Sunday, June 04, 2006

11th Circuit to Webmasters: Telling Someone To Go Away Doesn't Make Them

There currently is a very interesting and very confusing (read political) court case going on at the moment that the 11th Circuit has just ruled on (which in my mind has to be inevitably overturned in the Supreme Court).

A good summary is located here at the

http://www.acsblog.org/ip-and-tech-law-2883-11th-circuit-to-webmasters-telling-someone-to-go-away-doesn't-make-them.html
The Eleventh Circuit in the case of Snow v. DirecTV, a "private support group website for individuals who have been, are being, or will be sued by any Corporate entity".

In order to access Snow's site, a user was required to register a username and password, and to agree to a statement affirming that the user was not associated with DirecTV, inc.

He claimed that several agents of DirecTV ignored this warning and accessed his site. According to Snow, such unauthorized access violated the Stored Communications Act (SCA), which forbids accessing an electronic communication "without authorization".

The Eleventh Circuit rejected this claim. According to the court, the SCA does not apply to communications which are "readily accessible to the general public". On Snow's site, any member of the general public could access the site by merely registering with a username and password and clicking on the words "I Agree to these terms."

Such an easily surmountable barrier to access is, according to the court, insufficient to make a site not "readily accessible to the general public".

While the court did not explain just what sort of security measures would invoke the SCA, it did hint that a webmaster who "screens the registrants before granting access" would have a stronger claim than one who merely asks his registrants to "self screen".

Now this goes against all contrary law that I'm aware of eg: If I break into a website I can go to jail-

What about Benjamin Smith III who was arrested and charged with unauthorized access to a computer network, a third-degree felony in the state of Florida. For merely using an unsecured access point to connect to the internet
http://arstechnica.com/news.ars/post/20050707-5068.html

Or Adrian Lamo who was prosecuted for accessing web site databases, not hacking, or "breaking and entering" but just accessing poorly configured websites built by people who should have known better http://news.com.com/2100-1023-846215.html

This is the same as posting a no tresspassing sign. The 11th circuit court says because it's easy to ignore and walk right past the owner cannot kick you off his property. I think NOT! This will be reversed.

If it doesn't what happens to the legal protection of webmasters who offer adult content but allow you to self certify by clicking a box saying you are over 18.

When I sell certain cryptography software outside of the USA my only protection is that I know that on installation the end user has to agree not to export to certain countries, does this mean that all EULA (you know...the I agree box when you install software) is no longer valid, does this mean that because the general public is easily able to bypass this process on pirate software that EULA's are no longer enforcable.

You cant have one law for the big business and one law for the public.

Whats even more disconcerting is that the EFF an organisation I fully support... actually filed a friends of the court statement for the DirectTV side of the case, (though I think this had to do with the legal mistake in the ruling of the lower court than the actual "vibe" of the case.
http://www.eff.org/legal/cases/Snow_v_DirecTV/

I'm off to do more research but I think this one needs to kept an eye on because if it's not overturned there are going to be far wider implications.


Cheers,
Dean

No comments:

Post a Comment