Should You Break TOS Because Work Asks You?

An anonymous reader writes "My boss recently assigned me a project that was all his idea, with two basic flaws that would require me to break multiple web sites' Terms of Service (TOS). Part requires scraping most of the site, parsing the data and presenting it as our own without human intervention. While we're safe on copyright issues, clearly scraping like this is normally not allowed. At times it might also put a load on those sites. The other is, for lack of better words, a 'load balancing' part that requires using multiple free accounts instead of purchasing space and CPU time for less than $2,000 USD per month. The boss sees it as 'distributed' computing when in reality it's 'parasitic.' My question is: am I wrong about the ethics? If I do need to walk, how best can I handle it without damaging my reputation and future employment opportunities?"

You're Right, Of Course

[eldavojohn]

My question is am I wrong about the ethics?

You don't even have to ask that question, this isn't even one of those interesting cases or gray areas. What you're planning to do is wrong--even though you could probably escape any legal ramifications. It sounds pretty clear that this site creates profit from these overly priced accounts for information that you obviously value at some amount. Getting it for free (regardless of the TOS) could put you at some risk for litigation. Using the term "load balancing" or even "distributed computing" is hilariously misplaced here.

If I do need to walk how best can I handle it without damaging my reputation and future employment opportunities?

Look, I understand what's it like to be looking for a job when the economy is bad. If there are forces keeping you pinned to this employer, I don't know of them. What I would retort with is "How can you keep working this job without damaging your reputation and future employment?" I mean are you going to put in your resume that you coded a technically innovative but bandwidth stealing parasitic botnet to duplicate content from a website that asks for a monthly payment to normally access it at that volume?

I would suggest you propose the $2k/month route and if your boss balks at it, start interviewing with other companies. If you have to leave and you're worried about being blacklisted as a 'whistleblower' (and your boss just might be that kind of guy) then tell him it's for monetary reasons that you're leaving and wish him the best of luck in his future scams.

Re:You're Right, Of Course

[qoncept]

I would suggest you propose the $2k/month route and if your boss balks at it, start interviewing with other companies. If you have to leave and you're worried about being blacklisted as a 'whistleblower' (and your boss just might be that kind of guy) then tell him it's for monetary reasons that you're leaving and wish him the best of luck in his future scams.

How is splitting and allowing the work to be done by someone else to do any more ethically sound than doing it yourself?

"Of course we must fear evil men, but there is another evil that we must fear more... and that is the indifference of good men."

Re:You're Right, Of Course

[JosKarith]

What they're asking you to do is at the least immoral, possibly even illegal. Your employer doesn't have the right to ask you to place yourself in legal jeopardy in this way, and if the sh1t hits the fan do you really think that someone that came up with this scheme will balk at placing all the blame on you. Someone really needs to have a little chat with your boss about ethics...

Re:You're Right, Of Course

[jimicus]

How is splitting and allowing the work to be done by someone else to do any more ethically sound than doing it yourself?

At the risk of invoking Godwin's Law so early on, how is taking this approach any different from saying to yourself "I'm just following orders"?

Re:You're Right, Of Course

[SatanicPuppy]

Should be. It depends on what kind of data they're downloading, and whether they're just crawling link by link and hoovering up everything, or whether they're looking for something specific.

Either way, spiders and scrapers usually have programmed scan intervals which have no relation to an actual human's browsing...or they just hit the page as hard as they can, but that is so easy to block that almost no one does it that way. Even if they add a little randomness, it's only efficient to run a scraper if it's hitting every few seconds at max, and even the most ADD user won't keep that up.

Ironically, the easiest way to nail 'em is to put up a subset of "no robots" pages; if the robots crawl those pages, blacklist 'em. Every legitimate spider will respect those files.

Otherwise, if you're running a site with a ton of data, and something is crawling it sequentially, you can absolutely redirect their queries to whatever you want. I'd be wary of doing something cute (if you can call goatse "cute") for fear that you'll have an occasional false positive and redirect a user from a high bandwidth location to that site.

Re:You're Right, Of Course

[dsoltesz]

If you've gotten to the point of asking Slashdot, you know the answer: it's unethical and you need to be looking for a new job if you can't get this resolved.

These first three responses are probably all you need. Start with talking face-to-face with the boss, outline the ethical and technical problems (focus on the technical "ya know Mr. Boss, this is gonna eventually break") and propose a better solution. Follow up with e-mail summarizing the meeting (definitely document).

If you can't get the boss to buy in on a reasonable, ethical solution, then go ahead and do it his way (it's what you're paid to do) or quit (if you can afford it) documenting why you're leaving (make sure HR gets a copy of your resignation notice). Either way, look for a new job and get the hell out of there. Think positive, don't worry about the economic doomsday crap the news makes up to keep us on the edge of our seats, and don't be too proud to take a pay cut or something resembling a "demotion" (you can always work your way back up). Hell, start your own consulting business.

Re:You're Right, Of Course

Something else to consider, while there is clearly no ethical question (it's unethical) if your company wants to some how provide "media" or "content" but has to steal it from other sources, how do you expect to make money?

I've seen this before, I've worked at security companies that did the same with with Nessus and Snort. Take their IP, paint it like our own, put some marketing on it and act like we created it. The whole story was that we'd just do it to get started and then start our own effort. Thing is, if that's your core business then shouldn't you actually invest in doing it? Ultimately the company in question was told to stop using nessus.org and had to negotiate some deals and they'll most likely never make a cent.

If the data is important enough to steal and important enough that you need it then you had better understand why it's not important enough for your company to invest in creating it. What's the business plan here? You'll never get better at creating it while you're dependent upon stealing it.

Re:You're Right, Of Course

Well you have 2 big problems.

1. The load gets noticed, the site admins figure out what you're doing. and they poison your data. And with who knows what.
2. Unless you're aggregating some sort of very vanilla index, you might not be as in the clear wrt copyright as you think.
a) the US doesn't have a sweat of the brow doctrine, but other countries do
b) even given a) if there's any element of creativity in the data you're scraping the load, and profit, probably take it out of fair use.

What keeps your neighbor from shitting in your lawn isn't just the law, it's what you might do in return. If you don't know these people, you don't know what they'll do. All you know is what you're doing is wrong, and will take money out of their pockets. Therefore, you can expect some hostile reaction. Are you prepared and willing to accept those unknown consequences?

Re:You're Right, Of Course

[mea37]

And if you ever wondered, when <insert crisis here> broke, how things could go so horribly wrong... it's because of people who think like this guy.

"Don't worry if it's the wrong thing to do; just document that it wasn't your idea!" And apparently never mind the idea of personal responsibility.

When there are no negative consequences for doing the right thing, ethics is mostly a curiosity. Ethics exist to guide you when the right path isn't easy. And yes, you are personally responsible for your own ethical behavior, regardless of whether someone with a bigger paycheck -- or even someone who signs your paycheck -- says otherwise.

Does it mean you have to walk? That depends on your boss. If you do, the best way to preserve your reputation is to avoid mud-slinging. Your current employer might want to try to harm your reputation, but it's extremely unlikely he'll get far (certainly not without exposing himself to legal liability). So just don't shoot yourself in the foot by ranting about the situation in interviews, etc.

Re:You're Right, Of Course

[Alpha830RulZ]

The OP isn't in legal jeopardy. The TOS of the site being scraped at at best a contract (if the employer has a paying agreement with them) and are just words otherwise. If the contract is being violated, the employer is completely liable for the acts of the employee.

I'd just do it. I'd point out to the boss that most sites have logging and other measures in place that may render the work product unreliable, or possibly unobtainable.

I remember someone at our company writing a scraper for for Yahoo some years back. Yahoo blocked our domain, and they had to go back to Yahoo, hat in hand, to get us allowed again. Now Yahoo has (when I last checked) a 4000/request a day limit.

You could combat this with use of proxies, but at that point, you have a case to tell the boss, "you know, if the news media found out about this, what are you going to say to them?" Normal fear should solve the problem then.

An anonymous email to the scrapee's web admin, noting that they might watch traffic from IP thus an such, might also elicit a fun little "I told you so" opportunity to the boss.

I don't think this is worth quitting over. This is just an uninformed boss, who, if the OP is adroit, may become a little more informed.

Re:You're Right, Of Course

[level4]

Definitely possible!

Any company with a website that contains "regularly updated data that might be interesting for competitors" has probably already got some kind of anti-scraping system in place. This guy's boss thinks he's being clever and original - of course he's not, any company with a site of any value and popularity has already seen this a million times.

What they return basically depends on the mentality of those who work there. The "by the book" professional types will just blackhole the IP or return a "too many visits from this IP" page.

Companies with a more BOFH type guy in charge might very well start "playing" with the data. Instead of the "too many visits" page you might find yourself getting a page with some of the data changed around randomly. Believe me, there are *many* people around who think it is just the height of comedy to fuck with people who are basically stealing their stuff anyway.

They will turn it into a game - and, when the erroneous data turns up on the thieving web site (if that's what this guy's company is running), a few screenshots of that site with the modified data suddenly becomes pretty good evidence in a court, if they're of the "legal remedy" persuasion.

Scraping data is a last resort, not the first thing you try. Forget the ethics - the fact he's working for a company willing to be that insanely cheap and stupid in the first place should be a signal to run far, far away in itself.

Re:You're Right, Of Course

[AndersOSU]

You're absolutely right. The problem is being right, like being ethical, doesn't put food on the table.

The reason crises happen is three fold, first people with power see a competitive advantage in acting unethically, second people in charge or monitoring unethical/illegal behavior aren't up to the task, and third people tasked to do the work don't raise bloody hell when asked to do anything unethical.

In order to solve the problem you only need to fix one of those. The problem is, the first two options involve convincing people to act against their personal interests. People contain a remarkable survival mechanism, the ability to justify and rationalize difficult actions. Going after people who stand to gain by acting unethically is the business equivalent of abstinence only education.

Re:You're Right, Of Course

[interiot]

The thing is, you can get away with a lot more low-level scraping than you think. If it's something where you don't need to load significantly more pages than an average surfer (you just need to repeat it several times a day), it isn't necessarily going to stick out in the logs that much. And a lot of admins just don't have the time to analyze their logs (Wikipedia allows hotlinking of their images, for instance... combined with the fact that anyone can upload any picture, this is rife for abuse. But there are better things for them to spend their time on). Also, some admins don't have the tools/skills to drill down and hilight the entries that would make it clear someone is scraping.

If you're relying on data for commercial use, putting yourself in a position where you need that data is a risky thing...

Now that I agree with. Scraping is a gamble. It's possible that an admin could spot you on your very first run, because on close inspection, your requests do look different (you don't immediately load images or CSS/JS subpages like a browser does, for one).

Since you have no idea if the site will block you on the very first fetch, or the billionth, it's not something you should rely on for business.

For personal use though, it can be very educational. There's a lot of data out there, and if you can find a novel way of analyzing it, it can be very rewarding intellectually.

Re:You're Right, Of Course

[postbigbang]

"When there are no negative consequences for doing the right thing, ethics is mostly a curiosity. Ethics exist to guide you when the right path isn't easy. And yes, you are personally responsible for your own ethical behavior, regardless of whether someone with a bigger paycheck -- or even someone who signs your paycheck -- says otherwise."

No, just because you don't get spanked doesn't mean that an ethical obligation can be ignored. Were that the case, civility would evaporate. The OP is in a tenuous position, and clearly feels the ethical breach at hand. Sleeping at night, and staying with one's own moral and ethical code takes courage. I'm hoping he/she finds a work around. Thieves are everywhere on the Internet, and scraping is just over the 'line' of cross-linking, which is nominally fair-use.

It's my opinion that if you don't want it linked, then say so or don't post/write the page. Scraping involves more issues related to copyright, which the OP says aren't involved. If they are, then it's a different legal story. Asking an employee to commit an illegal act is conspiracy. If the act has dubious or unclear ethical implications, then it needs to be documented (see above posts about throwing the boss under the wheels) and executed presuming the recourse is the corporation's, not the employee. If the employee is a contractor, then I'm guessing the contractor probably needs liability indemnification to proceed. IANAL.

Re:You're Right, Of Course

[interiot]

I really agree with this. If someone is already going to the effort of writing a lot of scraping code, it's already worth it to them to buy one of those $10-15/month shell accounts online that have SSH access. SSH gives them the ability to forward local TCP requests to that remote IP, their scraping app just has to have the ability to use a SOCKS proxy. This means scrapers have a proxy IP that 1) doesn't show up on any of the open-proxy DNSBLs, and 2) is fast and reliable enough for them to get real work done. And if you block them, they just pay another $10-15 to get another reliable IP.

Re:You're Right, Of Course

[FilterMapReduce]

from your home computer (using an anonymous account)

And an anonymous IP address through Tor or the like, just to be safe.

Re:You're Right, Of Course

[orclevegam]

Depends a lot on how they're doing the scraping. It's not terribly hard to write a scrapper that fairly realistically duplicates human behavior, although as you pointed out if they're using it to feed their own processes it does put some demands on how often etc. it's forced to run which could make it stand out from normal activity. Of course, given 20 or so of these bots all scraping from different IPs, so long as you balanced their duty cycles so they were all offset from each other you could have scraping going on for 24 hours without ever deviating from normal browsing patterns. The downside to something like that though is that it requires a certain amount of insight into the layout of the site, you can't just randomly follow every link on a page as that's waaaay too obvious, so if the site layout changes it can break your scrapper(s) until a dev can sit down and update them.

In other words, it's totally doable, and even in a "undetectable" way, but it's fragile, a total pain in the butt, and overall just not worth the headache. Just pay the damn company for proper access to the data and be done with it, it'll be a whole hell of a lot simpler. If your boss doesn't understand that then he's a moron, get out now before you have to do something that will end up on thedailywtf.com, much to your eternal shame I'm sure. Better yet, get out now, and then submit the details of the project you were asked to make to thedailywtf.com, I'd love to read exactly what "genius" ideas this guy has come up with to save a bit of money in one area by paying a bunch of money in another.

Re:You're Right, Of Course

[Clover_Kicker]

Yeah, subtly wrong data is a million times worse then goatse, the scraper might not notice for weeks or months...

Re:You're Right, Of Course

[interiot]

So a dedicated scraper would change IPs, write some code to detect and avoid the potholes, and then resume scraping.

There are lots of decent ways to detect scrapers or hotlinkers. But I haven't seen any idea yet from either side (web admins, or scrapers/hotlinkers) that can't be bypassed with enough work. It really seems like it's something of an arms race.

But the arms race hasn't progressed very far, even for attractive targets with some amount of money (porn sites), because it's just a lot of work for both sides.

If you want legal advice...

...ask a lawyer.

Re:If you want legal advice...

In fact, ask your company's lawyer. They'll know what contracts your company may or may not have with these other companies, which is basically the question being asked.

Basically: If your company does not have permission to do this, they need to get it. Your company's lawyer is probably the right person start the process of getting that (legal) permission.

Short answer... "no".

[argent]

If your boss asks you to do something illegal, don't. If he doesn't agree, you should probably be looking for a new job, already. If he's willing to play these kinds of games with another company, what makes you think he won't do the same to you?

Uh...

No. By your own admission you think its wrong. Next?

Sigh

[MyLongNickName]

Okay, this one is simple. You know what is right and what is wrong. The reality is that 99% of the folks will do what the boss asks without even raising a fuss. The reality is that you will be damaging your career if you don't go ahead.

Now, the other reality is that shit flows downhill. That is, if this project gets questioned, the boss will claim ignorance, and put the blame on you. Your job is to cover your ass.

Email is a good documentation tool. "Clarify" the request, asking if this is what he intends for you to do. Remove the emotion. Put in only facts. Put in a piece about your not being sure, but this may be a violation of terms of service. Ask if he wants you to proceed. Forward your sent email to a personal account.

By the book. This one is so simple that it should be in the FAQ.

Re:Sigh

[MyLongNickName]

I've worked in a large company, who's name I can't reveal for fear of litigation but essentially, using email in a CYA fashion would get you fired. (Terms of contract, they can end the contract at any time for any reason, but the money was good)

Bullshit. What do you put in the subject line "This is a cover my ass email"? You are only clarifying what the boss is asking for. It is basically to be used if ever there any question about what you were told to do. There is not such thing as a "you can't cover your ass in an email policy". The only thing that could be prohibited is forwarding to a personal email address. If that is the case, print the sucker out.

Re:Sigh

[realisticradical]

Really? Were you working for the mafia?

That kind of policy makes me think of companies like Enron, Arthur Anderson, or the cigarette companies. Any company that would fire people for trying to protect themselves from company sponsored illegal or unethical activity must be engaging in lots and lots of it. The best part it it sounds like the policy is simply a CYA policy to protect those at the top.

The part I don't understand though is how did they differentiate between CYA emails and actual questions about projects? If, "Sorry boss, I was a bit confused at the meeting we concluded that I should go about the project by [illegal activity]" gets you fired how did they ever get anything done?

Re:Sigh

[mollymoo]

You must have some pretty weak employment laws where you live.

Re:Sigh

[MyLongNickName]

You bring up a good point which leads to lesson #2: Written trumps verbal. If shit hits the fan, you halve your email. if your boss then says that he verbally told you not to proceed, you only have to say that you have no recollection of any such conversation. He is on the defensive as he has nothing to back it up. If he was "appalled" at the thought of breaking the TOS, then he would have written back and clarified.

Now, if you want to double cover your ass, give him status reports via email. Ask questions. You are covered.

Now to answer some other questions about whether to quit or not. You have to make that decision on your own. For screen scraping, I wouldn't quit over something so mundane. Sorry. Especially if you are a grunt. You voice your concerns, and go on. The reality is that 4 times out of 5 if you voice your concerns like this in a written manner, that the boss will back down. I have faced it twice in a grunt position with two different managers, and both times I got thanked for bringing it to their attention. It is all in how you deliver it. If it comes across as "I am ethical and you are a piece of shit", then your career is hurt. If it comes across sa "I am trying to look out for your well being and that of the company", it can be a positive. Wording is everything.

Spammer logic.

[argent]

If you can access it, it was designed to be accessed.

So you're totally behind email spam, you don't think spam should be considered unethical, let alone made illegal?

Re:Spammer logic.

[BadAnalogyGuy]

Should I be against spam for any other reason than I am annoyed by them?

I don't think spam should be any more illegal than billboards, flyers, or direct mailings.

Re:Spammer logic.

[d3ac0n]

I don't think spam should be any more illegal than billboards, flyers, or direct mailings.

The flaw in this argument is that your three counter-examples (Billboards, Flyers and Direct mailings) are paid for entirely by the SENDER. IE: Billboards are paid for up-front before they are mounted, Flyers and direct mailings have printing costs paid up-front and delivery costs (either the local govt. mail service or paid people to manually give it to you) paid up-front as well.

Spam, on the other hand, is largely delivered on the backs of OTHER payers. Both through the incredibly high bandwidth costs (HOW much of the total Internet traffic is Spam now?) and through ancillary costs such as costs for software and hardware to filter Spam out, and human costs in terms of work-hours wasted manually going through spam. Not to mention the costs to people and networks infected with Spam botnets.

This is what makes Spamming SO profitable, and why it won't go away. Because the costs for Spam are decentralized to millions of people otherwise not directly involved, even a return as little as .01% will turn a HUGE profit. This just doesn't work in the regular advertising world. It's also why it's Illegal is several countries now. It is essentially stealing service from millions of other people and generating millions of dollars of expense for hundreds of companies around the globe, for what are largely scamming and phishing operations.

Get it?

Good.

Do what geeks do best

[GreyyGuy]

Fix it. He wants to do something on the cheap and look good. But the way he wants to do it is going to fail spectacularly. And when it fails, so will you. If this puts any amount of load on the services it is using, it will get picked up by the service provider. Maybe not today, but it will. And then the accounts will get turned off and possibly your IP addresses blacklisted, and then it all goes away. So give him a better solution. If he is balking at the $2k/month find a cheaper service. There is almost always one. Compare the cheaper solution to the time spent fixing it when the free service cuts you off. Provide examples of free service cutting people off.

And unless you are looking for some very specific information, I would expect someone to provide an RSS feed with something similar that is supposed to be used for this sort of thing.

Re:Anything on the web is available for access

[jthill]

By those rules, taking candy from a baby isn't unethical.

Why are you asking *US*?

[elrous0]

Only YOU can decide how far you're willing to go for your job. You're essentially asking us what your own ethical limits are.

Business sense

[ThePyro]

Even if your boss doesn't care about the ethics of this scheme, he probably does care about ramifications to the business. What happens when you get caught? All your development work will have been wasted because they'll shut you down at the very least. There's potential for a lawsuit, which is an expensive proposition even if you win. Damage to your company's reputation may make it harder to do business. And as another poster already mentioned, this isn't exactly a gem of a project to put on your resume.

A character check?

[juuri]

Having been put in a position once before that an employer asked me to do something I found to be frankly quite lacking in a moral nature here's what I ultimately decided to do.

After considering the work for a while, both why I didn't feel like performing the work personally and why the company desired this functionality I finally decided to do the work, but inform my boss and his boss that I was uncomfortable creating this before hand and giving them clear notice of the whys.

Firstly I did the work because it was simply my job and I had signed onto the job. It's something a *lot* of people might not have given a second thought to creating, obviously as they both had no problems with the work since they asked me to continue even after raising my concerns. Secondly because it wasn't really "that bad" and having steady income of cash dolladolla bills allows me to have nice things like somewhere to live and food I wanted to see if it was something I was over-reacting to.

After completion? Yep, I still felt like shit. So I gave them my notice and told them in the my resignation letter why I was leaving and referred them to the early notification of my objections. So, for me, it was a good learning experience about myself and having done it in this manner I have no problem explaining it to future employers as my reason for leaving this particular job.

Who cares?

[1u3hr]

would require me to break multiple web sites' Terms of Service (TOS).

A website's "terms of service" are not the Ten Commandments. They're not laws, or even moral rules. They're just what one company wants you to do. You don't work for them, why do you care? If they notice and complain, it's your boss's problem, legally; and morally, I wouldn't lose any sleep.

Only thing to do is cover your ass and get your boss to put his instructions in a memo so he can't blame you should problems arise.

Really "scraping a website" is not a moral question on the scale of collaborating with Nazis. It's a business. Other businesses are your rivals, not your friends. They'd fuck you over in a minute.

Re:Who cares?

[Courageous]

Planning ahead of time to breach a contract, with malice aforethought, may not be as free of moral constraint as your letting on.

C//

Re:Who cares?

[1u3hr]

representative of what the populace thinks about the issue

If you read the instructions to moderators, that is not at all what moderation is supposed to do. It's supposed to highlight posts worth reading, and push ones not so out of sight. It's not meant to be a "poll" on "what the populace thinks". Otherwise every "me too" on a subject you agreed with, or "fuck you" on one you didn't would be modded up.

And if a poll was wanted, why limit it to the few moderators?

one approach

[buddyglass]

1. Tell your boss it's a bad idea to break these websites' terms of service. He'll probably override you and tell you to do the project anyway.
2. Code up the project just like he asks. Demonstrate that it works.
3. Shortly afterwards, email the sites in question from a non-work friend's account and let them know (with specific information) the accounts and IP addresses that are violating their terms of service. Hopefully the accounts will be disabled, and/or your employer's IP range will be blocked.
4. Throw up your hands and tell your boss, "Well, I guess they figured out what we were doing!"

Re:one approach

[uneek]

1. Tell your boss it's a bad idea to break these websites' terms of service. He'll probably override you and tell you to do the project anyway.
2. Code up the project just like he asks. Demonstrate that it works.
3. Shortly afterwards, email the sites in question from a non-work friend's account and let them know (with specific information) the accounts and IP addresses that are violating their terms of service. Hopefully the accounts will be disabled, and/or your employer's IP range will be blocked.
4. Throw up your hands and tell your boss, "Well, I guess they figured out what we were doing!"

Thats pretty stupid.

It doesn't solve the ethical or technical problem.

It worsens his / her relationship with the boss.

Re:one approach

[gEvil+(beta)]

The boss will just say "You're a smart guy. Find a way to get around their protections."

Re:one approach

[DingerX]

No need to rat them out. Just give the boss the 411 on the "Hidden Costs" of doing things that way. Ethical arguments are well and good, but when you're asked to do something like this, it's clear that the ethical arguments mean nothing compared to economic ones. Guaranteed system-wide outages and worse catastrophic failures (=poisoned data) are going to cost a lot. Since you cannot predict when they will happen (only that they will happen), or what they will look like, you can't give an estimate for the downtime while you develop counter-countermeasures; nor can you guarantee that those counter-countermeasures will succeed for more than a brief period (especially once they're "on to you").

The fact is, what he's proposing will be more expensive and disruptive than doing it the legit way. And it is your job to point that out. You can also then point out that while you personally consider it unethical, the industry-standard reaction does not usually involve a lawsuit, but rather to deploy simple countermeasures that disrupt and embarass the amateurs stupid enough to perpetrate it.

CYA by Asking!

[cliffiecee]

The whole idea sounds pretty scummy, based on your description. Multiple free accounts? yeesh.

So why don't you just ask the webmasters of the sites you're about to scrape? I'd bet the site owners would settle for a few hundred per month to provide you with data in whatever form you require. And it's cheaper than the $2000/mo. for a server, etc. (If these sites are "bigger" than what a few hundred a month would buy, then you damn well better ask (see below).

Ask your Legal department about this as well. They can be extremely helpful in stopping hare-brained ideas like this. If the websites in question are big enough to take action against this, YOU'RE the one left holding the bag, not Mr. Bright Idea Guy.

WARNING: All of this assumes your boss is partially sane and reasonable!! If he's a jerk, you are hosed. I'm sorry.

Re:Hilarity ensues when...

...you build a system that closely relies on this nonstandard (and unsupported) method of getting information, they change it and it breaks.

Either by accident, or because they spot a load of particular access patterns from your address, figure out what's going on and intentionally break it.

Or, better, they blackhole your IP.

If you even need to ask....

[jimicus]

If you even need to ask, you've already demonstrated a trace of ethics.

Now, sometimes having such ethics will mean you have to make difficult choices. And nobody else can make those choices for you.

While ethics won't pay the mortgage, "Reason for leaving the previous job: I was asked to do something illegal and, when I queried this, was given the ultimatum to do it or get out. I got out." is probably a heck of a lot better than "The company had to sack me after it transpired I'd done something illegal" (emails to CYA notwithstanding).

Because, make no mistake, the fact that your company has done this will get out.

Re:Hilarity ensues when...

[Paeva]

I would think this would be a good way to address the issue with your boss. He wants to save some money to get, as he thinks, the same thing for free. But in fact, there are potential downsides to playing that game. He may be disregarding potential legal issues, but he should be less willing to disregard practical issues. If this other company discovers what you're doing, they could make it a little harder to access, or they could ban your company's entire subnet and send a letter indicating that if you'd like to get access again, then you'll have to start paying them for the service you've been stealing.

The key is that, in the meantime, your boss' plan will seem like a dramatic failure that should have been foreseen.

Re:Really?

[j-pimp]

You can quit, whiner! If my boss asked me to rob a liqueur store, I wouldn't conduct a poll on the police fraternity league website first. I would quit and then report him.

I would report him and then ask the police if I should quit. They might want a mole.

Hahaha hahahaha hahaha!

[EWAdams]

"Compliance officer" in an IT business... you crack me up. You should take your show on the road.

Hospitals have compliance officers because a) they're regulated, inspected, etc. and b) people can die and they can be sued to Kingdom Come.

The IT business is about as regulated as Somalia.

Tell the boss it won't work, give reasons why.

[mark-t]

Tell him that the very next-to-best case scenario for him (the "best case" scenario being that they never notice what you are doing) is that they notice what you are doing and blacklist you from connecting to it ever again. If at all possible, give him an estimate on the likelihood of that occurring. Point out to him very plainly that if or when this outcome occurs, then what he is asking you to do now will be all for nothing. If the chance of legal ramifications is not negligible, you should also mention that as well. Document everything. If he still wants you to proceed, then polish your resume and find another job because if he's too cheap to pay 2k a month for a service he thinks he can scam off of for free, he's probably too cheap to want to continue to pay you in a few months time, after he figures he's got what he needs from you.

Leading question

[bWareiWare.co.uk]

You asked the question in a leading manor and have got odd responses as a result:

'Scrapping' pages is exactly what the Internet archive or Goggle do, this is common and generally accepted practice (look at the amount spend on SEO). It is also assumed that these operate without human supervision and do not need to read or compile with the human TOS of your site. Critically spiders should compile with the 'robots.txt'. If you do this you have the moral high ground. If you don't then it can be interoperated as criminal under the laws such as the Computer Misuse Act.

Similarly no one suggests that everyone using gMail is a parasite. Most 'free' services come with a very explicit contract detailing their allowed uses. If you compile with the contract you are fine, if not, you are again breaking the law.

Probably more importantly, this is almost certainly a bad business discussion:

Given that you as an employee have judged it as ethically questionable you can be fairly sure a significant proportion of your clients are likely to feel similarly.

Even if you are complying with the contract from your free service you are almost certainly not getting a SLA in return. If the supplier decides your business is dodgy, or you are putting too much burden on their system they will shut down all of your accounts without warning or reprieve. Constantly battling this is likely to cost you more then the hosting in the long run.

Page scrapping is very unreliable. Even when the source site is cooperating they invariable break it on every edit. What will happen to your business when the source site detects your scrapping and decides to serve goatse to your spider, and hence your clients?

Re:Mild Flamebait

...I'm a bit amused at the sudden vehemence of the Slashdotters who commonly decry all DRM and all attempts by copyright holders to protect their IP. I would have thought the community would have come down on the other side of this issue, but I guess music and games are different from websites, photos, and other scrapable data.

I can't speak for the rest of /., but for me, these two issues are nowhere near the same. I'm against DRM because I feel that it's right that once I buy (for example) a DVD, it's mine. I am entitled to copy it for backups, rip it to watch on my computer, or do whatever I please, so long as it is for personal use. I do think piracy is wrong and do not advocate it in any way, shape, or form.

If I paid someone to write a bunch of content for my site and then lost the password to the server, I wouldn't think twice about scraping the content back to myself.

I was in a situation just like this

[viridari]

My employer asked me to do something that was unethical, and likely illegal. I asked to hold off on implementation until we could consult company counsel on the legality of it. Boss and director said "No. Do it. Now." I made my case, said I'd be happy to keep working there, or not, but I'm not going to do what they're asking me to do in this case.

The next day I got my walking papers. I felt more liberated than upset.

I've now worked for two scumbag marketing companies and I'm thinking it's probably best, if you have a conscience, to avoid them like the plague.

no solution required.

[nimbius]

if i were the "website" you're scraping i find it hard to believe it would go unnoticed.
I'll warn you once or twice about it, then over the next weekend
create something nice in my OSS webserver that replaces your
scraped content with pro-taliban rhetoric and dancing goatseman.

I'll then forward all of your frantic phonecalls to my FOSS astycrapper.

Re:Mild Flamebait

[Tjebbe]

yes, DRM is not copyright enforcement, DRM is copyright evasion (the producing party circumvents the copyright law in order to be more restrictive than the law entitles him to)

Do it, if he's willing to "help you out"

[JavaRob]

Your employer doesn't have the right to ask you to place yourself in legal jeopardy in this way, and if the sh1t hits the fan do you really think that someone that came up with this scheme will balk at placing all the blame on you.

Absolutely. That's why you should agree to do the work, but because of the increased risk to yourself, you should ask for a "little something extra" under the table, just between you and him. A wad of hundred dollar bills passed discretely in a handshake, for example. "I help you, boss, you help me?" is a good phrase to clue him in on the situation and what's required for the project to continue. ...or perhaps he may rethink how he wants his workplace to operate?

And while you're at it..(Re:You're Right...)

[bwcbwc]

Make sure you use your boss's name and email for all contact information on the user accounts you setup for the scraping.

I would not recommend this...

[Tord]

The first steps are fine, but I would not recommend you to take the option step of blowinging the whistle unless you really feel strongly about the site or people you "victimize" and see it as you moral responsibility.

If you accept the job and then turn around and blows the whistle you have acted maliciously against your employer. They may have questionable morality but the fact is that you have agreed to work for and being loyal to them, don't sink to their level. They might even have legal grounds to sue you if they find out since you clearly have willingly sabotaged their business.

The only way to take the moral high ground here is to first try to make them change their mind and if that doesn't work refuse to take part in the scheme or at least demand in writing that management take full responsibility. Yes, that could have very bad consequences too. I don't envy your situation, I've been there myself a few times and have not always made decisions that were smart or made me feel good in the long run...

Of course, if things went far enough I would blow the whistle, but I don't get the impression this is one of those cases. It would be a totally different matter though if you weren't working for them or in any other way had promised your loyalty. In that case I would recommend you to blow the whistle as a concerned citizen.