Page 228 - A Study on the Role of UGC Platforms in Copyright Law：An Intermediary-oriented Approach

P. 228

A Study on the Role of UGC Platforms in Copyright Law: Chapter 7 Platform Users’ Entitlement to UGCs: Human Use and Web Scraping
An Intermediary-oriented Approach

meaning that ‘to access a computer with authorization and to use such access to obtain or
121
alter information in the computer that the accesser is not entitled so to obtain or alter’.
122
Nevertheless, the definition itself has proven to generate more confusion than remedies.
It has remained unclear whether a user ‘exceeds authorised access’ when she/he obtains
or alters the information that she/he is authorised to access but uses the information for an
unauthorised purpose, or when she/he obtains or alters the information that she/he does not
123
have authorisation to access for any purpose.
Under the former approach, an individual can be convicted for either accessing
the information without authorisation, or obtaining or altering the information without
authorisation even though the information has been accessed with authorisation. This
suggests that both unauthorised access, which usually occurs in the case of computer
hacking, and unauthorised use, such as an employee’s use, are subject to the CFAA. Whereas,
under the latter approach to the interpretation of ‘exceed authorised access’, an individual
will be convicted only if his/her access is without authorisation or the authorisation has
124
been revoked. This interpretation is narrow than the former one. The only element is
unauthorised access, including access without authorisation from the beginning, such as
computer hackers’ access, and the access whose authorisation has been revoked, such as a
former employee’s access.
According to Andrew Sellar’s empirical research on the past 20 years of CFAA litigation,
the latter interpretation has prevailed in recent years, which is also the interpretation
embraced by this thesis. By decriminalising indivisuals who have accessed the information
125
with authorisation, this interpretation alleviates the chilling effects of the criminal statute
and corresponds to the purpose of the CFAA, which is to thwart hackers who have no access
to the hacked computer. The crux of the CFAA is unauthorised access. Nevertheless, the
CFAA does not provide any guidance to define ‘authorisation’. The line between between
unauthorised access and unauthorised use is also unclear. The following sections investigate
the definition of these important terms.
(1) What constitutes ‘unauthorisation’?
Some have claimed that a UGC platform grants users authorisation to access its
UGCs through its ToU/ToS. Thus, access that violates the ToU/ToS is access ‘without

121 18 U.S.C. § 1030(e)(6).
122 Riley (n 6) 246; Clark S. Splichal, ‘Recent Development: Craigslist and the CFAA: The Untold Story’ (2016) 67 Florida L
Rev 1845, 1856; Williams, ‘Automation Is Not “Hacking”’ (n 109) 422-423; Andrew Sellars, ‘Twenty Years of Web Scraping
and the Computer Fraud and Abuse Act’ (2018) 24 Boston University Journal of Science and Technology Law 372, 375;
James Grimmelmann, ‘Consenting to Computer Use’ (2016) 84 George Washington Law Review 1500, 1502.
123 United States v. Valle, 807 F.3d 508, 511-512 (2d Cir. 2015).
124 Facebook v. Power Ventures, 828 F.3d 1068, 1074 (9th Cir. 2019).
125 Sellars (n 122) 379-380.

• 214 •

223 224 225 226 227 228 229 230 231 232 233