Slashdot Mirror

← Back to Stories (view on slashdot.org)

Violating a Website's Terms of Service Is Not a Crime, Federal Court Rules (eff.org)

Posted by BeauHD on from the better-luck-next-time dept.

An anonymous reader quotes a report from the Electronic Frontier Foundation: Good news out of the Ninth Circuit: the federal court of appeals heeded EFF's advice and rejected an attempt by Oracle to hold a company criminally liable for accessing Oracle's website in a manner it didn't like. The court ruled back in 2012 that merely violating a website's terms of use is not a crime under the federal computer crime statute, the Computer Fraud and Abuse Act. But some companies, like Oracle, turned to state computer crime statutes -- in this case, California and Nevada -- to enforce their computer use preferences. This decision shores up the good precedent from 2012 and makes clear -- if it wasn't clear already -- that violating a corporate computer use policy is not a crime.

8 of 82 comments (clear)

  1. Headline is misleading by Anonymous Coward · · Score: 5, Informative

    First, this is a civil case rather than a criminal one. Laws like the CFAA and the equivalent state laws allow for criminal and civil action. More importantly, the ruling is a narrow one, focused on the specific aspects of this case. The court ruled that Oracle made the data available for downloading from their website. Oracle's objection was the use of automated tools to download the data. The court agreed that Remini violated the terms of service in how they downloaded the data. However, because Remini was authorized to access and download the data, the court ruled that it did not violated the law. It is entirely possible that someone violations of the terms of service might also violate the law. The ruling is logical, but the scope is also narrower than is indicated by the summary.

    1. Re:Headline is misleading by Solandri · · Score: 5, Informative

      We went through this with Rambus. They joined JEDEC (a consortium of memory manufacturers setting future memory standards) and agreed to its terms of membership - mainly, members are not allowed to patent the memory standards being discussed. DDR was being discussed within JEDEC. Rambus went ahead and patented it, and sued the other JEDEC members for violating "their" patents.

      After years of legal battles, the courts found that yes Rambus was guilty of violating JEDEC's membership agreement, and they were subject to whatever punishment they agreed to when they joined JEDEC. But that had nothing to do with the law, so the patents were valid (Rambus being the first to file). Meanwhile, since the JEDEC membership agreement didn't outline any punishment for violating the agreement, the only thing JEDEC could do was kick Rambus out.

      Same thing here. An EULA or ToS is just a contract. If you violate it, you become subject to whatever punishment you agreed to when agreed to the contract. That does not automatically make it a violation of law however. It's only a violation of the law if the act was otherwise illegal. In Rambus' case, patenting stuff freely presented to you is not illegal. In Remini's case, downloading stuff you've been authorized to download is not illegal.

  2. Computer Fraud and Abuse Act is a crime by Anonymous Coward · · Score: 2, Informative

    No, Computer Fraud and Abuse Act is a criminal act, and rejecting the notion that violating a website EULA is a violation of the Computer Fraud and Abuse Act is to say it's not a crime.

    So headline is spot on: "Violating a Website's Terms of Service Is Not a Crime, Federal Court Rules"

    " It is entirely possible that someone violations of the terms of service might also violate the law."

    If they violated the law, violating the EULA or not is irrelevant. It comes down to "do you have the right to access the website" yes/no. Not "are you accessing it within the terms of the EULA".
    So yeh, hacking into a private website might be a crime, and it might also violate or not the EULA, but the EULA doesn't define the crime, the law does.

  3. Re:UA by Anonymous Coward · · Score: 3, Informative

    I think I might put "I do not accept the terms of your user agreement" somewhere in the User Agent String of my browser, see what happens.

    Nothing would happen.

    See violating a website's terms of service is not a crime, it is a terms of service violation. And under most website's terms of service, violations can be sufficient cause to remove your access to their service. Same as it always was.

    No one cares if you try to be cute on the Internet. But do something they don't like on their service will get your access removed.

    You just can not be charged with a crime under the Computer Fraud and Abuse Act for a terms of service violation.

  4. Having read the case by guruevi · · Score: 5, Informative

    It seems two things are at play here: the fact that a EULA cannot limit the publicly or contractually available Information.

    The other thing reading further into the case is the fact that Oracle seems to argue that it's copyright does not permit any third parties to obtain any part of the closed source system and the courts agreed with that. The court also holds that any modifications to closed source software are illegal unless you hold an explicit license.

    So let's say you are a company and want maintenance work done on your Oracle system, the third party cannot download copies of eg software updates for you because the license does not include that third party.

    This should be a big warning for anyone using Windows and other closed source software, the software license does not extend to anyone else therefore even just downloading the patches could get you into copyright infringement.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  5. Re: Oracle is such a piece of shit... by Anonymous Coward · · Score: 2, Informative

    Well Oracle and Cisco are basically pure evil.

    Even if Oracle was in the right, Website TOS should never be legally enforced beyond simple authentication. If a site makes no effort to prevent unauthorized access/data scrapes, then every thing on the site is considered public and free to access (not redistribute.)

  6. Re:Oracle is such a piece of shit... by MadKeithV · · Score: 3, Informative

    That sounds like a variation on Brook's Law - adding more people to a late project makes it later.

  7. Re:UA by mjwx · · Score: 4, Informative

    But you can still be dragged into court even if the court will eventually side with you.

    In the UK, the court will barely entertain this kind of bollocks. The company who sued you will then have to pay your legal fees, that cuts down on this kind of thing a lot.

    A EULA/T&C's/Shrinkwrap license has been ruled completely unenforceable before, even in the US however because the losing party still has to pay their own legal fees, its often profitable to threaten to sue or to go as far as to sue even though you'd lose.

    Its the same kind of "speculative invoicing" extortion racket the RIAA and MPIAA used to run.

    --
    Calling someone a "hater" only means you can not rationally rebut their argument.