays sports, drinks beer. Typical man's man kind of guy."Interesting approach, I guess. Having met my wife through more traditional means at a time when online dating was in its infancy, I can only imagine the difficulty in successfully using those tools today. So, the appeal of "opposition research" and fake accounts for testing certainly must seem appealing. At the very least, it probably makes good fodder for a book... as it obviously did in this case.
But she's not Catfishing, she's doing opposition research. For a month, she corresponds with 96 female JDaters through these fake profiles, never meeting these women but interacting just enough to collect data (more spreadsheets!) on how they present themselves. Then, she can mimic her competitors and hopefully snag a better catch.
But here's the problem. As we've been discussing, under the Computer Fraud and Abuse Act (CFAA), it's possible that she committed multiple felonies, and could face jail time. Now, let's be clear: no one has charged her with this and it's doubtful that anyone will. But in an age where we're finally starting to realize that perhaps we need to change and fix the CFAA, it's helpful to point out examples of how the law could easily be twisted.
Let's start with JDate's terms and conditions of service. There are a few clauses I want to call out. The first is in the "Registration and Subscription" section, in which it notes:
You agree to provide accurate, current and complete information about Yourself as prompted by Our registration form ("Registration Data"), and to maintain and update Your information to keep it accurate, current and complete."In the "Proprietary Rights" section, it notes:
You represent and warrant to Us that the information posted in Your profile, including Your photograph, is posted by You and that You are the exclusive author of Your profile and the exclusive owner of Your photographs. You assign to Us, with full title guarantee, all copyright in Your profile, Your photographs posted, and any additional information sent to Us at any time in connection with Your use of the Service.In the section "Your use of the service" it notes:
You will not post on the Service, or transmit to other members or to Us or Our employees, any defamatory, inaccurate, abusive, obscene, profane, offensive, sexually oriented, threatening, harassing, racially offensive, or illegal material, or any material that infringes or violates another party's rightsAnd also the following:
You will not harass or impersonate any person or entity. You will not use any manual or automatic device or process to retrieve, index, data mine, or, in any way reproduce or circumvent the navigational structure or presentation of the Service or its contents.Now, you could make a case that in setting up ten completely fake profiles, including stock images, and then data mining the results of the women who communicated with those profiles, that she violated at least some, and possibly all of the clauses called out above.
Courts are not entirely in agreement on this, but certainly some courts have said that violating the terms of service of a website can potentially violate the CFAA (there are other factors that matter too). Even if we just look at the clauses of the CFAA that were used against Aaron Swartz, you could see how some (though not all) might apply to Webb as well. There's (a)(2)(c): intentionally accessing a computer without authorization or exceeding authorized access and thereby obtains information from any protected computer. There's (a)(4): knowingly and with intent to defraud, accessed a protected computer without authorization or by exceeding authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value (as long as the thing of value is more than $5,000). Obviously, much of this is open to interpretation, but would you put it past a federal prosecutor arguing that Webb "knowingly and with intent to defraud" by "exceeding authorized access" obtained information and then obtained something of value more than $5,000? As the book reveals, Webb used these methods to meet her eventual husband. Is a husband something of value worth more than $5,000? Yes, perhaps it's a stretch, but... is it so much of a stretch that you couldn't see someone making the argument?
If you wanted to take it to even more ridiculous and extreme levels, you could argue that her "opposition research" may have enabled her to find a husband faster, thereby "cheating" JDate out of possible profits from keeping her as a paying customer for longer. Again, a long shot, but not a completely implausible reading.
And, again, if we can make the case that the value of the information she obtained by data mining these fake profiles exceeded $5,000 in value, then she has possibly set herself up for felony charges -- with maximum imprisonment of five years.
Would a court ever go that far? Almost certainly not. But given the lack of prosecutorial discretion we've seen in other cases, including many CFAA cases, is that something that really should be left to the prosecutors' and judges' discretion? Hopefully not.
Of course, no reasonable person thinks that Webb should be charged with anything for her activities, and it's not going to happen. But shouldn't we take a seriously look at fixing the law that makes it so that it's even possible she could have faced such charges?