Violating a Website's Terms of Service Is Not a Crime, Federal Court Rules

An anonymous reader quotes a report from the Electronic Frontier Foundation: Good news out of the Ninth Circuit: the federal court of appeals heeded EFF's advice and rejected an attempt by Oracle to hold a company criminally liable for accessing Oracle's website in a manner it didn't like. The court ruled back in 2012 that merely violating a website's terms of use is not a crime under the federal computer crime statute, the Computer Fraud and Abuse Act. But some companies, like Oracle, turned to state computer crime statutes -- in this case, California and Nevada -- to enforce their computer use preferences. This decision shores up the good precedent from 2012 and makes clear -- if it wasn't clear already -- that violating a corporate computer use policy is not a crime.

UA

[bugs2squash]

I think I might put "I do not accept the terms of your user agreement" somewhere in the User Agent String of my browser, see what happens.

Re:UA

I think I might put "I do not accept the terms of your user agreement" somewhere in the User Agent String of my browser, see what happens.

Nothing would happen.

See violating a website's terms of service is not a crime, it is a terms of service violation. And under most website's terms of service, violations can be sufficient cause to remove your access to their service. Same as it always was.

No one cares if you try to be cute on the Internet. But do something they don't like on their service will get your access removed.

You just can not be charged with a crime under the Computer Fraud and Abuse Act for a terms of service violation.

Re:UA

But you can still be dragged into court even if the court will eventually side with you.

Re: UA

"By having your web server serve me the contents of your website, you are agreeing to my terms of service:
1. You agree to consider your terms of service null and void
2.-... (be creative)

If you do not agree to my terms, then end the connection immediately and do not continue serving any content.

For the avoidance of doubt: you are indicating agreement by maintaining the connection and continuing to serve content"

Re:UA

[Bert64]

But where do you see the terms of the agreement before you've accessed the webserver?

Also if they have publicly advertised the website anywhere, could that not be taken as authorisation?

Re:UA

[mjwx]

But you can still be dragged into court even if the court will eventually side with you.

In the UK, the court will barely entertain this kind of bollocks. The company who sued you will then have to pay your legal fees, that cuts down on this kind of thing a lot.

A EULA/T&C's/Shrinkwrap license has been ruled completely unenforceable before, even in the US however because the losing party still has to pay their own legal fees, its often profitable to threaten to sue or to go as far as to sue even though you'd lose.

Its the same kind of "speculative invoicing" extortion racket the RIAA and MPIAA used to run.

Headline is misleading

First, this is a civil case rather than a criminal one. Laws like the CFAA and the equivalent state laws allow for criminal and civil action. More importantly, the ruling is a narrow one, focused on the specific aspects of this case. The court ruled that Oracle made the data available for downloading from their website. Oracle's objection was the use of automated tools to download the data. The court agreed that Remini violated the terms of service in how they downloaded the data. However, because Remini was authorized to access and download the data, the court ruled that it did not violated the law. It is entirely possible that someone violations of the terms of service might also violate the law. The ruling is logical, but the scope is also narrower than is indicated by the summary.

Re:Headline is misleading

[Solandri]

We went through this with Rambus. They joined JEDEC (a consortium of memory manufacturers setting future memory standards) and agreed to its terms of membership - mainly, members are not allowed to patent the memory standards being discussed. DDR was being discussed within JEDEC. Rambus went ahead and patented it, and sued the other JEDEC members for violating "their" patents.

After years of legal battles, the courts found that yes Rambus was guilty of violating JEDEC's membership agreement, and they were subject to whatever punishment they agreed to when they joined JEDEC. But that had nothing to do with the law, so the patents were valid (Rambus being the first to file). Meanwhile, since the JEDEC membership agreement didn't outline any punishment for violating the agreement, the only thing JEDEC could do was kick Rambus out.

Same thing here. An EULA or ToS is just a contract. If you violate it, you become subject to whatever punishment you agreed to when agreed to the contract. That does not automatically make it a violation of law however. It's only a violation of the law if the act was otherwise illegal. In Rambus' case, patenting stuff freely presented to you is not illegal. In Remini's case, downloading stuff you've been authorized to download is not illegal.

Kids, just “Say No” to Oracle

[BLToday]

Once you’ve used Oracle they got you. If you try to leave, you can’t. If you stay, they’ll screw you more and more everyday. Best thing is not never start using Oracle.

Re:Oracle is such a piece of shit...

[gl4ss]

normal big company(tm)(c) 3rd world story:

make huge dev centers in India and China.
then fire a bunch of developers in country of origin of said company, because they don't have good projects to work on(they didn't before either).

product gets developed in reality by remaining developers in country of origin. the developers in the 3rd world dev centers drink tea and work on some fluff projects. sometime later the 3rd world center gets shuttered for saving money, possibly as the company folds.

nokia did just this for example, ibm did this.

with in case of nokia, the thing is, that they had already way too many developers in the country of origin that they had jack all shit to work on that mattered to the company - making the extra dev centers was purely political and useless(nokia had thousands of people working on symbian, but only 5% of them did anything that went to the products and half of those were subcontractors).

development work does not scale above a certain limit prettily. but big companies can't scale back either so they try to scale up and scaling up in 3rd world countries is cheaper even if it doesn't provide results. note that the problem itself isn't really using 3rd world developers either, it's that you can't just make a product better by hiring thousands of developers - it just makes making the product better vastly more complicated political affair, even when talking about changing few lines of code to add some functionality the executives actually want in.

Having read the case

[guruevi]

It seems two things are at play here: the fact that a EULA cannot limit the publicly or contractually available Information.

The other thing reading further into the case is the fact that Oracle seems to argue that it's copyright does not permit any third parties to obtain any part of the closed source system and the courts agreed with that. The court also holds that any modifications to closed source software are illegal unless you hold an explicit license.

So let's say you are a company and want maintenance work done on your Oracle system, the third party cannot download copies of eg software updates for you because the license does not include that third party.

This should be a big warning for anyone using Windows and other closed source software, the software license does not extend to anyone else therefore even just downloading the patches could get you into copyright infringement.

Re:Oracle is such a piece of shit...

[MadKeithV]

That sounds like a variation on Brook's Law - adding more people to a late project makes it later.