Security News > 2020 > March > Clarifying the Computer Fraud and Abuse Act

Clarifying the Computer Fraud and Abuse Act
2020-03-31 12:51

A federal court has ruled that violating a website's terms of service is not "Hacking" under the Computer Fraud and Abuse Act.

Leading job sites have terms of service prohibiting users from supplying fake information, and the researchers worried that their research could expose them to criminal liability under the CFAA, which makes it a crime to "Access a computer without authorization or exceed authorized access."

Someone who logs into a website with a valid password doesn't become a hacker simply by doing something prohibited by a website's terms of service, the judge concluded.

While some websites require a user to read through the terms and explicitly agree to them, others merely include a link to the terms somewhere on the page.

As a result, most users aren't even aware of the contractual terms that supposedly govern the site.


News URL

https://www.schneier.com/blog/archives/2020/03/clarifying_the_.html