[salted-fry]

My understanding is that, under the CFAA, any unauthorized access to commercial servers is a felony (more-or-less; there are some requirements here, but as I recall they're so broad that they basically always apply).

The theory here is that, after breaking the TOS, if you continue to use the service then that use is unauthorized and therefore felonious.

As the EFF notes, previous judges have refused to rule it this way, basically on the basis of "that's insane, even if it is what the law says".

Edit: for reference, the relevant legal bits are here, in section (a.2.C), with relevant definitions in (e.2.B): https://www.law.cornell.edu/uscode/text/18/1030

[turc1656]

To me, that's kind of the equivalent of saying that if someone sends you the direct link to a file on a site that normally prompts to accept an agreement, and instead you bypass that with the direct link, you could be considered a felon because you didn't agree to the ToS, which is required to access that file. I think most people would say that anything publicly available that easily isn't protected and it is considered fair access for anyone with an internet connection. You would have to have some kind of protection to restrict access for anything to be deemed "unauthorized".

For this particular case, they were just told to cease and desist with the scripting/scraping of the data. Access was never revoked. Any decent lawyer should be able to easily make a claim that a reasonable person thought they still had authorized access because it had not been revoked. I don't think the article makes clear whether or not they had a username/password login or whether or not the files were available just with public URLs, but it doesn't matter in my mind because the company had a business relationship with Oracle to provide third party support for Oracle products. They would have to block access, end the business agreement, or specifically notify them that continued access is no longer allowed for the unauthorized access argument to hold up.