Internet Law 2002 (St. John's) > Worm with a EULA

Rotisserie Question

A new email worm making the rounds offers recipients a "virtual postcard" from FriendGreetings. If a user clicks a link in this email message, the user is prompted to install software to view the card. The software comes with a long End-User License Agreement (EULA), which includes the following paragraph:

"1. Consent to E-Mail Your Contacts. As part of the installation process,
Permissioned Media will access your MicroSoft Outlook(r) Contacts list and
send an e-mail to persons on your Contacts list inviting them to download
FriendGreetings or related products. By downloading, installing,accessing
or using the FriendGreetings, you authorize Permissioned Media to access
your MicroSoft(r) Outlook(r) Contacts list and to send a personalized e-mail
message to persons on your Contact list. IF YOU DO NOT WANT US TO ACCESS
YOUR CONTACT LIST AND SEND AN E-MAIL MESSAGE TO PERSONS ON THAT LIST, DO
NOT DOWNLOAD, INSTALL, ACCESS OR USE FRIENDGREETINGS."

Users may click "Back", "Yes", or "No". If a user clicks "Yes", the software installation continues, sending the same FriendGreetings email to everyone on that user's Contacts list. Other parts of the EULA give Permissioned Media the right to send ads to the user's computer and to update its installed software at any time.

See http://www.sarc.com/avcenter/venc/data/friendgreetings.html for further details.

This software thus spreads like a worm or virus, but every infected user has putatively "accepted" the EULA. Do you see any violation of the Computer Fraud and Abuse Act here?

Status ?

Done. Started on
11/15/02 12:00 PM

Schedule

Start:	11/15/02 12:00 PM
Round 1 Due:	11/19/02 12:00 AM

Projects

Internet Law 2002 (St. John's)

Statistics

Active Users	17
Posts	17
Scheduled Rounds	1

Rotisserie Posts (Refresh) ?

Sort By: Thread / Author

Expand Rounds: All / 1 / None

Violation? From: Joseph D'Agostino (view thread)

The Computer Fraud and Abuse Act states, in part:
Whoever
(2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains--

(A) information contained in a financial More...

There Might be a Violation Here From: mdinn325 (view thread)

The courts may find a violation of the Computer Fraud and Abuse Act here, depending on the actual visual used to display the EULA. If it is small, hard to More...

Could be... From: Tom Horan (view thread)

The main problem in finding a violating of the Computer Fraud and Abuse Act under 18 U.S.C. 1030(a)(1)-(4)lies in the requirement of unauthorized access, or access exceeding that which was More...

Very Limited Possibility of Violating Computer Fraud and Abuse Act From: ana (view thread)

The Computer Fraud and Abuse Act, 18 USC Section 1030(a)(5)covers any user who
(5) Intentionally accesses a Federal interest computer without authorization, and by means of one or more instances More...

DE-WORM THIS COMPUTER From: tripwire (view thread)

There is no violation of the Computer Fraud and Abuse Act. This program is accessing your computer but it is doing so with the user's authorization. The requirements under the More...

worm with a EULA From: woomee lee (view thread)

There is a violation of the Computer Fraud and Abuse Act in this problem involving a worm with a EULA. Namely, this software violates Section 1030(a)(5)(A) which states a violator More...

NO, Not Really From: Michael Pastor (view thread)

After Reviewing 18 U.S.C. 1030, I dont see any violation on the part of the virtual card company. The statute requires the act be done w/o authorization or through fraud More...

These actions are not covered by 18 USC 1030 From: Edward Conlon (view thread)

1030(a)(2) is designed to insure that it is punishable to misuse computers to obtain government information and, where appropriate, information held by the private sector. As the Senate Judiciary Committee More...

Computer Crimes From: Jennifer Huang (view thread)

There seems to be a violation of the Computer Fraud and Abuse Act. There are two sections of the act which seem to have been violated. The first and more More...

WORMS From: Billy Vassos (view thread)

The problem here is that the end result is one which essentially allows one person to consent for a group of people. Each one of these persons had no say More...

violation From: Tae Chung (view thread)

Yes, there is a violation of the Computer Fraud and Abuse Act. FriendGreeting is exceeding authorized access of computers in violation of 1030. It is likely that most users accepting More...

FriendGreeting From: Kasandra Pavlides (view thread)

At first glance, it doesn�t seem that this violates the Computer Fraud and Abuse Act because the Act states that it covers �protected� computers. Under the Act, a �protected� computer More...

Probably Not a Violation From: mpelzer (view thread)

I think that if the user accepts the End-User License Agreement there cannot be a violation of the Computer Fraud Abuse Act. Even if the user has not fully read More...

Let's hope that FriendGreetings doesn't wiggle out of this one! From: Craig Hellmuth (view thread)

The actions of "virtual postcard" software are a violation of 18 USC 1030(a)(4). Under subsection (e)(2)(B), a computer is a protected computer when used in interstate commerce or communications. Clearly More...

Unfortunately No Fraud From: bugsbunette (view thread)

Unfortunately, it is my opinion that EULA does not violate the Computer Fraud and Abuse Act. I understood 18 U.S.C. 1030 as applicable only to the computer systems of financial More...

Without authorization or exceeding authorized access From: Richard Newman (view thread)

18 U.S.C. 1030 (Fraud and Related Activity in Connection with Computers) (CFA Act) might be violated depending on the interpretation of "exceeding authorized access.

First, FriendGreetings (FG) might be exceeding More...

Evil Morris From: Jcamp012 (view thread)

This is similar to the situation that arose in U.S. v. Morris, however it is different in several ways. First, the consent requirement for access to the e-mail list is More...