Violating a Website's Terms of Service Is Not a Crime, Federal Court Rules

An anonymous reader quotes a report from the Electronic Frontier Foundation: Good news out of the Ninth Circuit: the federal court of appeals heeded EFF's advice and rejected an attempt by Oracle to hold a company criminally liable for accessing Oracle's website in a manner it didn't like. The court ruled back in 2012 that merely violating a website's terms of use is not a crime under the federal computer crime statute, the Computer Fraud and Abuse Act. But some companies, like Oracle, turned to state computer crime statutes -- in this case, California and Nevada -- to enforce their computer use preferences. This decision shores up the good precedent from 2012 and makes clear -- if it wasn't clear already -- that violating a corporate computer use policy is not a crime.

Headline is misleading

First, this is a civil case rather than a criminal one. Laws like the CFAA and the equivalent state laws allow for criminal and civil action. More importantly, the ruling is a narrow one, focused on the specific aspects of this case. The court ruled that Oracle made the data available for downloading from their website. Oracle's objection was the use of automated tools to download the data. The court agreed that Remini violated the terms of service in how they downloaded the data. However, because Remini was authorized to access and download the data, the court ruled that it did not violated the law. It is entirely possible that someone violations of the terms of service might also violate the law. The ruling is logical, but the scope is also narrower than is indicated by the summary.

Re:Headline is misleading

[Solandri]

We went through this with Rambus. They joined JEDEC (a consortium of memory manufacturers setting future memory standards) and agreed to its terms of membership - mainly, members are not allowed to patent the memory standards being discussed. DDR was being discussed within JEDEC. Rambus went ahead and patented it, and sued the other JEDEC members for violating "their" patents.

After years of legal battles, the courts found that yes Rambus was guilty of violating JEDEC's membership agreement, and they were subject to whatever punishment they agreed to when they joined JEDEC. But that had nothing to do with the law, so the patents were valid (Rambus being the first to file). Meanwhile, since the JEDEC membership agreement didn't outline any punishment for violating the agreement, the only thing JEDEC could do was kick Rambus out.

Same thing here. An EULA or ToS is just a contract. If you violate it, you become subject to whatever punishment you agreed to when agreed to the contract. That does not automatically make it a violation of law however. It's only a violation of the law if the act was otherwise illegal. In Rambus' case, patenting stuff freely presented to you is not illegal. In Remini's case, downloading stuff you've been authorized to download is not illegal.

Having read the case

[guruevi]

It seems two things are at play here: the fact that a EULA cannot limit the publicly or contractually available Information.

The other thing reading further into the case is the fact that Oracle seems to argue that it's copyright does not permit any third parties to obtain any part of the closed source system and the courts agreed with that. The court also holds that any modifications to closed source software are illegal unless you hold an explicit license.

So let's say you are a company and want maintenance work done on your Oracle system, the third party cannot download copies of eg software updates for you because the license does not include that third party.

This should be a big warning for anyone using Windows and other closed source software, the software license does not extend to anyone else therefore even just downloading the patches could get you into copyright infringement.

Re:UA

[mjwx]

But you can still be dragged into court even if the court will eventually side with you.

In the UK, the court will barely entertain this kind of bollocks. The company who sued you will then have to pay your legal fees, that cuts down on this kind of thing a lot.

A EULA/T&C's/Shrinkwrap license has been ruled completely unenforceable before, even in the US however because the losing party still has to pay their own legal fees, its often profitable to threaten to sue or to go as far as to sue even though you'd lose.

Its the same kind of "speculative invoicing" extortion racket the RIAA and MPIAA used to run.