Can public websites decide who is and is not a criminal through their terms of service? A brief EFF filed yesterday argues no.
The amicus brief is a follow-up to one we filed last month in Facebook v. Power Ventures. Facebook claims that Power breaks California criminal law by offering users a tool that aggregates their own information across several social networking sites. For some, it may be a useful way to access various social network information through one interface. The tool also makes it easier for users to export their data out of Facebook. In its suit against Power Ventures, Facebook claims that the tool violates criminal law because Facebook's terms of service ban users from accessing their information through "automated means."
Another wrinkle in the case is Facebook's attempt to interfere with uses of the Power service through IP address blocking. In response to the block, Power simply changed its IP address so it could continue to provide its service. The IP address blocking used by Facebook was a crude attempt to control the means by which authorized users could access the website; it was not aimed at distinguishing between authorized and unauthorized users. Yet, remarkably, Facebook claims that Power's IP address change is also a violation of the law. Indeed, Facebook's claimed prohibition against "automated means" of access is so broad that it could be read to prevent any automatic process for presenting your credentials -- even the "remember my password" functions in web browsers.
As social networking increases in popularity, it's important that users are able to preserve their rights when using these services, including the right to choose competitive services and to take their information and leave. That's why we've developed a Bill of Rights for Social Nework users. Users deserve to maintain control of their information without facing criminal threats.