The Ninth Circuit Court of Appeals has handed down its opinion in Facebook, Inc. v. Power Ventures, Inc., that seems to suggest, as George Washington University Law Prof. Orin Kerr writes, that “It’s a federal crime to visit a website after being told not to visit it.”
Although this case arose in the civil context, violations of the statute in issue, the Computer Fraud and Abuse Act (CFAA), can constitute both a civil wrong and a criminal offense, so judicial interpretations of the CFAA’s language in the context of a civil lawsuit may also be applicable in context of a criminal prosecution. Given the expansive interpretation given by the court to the terms of the CFAA, Congress may wish to narrow the scope of the statute before an overly-aggressive prosecutor utilizes this interpretation to initiate a criminal prosecution.
Congress enacted the CFAA in 1984 to keep government computer networks and the confidential government information stored on computers safe from hackers. In Facebook v. Power, however, there was no government computer and no hacker.
Power Inc. was (it is now defunct) an up-and-coming social media aggregator that let users access all of their social media from one platform. Power could have used a Facebook developer program to advertise to Facebook users, but chose not to. Instead, Power placed an icon on its website offering $100 to the first 100 Facebook users who would allow Power access to their Facebook data in order to send promotional e-mails or other messages to their Facebook contacts, if one of those contacts then joined Power’s network.
The Ninth Circuit noted that it is debatable whether Facebook users ever “gave Power permission to use Facebook’s computers to disseminate messages” in the first place, but regardless, “Facebook expressly rescinded that permission when Facebook issued its written cease-and-desist letter.” Thus, Power’s continued use ran afoul of the CFAA.
This should put to rest, at least in the Ninth Circuit, the concern raised by then-Ninth Circuit Chief judge Alex Kozinski in United States v. Nosal (9th Cir. 2012), that one day “millions of unsuspecting individuals would find that they are engaging in criminal conduct” by violating some aspect of the “terms of service” of an online service-provider, which are “lengthy, opaque, subject to change and seldom read.”
As it stands, the CFAA is an “egregiously overbroad” statute, says Columbia Law Professor Tim Wu, that has generated plenty of reasonable but differing interpretations. It is time for Congress to clarify the law so that those of us who make ubiquitous use of online social media–which is practically everybody these days–will have a clearer idea about what conduct can subject us to civil liability and what conduct can subject us to criminal prosecution.