There's been a bunch of fuss online over the "news" that Craigslist is supposedly donating $1 million to EFF
when the money is not actually from Craig. It's from a startup that Craigslist has sued out of business, under a dangerous interpretation of the CFAA that harms the open internet. Obviously, EFF getting an additional $1 million in resources is really great. But it's troubling to see so many people congratulate
Craigslist and Craig Newmark for "supporting EFF." Craig himself has contributed to this misleading perception with this tweet implying
he's giving his own money to EFF:
Plenty of smart people are cheering on
Craig for supposedly being so generous
. But that's wrong. This isn't Craigslist being generous. This is Craigslist abusing the CFAA to kill a company who was making the internet better, and then handing over some
of the proceeds to the EFF, which actively opposed Craigslist's lawsuit.
Now, I should note upfront that I like
Craigslist and very much like Craig Newmark personally. I think that the company has been really innovative
in taking a more long term view of its business (even if it's been losing ground more recently). However, this lawsuit was always really sketchy. It sued a few companies for making Craigslist more valuable
. Those companies were scraping Craigslist data, but only to overlay additional information and always pointing people back to Craigslist
. In other words, the companies Padmapper and 3taps were adding value
to Craigslist in the same manner that much of the internet was built -- by providing more value on top of the work of others.
And yet Craigslist sued these companies under a tortured
definition of the CFAA, arguing that the mere scraping of its data to provide value on top of it (none of which took away any value from Craigslist) was "unauthorized access." The EFF filed an amicus brief against Craigslist
, slamming the company (which it has frequently supported in other circumstances) for abusing the law:
The CFAA does not and should not impose liability on anyone who accesses information publicly available on the Internet. Because the CFAA and Penal Code § 502 imposes both civil and criminal liability, it must be interpreted narrowly. That means information on a publicly accessible website can be accessed by anyone on the Internet without running afoul of criminal computer hacking laws. In the absence of access, as opposed to use, restrictions, Craigslist cannot use these anti-hacking laws to complain when the information it voluntarily broadcasts to the world is accessed, even if it is upset about a competing or complementary business.
Craigslist’s enormous success is a result of its openness: anyone anywhere can access any of its websites and obtain information about apartments for rent, new jobs or cars for sale. Its openness means that Craigslist is the go to place on the web for classified ads; it users post on Craigslist because they know their ads will reach the largest audience.
But what Craigslist is trying to do here is to use the CFAA’s provisions to enforce the unilateral determinations it has made concerning access to its website, an Internet site that it has already chosen to open up to the general public, attempting to turn a law against computer hacking into a new tool. But prohibiting access to an otherwise publicly available website is not the type of harm that Congress intended to be proscribed in the CFAA, and nowhere in the legislative history is there any suggestion that the CFAA was drafted to grant website owners such unbridled discretion.
That's the EFF directly arguing against Craigslist in this case. Unfortunately, the initial district court ruling agreed with Craigslist
, leading EFF to note just how dangerous the ruling was:
There's a serious potential for mischief that is encouraged by this decision, as companies could arbitrarily decide whose authorization to "revoke" and need only write a letter and block an IP address to invoke the power of a felony criminal statute in what is, at best, a civil business dispute.
Orin Kerr, who is an expert on abuses of the CFAA was similarly alarmed
Judge Breyer’s opinion appears to mix up two different aspects of the CFAA. The first aspect is the prohibition on unauthorized access, and the second is its associated mental state element of intent. The CFAA only prohibits intentional unauthorized access; merely knowingly or recklessly accessing without authorization is not prohibited. So whatever unauthorized access means, the person must be guilty of doing that thing (the act of unauthorized access) intentionally to trigger the statute. Breyer seems to mix up those elements by focusing heavily on the fact that 3taps knew that Craigslist didn’t want 3taps to access its site. According to Judge Breyer, the clear notice meant that the case before him didn’t raise all the notice and vagueness issues that prompted the Ninth Circuit’s decision in Nosal.
So now the case has been settled, and, as a result, at least one of the companies involved, 3taps, is shutting down altogether
. 3taps points out that it's 3taps, not Craigslist
whose money is going to EFF:
As part of the settlement, 3taps and its founder, Greg Kidd, have agreed to pay craigslist $1 million, all of which must then be paid by craigslist to the EFF, which supported 3taps' position on the CFAA in this litigation, and continues to do great work for Internet freedom generally. Mr. Kidd's investment firm, Hard Yaka, has also committed to make a substantial investment in PadMapper to provide it with the resources to continue to innovate and serve the post-craigslist marketplace.
Although 3taps lacks the resources to continue the fight, this settlement provides much needed resources to the EFF, as there is still much to be done on the issues raised in this case.
For example, the question remains whether private companies that maintain public websites can selectively exclude visitors, exposing the banned visitor to civil and criminal liability under the CFAA.
Furthermore, this is unlikely to be the last litigation involving craigslist's copyrights, particularly given craigslist's current practice of selectively obtaining copyright assignments and registrations (the prerequisite to a copyright infringement lawsuit) in certain user-generated posts, but failing to inform its visitors which posts it owns. This effectively creates a copyright litigation trap for unwary visitors.
Finally, it remains unresolved whether craigslist's well-recognized practice of "ghosting" (the hiding or interception of user postings and emails) without the users' knowledge or consent is legal or ethical.
Given all that, it's fairly disappointing to see lots of prominent people backslapping Craig
for "donating" this money to EFF. It's not Craig's money. And, according to the settlements
, it appears that the $1 million isn't all that Craigslist is getting. That's just the money 3taps is paying. Another company in the dispute, Lovely, is paying an additional $2.1 million. It's unclear if Craigslist is giving that money to EFF or anyone else -- or keeping it.
Again, on most
issues, I think Craig and Craigslist are on the right side of things. He fought strongly against SOPA and for net neutrality. I think the company does the right thing in many cases, but in this case it clearly
did not, and the fact that people are now cheering him
on when it's not even his money, and is only happening as a result of his bad lawsuit that forced another company to shut down, is really disturbing.