Back in 2016, the ACLU and First Look (the publishers of The Intercept) sued the US government to force it to clarify that the 1986 Computer Fraud and Abuse Act — the overbroad statute passed during over a panic sparked by the movie "Wargames" — does not prohibit violations of terms of service.
At issue is the CFAA's incredibly broad definition of hacking: "exceeding your authorization" on a computer. Tech companies have argued that this means that any violation of their terms of service (through which they define your authorization) is a felony under the CFAA. This was the basis for the US government's legal attack on Aaron Swartz, allowing a federal prosecutor to threaten him with 35 years in prison for failing to abide by the legal fine-print on a website.
The US Government moved to dismiss the suit and a Federal Circuit judge has dismissed their motion, and will allow the suit to proceed.
The Intercept and the ACLU are seeking a judgment that would allow them to systematically explore whether services are practicing illegal racial and gender-based discrimination in advertising and offering financial products to their users; to do this, they want to be able to create fake personas and login to the services to gather data.
Axios's Joe Uchill points out that this is a fraught business in the midst of the Cambridge Analytica scandal, with some skeptics arguing that a victory in the suit for the ACLU and The Intercept would be the thin edge of the wedge for allowing companies like Cambridge Analytica to violate terms of service by scraping user profiles. I think that this is overstated: other circuits have already narrowed the CFAA and its ability to turn EULAs into private law; and the issue being argued here is a narrow one: whether a specific legal activity can be made illegal by adding a term-of-service prohibiting it.
The details: A handful of researchers and First Look Media (which operates The Intercept and other sites) would like to use bots and create dummy accounts to test the behavior of employment and real estate websites.
*
The researchers are studying whether machine-learning algorithms on employment and real estate websites might have developed gender or racial bias. To do that, they would set up multiple similar accounts, changing only minority or gender status between them, and apply for jobs or housing.
* That might violate the sites’ terms of service — and doing so, some courts have ruled, constitutes a violation of the Computer Fraud and Abuse Act (CFAA), the major U.S. anti-hacking law.
Suit to let researchers break website rules wins a round [Joe Uchill/Axios]