Skip to main content

Terms & Conditions: Should ignoring fine print be illegal?

CFAA

For this week’s T&C, we’re going to veer from the regularly scheduled programming – parsing a single terms of service or privacy policy – to focus on a more pressing matter, an issue that concerns all terms of use, of every Internet-connected service in existence.

Right now, a bill is floating around in the House of Representatives that would make it explicitly illegal – a felony – to violate certain terms of service. Sound crazy? That’s because it is – but it’s also real. Which is why we need to talk about it. Below, I’ll explain what the situation is, and what we should all try to do to help.

Related Videos

Computer Fraud and Abuse Act, the short version

There is a law that’s been on the books since 1984 called the Computer Fraud and Abuse Act, or CFAA. It’s a big law, and has recently come up due to a number of “hackers” facing prosecution under the CFAA. One of these hackers was Aaron Swartz, who helped create RSS, Creative Commons, and Reddit, and killed himself in January amidst ongoing prosecution under the CFAA.

Swartz got in trouble for downloading a bunch (read: millions) of scholarly articles from a service called JSTOR. He did so by accessing it through the network of the Massachusetts Institute of Technology. The problem here is that Swartz potentially faced up to 30 years in prison. Many people think that is far too harsh a sentence for what was, by all accounts, a victimless crime.

There have been a number of other similar cases recently – one against “AT&T iPad hacker” Andrew “Weev” Auernheimer, and another against Reuters’ deputy social media editor Matthew Keys – but the complaints are all the same: Penalties under the CFAA are too strong.

Another problem with the CFAA – which was passed before the Internet existed – is that it prohibits “unauthorized access” of a “protected computer.” But nowhere does the law define what either of those two terms mean – thus, the courts have had to sort this out. That’s led to more confusion, and more problems.

For example, prosecutors have charged people in the past under the CFAA for violating the terms of service of a website, based on the argument that doing so constituted “unauthorized access.”

In other words, the federal government has the power to send you to jail if you lie about your name or age on Facebook, which are against the rules. You could theoretically be put behind bars for sharing your Pandora password. Will you? Probably not – but that doesn’t mean the government should have that power.

This is a problem, clearly. But it’s not getting any better; in fact, it could get worse.

CFAA, redux

OK, so the problems people have with the CFAA are that it’s penalties are too harsh, and what exactly “unauthorized access” and “protected computer” mean is anyone’s guess. Since Swartz’s death, people have been pushing for Congress to fix the CFAA. A recently surfaced “draft bill” (meaning it’s still in its earliest stages) that would amend the CFAA shows that the House Judiciary Committee wants to do exactly the opposite of what the people have called for. Worse, it could make it even easier to go after those of us who violate terms of service.

See the draft bill text here (PDF).

According to the Center for Democracy & Technology – a balanced, trusted rights advocacy group – updating the CFAA with the new language “would push the law in the exact wrong direction, dramatically heightening penalties while giving the government and civil litigants more latitude to prosecute or sue average Internet users who happen to violate a Web site’s terms of service or an employer’s computer use policy.”

As the Electronic Frontier Foundation aptly points out, many news websites (and other services) prohibit users under the age of 18, and more often 13, from accessing the website, according to the terms of service. (This rule is in the terms to help ensure these companies don’t violate the Children’s Online Privacy Protection Act (COPPA), which prohibits the unauthorized collection of personal data of kids 12 and under.) If kids of the wrong age do access these sites, they would be “criminals” according to the U.S. Department of Justice.

Not on my watch

While it is vitally important to protect our financial data and information related to national security out of the hands of hackers, there appears to be no good reason to make terms of service violations a criminal offense. (Please, speak up if you have one!) If you agree, there are a couple of things you can do. 

First, sign up for the EFF’s call to action against the CFAA. Next, do the same for Demand Progress’ campaign. And finally, call your representatives in Congress, and tell them exactly how you feel about the CFAA and the changes outlined above.

Terms of service and privacy policies are important to read and understand – that’s why T&C exists. But clicking “I Agree” without reading first should never send you to jail.

Editors' Recommendations

Will Google ever lose its throne as king of search? Here are its main contenders
Person using Google on a laptop.

“Advertising income often provides an incentive to provide poor quality search results,” Google’s founders, Sergey Brin and Larry Page, argued in a research paper when they were still working out of their Stanford dorm rooms.

Today, Google is synonymous with the web -- but it’s also far from the sort of “competitive and transparent” search engine Brin and Page set out to develop decades ago. Google’s journey into the dictionary and becoming a trillion-dollar empire demanded a slate of fatal modifications to its original blueprint. The result is a search engine that buries organic links under an avalanche of ads, keeps tabs on its visitors’ every move and click, and manipulates results by tapping into the giant pool of data Google harvests from the rest of its services.

Read more
Your digital fingerprint is tracked everywhere online. Brave wants to change that
6 important tech tasks you should get over with while social distancing chores computer privacy getty

We have more tools to secure our identity online than ever before. You can ban cookies -- the little pieces of information websites deposit in our browsers to identify us -- block invasive trackers from tailing our machines, switch to incognito mode, opt out of cross-app tracking with Apple’s latest iOS update, or even go as far as to surf the web only through highly encrypted virtual private networks.

But there’s a tracking method that can still slip past these defenses and it’s growing in popularity: Fingerprinting.
The anatomy of a fingerprint
What makes fingerprinting so elusive and difficult to defend against is the fact that the data it exploits is essential to the web’s foundational functions.

Read more
Want to browse the web privately? Here’s how to do it for real
how to browse the web privately anonymous header

When it comes to browsing the web without leaving a trail, there is a lot of noise out there. Advice varies from getting a VPN to disabling cookies to utilizing the private browsing mode within the browser of your choice. But which of these tools actually work? And how do they work? The truth is, different tools prevent different kinds of tracking.

To understand how these tools work, you first have to understand what can be tracked:

Read more