undefined | Better HN

0 pointsgeofft10y ago0 comments

> So, your example is...not an example?

At least in the US, the law doesn't work that way. Decisions will quite often cite some other similar case which reached the opposite conclusion, but under different circumstances, because that other case's decision says something like "X, if it weren't for Y" or "Fortunately for the defendant, they didn't Z, so not X", or something. That isn't binding precedent for the judge to apply X, but it's a very strong sign that X would be reasonable.

A court case that says "Yes, this violates CFAA but we have to throw out the case because A, B, and C" is very strong reason to believe that, if the next prosecutors avoid A, B, and C, the next judge will say "Yes, this still violates CFAA."

(IANAL but I read court cases because I find it useful to understand my jurisdiction's legal system.)

> a request containing a particular user agent string is entitled.

The phrasing of the law is very clear that the word "entitled" applies to a person, not to a request. Stealing someone's password and using their account is definitely a violation of CFAA (see e.g. http://www.wiggin.com/16332). In such a case, the account used to log in is quite plainly "entitled" / "authorized;" that's how you get the data. But the person logging in is not "entitled".

0 comments

1 comments · 1 top-level

jsprogrammer10y ago

We aren't talking about user names and passwords, but user agent strings.

The other decision was vacated. The jury was not appropriate and their decision is irrelevant.

j / k navigate · click thread line to collapse