 Cartel
Premium Member
join:2006-09-13
Chilliwack, BC
kudos:2 ·TekSavvy DSL
·TELUS
 ·Shaw
|
Cartel
Premium Member
2013-Aug-20 10:41 am
Court rules that IP cloaking is a crime Disguising an IP address or using a proxy server to visit Web sites you've been banished from is a violation of the Computer Fraud and Abuse Act, a federal judge has ruled. U.S. District Court Judge Charles R. Breyer for the Northern District of California issued the ruling Friday in a copyright infringement lawsuit between Craigslist and data harvester 3Taps. The legal dispute began in July 2012 when Craigslist sent a cease-and-desist letter to apartment listing app PadMapper, claiming it was violating the site's terms of service by scraping apartment rental information from the online classifieds site. » ixquick-proxy.com/do/pro ··· 024ecb1d"What'a you in for?", said Bubba. "Using a proxy..." said lil' Timmy. |
|
 John GaltForward, March
Premium Member
join:2004-09-30
Happy Camp
kudos:8 |
I'm sure they get right to that as soon as they get the robocall thing controlled... |
|
| |
to Cartel
Interesting question, is a web site considered public or private, if its private then this is a logical outcome as it equates to trespassing. How do you think this ruling should have gone and why?
Blake |
|
 Nanakiaka novaflare. pull punches? Na
Premium Member
join:2002-01-24
Akron, OH |
Nanaki
Premium Member
2013-Aug-20 6:06 pm
said by Link Logger:Interesting question, is a web site considered public or private, if its private then this is a logical outcome as it equates to trespassing. How do you think this ruling should have gone and why?
Blake
Ohhh tuff question. Probably along the lines of a businesses that states we reserve the right to refuse service to any one at any time for any reason. Or in the case of a disruptive customer who refuses to leave and has the cops called on them. Such a person is trespassing at that point in time. Once asked to leave the customer (in this case web site user) must leave. It should be interesting for sure. Wont have much teeth at first and will need to be tried in court to get those teeth. I for one am dang happy. I get sick of people in irc trying to spam flood cuss you out then try and pull the freedom of speech nonsense when you ban them and they break in with a proxy. |
|
 Snowy
Premium Member
join:2003-04-05
Kailua, HI
kudos:6
 ·Clearwire Wireless
·Time Warner Cable
|
to Link Logger
said by Link Logger:How do you think this ruling should have gone and why?
First, keep in mind that this is a civil ruling. Second, I agree with the outcome - a website should have a right to prohibit scraping for re-posting elsewhere. But, I completely disagree with the ruling itself though. Personally, the benchmark I use to determine if a resource over ports 21, 80, 443, 8080 etc... are off limits or fair game is " Is it password protected"If it is, it's off limits. That's an easy, simple enough rule to understand. From the court: " Craigslist blocked the Internet Protocol addresses associated with 3Taps, but the data harvester continued to scrape data off Craigslist by concealing its identity with different IP addresses and proxy servers. Craigslist argued that the 3Taps' subterfuge violated the CFAA, which prohibits the intentional access of a computer without authorization that results in the capture of information from a protected computer."BF mine, but that's where the court missed the boat. How is Craigslist a protected computer? For sure there are directories that are password protected but the court ruling that the entire server is protected is misguided. Now if Craigslist's public directories were password protected with the password being the letter "a" & that password being public knowledge, I would tend to agree with the ruling (that Craigslist is a protected computer). It gives Craigslist the benefit of a protection that isn't in place. Looks like Craigslist can have it's cake & eat it too. |
|
·TELUS
|
to Nanaki
Given the internet isn't really 'public' (ie its not like a public park) the concept of private services etc have validity and as such refusal of service or access is legit. In some way this case could have been executed as copyright violations as well (ie screens scraped copyrighted information), so there are lots of options available.
Blake |
|
 jeisenbergNew Year's Eve
join:2001-07-06
Windsor, ON
|
to Snowy
said by Snowy:said by Link Logger:How do you think this ruling should have gone and why?
First, keep in mind that this is a civil ruling. Second, I agree with the outcome - a website should have a right to prohibit scraping for re-posting elsewhere. But, I completely disagree with the ruling itself though. Personally, the benchmark I use to determine if a resource over ports 21, 80, 443, 8080 etc... are off limits or fair game is " Is it password protected"If it is, it's off limits. That's an easy, simple enough rule to understand. From the court: " Craigslist blocked the Internet Protocol addresses associated with 3Taps, but the data harvester continued to scrape data off Craigslist by concealing its identity with different IP addresses and proxy servers. Craigslist argued that the 3Taps' subterfuge violated the CFAA, which prohibits the intentional access of a computer without authorization that results in the capture of information from a protected computer."BF mine, but that's where the court missed the boat. How is Craigslist a protected computer? For sure there are directories that are password protected but the court ruling that the entire server is protected is misguided. Now if Craigslist's public directories were password protected with the password being the letter "a" & that password being public knowledge, I would tend to agree with the ruling (that Craigslist is a protected computer). It gives Craigslist the benefit of a protection that isn't in place. Looks like Craigslist can have it's cake & eat it too. I think the ruling was correct, including the conclusion that the computer was protected. I liken this to rulings regarding circumvention of copyright (DMCA violations). Craigslist indicated that areas were protected by virtue of blocking access by IP address ranges. 3Taps circumvented that measure (like those that circumvent DMCA) by deploying a masking strategy. 3Tap would have discovered they were blocked prior to using the proxy, therefore consciously trying to "break into" a protected area. |
|
 BlackbirdBuilt for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN
kudos:4
|
to Cartel
The way I see it, a business's servers, whether owned or leased, are akin to its storefronts (whether owned or leased). The information therein is its property until sold, insofar as it has cost the business time and resources in order to assemble the information and make it available as a product array for its customers. Just as the business has the right to control access to its store against tangible item rip-offs, it has the right to protect and control access to its servers against data rip-offs. How it protects its servers is simply up to the business, whether via passwords or via IP blocking or whatever else. |
|
 siljalineI'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC
kudos:18
|
to Cartel
Changing IP address to access public website ruled violation of US law. • » arstechnica.com/tech-pol ··· -us-law/Court Rules Accessing a Public Website Isn't A Crime, But Hiding Your IP Address Could Be. • » www.eff.org/deeplinks/20 ··· could-be |
|
 ashrc4
Premium Member
join:2009-02-06
australia |
to Cartel
What's the negative off shoot from setting a precident such as this based on a Physical IP.
Is it that websites need to be able know some form of identity related to a individual IP in order suffice there handle in this?
Reboots router theoretical) |
|
Snowy
Premium Member
join:2003-04-05
Kailua, HI
kudos:6 ·Hawaiian Telcom
·Clearwire Wireless
·Time Warner Cable
|
to jeisenberg
said by jeisenberg:Craigslist indicated that areas were protected by virtue of blocking access by IP address ranges.
You're right. I didn't see blocking certain IP's conferring a protected status. When I think of 'protected computer' I see challenge screens, login credentials etc... but a small note on the door saying "Do Not Enter" should carry the same weight as a locked dead bolt in a legal setting. |
|
|
ashrc4
Premium Member
join:2009-02-06
australia |
ashrc4
Premium Member
2013-Aug-21 12:59 am
Can we still use Starbucks wifi?
Not sure how they are going to maintain an even keel on this.
Wouldn't it be better to find/create law on trying to be deceitful? |
|
Rojo31
join:2009-04-14
New York, NY
kudos:1 |
to Cartel
Why do I get the feeling that this will eventually expand to banning proxies altogether? |
|
dave
MVM
join:2000-05-04
not in ohio
kudos:10 |
dave
MVM
2013-Aug-21 9:14 am
You'd have a hard time making proxies illegal, since quite a lot of outbound malware detection and/or URL access restrictions ('can't access smut.org from Xyx Corp's network') are implemented as proxies.
And how do you distinguish 'hiding your IP address' from 'using NAT'? |
|
 ·AT&T U-Verse
|
to Cartel
Back when I was on standard DSL with PPPoE, powering off the modem for a few minutes would get me a different IP. Perhaps the judge's ruling implies that a power outage is a violation of the Computer Fraud and Abuse Act  |
|
| |
to Link Logger
said by Link Logger:Interesting question, is a web site considered public or private, if its private then this is a logical outcome as it equates to trespassing. How do you think this ruling should have gone and why?
Blake
I don't think anyone is complaining about the outcome of the case. The defendant was being an asshole. It's no different when first amendment rights are denied at a supermarket. I don't think there's any question that the law of torts (trespass) can apply. But why do they have to apply the CFAA, thus expanding its scope and this a criminal action. Criminal trespass usually needed additional elements (e.g. violence) to make it a crime. |
|
TheWiseGuyDog And Butterfly
MVM
join:2002-07-04
East Stroudsburg, PA
kudos:3 |
to nwrickert
Well the judge did not rule it a crime, the judge simply refused to dismiss the cause of action. Also if you read the ruling you would see it was very specific to the case and depended on the fact that there was a cease and desist letter forbidding access to the site and they deliberately changed their IPs to avoid the IP ban. The case really is about does a company have the right to ban someone from their site, not about the use of a proxy or changing IPs. said by decision :3Taps asks this Court to hold that an owner of a publicly accessible website has no power to revoke the authorization of a specific user to access that website. However compelling 3Taps’ policy arguments, this Court cannot graft an exception on to the statute with no basis in the law’s language or this circuit’s interpretive precedent. said by decision :3Taps says that Craigslist had no power to “de-authorize” anyone, but it cannot point to any language in the statute supporting that conclusion. said by decision :To be sure, later cases may confront difficult questions concerning the precise contours of an effective “revocation” of authorization to access a generally public website. This Court cannot and does not wade into that thicket, except to say that under the facts here, which include the use of a technological barrier to ban all access, 3Taps’ deliberate decision to bypass that barrier and continue accessing the website constituted access “without authorization” under the CFAA. |
|
| |
Anon1
Anon
2013-Aug-22 1:41 am
said by TheWiseGuy:Well the judge did not rule it a crime, the judge simply refused to dismiss the cause of action. Also if you read the ruling you would see it was very specific to the case and depended on the fact that there was a cease and desist letter forbidding access to the site and they deliberately changed their IPs to avoid the IP ban.
The case really is about does a company have the right to ban someone from their site, not about the use of a proxy or changing IPs. said by decision :3Taps asks this Court to hold that an owner of a publicly accessible website has no power to revoke the authorization of a specific user to access that website. However compelling 3Taps’ policy arguments, this Court cannot graft an exception on to the statute with no basis in the law’s language or this circuit’s interpretive precedent. said by decision :3Taps says that Craigslist had no power to “de-authorize” anyone, but it cannot point to any language in the statute supporting that conclusion. said by decision :To be sure, later cases may confront difficult questions concerning the precise contours of an effective “revocation” of authorization to access a generally public website. This Court cannot and does not wade into that thicket, except to say that under the facts here, which include the use of a technological barrier to ban all access, 3Taps’ deliberate decision to bypass that barrier and continue accessing the website constituted access “without authorization” under the CFAA. Just read the case. Unfortunately there's a lot of problems with it. The judge did not explain what a technological block was. He also didn't rule it a crime because this was a civil case, not that the statute wouldn't apply criminally should a prosecutor pursue the case, that's why the rule of leniency was allowed to apply in this case. Anyways in theory the case could be seen like this. There's a man on the corner and he's giving out information. He doesn't like your face (IP block), so he says get out of here (C&D letter). So you ask someone else to get the information for you and convey it to you (proxy). Is there a crime of trespass or even civil trespass here? Craigslist should have gotten a restraining order. |
|
siljalineI'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC
kudos:18 |
to Cartel
Facebook makes a Federal Case when you attempt to access your account from an IP they don't see. |
|
jeisenbergNew Year's Eve
join:2001-07-06
Windsor, ON ·Cogeco Cable
|
to Anon1
said by Anon1 :Anyways in theory the case could be seen like this. There's a man on the corner and he's giving out information. He doesn't like your face (IP block), so he says get out of here (C&D letter). So you ask someone else to get the information for you and convey it to you (proxy). Is there a crime of trespass or even civil trespass here?
The way you frame the analogy, it sounds like the ruling is too broad. But I believe your analogy is flawed. A more apt analogy is that someone drives to your establishment and is banned. The security staff are supplied with the license number of the car to ensure it doesn't get through again. To avoid this, the person chooses to visit again, using a different car. |
|
TheWiseGuyDog And Butterfly
MVM
join:2002-07-04
East Stroudsburg, PA
kudos:3 |
to Snowy
said by Snowy: the court:
"Craigslist blocked the Internet Protocol addresses associated with 3Taps, but the data harvester continued to scrape data off Craigslist by concealing its identity with different IP addresses and proxy servers. Craigslist argued that the 3Taps' subterfuge violated the CFAA, which prohibits the intentional access of a computer without authorization that results in the capture of information from a protected computer."
BF mine, but that's where the court missed the boat.
How is Craigslist a protected computer? The term protected is not referring to protected in a security sense. It refers to a computer that is protected by the CFAA statute, which at this point seems to be almost any computer. |
|
| |
to jeisenberg
Well there's some theoretical legal debates as to whether this should be analogized to real property law or about speech and communication.
I am starting to think it should be about communication. There's no physical lines of property in a 3D sense on the internet, therefore the law of trespass doesn't quite make sense.
I also still think a proxy is basically hiring someone else to communicate information back to you, and it's not YOU yourself directly communicating with a server. Therefore it's not the same as you using a different car, going to another's place. The packet that you send over to the proxy isn't likely the same type of packet that comes out of the proxy to connect with the server.
Whether you can still be sued under agency law, well that all depends. |
|
 Lagz
Premium Member
join:2000-09-03
The Rock
1 edit |
Lagz to Cartel
Premium Member
2013-Aug-23 12:49 pm
to Cartel
Suppose some one posts a link on facebook. You click this link thinking its something else, but inadvertently just clicked threw to a site you have been banned from. How would that play out and what are your thoughts? edit: Scenario, say someone always browses on a free proxy, cause they want to remain and browse anonymously. They link to a site, but use the proxies link and post it on facebook. Just so we are all on the same page. My thought process can be strange to decipher some times(even for me).  |
|
jeisenbergNew Year's Eve
join:2001-07-06
Windsor, ON ·Cogeco Cable
|
to Anon1
In business (where the word "proxy" originated), a proxy is someone who you appoint to represent your interests when you cannot be there in person. A proxy is given specific instructions and is not acting as an independent entity. It is only in the electronic age that "proxy" has taken on a new meaning - tending to be an anonymizing agent. Trying to remain anonymous to circumvent a ruling banning you from entry (physical or communicative) is still an overt act, done in response to an acknowledgement that you have been banned. |
|
dave
MVM
join:2000-05-04
not in ohio
kudos:10 |
to Anon1
said by Anon1 :Anyways in theory the case could be seen like this. Only if you like imperfect analogy. Rather, the guy on the corner does not like your face, so you show up the next day wearing a mask. But arguing by analogy is rarely useful. |
|
| |
to jeisenberg
said by jeisenberg:In business (where the word "proxy" originated), a proxy is someone who you appoint to represent your interests when you cannot be there in person. A proxy is given specific instructions and is not acting as an independent entity. It is only in the electronic age that "proxy" has taken on a new meaning - tending to be an anonymizing agent. Trying to remain anonymous to circumvent a ruling banning you from entry (physical or communicative) is still an overt act, done in response to an acknowledgement that you have been banned.
Problem is that there was no ruling that was being circumvented, which non-lawyers don't seem to understand. A C&D letter is not the same as a restraining order issued by the court. A C&D letter is simply issued by the plaintiff's lawyer. If there was a ruling that was being circumvented, then the defendant would have been guilty of contempt, which is a far greater crime than what happened. That's why I said earlier that craigslist needed a restraining order issued by the court. Whether he would be guilty under agency law, by using a proxy? Besides the fact that there was no ruling, I'm not entirely sure if we aren't using real property trespass law analogies. I'm not saying the court had the wrong result, because I don't think what the defendant was doing was right. Only the method on how they got to the result was wrong. There are a whole bunch of other ways to get the same result without expanding the CFAA. Simply ruling by using copyright laws would have caused the defendant to cease all action. The judge needs to define what a "technological block" is. I personally don't think a tech. block that is so easily circumventable is considered hacking under the CFAA. Is using a CDN cached page now considered hacking too? Is using google's cache searches considered circumventing? |
|
| Anon1 |
Anon1 to Lagz
Anon
2013-Aug-23 3:24 pm
to Lagz
said by Lagz:Suppose some one posts a link on facebook. You click this link thinking its something else, but inadvertently just clicked threw to a site you have been banned from. How would that play out and what are your thoughts? Hmm... this is SHOULDN'T have been a worry. The CFAA usually requires at least a mens rea of recklessness or higher. Clicking on a strange link inadvertently shouldn't be considered a reckless in the court of law. HOWEVER. You do have a point. If we are analogizing to trespass and real property law. So long as you intended to be somewhere, that's enough to be considered trespassing. So it's not whether you intended to commit the crime of trespass, but whether you intended to be on a particular area of land. There are people who have been caught trespassing by accidentally crossing over to someone's land and hunting on it. They didn't INTEND TO TRESPASS, but they intended to go on that piece of land. So... if the judge is serious about this trespass analogy, I suppose we should now be worried of this possibility. |
|
TheWiseGuyDog And Butterfly
MVM
join:2002-07-04
East Stroudsburg, PA
kudos:3 |
to Lagz
said by Lagz:Suppose some one posts a link on facebook. You click this link thinking its something else, but inadvertently just clicked threw to a site you have been banned from. How would that play out and what are your thoughts?
edit: Scenario, say someone always browses on a free proxy, cause they want to remain and browse anonymously. They link to a site, but use the proxies link and post it on facebook. Just so we are all on the same page. My thought process can be strange to decipher some times(even for me).
The statute » www.law.cornell.edu/usco ··· /18/1030 that the judges ruling is based upon, deals with knowing or intentional access of a computer. Web sites are stored as data on a computer, they do not exist in thin air. The judge made it clear that the ruling was based on the specific facts in this case, the defendant company was notified they were not authorized and an IP block was deliberately circumvented. So this case would not be a precedent if you "accidentally" went to an unauthorized site using a proxy. Of course that might change if you continued to access the site once you realized you were accessing a site you were not authorized to access. |
|
Lagz
Premium Member
join:2000-09-03
The Rock |
Lagz
Premium Member
2013-Aug-23 4:35 pm
The problem though is this. The ruling sets a precedent. The term "comb the books" is common knowledge because that's what prosecutors do. Prosecutors will use this ruling in ways it wasn't intended. Kind of like wiretapping laws and video recording police. |
|
·
·
·
·
