I can see two claims here: (1) the name is arguable confusingly similar to WhatsApp and could be considered a trademark violation, (2) using the service without permission could qualify as "exceeding authorized access" under the CFAA (Computer Fraud and Abuse Act, which is meant more for people who crack security for other purposes; although there's an argument that it applies here).
Even if we were to assume the CFAA is a reasonable and just law that should be applied in this case, it would still apply to those who use the code in a way that was against WhatsApp's permission, not for the one who provided the code. You might as well send legal threats to github for hosting the code.
Aiding and abetting someone breaking the law is often illegal. Consider someone building and selling physical lock picks, even with a clear legal use case it's considered a grey area.
One important consideration is whether your state, local, or national laws consider possession to be prima facie intent to commit a crime.http://lockwiki.com/index.php/Legal_issues
Tools that have both legal and illegal uses have a lot more latitude. Consider TOR was funded by the US government in the first place; they clearly had non-criminal intent in mind.
It's hard to picture a 'legal' use for something that is tied to a proprietary API.
Being used with that API when there is permission to do such and being an example to help someone who is building a similar access to the API (with permission).
Also, TOR was funded with illegal uses in mind. Beneficial to the US government, perhaps even legal with the US, but illegal in their intended application.
> Also, TOR was funded with illegal uses in mind. Beneficial to the US government, perhaps even legal with the US, but illegal in their intended application.
In what way is browsing the internet without someone recording your every move illegal? You may choose to use the anonymity for illegal purposes. But you may also choose to use your car or house for illegal purposes and no one says that these should be illegal.
I think you and Lawtonfogle are in agreement. For example, anonymity on the internet is illegal (or very close to it) in China, and Tor is meant to circumvent that law. Thus, it was designed for an illegal purpose as far as the Chinese government sees it.
It's the "in part" bit that is key (also the fact that this is legal in some countries). Where a tool has legitimate uses it tends to be legal (but may have restrictions placed upon its use - an example from the physical world is machetes) whereas when something has only illegitimate uses it tends to be made illegal (e.g. flick knives). Tor is the first category, some illegal use and some legal. An API for a proprietary service is tied to that services and can only be used to access it if this access is not allowed then why should the tool exist?
It has legal uses that I've already pointed out. First, it is legal to use by anyone with permission. Second, it serves as an example of code for others to learn from.
As for bans on knives and such, I consider such bans just as unjustified.
Yeah. I don't agree with the legal threats in any way; I'm simply answering "what law does the attorney claim was broken?"
I don't know enough about the CFAA to say whether providing the tools to exceed authorized access counts as an additional violation. But it would be reasonable to assume that creating the tools required (sporadic) efforts to exceed authorized access.
TBH, the CFAA scares me. While it isn't used to the full potential, it makes a vast amount of normal internet activity a felony, which then allows those in charge to pick off who they want as long as they don't incur too much outrage.
According to Sen. Ron Wyden (D-Ore.), the current incarnation of CFAA would make a mere violation of a website’s terms of service, like lying about your age on Facebook a felony.[1]
Another practice would be changing the '1' to a '2' in the URL http://www.example.com/1.pdf, since the computer running www.example.com is a 'protected computer', and you didn't get authorization to access 2.pdf on the server.
"Protected computer" is basically any server. The CFAA defines it as any computer used or affecting "interstate or foreign commerce", which works out to be most of the internet, thanks to CDNs and the practice of centralized data-centers.[2]
