Thursday, August 02, 2007, 8/02/2007 08:04:00 AM

Computer Fraud & Abuse Act Claim Against Law Firm Resolved

From, here’s an update to a post from nearly a year ago concerning a dubious claim under the Computer Fraud & Abuse Act.

The contention, by a Pennsylvania non-profit called Healthcare Advocates, in federal court in Philadelphia, was that a Valley Forge, Pennsylvania law firm, Harding, Early, Follmer & Frailey representing another Pennsylvania company, Health Advocate Inc., hacked into plaintiff’s website.

The suit contended that that "one or more Harding Early employees violated the Digital Millennium Copyright Act and the Computer Fraud and Abuse Act by hacking into databases at San Francisco's Internet Archive 92 times, using an application known as the 'wayback machine,' in attempts to retrieve material that Healthcare Advocates had asked to be removed."

According to a recent ruling, use of web archive The Wayback Machine did not constitute hacking in the case of a law firm which used the web archive to see pages which owners did not want it to see.

Federal judge Robert Kelly ruled for the defendant, holding that because protections to block the old material sought by Healthcare Advocate malfunctioned, there was no protection to break or bypass in violation of the CFAA.

"When the Harding firm accessed Internet Archive’s database on July 9, 2003, and July 14, 2003, it was as though the protective measure was not present," the judge wrote. "Charles Riddle and Kimber Titus simply made requests through the Wayback Machine that were filled. They received the images they requested only because the servers processing the requests disregarded the robots.txt file [blocking measures] present on Healthcare Advocates’ website."

"As far as the Harding firm knew, no protective measures were in place in regard to the archived screenshots they were able to view. They could not avoid or bypass any protective measure, because nothing stood in the way of them viewing these screenshots. The Harding firm did not use alter code language to render the robots.txt file void like the defendant in Corley did with the encryption," said Kelly.

"They did not 'pick the lock' and avoid or bypass the protective measure, because there was no lock to pick. The facts show that the Harding firm received the archived images solely because of a malfunction in the servers processing the requests," said Kelly.
back to top