In Craiglist, Inc. v. 3Taps, Inc., Craigslist alleged that 3Taps violated the Computer Fraud and Abuse Act (CFAA) and its California statutory counterpart by copying or scraping content from Craigslist's website. Craigslist sent 3Taps a cease and desist letter and also blocked all IP addresses associated with 3Taps. 3Taps changed its IP addresses and used proxy servers to continue scraping Craigslist's data.

In an April 2013 decision, the US District Court for the Northern District of California held that 3Taps' violation of Craigslist's terms of service was not a CFAA violation. For more on this decision, see Legal Update, Craigslist's Terms of Use Don't Support Copyright or CFAA Claims: ND Cal.

However, the April 2013 decision did not address the threshold question of whether the CFAA applies where the owner of a publicly-available website acts to restrict access to certain persons and the court therefore accepted supplemental briefing from the parties. In its August 16, 2013 decision, the court turned to this issue of statutory interpretation, denying 3Taps' motion to dismiss Craigslist's CFAA claims and holding that 3Taps' intentional circumvention of Craigslist's IP address ban violated the CFAA.

The CFAA applies when a person intentionally accesses a computer used in or affecting interstate or foreign commerce of communication "without authorization or exceeds authorized access, and thereby obtains . . . information from any protected computer." 3Taps argued that since Craigslist makes the classified ads on its website publicly available, this "authorized" all persons , including 3Taps, to access its website. The court found, however, that the statute does not prohibit a computer owner, and in this case Craiglist's, from rescinding that general access on a case-by-case basis. "Authorization" turns on the computer owner's decision to grant or prohibit access.

The court found 3Taps' access was clearly "without authorization", because Craigslist prohibited 3Taps access not only through the cease and desist letter, but also by actively blocking 3Taps' IP addresses. While the court felt this case to be clear cut, it acknowledged that later courts may have to deal with more borderline cases regarding what constitutes an effective "revocation" of authorization.

In rejecting 3Taps' arguments, the court relied primarily on:

The court also rejected 3Tap's argument that the Ninth Circuit's decision in United States v. Nosal narrowed the scope of the CFAA. In that case, evaluating criminal charges, the Ninth Circuit ruled that the CFAA's prohibition on exceeding "authorized access" applies to violations on restrictions to authorized access to information on computer systems, rather than restrictions on use, such as through a terms of service. Focusing on this distinction between access and use, the court distinguished Nosal as a case where the user had some legitimate access to the computer. In the court's view, 3Taps' complete access restriction did not implicate the same concerns as use restrictions because: