The American Civil Liberties Union (ACLU) [advocacy website] on Wednesday filed a lawsuit [complaint, PDF] challenging a provision in the Computer Fraud and Abuse Act (CFAA) [text] allowing for criminal prosecution based on access that “exceeds authorized use.” The ACLU contends [advocacy materials] that the broad interpretation of the prohibition on unauthorized use to obtain “information from any protected computer” allows for criminal prosecution for violating a website’s terms of service, which may prohibit “gathering or recording publicly available information, creating multiple accounts, or providing false information.” The plaintiffs in the case, including academic researchers and a news organization, argue [press release] that the people “who want to use those methods for socially valuable research should not have to risk prosecution for using them”

The CFAA was enacted in 1986 to protect against federal computer hacking. Since then, the law has been used numerous times, including in the high-profile case against internet activist Aron Swartz. In April 2012, the Ninth Circuit Court of Appeals rejected [JURIST report] a broad interpretation of the “authorized use” provision that would have extended liability to people who access unauthorized information while on a computer they were authorized to use. In 2006, AT&T filed suit [JURIST report] against 25 people claiming they committed fraud by posing as potential customers to obtain information about other customers to be used in legal disputes. Courts have also attempted to use the law in cyber bullying cases. In 2009, a California appeals court overturned the conviction [case materials] of Lori Drew who had been convicted of setting up a fake Myspace account for a 13 year old girl, who eventually committed suicide.