from the getting-out-of-a-tight-scrape dept.
Web Scraping Doesn't Violate Anti-Hacking Law, Appeals Court Rules :
Scraping a public website without the approval of the website's owner isn't a violation of the Computer Fraud and Abuse Act, an appeals court ruled (pdf) on Monday. The ruling comes in a legal battle that pits Microsoft-owned LinkedIn against a small data-analytics company called hiQ Labs.
HiQ scrapes data from the public profiles of LinkedIn users, then uses the data to help companies better understand their own workforces. After tolerating hiQ's scraping activities for several years, LinkedIn sent the company a cease-and-desist letter in 2017 demanding that hiQ stop harvesting data from LinkedIn profiles. Among other things, LinkedIn argued that hiQ was violating the Computer Fraud and Abuse Act, America's main anti-hacking law.
This posed an existential threat to hiQ because the LinkedIn website is hiQ's main source of data about clients' employees. So hiQ sued LinkedIn, seeking not only a declaration that its scraping activities were not hacking but also an order banning LinkedIn from interfering.
A trial court sided with hiQ in 2017. On Monday, the 9th Circuit Appeals Court agreed with the lower court, holding that the Computer Fraud and Abuse Act simply doesn't apply to information that's available to the general public.
"The CFAA was enacted to prevent intentional intrusion onto someone else's computer—specifically computer hacking," a three-judge panel wrote. The court notes that members debating the law repeatedly drew analogies to physical crimes like breaking and entering. In the 9th Circuit's view, this implies that the CFAA only applies to information or computer systems that were private to start with—something website owners typically signal with a password requirement.
Information wants to be free.
Related Stories
https://arstechnica.com/tech-policy/2024/03/charges-against-journalist-tim-burke-are-a-hack-job/
Caitlin Vogus is the deputy director of advocacy at Freedom of the Press Foundation and a First Amendment lawyer. Jennifer Stisa Granick is the surveillance and cybersecurity counsel with the ACLU's Speech, Privacy, and Technology Project. The opinions in this piece do not necessarily reflect the views of Ars Technica.
Imagine a journalist finds a folder on a park bench, opens it, and sees a telephone number inside. She dials the number. A famous rapper answers and spews a racist rant. If no one gave her permission to open the folder and the rapper's telephone number was unlisted, should the reporter go to jail for publishing what she heard?
If that sounds ridiculous, it's because it is. And yet, add in a computer and the Internet, and that's basically what a newly unsealed federal indictment accuses Florida journalist Tim Burke of doing when he found and disseminated outtakes of Tucker Carlson's Fox News interview with Ye, the artist formerly known as Kanye West, going on the first of many antisemitic diatribes.
[...]
According to Burke, the video of Carlson's interview with Ye was streamed via a publicly available, unencrypted URL that anyone could access by typing the address into your browser. Those URLs were not listed in any search engine, but Burke says that a source pointed him to a website on the Internet Archive where a radio station had posted "demo credentials" that gave access to a page where the URLs were listed.The credentials were for a webpage created by LiveU, a company that provides video streaming services to broadcasters. Using the demo username and password, Burke logged into the website, and, Burke's lawyer claims, the list of URLs for video streams automatically downloaded to his computer.
And that, the government says, is a crime. It charges Burke with violating the CFAA's prohibition on intentionally accessing a computer "without authorization" because he accessed the LiveU website and URLs without having been authorized by Fox or LiveU. In other words, because Burke didn't ask Fox or LiveU for permission to use the demo account or view the URLs, the indictment alleges, he acted without authorization.
(Score: 1, Insightful) by Anonymous Coward on Tuesday September 10 2019, @11:49AM (1 child)
Put "facts" in public, people can collect them and use them. Duh.
May Microsoft pay the other company's expenses.
(Score: 0) by Anonymous Coward on Tuesday September 10 2019, @11:57AM
Web scraping is DOXING! DOXING is MURDER!
(Score: 2) by jmichaelhudsondotnet on Tuesday September 10 2019, @12:52PM (1 child)
if it requires a password it is supposed to be private and is protected under the law
this really shreds zuck's defense for leaking and selling everyone's fb private messages and private data to cambridge analytica?
Or are we going to debate what the meaning of 'password protected' is?
(Score: 2) by FatPhil on Tuesday September 10 2019, @02:19PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 3, Interesting) by The Mighty Buzzard on Tuesday September 10 2019, @01:38PM (4 children)
S'basically what we tell anyone scraping our stuff here for most any purposes. As long as you're limiting it so it doesn't qualify as a DoS, rock on with your bad self. I'd personally probably call Douchebag if they're just mirroring the site under a different name without attribution or pulling the entire site down several times a day but this is public data, most of which we don't even hold the copyright on.
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Tuesday September 10 2019, @02:18PM (3 children)
yet if I scrape audio facts from a Spotify feed or video facts from a YouTube video I'm guilty of copyright infringement. Especially if I republish what I just scraped..
Just saying...
just trying to point out what seems to be stupid line of attack from Microsofrmt they should've slapped them with robo-DCMA violation notices. and stupid dichotomy between texturally presented information vs non-textually presented information.
but maybe this ruling could be used to allow good samaritan subtitle providers some safe haven...
(Score: 3, Insightful) by terrab0t on Tuesday September 10 2019, @03:04PM
LinkedIn argued that hiQ violating the Computer Fraud and Abuse Act, not that they violated copyright.
(Score: 2) by The Mighty Buzzard on Tuesday September 10 2019, @03:05PM
Nah, this ruling has fuck-all to do with copyright, only the CFAA.
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Tuesday September 10 2019, @03:22PM
No, you're not. Facts are not copyrightable. A given presentation of them is. The feed or the video itself is the presentation. The layout of the text can be copyrighted. That's not what they were doing here.
If I were to go to some other website and say
That's not cricket. If I go to some other website and write a post saying, "Anonymous Coward said scraping and especially republishing Spotify feeds or YouTube videos makes one guilty of copyright infringement, Microsoft should have just sent a takedown notice, and questioned the difference between text and nontext information presentation." then I am fine even if it is still factually wrong.
(Score: 0) by Anonymous Coward on Tuesday September 10 2019, @03:41PM
It doesn't matter to things like Cambridge Analytica, but it could matter to things like Google getting in trouble a few years ago for receiving public radio broadcasts, that is, mapping unsecured wifi signals.
If you don't want the neighbors looking into your windows, then close the curtains. It's really just common sense.
(Score: 2) by jmichaelhudsondotnet on Tuesday September 10 2019, @04:14PM (2 children)
you are going to debate the meaning of the word password protected.
it is however still password protected to them, they just know the password.
not the same as not password protected.
(Score: 2) by FatPhil on Tuesday September 10 2019, @08:57PM (1 child)
Who is "you" here?
Why do you not consider "password protected" to be a two-word phrase?
> it is however still password protected to them, they just know the password.
What is "it" here?
Who is "them" here?
> not the same as not password protected.
This sequence of words not a sentence.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by jmichaelhudsondotnet on Wednesday September 11 2019, @10:57AM
Who is "you" here? you
Why do you not consider "password protected" to be a two-word phrase? i stand corrected, replace word with 'two word phrase' plz thx, has this quibble really brought anything of value though?
What is "it" here? my messages that the software clearly labelled private, causing me to assume it was private when you were just tricking me into making my private information more public, which is fraudulent and a black hat cracker tactic morally worse than anything wikileaks ever did.
Who is "them" here? everyone with the admin passwords that allows them to see and alter the information that is falsely declared private to your users, with whom you signed a very, extremely long TOS in which you failed to disclose this absolutely critical piece of information about the functioning of your product and intentions.
It's like selling someone a car when you know there is a second master key that all of your friends have, then giving the same friends access to the gps location of the vehicle to save them time.
If it were unintentional it's a bug, but if not then it is espionage punisheable under a very draconian law that is obviously being used to prosecute/persecute someone for doing things far less severe.
Since however to society facebork is unintentional and a detrimanet, it is a bug to us like all socially destructive, poisonous things and so we should react appropriately.
(Score: 4, Interesting) by shortscreen on Tuesday September 10 2019, @06:23PM (1 child)
or downloading troves of user info that careless orgs left open to the public on AWS or their own website?
Maybe it had to be a for-profit business doing it before the correct ruling could be made.
(Score: 2) by FatPhil on Tuesday September 10 2019, @09:00PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves