Wednesday, June 19, 2013

I Join the EFF and Others in Calling for Craigslist to Drop CFAA Claims

[Cross-posted on Freedom to Tinker]

Craigslist is suing several companies that scrape data from Craigslist advertisements. These companies, like Padmapper and 3taps, repurpose the data in order to provide more useful ways of searching through the ads. I have written about this in earlier posts, "Dear Craig: Voluntarily Dismiss with Prejudice," and "A Response to Jerry: Craig Should Still Dismiss." Fundamentally, I think that the company's tactic of litigating against perceived competitors is bad for Craigslist (because it limits the reach of its users' ads and thus the success of Craigslist), it is bad for the law and policy of the web (because scraping of public web sites has historically been a well-established and permissible practice that beneficially spreads public information), and is in bad taste (given Craiglist's ethos of doing well by doing good).

One of the most problematic aspects of the lawsuit is the set of claims under the Computer Fraud and Abuse Act (CFAA) and its California state-law counterpart. The CFAA, passed in 1986, introduces criminal and civil penalties for "unauthorized access" to "protected computers." The CFAA was largely a reaction to generalized fear of "computer hacking," and it did not envision the public internet as we know it today. Nevertheless, some have tried to apply the CFAA to public web sites. This approach has been widely frowned upon by both the tech community and the courts. For instance, the Center for Democracy and Technology (CDT) and the Electronic Frontier Foundation (EFF) are actively pushing to reform the CFAA because it has been subject to prosecutorial abuse. Craigslist has nevertheless alleged violations of the CFAA based on access to their public web site.

Today I signed on to an an amicus brief written by the EFF--which was also co-signed by other scholars in the field--that urges the court to dismiss these ill-advised CFAA claims. The brief reads, in part:

Friday, May 24, 2013

Arlington v. FCC: What it Means for Net Neutrality

[Cross-posted on Freedom to Tinker]

On Monday, the Supreme Court handed down a decision in Arlington v. FCC. At issue was a very abstract legal question: whether the FCC has the right to interpret the scope of its own authority in cases in which congress has left the contours of their jurisdiction ambiguous. In short, can the FCC decide to regulate a specific activity if the statute could reasonably be read to give them that authority? The so-called Chevron doctrine gives deference to administrative agencies' interpretation of of their statutory powers, and the court decided that this deference extends to interpretations of their own jurisdiction. It's all very meta, but it turns out that it could be a very big deal indeed for one of those hot-button tech policy issues: net neutrality.

Scalia wrote the majority opinion, which is significant for reasons I will describe below. The opinion demonstrated a general skepticism of the telecom industry claims, and with classic Scalia snark, he couldn't resist this footnote about the petitioners, "CTIA—The Wireless Association":

This is not a typographical error. CTIA—The Wireless Association was the name of the petitioner. CTIA is presumably an (unpronounceable) acronym, but even the organization’s website does not say what it stands for. That secret, known only to wireless-service-provider insiders, we will not disclose here.

Tuesday, May 7, 2013

A Response to Jerry: Craig Should Still Dismiss

[Cross-posted on Freedom to Tinker]

Jerry Brito has a new post on the Reason blog arguing that I and others have been too harsh on Craigslist for their recent lawsuit. As I wrote in my earlier post, Craigslist should give up the lawsuit not just because it's unlikely to prevail, but also because it risks setting bad precedents and is downright distasteful. Jerry argues that what the startups that scrape Craigslist data are doing doesn't "sit well," and that there are a several reasons to temper criticism of Craigslist.

I remain unconvinced.

To begin with, the notion that something doesn't "sit well" is not necessarily a good indicator that one can or should prevail in legal action. To be sure, tort law (and common law more generally) develops in part out of our collective notion of what does or doesn't seem right. Jerry concedes that the copyright claims are bogus, and that the CFAA claims are ill-advised, so we're left with doctrines like misappropriation and trespass to chattels. I'll get to those in a moment.

Tuesday, April 30, 2013

Dear Craig: Voluntarily Dismiss with Prejudice

[Cross-posted on Freedom to Tinker]

Last summer, Craigslist filed a federal lawsuit against the company Padmapper (and some related entities). is a site that, among other things, allows users to view Craigslist postings on a geographical map. It is a business premised on providing value added services to Craigslist postings -- with some of that added value going back to Craigslist in the form of more users. Craigslist did not like this, and alleged a host of claims -- seventeen of them, by the time they were done with the "First Amended Complaint" (FAC). Among their claims were alleged violations of copyright, trademark, breach of contract, and -- surprisingly -- Computer Fraud and Abuse Act (CFAA). The CFAA claims were not in the original complaint (they showed up only in the September 2012 FAC). Today, the judge ruled that some of the claims would be dismissed, but that many would survive.

I am still at a loss about why Craigslist is taking such a scorched earth tactic against a site that appears to help more people find Craigslist postings. Sure, they're looking to make money while doing it, but that's how much of the internet business ecosystem works. I'm particularly shocked, because Craig Newmark has been at the forefront of fighting for so much good online policy. We've met a few times, including the period when he was embroiled in the fight over whether or not "adult services" would do away with his CDA 230 intermediary liability. He was on the right side of SOPA/PIPA and helped to fight against over-expansive copyright. I've always found him to be personally friendly, thoughtful, and savvy about what makes the internet work.

Wednesday, March 16, 2011

Wednesday, August 18, 2010

I Got Interested in Web Authentication and Security

Lately there have been some interesting developments in the fundamental structure of web security, and I've gotten involved in discussing how they are coming together. I did a post earlier this year on "Web Security Trust Models", and recently added an update called "A Major Internet Milestone: DNSSEC and SSL." This whole topic area is a fascinating convergence of technology and policy. If you want to geek out, here are a few good links:

[Update: oops, forgot to mention that I got a quote in the NYT. It's actually an awful quote... I sound like a valley girl ("This is, like, totally important, you know?"). Other than that, the gray lady got the story right.]

Tuesday, July 27, 2010

Private Information in Public Court Filings

Court proceedings are supposed to be public. When they are public and easily accessible, citizens know the law and the courts are kept accountable. These are the principles that underpin RECAP, our project to help liberate federal court records from behind a pay-wall.

However, appropriate restrictions on public disclosure are equally critical to democracy-enhancing information management by the judiciary. Without protections on personal data, trade secrets, the addresses of cooperating witnesses, or other harmful information the courts would become a frightening place for many citizens in need of justice. Peter Winn has described this challenge in detail.

Thus, somewhat counter-intuitively, it is important to restrict some legal information in order to set the rest free. That is why our courts have a strong legacy of sealing cases when, on balance, their disclosure would do more harm to justice than good. When the risks don't require the entire case to be sealed, portions of documents can be redacted. Federal Rule of Civil Procedure 5.2 and Federal Rule of Bankruptcy Procedure 9037 define these instances.

But what happens when mistakes are made or negligence occurs?

Read the rest over at Freedom to Tinker.