The terms for using websites, often taking the form of legalese to which many users pay little attention, are more important than they are interesting to read. The terms restrict how the public can use a website to obtain information, purchase goods and services, or take part in web-based social networking. Largely because of the federal Computer Fraud and Abuse Act (CFAA), the terms of use can now be used offensively either by prosecutors charging individuals with wrongdoing emanating from a violation of the terms, or by website owners themselves seeking civil remedies for legal injuries to them from what amounts to a breach of contract.
The growing and evolving body of court decisions concerning terms of use and the CFAA should prompt owners of websites to adopt and regularly review the terms for using their sites, giving special attention to the following considerations:
Instead of using just any boilerplate legal language, the terms of use should be tailored to fit the particular risks posed to the business and users of the site;
The terms of use must be easily seen and understood to have their intended effect. This means that they should be conspicuous on the site and written so as to clearly indicate conduct that is and is not authorized. There may be no one fail-safe approach, but one court has said that there is adequate communication of the terms of use if the terms can be accessed from all pages on the site;
Website owners may want to make explicit the agreement to abide by the terms of use by including “clickwrap” or “browsewrap” agreements that make consent to the terms a condition of using the site. If the user clicks on “I accept,” but then violates the terms of use, this essentially nails down the fact, which may be pivotal in later criminal or civil court cases, that the user lacked the necessary authorization for his actions. For example, in a recent criminal case in which a university student secured access to a university computer site and stole Social Security numbers and other confidential data, the prosecution was aided by the fact that the student had signed an “acceptable use” computer policy that prohibited the very actions which led to the criminal charges;
Putting the terms of use in place is one thing, but then monitoring compliance and notifying users of suspected or confirmed violations result in enhanced protection. In the case of the university student who was improperly gathering sensitive personal information, the university had on three occasions detected that the student’s computer was performing unauthorized and suspicious functions, and had informed him of its discoveries. When the student nonetheless continued to scan and infiltrate computers without authorization, adding to his database of stolen information, his fate in the ensuing criminal case was sealed.
Published Spring 2009