Last week’s Ninth Circuit case of Facebook v. Vachani is making many observers uneasy. Orin Kerr writes:
For those of us worried about broad readings of the Computer Fraud and Abuse Act, the decision is quite troubling. Its reasoning appears to be very broad. If I’m reading it correctly, it says that if you tell people not to visit your website, and they do it anyway knowing you disapprove, they’re committing a federal crime of accessing your computer without authorization. … This was a civil dispute, but the CFAA is also criminal statute.
It’s possible that the Circuit might clarify the ruling should it grant en banc review.
3 Comments
My initial reading of this was from the context of someone who intensely dislikes Facebook, but taken in another context…
If I rent a car from Hertz and their contract with me specifies that I can’t let anyone but those that they approve drive the car, and I let someone not approved drive it, and Hertz sends a letter to that someone and says don’t drive it and they still do. And Hertz goes to the trouble of changing the locks, but that someone goes to the trouble of making a new key and continues to use the car, still without permission of the actual owner and their contract with the renter…
So who is at fault, the owner of the car, the renter of the car or the someone, and is this just a state of mind?
I see a new means of entrapment: a TOS that states in regular font but verbose legalese that you are not authorized to view the site, and a button that says agree and continue. No one reads TOSes, so you’re guaranteed to have a case against anyone you can lure to the site.
I wonder how that is going to play out with trolls on blogs and other sites.
If you send a “cease and desist” letter to them and they return to your site, will they be subject to arrest?