Yes, that fine print that you agree to when you access a website really does matter—even if you access a site without actually reading that fine print, which usually appears in a website’s “terms of service.” This point is driven home by a recent case where a judge hammered unauthorized users of a website, making them pay nearly $2,000,000 in damages, and finding that their unauthorized use subjected them to a forum-selection clause that required them to defend the case in the court of the website owner’s choosing. Although this case involved an egregious example of someone essentially stealing access to a paid commercial website, this and similar cases should serve as a warning to users of websites trying to use sites without paying for them, and these cases underscore the importance to internet businesses of having solid “terms of use” to protect their rights. (See a link to the court’s opinion at the end of this post.)
The case was filed by CoStar, which maintains an internet database of pictures and other information about commercial real estate. CoStar’s customers are real estate companies that pay a subscription fee and, in return, receive a username/password that allows them to access CoStar’s database. Authorized access is limited to customers’ employees who are listed on a license agreement. CoStar’s customers must agree to CoStar’s internet “terms of use” when they first log into CoStar’s site, and periodically thereafter. Although the “terms of use” do not appear on the login screen, that screen includes a hyperlink on the word “terms” which allows anyone to view CoStar’s “terms of service.” (Even unauthorized users agree to these terms whenever they log into to CoStar’s website.) As you would expect, CoStar’s “terms of use” prohibit its customers from sharing usernames/passwords with unauthorized users and from providing unauthorized access to CoStar’s database.
CoStar sued defendants Mark Field, his company Alliance Valuation Group, and others, alleging that they granted unauthorized access to CoStar’s database by allowing other companies and people to use Field’s username/password. CoStar was able to detect and prove this unauthorized use by analyzing IP addresses that had been used to access CoStar’s database using his username/password. This information showed not only that there had been unauthorized use but also the extent of that use, which the court ultimately used to calculate damages.
The court found in favor of CoStar and entered an award against Field and other defendants. The court found that this unauthorized access was a breach of contract with CoStar and awarded damages to CoStar in the amount that CoStar would have received had it been properly paid for the unauthorized access to its online database. The breach of contract damages totaled $1,121,400. (Even though some of the defendants did not actually enter into a contract with CoStar, the court held that—by logging into CoStar’s site—the defendants had agreed to CoStar’s online “terms of use” agreement.)
The court also held that the defendants who had made unauthorized access to CoStar’s site had committed copyright infringement by making unauthorized copies of CoStar’s copyrighted webpages. The defendants did this (probably without realizing it) whenever they accessed CoStar’s site, because the defendants’ improper access necessarily entailed making electronic copies of CoStar’s webpages in the cache or random access memory (RAM) of the defendants’ computers. While this may seem a bit harsh and like overreaching by the court, other courts have reached similar conclusions that unauthorized, cached copies of web pages can be copyright infringement. For this infringement, the court awarded $771,120 in additional damages to CoStar, bringing the total to nearly $2,000,000.
(Although these facts would also seem to support claims by CoStar for unauthorized access under the Computer Fraud and Abuse Act (CFAA), the court had previously ruled that CoStar’s damages were not sufficiently related to computer damage to satisfy the $5,000 requirement for a CFAA claim.)
The case is CoStar Realty Information, Inc., et al. v. Mark Field d/b/a Alliance Evaluation Group, et al., U.S. District Court for the District of Maryland, Case No. 08:08-CV-0663-AW. ( Download Opinion. )
