My latest paper, “Norms of Computer Trespass,” is off to the presses for publication in the May 2016 issue of the Columbia Law Review. I first posted a draft of the paper on SSRN a year ago, but I substantially revised it since then. (Sometimes a paper comes out of the box fully formed, and sometimes you need to hammer it into better shape over time. This was a case of the latter.) You can read the final version here.
This Essay argues that authorization to access a computer is contingent on trespass norms — shared understandings of what kind of access invades another person’s private space. Judges are unsure of how to apply computer trespass laws because the Internet is young and its trespass norms are unsettled. In the interim period before norms emerge, courts should identify the best rules to apply as a matter of policy. Judicial decisions in the near term can help shape norms in the long term. The remainder of the Essay articulates an appropriate set of rules using the principle of authentication. Access is unauthorized when the computer owner requires authentication to access the computer and the access is not by the authenticated user or his agent. This principle can resolve the meaning of authorization before computer trespass norms settle and can influence the norms that eventually emerge.
Thanks very much to the readers who helped me improve the paper over the past year. Oh, and please ignore the note on the SSRN page that the paper posted is a November draft; the version up now is the final version.