September 9, 2013
Federal Judge Charles Breyer, in the Northern District of California, recently ruled that use of Internet proxy servers and changes in Internet addresses could, under certain circumstances, constitute violations of the federal Computer Fraud and Abuse Act (CFAA). This interpretation of the CFAA significantly extends the potential reach of the law, and appears to be inconsistent with the changing technological environment.
Under the CFAA it is illegal to engage in circumvention of “technological barriers” in an effort to make unauthorized use of a computer or its content. Efforts to circumvent computer security technology are thus violations of federal law independent of whether or not the effort resulted in actual misuse of computers or their content.
In the case, Craigslist v. 3taps, Judge Breyer was asked to determine if actions taken by 3taps to continue to access content from the Craigslist website were lawful. As a result of a legal dispute between the two companies, Craigslist had attempted to prevent 3taps from accessing the website by blocking access from the Internet protocol (IP) addresses that had been used by 3taps previously.
In response to the blocking imposed by Craigslist, 3taps changed its IP addresses and used Internet proxy servers, thus evading the block. 3taps thus continued to access the website content even after Craigslist had moved to prevent such access.
Craigslist argued that the actions taken by 3taps were illegal. The company claimed that changing IP addresses or using proxy servers in order to work around website blocks was an unlawful effort to circumvent a technological barrier intended to secure computer content.
Judge Breyer determined that the process of blocking specific IP addresses in order to deny access to a website constitutes a technological barrier of the sort contemplated by federal law. Accordingly, use of proxy servers or other IP addresses in order to continue to access a website despite access blocks can be unlawful circumvention of technological digital security barriers.
Although the principle of making some forms of circumvention of technical digital security barriers illegal is appropriate, care should be exercised to ensure that those laws are not interpreted in an overly expansive manner. If interpreted too broadly, anti-circumvention rules can dramatically expand the scope of digital security laws, causing those laws to prohibit digital activities that should not be impeded.
Use of multiple IP addresses appears to be an activity that should not be restricted by federal law. In today’s environment in which individuals routinely access online content from multiple devices using more than one communication network, legal restrictions that interfere with the ability to use multiple IP addresses present inappropriate limits on digital network use.
Federal laws protecting digital security should not be interpreted in an overly broad manner. Efforts to protect digital content must not be allowed to impede expansion of computer network access and use.