Public Website May Block Individual Access

A publicly accessible website may selectively block users from using the website, and attempts by a blocked user to access the site may be a violation of the Computer Fraud and Abuse Act (CFAA).

A federal district court ruled that Craigslist, Inc. had the right to block 3taps, Inc. from accessing the advertising site.  Craigslist alleged in a lawsuit that 3Taps “essentially replicated the entire craigslist web site” including all posts.  To prevent 3Taps from “scraping” the website, Craigslist sent a cease-and-desist letter to 3Taps and configured its website to block 3Taps IP addresses.  3Taps then circumvented Craigslist’s measures by using different IP addresses and proxy servers to conceal its identity.

Craigslist sued for both copyright infringement and violation of the CFAA, arguing that 3Taps’ continued access to the website was “without authorization.”  3Taps filed a motion to dismiss the CFAA count.  3Taps argued that, by making its site publicly available, Craigslist authorized the entire Internet access to it and could not selectively block individuals.

The court denied 3Taps’ motion.  The court found that Craigslist could rescind permission to 3Taps to visit the website.  “Craigslist affirmatively communicated its decision to revoke 3Taps’ access through its cease-and-desist letter and IP blocking efforts.  3Taps never suggested that those measures did not put 3Taps on notice that Craigslist had banned 3Taps; indeed, 3Taps had to circumvent Craigslist’s IP blocking measures to continue scraping, so it indisputably knew that Craigslist did not want it accessing the website at all,” the court wrote.

“Here, under the plain language of the statute, 3Taps was ‘without authorization’ when it continued to pull data off of Craigslist’s website after Craigslist revoked its authorization to access the website,” the court found.

Craigslist Inc. v 3taps Inc. et al., N.D. Calif. No. 12-cv-03816 CRB, issued August 16, 2013.