It was "a clear signal from the computer owner to the person using the IP address that he is no longer authorized to access the website," Breyer noted. 3Taps indisputably knew that Craigslist was blocking access its site, but it went ahead anyway by circumventing the barrier Craigslist had in place, he noted.
"The banned user has to follow only one, clear rule: do not access the website," Breyer said.
The ruling caused some concern among rights advocates who have expressed concern over what they call an overly broad use of the CFAA to prosecute people for crimes it was never meant to address.
Concerns over the law peaked earlier this year following the death of Internet activist Aaron Swartz who committed suicide over the prospect of spending up to 35 years in prison on hacking-related charges. Another case that evoked similar concerns involved Andrew Auernheimer, who was sentenced to 41 months in prison for illegally accessing emails and other data belonging to about 120,000 iPad subscribers of AT&T.
In both cases, critics contend that prosecutors improperly used the CFAA to prosecute individuals. The CFAA, enacted by Congress in 1986, makes it illegal to knowingly access a computer without authorization or to exceed authorized use of a system. In intent and spirit, the CFAA is an online anti-trespassing law targeting criminal hackers who break into systems to steal or sabotage data. Critics contend that overzealous prosecutors are using CFAA to pursue individuals for far less serious crimes.
Hanni Fakhoury, staff attorney at the Electronic Frontier Foundation, said the big question raised by the Craigslist case is whether circumventing IP blocking technology constitutes unauthorized access.
"Quite frankly, we don't think it is, since it's an easy and common thing to do that can be done for legitimate reasons -- such as not revealing your location," he said. "Plus it's not really an access restriction, but rather a disguised use restriction."
In a blog post, Orin Kerr, professor of law at the George Washington University Law School, noted that a CFAA violation must involve situations where someone breaks through or circumvents a technical barrier to access a computer system. The big question in this case is whether IP blocking is a measure that can really be considered such a barrier, he said.
"IP addresses are very easily changed, and most people use the Internet from different IP addresses every day," Kerr wrote.
"As a result, attempting to block someone based on an IP address doesn't 'block' them except in a very temporary sense," Kerr said. "It pauses them for a few seconds more than actually blocks them. It's a technological barrier in the very short term, but not in the long term. Is that enough to constitute a technological barrier?"
Sign up for Computerworld eNewsletters.