Page 227 - A Study on the Role of UGC Platforms in Copyright Law：An Intermediary-oriented Approach

P. 227

A Study on the Role of UGC Platforms in Copyright Law: Chapter 7 Platform Users’ Entitlement to UGCs: Human Use and Web Scraping
An Intermediary-oriented Approach

modest role sui generis protection has played in protecting databases, tort has become the
primary weapon to protect UGC platforms against web scrapers. Tort law style regulations
have focused on the act of web scraping rather than the copyrightability of the UGC
database. As web scraping consists of two acts, access and use, two types of tort law are
relevant: trespass law and anti-unfair competition law. The next session discusses trespass
law, which takes two forms: The Computer Fraud and Abuse Act (CFAA) and trespass to
chattels. 116
7.3.4 Trespass Law

1) Computer Fraud and Abuse Act (CFAA)
The CFAA is a US criminal law enacted in 1984 to punish anyone who ‘intentionally
accesses a computer without authorisation or exceeds authorised access, and thereby
obtains...information from any protected computer’. The CFAA was designed to
117
combat computer hackers, but in recent years it has been invoked as a massive computer
118
misappropriation statute to protect website owners from scrapers. Nevertheless, as the
target today is not what the legislators had in mind 30 years ago, fierce controversies have
arisen with regard to how far the CFAA can reach.
Before going into technical details, I should clarify that the term ‘computer’ is outdated
and confusing in the Internet age. The CFAA was initially used to target computer hackers,
and later employees who tried to obtain or alter information that was stored in particular
computers. Thus a ‘computer’ was the proper object to determine the legality of accessing
a person’s behaviour. However, in the context of web scraping, websites are publicly
119
available and website information is automatically stored in every computer that accesses
a website. Hence, instances in which an individual ‘accesses a computer without
120
authorisation or exceeds authorised access’ rarely happen. To save the CFAA from becoming
null in the UGC context, courts have chosen to interpret CFAA as prohibiting access to
information without authorisation or exceeding authorization, as shown by the following
cases.
Two substantial terms have been invoked to draw the line for convicted behaviour:
‘without authorisation’ and ‘exceeds authorised access’. Both have been the subject of
consistent controversy. The CFAA only defines the term ‘exceed authorised access’,

116 Though unfair competition is sometimes discussed separately from tort, unfair competition law is essentially a business tort
against unfair practices in the context of a business setting.
117 CFAA, 18 U.S.C. § 1030(a)(4).
118 Jamie L. Williams, ‘Automation Is Not 'Hacking': Why Courts Must Reject Attempts to Use the CFAA As an Anti-
Competitive Sword’ (2018) 24 Boston University Journal of Science and Technology Law 416, 419.
119 Abbey P. Coffin, ‘Cyber Law—Dismissing Employer's Claim Under the CFAA Against Former Employees Who Allegedly
Misappropriated Trade Secret’ (2013) 46 Suffolk University Law Review 1261, 1264.
120 Riley (n 6) 247.

• 213 •

222 223 224 225 226 227 228 229 230 231 232