Craigslist Inc. v. 3Taps Inc. (ND Ca. Aug. 16, 2013)

Craigslist Inc. v. 3Taps Inc., 2013 WL 447520 (ND Ca. Aug. 16, 2013) (9th Cir)

3Taps operates an online service that aggregates and republishes ads from Craigslist, which Craigslist describes as illegally scraping content. After learning about 3 Taps’ activities, Craigslist took two important steps: (1) it sent a cease-and-desist letter to3Taps informing it that “[t]his letter notifies you that you and your agents, employees, affiliates, and/or anyone acting on your behalf are no longer authorized to access, and/or prohibited from accessing Craigslist ‘s website or services for any reason”; (2) Craigslist configured its website to block access from IP addresses associated with 3Taps.Craigslist sued 3Taps for violating the Computer Fraud and Abuse Act. The primary issue before the court was whether the CFAA applies in cases where the owner of an otherwise publicly available website takes steps to restrict access by specific entities. The court reasoned that, initially, Craigslist made its website publicly available and, therefore, had authorized the world to access it. Craigslist sought to revoke that permission on a case-by-case basis through its cease-and-desist letter and IP blocking measures. The issue narrowed to whether Craigslist had the authority to de-authorize access in this manner. It did.

The court found that “authorization” turns on the decision of the “authority” that grants – or prohibits – access and, just as an employer was able to do in Brekka, Craigslist as owner of the website rescinded that permission for 3Taps and further access by 3Taps after that rescission was “without authorization.”

Key Takeaways: (1) the “notice” was clear and specific; (2) the “notice” was not a cryptic, blanket policy that few will likely read; (3) the “authority” used technological measures to block the access, which measures were circumvented; and (4) this shows that when an “authority” actively monitors accesses to its computers, it can control unauthorized accesses or even disapproved uses and, when done in this manner, enforce them under the CFAA.

There is a lot of additional information in the court’s opinion that is well worth reading to learn more about the CFAA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.