"But last year, a federal district court in Nevada found a defendant guilty under both the California and Nevada state computer crime statutes for nothing more than that—violating Oracle’s website’s terms of use."
That's insane. The terms of service is essentially a contract that you are agreeing to to use the website/software/service. Failure to adhere to it is a breach of contract, not a violation of law.
If you break an NDA, for example, you don't wind up in jail or have a criminal history. The other party takes you to court to enforce the penalty listed out in the contract for the breach.
My understanding is that, under the CFAA, any unauthorized access to commercial servers is a felony (more-or-less; there are some requirements here, but as I recall they're so broad that they basically always apply).
The theory here is that, after breaking the TOS, if you continue to use the service then that use is unauthorized and therefore felonious.
As the EFF notes, previous judges have refused to rule it this way, basically on the basis of "that's insane, even if it is what the law says".
To me, that's kind of the equivalent of saying that if someone sends you the direct link to a file on a site that normally prompts to accept an agreement, and instead you bypass that with the direct link, you could be considered a felon because you didn't agree to the ToS, which is required to access that file. I think most people would say that anything publicly available that easily isn't protected and it is considered fair access for anyone with an internet connection. You would have to have some kind of protection to restrict access for anything to be deemed "unauthorized".
For this particular case, they were just told to cease and desist with the scripting/scraping of the data. Access was never revoked. Any decent lawyer should be able to easily make a claim that a reasonable person thought they still had authorized access because it had not been revoked. I don't think the article makes clear whether or not they had a username/password login or whether or not the files were available just with public URLs, but it doesn't matter in my mind because the company had a business relationship with Oracle to provide third party support for Oracle products. They would have to block access, end the business agreement, or specifically notify them that continued access is no longer allowed for the unauthorized access argument to hold up.
Actually, breaking an NDA might be theft of trade secrets, which in certain cases may be prosecuted as a crime. See, e.g., 18 U.S.C. § 1832[1].
(But, agreed that a ToS violation shouldn't ever be a crime by itself - that reading of the CFAA would give, for example, website operators the power to write criminal law).
True, it could be theft of trade secrets or something else. But that would depend on what you did with the information. Just breaking the NDA by blabbing to someone isn't a crime in of itself, but it is a breach of contract, which is what I was trying to get at.
Yeah, that's exactly right. Theft of trade secrets only applies in a narrow set of circumstances, but a broad reading of the CFAA could be applied to any condition in a TOS, which is why it is way more troubling.
It's not a contract, it's a license. A license grants you rights to something which is exclusively someone else's and that by default you have no rights to. But agreed that violation is not a crime, see my reply to @holtalanm below.
License and contract are overlapping, not mutually exclusive (a license can either be a gratuitous license or a license contract.)
Website ToS may be (a component of) either sort of license arrangement. (On a site where your access is undisputably part of an exchange-for-value, like a pay site, you have a contract relationship and the ToS are almost certainly a part of that contract, probably by reference.)
That's insane. The terms of service is essentially a contract that you are agreeing to to use the website/software/service. Failure to adhere to it is a breach of contract, not a violation of law.
If you break an NDA, for example, you don't wind up in jail or have a criminal history. The other party takes you to court to enforce the penalty listed out in the contract for the breach.