Slashdot Mirror

← Back to Stories (view on slashdot.org)

Violating a Website's Terms of Service Is Not a Crime, Federal Court Rules (eff.org)

Posted by BeauHD on from the better-luck-next-time dept.

An anonymous reader quotes a report from the Electronic Frontier Foundation: Good news out of the Ninth Circuit: the federal court of appeals heeded EFF's advice and rejected an attempt by Oracle to hold a company criminally liable for accessing Oracle's website in a manner it didn't like. The court ruled back in 2012 that merely violating a website's terms of use is not a crime under the federal computer crime statute, the Computer Fraud and Abuse Act. But some companies, like Oracle, turned to state computer crime statutes -- in this case, California and Nevada -- to enforce their computer use preferences. This decision shores up the good precedent from 2012 and makes clear -- if it wasn't clear already -- that violating a corporate computer use policy is not a crime.

18 of 82 comments (clear)

  1. UA by bugs2squash · · Score: 3, Interesting

    I think I might put "I do not accept the terms of your user agreement" somewhere in the User Agent String of my browser, see what happens.

    --
    Nullius in verba
    1. Re:UA by Anonymous Coward · · Score: 3, Informative

      I think I might put "I do not accept the terms of your user agreement" somewhere in the User Agent String of my browser, see what happens.

      Nothing would happen.

      See violating a website's terms of service is not a crime, it is a terms of service violation. And under most website's terms of service, violations can be sufficient cause to remove your access to their service. Same as it always was.

      No one cares if you try to be cute on the Internet. But do something they don't like on their service will get your access removed.

      You just can not be charged with a crime under the Computer Fraud and Abuse Act for a terms of service violation.

    2. Re:UA by Anonymous Coward · · Score: 5, Insightful

      But you can still be dragged into court even if the court will eventually side with you.

    3. Re: UA by Anonymous Coward · · Score: 3, Funny

      "By having your web server serve me the contents of your website, you are agreeing to my terms of service:
      1. You agree to consider your terms of service null and void
      2.-... (be creative)

      If you do not agree to my terms, then end the connection immediately and do not continue serving any content.

      For the avoidance of doubt: you are indicating agreement by maintaining the connection and continuing to serve content"

    4. Re:UA by Bert64 · · Score: 4, Interesting

      But where do you see the terms of the agreement before you've accessed the webserver?

      Also if they have publicly advertised the website anywhere, could that not be taken as authorisation?

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    5. Re:UA by mjwx · · Score: 4, Informative

      But you can still be dragged into court even if the court will eventually side with you.

      In the UK, the court will barely entertain this kind of bollocks. The company who sued you will then have to pay your legal fees, that cuts down on this kind of thing a lot.

      A EULA/T&C's/Shrinkwrap license has been ruled completely unenforceable before, even in the US however because the losing party still has to pay their own legal fees, its often profitable to threaten to sue or to go as far as to sue even though you'd lose.

      Its the same kind of "speculative invoicing" extortion racket the RIAA and MPIAA used to run.

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
  2. Headline is misleading by Anonymous Coward · · Score: 5, Informative

    First, this is a civil case rather than a criminal one. Laws like the CFAA and the equivalent state laws allow for criminal and civil action. More importantly, the ruling is a narrow one, focused on the specific aspects of this case. The court ruled that Oracle made the data available for downloading from their website. Oracle's objection was the use of automated tools to download the data. The court agreed that Remini violated the terms of service in how they downloaded the data. However, because Remini was authorized to access and download the data, the court ruled that it did not violated the law. It is entirely possible that someone violations of the terms of service might also violate the law. The ruling is logical, but the scope is also narrower than is indicated by the summary.

    1. Re:Headline is misleading by Solandri · · Score: 5, Informative

      We went through this with Rambus. They joined JEDEC (a consortium of memory manufacturers setting future memory standards) and agreed to its terms of membership - mainly, members are not allowed to patent the memory standards being discussed. DDR was being discussed within JEDEC. Rambus went ahead and patented it, and sued the other JEDEC members for violating "their" patents.

      After years of legal battles, the courts found that yes Rambus was guilty of violating JEDEC's membership agreement, and they were subject to whatever punishment they agreed to when they joined JEDEC. But that had nothing to do with the law, so the patents were valid (Rambus being the first to file). Meanwhile, since the JEDEC membership agreement didn't outline any punishment for violating the agreement, the only thing JEDEC could do was kick Rambus out.

      Same thing here. An EULA or ToS is just a contract. If you violate it, you become subject to whatever punishment you agreed to when agreed to the contract. That does not automatically make it a violation of law however. It's only a violation of the law if the act was otherwise illegal. In Rambus' case, patenting stuff freely presented to you is not illegal. In Remini's case, downloading stuff you've been authorized to download is not illegal.

    2. Re:Headline is misleading by Hal_Porter · · Score: 2

      https://en.wikipedia.org/wiki/...

      In the early 1990s, Rambus was invited to join the JEDEC. Rambus had been trying to interest memory manufacturers in licensing their proprietary memory interface, and numerous companies had signed non-disclosure agreements to view Rambus' technical data. During the later Infineon v. Rambus trial, Infineon memos from a meeting with representatives of other manufacturers surfaced, including the line "[O]ne day all computers will be built this way, but hopefully without the royalties going to Rambus", and continuing with a strategy discussion for reducing or eliminating royalties to be paid to Rambus. As Rambus continued its participation in JEDEC, it became apparent that they were not prepared to agree to JEDEC's patent policy requiring owners of patents included in a standard to agree to license that technology under terms that are "reasonable and non-discriminatory",[8] and Rambus withdrew from the organization in 1995. Memos from Rambus at that time showed they were tailoring new patent applications to cover features of SDRAM being discussed, which were public knowledge (JEDEC meetings are not secret) and perfectly legal for patent owners who have patented underlying innovations, but were seen as evidence of bad faith by the jury in the first Infineon v. Rambus trial. The Court of Appeals for the Federal Circuit (CAFC) rejected this theory of bad faith in its decision overturning the fraud conviction Infineon achieved in the first trial (see below).

      Rambus deserved to go bust, the rat bastards.

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    3. Re:Headline is misleading by mjwx · · Score: 2

      We went through this with Rambus. They joined JEDEC (a consortium of memory manufacturers setting future memory standards) and agreed to its terms of membership - mainly, members are not allowed to patent the memory standards being discussed. DDR was being discussed within JEDEC. Rambus went ahead and patented it, and sued the other JEDEC members for violating "their" patents.

      After years of legal battles, the courts found that yes Rambus was guilty of violating JEDEC's membership agreement, and they were subject to whatever punishment they agreed to when they joined JEDEC. But that had nothing to do with the law, so the patents were valid (Rambus being the first to file). Meanwhile, since the JEDEC membership agreement didn't outline any punishment for violating the agreement, the only thing JEDEC could do was kick Rambus out.

      Same thing here. An EULA or ToS is just a contract. If you violate it, you become subject to whatever punishment you agreed to when agreed to the contract. That does not automatically make it a violation of law however. It's only a violation of the law if the act was otherwise illegal. In Rambus' case, patenting stuff freely presented to you is not illegal. In Remini's case, downloading stuff you've been authorized to download is not illegal.

      In other words, you dont know what a contract is. Rambus signed an agreement with JEDEC when they joined. The agreement was set out in full and agreed upon by all parties, Rambus had a chance to reveiw and negotiate that contract before signing and this included any penalty clauses. Beyond this, once signed the contract cannot be altered without all parties agreeing to it

      A EULA or ToS are not considered contracts because you cannot negotiate them beforehand, they are not signed (I.E. identity verified, someone can accept a EULA, ToS or shrinkwrap contract without your express consent on your behalf) and they can be altered by one party after the fact without your knowledge, agreement or permission. This is why courts have ruled them non-binding, especially when it comes to penalty clauses.

      I have an agreement with Vodafone that has terms and conditions, I pay them £10 and they give me phone service. They can update their ToS but will never be able to enforce it in law simply because I've never signed it.

      I have a contract with BMW Financial services. I pay them for the car I use, if I, in any way violate the contract (I.E. fail to insure the vehicle) then I can be penalised because I had a negotiated contract I signed in full accordance with the Financial Services Guidelines (I.E. the contract was explained to me in full before signing, cooling off periods and what not). This is enforceable in law.

      Vodafone would even have trouble terminating my service without me violating a law as they had agreed to provide a service. ToS's, EULA's and shrinkwrap contracts are not there to bind the customer to an agreement like a contract, they are there to cover the providers arse in case the customer does something wrong with their product. It's what protects gun manufacturers from being sued when some nutter goes on a rampage.

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
  3. Kids, just “Say No” to Oracle by BLToday · · Score: 4, Insightful

    Once you’ve used Oracle they got you. If you try to leave, you can’t. If you stay, they’ll screw you more and more everyday. Best thing is not never start using Oracle.

  4. Re:Oracle is such a piece of shit... by gl4ss · · Score: 5, Interesting

    normal big company(tm)(c) 3rd world story:

    make huge dev centers in India and China.
    then fire a bunch of developers in country of origin of said company, because they don't have good projects to work on(they didn't before either).

    product gets developed in reality by remaining developers in country of origin. the developers in the 3rd world dev centers drink tea and work on some fluff projects. sometime later the 3rd world center gets shuttered for saving money, possibly as the company folds.

    nokia did just this for example, ibm did this.

    with in case of nokia, the thing is, that they had already way too many developers in the country of origin that they had jack all shit to work on that mattered to the company - making the extra dev centers was purely political and useless(nokia had thousands of people working on symbian, but only 5% of them did anything that went to the products and half of those were subcontractors).

    development work does not scale above a certain limit prettily. but big companies can't scale back either so they try to scale up and scaling up in 3rd world countries is cheaper even if it doesn't provide results. note that the problem itself isn't really using 3rd world developers either, it's that you can't just make a product better by hiring thousands of developers - it just makes making the product better vastly more complicated political affair, even when talking about changing few lines of code to add some functionality the executives actually want in.

    --
    world was created 5 seconds before this post as it is.
  5. Re:Oracle is such a piece of shit... by BLToday · · Score: 2

    You probably can do a good product with third world developers if you seek the really skillful ones, but i don't think that companies going to the third world do have skill as any sort of priority.

    While that’s true in theory, I’ve only seen it happen if you keep a really keen eye on those developers. Implement more QA/QC than you normally. The problems with good 3rd world developers there are not a lot of them, they’re not that cheap and they don’t generally want to rewrite or debug their code.

  6. Computer Fraud and Abuse Act is a crime by Anonymous Coward · · Score: 2, Informative

    No, Computer Fraud and Abuse Act is a criminal act, and rejecting the notion that violating a website EULA is a violation of the Computer Fraud and Abuse Act is to say it's not a crime.

    So headline is spot on: "Violating a Website's Terms of Service Is Not a Crime, Federal Court Rules"

    " It is entirely possible that someone violations of the terms of service might also violate the law."

    If they violated the law, violating the EULA or not is irrelevant. It comes down to "do you have the right to access the website" yes/no. Not "are you accessing it within the terms of the EULA".
    So yeh, hacking into a private website might be a crime, and it might also violate or not the EULA, but the EULA doesn't define the crime, the law does.

  7. Having read the case by guruevi · · Score: 5, Informative

    It seems two things are at play here: the fact that a EULA cannot limit the publicly or contractually available Information.

    The other thing reading further into the case is the fact that Oracle seems to argue that it's copyright does not permit any third parties to obtain any part of the closed source system and the courts agreed with that. The court also holds that any modifications to closed source software are illegal unless you hold an explicit license.

    So let's say you are a company and want maintenance work done on your Oracle system, the third party cannot download copies of eg software updates for you because the license does not include that third party.

    This should be a big warning for anyone using Windows and other closed source software, the software license does not extend to anyone else therefore even just downloading the patches could get you into copyright infringement.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  8. Re: Oracle is such a piece of shit... by Anonymous Coward · · Score: 2, Informative

    Well Oracle and Cisco are basically pure evil.

    Even if Oracle was in the right, Website TOS should never be legally enforced beyond simple authentication. If a site makes no effort to prevent unauthorized access/data scrapes, then every thing on the site is considered public and free to access (not redistribute.)

  9. Re:Oracle is such a piece of shit... by Tablizer · · Score: 2

    Oracle used to advertise they could run on a large list of OS's. In practice, they either never bothered to tune many ports: got it running just good enough to not crash (too often), and/or were many versions behind on less-used OS's. They're master spinners.

    --
    Table-ized A.I.
  10. Re:Oracle is such a piece of shit... by MadKeithV · · Score: 3, Informative

    That sounds like a variation on Brook's Law - adding more people to a late project makes it later.