Wednesday, June 19, 2013

I Join the EFF and Others in Calling for Craigslist to Drop CFAA Claims

[Cross-posted on Freedom to Tinker]

Craigslist is suing several companies that scrape data from Craigslist advertisements. These companies, like Padmapper and 3taps, repurpose the data in order to provide more useful ways of searching through the ads. I have written about this in earlier posts, "Dear Craig: Voluntarily Dismiss with Prejudice," and "A Response to Jerry: Craig Should Still Dismiss." Fundamentally, I think that the company's tactic of litigating against perceived competitors is bad for Craigslist (because it limits the reach of its users' ads and thus the success of Craigslist), it is bad for the law and policy of the web (because scraping of public web sites has historically been a well-established and permissible practice that beneficially spreads public information), and is in bad taste (given Craiglist's ethos of doing well by doing good).

One of the most problematic aspects of the lawsuit is the set of claims under the Computer Fraud and Abuse Act (CFAA) and its California state-law counterpart. The CFAA, passed in 1986, introduces criminal and civil penalties for "unauthorized access" to "protected computers." The CFAA was largely a reaction to generalized fear of "computer hacking," and it did not envision the public internet as we know it today. Nevertheless, some have tried to apply the CFAA to public web sites. This approach has been widely frowned upon by both the tech community and the courts. For instance, the Center for Democracy and Technology (CDT) and the Electronic Frontier Foundation (EFF) are actively pushing to reform the CFAA because it has been subject to prosecutorial abuse. Craigslist has nevertheless alleged violations of the CFAA based on access to their public web site.

Today I signed on to an an amicus brief written by the EFF--which was also co-signed by other scholars in the field--that urges the court to dismiss these ill-advised CFAA claims. The brief reads, in part: