Hearst Changes Online TOS Because CFAA is a Terrible Law
Hilariously enough, until earlier this month, reading Seventeen magazine or CosmoGirl online was a felony for the vast majority of their readers. No, we're not talking about creepy future prison inmates perusing the latest teen girls' magazines - we're talking about the teens themselves.
According to the Electronic Frontier Foundation, Hearst Magazines, as well as a number of news sites, restrict readership to those who are over 18. There are a number of good reasons for this, not the least of which is avoiding any trouble from accidentally displaying mature content on sites open to minors. Think of it as a "CYA" provision.
That provision may have protected the sites, but unfortunately, it was making the users into felons. We're going to go out on a limb here and presume that most readers of Seventeen, CosmoGirl, Teen, and MisQuince are under-18. That means they were violating the sites' terms of service simply by accessing the sites.
Combine that with the alarmingly-overbroad Computer Fraud and Abuse Act, and you have thousands of teenage girl felons. The CFAA makes it a felony to "hack" a site. Hacking, of course, is defined (and interpreted by the Justice Department) to include such simple acts as violating the private Terms of Service of any website.
Hearst, not wanting to start their readers on the slow decline to juvenile delinquency, revised their TOS almost immediately after the EFF notified them of the legal absurdity.
You're probably thinking: there's no way that a prosecutor would charge a 17-year-old with a felony for accessing CosmoGirl. And you're probably right. But that doesn't improve the much-criticized law, which was written in pre-Internet days.
We're not going to cite Aaron Swartz as a reason to change the law. Though he was prosecuted (in part) under the CFAA before he committed suicide, it was alleged that he did a lot more than access a site or violate someone's TOS. The indictment alleged that he hard-wired into an MIT network by hiding his computer in a box in a closet after being banned from the wireless network for downloading too many JSTOR articles. That's a bit more egregious than violating a site's TOS.
The most relevant example is Lori Drew, the mother who created a fake MySpace profile and cyber-bullied a teenage girl until she committed suicide. Though Drew wasn't a sympathetic defendant, it is interesting to note that she was not charged with harassment or murder, but with violations of the CFAA because she broke MySpace's TOS by creating a fake profile. It was creative charging in order to punish a defendant that likely deserved it - but it set a dangerous precedent.
More importantly, it brought attention to the need to update decades-old computer laws. Both the CFAA and the Electronic Communications Privacy Act were written in pre-Internet days and as such, aren't equipped to deal with the realities of the modern internet.
- Google Fights For Users' Privacy; Still Playing by 80s Rules (FindLaw's Technologist)
- Professor Orin Kerr's Coverage of the CFAA (Volokh Conspiracy)
- Computer Fraud And Abuse Act Reform (Electronic Frontier Foundation)
- The Legal Legacy of Aaron Swartz (FindLaw's Technologist)
You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help
Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.