Feeds

US court rules IP address cloaks may break law

'Published' might not mean 'available to anyone'

Boost IT visibility and business value

If you're a normal Internet user, you probably think you have the right to access anything that's put before the public. Not any more, at least in America, where the Computer Fraud and Abuse Act has been invoked to support a user-specific ban on accessing a Website, and in which the use of a proxy to circumvent a block has been ruled illegal.

The decision was issued in a spat between Craigslist and screen-scraper 3Taps. As noted in the judgement, 3Taps was sucking down all of Craigslist's classifieds, offering an API to third parties, and created craiggers.com which the judgement says “replicated the entire Craigslist website”.

Objecting to this, the classifieds site first blocked 3Taps and then sent it a cease-and-desist. When 3Taps turned to using proxies to circumvent the ban, Craigslist then took the case to the US district court of Northern California. It asked the court to find two things: that the violation of its terms and conditions brought 3Taps under the purview of the Computer Fraud and Abuse Act (CFAA); and that circumventing the ban by disguising its IP address also broke the CFAA.

On the terms and conditions question, Craigslist was rebuffed. However, in a decision that will send chills to anyone using a proxy to get around geoblocks, the court thought otherwise about circumventing the ban on 3Taps accessing Craigslist: “under the plain language of the statute, 3Taps was 'without authorization' when it continued to pull data off of Craigslist’s website after Craigslist revoked its authorization to access the website. As the 'ordinary, contemporary, common meaning' of the word indicates, and as Brekka expressly held, “authorization” turns on the decision of the 'authority' that grants–or prohibits–access”, judge Charles Breyer writes [note: judgement has been quoted directly, with the original US spelling].

So, while not ruling all proxy use illegal, the case certainly opens a crack for wider bans on IP address cloaking. Because Craigslist had instructed 3Taps that it was not authorised to access its Website, and because that instruction was specific to 3Taps, its use of proxies constituted “circumvention” in the language of the CFAA.

However, an ordinary user – say, an Australian that took the advice of the Australian Consumers Association and used IP spoofing to get around geographically-specific software pricing – would not be in the same position. Such a user would be breaking a site's terms and conditions, which judge Breyer said did not violate the CFAA, at least until a specific ban were instituted by the site. ®

Build a business case: developing custom apps

More from The Register

next story
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
EU justice chief blasts Google on 'right to be forgotten'
Don't pretend it's a freedom of speech issue – interim commish
Detroit losing MILLIONS because it buys CHEAP BATTERIES – report
Man at hardware store was right: name brands DO last longer
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.