Slashdot Mirror
Should You Break TOS Because Work Asks You?
An anonymous reader writes "My boss recently assigned me a project that was all his idea, with two basic flaws that would require me to break multiple web sites' Terms of Service (TOS). Part requires scraping most of the site, parsing the data and presenting it as our own without human intervention. While we're safe on copyright issues, clearly scraping like this is normally not allowed. At times it might also put a load on those sites. The other is, for lack of better words, a 'load balancing' part that requires using multiple free accounts instead of purchasing space and CPU time for less than $2,000 USD per month. The boss sees it as 'distributed' computing when in reality it's 'parasitic.'
My question is: am I wrong about the ethics? If I do need to walk, how best can I handle it without damaging my reputation and future employment opportunities?"
My question is am I wrong about the ethics?
You don't even have to ask that question, this isn't even one of those interesting cases or gray areas. What you're planning to do is wrong--even though you could probably escape any legal ramifications. It sounds pretty clear that this site creates profit from these overly priced accounts for information that you obviously value at some amount. Getting it for free (regardless of the TOS) could put you at some risk for litigation. Using the term "load balancing" or even "distributed computing" is hilariously misplaced here.
If I do need to walk how best can I handle it without damaging my reputation and future employment opportunities?
Look, I understand what's it like to be looking for a job when the economy is bad. If there are forces keeping you pinned to this employer, I don't know of them. What I would retort with is "How can you keep working this job without damaging your reputation and future employment?" I mean are you going to put in your resume that you coded a technically innovative but bandwidth stealing parasitic botnet to duplicate content from a website that asks for a monthly payment to normally access it at that volume?
I would suggest you propose the $2k/month route and if your boss balks at it, start interviewing with other companies. If you have to leave and you're worried about being blacklisted as a 'whistleblower' (and your boss just might be that kind of guy) then tell him it's for monetary reasons that you're leaving and wish him the best of luck in his future scams.
My work here is dung.
...ask a lawyer.
Did the contractors on the Death Star deserve to die?
...you build a system that closely relies on this nonstandard (and unsupported) method of getting information, they change it and it breaks.
Either by accident, or because they spot a load of particular access patterns from your address, figure out what's going on and intentionally break it.
If your boss asks you to do something illegal, don't. If he doesn't agree, you should probably be looking for a new job, already. If he's willing to play these kinds of games with another company, what makes you think he won't do the same to you?
No. By your own admission you think its wrong. Next?
Okay, this one is simple. You know what is right and what is wrong. The reality is that 99% of the folks will do what the boss asks without even raising a fuss. The reality is that you will be damaging your career if you don't go ahead.
Now, the other reality is that shit flows downhill. That is, if this project gets questioned, the boss will claim ignorance, and put the blame on you. Your job is to cover your ass.
Email is a good documentation tool. "Clarify" the request, asking if this is what he intends for you to do. Remove the emotion. Put in only facts. Put in a piece about your not being sure, but this may be a violation of terms of service. Ask if he wants you to proceed. Forward your sent email to a personal account.
By the book. This one is so simple that it should be in the FAQ.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
If you can access it, it was designed to be accessed.
So you're totally behind email spam, you don't think spam should be considered unethical, let alone made illegal?
I work in health care, so maybe it's different in your industry, but every hospital I've worked for has had a compliance officer with an anonymous 800-number for compliance questions. This is DEFINITELY the kind of stuff they want to know about.
Fix it. He wants to do something on the cheap and look good. But the way he wants to do it is going to fail spectacularly. And when it fails, so will you. If this puts any amount of load on the services it is using, it will get picked up by the service provider. Maybe not today, but it will. And then the accounts will get turned off and possibly your IP addresses blacklisted, and then it all goes away. So give him a better solution. If he is balking at the $2k/month find a cheaper service. There is almost always one. Compare the cheaper solution to the time spent fixing it when the free service cuts you off. Provide examples of free service cutting people off.
And unless you are looking for some very specific information, I would expect someone to provide an RSS feed with something similar that is supposed to be used for this sort of thing.
By those rules, taking candy from a baby isn't unethical.
As always, all IMO. Insert "I think" everywhere grammatically possible.
Only YOU can decide how far you're willing to go for your job. You're essentially asking us what your own ethical limits are.
SJW: Someone who has run out of real oppression, and has to fake it.
Even if your boss doesn't care about the ethics of this scheme, he probably does care about ramifications to the business. What happens when you get caught? All your development work will have been wasted because they'll shut you down at the very least. There's potential for a lawsuit, which is an expensive proposition even if you win. Damage to your company's reputation may make it harder to do business. And as another poster already mentioned, this isn't exactly a gem of a project to put on your resume.
Babies really shouldn't be given candy in the first place.
Having been put in a position once before that an employer asked me to do something I found to be frankly quite lacking in a moral nature here's what I ultimately decided to do.
After considering the work for a while, both why I didn't feel like performing the work personally and why the company desired this functionality I finally decided to do the work, but inform my boss and his boss that I was uncomfortable creating this before hand and giving them clear notice of the whys.
Firstly I did the work because it was simply my job and I had signed onto the job. It's something a *lot* of people might not have given a second thought to creating, obviously as they both had no problems with the work since they asked me to continue even after raising my concerns. Secondly because it wasn't really "that bad" and having steady income of cash dolladolla bills allows me to have nice things like somewhere to live and food I wanted to see if it was something I was over-reacting to.
After completion? Yep, I still felt like shit. So I gave them my notice and told them in the my resignation letter why I was leaving and referred them to the early notification of my objections. So, for me, it was a good learning experience about myself and having done it in this manner I have no problem explaining it to future employers as my reason for leaving this particular job.
--- I do not moderate.
A website's "terms of service" are not the Ten Commandments. They're not laws, or even moral rules. They're just what one company wants you to do. You don't work for them, why do you care? If they notice and complain, it's your boss's problem, legally; and morally, I wouldn't lose any sleep.
Only thing to do is cover your ass and get your boss to put his instructions in a memo so he can't blame you should problems arise.
Really "scraping a website" is not a moral question on the scale of collaborating with Nazis. It's a business. Other businesses are your rivals, not your friends. They'd fuck you over in a minute.
I told you to scrape Slashdot, not read it. Now get back to work!
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
The whole idea sounds pretty scummy, based on your description. Multiple free accounts? yeesh.
So why don't you just ask the webmasters of the sites you're about to scrape? I'd bet the site owners would settle for a few hundred per month to provide you with data in whatever form you require. And it's cheaper than the $2000/mo. for a server, etc. (If these sites are "bigger" than what a few hundred a month would buy, then you damn well better ask (see below).
Ask your Legal department about this as well. They can be extremely helpful in stopping hare-brained ideas like this. If the websites in question are big enough to take action against this, YOU'RE the one left holding the bag, not Mr. Bright Idea Guy.
WARNING: All of this assumes your boss is partially sane and reasonable!! If he's a jerk, you are hosed. I'm sorry.
If you even need to ask, you've already demonstrated a trace of ethics.
Now, sometimes having such ethics will mean you have to make difficult choices. And nobody else can make those choices for you.
While ethics won't pay the mortgage, "Reason for leaving the previous job: I was asked to do something illegal and, when I queried this, was given the ultimatum to do it or get out. I got out." is probably a heck of a lot better than "The company had to sack me after it transpired I'd done something illegal" (emails to CYA notwithstanding).
Because, make no mistake, the fact that your company has done this will get out.
I don't have my copy of the ACM code of ethics
Well, look no further: The ACM Code of Ethics
Some sections relating to this issue would be:
1.1 Contribute to society (and human well-being.)
1.2 Avoid harm to others.
1.3 Be honest and trustworthy.
1.5 Honor property rights (including copyrights and patent.)
1.6 Give proper credit for intellectual property.
1.8 Honor confidentiality.
She made the willows dance
You can quit, whiner! If my boss asked me to rob a liqueur store, I wouldn't conduct a poll on the police fraternity league website first. I would quit and then report him.
I would report him and then ask the police if I should quit. They might want a mole.
--- Justin Dearing http://www.justaprogrammer.net/ We're just programmers.
"Compliance officer" in an IT business... you crack me up. You should take your show on the road.
Hospitals have compliance officers because a) they're regulated, inspected, etc. and b) people can die and they can be sued to Kingdom Come.
The IT business is about as regulated as Somalia.
I piss off bigots.
Babies really shouldn't be given candy in the first place.
Then taking candy from a baby IS the ethical thing to do!
If you have something that you dont want anyone to know, maybe you shouldnt be doing it in the first place -Eric Schmidt
Mmmmmmm... ass burgers.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Tell him that the very next-to-best case scenario for him (the "best case" scenario being that they never notice what you are doing) is that they notice what you are doing and blacklist you from connecting to it ever again. If at all possible, give him an estimate on the likelihood of that occurring. Point out to him very plainly that if or when this outcome occurs, then what he is asking you to do now will be all for nothing. If the chance of legal ramifications is not negligible, you should also mention that as well. Document everything. If he still wants you to proceed, then polish your resume and find another job because if he's too cheap to pay 2k a month for a service he thinks he can scam off of for free, he's probably too cheap to want to continue to pay you in a few months time, after he figures he's got what he needs from you.
File under 'M' for 'Manic ranting'
This is a shortsighted view of the problem here.
"You're getting paid to do a job, and you're not going to be personally liable should anything go wrong anyway."
Incorrect. His boss isn't breaking the Terms of Service, he is. When the website in question terminates their access, guess who's gonna get the flak? The person who *implemented* the system, not the one who designed/thought of it, especially if they are non-technical and rely on lower-order technical beings to do things for them.
Take, for example, a situation that I regularly come across:
Boss: "It's okay, we'll just copy all these Microsoft CD's and save a fortune on licensing."
Boss's Boss: "Okay. You know best."
Boss (to underling): "Copy these CD's"
Underling in theory: "Okay". Underling in practice: "We *can't* do that."
When things go wrong, the underling in theory is going to get the blame here, because it's his area of expertise and he *wrote* the system that does it. I get people suggest to me all the time that we could just install another license of Office that we don't own, or we can just copy CD's that have blatant copyright notices on them, or breach a Data Protection Act directive by doing X, or a million and one other things that I *know* we can't do. The people in charge of me barely understand the terms, let alone whether what they are doing is illegal. I have to sit and explain to my boss and my boss's boss why we can't do them. Trust me, if something got noticed, Underling in Theory would get sacked/sued every time.
"Are you really going to walk out of your job over violating the terms of service of a few web sites?"
Why not? I get asked to do all sorts of crap and I point it out and say no. If I *chose* to do it instead, then it's a different matter. But when I *refuse* to do something on legal or ethical grounds (we're not just talking ethics here - it also sounds like they have a "subscription" of some kind to the data that they are scraping, or that it's a competitors website) then if you *make* me, I will walk (been there, done that - I've turned down a good career move and more money in order to sleep at night - not that I was being asked to break the law, not that I was being asked to sell my children, but that I was being asked to do things that I didn't agree with [wasting money within a school on useless IT cruft and consultants while the kids didn't have books or paper]). I'll also report you to the BSA or whatever organisation I need to if you really press me, or the local press like I did in the above case (they didn't do anything with it, but I breathed a sigh of relief once I'd sent off the information to them - my part was done and I'd done good by myself - if the press decide to sit on something, that's on *their* conscience, not mine). You don't do illegal stuff if you're honest and your mortgage depends on a wage.
"It's not your job to worry about the ethics of the situation, that's probably not even your boss's job -- it's somewhere in your corporate legal department, the Board, or an Ethics or HR department perhaps."
Wrong. Because they won't even *know* what the problem is until it comes up in court and they have it explained to them in excruciating detail. However, someone who decides to do something that's part of their job, within their area of expertise and breaks a law (or even does something a bit stupid) that *they* should know about will get fired/sued by their own company once the shit hits the fan. So your boss *and* you might get sacked - you're still no better off and your employment reference is now a million times worse.
"just do what you're being paid to do and ask fewer questions."
It's sad that people think this is a good way to live. He's *being paid* to do his job. Which does not entail questioning his ethics or breaking Terms of Service (even if legally unenforceable) or anything else. His *job* is to stand up and say "Whoa, hold on, we can't do that". If he doesn't do that, he's not doing his job an
Copyright. The copyright holder has the right to do pretty much what they want with their own data. If that means putting up a notice that says "free to view, pay if you want to download", they can do that. Copy an image from a website and then upload it somewhere else, or put it in an advert, or print it out and stick it on your office wall. Chances are you just broke copyright law. You can't do this with anything copyrighted, no matter how easy it is to "technically" do it. Dilbert cartoons, youtube vids, Slashdot comments, it doesn't matter. If it's copyrighted, you *can't* do this.
You asked the question in a leading manor and have got odd responses as a result:
'Scrapping' pages is exactly what the Internet archive or Goggle do, this is common and generally accepted practice (look at the amount spend on SEO). It is also assumed that these operate without human supervision and do not need to read or compile with the human TOS of your site. Critically spiders should compile with the 'robots.txt'. If you do this you have the moral high ground. If you don't then it can be interoperated as criminal under the laws such as the Computer Misuse Act.
Similarly no one suggests that everyone using gMail is a parasite. Most 'free' services come with a very explicit contract detailing their allowed uses. If you compile with the contract you are fine, if not, you are again breaking the law.
Probably more importantly, this is almost certainly a bad business discussion:
Given that you as an employee have judged it as ethically questionable you can be fairly sure a significant proportion of your clients are likely to feel similarly.
Even if you are complying with the contract from your free service you are almost certainly not getting a SLA in return. If the supplier decides your business is dodgy, or you are putting too much burden on their system they will shut down all of your accounts without warning or reprieve. Constantly battling this is likely to cost you more then the hosting in the long run.
Page scrapping is very unreliable. Even when the source site is cooperating they invariable break it on every edit. What will happen to your business when the source site detects your scrapping and decides to serve goatse to your spider, and hence your clients?
Even if you don't want to tangle with the ethical issues, ask your boss how he feels about the app constantly going down and losing data because the "parasited" service deleted all your free accounts.
Reminds me of a time when an Ebay'er was pointing to images on my website for an automotive auction. Didn't ask us or give us credit for the images. So, his example of "recently restored examples" became a photo of a '63 Imperial being loaded into a crusher.
How's that for Crushing the Competition?!
To Copy from One is Plagiarism; To Copy from Many is Research.
...scraping is extremely delicate and very easy to thwart.
Then that's what he needs to tell his boss (and I agree with you). He needs to clearly inform his boss that it is probably illegal and opens his company up to (expensive) litigation and, more importantly, even if it doesn't get to litigation, the source site could make a change that renders their scraping efforts null and void. It needs to be put in a dollars-and-cents picture so that the boss realizes that the best (and only) solution is to pay the licensing fee. Doing otherwise will likely be more expensive and inconvenient. Any other depiction of the scenario won't matter to a boss that is only concerned with the bottom line.
And, if that doesn't work, polish your resume.
...I'm a bit amused at the sudden vehemence of the Slashdotters who commonly decry all DRM and all attempts by copyright holders to protect their IP. I would have thought the community would have come down on the other side of this issue, but I guess music and games are different from websites, photos, and other scrapable data.
I can't speak for the rest of /., but for me, these two issues are nowhere near the same. I'm against DRM because I feel that it's right that once I buy (for example) a DVD, it's mine. I am entitled to copy it for backups, rip it to watch on my computer, or do whatever I please, so long as it is for personal use. I do think piracy is wrong and do not advocate it in any way, shape, or form.
If I paid someone to write a bunch of content for my site and then lost the password to the server, I wouldn't think twice about scraping the content back to myself.
My employer asked me to do something that was unethical, and likely illegal. I asked to hold off on implementation until we could consult company counsel on the legality of it. Boss and director said "No. Do it. Now." I made my case, said I'd be happy to keep working there, or not, but I'm not going to do what they're asking me to do in this case.
The next day I got my walking papers. I felt more liberated than upset.
I've now worked for two scumbag marketing companies and I'm thinking it's probably best, if you have a conscience, to avoid them like the plague.
if i were the "website" you're scraping i find it hard to believe it would go unnoticed.
I'll warn you once or twice about it, then over the next weekend
create something nice in my OSS webserver that replaces your
scraped content with pro-taliban rhetoric and dancing goatseman.
I'll then forward all of your frantic phonecalls to my FOSS astycrapper.
Good people go to bed earlier.
yes, DRM is not copyright enforcement, DRM is copyright evasion (the producing party circumvents the copyright law in order to be more restrictive than the law entitles him to)
Somebody once pointed at a picture of a frosted birthday cake on my web site from a forum. So I grabbed my image editor and built a special edition of the cake just for him, where the frosting read "Don't link to my images!"
I also have a specially crafted JPEG which is under 1000 bytes but which produces a 20,000x20,000 pixel image filled with black. It will totally screw up the layout of any page linking to it if they haven't entered an explicit size for the tag.
If you mod me Overrated, you are admitting that you have no penis.
Your employer doesn't have the right to ask you to place yourself in legal jeopardy in this way, and if the sh1t hits the fan do you really think that someone that came up with this scheme will balk at placing all the blame on you.
Absolutely. That's why you should agree to do the work, but because of the increased risk to yourself, you should ask for a "little something extra" under the table, just between you and him. A wad of hundred dollar bills passed discretely in a handshake, for example. "I help you, boss, you help me?" is a good phrase to clue him in on the situation and what's required for the project to continue. ...or perhaps he may rethink how he wants his workplace to operate?
My take on this is that, though your assignment has spawned an ethical question, the reality of the situation is economic.
Your boss believes that it will cost him less to "scrape" data from the website and use multiple free accounts than to simply pay for the data access. This may be true at first, but, ultimately, this is false.
On the off chance you've not scraped websites before, I'll tell you that this is extremely error prone. So, while this may work initially, you'll be constantly chasing down bugs in the process.
Based on your description I assume you'd be automatically logging into their systems before scraping the data. What if their login process changes? What if they restructure their website? What if they add a captcha to the registration and login process?
My point is, what your boss wants to do is, to use Steve Job's recent phrase, a bag of hurt.
I'll bet that given enough time, the cost to your company in terms of your salary to build and maintain this application will be greater than the cost to actually pay for the data and create a dependable connection.
Don't forget to factor in what it costs you when your users see bad data or error messages due to the process breaking.
It'll cost less to do it the right way. So forget the ethics of it and educate your boss on the economics of it.
As someone who works for a web company that is full of high-demand listing information, we are constantly having to deal with this kind of activity. Any site with dynamic data that is in demand will already have a procedure to deal with the kind of activity you are driving to it, as they have almost certainly dealt with it before. In our case, we have a network appliance that can detect if you are a scraper based on your traffic, and then serve you a "you've been throttled" page. In short, your script will be an exercise in futility. Here is a better solution for your company - contact the source of the data, and offer to purchase a feed from them. Chances our they will be willing to comply to keep you from loading their website with stupid traffic. You will end up having to pay money, but at least your process won't break. You should suggest this to your boss at least. A side note: your peers will definitely frown on your actions. If I knew a person behind this kind of activity they'd get branded scarlet-letter-style.
You are an employee of a corporate: protected by its immunity.
Employees have no immunity from felony prosecution. Bang, period, end of sentence. There is no immunity anywhere in corporate life. There is indemnity, which is a separate issue, which protects you from civil lawsuit; it does not protect you in any way from felony charges.
If you commit a felony and the police come knocking, expect to get charged. The corporation won't be.
And if you really think that protecting your company from a lawsuit and reporting possibly felonious actions to the company's legal department will get you not hired anywhere else, you really need to spend more time in corporate America. This is the way you handle these things. You don't involve the police and you don't go to the press. You go to the corporation's own internal hierarchy and say "my manager is doing something aggressively stupid which, if discovered, will get me in a ton of trouble and expose the company to massive financial risk. Please make him stop."
What do you think Legal exists for? They're there to protect the company -- from internal threats as well as external ones.
Make sure you use your boss's name and email for all contact information on the user accounts you setup for the scraping.
We are the 198 proof..
Sure, it's immoral, and you're violating the other website's TOS. That, however is completely irrelevant.
What is relevant is that any feed you use that isn't backed up a valid contract, can and will disappear at random times, sometimes permanently, as well as contain data you weren't expecting and be missing data you were expecting.
Ask your boss how happy he'll be when the domain owner sells to a spammer and his scraped data is now "Male Enhancement" ads instead of weather data.
The first steps are fine, but I would not recommend you to take the option step of blowinging the whistle unless you really feel strongly about the site or people you "victimize" and see it as you moral responsibility.
If you accept the job and then turn around and blows the whistle you have acted maliciously against your employer. They may have questionable morality but the fact is that you have agreed to work for and being loyal to them, don't sink to their level. They might even have legal grounds to sue you if they find out since you clearly have willingly sabotaged their business.
The only way to take the moral high ground here is to first try to make them change their mind and if that doesn't work refuse to take part in the scheme or at least demand in writing that management take full responsibility. Yes, that could have very bad consequences too. I don't envy your situation, I've been there myself a few times and have not always made decisions that were smart or made me feel good in the long run...
Of course, if things went far enough I would blow the whistle, but I don't get the impression this is one of those cases. It would be a totally different matter though if you weren't working for them or in any other way had promised your loyalty. In that case I would recommend you to blow the whistle as a concerned citizen.
Can you post the URL?
I told you to scrape Slashdot, not read it. Now get back to work!
I've only one thing to say to Anonymous Slashdot Scraper... '); DROP TABLE rippedoffcomments; -- Goodbye!
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
IE also refuses to render it. But when downloaded to desktop, I got a thumbnail, and I can open it in Paint.NET just fine (it's actually 0x808080 rather than 0x000000). Paint.NET swallows 3.2GB of memory when I do this. Good thing I have plenty of RAM and a 64-bit OS :)
Quality, performance, value; you get only two, and you don't always get to pick.