The Second Class Action Lawsuit over Microsoft's WGA
Groklaw, publication date: 5 July 2006
"Here's the thing. The Computer Fraud and Abuse Act is a federal statute. The first litigation was under state laws. The CFAA is one of the serious, heavy-handed computer abuse laws Hollywood and other content owners dream about, designed to deal with 'pirates' and 'hackers'. And now, ironically enough, it is being applied to Microsoft, and I have to say, if all you look at is the actions and compare with the statute, it does seem to match up.
There is the disjoint that Microsoft isn't motivated like a cracker. It isn't going to sell your identity to an ID thief or put charges on your credit card or anything like that. It isn't going to post it on the internet either or cause other damage we normally would associate with the statute. But the law doesn't exactly distinguish such things. In discovery, there may be some digging to see what Microsoft was/is doing with all that data. Does it sell it to partners, for example? If it does, and it told you it was for your advantage, a necessary security update, is that fraud? Section 1030 of the Act is titled: 'Fraud and related activity in connection with computers.' The criminal penalties are significant. If you are a cracker, for example, found guilty of violating the Act, they can throw you in prison. This is civil only, so that isn't going to happen here, but it's not an insignificant thing to be accused of violating the CFAA. It's like I always say. Be careful what laws you pass, because they won't be used just the way you are thinking. Lawyers are creative."