Facebook Abusing Computer Crime Law To Block Useful Service
from the it's-not-hacking dept
We noted recently that the courts (and plaintiffs in lawsuits) have been stretching computer hacking laws in dangerous ways. The laws that were clearly intended to cover situations of malicious hackers breaking into a computer system they have no right to be in are being twisted around, such that contractual language is being used to make all sorts of access “unauthorized” under the terms of the law. For example, we noted a case where using an employer’s computer to access information for personal use… could be seen as “unauthorized access” and, thus, criminal computer hacking.
Last year, we wrote about a bizarre lawsuit where Facebook sued Power.com, a website that tried to aggregate various social networks into a single interface. That could be pretty useful. Facebook didn’t like it and sued. But just because Facebook doesn’t like something, it doesn’t make it illegal. What if users want to access Facebook that way? Facebook tossed out a variety of legal theories, including the idea that this was criminal hacking, because it was unauthorized access. How is it unauthorized? Well, here Facebook got creative. It has, hidden within its terms of service the note that accessing Facebook through “automatic means” is forbidden. Facebook says that Power.com’s aggregator is “automatic means” (which seems questionable), and thus accessing Facebook via Power.com is no longer authorized. Since the access is not authorized, then it’s… unauthorized access, aka hacking, and a crime under California’s computer crime statute.
The EFF has now filed an amicus brief in the case, pointing out that this would be a ridiculous stretch of California’s computer crime law:
“California’s computer crime law is aimed at penalizing computer trespassers,” said EFF Civil Liberties Director Jennifer Granick. “Users who choose to give their usernames and passwords to aggregators like Power Ventures are not trespassing. Under Facebook’s theory, millions of Californians who disregard or don’t read terms of service on the websites they visit could face criminal liability. Also, any Internet company could use this argument as a hammer to prevent its users from easily leaving the service as well as to shut down innovators and competitors.”
Even the simple use of the automatic login feature of most browsers would constitute a violation under Facebook’s theory, since those services are “automatic means” for logging in. But the risk for users is even broader. If any violation of terms of use is criminal, users who shave a few years off their age in their profile, claim to be single when they are married, or change jobs or addresses without updating Facebook right away would also have violated the criminal law.
Hopefully, the court agrees…
Filed Under: computer crime, hacking, unauthorized access
Companies: facebook, power.com
Comments on “Facebook Abusing Computer Crime Law To Block Useful Service”
If a human initiated the access, how is it automatic?
Ummmm
“Facebook says that Power.com’s aggregator is “automatic means” (which seems questionable), and thus accessing Facebook via Power.com is no longer authorized. Since the access is not authorized, then it’s… unauthorized access, aka hacking, and a crime under California’s computer crime statute.”
If this is the case, then wouldn’t the facebook/power.com customer be guilty of hacking?
Re: Ummmm
Again, if a human (or facebook user) initiates the connection, then how can it be automatic? It might be computer-aided, but it isn’t doing it on its own.
Re: Re: Ummmm
Maybe they mean automatic as in “automatic transmission”? 😛
Re: Re: Re: Ummmm
Well so far we’ve had a car analogy. Now all we need is a “cockroaches in the walls” analogy and we’re all set…
Re: Re: Re:2 Ummmm
Wouldn’t Facebook’s claim also make the auto-Twitter and auto-blog posting to Facebook illegal? Not that this story need more ridiculous…
Wouldn’t this mean that browsers that retain credentials or password solutions like KeePass would also be illegal? Fail.
They done this with a bunch of really useful services.
There was one I used that kept you twitter/facebook/etc status messages in sync. Facebook didn’t like it, I stopped using facebook.
Connect?
I find it very interesting that the ‘automated means’ access restriction is located in the section labeled ‘Safety’ and is couched in language which implies only automated scraping and collection is forbidden, not all automated access.
This is especially strange considering the fact that Facebook offers this exact functionality (aggregated user data in small sets) as part of its Facebook Connect service, which is an automated means for you to access Facebook through other sites and 3rd-party apps.
Very shady.
Put in frame?
Facebook gives you no control over your page. And they keep jerking us around on format.
I want to see friend status updates, period. There is no way to make it default view. they want to have you go to your selected “news feed” crap.
I tried with frames. Facebook direct to status updates, Google reader in another. Facebook at least renders but had a dark image over it. Google reader you have to scrape and strip some crap out, as it won’t render in a frame at all.
Why is this so hard?
PS, if anyone knows how to get rid of that darkness when facebook is in a frame, let me know.
Continuing allowance of breaches of privacy
OK this morningi goto play a facebook game
up pops this maessage about
“Allow extended permissions and earn (5) honor points!”
no explanation, no idea why it requires or wishes it. THIS is the kind a thing some kid ( who may not own his box thus the parent didn’t have a choice ) would do and hten you might have data YOU dont even know what being slugged around. JUST put links to why and what that does and ok or not.
they need to real in these app makers and say HEY we know your wanting to get wealthy but um er law and privacy need some say
its not like were conservatives telling women to fuck off or anything after all.
once i get my webserver functioning im going to create a my own private thing with all the rule of law and strict arse privacy a user could wish for. BUT ITS only for my members the real ones not some people dropping into a open group on facebook haha…ya right.
———————–
explain the darkness you mean….
————————–
@2 it depends btw what the sites terms a service say BUT heres a way Canada deals with ti and why there is still a big stink about it and some remedies to think of
First I am not a lawyer more of a study of certain areas of law pertaining to internet.
Privacy law in Canada requires that any use of a persons data must have written permission EACH TIME it is used. a terms of service cannot legally say any time i want i can come get your data. THATS ILLEGAL. EACH time it requires a written authorization or its a FINE, a big one 50000 per instance.
THE solution here would be each time someone access your data or wishes too you are given a popup request …YES or NO and who and for what the data is required for.
THATS THE LAW and the neat thing is what a Canadian does anywhere on the net our law has us subject to OUR LAWS NOT YOURS. NICE isn’t it.
p.s. if you have ideas shoot them too me
i have been asked to partake ina kind of governance council so if i see useful ideas i’ll pass them along
🙂
I'm leaving facebook if this continues
I’ve put a group together and we’re all leaving facebook if they don’t drop this lawsuit. I have got to draw the line somewhere and I cannot be associated with a company like Facebook.
http://www.facebook.com/group.php?gid=123205857691804
I made this little software to write public POST-it in any website, i’m adding tools to have your social networks in one window, in ANY window.
have fun!
http://english.spost.it