Web Scraping Doesn't Violate Anti-Hacking Law, Appeals Court Rules :
Scraping a public website without the approval of the website's owner isn't a violation of the Computer Fraud and Abuse Act, an appeals court ruled (pdf) on Monday. The ruling comes in a legal battle that pits Microsoft-owned LinkedIn against a small data-analytics company called hiQ Labs.
HiQ scrapes data from the public profiles of LinkedIn users, then uses the data to help companies better understand their own workforces. After tolerating hiQ's scraping activities for several years, LinkedIn sent the company a cease-and-desist letter in 2017 demanding that hiQ stop harvesting data from LinkedIn profiles. Among other things, LinkedIn argued that hiQ was violating the Computer Fraud and Abuse Act, America's main anti-hacking law.
This posed an existential threat to hiQ because the LinkedIn website is hiQ's main source of data about clients' employees. So hiQ sued LinkedIn, seeking not only a declaration that its scraping activities were not hacking but also an order banning LinkedIn from interfering.
A trial court sided with hiQ in 2017. On Monday, the 9th Circuit Appeals Court agreed with the lower court, holding that the Computer Fraud and Abuse Act simply doesn't apply to information that's available to the general public.
"The CFAA was enacted to prevent intentional intrusion onto someone else's computer—specifically computer hacking," a three-judge panel wrote. The court notes that members debating the law repeatedly drew analogies to physical crimes like breaking and entering. In the 9th Circuit's view, this implies that the CFAA only applies to information or computer systems that were private to start with—something website owners typically signal with a password requirement.
Information wants to be free.
(Score: 1, Insightful) by Anonymous Coward on Tuesday September 10 2019, @11:49AM (1 child)
Put "facts" in public, people can collect them and use them. Duh.
May Microsoft pay the other company's expenses.
(Score: 0) by Anonymous Coward on Tuesday September 10 2019, @11:57AM
Web scraping is DOXING! DOXING is MURDER!
(Score: 2) by jmichaelhudsondotnet on Tuesday September 10 2019, @12:52PM (1 child)
if it requires a password it is supposed to be private and is protected under the law
this really shreds zuck's defense for leaking and selling everyone's fb private messages and private data to cambridge analytica?
Or are we going to debate what the meaning of 'password protected' is?
(Score: 2) by FatPhil on Tuesday September 10 2019, @02:19PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 3, Interesting) by The Mighty Buzzard on Tuesday September 10 2019, @01:38PM (4 children)
S'basically what we tell anyone scraping our stuff here for most any purposes. As long as you're limiting it so it doesn't qualify as a DoS, rock on with your bad self. I'd personally probably call Douchebag if they're just mirroring the site under a different name without attribution or pulling the entire site down several times a day but this is public data, most of which we don't even hold the copyright on.
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Tuesday September 10 2019, @02:18PM (3 children)
yet if I scrape audio facts from a Spotify feed or video facts from a YouTube video I'm guilty of copyright infringement. Especially if I republish what I just scraped..
Just saying...
just trying to point out what seems to be stupid line of attack from Microsofrmt they should've slapped them with robo-DCMA violation notices. and stupid dichotomy between texturally presented information vs non-textually presented information.
but maybe this ruling could be used to allow good samaritan subtitle providers some safe haven...
(Score: 3, Insightful) by terrab0t on Tuesday September 10 2019, @03:04PM
LinkedIn argued that hiQ violating the Computer Fraud and Abuse Act, not that they violated copyright.
(Score: 2) by The Mighty Buzzard on Tuesday September 10 2019, @03:05PM
Nah, this ruling has fuck-all to do with copyright, only the CFAA.
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Tuesday September 10 2019, @03:22PM
No, you're not. Facts are not copyrightable. A given presentation of them is. The feed or the video itself is the presentation. The layout of the text can be copyrighted. That's not what they were doing here.
If I were to go to some other website and say
That's not cricket. If I go to some other website and write a post saying, "Anonymous Coward said scraping and especially republishing Spotify feeds or YouTube videos makes one guilty of copyright infringement, Microsoft should have just sent a takedown notice, and questioned the difference between text and nontext information presentation." then I am fine even if it is still factually wrong.
(Score: 0) by Anonymous Coward on Tuesday September 10 2019, @03:41PM
It doesn't matter to things like Cambridge Analytica, but it could matter to things like Google getting in trouble a few years ago for receiving public radio broadcasts, that is, mapping unsecured wifi signals.
If you don't want the neighbors looking into your windows, then close the curtains. It's really just common sense.
(Score: 2) by jmichaelhudsondotnet on Tuesday September 10 2019, @04:14PM (2 children)
you are going to debate the meaning of the word password protected.
it is however still password protected to them, they just know the password.
not the same as not password protected.
(Score: 2) by FatPhil on Tuesday September 10 2019, @08:57PM (1 child)
Who is "you" here?
Why do you not consider "password protected" to be a two-word phrase?
> it is however still password protected to them, they just know the password.
What is "it" here?
Who is "them" here?
> not the same as not password protected.
This sequence of words not a sentence.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by jmichaelhudsondotnet on Wednesday September 11 2019, @10:57AM
Who is "you" here? you
Why do you not consider "password protected" to be a two-word phrase? i stand corrected, replace word with 'two word phrase' plz thx, has this quibble really brought anything of value though?
What is "it" here? my messages that the software clearly labelled private, causing me to assume it was private when you were just tricking me into making my private information more public, which is fraudulent and a black hat cracker tactic morally worse than anything wikileaks ever did.
Who is "them" here? everyone with the admin passwords that allows them to see and alter the information that is falsely declared private to your users, with whom you signed a very, extremely long TOS in which you failed to disclose this absolutely critical piece of information about the functioning of your product and intentions.
It's like selling someone a car when you know there is a second master key that all of your friends have, then giving the same friends access to the gps location of the vehicle to save them time.
If it were unintentional it's a bug, but if not then it is espionage punisheable under a very draconian law that is obviously being used to prosecute/persecute someone for doing things far less severe.
Since however to society facebork is unintentional and a detrimanet, it is a bug to us like all socially destructive, poisonous things and so we should react appropriately.
(Score: 4, Interesting) by shortscreen on Tuesday September 10 2019, @06:23PM (1 child)
or downloading troves of user info that careless orgs left open to the public on AWS or their own website?
Maybe it had to be a for-profit business doing it before the correct ruling could be made.
(Score: 2) by FatPhil on Tuesday September 10 2019, @09:00PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves