Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Company Using Proxy To Evade Craigslist Block Violated CFAA

Unknown Lamer posted 1 year,1 day | from the slashdot-trolls-beware-cfaa dept.

Businesses 186

WillgasM writes "Changing your IP address or using proxy servers to access public websites you've been forbidden to visit is a violation of the Computer Fraud and Abuse Act, according to a judge's broad ruling (PDF) during a case on Friday involving Craigslist and 3taps. Opponents argue that this creates a slippery slope that many unsuspecting web users may find themselves upon. With your typical connection being assigned an address dynamically, is an IP ban really a 'technological barrier' to be circumvented? How long until we see the first prosecution for unauthorized viewing of a noindex page?" Probably a long time; the judge in the case rejected the slippery slope argument: 'There, and sprinkled throughout its earlier, ostensibly text-based, arguments, 3taps posits outlandish scenarios where, for example, someone is criminally prosecuted for visiting a hypothetical website www.dontvisitme.com after a "friend" — apparently not a very good one — says the site has beautiful pictures but the homepage says that no one is allowed to click on the links to view the pictures. Needless to say, the Court’s decision [regarding 3taps' actions]... does not speak to whether the CFAA would apply to other sets of facts where an unsuspecting individual somehow stumbles on to an unauthorized site.' Willful evasion of blocks for commercial gain, on the other hand ...

cancel ×

186 comments

Sorry! There are no comments related to the filter you selected.

Oh FFS (2)

Anonymous Coward | 1 year,1 day | (#44616829)

This is so fucked it's beyond belief...

Braindead, much?

Re:Oh FFS (0)

BitZtream (692029) | 1 year,23 hours | (#44618289)

Yes, you are.

Exponential Backoff (0)

Anonymous Coward | 1 year,1 day | (#44616835)

Try posting to Slashdot without logging in and you'll see how popular IP address based blocking is.

Re:Exponential Backoff (1)

buchner.johannes (1139593) | 1 year,1 day | (#44616859)

Try using Slashdot through Tor. You'll soon be "killall -HUP tor" trigger happy (tor creates a new circuit when you do that).

Re:Exponential Backoff (0)

Anonymous Coward | 1 year,23 hours | (#44618479)

Try having an ISP that allocates up to 4 public IP addresses for each residential connection. :p

(God, I so love living in Sweden sometimes...)

Trespassing (4, Interesting)

guytoronto (956941) | 1 year,1 day | (#44616861)

Seems no difference than trespassing. Putting on a fake mustache, sunglasses, and a wig doesn't mean you can ignore the trespass order.

Re:Trespassing (1)

Thanshin (1188877) | 1 year,1 day | (#44616929)

Seems no difference than trespassing. Putting on a fake mustache, sunglasses, and a wig doesn't mean you can ignore the trespass order.

But the limit being non-existent or impossible to detect does.

Re:Trespassing (4, Insightful)

Anonymous Coward | 1 year,1 day | (#44617201)

The company knew they were banned, because Craigslist had sent them a cease and desist letter. Blocking their IP address range was just an enforcement measure, but the ban was against the company, not the IP address range.

Re:Trespassing (2)

BitZtream (692029) | 1 year,23 hours | (#44618317)

What the fuck was undetectable about being blocked? The fact that they were blocked, they knew they were blocked and then intentionally worked around it.

They intentionally did something the other side didn't want done. It took deliberate actions to get around the block.

It wasn't an accident. It wasn't a few times til someone noticed. They KNEW they were blocked ... you know, case craigslist TELLS YOU THAT YOU'RE BLOCKED ... and then they went around it.

Fry'em. This is the kind of shit that causes us problems and fucking morons like yourself defending it are worse.

Re:Trespassing (3, Informative)

lightknight (213164) | 1 year,1 day | (#44617183)

Wait. Time out. What exactly does 3Taps do?

The article states: "3taps drew Craigslist's ire by aggregating and republishing its ads, so Craigslist sent a cease-and-desist letter telling the company not to do that. Craigslist also blocked IP addresses associated with 3taps' systems."

However, a brief glance at their website (unless they changed things that quickly) does not show anything of this sort.

Does anyone have a screenshot from earlier, with the offending material?

LOOOOOOOOOL TIME OUT (-1)

Anonymous Coward | 1 year,1 day | (#44617301)

NIGGER

Re:Trespassing (0)

Anonymous Coward | 1 year,21 hours | (#44619791)

Wait. Time out. What exactly does 3Taps do?

Sorry, questions are not allowed during a time out.

Re:Trespassing (0)

Anonymous Coward | 1 year,21 hours | (#44620029)

I may be confusing company names, but if I recall correctly, 3taps provided intermediary APIs to access craigslist data. I believe they are who padmapper switched to using after craigslist blocked padmapper (remembering this from awhile back).

It was only a matter of time before 3taps was blocked since it did not make sense that padmapper would be blocked but then 3taps allowed to continue.

Re:Trespassing (1)

gmuslera (3436) | 1 year,1 day | (#44617641)

There is no trespassing if is a public place, you can block a person, but not the direction from which is coming. Is like not forbidding you specifically, but putting a barrier in a street of the city that is between your home and that public place, and put you in jail if you take another route to get there, there is always another way to get in, and you have the right to go anywhere in the city.

But more important, real world analogies specifically in a point where internet diverges from the real world (ubiquity) are dangerous.

Re:Trespassing (2)

bws111 (1216812) | 1 year,1 day | (#44617969)

Since when is craigslist (or any other web site) a public place?

Re:Trespassing (1)

Zontar The Mindless (9002) | 1 year,23 hours | (#44618551)

You're soaking in it.

Re:Trespassing (4, Insightful)

Zero__Kelvin (151819) | 1 year,23 hours | (#44618649)

"Since when is craigslist (or any other web site) a public place?"

Since the moment you could could got to *.craigslist.org without having to authorize (i.e. enter a user name and password) Or in other words, always.

Re:Trespassing (2)

bws111 (1216812) | 1 year,23 hours | (#44618717)

Say what?? That makes it a publicly accessible private place, which is far different from a public place. And being a private place, they are perfectly free to restrict who uses it, authorization required or not.

Re:Trespassing (1)

alex67500 (1609333) | 1 year,22 hours | (#44619655)

Imagine a massive banner on every website:
NO PUBLIC RIGHT OF WAY

Re:Trespassing (1)

Zero__Kelvin (151819) | 1 year,21 hours | (#44620579)

That isn't a bad analogy, except that it assumes a single access point. On the Internet, every URL is an access point. It turns out there is a way to do the equivalent of posting a similar sign on every entry point, and that is an authorization mechanism. Google does this with gmail, etc. for example. Craigslist doesn't do this, so they have no leg upon which to stand. This means of course that the judge is a misinformed idiot, but that should come as no surprise to anyone on Slashdot.

Re:Trespassing (0)

Zero__Kelvin (151819) | 1 year,21 hours | (#44620531)

The first problem you have is that you are assuming that meat-space and cyberspace are direct analogs. They are not. They own the servers. They own the copy of the data stored on their servers. They make freely available to the public (that's the part you almost got right) the data that is on their servers. Since they do not require the use of an authorization mechanism they cannot enforce any terms of service with regard to reading the data. Their enforcement of data written to their servers is limited to the extent that they have the right to delete, but they make the mechanism for writing freely available (i.e. no need to set up an account), so they cannot claim that you accessed it without authorization. Are you getting this? Note the word authorization. You cannot refuse to implement an authorization scheme and then claim someone accessed it without authorization. EVERYBODY accesses it without authorization, and that is by design, to wit a choice craigslist made when they started the site and didn't require authorization. I hope that was enough boldspace to help you understand this very simple concept, but have no allusions to that effect..

Re:Trespassing (1)

shentino (1139071) | 1 year,22 hours | (#44618927)

Craigslist is not a public place to begin with, it is a private site.

If it's a public place you cannot be kicked out by anyone but the government in the first place. Nobody but the police would be allowed to put those barriers in the street to begin with.

Someone who owns a mansion, however, can put up fences and prosecute someone for going through them, if that person has already been kicked out and commanded not to return.

Craigslist is private property and anyone can be expelled at any time for any or no reason at their sole discretion, and they can prosecute for trespassing anyone who defies them, even if craigslist itself is being patently unreasonable.

In another example, Walmart can suddenly decide they hate Seahawks fans, and ban people wearing green and blue clothes. Yes, it's patently unreasonable. But Walmart would still be within its rights to expel anyone wearing blue and green, put that person on a blacklist, and call the police to arrest them if they came back.

Re:Trespassing (2)

gmuslera (3436) | 1 year,21 hours | (#44620037)

The open internet, is, by definition, a public place, any place that you can access without a login and password are the digital equivalent of a public place, anyone can visit it. If you put "fences", require user/password to access certain pages, that would be the private places, and there you can say "ok, you can't enter", but for places where everyone, even in an anonymous way can enter, is at the very least harder if not impossible (if you can't use proxy for your fixed IP office connection, can go to the next starbucks to access it). Putting limits on that (and worse, bringing the law to that place) is like giving an homicidal maniac a weapon in a stadium, it will be used, and a lot of innocent people will be hurt.

Re:Trespassing (0)

Anonymous Coward | 1 year,21 hours | (#44620095)

To begin with, you're overusing a certain turn of phrase in the first place.

Re:Trespassing (1)

spectro (80839) | 1 year,23 hours | (#44617983)

Let's say I am watching a baseball game in one of these Chicago buildings just outside Wrigley Field. The Cubs decide they don't want us to watch the ballgame for free anymore so they block our view by putting a tarp or building a new scoreboard. According to this ruling it would be illegal tresspass for us to find another, maybe taller building from where to keep watching...

Re:Trespassing (2)

bws111 (1216812) | 1 year,23 hours | (#44618387)

Uh, no. When you access a website you are using the web site owners property (the server). When you are watching a ballgame from outside the stadium you are not using their property. I can not tell you where not to look, but I sure as hell can tell you to stay off my property.

So, to fix your very flawed analogy, it is more like 'I got caught using a hole in the fence to get into Wrigley Field. They told me not to do that anymore, and fixed that hole in the fence. According to this ruling it would be illegal for me to find and use another hole in the fence.'

Re:Trespassing (0)

Anonymous Coward | 1 year,23 hours | (#44618429)

Let's say I am watching a baseball game in one of these Chicago buildings just outside Wrigley Field. The Cubs decide they don't want us to watch the ballgame for free anymore so they block our view by putting a tarp or building a new scoreboard. According to this ruling it would be illegal tresspass for us to find another, maybe taller building from where to keep watching...

No, you're not correct at all, and the analogy is bad.
The Craig's List site is not visible unless you access it, unlike the ball field. A better analogy would be that you show up and sit in the parking lot at the ball game, and they kick you out for some reason and tell you not to come back. Putting different plates on your car doesn't mean you get to come back inside.

Now, I don't agree with the judge that changing your IP qualifies as a breach of the CFAA unless they have some kind of proof that this was the primary and only reason to cycle IP address. But they still were in the wrong for going back to the site after being sent a letter telling them to fuck off.

Re:Trespassing (1)

shentino (1139071) | 1 year,22 hours | (#44618957)

Depends on if you're watching the game from your own property or not.

There's a scene from Angels in the Outfield where the kids are spying on a ballgame from a tree...that is inside the private property of the stadium.

Re:Trespassing (0)

Anonymous Coward | 1 year,21 hours | (#44620559)

Isn't it more like hiring someone else to go to a place, to convey information back to you?

If that hired person isn't considered trespassing, then how does the theory of trespassing apply to "conveying information".

country borders on the internet (0)

Anonymous Coward | 1 year,1 day | (#44616999)

It's called a World Wide Web
It is NOT the United Websites of America, nor is it the Terrorist Url of Fuckingstan

Content should not be limited on the internet to one location, there is no valid acceptable reason to.

First they limit the market on which they distribute their product, then they advertise it everywhere ( ever seen 'this advertisement is not available in your country' ?), then it gets pirated in places where it is not available by any other means and then they have the nerve to complain that they are "losing" sales.
Banks / money and credit / debit cards / various payment options have penetrated all corners of the world, if you have internet access you have payment options, so you can pay for a service / product that somebody on the other side of the planet is selling. It's about time they wake up to the reality and adapt and stop trying to hold back the inevitable.

Re:country borders on the internet (1)

sosume (680416) | 1 year,1 day | (#44617773)

ever seen 'this advertisement is not available in your country'

Try viewing trailers for US shows and movies from outside the US.. The recent trailer for Breaking Bad comes to mind.

Re:country borders on the internet (1)

Zontar The Mindless (9002) | 1 year,23 hours | (#44618643)

Try following a link in your GMail on your tablet or mobile phone to what looks to be an interesting video, only to hit a heartwarming "The owner of this content has not authorised viewing on mobile platforms" YouTube page, for that matter.

Re:country borders on the internet (1)

BitZtream (692029) | 1 year,23 hours | (#44618355)

And you shouldn't be telling me how my content has to be distributed either.

You want me to do what you want, while completely ignoring my own wishes.

The web is OPEN, that means NEITHER ONE OF US GET TO DECIDE WHAT ANYONE ELSE DOES WITH THEIR OWN CONTENT.

You don't get to decide who craigslist grants access to. You're a fucking moron for even thinking such a retarded selfish thing. You're not the only person in the world you selfish prick.

Store Ban (5, Insightful)

ZombieBraintrust (1685608) | 1 year,1 day | (#44617003)

Being banned from a site is no different from being banned from a physical location. The security is week. You can come up with hypothetical around wearing a mask into the store. Someone comes into a store wearing a mask and is confused for a criminal. But at the end of the day, if a person tells you go away and you don't, judges are not going to be sympathetic.

Re:Store Ban (0)

Anonymous Coward | 1 year,1 day | (#44617771)

The question becomes if you are a unsuspecting user, and happen upon a "restricted" or banned site can the CFAA be used against you?

""is an IP ban really a 'technological barrier' to be circumvented?""

The difference is the internet is suppose to be an open source, free for all, trespassing is reserved for private property, however if it is publicly funded does it become private or off limits? Another argument which has been shot down by idiot judges. He wasn't stealing data, or trying to commit fraud, this is a gross abuse of a flawed law, and the prosecution doesn't even have to make a case, or prove without any doubt what a persons intentions were with the CFAA.

Re:Store Ban (1)

omnichad (1198475) | 1 year,23 hours | (#44618055)

No - this guy actually was stealing data. His site was aggregating and republishing Craigslist ads.

Re:Store Ban (1)

Zero__Kelvin (151819) | 1 year,23 hours | (#44618687)

You cannot steal that which is freely given. Since craigslist immediately serves up its content to anyone who goes to their URL, you cannot claim it is not freely given. If they want it to be otherwise, they need to require authorization. It isn't as though this technology isn't readily available and easy to implement.

Re:Store Ban (2)

omnichad (1198475) | 1 year,22 hours | (#44619145)

He was copying copyrighted content. The users who posted the ad gave license to Craigslist to publish the ad freely (via T&C's) but not to this third-party.

Are you using Bizzaro world craigslist? (1)

Zero__Kelvin (151819) | 1 year,20 hours | (#44620693)

So we already agree that it isn't unauthorized access (you are already further ahead of the game than most; congratulations.) It would be copyright infringement, except they don't own any copyright on what I post..

". The users who posted the ad gave license to Craigslist to publish the ad freely (via T&C's) but not to this third-party."

No. They do no such thing. I just posted an ad, and they don't even ask you to agree to a TOS before posting, nor do they have a notice assigning your copyright to them. They have no claim, and the judge is an ignorant buffoon.

Re:Store Ban (1)

shentino (1139071) | 1 year,22 hours | (#44619019)

We call that copyright infringement.

Re:Store Ban (1)

omnichad (1198475) | 1 year,22 hours | (#44619155)

I'm using the terminology of the person I replied to. Feel free to use the proper term while I speak on someone else's terms.

Re:Store Ban (2)

thaylin (555395) | 1 year,23 hours | (#44618157)

The internet is not supposed to be an open source free for all, otherwise we would not have standards for SSL and password protection of sites.

Re:Store Ban (2)

bws111 (1216812) | 1 year,23 hours | (#44618221)

There is no such question for anyone who can read. The first three words of the CFAA are "Whoever having knowingly ..."

They weren't banned from 'the internel', they were banned from craigslist, a 100% private web site. Where do you get the idea that craigslist is 'publicly funded'?

Re:Store Ban (1)

Anonymous Coward | 1 year,21 hours | (#44620243)

The difference is the internet is suppose to be an open source

It is open source, you can go read any of the RFC's any time you want.

free for all

Says who?

trespassing is reserved for private property

Just because you have the capability of reaching my network doesn't give you the right to access anything past the edge of my network.

He wasn't stealing data, or trying to commit fraud, this is a gross abuse of a flawed law

No, you're completely wrong. Someone was told "Don't come to our site" and that PERSON was given a hardcopy letter stating they were no longer welcome. It doesn't matter if that PERSON uses my computer, your computer, the computer at the library, or any other system to try and gain access- he's forbidden from using their service.

and the prosecution doesn't even have to make a case, or prove without any doubt what a persons intentions were with the CFAA.

It doesn't matter- he was told not to come back, he came back, thus he violated the provision of the CFAA which says you can't access a computer system when you've been told to GTFO.
And the standard in the courts is beyond a reasonable doubt, not beyond ALL doubt.

Re:Store Ban (0)

Anonymous Coward | 1 year,23 hours | (#44618013)

No, its not. Being banned from a website is analogous to being told you are not allowed to look at a billboard from a certain location.

Re: Store Ban (0)

Anonymous Coward | 1 year,23 hours | (#44618707)

Try to log on to the next billboard you see and look up a definition of "moron" on it.

Re:Store Ban (0)

Anonymous Coward | 1 year,21 hours | (#44620301)

No, its not. Being banned from a website is analogous to being told you are not allowed to look at a billboard from a certain location.

That's only true if that location is on someone's private property.
The only way to "See" a web site is to access it, or look at someone else accessing it. So while the ban does not prohibit you from looking at something like a Google search preview, it does prohibit you from going to the site directly.

Re:Store Ban (0)

Anonymous Coward | 1 year,23 hours | (#44618449)

Are people using a proxy to watch Hulu or Netflix also breaking the law?

Re:Store Ban (0)

Anonymous Coward | 1 year,23 hours | (#44618833)

Being banned from a site is no different from being banned from a physical location.

The laws of physical trespass are well established.

You're claiming that the mere fact of telling someone that they are not allowed to connect to your publicly available internet server and issue ordinary client requests is sufficient to legally force them to stop.

I'm going to go sue a bunch of spammers for trespass, since they are connecting to my publicly available SMTP server despite my express instructions to the contrary.

Stop asking. (0)

Anonymous Coward | 1 year,22 hours | (#44619501)

Their website is on the public internet, but then again so is your front gate.

I don't get to walk through that gate despite being told "Get Off My Lawn(tm)" by you because "your gate is on the public highway!!".

So you can go to their website ONLY IF you do not ask it to do anything for you (which was what they asked you to stop visiting their site). So no "HTTP GET" request.

Re:Store Ban (1)

shentino (1139071) | 1 year,22 hours | (#44619005)

There is no confusion, because that person actually WOULD be a criminal.

The only confusion is that they are a trespasser instead of a thief.

So they pull the mask off, and they find out you're not actually looking to rob the place.

But lo and behold, you ARE on the list of people who are banned from the store, so the cops still arrest you for trespassing.

Re:Store Ban (1)

WillgasM (1646719) | 1 year,22 hours | (#44619255)

It's more like this: You go to a store, harass employees and get banned. Security is told not to let that guy in the Slayer shirt back into the store. You then go out to your car, change shirts, and back in past the security guard and start harassing employees again. I'm all for charging you with harassment and trespassing, but it's still not illegal to change your shirt.

There was also a cease-and-desist letter (4, Interesting)

wonkey_monkey (2592601) | 1 year,1 day | (#44617045)

Would this ruling still have been made if they hadn't also ignored the cease-and-desist letter sent to them by Craigslist?

Re:There was also a cease-and-desist letter (1)

cinghiale (2269602) | 1 year,1 day | (#44617093)

That is the key part. The IP address part is just a distraction.

Re:There was also a cease-and-desist letter (4, Interesting)

schneidafunk (795759) | 1 year,1 day | (#44617147)

Unfortunately the IP address part got snuck into the ruling, which could have unintended consequences later. However, in this case, 3taps definitely deserves to be punished for their abusive behavior.

Re:There was also a cease-and-desist letter (1)

Wrath0fb0b (302444) | 1 year,23 hours | (#44618597)

The way the opinion is structured, neither the IP ban nor the C&D letter does enough work by itself. The former does not by itself provide the target with sufficient notice that their conduct is no longer authorized, while the latter doesn't provide the sort of technological barrier (albeit weak) that is circumvented.

The two work together in concert, each providing an element of the crime that the other lacks.

Re:There was also a cease-and-desist letter (2)

Wrath0fb0b (302444) | 1 year,23 hours | (#44618361)

No, the judge explicitly cites the C&D as part of the evidence that 3Tap was on notice that they no longer had authorization to access the site. From the the opinion

The notice issue becomes limited to how clearly the website owner communicates the banning. Here, Craigslist affirmatively communicated its decision to revoke 3Tapsâ(TM) access through its cease-and-desist letter and IP blocking efforts. 3Taps never suggests that those measures did not put 3Taps on notice that Craigslist had banned 3Taps; indeed, 3Taps had to circumvent Craigslistâ(TM)s IP blocking measures to continue scraping, so it indisputably knew that Craigslist did not want it accessing the website at all.

Does CFAA apply to the man? (3, Interesting)

WaffleMonster (969671) | 1 year,1 day | (#44617055)

If I put up a web site that forbid anyone working for or on behalf of any TLA or law enforcement agency from accessing any publically accessible content on my site could I use CFAA against the government when they ignore my wishes and suck the whole thing into a NSA database?

Re:Does CFAA apply to the man? (1)

uncanny (954868) | 1 year,1 day | (#44617199)

Well the constitution doesn't apply to them, so why would some silly little act?

Re:Does CFAA apply to the man? (0)

Anonymous Coward | 1 year,1 day | (#44617351)

Because they actively use the CFAA and acknowledge its authority.

They haven't done that for the Constitution for a very long time.

Re:Does CFAA apply to the man? (2)

TWiTfan (2887093) | 1 year,1 day | (#44617281)

If I put up a web site that forbid anyone working for or on behalf of any TLA or law enforcement agency from accessing any publically accessible content on my site could I use CFAA against the government when they ignore my wishes and suck the whole thing into a NSA database?

Sure, but who are you going to get to punish them when they do?

Re:Does CFAA apply to the man? (1)

interkin3tic (1469267) | 1 year,1 day | (#44617559)

I would honestly suggest trying it as a form of protest if you've got some money and time you're willing to part with. Though, how are you going to know if it does get stolen* by the NSA?

("stolen" here using the MPAA/RIAA definition of stealing.)

Re:Does CFAA apply to the man? (1, Insightful)

alexgieg (948359) | 1 year,1 day | (#44617667)

If I put up a web site that forbid anyone working for or on behalf of any TLA or law enforcement agency from accessing any publically accessible content on my site could I use CFAA against the government when they ignore my wishes and suck the whole thing into a NSA database?

No. Governments can do almost everything the laws it imposes say citizens (subjects?) cannot do. That's the point of a government, to be the single exception to the rule so that it can impose the rule on everyone else. Also, when the government promises it won't do something that isn't really binding. Sure, some of the time they'll more or less try, without much emphasis and only if they're feeling like it, most of the time however it'll be like that Star Wards exchange between Lando and Darth Vader:

Darth Vader: "Calrissian! Take the princess and the Wookie to my ship."
Lando Calrissian: "You said they'd be left at the city under my supervision."
Darth Vader: "I am altering the deal. Pray I don't alter it any further."

Over and over and over again.

Re:Does CFAA apply to the man? (0)

Anonymous Coward | 1 year,23 hours | (#44618085)

I think your point is valid. But it's not "can do", it's "is doing". They're doing it, even though they're not really allowed to do it. But as mentioned multiple times already: who's gonna stop them?

Re:Does CFAA apply to the man? (2)

Wrath0fb0b (302444) | 1 year,23 hours | (#44618631)

If I put up a web site that forbid anyone working for or on behalf of any TLA or law enforcement agency from accessing any publically accessible content on my site could I use CFAA against the government when they ignore my wishes and suck the whole thing into a NSA database?

No. Read the opinion [volokh.com] .

Now, if you gave notice to the individual agencies that they weren't welcome and instituted a technological control measure to block them from accessing it and they circumvented that block, then it would fall within the four corners of the opinion.

[ And anyway, there's probably a provision in the CFAA exempting law enforcement, but even if there weren't, your hypo doesn't even being to cover the fact pattern necessary here. ]

Re:Does CFAA apply to the man? (1)

Bruce66423 (1678196) | 1 year,22 hours | (#44619389)

It's interesting because in the earliest days of the net dubious sites with porn on them often sported 'NO entry for police' notices. They've now gone out of fashion, but it appears that this ruling may enable them to have a legal effect, which given the significance of due process in US jurisprudence, could be huge.

Re:Does CFAA apply to the man? (1)

shentino (1139071) | 1 year,21 hours | (#44620425)

Two words.

Sovereign immunity.

You cannot prosecute the government itself for a crime. You'd have to press charges against a John Doe. Private citizens cannot prosecute federal crimes against anyone, that's the job of the US district attorneys.

The feds would have to investigate, the feds would have to subpoena the feds to find out whodunit, the feds would have to prosecute them, and the feds would have to fight the feds fighting it every step of the way on grounds of state secrets.

Yeah, fat chance. I can dream though. Basically it would be the DOJ vs either the CIA or the NSA.

More roadblocks come from the fact that the NSA is a subdivision of the DOD, which means there could even be military implications.

Plus, the DOJ is a hierarchial organization under the same executive branch that heads the CIA, the DOD (and thus the NSA), and the FBI.

Getting a spook prosecuted under the CFAA for trespassing on your system is an uphill battle through an obstacle course with snipers trained on you ready to sneak off a bullseye shot on your achilles heel.

Finally, they could always just get a FISA warrant rubber stamped and upgrade the snooping to a search and seizure, and punt the whole thing into 4th amendment territory, causing your legal quest to start all over again.

Re:Does CFAA apply to the man? (1)

FuzzNugget (2840687) | 1 year,21 hours | (#44620539)

Silly rabbit, the law doesn't apply to government and police!

3Taps responds (4, Informative)

digitallife (805599) | 1 year,1 day | (#44617243)

3Taps responds:

"3taps Statement Regarding craigslist’s Misuse of the CFAA
At craigslist’s urging, a federal court has recently interpreted the Computer Fraud and Abuse Act (CFAA), known as the “worst law in technology,” to apply when an owner of a public website decides that it no longer wants an Internet user accessing its website. The court held that “the statute protects all information on any protected computer accessed ‘without authorization’ and nothing in that language prohibits a computer owner from selectively revoking authorization to access its website.” Order at 12. 3taps is obviously disappointed in the Judge’s ruling and believes that by making public information publicly available on the Internet, without a password, firewall, or other similar restriction, craigslist has authorized, and continues to authorize, everyone to access that information. 3taps believes that the CFAA was meant to protect private and confidential information and that it was never meant to be used to selectively criminalize accessing public websites and obtaining the public information found on those sites. Importantly, the Court noted that the “current broad reach of the CFAA may well have impacts on innovation, competition, and the general ‘openness’ of the internet . . . but it is for Congress to weigh the significance of those consequences and decide whether amendment would be prudent.” Order at 12. 3taps continues to urge Congress to clarify the scope of the CFAA so that companies like craigslist cannot use it as a tool to stifle competition, innovation, and access to public websites.
While we disagree with the Court’s interpretation of the CFAA, we of course respect the Court’s ruling. Accordingly, 3taps will adhere to the current interpretation of the law and will immediately cease all access to craigslist’s servers. (Significantly, 3taps only began accessing craigslist’s servers because, as alleged in 3taps’ antitrust counterclaim, craigslist interfered with 3taps’ ability to source content through general search engines.)
Although craigslist may use the CFAA as currently interpreted to prevent 3taps from accessing its servers, 3taps can continue to function because directly accessing these servers is only one of three ways in which the information in question can be obtained. The other two, crowdsourcing and public search results, require no such access to craigslist’s servers and thus obviate the need to engage in conduct that may implicate the CFAA.
Going forward, 3taps will operate based on its understanding that if it does not access craigslist’s servers, it has a right to collect public information originally posted on craigslist’s website. In particular, 3taps reasserts four fundamental points:
  3taps does not now scrape craigslist’s servers, and therefore, cannot be in violation of the CFAA.
  3taps' indexing and caching of exchange posting data reduces (rather than increases) the net computing resources expended by craigslist and other publishers to deliver complex search results to end users.
  As the Court previously held, craigslist cannot rely on its current Terms of Use to claim the right to enforce copyrights associated with user-generated ads posted on its website.

  The United States Patent and Trademark Office recently confirmed that craigslist cannot trademark a peace sign – even if that peace sign is purple. See http://ttabvue.uspto.gov/ttabvue/ttabvue-77956067-EXA-24.pdf [uspto.gov] . 3taps and others cannot be harassed for using the peace sign to indicate where information was sourced.
3taps will hold a public event to demonstrate to any interested party that it is possible (despite assertions to the contrary) to obtain public information on the Internet without reliance on accessing a particular source website. 3taps believes that, by not accessing craigslist’s website directly, it and others are allowed to operate and innovate in the marketplace without being subjected to sham litigation and interference.
3taps continues to assert that craigslist, a deep-pocketed, market-dominating force, has engaged in an anticompetitive scheme to maintain its dominant positions in various online classified ad segments. Among other tactics, craigslist threatens small, upstart competitors with baseless and exhaustive litigation to drive them out of business before the underlying substantive legal issues even can be addressed. In the coming weeks, 3taps will seek to illustrate what the marketplace would look like absent craigslist’s efforts to stifle innovation and competition."
- https://3taps.com/images/pics/430_Statement%20Re%20craigslists%20Misuse%20of%20the%20CFAA.pdf [3taps.com]

Check out the new Slashdot iPad app [apple.com]

mod up (1)

schneidafunk (795759) | 1 year,1 day | (#44617557)

mod up

Re:mod up (5, Insightful)

bluefoxlucid (723572) | 1 year,1 day | (#44617625)

Short version:

Wah wah they told us we couldn't load their servers with screen-scraper shit and sent us legal threats and official notarized C&Ds, and we did it anyway by changing an IP address--a normal thing that users can do even without realizing it--and the judge got pissed at us! I mean how is this different than changing our clothes before walking back into a store we're banned from for harassing the staff?! Are they going to arrest us for changing our clothes now?!

There's a huge logical fallacy in their legal argument.

Re:mod up (0)

Anonymous Coward | 1 year,1 day | (#44617785)

Mod THIS up!

Re:3Taps responds (1)

Wrath0fb0b (302444) | 1 year,23 hours | (#44618705)

3taps [...] believes that by making public information publicly available on the Internet, without a password, firewall, or other similar restriction, craigslist has authorized, and continues to authorize, everyone to access that information.

This sounds plausible until you realize the subtle trick they are pulling in conflating the information itself with the instance of the information stored on CL servers. 3T does, in fact, have every right to access and publish that information. What they do not have is the right to use any particular server to access that information against the express desire of the owner of that server.

It's a bit like confusing the contents of a book with a particular copy of it. Anyone can read Shakespeare, but if the library forbids you from entering, you can't read the particular copy that is on their shelf -- even if they generally let everyone in without checking ID. Craigslist has not forbidden 3T from accessing the information, they have forbade them from accessing CL's servers.

Re:3Taps responds (0)

Anonymous Coward | 1 year,21 hours | (#44619859)

I'd personally argue that the anti-circumvention provisions in the DMCA (making it illegal to copy my DVD movies to my harddrive so I can watch on my Air during a flight) is the worst law in technology.

The CFAA isn't great, but I haven't seen it as badly misused as the DMCA.

Rulings should go past technical review (1)

sandbagger (654585) | 1 year,1 day | (#44617285)

When judges write their rulings -- or rather their employees write their rulings -- the document may go onto a few peoples' desks before release. The more complicated the ruling, the more this is likely as judges don't like things getting overturned. Lots of overturned on appeal looks bad, apparently. Well, it may time for judges to get their rulings to pass some elementary technical review.

Re:Rulings should go past technical review (1)

Virtucon (127420) | 1 year,1 day | (#44617775)

That's what the appeals process is for so lawyers on both sides can argue what's right or wrong with the ruling. Amicus briefs can be filed by knowledgeable and respected organizations or individuals on both sides of the arguments as well to point out specific flaws or finer points that weren't exposed in the original trial. These briefs or amici curiae are most often used in appeals. So the EFF or the FSF could file a brief in the appeal on this case based on the legal and technical problems for society that it creates.

That doesn't solve the problem of a bad law, like the CFAA which is rotten to the core. In this case it sounds like 3Taps was told to stop particular activity, scraping servers, by Craigslist and when they didn't stop Craigslist pursued the matter in court. 3Taps also appears to have used masking techniques to try to hide their activities which also forced Craigslist to seek a judicial ruling. In this case the C&D didn't work, which is more friendly, 3Taps said screw that and then went after using proxy servers which Craigslist detected and somehow tracked back to 3Taps so in this case you have somebody you've told to stop accessing your website against your ToS and the CFAA applies there. Not that I agree with all of the CFAA but certainly telling somebody to stop breaking into your house, time and time again, is more than reasonable and when they won't stop you can seek legal means to make them stop. Craigslist has also shut down other apps that scraped their servers as well. [techcrunch.com] Even though their UI sucks and it seems their legal team doesn't. Good for them.

Not Unreasonable (1)

ggraham412 (1492023) | 1 year,1 day | (#44617311)

It seems like Craigslist had to pass two hurdles to get to this result. First, they sent a cease and desist letter to 3taps which effectively withdrew authorization to use their website for scraping. Second, they put up a technological barrier (albeit a token one) to prevent 3taps from scraping. 3taps subsequently ignored the cease and desist letter willfully, as demonstrated by their use of proxies. I don't think 3taps has any legs to stand on.

Anyone who uses a proxy does not have to worry about violating the CFAA unless they are doing it specifically to get somewhere they have been explicitly banned from. 3taps apparently was taking ads from Craiglist and pawning them off on some other website. Sorry, you can't ethically do that any more than I could scrape comments off of this site and pass them off as coming from pishpot.org.

I do think that it is inane to call this a criminal matter, however. As it was inane in the Schwarz/JSTOR case too. Over-criminalization is a general problem.

A call to arms, disguised as a court ruling. (0)

Anonymous Coward | 1 year,1 day | (#44617323)

You know what this means.

Someone has already taken the dontvisitme.com domain [internic.net] , as of 2013-03-19. But that doesn't mean we can't set up other similarly-named sites with the exact scenario detailed in the judge's decision here, and using this exact case as precedent to get a judgement against anyone that stumbles into the honeypot.

Remember, saying something bad won't happen because it's just too farfetched is a nearly 100% effective way of making that exact scenario happen. It's the same reason "Rule 34" works. When someone hears your bad idea, they implement it. It's our turn, Internet. Let's implement this and make him eat his words. Bonus points if we can trap this exact judge in the honeypot personally. That's when we can file suit against the judge to get him kicked off the bench and disbarred for being a complete tool.

Re:A call to arms, disguised as a court ruling. (1)

bluefoxlucid (723572) | 1 year,1 day | (#44617647)

Have you already sent legal cease-and-desist letters to everyone who unknowingly or knowingly has abused your domain by accessing it; and have they provably ignored this order by willful intent, possibly by circumventing a minor technical barrier?

Actually, it's an EXCELLENT ruling (1)

Anonymous Coward | 1 year,1 day | (#44617469)

So, I set up a few firewall rules to block connections from the NSA and then they circumvent that block, then whammo on them with the CFAA.

Captcha: erection

Re:Actually, it's an EXCELLENT ruling (1)

Bruce66423 (1678196) | 1 year,22 hours | (#44619431)

In your dream... but it's a cute dream...

avenue for scammers (0)

Anonymous Coward | 1 year,1 day | (#44617601)

Isnt it simple enough to require registration for access to the data to be denied to whomeever??
It might make casual access for everyone else more bothersome (hasnt THAT already happened?)
and more work for the company to vet those they allow access to - like verifiable IPs or email addresses (like block yahoo mail accounts used for registration? Why are these things restricted in the first place when they also might be put out in encrypted form and the decryption given only to those with authorized access??? Decoder Apps, etc...

Its not rocket science is it ?

You can bet that scamartists will try to use any laws to their advantage and bring lawyers into pla and extort monies.

No shit (0)

Anonymous Coward | 1 year,1 day | (#44617675)

What part of "forbidden to access" and "unauthorized access" don't you fucking idiots not understand?
 
3Taps was banned from Craig's List. Craig's List took the steps it could to prevent 3Taps from accessing their site including telling 3Taps to stop and sending a Cease and Desist letter. 3Taps ignored the letter and took steps to access the site after they had been specifically told they are not authorized to access the site.
 
If one is told one is not welcome in a store or bar and one goes in anyways, one can get arrested. If you were to tell someone they are not welcome in your house and they have no legal right to enter your house, you can have them arrested for trespassing and possibly breaking and entering.

Re:No shit (1)

mrbester (200927) | 1 year,22 hours | (#44619567)

Stores and bars can have security on the doors to prevent unauthorised entry. So can Craigslist. That a law conflates physical trespass with accessing an open site is bathetic.

Re:No shit (0)

Anonymous Coward | 1 year,21 hours | (#44619829)

They can, but they don't have to do so. Not having security on the door doesn't mean someone who is not authorized or, as in this case, has been banned, can enter without trespassing. If a door is open, one still does not have the right to enter. You seem to be conflating "open" with "public". An open door doesn't not make a place public, doesn't give one a right to enter and entering can constitute trespassing. Your inability to grasp the simple fact that access to a privately owned site running on a privately owned server can be limited is pathetic, or should I say "bathetic"?

Slippery slope arguments are always bad (1)

doug141 (863552) | 1 year,1 day | (#44617743)

Their premise is the current case is not bad enough for opposition, and only some hypothetical future case is bad enough for opposition. It's a form of strawman argument.

that slope isn't slippery (1)

raymorris (2726007) | 1 year,22 hours | (#44619505)

I agree with your post. This case is plain old criminal trespass.

I have to comment on your subject line. Some slopes are known to be slippery, so it's valid to be concerned that "if you authorize the NSA to do X, they may well stretch the limits to Y".

Re:that slope isn't slippery (1)

Agent ME (1411269) | 1 year,21 hours | (#44620179)

Accessing a website through a proxy is "plain old criminal trespass"?

Over-eager blacklists? (1)

nine-times (778537) | 1 year,1 day | (#44617827)

Not everyone on a blacklist is guilty. If one person on your work network gets blacklisted from a site, it will hit everyone on that network. Sometimes sites will even blacklist whole IP ranges because too many IPs in the range have been engaged in something malicious, but that doesn't mean that every IP in the range is doing something wrong. And as the summary points out, IPs are allocated dynamically, and not intended to be used as authentication of a real-life identity. Your IP might be blacklisted for actions taken by someone who used that IP previously. And even if you are banned for good reason, it may be that you received an automated ban because your computer was infected with some malware. Once you clean off the malware, you might be fine.

Yet you're telling me that, if I try to bypass a blacklist for any reason, I'm committing fraud?

They violated a cease and desist letter, so if that can carry any penalty, hit them with it. But there should not be any criminality applied to changing or obscuring your IP address.

Re:Over-eager blacklists? (1)

omnichad (1198475) | 1 year,23 hours | (#44618163)

Agree. The CFAA is only being abused to amplify charges. An IP block is a lot different than being told "Leave and don't come back." For one, it could have been an automated process. If the blocked IP literally received a "Leave and don't come back" message instead of a dropped connection, that might be somewhat different but not enough to establish it in my mind. I'm not surprised at all that a judge has trouble understanding the differences - it's still fairly technical.

Re:Over-eager blacklists? (1)

shentino (1139071) | 1 year,20 hours | (#44620695)

Sorry, that doesn't fly.

Whether you deserve to be on the blacklist or not is an internal matter for Craigslist to decide in its sole and final discretion. Craigslist is private property and they reserve the right to ban anyone they darn please, for any or no reason. It's their blacklist to maintain as they see fit.

The C&D letter proves that they were not welcome, and that they also knew it. It is irrelevant if they deserved to be banned or not. The bottom line is that they were banned and deliberately defied the ban. If it was a mere accident, you'd have a point. But it was not an accident, so your dynamic IP argument doesn't hold water.

Analogy:

I hate the Seahawks with a passion. You come into my tavern wearing blue and green, and I tell you to GTFO and never come back. No, you did not deserve to be 86'ed, because spite bans are unreasonable and I was being an asshole.

You are still in the wrong if you change your clothes and come back in. You are defying my propriety, and I am completely within my rights to have you arrested for trespassing. You would go to jail, and you would also deserve it.

I would deserve a vicious bite on the ass from karma, and my patrons would probably avoid me like the plague. But my being an asshole does not give you a get out of jail free card for trespassing. And more importantly, my reasonableness is not for you to judge.

Furthermore, if I had a good reason to even *believe* you were there to cause trouble, I'd be in the right morally as well as legally. As the owner, I am the rightful judge of what is and is not appropriate, and I cannot afford the time to second guess every single decision I make. If I'm honestly convinced you're bad for the tavern, then out you go. Even if I happen to be wrong, any resistance on your part would only serve to justify my decision. Because at that point, you are showing contempt for my authority over the tavern, which itself is disruptive.

The Dangers of Bad Analogies (0)

Anonymous Coward | 1 year,1 day | (#44617841)

The judge imposes his own idiosyncratic and draconian notions of what constitutes 'authorization' to access a page, while claiming to avoid doing so, dismissing the idea that absence of technical constraints on accessing a page might constitute authorization. And he imagines that accessing web resources is like visiting a store open to the public -- one 'enters' a website only through the home page (the doorway into the store). If the home page contains a notice, that is equivalent to posting a sign at a store entrance, as though hyperlinks always link only to home pages, and a human being always reads any notices posted on those home pages. And so he mocks the idea that one might follow a link to material on a website without being aware of its being on that website, and then be held accountable for what he himself has said would be unauthorized access.

they weren't aware they were scraping against C&am (2)

raymorris (2726007) | 1 year,23 hours | (#44618625)

> that one might follow a link to material on a website without being aware of its being on that website, and then be held accountable for

You think they weren't aware that their business model was scraping craigslist? They were most certainly aware of which site they were scraping. When they signed for the certified C&D letter, they were well aware that they were doing so over the objections of the owner.

To me, this is exactly like criminal trespass. The fact that they set up proxies in attempt to hide their actions is further evidence that they knew what they were doing was wrong.

should be civil not criminal (0)

Anonymous Coward | 1 year,23 hours | (#44618133)

I can see how Craigslist can claim civil damages from the other company by taking its advertisements away. If you think about it, they are basically robbing their business and costing them money. However, making these criminally enforceable means that you can go to jail because a private individual or company makes a rule that you don't follow. I think Craigslist has a legitimate civil claim here. This company is a parasite and is disrupting their business. However, it is not a 'criminal' activity. By all means take their money. But a perp walk for this?

This means that if you work for one of those companies that only allows specific software on your computer and you are a developer and need something else. You have a deadline and need to get something done, so you ignore the rule. Instead of simply risking termination for violating company policy for installing the wrong version of Eclipse, you risk being sent to jail. or... lets say you use a generic script you got off the internet at company A. You go to company B and you use the same generic script. Company A can now criminally charge you for taking their intellectual property?

Then think about the extensions of this... companies are now more commonly issuing employment agreements online. You sign them with a digital signature. The agreement can say in the bottom 'you can't talk about this agreement'. I never sign those. If I am interviewing for a job and they ask why I am quitting and I say 'I dont want to sign the new employment agreement and here is why' (I have done this), I am technical breaking a criminal law even if I did not agree to the agreement. This agreement is criminally enforceable only because they issued it online instead of on paper.

Extension of this. You sign an online separation agreement with Company A. They give you a bad reference. your prospective employer asks you about this and you tell them your side of it. Are you technically violating a crime if the separation agreement says you can not say anything negative about the company? Lets say a future employer is competing with a previous employer from 5 years ago. You want to help your new employer win a contract. You know some people on their previous company are bad at 'X'. So your company presses 'X' and says we are better than these guys. Are you committing a felony now?

It is very common for companies to claim everything they make you sign as 'their intellectual property'. In the past the worst they can do is sue you and this costs them money. If they make you use a digitial signature this becomes criminally enforceable.

Craigslist has been overjealous for some time (1)

Anonymous Coward | 1 year,23 hours | (#44618315)

Despite posing to contrary, Craigslist has been in overjealous position for some time. There is fine line between protecting your business/IP and vehemently preventing anyone from extending on your service, even when they give you credit.

For example, CL has been going after any service that would display CL postings in a different matter (ordered list etc), even when those sites do not scrape full content, duly link the ad back to CL for full details etc. In a nutshell, CL doesnt want anyone else to access their system in programmatic manner, even if they give credit back to CL, does not want to sell such access for decent price, except for the end users that THEY decide will get in.

On the surface, that may look ok, technically, but using all sorts of crappy laws to prevent any extension is sort of what Microsoft does to others.

fyi over zealous (1)

raymorris (2726007) | 1 year,23 hours | (#44618653)

Fyi, the phrase is "over zealous". Carry on.

This means ... (1)

PPH (736903) | 1 year,22 hours | (#44619109)

... when Moot bans you from /b/, he means it!

Re:This means ... (0)

Anonymous Coward | 1 year,21 hours | (#44620237)

Does this mean I can be tried as a criminal for evading a ban on /b/ if moot decides to prosecute?

Does this mean I can prosecute people who evade bans on my own site? This would make my administrating job a bit easier, but it's disturbing.

Don't look in the window (0)

Anonymous Coward | 1 year,21 hours | (#44619947)

To me it seems "no trespassing" isn't a correct example. I like to think of it as more a store front window on a public street. Any passer by can look in. People may come to this street just to look in the window to see what is on display. Some might even want to copy, take notes or even pictures on what is on display in this window. Maybe the store doesn't like that, so it has build a robotic facial recognition system that move blockers in the way of people who they don't want peeking in. Now someone who has been blocked come along, wearing a mask and it fools the blocking system, are they breaking the law?

Get off the internet then (0)

Anonymous Coward | 1 year,20 hours | (#44620813)

I'm sorry, it's the craigslist website on the WHAT?

The you-know-what isn't some private company intranet. The whole lot of you knows damn well what "in the wild" means.

If we're walking in my yard, it's my authority to tell you "Your dog can't poop here." but we go into the grassy park superhighway and that's gone.

Although, authority or not, I'm still gonna say it: "Get off my internet."

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>