A recent Ruling of the US Federal Court of Appeals for the 9th Circuit (Facebook v. Power Ventures) has expanded the prohibition to access computer material without authorization, under the Federal Computer Fraud and Abuse Act ("CFAA").

In its Ruling, the Court held that Power Ventures, a service that enabled users to aggregate their contacts from different social media sites on its site (with the users' explicit permission), violated the CFAA when it circumvented Facebook's IP blocks attempts and disregarded Facebook’s cease-and- desist letters demanding Power Ventures to stop soliciting users’ information, using Facebook content, or otherwise interacting with Facebook through automated scripts.

The practical meaning of this Ruling is that circumvention of IP barriers, may constitute access to computer material "without authorization" within the meaning of the CFAA, and accordingly, results in both civil and criminal liability. This is a very broad  interpretation of the CFAA, dramatically expanding the Court's previous ruling, in which it clarified that merely using or accessing computer material in violation of terms of use, is not a violation under the CFAA (see United States v. Nosal).

Given the above, companies that rely on accessing user account information and resources should think very carefully how they are accessing such information and resources and what authorization has been granted to them to do so. We will be happy to advise our clients and clarify the overreaching implications of this ruling.