Credit: Vince (uvw916a)

Proxy servers, like other technologies that facilitate anonymity, serve both good and bad interests. On the one hand, they have helped people living under oppressive regimes view otherwise-censored content. On the other hand, they are used to facilitate criminal activity, including terrorist attacks. The function of a proxy server is not complicated: you access the server from your computer, and the server completes tasks—visiting websites, sending email, etc.—that your computer would otherwise do, thus shielding your identity from whoever might be interested in that behavior. Proxies are a means to an end, and by themselves, are generally uncontroversial.

The US Computer Fraud and Abuse Act (CFAA), 18 US.C. § 1030, however, might turn some uses of such measures into criminal behavior. In a recent decision, Judge Charles Breyer of the Northern District of California ruled that using proxies to avoid a website’s ban (coupled with a cease-and-desist letter) constitutes a violation of the CFAA. The case is Craigslist v. 3taps [PDF], and the facts are simple: 3taps’ servers aggregated ads from Craigslist, reposting those ads on their own site. Craigslist responded by sending 3taps a cease-and-desist letter and blocking IPs associated with 3taps’ servers. 3taps responded by ignoring the cease and desist letter, and using proxy servers to get around the IP address ban. Craigslist finally sued 3taps, alleging copyright, state law, and CFAA violations.

The CFAA claim is where the case gets complicated. The CFAA prohibits intentionally accessing a computer “without authorization,” as well as exceeding authorized access. Many commentators argue that this must involve “circumventing a technological barrier.” In this case, the access “without authorization” came from the breach of the terms of use and cease-and-desist letter, and the “technological barrier” was the IP address ban. 3taps had its own problem with Craigslist’s revocation of authorization to a public site, but it is part of the court’s opinion analyzing the use of proxies that has riled Internet activists.

The Electronic Frontier Foundation, for one, isn’t too happy about it. “We believe that the CFAA requires hacking . . . [c]hanging your IP address is simply not hacking.” The EFF points to the many legitimate reasons for using proxy servers—like preventing price discrimination and privacy protection—and argues that bringing this behavior under the CFAA could create potential for abuse from websites. “There’s a serious potential for mischief that is encouraged by this decision, as companies could arbitrarily decide whose authorization to ‘revoke’ and need only write a letter and block an IP address to invoke the power of a felony criminal statute in what is, at best, a civil business dispute.”

This is one of the chief criticisms of the CFAA: harsh penalties for relatively trivial behavior. Websites ban people—perhaps sending an email along with that ban—for many reasons, such as using offensive language, posting inappropriate (but not illegal) content, and many other things that have no moral implications beyond that site’s terms of use. Using a proxy to get around such a ban is like putting on a fake mustache to shop at a store where the owner hates you. And yet, under the CFAA, this could mean a federal prison sentence.

CFAA penalties previously created an internet firestorm after the suicide of Aaron Swartz, an internet pioneer and activist. Swartz was facing up to 35 years following a JSTOR downloading spree during which he concealed his IP, spoofed his MAC address, and broke into an MIT network equipment closet. While Swartz’ actions were undoubtedly worse than 3taps’, he acted in the name of freedom of information—and he became a martyr for his cause.

The CFAA, it seems, is in desperate need of modernization. Actions that would seem incredibly technical to the politicians of twenty years ago—who were worried about genius Lawnmower Men clogging up the Series of Tubes—are now trivial for anyone who has grown up with the technology. While Craigslist probably should have the right to stop competitors from using Craiglist’s ads for their own business, the proper reaction is not to lock up every teenaged internet troll, no matter how much we’d like to do so.

–Jacob Schumer

Image Source

One Response to Got Banned from a Site? Using a Proxy to Get Back on Might Be a Federal Offense

  1. Zachary Loney says:

    I was personally interested in the fact that Judge Breyer acknowledged that banning an IP address is imperfect.

    An everyday user can change their IP address simply by connecting to the internet through a different network. Someone banned from their home IP could still access the site at work, school, or from their phone and be considered a hacker in violation of the CFAA. This may be the “thicket” that Judge Breyer refused to enter, but it bears consideration by someone.