Sunday, January 31, 2016

Computer Trespass or Authorized User Given Access

Computer trespass occurs when access to a computer and or related network is attained without authority.  Such is the case when the Computer Fraud and Abuse Act (CFAA) 18 U.S.C. § 1030 is deemed violated.   For there to be a violation the matter had to involve a protected computer which is described as one engaged in commerce or network related system communications.  What also has to be established is the element of trespass where it can be established where one has conducted an activity that surpasses the authority given.  Issues of agency and employees have peppered the courts over the issue of agency and the scope granted.

Facebook has had a dispute with Power Ventures regarding these elements to the extent that the courts have delved into the extent of authority provided by users, who are members of Facebook’s social media community, to a social network aggregator, i.e., Power Ventures.  The issue has been what authority does Power have to access Facebook user information upon user consent, though Facebook is opposed?  The intricate aspect of this is that Power was granting, through a promotion, a monetary incentive to Facebook users if they sought friends to also join Power Ventures in order aggregate user information from other social media platforms as well.
As would operate, users would be able to access any social media platform through their website portal.  What culminated for the district court to rule in February 2012 against Power Ventures was that it found it guilty of violating CFAA the CAN-SPAM Act, where the court subsequently awarded several millions in damages along with an injunction.  The trigger was that emails would be sent to friends of Facebook community members appearing as if it came from Facebook itself.  Despite the placement of an internet protocol block, it was bypassed by Power.
Recently, however, Power returned to the 9th Circuit to oppose the award and challenges the reasoning underscoring the finding. It argues that the CFAA was not intended to cover this realm of this type of permission for access as well as challenging Facebook’s claimed ownership of community members’ information and information of their friends.   Power claims that the user owned the information and not Facebook. Therefore, it was not taking Facebook owned information, it was using user information and users were giving permission and access.
The question that continues to gnaw is it a criminal unauthorized access under the CFAA when an individual receives user permission to access user information but it is opposed by social media platform, i.e., in this case Facebook?  As initially raised, the elements of agency come into play where authority is granted to have access, originating from when the user established an account.  Afterward, the user, member of the community has privileges of access to its account and it can delegate it and assign it to whomever it chooses.  As long as the recipient conducts itself consistent with the boundaries of its agent responsibilities, it should not be deemed infringed.
What also gnaws is whether bypassing an IP block and ignoring the cease and desist violates CFAA.  The latter involves something that is ephemeral and the former involves the matter of consistency.  The former it technically not reliable to withstand resistance. To the latter, either the account is active, where the users has rights to grant access to whomever it chooses or the account is not active and the user is devoid of authority of administering its own account and information. See Facebook v. Power Ventures (9th Circuit).

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."
Copyright 2016, all rights reserved Lorenzo Law Firm, P.A.

No comments:

Post a Comment