Court rules that IP cloaking to access blocked sites violates law

Disguising an IP address or using a proxy server to visit Web sites you've been banished from is a violation of the Computer Fraud and Abuse Act, a federal judge has ruled.

U.S. District Court Judge Charles R. Breyer for the Northern District of California issued the ruling Friday in a copyright infringement lawsuit between Craigslist and data harvester 3Taps. The legal dispute began in July 2012 when Craigslist sent a cease-and-desist letter to apartment listing app PadMapper, claiming it was violating the site's terms of service by scraping apartment rental information from the online classifieds site.

PadMapper complied and took the listings down before 3Taps provided a workaround. Craigslist soon filed a copyright claim against 3Taps and PadMapper, which displays and links listings, found on Craigslist and other services, on a Google map. 3Taps countersued, claiming that Craigslist was trying to create a monopoly by squeezing out competition in the growing market.

Craigslist blocked the Internet Protocol addresses associated with 3Taps, but the data harvester continued to scrape data off Craigslist by concealing its identity with different IP addresses and proxy servers. Craigslist argued that the 3Taps' subterfuge violated the CFAA, which prohibits the intentional access of a computer without authorization that results in the capture of information from a protected computer.

In his 13-page opinion (PDF), Breyer sided with Craigslist and denied 3Taps' motion to dismiss Craigslist's CFAA claims.

"The law of trespass on private property provides a useful, if imperfect, analogy," Breyer wrote. "Store owners open their doors to the public, but occasionally find it necessary to ban disruptive individuals from the premises."

3Taps disagreed with the court's interpretation, calling Craigslist's argument a "misuse" of CFAA, but said it would respect the court's decision.

"Accordingly, 3Taps will adhere to the current interpretation of the law and will immediately cease all access to Craigslist's servers," the company said in a statement (PDF). "Going forward, 3Taps will operate based on its understanding that if it does not access Craigslist's servers, it has a right to collect public information originally posted on Craigslist's Web site."

The 1984 law, which was invoked in the federal prosecution against late Internet activist Aaron Swartz, has been criticized as overly broad. In his opinion, Breyer noted those concerns but said the courts were not the appropriate venue to address them.

"The current broad reach of the CFAA may well have impacts on innovation, competition, and the general 'openness' of the Internet, but it is for Congress to weigh the significance of those consequences and decide whether amendment would be prudent," he wrote.

Citing the case of Swartz, who committed suicide earlier this year while under federal prosecution, U.S. Rep. Zoe Lofgren introduced a bill earlier this year to reform the 29-year-old anti-hacking law. Some courts have already taken a dim view of the law. In an April 2012 ruling, the 9th U.S. Circuit Court of Appeals rejected the government's broad interpretation of the law, warning that millions of Americans could be subjected to prosecution for harmless Web surfing at work.

Updated at 10:30 p.m. PT with 3Taps' statement.