Page 229 - A Study on the Role of UGC Platforms in Copyright Law:An Intermediary-oriented Approach
P. 229

A Study on the Role of UGC Platforms in Copyright Law:   Chapter 7 Platform Users’ Entitlement to UGCs: Human Use and Web Scraping
 An Intermediary-oriented Approach

                              126
                 authorisation’.  Nevertheless, because a ToU/ToS constitutes an adhesion contract
                 unilaterally crafted by the UGC platform, this interpretation would turn every violation
                                                        127
                 of a private use policy into a federal crime.  Consequently, the Ninth Circuit Court of
                 Appeals explicitly rejected this approach in the landmark case of United States v. Nosal (I),
                 clarifying that ‘violat[ing] an employer's use restrictions, without more, is not a crime’ under
                          128
                 the CFAA.  However, it did not list any restrictions that qualified as ‘more’ to establish
                 criminal liability.
                    Subsequent decisions have been split on what qualifies as authorisation. In Facebook v.
                 Power Ventures, the Ninth Circuit Court of Appeals acknowledged that the plaintiff website’s
                 issuance of a cease and desist letter and the deployment of Internet protocol (IP) address
                                                              129
                 blocks rendered the defendant’s access unauthorised.  Some courts have found that a cease
                 and desist letter alone can terminate access authorisation the defendant once gained, because
                 a cease and desist letter ‘was of far greater practical and legal significance than a generally
                                   130
                 applicable’ ToU/ToS.
                    Some courts have declined to convict a defendant under the CFAA, based on the
                 plaintiff website’s written restrictions such as ToU/ToS or cease and desist letters, finding
                 that this would empower private entities to define the scope of criminal law. These courts
                 have held that only tougher means constitute qualified authorisation under the CFAA. They
                 have preferred technological blocking measures such as IP address blocks and CAPTCHA
                                                       131
                 (used to block bots from accessing a site).  In the seminal case of hiQ v. LinkedIn, the
                 court acknowledged that only code-based authorisation meets the authorisation threshold
                 of the CFAA, whereas other softer measures such as IP address blocks and CAPTCHA
                 do not.  Code-based authorisation, introduced by George Washington University Law
                       132
                 School Professor Orin Kerr, has been defined as a system ‘of tricking the computer into

                 126  EarthCam, Inc. v. OxBlue Corp., 703 Fed. App'x 803, 808 & n.2 (11th Cir. 2017) (stating that ‘one of the lessons from [circuit
                    precedent] may be that a person exceeds authorized access if he or she uses the access in a way that contravenes any policy
                    or term of use governing the computer in question’, and noting the dissenting views of other circuits); CollegeSource, Inc. v.
                    AcademyOne, Inc., 597 Fed. App'x 116, 130 (3d Cir. 2015) (suggesting that defendants can be prosecuted under the CFAA
                    if they ‘breach[ed] any technological barrier or contractual term of use’); EF Cultural Travel BV v. Zefer Corp., 318 F.3d 58,
                    62 (1st Cir. 2003) (‘A lack of authorization could be established by an explicit statement on the website restricting access. . . .
                    Many webpages contain lengthy limiting conditions, including limitations on the use of scrapers’.); DHI Group, Inc. v. Kent,
                    No. CV H-16-1670, 2017 WL 4837730, at *12 (S.D. Tex. Oct. 26, 2017) (The court agrees with the Magistrate Judge that
                    Oilpro's allegations of a knowing violation of the terms and conditions of the website are sufficient to state a claim under both
                    the CFAA and the THACA); Southwest Airlines Co. v. Farechase, Inc, 318 F. Supp. 2d 435, 439 (N.D. Tex. 2004); Craigslist
                    Inc. v. 3Taps Inc., 942 F.Supp.2d 962, 972 (N.D. Cal. 2013).
                 127  United States v. Valle, 807 F.3d 508, 528 (2  Cir. 2015).
                                              nd
                                              th
                 128  United States v. Nosal, 642 F.3d 781, 789 (9  Cir. 2011).
                 129  Facebook, Inc. v. Power Ventures, Inc., 844 F.3d 1058, 1063 (9th Cir. 2016).
                 130  Ticketmaster L.L.C. v. Prestige Entm’t W., Inc., No. 2:17-CV-07232-ODW-JC, 2018 WL 2448115, at *15 (C.D. Cal. May 29,
                    2018).
                 131  Couponcabin LLC v. Savings.com, Inc., No. 2:14-CV-39-TLS, 2017 WL 83337, at *9 (N.D. Ind. 11 Jan. 10, 2017);
                    Ticketmaster v. RMG Technologies, 507 F. Supp. 2d 1096, 1021 (C.D. Cal., 2007).
                 132  hiQ Labs, Inc. v. LinkedIn Corp., 273 F. Supp.3d 1099, 1112 (N.D. Cal. 2017)


                                                                                          • 215 •
   224   225   226   227   228   229   230   231   232   233   234