• by Wendy Davis  @wendyndavis, July 13, 2016

In a mixed ruling, a federal appellate court has said that shuttered social networking aggregation service Power Ventures and its founder, Steve Vachani, didn't violate spam laws by sending unsolicited invitations to Facebook users.

But the 9th Circuit Court of Appeals also said Power violated the Computer Fraud and Abuse Act by accessing Facebook's site after the company told Power to stop doing so.

The decision, issued Tuesday, vacates U.S. District Court Judge Lucy Koh's 2013 order requiring Power and Vachani to pay around $3 million to Facebook.

The dispute between the companies dates to 2008, when Facebook alleged in a lawsuit that Power violated anti-spam laws and computer fraud laws in order to grow its service.

Power aggregated data from different social networking sites, enabling people with accounts through MySpace, LinkedIn, Twitter and other services to access all of their information from one portal. To accomplish this, Power asked users to provide log-in information for their social networking sites and then imported people's information. Power then contacted users' friends and invited them to join, but made it appear as if the emails came from "The Facebook Team."

Facebook argued that its terms of service prohibit people from providing user names and passwords, and that Power induced Facebook members to violate those terms. Facebook also said that the emails sent by Power violated the federal CAN-SPAM law on the ground that they were misleading.

A three-judge panel of the 9th Circuit said that Power's promotional emails weren't "materially" misleading -- even though the "from" field of the messages identified Facebook as the sender.

"A Power user gave Power permission to share a promotion, Power then accessed that user’s Facebook data, and Facebook crafted and caused form e-mails to be sent to recipients," the appellate judges wrote. "Because more than one person may be considered to have initiated the message, we hold that, within the meaning of the statute, Power’s users, Power, and Facebook all initiated the messages at issue."

But the appellate panel found that Power violated the Computer Fraud and Abuse Act by continuing to access Facebook's site after the company sent a cease and desist letter to Power in late 2008.

"Facebook’s cease and desist letter informed Power that it had violated Facebook’s terms of use and demanded that Power stop soliciting Facebook users’ information, using Facebook content, or otherwise interacting with Facebook through automated scripts," the court wrote. "Facebook then imposed IP blocks in an effort to prevent Power’s continued access. The record shows unequivocally that Power knew that it no longer had authorization to access Facebook’s computers, but continued to do so anyway."

That portion of the ruling drew criticism today from George Washington Law School professor Orin Kerr, who points out that Power had the permission of Facebook users to access their data.

"The web is a publishing platform, and everyone is inherently authorized to visit a public website," he wrote at the Volokh Conspiracy. "Power also accessed the individual accounts of users acting as their agents. But as I see it, that’s not enough to constitute a computer trespass because it’s within the permission of the user and acting as the user’s agent."

The appellate court sent the case back to the district court for the Northern District of California for new damages calculations; the appellate judges said that figure should reflect damages from the time period after Power received Facebook's demand to stop accessing its servers.