Using Scraper to Harvest Records Isn’t Fraudulent Access Under CFAA–Fidlar v. LPS

18 01 2017

Fidlar works with counties to digitize and index land records. It also makes available a software client (Laredo) that allows end users to access these records. Billing is handled by the counties, and counties have monthly access plans. The counties also provide accounts (and passwords) to end users. The plans are usually time-based but include separate “print fees” so that people who print a record for off-line viewing have to pay additional fees. Fidlar’s EULA did not impose any specific restrictions on use of Laredo. As the court notes, the EULA says a user may “use . . . any portion of the software for any purpose”. [I didn’t double check this but it seems odd for a EULA to contain broadly permissive language like this.]

LPS wanted to aggregate the data underlying the county records, so it built a harvester to mimic the calls Laredo would send to the database. Using this process, while logged in using county-provided passwords, LPS downloaded a massive quantity of county records. (The precise relationship between being logged in and accessing the records is not clear factually.) It then sent these records offshore for processing and extracted the underlying data. A county alerted Fidlar to the fact that LPS was paying fees but not logging any time. It sued LPS under the Computer Fraud and Abuse Act and state anti-hacking law. The district court dismissed Fidlar’s claims at summary judgment. (Blog post on the district court ruling here: “Company That Facilitates Digital Access to Public Records Uses CFAA to Block Scraper”.) The district court case involved a host of issues, including alleged contractual interference by Fidlar (who contacted the counties to try to disrupt LPS’s access), defamation claims, the public records status of the data, and whether Fidlar and the counties could gate the data in this manner consistent with public records statute. These are all interesting issues in their own right, but Fidlar’s appeal only focuses on the CFAA issues.



Case citation: Fidlar Techs v. LPS Real Estate Data Solutions, Inc., No. 15-1830 (7th Cir. Jan. 21, 2016) [pdf]

The content in this post was found at and was not authored by the moderators of Clicking the title link will take you to the source of the post.

Revenge Porn Plot Leads To Criminal Conviction–New York v. Piznarski (Forbes Cross-Post)

22 12 2013

Recently, the California Attorney General’s office got a lot of attention for arresting Kevin Bollaert, the alleged operator of a revenge porn website. While the arrest was widely popular, it raised many questions. Why did the prosecutors seemingly stretch to assert the crime of identity theft; weren’t there more directly applicable crimes? Does this signal an impending tidal wave of revenge porn prosecutions, or is it just a one-off? Does the prosecutors’ reliance on existing law undermine the rationales for California’s recently enacted revenge porn law (which doesn’t take effect for 2 more weeks)? And why didn’t prosecutors prosecute the users who submitted content to the website?

With respect to the latter point, the originators of revenge porn are the prosecutors’ most obvious targets. A recent prosecution in New York show how those prosecutions might look.

The New York Case

Michael J. Piznarski was a student at Colgate University in New York (for more background, see this article and what appears to be his LinkedIn profile). He had a sexual encounter with “victim A,” which he secretly recorded. He subsequently threatened to publicly release the recording unless victim A had sex with him again; when she relented, he secretly recorded that too. A police investigation revealed that he also secretly recorded having sex with “victim B.” A jury convicted Piznarski of “unlawful surveillance” and “coercion.” He was sentenced to 1-3 years in prison (a sentence I believe he is currently serving).


The content in this post was found at and was not authored by the moderators of Clicking the title link will take you to the source of the post.

“Revenge porn” operator arrested, charged with ID theft

17 12 2013
Websites that post nude pictures of adults without their permission, commonly known as “revenge porn” sites, have recently drawn public scorn and a few lawsuits.Now, the owner of one revenge porn website is facing prison. Kevin Bollaert, a 27-year-old San Diego resident, was arrested today for running a website called and has been charged with 31 counts of identity theft, extortion, and conspiracy. The suspect is being held in jail on $50,000 bail.

“This website published intimate photos of unsuspecting victims and turned their public humiliation and betrayal into a commodity with the potential to devastate lives,” said California Attorney General Kamala Harris in a statement about today’s arrest. “Online predators that profit from the extortion of private photos will be investigated and prosecuted for this reprehensible and illegal internet activity.”



The content in this post was found at and was not authored by the moderators of Clicking the title link will take you to the source of the post.

New Federal Legislation Could Take a Nip Out of ‘Revenge Porn’

27 11 2013

Internet activists worry that forthcoming proposal could ruin free speech, along with bitter exs


US News

November 21, 2013

Activists seeking to criminalize “revenge porn” say they are working with a member of Congress to prepare federal legislation that would force Internet companies to take down the sometimes X-rated content.

The proposed law has not be finalized and its sponsor does not wish to be identified yet, according to University of Miami law professor Mary Anne Franks, who is helping draft the bill.


The content in this post was found at and was not authored by the moderators of Clicking the title link will take you to the source of the post.

Accessing Ex-girlfriend’s MySpace Account and Posting Offensive Content Results in Conviction

26 11 2013

[Post by Venkat Balasubramani]

State v Kucharski, 2013 Il App (2d) 120270 (Mar. 29, 2013):

Steven and the victim were in a relationship. Because the victim was “kind of computer illiterate,” Steven set up a MySpace account for her. After the relationship ended, Steven accessed the victim’s MySpace page. He posted a slew of offensive things about the victim, for example:

I’m a slut with no education. I’m gonna end up with 2 different baby daddys and I can’t even get a GED. Worst of all my dad buys my boyfriends blow jobs . . .

He also posted the victim’s name and phone number with a note saying “call me.”  Finally, Steven posted a photo of the victim in a thong (that he had taken during the course of their relationship and retained, despite the victim’s request that he return or delete it).

When the victim became aware of these changes, she called Steven, who started “giggling and laughing” and said that “she deserved it.” Steven, who continued to access the page despite the victim having repeatedly changed the password, “essentially deleted” the page.

The authorities investigated and determined that the email address associated with the account was Steven’s and that the page was accessed via an IP addressed associated with Steven’s father. He was charged with: (1) attempted identity theft (720 ILCS 5/16G); (2) two separate counts of harassment through electronic communications (720 ILCS 135/1-2(a)(1) and (a)(2)); and (3) unlawful use of encryption (720 ILCS 5/17-52.5(b)(1)).

The defendant tried to poke holes in the State’s case saying that the investigator did not verify who at Steven’s household had actually accessed the page or for that matter who else had computers who resided in the same house who could have accessed the page. Steven’s father testified, implying that it could have been Steven’s younger brother who accessed the page. The trial court found the victim’s testimony credible and convicted on all of the counts. At the defendant’s request, the trial court dismissed the first count, but sentenced the defendant for violations of the remaining counts.


The content in this post was found at and was not authored by the moderators of Clicking the title link will take you to the source of the post.