Hacker News new | ask | show | jobs
by pbasista 246 days ago
Are you implying that if a US "service" consists of e.g. publicly accessible HTTP endpoints, it is illegal to use these endpoints in the US without "accepting" some terms and conditions that the provider of these endpoints requires its users to accept before using them?

I do not understand how such a requirement would be legally enforceable for public endpoints.
4 comments
wat10000 246 days ago
You can reasonably assume that if no terms and conditions were offered, then your use of a publicly accessible endpoint is authorized.

But if terms and conditions ARE offered to you, and you bypass acceptance somehow, then you're knowingly accessing the system without being authorized.

I really doubt this would be prosecuted except as part of some much larger misbehavior, but it is there.

link
_carbyau_ 245 days ago
If I use wget to mirror a site and there are terms and conditions that I never see then I'm "using a public facing API while being unaware of terms and conditions".

So, then what?

link
ItsHarper 245 days ago
I mean, the CFAA being discussed is a notoriously broad law that's far too easy to run afoul of without realizing it.It's totally possible a court could seem that illegal.
link
_carbyau_ 245 days ago
Man, the law really needs some technical nous...
link
delichon 246 days ago
Simply violating a TOS is not a federal crime, as long as it doesn't circumvent a technical barrier like a subscription wall. This is a new SCOTUS interpretation of the Computer Fraud and Abuse Act as of 2021, in Van Buren v. United States.
link
ralph84 246 days ago
Yes of course. Ask weev how the “it was publicly accessible” defense worked out.
link
landdate 245 days ago
That's a different situation. Those urls weren't meant for public use, and provided private information on user devices.

Furthermore, on reading the wikipedia page, his conviction was vacated.

> On April 11, 2014, the Third Circuit issued an opinion vacating Auernheimer's conviction, on the basis that the New Jersey venue was improper,[60] since neither Auernheimer, his co-conspirators, nor AT&T's servers were in New Jersey at the time of the data breach.

> While the judges did not address the substantive question on the legality of the site access, they were skeptical of the original conviction, observing that no circumvention of passwords had occurred and that only publicly accessible information was obtained

https://en.wikipedia.org/wiki/Weev#Imprisonment

link
010101010101 245 days ago
If I make a list of people’s private information publicly accessible on accident without their permission and you access it which one of us is liable?
link
heavyset_go 246 days ago
How much money, time and freedom to waste do you have to fight and then appeal this from jail then prison?
link