Wednesday, May 01, 2013

Can circumventing an IP-address block be a crime under CFAA?

In an article on Craigslist on EFF linked this morning on my main (“BillBoushka”) blog, there was some discussion of IP address blocking.
Websites sometimes do block traffic coming from specific IP addresses or ranges, mainly to ward of spam or DDOS attacks. 
EFF takes up the question as to whether it could be a crime for a blocked address to access the site from another address. Apparently, Craigslist had tried to maintain that doing so could be a criminal violation of the Computer Fraud and Abuse Act (CFAA).  But, in the wake of the Aaron Swartz tragedy, a lot of attention is being paid to ensuring that violations of a sites Terms of Service do not rise to the level of criminal complaints. 
The possibility could exist that a particular party blocks another one because of a personal issue, or perhaps by suspicion of overuse, obsession, stalking and the like.  This can be done on Apache and other servers (by manipulating ".htaaccess").  It might be done to prevent “vandalism”.  But it would not be illegal for the same party to use a different IP (like a different mobile device), an Internet café, a hotel, etc.  

No comments: