Those who have taken the time to read websites’ terms of service may be more the exception than the rule.  Most people accept the terms and move on, not giving any thought into whether or not they are violating their terms.

Terms and services for most websites spell out what a user can and can’t do legally. But what constitutes a violation of a website’s terms of service? And what part of violating those terms applies to the Computer Fraud and Abuse Act (CFAA), which is the United States’ primary anti-hacking law? These are questions and concerns that several courts continue to dispute.

Courts Take On Criminal Hacking

According to a federal court in Washington, DC, violating websites’ terms of service isn’t regarded as criminal hacking.  After all, the majority of people do not read the language on those pages. Nor are they are aware of what is supposedly governed by the website.  Most websites’ terms and services are often too complex and change frequently.

Given these circumstances, it is not acceptable to make violations of such terms and services a criminal defense. Also, if you log into a website with a valid password, you would not be considered a criminal hacker, by doing something that the websites’ terms prohibit.

A high profile example involves a California federal judge denying a CFAA prosecution against a woman who took part in a MySpace hoax more than a decade ago. Even though her actions played a role in the suicide of a 13-year old girl, the court stated while the woman violated the websites’ s terms and services, that is not considered a criminal hacking defense.

While violating websites’ terms and services with a valid password is not considered criminal hacking. Some courts believe that if a person can gain access to a site by bypassing an access restriction area, such as a password, that would constitute a violation of the CFAA and would be considered criminal hacking.