Facebook Abusing Computer Crime Law To Block Useful Service

from the it's-not-hacking dept

Wed, May 5th 2010 10:48am — Mike Masnick

We noted recently that the courts (and plaintiffs in lawsuits) have been stretching computer hacking laws in dangerous ways. The laws that were clearly intended to cover situations of malicious hackers breaking into a computer system they have no right to be in are being twisted around, such that contractual language is being used to make all sorts of access "unauthorized" under the terms of the law. For example, we noted a case where using an employer's computer to access information for personal use... could be seen as "unauthorized access" and, thus, criminal computer hacking.

Last year, we wrote about a bizarre lawsuit where Facebook sued Power.com, a website that tried to aggregate various social networks into a single interface. That could be pretty useful. Facebook didn't like it and sued. But just because Facebook doesn't like something, it doesn't make it illegal. What if users want to access Facebook that way? Facebook tossed out a variety of legal theories, including the idea that this was criminal hacking, because it was unauthorized access. How is it unauthorized? Well, here Facebook got creative. It has, hidden within its terms of service the note that accessing Facebook through "automatic means" is forbidden. Facebook says that Power.com's aggregator is "automatic means" (which seems questionable), and thus accessing Facebook via Power.com is no longer authorized. Since the access is not authorized, then it's... unauthorized access, aka hacking, and a crime under California's computer crime statute.

The EFF has now filed an amicus brief in the case, pointing out that this would be a ridiculous stretch of California's computer crime law:

"California's computer crime law is aimed at penalizing computer trespassers," said EFF Civil Liberties Director Jennifer Granick. "Users who choose to give their usernames and passwords to aggregators like Power Ventures are not trespassing. Under Facebook's theory, millions of Californians who disregard or don't read terms of service on the websites they visit could face criminal liability. Also, any Internet company could use this argument as a hammer to prevent its users from easily leaving the service as well as to shut down innovators and competitors."

Even the simple use of the automatic login feature of most browsers would constitute a violation under Facebook's theory, since those services are "automatic means" for logging in. But the risk for users is even broader. If any violation of terms of use is criminal, users who shave a few years off their age in their profile, claim to be single when they are married, or change jobs or addresses without updating Facebook right away would also have violated the criminal law.

Hopefully, the court agrees...

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: computer crime, hacking, unauthorized access
Companies: facebook, power.com

14 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 5 May 2010 @ 10:55am

If a human initiated the access, how is it automatic?
[ link to this | view in chronology ]
Anonymous Coward, 5 May 2010 @ 10:57am

Ummmm
"Facebook says that Power.com's aggregator is "automatic means" (which seems questionable), and thus accessing Facebook via Power.com is no longer authorized. Since the access is not authorized, then it's... unauthorized access, aka hacking, and a crime under California's computer crime statute."

If this is the case, then wouldn't the facebook/power.com customer be guilty of hacking?
[ link to this | view in chronology ]
- Anonymous Coward, 5 May 2010 @ 11:01am
  
  Re: Ummmm
  Again, if a human (or facebook user) initiates the connection, then how can it be automatic? It might be computer-aided, but it isn't doing it on its own.
  [ link to this | view in chronology ]
  - The Infamous Joe (profile), 5 May 2010 @ 11:21am
    
    Re: Re: Ummmm
    Maybe they mean automatic as in "automatic transmission"? :P
    [ link to this | view in chronology ]
    - slander (profile), 5 May 2010 @ 2:51pm
      
      Re: Re: Re: Ummmm
      Well so far we've had a car analogy. Now all we need is a "cockroaches in the walls" analogy and we're all set...
      [ link to this | view in chronology ]
      - SeanG (profile), 6 May 2010 @ 7:36am
        
        Re: Re: Re: Re: Ummmm
        Wouldn't Facebook's claim also make the auto-Twitter and auto-blog posting to Facebook illegal? Not that this story need more ridiculous...
        [ link to this | view in chronology ]
Sneeje (profile), 5 May 2010 @ 11:42am

Wouldn't this mean that browsers that retain credentials or password solutions like KeePass would also be illegal? Fail.
[ link to this | view in chronology ]
Anonymous Coward, 5 May 2010 @ 12:21pm

They done this with a bunch of really useful services.
There was one I used that kept you twitter/facebook/etc status messages in sync. Facebook didn't like it, I stopped using facebook.
[ link to this | view in chronology ]
NBurns (profile), 5 May 2010 @ 12:24pm

Connect?
I find it very interesting that the 'automated means' access restriction is located in the section labeled 'Safety' and is couched in language which implies only automated scraping and collection is forbidden, not all automated access. This is especially strange considering the fact that Facebook offers this exact functionality (aggregated user data in small sets) as part of its Facebook Connect service, which is an automated means for you to access Facebook through other sites and 3rd-party apps. Very shady.
[ link to this | view in chronology ]
Sped, 5 May 2010 @ 1:47pm

Put in frame?
Facebook gives you no control over your page. And they keep jerking us around on format.

I want to see friend status updates, period. There is no way to make it default view. they want to have you go to your selected "news feed" crap.

I tried with frames. Facebook direct to status updates, Google reader in another. Facebook at least renders but had a dark image over it. Google reader you have to scrape and strip some crap out, as it won't render in a frame at all.

Why is this so hard?

PS, if anyone knows how to get rid of that darkness when facebook is in a frame, let me know.
[ link to this | view in chronology ]
gunslinger lawman, 5 May 2010 @ 2:38pm

Continuing allowance of breaches of privacy
OK this morningi goto play a facebook game

up pops this maessage about
"Allow extended permissions and earn (5) honor points!"

no explanation, no idea why it requires or wishes it. THIS is the kind a thing some kid ( who may not own his box thus the parent didn't have a choice ) would do and hten you might have data YOU dont even know what being slugged around. JUST put links to why and what that does and ok or not.

they need to real in these app makers and say HEY we know your wanting to get wealthy but um er law and privacy need some say

its not like were conservatives telling women to fuck off or anything after all.

once i get my webserver functioning im going to create a my own private thing with all the rule of law and strict arse privacy a user could wish for. BUT ITS only for my members the real ones not some people dropping into a open group on facebook haha...ya right.

-----------------------
explain the darkness you mean....
--------------------------
@2 it depends btw what the sites terms a service say BUT heres a way Canada deals with ti and why there is still a big stink about it and some remedies to think of

First I am not a lawyer more of a study of certain areas of law pertaining to internet.

Privacy law in Canada requires that any use of a persons data must have written permission EACH TIME it is used. a terms of service cannot legally say any time i want i can come get your data. THATS ILLEGAL. EACH time it requires a written authorization or its a FINE, a big one 50000 per instance.

THE solution here would be each time someone access your data or wishes too you are given a popup request ...YES or NO and who and for what the data is required for.

THATS THE LAW and the neat thing is what a Canadian does anywhere on the net our law has us subject to OUR LAWS NOT YOURS. NICE isn't it.
[ link to this | view in chronology ]
NAMELESSONE, 5 May 2010 @ 2:39pm

p.s. if you have ideas shoot them too me
i have been asked to partake ina kind of governance council so if i see useful ideas i'll pass them along

:)
[ link to this | view in chronology ]
Bart Jellema, 12 May 2010 @ 8:50am

I'm leaving facebook if this continues
I've put a group together and we're all leaving facebook if they don't drop this lawsuit. I have got to draw the line somewhere and I cannot be associated with a company like Facebook.

http://www.facebook.com/group.php?gid=123205857691804
[ link to this | view in chronology ]
pasquale, 6 Sep 2010 @ 4:24am

I made this little software to write public POST-it in any website, i'm adding tools to have your social networks in one window, in ANY window.
have fun!
http://english.spost.it
[ link to this | view in chronology ]