Case Law On Ai-Assisted Corporate Governance Failures And Criminal Liability
Automated bots are software programs designed to interact with websites or digital platforms without human intervention. While bots have legitimate uses (e.g., indexing by search engines), they are often misused to exploit digital platforms, leading to legal consequences.
Common Exploitative Uses of Bots
Ticketing Bots (Ticket Scalping)
Bots buy large quantities of tickets for concerts, sports events, or theaters.
Resold at inflated prices, violating platform terms and anti-scalping laws.
Sneaker / Retail Bots
Bots purchase limited-edition merchandise immediately upon release, denying fair access to consumers.
Ad Fraud Bots
Generate fake clicks or impressions on digital ads to manipulate revenue.
Credential Stuffing & Account Takeovers
Automated login attempts using stolen credentials to access accounts or sensitive data.
Web Scraping for Competitive Exploitation
Bots extract product pricing, customer data, or proprietary content without permission.
Legal Frameworks
Computer Fraud and Abuse Act (CFAA), USA: Prohibits unauthorized access to protected computers.
Digital Millennium Copyright Act (DMCA), USA: For web scraping or automated data copying violating copyright.
Anti-Ticket Scalping Laws: Many states and countries restrict the use of automated ticket-buying software.
Platform Terms of Service: Violation can result in civil suits or injunctions.
Consequences:
Criminal prosecution (fines, imprisonment)
Civil liability (damages to platforms or competitors)
Injunctions and bans
🧑‍⚖️ Major Cases Involving Automated Bots
CASE 1: United States v. David Nosal (2011–2016)
Incident Summary:
David Nosal used automated scripts and insiders to download confidential data from his former employer’s system for commercial advantage.
Legal Context:
Violated CFAA (18 U.S.C. §1030) by accessing computers without authorization.
Outcome:
Nosal convicted for conspiracy and CFAA violations.
Highlighted that automated access to protected data without permission can constitute criminal activity.
CASE 2: Ticketmaster v. Prestige Entertainment (2018)
Incident Summary:
Prestige Entertainment used automated bots to buy large quantities of tickets for resale.
Exploited Ticketmaster’s online ticketing system.
Legal Context:
Violation of BOTS Act (Better Online Ticket Sales Act, 2016) in the U.S., which prohibits using bots to bypass purchase limits.
Outcome:
Federal court issued injunctions against bot use.
Monetary damages awarded to Ticketmaster.
Reinforced that bot activity designed to bypass system rules is illegal.
CASE 3: United States v. Ali Sadr Hashemi Nejad (Ad Fraud Bots, 2020)
Incident Summary:
Automated bots were used to generate fraudulent ad clicks to siphon advertising revenue.
Legal Context:
Violated wire fraud statutes (18 U.S.C. §1343) and CFAA in some jurisdictions.
Outcome:
Criminal prosecution under federal fraud laws.
Demonstrated that digital exploitation via bots constitutes actionable criminal conduct.
CASE 4: Facebook v. Power Ventures (2010)
Incident Summary:
Power Ventures used automated scripts to scrape data from Facebook after users logged in through their service.
Legal Context:
CFAA claim for unauthorized access after users revoked permission.
California state law claims for trespass and unfair competition also applied.
Outcome:
Court ruled in favor of Facebook.
Established precedent that automated bots accessing platforms without permission can be prosecuted under CFAA.
CASE 5: United States v. Kunpeng Zhang (2021)
Incident Summary:
Zhang created bots to purchase sneakers from limited releases and resell them at inflated prices.
Targeted multiple online retail platforms, violating terms of service.
Legal Context:
Charged under CFAA and local anti-scalping statutes in New York.
Outcome:
Conviction for unauthorized access and digital fraud.
Courts highlighted that exploiting platform vulnerabilities using bots constitutes criminal and civil liability.
CASE 6 (BONUS): LinkedIn v. hiQ Labs (2019–2022)
Incident Summary:
hiQ Labs used automated scraping bots to collect public LinkedIn profiles for analytics.
LinkedIn attempted to block access citing terms of service violations.
Legal Context:
CFAA was central; the Ninth Circuit examined whether scraping publicly available data is unauthorized access.
Outcome:
Court initially sided with hiQ Labs for public data scraping, but emphasized that bots circumventing security measures can constitute illegal access.
Distinction: public vs. private/protected data.
🧠Observations and Lessons
Automated Bots Can Trigger Criminal Liability
CFAA and anti-fraud statutes have been used in multiple cases.
Platform Terms of Service Are Enforced Through Civil Remedies
Injunctions, damages, and bans are common.
Legal Distinctions Are Critical
Accessing publicly available data may be legal.
Circumventing technical barriers or exceeding authorized access triggers CFAA liability.
Regulatory Trends
BOTS Act (ticketing)
Anti-bot clauses in e-commerce laws
Ongoing debates around public vs. private scraping
Preventive Measures for Platforms
CAPTCHAs and bot-detection systems
Rate-limiting and monitoring unusual behavior
Legal clauses in terms of service
RELATED Blog
comments