Web Scraping Doesn't Violate Anti-Hacking Law, Appeals Court Rules :
Scraping a public website without the approval of the website's owner isn't a violation of the Computer Fraud and Abuse Act, an appeals court ruled (pdf) on Monday. The ruling comes in a legal battle that pits Microsoft-owned LinkedIn against a small data-analytics company called hiQ Labs.
HiQ scrapes data from the public profiles of LinkedIn users, then uses the data to help companies better understand their own workforces. After tolerating hiQ's scraping activities for several years, LinkedIn sent the company a cease-and-desist letter in 2017 demanding that hiQ stop harvesting data from LinkedIn profiles. Among other things, LinkedIn argued that hiQ was violating the Computer Fraud and Abuse Act, America's main anti-hacking law.
This posed an existential threat to hiQ because the LinkedIn website is hiQ's main source of data about clients' employees. So hiQ sued LinkedIn, seeking not only a declaration that its scraping activities were not hacking but also an order banning LinkedIn from interfering.
A trial court sided with hiQ in 2017. On Monday, the 9th Circuit Appeals Court agreed with the lower court, holding that the Computer Fraud and Abuse Act simply doesn't apply to information that's available to the general public.
"The CFAA was enacted to prevent intentional intrusion onto someone else's computer—specifically computer hacking," a three-judge panel wrote. The court notes that members debating the law repeatedly drew analogies to physical crimes like breaking and entering. In the 9th Circuit's view, this implies that the CFAA only applies to information or computer systems that were private to start with—something website owners typically signal with a password requirement.
Information wants to be free.
(Score: 2) by jmichaelhudsondotnet on Wednesday September 11 2019, @10:57AM
Who is "you" here? you
Why do you not consider "password protected" to be a two-word phrase? i stand corrected, replace word with 'two word phrase' plz thx, has this quibble really brought anything of value though?
What is "it" here? my messages that the software clearly labelled private, causing me to assume it was private when you were just tricking me into making my private information more public, which is fraudulent and a black hat cracker tactic morally worse than anything wikileaks ever did.
Who is "them" here? everyone with the admin passwords that allows them to see and alter the information that is falsely declared private to your users, with whom you signed a very, extremely long TOS in which you failed to disclose this absolutely critical piece of information about the functioning of your product and intentions.
It's like selling someone a car when you know there is a second master key that all of your friends have, then giving the same friends access to the gps location of the vehicle to save them time.
If it were unintentional it's a bug, but if not then it is espionage punisheable under a very draconian law that is obviously being used to prosecute/persecute someone for doing things far less severe.
Since however to society facebork is unintentional and a detrimanet, it is a bug to us like all socially destructive, poisonous things and so we should react appropriately.