The Eleventh Circuit decided an interesting case on the Stored Communications Act today: Snow v. DirectTV.
I’m rushing to get my book out today, so just a quick comment: There were lots of different reasons why the Eleventh Circuit should have affirmed, and the court got close to (but didn’t quite hit) the best one. The court’s decision comes very very close to recognizing a really important principle: It simply shouldn’t be a crime to violate a Terms of Service. As I argued in this article, violating a TOS shouldn’t be a criminal act of access without authorization or exceeding authorized access. The Eleventh Circuit ends up finding a way to reach that same conclusion via the indirect route of 18 U.S.C. 2511(2)(g), and gets the basic policy arguments right. But it would have been better, at least from my perhaps quirky perspective, if the court had reached the same conclusion by construing the meaning of authorization than by relying on the narrower 2511(2)(g).
Pingback: ACSBlog: The Blog of the American Constitution Society
How would this case have been different if the plaintiff had actually brought a Computer Fraud and Abuse Act claim ? (18 USC 1030.) It seems that the 11th Circuit lucked out and only had to address the SCA, with its ‘publically available’ exception. As your article points out, CFAA caselaw and the statutory text of the CFAA, on the other hand, seem to suggest a different outcome – and such a claim probably would have brought a very different amicus from the EFF… Thoughts?
(See http://www.eff.org/legal/cases/Snow_v_DirecTV/)
I would think a CFAA claim would have been barred by the $5,000 damage requirement. After all, what damage was done by a visitor to a website, even if the access was intended to be forbidden by the terms of service? The lack of damage and/or interference with the use of the website is likely what precluded a CFAA claim or a tresspas to chattels claim
True enough that the CFAA’s damage threshold likely mattered in this case, though very liberal damage pleadings have been allowed in other CFAA cases.
That doesn’t change the underlying issue that (but for the $ threshold) this was a civilly actionable CFAA violation. More importantly, it was a prosecutable one, as the criminal provisions contain no $ limit (other than that practically imposed by prosecutory discretion.) This case is a good poster child for Orin’s (and other’s) point that the effectiveness or existence of technological access restriction measures, rather than a vague ‘unauthorized’ standard, should be the determinative factor for CFAA violations.
Pingback: joegratz.net » 11th Cir.: Stored Communications Act Doesn’t Protect Generally-Accessible Web Pages