Could Donald Trump Block Hillary Clinton's Campaign From Visiting His Website Via The CFAA?
from the who-the-hell-knows dept
In the past few weeks, we've written about two troubling rulings in the 9th Circuit appeals court concerning the CFAA, the Computer Fraud and Abuse Act. That law, that was literally written in response to Ronald Reagan being freaked out by the (fictional) movie War Games, was designed to go after hackers and make computer hacking into other people's computers a crime. The law is woefully outdated and unfortunately vague, with terms like "unauthroized access" and "exceeds authorized access." For years, many of us have been pushing for Congress to reform the law to make it not quite so broad, because in its current setup it's the law the DOJ relies on when all else fails. That's why the DOJ loves it. If you did something it doesn't like on a computer, it'll try to use the CFAA against you.The two recent cases were not helpful. The first, called Nosal II (because it was the second CFAA case involving David Nosal trying to use data from his former employer), found that convincing a former colleague to share their password with you could violate the CFAA. The court tried to limit the impact of this, by adding some caveats, and insisting that mere password sharing wouldn't qualify without some additional event that indicated a lack of authorization, but it does still seem like a vague standard that many will try to use going forward. The second case, Facebook v. Power, found that Power violated the CFAA by continuing to access Facebook accounts, with permission of those Facebook users, after Facebook had sent a cease-and-desist. The court found that the cease-and-desist acted as a clear point that said "you're not allowed here."
But it's difficult to square that with the original Nosal ruling (Nosal 1) which found that merely violating a terms of service was not a CFAA violation. So ignoring a terms of service is not a CFAA violation, but ignoring a cease-and-desist letter is. It's not clear why one has power over the other, though perhaps there's an argument that a cease-and-desist is a proactive action towards an individual by a website, whereas a terms of service is broadly applicable. Still, it feels weak.
And, it raises tricky situations like the following, first raised by Andy Sellars, about a situation in which one individual alerts another that they can no longer visit a website. Let's say this happened between two presidential candidates. Hypothetically.
If so, that’s devastating for critical speech. Imagine Trump sending a C&D to Clinton’s campaign, barring access to https://t.co/BFK7Ukdtpw.
— Andy Sellars (@andy_sellars) July 12, 2016
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cease and desist, cfaa, donald trump, hillary clinton, hypotheticals, public website
Reader Comments
Subscribe: RSS
View by: Time | Thread
What about Fox warning away all Democratic voters (they will know who from the leaked voter lists). Huffpo sending 'cease & desists' to all reegistered Republicans? MacDonald's sending them to all Burger King customers? Walmart banning Costco staff from entering their stores? All of this will be possible with leaked information, huge databases and facial recognition/LPRs everywhere.
How often do presidential candidates look at each other's websites? Are there any research studies? Does it matter? Surely everyone has people. So candidates have people, and now those people (if banned) will have people. And so on.
Now if we apply the three hops (or two hops) rule as with communications monitoring (surveillance) then we could really get somewhere. What should the hops number be to ensure that all people are banned from seeing all other people's websites?
At least greedy ISPs will get what's coming to them as traffic plummets while we all sit in our lonely ignorance and vote for the same people we would anyway.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
TechDirt should test it out
[ link to this | view in chronology ]
Re: TechDirt should test it out
[ link to this | view in chronology ]
There's a law about this...
[ link to this | view in chronology ]
authorized access vs. selective prosecution
In terms of the digitized relationship between the social elite and the average citizen, what part of the terabytes of data gleaned daily, isn't accessed without authorization? Therefore using "authorized access" as a standard, is selective prosecution based on social class.
If the state neglects to criminally prosecute
one case, it invalidates any reasonable expectation of impartiality before the law when prosecuting another.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Nope. Power.com specifically routed around it by changing IPs when Facebook blocked its original IP. Same would likely apply here.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
If a minion of the HRC campaign goes to Trumps site (presumably to share recipes for eating babies and incanting pestilence), are the means that Trumps site used to determine the identity of the user legal? Certainly the user didn't consent to having their activities monitored by their competitor?
So yes he can send them a cease and desist letter, but no, he shouldn't really be able to know whether they did cease and desist or not. And if he can, then THAT is what needs to be investigated.
[ link to this | view in chronology ]
Re: Re: Re:
Yeah, have fun with the 'investigation' in that hypothetical.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Archive
I would expect the access of the web server, but... now days, who knows:
"The content is the same, so it's effectively the same thing!"
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Already Proven
*No I cannot say the names of either candidate...so disgusted.
[ link to this | view in chronology ]
Short answer NO
First and foremost, the Trump 4 Ruler website is a public site. That is to say, it's open to everyone without restriction. No password is required to access the site, you are not entering a secured area.
If those moved to bar them (say by issuing a cease and desist) it would likely not be valid on it's face, as it could be considered discriminatory. Otherwise, Trump could also issue a general Muslim ban as well. Denying service (even a free service) in a discriminatory manner won't fly and won't hold water.
It's a nice attempt to muddy the waters of the law. Reality sets in pretty quick when you realize the difference between an open website and a secured "employees only" server. Even a non-techie judge could catch that simple concept.
[ link to this | view in chronology ]
I assume agencies are immune?
It'd be swell if we could create a website to automate the process of filing them for anyone who wants to make their privacy official.
[ link to this | view in chronology ]
Nosal Was GUILTY of CFAA
[ link to this | view in chronology ]