DC Judge Rules Against Criminal Penalties for Terms of Use Violations


The District Court for the District of Columbia ruled that website terms of service are not legally binding when it comes to data researching purposes, allowing researchers to break agreements on employment websites. In their opinion, the court said criminalizing terms of service agreements would turn individual websites into criminal jurisdictions and legislatures.

“The Court concludes that the CFAA (Computer Fraud and Abuse Act) does not criminalize mere terms-of-service violations on consumer websites and, thus, that plaintiffs’ proposed research plans are not criminal under the CFAA,” the memorandum opinion says.

The plaintiffs in the case, including Northeastern University professors Christopher Willson and Alan Mislove, planned to test if employment websites discriminate based on race and gender by creating fictitious job postings and job seekers. This would violate the websites’ terms of service because they would be providing false information; they said the job postings would be clearly fake and would not hinder the function of the websites.

The plaintiffs brought this pre-enforcement lawsuit to the courts in 2016, hoping the court would rule that their intentions are legal, based on the right of free speech in the First Amendment. They claim terms of service agreements would criminalize research plans and journalistic activities.

The plaintiffs, including four researchers and First Look Media Works Inc. are represented by the American Civil Liberties Union of the District of Columbia. The government argued that the First Amendment protections don’t shield plaintiffs from private websites’ choices. The court also concluded that the First Amendment claim made by the Plaintiffs was moot.

The court dismissed the case and denied both parties’ motions for summary judgment. It determined that a website terms of service agreement does not provide adequate notice for criminal liability. The court further determined that criminal liability could be present if a user was getting information they are not entitled to. They said the research proposed in this case does not constitute a violation of the “exceeds authorized access” provision of the CFAA.