Appeals Court Rules TOS Violations Aren't Criminal

← Back to Stories (view on slashdot.org)

Appeals Court Rules TOS Violations Aren't Criminal

Posted by Soulskill on Tuesday April 10, 2012 @08:45AM from the by-reading-this-you-agree-to-not-commit-felonies dept.

Trepidity writes "In a decision today (PDF), the Ninth Circuit Court of Appeals ruled that the Computer Fraud and Abuse Act 'does not extend to violations of use restrictions,' and therefore violating terms of service and corporate use policies is not a federal crime. Law profesor Orin Kerr cheered the decision, but since three other Courts of Appeals have reached opposite decisions, it might be heading to the Supreme Court."

34 of 120 comments (clear)

Min score:

Reason:

Sort:

Corporations don't make law by Anonymous Coward · 2012-04-10 08:48 · Score: 5, Insightful

And therefor, violating a TOS can't automatically be seen as criminal activity. Kudos to the Ninth Circuit Court of Appeals for having their head on straight.
1. Re:Corporations don't make law by Anonymous Coward · 2012-04-10 08:56 · Score: 3, Insightful
  
  Unfortunately the 9th Circuit is the most overturned court in the USA. I'm not having high hopes that the SCOTUS will affirm the ruling.
2. Re:Corporations don't make law by Baloroth · 2012-04-10 08:59 · Score: 4, Informative
  
  And therefor, violating a TOS can't automatically be seen as criminal activity. Kudos to the Ninth Circuit Court of Appeals for having their head on straight.
  Actually, the question is whether the law on the books that makes it illegal if an action "exceeds authorized access" applies to TOS violations, since the TOS outline what counts as authorized access. You can argue very easily that using a service in a manner that breaks the TOS does, in fact, violate the law (by exceeding what you were authorized in the TOS), but this court argues that the language is somewhat ambiguous and in the case of criminal law, you should always err on the side of leniency unless Congress makes itself clear. Basically, an action cannot be criminal unless the law clearly and explicitly states it is.
  The case has nothing to do with corporations ability to make an action illegal, specifically, but rather whether an action (violating the TOS) is already criminal under the current law. Agreed about the court having it's head on straight, this judge seems extremely rational.
  
  --
  "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
3. Re:Corporations don't make law by AuMatar · 2012-04-10 09:15 · Score: 4, Informative
  
  No it isn't. The 9th circuit court is by far the largest appellate court in the country, so while it has the most appeals overturned, it also has the most cases. By percentage it's actually in the middle of the pack.
  
  --
  I still have more fans than freaks. WTF is wrong with you people?
4. Re:Corporations don't make law by Qzukk · 2012-04-10 09:21 · Score: 2
  
  Which is exactly what I said.
  Which is why what you said was the most retarded second response to the first post.
  
  --
  If I have been able to see further than others, it is because I bought a pair of binoculars.
5. Re:Corporations don't make law by Anonymous Coward · 2012-04-10 09:22 · Score: 5, Insightful
  
  Which is exactly what I said.
  What you said was deceptive and someone pointed out that deception. Saying you intended to deceive people don't help.
6. Re:Corporations don't make law by Anonymous Coward · 2012-04-10 09:24 · Score: 3, Insightful
  
  Did you not understand the parent's post at all? It doesn't matter that you 'exactly said something' if you fail to grasp basic mathematics enough to realize that the total number of appeals is fucking meaningless metric by itself.
7. Re:Corporations don't make law by AmiMoJo · 2012-04-10 09:37 · Score: 2
  
  The case has nothing to do with corporations ability to make an action illegal, specifically, but rather whether an action (violating the TOS) is already criminal under the current law.
  That's the same thing. TOS say "making a backup copy is illegal" or "one install only, if your PC dies you buy a new license" and doing otherwise becomes illegal. Or not, as the court has said.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
8. Re:Corporations don't make law by SuricouRaven · 2012-04-10 09:52 · Score: 3, Informative
  
  The legal reasoning, simplified, goes like this:
  
  1. Accessing a computer system without authorisation from the owner is a crime.
  2. A ToS specifies what a user can do, and upon violation becomes invalid - thus, the user is no longer authorised, legally. Even if their account still exists.
  3. So any access breaking the ToS is, in legal fact, unauthorised - and indistinguishable from if they had, say, used an exploit or guessed a password. The means by which unauthorised access is granted is legally unimportant - it doesn't matter if it's via sophisticated hacking, script-kiddie work, social engineering, finding someone's password on a postit or pure luck in guessing. The important part is that the user, having broken the ToS, is no longer authorised by the system owner to access that computer system. See point one.
9. Re:Corporations don't make law by similar_name · 2012-04-10 10:32 · Score: 3, Insightful
  
  To apply this same idea to meatspace. If I rent an apartment and my lease says no pets but I have a pet anyway should that make me a criminal? I don't think so. Seems like for a couple hundred years the U.S. has considered it a civil matter and I fail to see why it should be any different on a computer. At the same time if I break into an apartment that is criminal, likewise it should be for a computer. Companies are pushing to make breaking a TOS criminal and that's a very scary thing. Especially when they change it whenever they feel like it.
10. Re:Corporations don't make law by fast+turtle · 2012-04-10 12:17 · Score: 2
  
  because a TOS is not a valid contract is why the courts have ruled that it's a criminal offense to violate one. Contract law absolutely requires the ability to negotiate both sides, otherwise it's an EULA that is not recognized by half of the United States - the 9th district is in California IIRC
  
  --
  Mod me up/Mod me down: I wont frown as I've no crown
11. Re:Corporations don't make law by geogob · 2012-04-10 19:08 · Score: 2
  
  I'm not even convinced he was trying to be deceptive. Maybe the AC simply doesn't get it. Or stopped reading the reply half-way through, as he was satisfied with himself.
  Regardless, the subtlety pointed out by AuMatar is very disappointingly very hard to understand by a large portion of the population. Yes, I know, citation needed, but I can only give my own experience and observation as reference. Every time I face this situation, I turn out highly disappointed - in what exactly I don't know, but i'm just sorry for something. Happens all the time.
Ex post facto by NoNonAlphaCharsHere · 2012-04-10 08:48 · Score: 5, Insightful

If a corporation can unilaterally change a TOS agreement AFTER someone has signed up for the service (which they do all the time), how can anybody then claim that violating it is a criminal offense?
1. Re:Ex post facto by pwnyxpress · 2012-04-10 08:53 · Score: 2
  
  Don't corporations regularly write into the TOS agreement that they can change the terms with minimal (if any) notification to the customer, thus putting the responsibility of terminating the agreement onto the customer?
2. Re:Ex post facto by JoeMerchant · 2012-04-10 08:54 · Score: 3, Informative
  
  If a corporation can unilaterally change a TOS agreement AFTER someone has signed up for the service (which they do all the time), how can anybody then claim that violating it is a criminal offense?
  Even more, how can a corporation (say: JoeMerchantCorp) create a TOS and then get the police and courts of the land to enforce it for them? My TOS can state that you must dance on your hands naked in the waiting room after a late payment or your account will be revoked... and it can be a criminal offence to violate it?
3. Re:Ex post facto by NonUniqueNickname · 2012-04-10 09:00 · Score: 2
  
  So? Laws change unilaterally all the time too, it doesn't make them ex post facto. Only if the corporation takes action against a user over a violation of the new TOS that ocurred before the new TOS was instated (and agreed to by the user). Only then would it be ex post facto.
4. Re:Ex post facto by Surt · 2012-04-10 09:02 · Score: 2
  
  If it weren't unconscionable or illegal (and in this case both), yes.
  
  --
  "Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
5. Re:Ex post facto by dbet · 2012-04-10 09:03 · Score: 4, Informative
  
  They can amend the contract, however, you are allowed to not accept the new version. So for example you're one year into a 2 year contract with AT&T, and they change the terms. You are now free to walk away. Because of this they usually grandfather in people who are in existing contracts.
6. Re:Ex post facto by Surt · 2012-04-10 09:04 · Score: 2
  
  Which seems entirely reasonable. I don't use any websites subject to unilaterally modifiable TOS without reading those TOS every single time, and neither should anyone else.
  
  --
  "Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
7. Re:Ex post facto by Beardo+the+Bearded · 2012-04-10 09:09 · Score: 3, Funny
  
  I would hand-dance naked in my living room for you.
  I mean for a late payment. For a late payment.
  
  --
  
  ---
  ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
8. Re:Ex post facto by SuricouRaven · 2012-04-10 09:53 · Score: 2
  
  When I got my iPod touch*, I got to see the agreement to use the app store. Ninety-nine pages long. That was one of the shorter ones.
  
  *Don't worry, it was a freebie with something else and went on eBay.
Re:Can't complain by CanHasDIY · 2012-04-10 08:52 · Score: 5, Insightful

I think it's hard to tell whether this is good for consumers (because we have the freedom to do what we want with our programs, etc), or bad for consumers (because it makes things less safe for companies). Either way, I'm happy for now, I guess.
It's not hard to tell at all: being able to throw consumers in jail for ToS violations is most definitely, unquestionably, bad for consumers.

--
An enigma, wrapped in a riddle, shrouded in bacon and cheese
Go to SCotUS, Go directly to SCotUS by LostCluster · 2012-04-10 08:52 · Score: 5, Insightful

A court ruling out of line with three other rulings is certainly a sign that the court wants a higher court to look at this... 3-1 scores don't matter, just that the case got there.
Re:I must be reading something wrong... by CanHasDIY · 2012-04-10 08:56 · Score: 5, Insightful

Lower courts have held that violating a (basically TOS) is a crime?
Not just a crime, a felony crime. Which means being convicted of ToS violations not only takes away your physical freedom, but also damages your ability to find a job upon release, makes it impossible to own a gun, removes your right to vote (although some states restore that right after a prescribed period of time), and all the other wonderful disadvantages that come with being a convicted felon.

Land of the Free, my enslaved ass.

--
An enigma, wrapped in a riddle, shrouded in bacon and cheese
Not a TOS by Desler · 2012-04-10 08:57 · Score: 5, Insightful

Once again a terrible title and summary. This had nothing to do with a TOS. It was about trying to prosecute someone criminally for violating their workplace's authorized access policy.
1. Re:Not a TOS by tacokill · 2012-04-10 09:04 · Score: 2
  
  Mod this up. The fact that an employer / employee is involved changes everything. This is not a case of TOS and Customers violating said TOS.
2. Re:Not a TOS by Desler · 2012-04-10 09:09 · Score: 2
  
  No, a ToS is in common use an agreement between a company and a consumer when providing you a service. This was about an internal company policy for its employees. It's not the same.
3. Re:Not a TOS by gatfirls · 2012-04-10 09:12 · Score: 2
  
  Exactly what does it change? They're both loose "contracts" on what is authorized for the service/network/etc. Using horribly vague, ambiguous and broad laws to cover civil matters (especially big corporate civil matters) is a crazy concept that people seem to just ignore as "welp don't break the law" until they get snagged up in it.
4. Re:Not a TOS by gatfirls · 2012-04-10 09:30 · Score: 2
  
  You do know that "basically" and "same" have very different meanings right? The point is that neither of them (should) carry a criminal penalty for the violation of them unless the violation actually violates the law. The problem here is that they are using their *policy* to stipulate what is illegal. ....using very ambiguous overreaching laws. Even though using criminal courts in place of civil is all the new rage.
5. Re:Not a TOS by urulokion · 2012-04-10 10:20 · Score: 4, Insightful
  
  No. The fact that is an employer/employee type setup doesn't change a thing. An employee violating a company policy in regards to accessing information they are authorized to to access via their computer credentials isn't a violation of the CFAA. Let's take another CFAA case involving the Social Security Adminstration. Certain employees in the SSA have access to personal information of people in regards to SSN payroll deductions, benefit payouts, etc. They have authorization via their computer credentials to look at virtually anyone's personal information. But the SSA has policies in place they speel out when it is proper to access that personal information. When an employee is working a case that is assignment to them, they policies says they can access personal information about persons related to that case as an example.
  Now if an SSA employee starts to just access information about celebrities or other persons in the new just because they are curious. They would be a clear violation of SSA policy. Remember that the employee's credentials allow access to virtually anyone. The employee used their assignen credentials to access the information. They didn't breach any technological measure to access the measure. They didn't "hack" to gain access to the information. Their access is a violation of SSA policies, may be violations of criminal statutes of misusing government data, violations of the Privacy Act, etc. But their access was not a violation of the CFAA. That was what the 9th Circuit ruled on.
  The 9th Circuit got this one right. Yes, I'm shocked as much as you are. If this ruling goes to the US Supreme Court, I don't think it'll be overruled.
Whoop-de-do, big deal. by istartedi · 2012-04-10 08:57 · Score: 3, Insightful

So you're not in jail. Big deal. They can still take all your money via the civil courts. Then you're homeless. It's like jail except that the cell has poor climate control and the 3 hots and a cot are unreliable. Nothing will change until civil suits are reformed. For starters, guaranteed right to a jury trial with the possibility of nullification required to be informed to the jury from the bench (not the bench lying and saying that it doesn't exist). Also, reasonable doubt, not prepoderance. Also, no civil trial for the same matter already settled in criminal courts.
Wow, it might actually be a free country again if we could pull that off. Oh and look, I expressed it in one paragraph that everybody can understand. Just like back in the 1700s. Imagine that!

--
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
Damn it by Fned · 2012-04-10 09:09 · Score: 5, Funny

I was so looking forward to forcefully citizen's-arresting the next HR asshole to demand my Facebook login.
Re:I must be reading something wrong... by Jeng · 2012-04-10 09:11 · Score: 5, Funny

Ya know, if they want to charge you with a felony you might as well commit one and kill the motherfucker who wrote the TOS.

--
Don't know something? Look it up. Still don't know? Then ask.
Re:of course by gstrickler · 2012-04-10 09:54 · Score: 2

I've discussed this many times. Any while your interpretation could be valid, I most strongly disagree with it. I agree with the OP and the 9th CC, this is not a crime, it's a contract dispute, which makes it a civil case, not a criminal case. That's how it should be handled, breach of contract.
Consider what happens if it's the other way around, what if the company violates their responsibilities under the TOS? Is that automatically a crime? No. In some cases, if you can show they were willfully misleading, to a large group of customers, then it might be treated as criminal fraud. But the company violating the TOS is not automatically a crime, it's a civil breach of contract. And if it's not automatically a crime for the company to violate it, then it's not automatically a crime for the other party to the contract to violate it. It's a civil dispute unless there are other considerations (e.g. massive fraud) that make it a criminal one.

--
make imaginary.friends COUNT=100 VISIBLE=false