The U.S. District Court for the Northern District of California has ruled that website owners have the right to selectively block user access, and any intentional circumvention of those access restrictions may violate the Computer Fraud and Abuse Act (the “CFAA”).
Craigslist made a 2012 demand that 3Taps (an ad aggregator whose business is republishing online ads posted by other parties) cease accessing Craigslist. Taking matters into its own hands, Craigslist simultaneously configured its site to block access from any 3Taps-associated IP address.
3Taps, however, responded by using IP-rotation technology and proxy servers to bypass the blocks, continuing to harvest and repost Craigslist content. Craigslist thus initiated a legal proceeding against 3Taps for copyright infringement and “unauthorized access” to its website under the CFAA, alleging that 3Taps had not only violated Craigslist’s Terms of Service but also deliberately circumvented its IP-blocking measures.
While acknowledging that it intentionally evaded the blocking mechanism, 3Taps asserted that Craigslist had authorized access to and use of its content by publicly providing it. 3Taps also made a public-policy argument that site owners’ blocking of publicly accessible websites is dangerous to the preferable existence of a free-and-open World Wide Web.
The District Court gave little credence to these arguments and instead said, “Store owners [on private property] open their doors to the public, but occasionally find it necessary to ban disruptive individuals from the premises. That trespass law has enforced those bans with criminal penalties has not, in the brick and mortar context, resulted in the doomsday scenarios predicted by 3Taps in the Internet context.”
The court determined there is nothing in the CFAA prohibiting a site owner from blocking other parties from its site on an individualized basis. 3Taps was, however, “without authorization” under the Act when it continued its business practices despite Craigslist’s cessation demand.
Ultimately, that demand was not as significant to the ruling as the fact that Craigslist had purposefully employed specific IP-blocking technology to exclude 3Taps.
Some commentators believe the CFAA is being applied to prosecute people for crimes beyond the intended scope of the Act. Enacted in 1986, it makes it illegal to knowingly access a computer without authorization or to exceed authorized use of a computer system. In practical terms, the Act is the virtual equivalent of an anti-trespassing law targeting criminal hackers.