Slashdot Mirror

← Back to Stories (view on slashdot.org)

Aaron's Law: Violating a Site's ToS Should Not Land You in Jail

Posted by samzenpus on from the last-time dept.

Freddybear writes "Congresswoman Zoe Lofgren proposes a change to the Computer Fraud and Abuse Act (CFAA) which would remove the felony criminal penalty for violating the terms of service of a website and return it to the realm of contract law where it belongs. This would eliminate the potential for prosecutors to abuse the CFAA in pursuit of criminal convictions for simple violations of a website's terms of service."

8 of 246 comments (clear)

  1. Depends on... by Z00L00K · · Score: 5, Insightful

    If the violation of ToS is due to an illegal action like posting things that are illegal both for the location of the site and the poster it should still land into the legal system, but the large volume of ToS violations should at most render the offender a permanent banning from that site or in milder cases a temporary ban.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    1. Re:Depends on... by SampleFish · · Score: 5, Insightful

      It doesn't depend on anything like that. If you broke a law in your land that is the law that applies. It doesn't matter if the TOS includes reference to a law. The TOS cannot change a law and should have no legal authority.

    2. Re:Depends on... by Capsaicin · · Score: 5, Insightful

      If the violation of ToS is due to an illegal action like posting things that are illegal both for the location of the site and the poster it should still land into the legal system.

      Say what?!

      No one is talking about removing ToS violations from the legal system. Rather the idea is that a breach of contract (such as violating a ToS) be dealt with under contract law, where imprisonment is unavailable as a remedy. While the mere breach of contractual terms would no longer be a crime in its own right, any crimes committed in effecting or pursuant to such a breach they would still be dealt with by the criminal justice system. Obviously.

      --
      Better to be despised for too anxious apprehensions, than ruined by too confident a security. --Edmund Burke
    3. Re:Depends on... by Jane+Q.+Public · · Score: 5, Insightful

      "It doesn't depend on anything like that. If you broke a law in your land that is the law that applies. It doesn't matter if the TOS includes reference to a law. The TOS cannot change a law and should have no legal authority."

      But that is exactly the issue here. Because the law as enacted was rather vague, some prosecutors have been claiming that violation of TOS means violation of the CFAA law... regardless of the fact that a TOS can vary widely from company to company or site to site.

      If so, that would mean, in effect, that a company (or just website) could write its own law by just putting it in the TOS... which is absolutely contrary to our customary legal principles and concept of justice here in the U.S.

      THAT is why we want it changed, and clarified.

    4. Re:Depends on... by AmiMoJo · · Score: 5, Insightful

      ToS aren't even a viable contract IMHO. No-one reads them, if you edit them the web site rarely bothers to check before accepting your terms and quite often the terms are unenforceable anyway.

      We need to move to a system of standard ToS and EULA agreements defined in law that a web site or software vendor can apply to their products. That way we only have to deal with a handful of licenses which are known to be reasonable and will stand up in court.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    5. Re:Depends on... by IAmR007 · · Score: 5, Insightful

      Under this law you could make an incredibly abusive TOS: It is illegal to "intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains ... information from any protected computer." A definition of "protected computer" is anything connected to the Internet. You could easily write a TOS that forbid any access to a website, and merely loading the homepage would be illegal the way the law is written. Bypassing authentication is not required to break the law. Even worse, if there were no TOS at all, there would be no authorization given. Although it's way too broad, it's apparent why authorization was made the only consideration: If, conversely, if any data a server offered freely to public requests was termed authorized, then injection attacks could be said to be doing exactly what machine was programmed to do unless a TOS specifically detailed what was authorized input. That brings things right back to the TOS being able to define what is authorized. The law needs to be much more detailed to avoid being too broad, yet avoid "it's not a bug, it's a feature" type defenses.

  2. Felony Abuse by velvet_stallion · · Score: 5, Insightful

    It is high time we rollback the number of crimes that result in felony convictions. The "Get Tough On Crime" era only resulted in overstretched state budgets and the creation of an entire underclass of citizens who are barred from certain employments, voting, etc. just because politicians sought to score political points in order to get re-elected. There is a very stark contrast to what the term "felon" implies with regards to the seriousness or violence of the crime, and the rather lackadaisical manner in which it is applied in the legal context.

  3. Re:Great cases make bad law by seebs · · Score: 5, Insightful

    That is some serious bullshit there. The "guilty conscience" thing? Seriously, that's just crap. That is not how people work, and that is not how reality works. There are lots of people who know perfectly well that there is a law they have technically broken, but who do not feel guilty about it at all -- but who might not be surprised to face jail time if a prosecutor happened to pick them to make an example of. The problem with this, apart from the victim-blaming, is that you're assuming that "violated a law" and "guilty" are the same thing in any kind of ethical sense. Similarly, "he knew he was guilty, so the probation he would have recieved was deserved."

    This doesn't logically follow, because "deserve" is a moral claim, but you're basing it on the legal system. Legal systems are not moral systems. You can quite easily be fully aware that you have done a thing which is prohibited by a law, but not feel that you deserve jail time for it. Or you might feel that a misdemeanor charge that's in some way related to what you did is justified, but that multiple felony counts aren't.

    The fact is, nothing he did merits years of jail time, and the claim that the prosecutor was "asking for" six months minimum security is highly misleading at best. They were, quite clearly, aiming to make an example of him. Look at previous cases Ortiz prosecuted against people who could afford defense teams, and tell me how "deserved" those outcomes were.

    Long story short, even if we ignore the fact that he was depressed, this was a crazy thing and your attempts to make it look less crazy are disturbing. The just world fallacy is called a fallacy because it is not actually valid reasoning. Your attempts to make yourself feel okay with the world by pretending that what happens is okay and justified are unpersuasive at best. And yet. We know he was depressed, and we know a fair amount about what depression does to people's ability to evaluate things and make decisions. It's bad enough that prosecutors are trying really hard to make dramatic examples of people by going after huge piles of charges without regard to the actual severity of the underlying acts; cherry-picking for depressed people because they're easier to bully is despicable. So's trying to defend it.

    --
    My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/