EFF: Accessing Publicly Available Information On the Internet Is Not a Crime (eff.org)

← Back to Stories (view on slashdot.org)

EFF: Accessing Publicly Available Information On the Internet Is Not a Crime (eff.org)

Posted by BeauHD on Thursday December 14, 2017 @09:50AM from the free-for-all dept.

An anonymous reader quotes a report from EFF: EFF is fighting another attempt by a giant corporation to take advantage of our poorly drafted federal computer crime statute for commercial advantage -- without any regard for the impact on the rest of us. This time the culprit is LinkedIn. The social networking giant wants violations of its corporate policy against using automated scripts to access public information on its website to count as felony "hacking" under the Computer Fraud and Abuse Act, a 1986 federal law meant to criminalize breaking into private computer systems to access non-public information.

EFF, together with our friends DuckDuckGo and the Internet Archive, have urged the Ninth Circuit Court of Appeals to reject LinkedIn's request to transform the CFAA from a law meant to target "hacking" into a tool for enforcing its computer use policies. Using automated scripts to access publicly available data is not "hacking," and neither is violating a website's terms of use. LinkedIn would have the court believe that all "bots" are bad, but they're actually a common and necessary part of the Internet. "Good bots" were responsible for 23 percent of Web traffic in 2016. Using them to access publicly available information on the open Internet should not be punishable by years in federal prison. LinkedIn's position would undermine open access to information online, a hallmark of today's Internet, and threaten socially valuable bots that journalists, researchers, and Internet users around the world rely on every day -- all in the name of preserving LinkedIn's advantage over a competing service. The Ninth Circuit should make sure that doesn't happen.

175 comments

Min score:

Reason:

Sort:

Wait just a minute... by kenh · 2017-12-14 10:02 · Score: 4, Interesting

Using automated scripts to access publicly available data is not "hacking," and neither is violating a website's terms of use .
If I'm reading this correctly, I'm not so sure I agree with that last bit, about "violating terms of use". So all terms of use are null and void (if my browser can find it, it's publicly accessible, no matter what I have to agree to in order to get access to it?)? For example, if I have a website that stipulates you must agree not to disseminate the information made available to you by agreeing to these terms of use, you remain free to ignore that agreement?
Or are they saying that an automated script that can bypass a Term of Use agreement isn't hacking?

--
Ken
1. Re:Wait just a minute... by ColaMan · 2017-12-14 10:10 · Score: 5, Insightful
  
  If:
  I can send a simple http request to your server, and
  Your server sends me the information without doing its homework, then
  Sucks to be you.
  Don't want your information to be scraped? Have it behind a login - free or otherwise - then ban accounts that are slurping down 10,000 pages a day.
  Ohhhhh then it wouldn't be easily indexed by search engines and thus findable by the general public and your site would fade into obscurity. What to do!? Courts to the rescue, it seems!
  
  --
  
  You are in a twisty maze of processor lines, all alike.
  There is a lot of hype here.
2. Re:Wait just a minute... by Anonymous Coward · 2017-12-14 10:10 · Score: 0
  
  they are saying "violating a website's terms of use" is not felony hacking under the Computer Fraud and Abuse Act
3. Re: Wait just a minute... by Anonymous Coward · 2017-12-14 10:11 · Score: 0
  
  They aren't saying the agreement should be null and void. They are saying it shouldn't be punishable by a federal crime. If you break the agreement then they can ban you from the website. That is fair enough. Charging them when hacking and sending them to prison? That is absurd.
4. Re:Wait just a minute... by mycroft822 · 2017-12-14 10:13 · Score: 4, Insightful
  
  I think they are only making the argument that you can't charge someone with felony hacking because they are accessing the information you make publicly available in a way you don't like.
5. Re:Wait just a minute... by kenh · 2017-12-14 10:13 · Score: 1
  
  Don't want your information to be scraped? Have it behind a login
  And the protection the login affords you is embedded in the "Term of Use" when you created your account, but if I'm reading this right (and I may not be), using your login and ignoring Terms of Use is A-OK.
  
  --
  Ken
6. Re:Wait just a minute... by Anonymous Coward · 2017-12-14 10:16 · Score: 0
  
  violating terms of use might at best be a tort rather than a crime, but realistically, I'd say it's being socially awkward or a jerk. But soemone being a douchenozzle isn't something you can sue over without proving damages.
7. Re:Wait just a minute... by Anonymous Coward · 2017-12-14 10:18 · Score: 0
  
  Or are they saying that an automated script that can bypass a Term of Use agreement isn't hacking?
  They're saying if you can access it publicly, claiming it's "felony hacking" is complete bullshit.
  The information is there, on a web server to be accessed, is totally unsecured .. the notion that you've committed a felony by pointing a browser or agent at it and downloading a page without bypassing any security mechanism is ridiculous.
  It is gross over-reach to call accessing information published on your website (without any authentication required) "hacking" or a "crime".
  Imagine if the copyright lobby tried to argue that by looking at someone else's newspaper on the bus you've violated their copyright because you weren't licensed to do so.
  The standard of "hacking" has to be more than "made http request and got a response". They may not want you to access it without their permissions, but it's not like anybody was bypassing any actual security ... don't want that? Make your site login-only and don't serve up data.
  This is LinkedIn (and by proxy Microsoft) trying to over apply a badly written law.
8. Re:Wait just a minute... by Anonymous Coward · 2017-12-14 10:20 · Score: 0
  
  The converse of that is that you allow private entities to decide what is and is not a federal felony under the CFAA.
  They're just trying to say that you have to put in controls that are primarily technical, not mere notes on a ToS link that nobody reads.
  The best view I've heard on this is that unlawful access should be centered around material deception. That is, you falsified some part of your request and but for that falsification, their computers (or humans) would not have given you the data.
  Anything less would lead to giving private entities too much control over the scope of federal felonies simply by drafting things into a doc on their website, with the general public having no say in that.
9. Re:Wait just a minute... by Anonymous Coward · 2017-12-14 10:22 · Score: 2, Informative
  
  using your login and ignoring Terms of Use is A-OK
  no, because at that point we are no longer talking about public information
10. Re:Wait just a minute... by Ichijo · 2017-12-14 10:27 · Score: 1
  
  Disseminating information without authorization (violating a license agreement) is not the same as accessing information without authorization (hacking).
  
  --
  Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
11. Re:Wait just a minute... by DrStrangluv · 2017-12-14 10:28 · Score: 1
  
  There's hacking, and then there's hacking. Current law treats any piddly little violation as if you're some l33t mastermind expert criminal.
12. Re:Wait just a minute... by Desler · 2017-12-14 10:32 · Score: 2
  
  Nope, because that’s no longer publicly available information. Do try to actually keep up with the argument the EFF is actually making not your strawman version.
13. Re:Wait just a minute... by Anonymous Coward · 2017-12-14 10:33 · Score: 1
  
  but if I'm reading this right (and I may not be), using your login and ignoring Terms of Use is A-OK.
  Absolutely no login required.
  Literally, published to anybody who makes an HTTP request.
  Accessed, in violation of a ToS, and someone trying to make that a felony. See the insanity here?
14. Re:Wait just a minute... by Anonymous Coward · 2017-12-14 10:34 · Score: 0
  
  So you think people should be sentenced to jail for felony computer crime because they happened to break a ToS clause? Are you fucking insane?
15. Re:Wait just a minute... by Desler · 2017-12-14 10:38 · Score: 1
  
  They are not arguing all terms of use are null in void. They are arguing that accessing publically available information is not felony hacking just because it violates a ToS. It could very well still be a civil offense, but it should in no way be a felony crime. To think otherwise is insanity.
16. Re:Wait just a minute... by Anonymous Coward · 2017-12-14 10:42 · Score: 0
  
  The puzzling part of all this is that there recently an article about Uber doing this and "being evil". Apparently, people seem to think this is illegal. I have no idea why. We sort of have this in the real world which is also puzzling. Try taking pictures of a building and attempt to sell them. You may own the copyright, but you make have taken a picture of trademarked material. So the laws here are very confusing at best. I assume the scrapers are grabbing the data for internal consumption, so unless they attempt to repackage and resell for commercial purposes, there shouldn't be an issue. But I don't think duckduckgo counts as non-commercial.
17. Re:Wait just a minute... by fahrbot-bot · 2017-12-14 10:44 · Score: 1
  
  Using automated scripts to access publicly available data is not "hacking," and neither is violating a website's terms of use .
  If I'm reading this correctly, I'm not so sure I agree with that last bit, about "violating terms of use". ...
  I'm sure we can all agree that hacking a website and violating their terms of use are not necessarily the same thing. If their terms say you must be wearing a blue shirt to use the site and your shirt is red, I can't really see any hacking going on. I imagine that a bot retrieving information automatically that could similarly be retrieved manually are pretty much the same thing, unless the bot operates so much faster that it affects operation of the site. Even then, no reasonable person would call that "hacking". What's going on here is that LinkedIn is neither (a) reasonable or (b) a person -- even before they were bought by Microsoft.
  
  --
  It must have been something you assimilated. . . .
18. Re:Wait just a minute... by Anonymous Coward · 2017-12-14 10:45 · Score: 0
  
  Well what's your solution?
19. Re:Wait just a minute... by greenwow · 2017-12-14 10:46 · Score: 3, Funny
  
  CNN confirmed that looking at Wikileaks is a crime, and they helped the public by informing us many times of that. If they hadn't, then more people probably would have been put in prison for reading the DNC leaks and voted for Trump. That would have been horrible.
20. Re:Wait just a minute... by Desler · 2017-12-14 10:48 · Score: 1
  
  Require authorization through a login to access the information. If people then break into their servers and violate those access controls then it would apply under the CFAA.
21. Re:Wait just a minute... by Solandri · 2017-12-14 10:49 · Score: 1
  
  Don't want your information to be scraped? Have it behind a login - free or otherwise - then ban accounts that are slurping down 10,000 pages a day.
  
  Ohhhhh then it wouldn't be easily indexed by search engines and thus findable by the general public and your site would fade into obscurity. What to do!?
  
  Seems to me it would be trivial to code in exceptions to the slurp limit for the IP address of known search engines. And leave a link on your site for search engines you don't know about to request an exception.
  
  Course the next step in this arms race is to use a botnet to do distributed slurping. Each compromised machine accesses a handful of pages, then sends them to a master server for aggregation. I'm not sure what you could do to prevent that, technically or legally. If you hang your laundry out in some place accessible to the public, just accept that people will be able to take snapshots of it.
22. Re:Wait just a minute... by Desler · 2017-12-14 10:51 · Score: 1
  
  Except that story didn’t say what they did was illegal or a violating of the CFAA. In fact the story said the following:
  
  It’s possible Uber’s data gathering did not violate any laws—much of it occurred internationally, and the data was often collected from publicly-available websites and apps
  But, hey, don’t let facts get in the way of your post.
23. Re:Wait just a minute... by Anonymous Coward · 2017-12-14 10:52 · Score: 0
  
  Violation of TOS is a civil issue, not a matter of criminal justice.
24. Re:Wait just a minute... by Quirkz · 2017-12-14 11:00 · Score: 1
  
  Course the next step in this arms race is to use a botnet to do distributed slurping. Each compromised machine accesses a handful of pages, then sends them to a master server for aggregation. I'm not sure what you could do to prevent that, technically or legally.
  Wait until they post the data, accuse them of running a botnet, and then bring a slightly more valid "hacking" case against them?
  
  --
  The Quirkz Handbook of Self-Improvement for People Who Are Already Pretty Okay
25. Re:Wait just a minute... by Anonymous Coward · 2017-12-14 11:05 · Score: 1
  
  Didn't LinkedIn jump-start its popularity by scraping other sites' contact info?
26. Re:Wait just a minute... by anegg · 2017-12-14 11:08 · Score: 2
  
  A website that provides public information (no login) could use a rate limit to control how much of its resources can be commandeered by a third party. A website that provides information only after a login (and has terms of service for same) can revoke the login privileges if the terms of service are violated. Neither case seems to warrant aligning violation of terms of service or slurping too much data with committing a felony hack, just as trying to take too many brochures from the distribution rack doesn't warrant a felony theft charge.
27. Re:Wait just a minute... by Cajun+Hell · 2017-12-14 11:15 · Score: 2
  
  [This is my own take; I'm not with EFF]
  
  For example, if I have a website that stipulates you must agree not to disseminate the information made available to you by agreeing to these terms of use, you remain free to ignore that agreement?
  You need to get whoever/whatever reads the data to agree.
  If you send the data before they agree, or without finding out whether or not they agreed, then it wasn't really terms, was it? Did you actually stipulate, or did you just plan to do so and then not follow through?
  Merely wishing for certain terms isn't good enough. Merely offering certain terms (but then sending the data anyway, whether or not agreement happened) isn't enough.
  Doing those things but not actually getting agreement, isn't any different than me putting terms at the bottom of this comment. If you didn't agree to the terms but I send you this comment anyway, then they weren't terms. It's just like printing a EULA and putting it inside a box, and pretending that whoever opens the box, reads the EULA and signs it and mails it back to you. But what if they don't?
  By reading this comment, you agree to give me a dollar for my valuable time (ha!!) and you also agree that this was the most insightful thing you read this month.
  
  --
  "Believe me!" -- Donald Trump
28. Re:Wait just a minute... by Anonymous Coward · 2017-12-14 11:21 · Score: 0
  
  " For example, if I have a website that stipulates you must agree not to disseminate the information made available to you by agreeing to these terms of use, you remain free to ignore that agreement"
  Yes, that is exactly it. If you post information publically, you can't really have that expectation. If you put the information behind a barrier that requires a login or something, it's possible to have a set of terms like this, but if a user can prove that they never signed an agreement with you or that the form of 'signing' during account creation was unclear or disingenuous then they can get out of your desired usage terms.
  Regardless of any nuanced claims regarding any of this.. This would always, always, always (except not now since the government is stepping in to be private police for companies) be a civil matter of contract breach, not a criminal matter.
29. Re:Wait just a minute... by Desler · 2017-12-14 11:35 · Score: 1
  
  Hey now, don’t you dare point out LinkedIn’s hypocrisy with your silly “facts.”
30. Re:Wait just a minute... by im_thatoneguy · 2017-12-14 11:44 · Score: 1
  
  Your server sends me the information without doing its homework, then
  Sucks to be you.
  Two problems with this:
  1) that's the argument for DRM. It already is password protected, by requiring users to log their bot in. So they're violating terms of services by logging their bot in.
  2) It's like a burglar using the "The door wasn't locked therefore the property owner didn't do their due diligence to keep me out."
  I don't think it should be a felony but it should be something. For instance if I sneak into a movie theater I am not a burglar but I'm also not there lawfully and I am taking a valuable resource which wasn't "sufficiently secured".
  #2 is a really dodgy precedent. It essentially says that a computer using a default password isn't hacked since the user didn't do their due diligence to secure it. "If they didn't want me logging into their system, they should have used a firewall".
31. Re:Wait just a minute... by suutar · 2017-12-14 12:10 · Score: 2
  
  You're assuming they had to log in to access the information in question. The impression I had was that they were accessing data that didn't require a login. The materials I've found are not extremely clear on that point, but it does specify that hi-Q was accessing the publicly available portions of LinkedIn's site, which to me implies that it's the parts that don't need a login.
  If a login was required to get to the data then I agree with you, but I don't think it was.
32. Re:Wait just a minute... by easyTree · 2017-12-14 12:13 · Score: 1
  
  At what point does this act of bad faith reflect badly on LinkedIn ?
  
  --
  Requiem for the American Dream
33. Re:Wait just a minute... by Anonymous Coward · 2017-12-14 12:17 · Score: 0
  
  They also scraped all of my email contacts by some sleight of hand.
34. Re:Wait just a minute... by Trongy · 2017-12-14 12:43 · Score: 2
  
  It also reflects badly on Microsoft Corporation, the owner of LinkedIn.
35. Re:Wait just a minute... by Anonymous Coward · 2017-12-14 12:54 · Score: 1
  
  Welcome to the retarded world of really shitty tangible-to-tech analogies. No, it's not like "the door wasn't locked therefore I could steal shit," it's a lot more like "they set it out by the road where I could see it and I walked over and took a good look at what I could see of it from the public sidewalk." Oh, and a "computer using the default password" would in fact be no different than an unsecured system; the password is public knowledge and being a widely known default it is not put in place to prevent access. It's a placeholder because the system is not designed to allow a blank password.
36. Re:Wait just a minute... by Scarletdown · 2017-12-14 13:14 · Score: 1
  
  They're saying if you can access it publicly, claiming it's "felony hacking" is complete bullshit.
  The information is there, on a web server to be accessed, is totally unsecured .. the notion that you've committed a felony by pointing a browser or agent at it and downloading a page without bypassing any security mechanism is ridiculous.
  It is gross over-reach to call accessing information published on your website (without any authentication required) "hacking" or a "crime".
  Imagine if the copyright lobby tried to argue that by looking at someone else's newspaper on the bus you've violated their copyright because you weren't licensed to do so.
  The standard of "hacking" has to be more than "made http request and got a response". They may not want you to access it without their permissions, but it's not like anybody was bypassing any actual security ... don't want that? Make your site login-only and don't serve up data.
  This is LinkedIn (and by proxy Microsoft) trying to over apply a badly written law.
  Look at it this way. If they manage to get their way, then there will be a much quicker and easier means to have people you don't approve of be stripped of not only their right to vote, but also their 2nd Amendment right. Because, you know...felon!
  
  --
  This space unintentionally left blank.
37. Re:Wait just a minute... by Anonymous Coward · 2017-12-14 13:38 · Score: 0
  
  It's like a burglar using the ....
  No it's not just like, but exactly is someone asking for your stuff and then you willingly give it to them. That is what an HTTP transaction is. Client asks, server gives or denies.
  The client can never be to blame for the server fulfilling an HTTP get request.
38. Re: Wait just a minute... by viperidaenz · 2017-12-14 14:30 · Score: 1
  
  I think they've already tried that
  They tell the people running the bots they're banned from their website, but have nothing to physically stop them.
  After telling them "you're not allowed to access our public website" they then try to get them prosecuted for illegally accessing a computer system when they keep doing it.
39. Re:Wait just a minute... by Obfuscant · 2017-12-14 14:32 · Score: 2
  
  And leave a link on your site for search engines you don't know about to request an exception.
  
  The "automated" "homework" that someone else claimed the website needed to do is already a standard. There's a "robots.txt" exclusion file that is a standard way of specifying what a robot is allowed to do and not allowed to do.
  It used to be very poor netiquette for a robot to ignore that file. Now it seems that the attitude is fuck the website operator, he's got to hide his stuff behind closed doors to keep abusive robots from taking his website down. It's A-OK to do anything that a website physically allows you to do, despite any explicit restrictions.
  One fine morning I found my website unresponsive and essentially broken. A fine robot operator thought that he would index and put into a search engine of some kind the output from a web-based tide prediction program. This was a program that took about 20 seconds to calculate the predicted tides at a certain location at a certain time, and then send back a graph with some text.
  To make it convenient for users, it also had buttons for "tomorrow" and "yesterday", and a menu for selecting other locations. This helpful indexer was making "today" and "tomorrow" requests every ten seconds, for a page that takes 20 seconds to create. I think you can probably guess the obvious result. Should the robot wait until the current request is finished before making the next one? Fuck no, that's too slow and makes too much sense. If the server cannot keep up, fuck it.
  Robots.txt? Who cares, huh? "Please don't abuse my site by running a robot against it" means nothing to some people. It's a shame that we can't have nice things.
  
  If you hang your laundry out in some place accessible to the public, just accept that people will be able to take snapshots of it.
  If only "take[ing] snapshots" didn't cost the laundry owner time and money and prevent others from being able to glance at the stuff, your analogy would be accurate. People taking snapshots is not, of course, the issue. It's the automated systems that load the servers into a halt.
40. Re:Wait just a minute... by viperidaenz · 2017-12-14 14:34 · Score: 2
  
  They sucked you in to their free service, before facebook was popular. MySpace wasn't really appropriate for work colleagues and other professional relationships.
  They then made a mobile web site and redirected all mobile users to that site, to keep you investing your time and using their service
  Then they removed the mobile website and redirect you to install their app, which you can't install without giving it permission to access to all your contacts.
  When you log in to the app, it uploads all your contacts.
41. Re:Wait just a minute... by omnichad · 2017-12-14 15:04 · Score: 4, Insightful
  
  if I'm reading this right (and I may not be), using your login and ignoring Terms of Use is A-OK.
  You're reading it wrong. Using your login and ignoring terms of use is a breach of contract (albeit a unilateral EULA). It is not and should not, however, be considered felony computer hacking under the CFAA.
42. Re:Wait just a minute... by rtb61 · 2017-12-14 16:34 · Score: 4, Informative
  
  Dipstick, I can freely ignore all terms of service you specifically do not get me to agree to and by law that means specifically. You must actively seek my agreement and obtain it, prior to claiming I agree to anything. All you can do is deny service, you can not make any claims beyond that. Otherwise numbnuts, I could put a claim below the fold, that to read anything above the fold means you agree to pay me a million dollars. You must actively seek actual agreement to terms of service, prior to making claims, you can only deny service nothing more not make claims for providing a service. You are clearly too wrapped up in the bullshit of post purchase end user licence agreements which are illegal in the majority of countries and only legal in the US because of corruption and bias towards corporations. It's like the old readers digest bullshit of sending you stuff, claiming you bought if and you owe them money if you did not send it back, nope, a lie, they have no right to claim service off you, they sent it to you for free, they gifted it to you. Same as the internet, unless you actively seek agreement and then refuse service if agreement is not achieved, than you can not claim payment for accessing you service.
  
  --
  Chaos - everything, everywhere, everywhen
43. Re:Wait just a minute... by Anonymous Coward · 2017-12-14 16:43 · Score: 0
  
  I'll meet you half way.
  An "autonomus bot" for which the Terms of Service prohibit AND the website has made explicit checks for, is "hacking" if the website has been explicitly targeted for scraping.
  BUT
  An "autonomous bot" for which the bot is not directed to scrape data from a target (think archive.org or google's web spider) , rather it finds the data itself through links from other websites and social media, is not hacking.
  Linkedin/Facebook can take a hike if it thinks it's being hacked. The site requires login credentials, if it can't bloody figure out how to stop a bot using technology, then contact the scraper's ISP and send a C&D. That is the legal mechanism here that works.
44. Re:Wait just a minute... by kenh · 2017-12-14 16:57 · Score: 1
  
  Thanks - you did notice I questioned my interpretation, right?
  
  "if I'm reading this right (and I may not be)"
  
  --
  Ken
45. Re:Wait just a minute... by Joe_Dragon · 2017-12-14 17:11 · Score: 1
  
  experts exchange use to be very to easy to by pass the paid easy as in you did not really need to do any more then just keep going down to the end of the page.
46. Re:Wait just a minute... by Anonymous Coward · 2017-12-14 19:40 · Score: 0
  
  Your server sends me the information without doing its homework, then
  Sucks to be you.
  Two problems with this:
  1) that's the argument for DRM. It already is password protected, by requiring users to log their bot in. So they're violating terms of services by logging their bot in.
  2) It's like a burglar using the "The door wasn't locked therefore the property owner didn't do their due diligence to keep me out."
  I don't think it should be a felony but it should be something. For instance if I sneak into a movie theater I am not a burglar but I'm also not there lawfully and I am taking a valuable resource which wasn't "sufficiently secured".
  #2 is a really dodgy precedent. It essentially says that a computer using a default password isn't hacked since the user didn't do their due diligence to secure it. "If they didn't want me logging into their system, they should have used a firewall".
  Why stop at passwords any hole available due to upstream patches not being applied could count as well.
47. Re: Wait just a minute... by Anonymous Coward · 2017-12-14 20:23 · Score: 0
  
  Wait a minute: you're saying Facebook IS appropriate for professional use? I've never had any colleague or vendor suggest using Facebook for anything, which is good because:
  - I do not, have not, and will not use social networking for anything ever.
  - I would remove from my professional life anybody immature enough to think any of that has any place in business.
48. Re:Wait just a minute... by Alain+Williams · 2017-12-14 21:00 · Score: 1
  Imagine if the copyright lobby tried to argue that by looking at someone else's newspaper on the bus you've violated their copyright because you weren't licensed to do so.
  It depends on what you then do with what you read in the newspaper. There are several things that you could do:
  
  * If you tell someone else what you learned using your own words - fair enough
  * If you read the words on the page out to a group of people - fair enough
  * If you made your own newspaper using what you learned using your own words - hmmm, maybe legal but is it moral to reuse someone else's work for your profit (without their agreement & possible payment
  * If you made your own newspaper using the exact same words - I think that this would be breach of copyright, it would not fall under copyright's fair use
  Just because I put something on my web site does not mean that all use of what I put there is free for every use. I might put up some pictures; I would be happy for everyone to view them; I would not be happy for another web site to display them or a newspaper to print them (without some other agreement, possibly involving payment).
49. Re:Wait just a minute... by Anonymous Coward · 2017-12-14 21:17 · Score: 0
  
  A more reasonable step for linkedin and companies in linkedins position is is to close all open viewing and then work with the approved search engines to provided indexing materials through a backchannel.
  I guess that's EFF:s definition of an open internet. Everything behind a locks and search monopolies upheld as the only preview
50. Re:Wait just a minute... by Anonymous Coward · 2017-12-14 21:21 · Score: 0
  
  Which is what they did in this except they sent it to the operator
51. Re:Wait just a minute... by Keith_Beef · 2017-12-14 22:29 · Score: 1
  Using automated scripts to access publicly available data is not "hacking," and neither is violating a website's terms of use .
  If I'm reading this correctly, I'm not so sure I agree with that last bit, about "violating terms of use".
  Or are they saying that an automated script that can bypass a Term of Use agreement isn't hacking?
  I break down "using automated scripts to access publicly available data is not 'hacking,' and neither is violating a website's terms of use" into two clauses:
  
  using automated scripts to access publicly available data is not "hacking"
  
  violating a website's terms of use is not "hacking,"
  
  The outcome being that neither the use of automated scripts to access publicly available data nor the violation of a website's terms of use should be prosecuted under the Computer Fraud and Abuse Act.
52. Re:Wait just a minute... by Anonymous Coward · 2017-12-15 01:09 · Score: 0
  
  Publicly available information on websites is like a billboard on the side of a road. Surely you can't make it a reasonable terms of use that in-car camera's cannot pick up on your billboards' information?
  So somebody makes a vehicle that does nothing but making images of billboards, and makes them searchable. This shouldn't be against terms of use, no.
  If yo want private billboards, don't put them on the side of a road (provide a paywall or a login system or, etc).
53. Re:Wait just a minute... by jedidiah · 2017-12-15 03:23 · Score: 1
  
  > Disseminating information without authorization (violating a license agreement) is not the same as accessing information without authorization (hacking).
  Both can be felonies under US Federal law. If you violate a license, then standard copyright rules apply. This is how the GPL works.
  
  --
  A Pirate and a Puritan look the same on a balance sheet.
54. Re: Wait just a minute... by Zero__Kelvin · 2017-12-15 05:16 · Score: 1
  
  If you must be logged in to access that data, then it isn't publicly available, so has nothing to do with what we are talking about, however, if you violate TOS and disseminate the data it is not a criminal act, but rather a civil matter, because you violated a contract.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
55. Re:Wait just a minute... by Anonymous Coward · 2017-12-15 10:29 · Score: 0
  
  Yes, Chris Cuomo is an idiot. So what?
Re: It's not a crime because we have freedom by Anonymous Coward · 2017-12-14 10:03 · Score: 0

For now. You proles will lose everything.
robots.txt by Anonymous Coward · 2017-12-14 10:04 · Score: 4, Insightful

Shouldn't a "good bot" abide by https://www.linkedin.com/robots.txt?
1. Re:robots.txt by Anonymous Coward · 2017-12-14 10:32 · Score: 1
  
  sure, but that doesn't make it a felony to ignore robots.txt
  "There is no law stating that /robots.txt must be obeyed, nor does it constitute a binding contract between site owner and user, but having a /robots.txt can be relevant in legal cases."
  http://www.robotstxt.org/faq/legal.html
  "It is solely up to the visiting robot to consult this
  information and act accordingly. Blocking parts of the Web site
  regardless of a robot's compliance with this method are outside
  the scope of this memo."
  "Web site administrators must realise this method is voluntary, and
  is not sufficient to guarantee some robots will not visit restricted
  parts of the URL space. Failure to use proper authentication or other
  restriction may result in exposure of restricted information."
  http://www.robotstxt.org/norobots-rfc.txt
2. Re:robots.txt by Monster_user · 2017-12-14 10:32 · Score: 2
  
  Yes, a "good bot" should follow robots.txt. But failing to implement a standard is not "hacking".
3. Re:robots.txt by Desler · 2017-12-14 10:39 · Score: 1
  
  It should, but just because one might not abide by it does not make the bot writer a felon.
4. Re:robots.txt by Obfuscant · 2017-12-14 14:37 · Score: 1, Insightful
  
  Yes, a "good bot" should follow robots.txt. But failing to implement a standard is not "hacking".
  Tell that to Volkswagon, who "failed to implement" the standard regarding how their vehicles respond to situations they can interpret as being "testing".
  Robots that ignore the robots.txt standard are not just "failing to implement." They're ignoring the standard for their own gain.
5. Re:robots.txt by omnichad · 2017-12-14 15:14 · Score: 1
  
  It's not a standard with any legal weight - just something some people agreed to do. And failing to implement it is still not hacking - and are you saying Volkswagen was hacking?
6. Re: robots.txt by Monster_user · 2017-12-14 16:05 · Score: 2
  
  "Failing to implement" means it was a failure, not an intent to circumvent or violate.
  
  Volkswagon's violation was intentional.
  
  While a "robots.txt" file is unknown, and is intentionally hidden from the user. It is intended to only be visible to "bots" which are actively looking for a "robots.txt". As bots are not sentient, they must be programmed by an individual aware of the existence and purpose of "robots.txt", and understands it to be more than a request.
  
  Though, if "robots.txt" isn't required to be understood to be more than a request, then the same must be applied for "Do Not Track" settings in a browser. Thus any website which is aware of "Do Not Track", and violates DNT, would be liable to criminal charges.
7. Re: robots.txt by Zero__Kelvin · 2017-12-15 05:17 · Score: 1
  
  It wasn't a standard, It was a regulation. Two different things.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
8. Re: robots.txt by Obfuscant · 2017-12-15 06:58 · Score: 1
  
  While a "robots.txt" file is unknown, and is intentionally hidden from the user.
  Not "robot users". And hardly unknown, to any reasonable practitioner of the craft.
9. Re: robots.txt by Monster_user · 2017-12-15 12:10 · Score: 1
  
  A "reasonable practitioner of the craft" is not a new recruit or amatuer.
  
  It is possible to create bots without being a fully realized "reasonable practitioner", or otherwise being aware of the robots.txt file. Discovering or being introduced to the "robots.txt" file is part of the process of becoming a "reasonable practitioner". Let's not make lacking experience a crime before we can download Bachelor's degree levels of job knowledge and experience.
Fuck LinkedIn by Anonymous Coward · 2017-12-14 10:09 · Score: 2, Funny

As far as I'm concerned, LinkedIn themselves are guilty of massive fraud and deception, by tricking users into providing email contacts so that LinkedIn can send invite spam supposedly from the user. It was a carefully designed "dark pattern" to increase their userbase early on.
Of course, by the time they eventually got sued over this, they were big enough to shrug off the financial penalty and keep making money off all the data they had collected illegitimately.
LinkedIn is a socially malignant business and deserves to be laughed out of any court for trying to use the rule of law to their advantage.
Who's a good bot? by Chelloveck · 2017-12-14 10:09 · Score: 4, Funny

Who's a good bot? You're a good bot! Yes you are. YES YOU ARE!

--
Chelloveck
I give up on debugging. From now on, SIGSEGV is a feature.
1. Re: Who's a good bot? by Anonymous Coward · 2017-12-14 10:28 · Score: 0
  
  Your school needs to brush you up on that a bit: http://www.elearnenglishlangua...
2. Re: Who's a good bot? by Anonymous Coward · 2017-12-14 10:30 · Score: 0
  
  You might want to double check things before posting like that and embarrassing yourself.
  "Whose turn is it?"
  "Who's" is a contraction of "Who is". The question being asked is "Who is a good bot?" with a contraction thrown in.
  Unless this is all a joke over something I don't get. That's quite possible.
3. Re: Who's a good bot? by Anonymous Coward · 2017-12-14 10:33 · Score: 0
  
  you are aware that who's in this context is "who is"?
4. Re: Who's a good bot? by Anonymous Coward · 2017-12-14 10:35 · Score: 0
  
  You misspelled 'whose' repeatedly. What are they teaching you Americans in your schools? German is my first language, but even I wouldn't make a mistake like that.
  EU education > US education
  Actually "who's" is the correct usage in this instance. It's a contraction of "who is". "Whose" implies possession , as in "Whose shoes are these?" where "who's" would be used like "Who's going to take care of my family when I die?".
5. Re: Who's a good bot? by Anonymous Coward · 2017-12-14 10:37 · Score: 0
  
  EU education > US education
  then please get all your people out of MIT and caltech and stanford and every other US school and teach your own goddamned people on your own
6. Re:Who's a good bot? by Anonymous Coward · 2017-12-14 10:56 · Score: 0
  
  Who's a good bot? You're a good bot! Yes you are. YES YOU ARE!
  You know, I talk to my Roomba pretty much exactly like that.
  There's no point in having a robot if you don't anthropomorphize it.
7. Re: Who's a good bot? by Dutch+Gun · 2017-12-14 12:56 · Score: 1
  
  You misspelled 'whose' repeatedly. What are they teaching you Americans in your schools? German is my first language, but even I wouldn't make a mistake like that.
  EU education > US education
  Sweet. It's an actual Grammar Nazi!
  
  --
  Irony: Agile development has too much intertia to be abandoned now.
8. Re: Who's a good bot? by Anonymous Coward · 2017-12-14 15:08 · Score: 0
  
  You misspelled 'whose' repeatedly. What are they teaching you Americans in your schools? German is my first language, but even I wouldn't make a mistake like that.
  Then I have some bad news for you ... you're a fucking moron.
  "whose" -- to whom something belongs ... whose case is parked in my driveway?
  "who's" -- who is, correctly used by the GP as in who's a good boy, the way you'd speak to a dog.
  
  EU education > US education
  Sorry, dumb ass, but you are loudly and proudly being both wrong and an asshole.
  Who's the dumbass now? Whose face should be red with the shame of being so utterly wrong?
9. Re: Who's a good bot? by Anonymous Coward · 2017-12-14 15:36 · Score: 0
  
  If only English had an indefinite article like an 'a'to make it clear when to use whose ba who is/who's....
  Oh wait, it does! And the gp used it.
  Back on topic. Corporations are used to abused mortal humans. Not news. Go vote.
10. Re: Who's a good bot? by Anonymous Coward · 2017-12-14 16:01 · Score: 0
  
  Sweet. It's an actual Grammar Nazi!
  Albeit one who is so utterly wrong as to look like a fucking moron.
  Not so much a Grammar Nazi as a dummkopf.
11. Re: Who's a good bot? by Anonymous Coward · 2017-12-14 21:41 · Score: 0
  
  We will when all you Americans leave Cambridge and Oxford and every other European school. And i guess you also have no need for all those highly educated people use H-1B visas correctly either so we can have those back aswell.
  We will of course also request that all teaching/research staff at those US schools actually returns to their European schools considering a unknown number of them have dual employments or are over there due to research projects.
12. Re: Who's a good bot? by Anonymous Coward · 2017-12-15 00:42 · Score: 0
  
  You misspelled 'whose' repeatedly.
  Wrong. As others have already pointed out, but I'll do it again to rub it in: Who's = Who is. Correct usage in this context.
  
  What are they teaching you Americans in your schools?
  In this case, proper English, it would seem.
  
  German is my first language
  That may be the case.
  
  but even I wouldn't make a mistake like that.
  Except you made a worse mistake while the one you responded to made none.
  
  EU education > US education
  Not going into that, but your education certainly appears to be worse than the education of the person you responded to, regardless of nationality.
  Now shut the fuck up about the English language until you have become better at it.
  (I am not a native English speaker myself, so if there are any mistakes of my own in the above, I apologize in advance.)
13. Re: Who's a good bot? by Zero__Kelvin · 2017-12-15 05:21 · Score: 1
  
  Wow, a grammar NeoNazi with a Trump-like grasp of English.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Good for "whom," exactly? by kenh · 2017-12-14 10:10 · Score: 1

. "Good bots" were responsible for 23 percent of Web traffic in 2016.

Nearly one-fourth of all internet traffic is from the innocently-named "Good bots"? That's kind of amazing.

--
Ken
1. Re:Good for "whom," exactly? by Wheels17 · 2017-12-14 10:20 · Score: 1, Informative
  
  How do you think search engines work? from: https://www.google.com/search/... "As we speak, Google is using web crawlers to organize information from webpages and other publicly available content in the Search index."
2. Re:Good for "whom," exactly? by kenh · 2017-12-14 17:03 · Score: 2
  
  How do you think search engines work?
  Are you trying to claim that one-fourth of all traffic on the web is search engines crawling the network? Doesn't that seem like a lot of traffic?
  That's like saying one-fourth of the cars on the road are "Google Cars" updating Google's Street View database.
  
  --
  Ken
3. Re:Good for "whom," exactly? by Wheels17 · 2017-12-15 01:17 · Score: 1
  
  Not my claim. OP's numbers. I did a duckduck search on "what portion of web traffic is search engine spiders" and the various articles were consistent with the OP's claim. "what portion of web traffic is robots" gives a WSJ article that says "over one third" in 2014, Another 2014 report ( https://www.incapsula.com/blog... ) claims over 60%, again in 2014. Who knows today?
LinkedIn Scrapes users browsers by Anonymous Coward · 2017-12-14 10:18 · Score: 1

Ironically enough, LinkedIn scrapes its users browser for known extensions. See https://github.com/prophittcorey/nefarious-linkedin for details.
1. Re:LinkedIn Scrapes users browsers by jedidiah · 2017-12-15 03:25 · Score: 1
  
  > Ironically enough, LinkedIn scrapes its users browser for known extensions. See https://github.com/prophittcor... for details.
  Server interrogates clients for their functionality.
  That doesn't sound nearly as nefarious as you think it does.
  
  --
  A Pirate and a Puritan look the same on a balance sheet.
The internet won't be open for much longer. by Anonymous Coward · 2017-12-14 10:20 · Score: 0

So that'll be fewer bots, good or bad.
Well... by JoeDuncan · 2017-12-14 10:23 · Score: 1

...not YET, anyway
Tragedy of the commons, Internet edition by Anonymous Coward · 2017-12-14 10:24 · Score: 0

If scraping is against your terms of use (aka robots.txt) and someone ignores that, what can you do but use the CFAA? It is the very definition of unauthorized access.
1. Re:Tragedy of the commons, Internet edition by Monster_user · 2017-12-14 10:37 · Score: 1
  
  "Robots.txt" is something you have to know is there. No "hacking" is required to avoid it or bypass it. If you don't know its there, it doesn't exist. Once you know it is there, and then fail to abide by the terms and conditions, then maybe it qualifies as a violation which should be a felony under CFAA. As was written above, the request LinkedIn placed was poorly worded.
2. Re:Tragedy of the commons, Internet edition by Desler · 2017-12-14 10:44 · Score: 2
  
  Put the information behind a free login or a paywall. Or sue them in civil court instead of abusing criminal statutes that were never meant to apply to publicly available information.
3. Re:Tragedy of the commons, Internet edition by Anonymous Coward · 2017-12-14 10:48 · Score: 0
  
  Let me show you the amount of authority escalation a public broadcast has:
4. Re: Tragedy of the commons, Internet edition by Anonymous Coward · 2017-12-14 15:38 · Score: 0
  
  But then they would have to pay their own legal fees and investigatory costs. Selectively pretending when the CFAS applies let's them make tax payers foot the bill instead.
  Otherwise they just use a private login.
Re:It's not a crime because we have freedom by Anonymous Coward · 2017-12-14 10:30 · Score: 0

That’s strange. I don’t remember either Afghanistan or Iraq ever having the power to prevent me from accessing information on the Internet at any point in time.
Arrest records... by b0s0z0ku · 2017-12-14 10:34 · Score: 5, Interesting

Let's use a different example. Arrest records and mugshots on police agencies' websites. Let's say Jane Doe, born 1/1/1970 got arrested for a particularly heinous crime. Murder, or robbery at gunpoint.
Six months later, a court ruled her not guilty. She was able to petition to have the public arrest record on the Yoknapatawpha County Sheriff's office website deleted.
However, in the interim, it's been scraped and archived by database companies using the data for employer background checks. Every time she applies for a job with a large employer, her application either gets round-filed, or she has a lot of explaining to do.
What's worse, in the state of Winnemac, there are six Jane Does with that same birthday, all of which have the same record in their background check database...
Does information still want to be free?
1. Re:Arrest records... by Desler · 2017-12-14 10:46 · Score: 1
  
  She’s perfectly free to use civil courts to right the matter. Those companies did not get the information through “hacking” and thus those companies being prosecuted under the CFAA would be a gross abuse of the law.
2. Re:Arrest records... by b0s0z0ku · 2017-12-14 10:50 · Score: 2
  
  See, I disagree. I think invasion of privacy by corporate entities should be strictly punished -- whether it's retention of data past strict legal limits or when a user specifically opts for account deletion, mass surveillance, or dissemination of inaccurate or prejudicial information affecting people's ability to earn a living. How is someone going to sue if they don't have a job because of something incorrect being in a database used by employers?
  Violate data retention laws? In an ideal world, one lash in the arse or a day in the pillory per instance. (Sadly, jail or steep criminal fines are the only real options here.)
3. Re:Arrest records... by Anonymous Coward · 2017-12-14 10:58 · Score: 0
  
  >What's worse
  
  Allegations treated authentic. (#1)
  Even if you tweak the story to include an actual conviction (later removed) there's still DB traders who know they have stale data and sell it anyway (see 1) and employers who accept their DBs anyway (1 violated again)
  In the interest of "fuck that noise lol" we lean on assumptions (1). See also: Pretty much all forms of metrics. See also: Lazy science and bigdata conclusions.
  Allegations are great. Metrics are great. Observing correlations is great.
  Until we say "fuck the grain of salt tl;dr ain't nobody got time away we go~"
4. Re:Arrest records... by Desler · 2017-12-14 10:58 · Score: 1
  
  See, I disagree.
  Cool story, bro. What you agree or disagree with is irrelevant when the law is not on your side.
  
  I think invasion of privacy by corporate entities should be strictly punished
  What invasion of privacy? The information in your original post is all part of the public record. This is as stupid as saying that someone looking up my publicly-available property tax appraisal is a violation of privacy.
5. Re:Arrest records... by Anonymous Coward · 2017-12-14 11:01 · Score: 0
  
  You must be trolling. Scraping public arrest records can not by it’s very definition be an invasion of privacy. They’re called public records for a reason...
6. Re:Arrest records... by mark-t · 2017-12-14 11:02 · Score: 1
  
  So she has explaining to do.
  News flash - life isn't fair. Does Jane Doe seriously think she's the only one in the world with problems that she might not reasonably deserve to have to live with?
  
  --
  File under 'M' for 'Manic ranting'
7. Re:Arrest records... by b0s0z0ku · 2017-12-14 11:02 · Score: 1
  
  The terms of use typically prohibit distribution or mass downloading. With good reason.
  I'm generally against looser laws (drugs, prostitution between consenting adults), but I think privacy should be sacrosanct. I'm all for throwing the book at corporate entities that violate people's privacy, AND writing new laws having explicit time limits for data retention and mandating deletion. The EU's "right to be forgotten" is a good thing in an age where privacy is slipping away.
8. Re:Arrest records... by Anonymous Coward · 2017-12-14 11:04 · Score: 0
  
  However, in the interim, it's been scraped and archived by database companies using the data for employer background checks.
  
  yes indeed these people always assume that all information is static, nobody ever moves or changes their phone number, nobody ever gets married, nobody ever dies,
  and by the way, arrests are part of your record whether you are convicted or not
  class 1 idiot is what you are
9. Re:Arrest records... by b0s0z0ku · 2017-12-14 11:04 · Score: 1
  
  It's equivalent to the Linkedin example, because many public agency websites have a ToS that prohibits mass-downloading or redistribution. I'd personally go further to prohibit public agencies from listing arrests/mugshots online at all unless a conviction results, but this isn't the law in many states. So the next best thing is to use existing laws to protect people (who are innocent till proven guilty) from predatory data merchant scum.
10. Re:Arrest records... by Desler · 2017-12-14 11:04 · Score: 1
  
  Or she should use the correct legal avenue to get the information expunged. Accusing people of hacking when accessing a public record (as is the case in this hypothetical) is the height of insanity.
11. Re:Arrest records... by b0s0z0ku · 2017-12-14 11:06 · Score: 1
  
  Depends on the state and jurisdiction -- many of them "seal" the record, or at least don't make it public, if a person is acquitted. It may still be in someone's database, but it's not on the Web for all to see.
12. Re:Arrest records... by b0s0z0ku · 2017-12-14 11:07 · Score: 1
  
  Why make it easier for predatory data pimps to spread false (and/or outdated) data about her? Why do Slashdotters have a disturbing tendency to take the side of the corepirate entity over the little guy (or gal)?
13. Re:Arrest records... by rogoshen1 · 2017-12-14 11:08 · Score: 1
  
  methinks you misunderstand that expression. Information wants to be free, just like nature abhors a vacuum, or water wants to escape a vessel.
  It's totally unfair to Ms Doe, but that's the way the cookie crumbles; and there's nothing that can really be done*. Once it's out there, it's out there.
  *Without extreme social costs to everyone else.
14. Re:Arrest records... by b0s0z0ku · 2017-12-14 11:09 · Score: 1
  
  Correction: FOR looser drug/prostitution/sex between consenting adult humans/sumptuary laws :)
15. Re:Arrest records... by b0s0z0ku · 2017-12-14 11:12 · Score: 1
  
  What would be the social cost of penalizing the mass distribution of such information? Media articles/journalism would still go on -- they'd just be required to include a disclaimer that anyone arrested is innocent till proven guilty, and include the final disposition of the case in an update to articles about arrests.
16. Re:Arrest records... by Desler · 2017-12-14 11:14 · Score: 2
  
  The terms of use typically prohibit distribution or mass downloading. With good reason.
  There are no such terms of use on public records.
  
  I'm generally against looser laws (drugs, prostitution between consenting adults), but I think privacy should be sacrosanct. I'm all for throwing the book at corporate entities that violate people's privacy,
  
  But again, public record data is not private. Do you not understand what the term “public” means?
  
  The EU's "right to be forgotten" is a good thing in an age where privacy is slipping away.
  I’m not arguing against the right to be forgotten. I’m arguing against stupidity that claims that accessing public record data is hacking. The “right to be forgotten” makes no such conflation. Like I said, she should use the civil court system to address the issue which is exactly what the EU’s “right to be forgotten” process entails. You do realize that the person has to fe a civil suit under the rules right? It’s not a criminal prosecution.
17. Re:Arrest records... by Desler · 2017-12-14 11:21 · Score: 1
  
  It's equivalent to the Linkedin example, because many public agency websites have a ToS that prohibits mass-downloading or redistribution.
  Which in no way is equivalent to criminal hacking. You can likely get in civil trouble, though.
  
  I'd personally go further to prohibit public agencies from listing arrests/mugshots online at all unless a conviction results, but this isn't the law in many states.
  
  So essentially your entire argument has been invalid from the get go.
  
  So the next best thing is to use existing laws to protect people (who are innocent till proven guilty) from predatory data merchant scum.
  But those laws are not the CFAA. Accessing and disseminating public domain information is not and never has been “hacking.” You realize that claiming otherwise would basically have widespread and dire first amendment consequences, right?
18. Re:Arrest records... by Desler · 2017-12-14 11:23 · Score: 1
  
  Because abusing criminal law in ways it was never meant to be used is far worse and a gross violation of justice. There are already civil avenues to address the matter such as in the EU with rules on “right to be forgotten.”
19. Re:Arrest records... by Desler · 2017-12-14 11:25 · Score: 1
  
  If the records weren’t public why were they published to public-facing governmental websites? Your argument doesn’t make any sense.
20. Re:Arrest records... by Desler · 2017-12-14 11:28 · Score: 2
  
  What would be the social cost of penalizing the mass distribution of such information?
  
  The social cost is that someone down the line will then begin to use this new authority to attack and punish people for purely political reasons. Are you really so naive as to not see that? Public record data is in the public domain which means it’s free for anyone to share. You sound like quite the fascist.
21. Re:Arrest records... by rogoshen1 · 2017-12-14 11:46 · Score: 3, Insightful
  
  Every single man, woman, and child in the US has heard the phrase "innocent until proven guilty", and look at the effectiveness of that caveat.
22. Re:Arrest records... by Cajun+Hell · 2017-12-14 11:58 · Score: 1
  
  However, in the interim, it's been scraped and archived by database companies using the data for employer background checks.
  It sounds like they are finding whatever hearsay they can find, and selling it to employers as though it were relevant background information. That might be an honest mistake, and it might be fraud.
  (That's always the big question, whenever you don't really have a good cache invalidation algorithm and just say "oh, cache it for n seconds." Do you have the right value for n?)
  Either way, though, the employer got screwed and if they are selfish, they shouldn't be paying for that.
  
  What's worse, in the state of Winnemac, there are six Jane Does with that same birthday, all of which have the same record in their background check database...
  This sounds like very low-quality "information."
  
  Does information still want to be free?
  I'm not sure that even free is cheap enough. Spam wants to be free, because even $0 is higher than what it's worth. ;-)
  
  --
  "Believe me!" -- Donald Trump
23. Re:Arrest records... by mark-t · 2017-12-14 13:04 · Score: 1
  
  I think that whole "right to be forgotten" shit is an idiotic concept as well. Nobody has any intrinsic right to be forgiven for something that happened in the past, or deserves to have any record of a mistake expunged... we only have to appeal to our fellow man's better nature and ask that they overlook past flaws. Ideally, they will, but you can't legislate that we can't form opinions about other people based on arbitrary information, regardless of its source.
  And on top of it all, how are we expected to actually learn from past mistakes if we don't have to actually live with the consequences of them, even if these mistakes are not necessarily our own, or the consequences necessarily justly deserved?
  It's called real life for a reason, you know... it's not supposed to come with a reset button.
  
  --
  File under 'M' for 'Manic ranting'
24. Re:Arrest records... by Anonymous Coward · 2017-12-14 13:34 · Score: 0
  
  A better question is why US police departments are publishing personal details in public arrest reports at all. If people are innocent until proven guilty, and there's a negative consequence to publishing someone's name in a police report, why do it? Where is the public good? If they're looking for witnesses, surely a description is sufficient, unless the accused was shouting their name whilst breaking the law?
  Assuming that there is some reason to publish such info other than to punish people for being arrested, surely the correct outcome here is to make it illegal for employers (credit agencies, banks, landlords etc) to consider arrests (or even discharged offences, if you believe that the penal system actually rehabilitates anyone) when screening applicants, just like they are barred from asking about race, religion or sexual orientation. It doesn't matter if the information still exists (always assume it does), but you can control what people do with (it to some extent - some landl.
25. Re:Arrest records... by Attila+Dimedici · 2017-12-14 14:34 · Score: 2
  
  I am quite confident that if there is a background check company in the U.S. which is using records archived by a non-government organization (for more than an vanishingly short period of time) to provide employers with arrest record information they are currently facing, or will soon be facing, a class action lawsuit for Civil Rights violations. They are also likely being investigated by, or soon to be investigated by both the federal Civil Rights Commission and various state equivalents.
  Perhaps you are unaware of the controversy around companies using criminal records as a basis for declining to employ someone, but there are places in the U.S. where it is illegal for an employer to ask if a prospective employee has been convicted of a crime because this disproportionately affects African American applicants. If refusing to hire someone who has been convicted of a crime is considered racist in some jurisdictions, think how they would react to an employer refusing to hire someone because they had been arrested without being convicted. And while employers might be able to avoid being a target, someone would notice the company providing the background checks with that information (and any reasonably competent attorney could write court filings which would shut them down almost immediately).
  
  --
  The truth is that all men having power ought to be mistrusted. James Madison
26. Re:Arrest records... by omnichad · 2017-12-14 15:18 · Score: 1
  
  You can't make something unpublic. If your state/jurisdiction makes something public that shouldn't be, it really is on them.
27. Re:Arrest records... by b0s0z0ku · 2017-12-14 15:40 · Score: 1
  
  Because a lot of American cops are scum who want to punish people without trial, and think they have the right to do so.
28. Re: Arrest records... by Anonymous Coward · 2017-12-14 15:40 · Score: 0
  
  What you really want is statutory penalties. Stuff like automatic $5k/$20k/$50k penalties for sites that publish knowingly false information, and defines knowingly as available to be learned from the same type of sources they were automatically scraped from if the source is corrected.
29. Re:Arrest records... by b0s0z0ku · 2017-12-14 15:43 · Score: 1
  
  The issue isn't "someone's mistake." The issue is some dumb and/or malicious cop's mistake in arresting someone for a crime they didn't commit. There's an issue with people being punished for OTHER people's mistakes (or malice) without trial.
  Especially if the record only has a name and DOB, and it can "punish" multiple people who weren't even involved in the incident, but happen to have the same name and DOB.
30. Re: Arrest records... by b0s0z0ku · 2017-12-14 16:02 · Score: 1
  
  Honestly, I'd want public flogging of the arses of the CEOs, one lash per person victimized.
31. Re: Arrest records... by Desler · 2017-12-14 16:17 · Score: 1
  
  But his scenario didn’t involve publishing false information. It was public revord at the time.
32. Re:Arrest records... by Desler · 2017-12-14 16:19 · Score: 1
  
  That’s fair to disagree on. Either way, I think we can agree that charging them with “hacking” for publishing public records is bullshit.
33. Re:Arrest records... by Desler · 2017-12-14 16:20 · Score: 1
  
  But how does that then mean that someone republishing public record is violating the CFAA? You can’t even get your own hypothetical straight.
34. Re:Arrest records... by Desler · 2017-12-14 16:22 · Score: 1
  
  But then the issue is on the cops. But somehow you’ve then tried to claim that people republishing public records, which is perfectly legal, are committing a crime.
35. Re:Arrest records... by mark-t · 2017-12-14 16:33 · Score: 1
  
  Yes, but as I said above, life isn't fair... we don't get to press a reset button on it just because we got dealt an unfair hand.
  
  --
  File under 'M' for 'Manic ranting'
36. Re:Arrest records... by b0s0z0ku · 2017-12-14 17:00 · Score: 1
  
  The job of government isn't to perpetuate unfairness, though, but rather to prevent it.
37. Re:Arrest records... by kenh · 2017-12-14 17:08 · Score: 1
  
  What's worse, in the state of Winnemac, there are six Jane Does with that same birthday
  
  Do you have any idea how unlikely it is to have two people share not only the same name AND birthdate?
  People sharing names OR sharing birthdates is quite common, sharing both is rare - not anywhere near impossible, but very, very unlikely.
  
  --
  Ken
38. Re:Arrest records... by b0s0z0ku · 2017-12-14 17:19 · Score: 2
  
  A lot more common in the Latino and Black communities, where the range of surnames tends to be smaller.
39. Re:Arrest records... by mark-t · 2017-12-14 17:22 · Score: 1
  
  I'm reminded of an expression: "First world problems".
  Half of the people in the world have it worse than you or I are ever liable to know, no matter how unfair things might get.
  
  --
  File under 'M' for 'Manic ranting'
40. Re:Arrest records... by Anonymous Coward · 2017-12-14 19:03 · Score: 1
  
  So she has explaining to do.
  News flash - life isn't fair. Does Jane Doe seriously think she's the only one in the world with problems that she might not reasonably deserve to have to live with?
  Thank you, Mr. Sociopath! I hope everyone you interview with after you're found not guilty of a felony is exactly like you, because you really deserve it.
41. Re:Arrest records... by Anonymous Coward · 2017-12-14 21:50 · Score: 0
  
  If your argument was correct every human would have perfect recall which most don't have so nature intended there to be a reset button.
42. Re:Arrest records... by b0s0z0ku · 2017-12-15 00:44 · Score: 1
  
  Exactly: half have it better. Why not use countries with more fair justice systems as examples to follow?
43. Re:Arrest records... by b0s0z0ku · 2017-12-15 00:48 · Score: 2
  
  (1) You have too much faith in the American system. Cute.
  (2) They won't refuse to hire her -- they'll just ignore her resume before she ever gets called for an interview based on background check data. It's only grounds for her to sue if she knows about the policy. Company's excuse would be they never got the resume.
44. Re:Arrest records... by Attila+Dimedici · 2017-12-15 00:57 · Score: 1
  
  That is not faith in the American system...it is faith in the greed of trial lawyers. If there is a company providing archived arrest records as the basis for employment background checks, sooner or later some trial lawyer will become aware of this fact (and I would bet on sooner). When that happens they will file a class action lawsuit against that company, and their clients. Such a lawsuit would be easy money for the lawyers.
  
  --
  The truth is that all men having power ought to be mistrusted. James Madison
45. Re:Arrest records... by mark-t · 2017-12-15 01:58 · Score: 1
  
  They are... even without the government trying to fix other people's mistakes.
  
  --
  File under 'M' for 'Manic ranting'
46. Re:Arrest records... by edtice1559 · 2017-12-15 02:18 · Score: 1
  
  It's a fair argument that people *should* have more rights in this area. However, this still doesn't mean we should expand the definition of computer hacking to be "anything I don't like." We should make rules specific to this.
47. Re:Arrest records... by jedidiah · 2017-12-15 03:30 · Score: 1
  
  > A better question is why US police departments are publishing personal details in public arrest reports at all.
  Call it transparency. If they didn't publish this stuff, then someone would probably try to say that they have something to hide and are therefore up to no good.
  Someone will likely object just because some people will object to what cops do regardless.
  
  --
  A Pirate and a Puritan look the same on a balance sheet.
48. Re:Arrest records... by mark-t · 2017-12-15 05:21 · Score: 1
  
  You don't need a perfect memory of how someone may have wronged you in the past to hold a grudge against them, so no... humans having an imperfect memory compared to a computer's perfect recollection has nothing to do with anything.
  
  --
  File under 'M' for 'Manic ranting'
49. Re:Arrest records... by mark-t · 2017-12-15 05:46 · Score: 1
  
  Of course... what I would object to, however, is that one should get to expunge all records that it happened just because others may judge them harshly for it. Newspapers and the like are obligated to print retractions, of course... but trying to remove all evidence that it ever happened in the first place just because some people may not pay attention to such retractions smacks of revisionist history, and the concept is nothing less than wholly repugnant to me. It forces people to not judge a book by its cover by not giving them the opportunity to, and raises a society that does not really think for themselves, and is less skeptical of the media and the government, because they have had less of a reason to ever doubt the veracity of whatever information they are given.
  It's unfortunate that some people will be treated unfairly because of past mistakes, even if those mistakes were not theirs... but as I said, real life is really not supposed to have a reset button. Whatever hand you may be dealt, each of us bears the responsibility of only doing whatever best we can with the circumstances that we have.
  
  --
  File under 'M' for 'Manic ranting'
50. Re:Arrest records... by drew_kime · 2017-12-15 06:06 · Score: 1
  
  They won't refuse to hire her -- they'll just ignore her resume before she ever gets called for an interview based on background check data. It's only grounds for her to sue if she knows about the policy. Company's excuse would be they never got the resume.
  You don't get permission to run the background check until after the job offer. If the offer is then rescinded on the basis of the background check, the applicant has a legal right to a copy of the report and a formal dispute process with whoever did the check.
  
  --
  Nope, no sig
51. Re:Arrest records... by b0s0z0ku · 2017-12-15 06:42 · Score: 1
  
  you're assuming thar big corp HR departments follow the rules to the letter. the rules are meant for little people, not big corps.
52. Re:Arrest records... by epine · 2017-12-15 09:11 · Score: 1
  
  Nobody has any intrinsic right to be forgiven for something that happened in the past, or deserves to have any record of a mistake expunged ...
  Nobody excluding almost everyone under the age of 16 or 18 in almost every high-income social democracy. In some countries, people under the age of 18 amount to half the population.
  Note that I'm using a definition of "expunge" roughly equal to "subject to the least necessary controlled and restricted sharing among professionals who would immediately lose their professional certification should they flout this rule".
  Secondly, many modern moral philosophers disagree with you across the board, arguing that adults to, in fact, have a natural right to a public reputation that isn't unduly punitive, and that in the digital age, the old de facto social arrangements no longer suffice.
  Jennifer Jacquet: "Shaming At Scale" — 2014
  She's easy on the eyes, but it's a trap. In Edge's Superforecaster masterclass she practically loses her shit when informed that a certain strand of software developers are disproportionately represented in the superforecasting group because of their superior breadth of knowledge and worldly engagement.
  She just can't bring herself to comprehend that anyone can manage to ingest, digest, and mentally catalogue ten Wikipedia pages per every delicious, cheesy Cheeto.
  Warning: This Post Contains Spoilers For 'Star Wars: The Last Jedi'
  Best line in the post (spoiler alert):
  
  Thankfully, I feel shame like a wet sock feels rain.
  This is funny, because most of us feel a 10,000 foot perch on the global pillory of public shame like a 10,000 volt electric chair.
  So You've Been Publicly Shamed (2015) — Jon Ronson
  
  He also interviews Adria Richards, who publicised the faces of two tech developers at PyCon for a joke comparing the technical term "dongle" and the slang term "dong", leading a developer named Hank getting fired and an online backlash that in turn led Richards to get fired from her job ...
  One dumb sentence, and suddenly you're the blue dress elect of your generation. When most modern moral philosophers look at this, their eyes water.
Figures by Ol+Olsoc · 2017-12-14 10:55 · Score: 2

Linkedin who want you to violate your TOS by giving them the password for your email; account. so they can mine it.
Seriously what kind of idiot buys into an outfit that has as a basis of operation, asking for something that in most places will get you fired?
? I started to sign up, and when they asked for my password it was 1FuckYouLinkedin!

--
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
1. Re:Figures by Anonymous Coward · 2017-12-15 02:13 · Score: 1
  
  I thought you were arguing to NOT give them your password - and then you post it on Slashdot?? ;)
2. Re:Figures by Anonymous Coward · 2017-12-15 17:29 · Score: 0
  
  At least it's not the same as my luggage!
If you don't want it revealed... by Chas · 2017-12-14 11:02 · Score: 1

Don't put it on the Internet!
PERIOD!
I don't give a flying inverse sideways hate-fuckathon HOW secure you're promised it is.
In the end, YOU are responsible for disseminating it.
If you put it online in ANY capacity whatsoever, it WILL be compromised and it WILL be disseminated without your say-so.
END OF DISCUSSION!

--

Chas - The one, the only.
THANK GOD!!!
Re:It's not a crime because we have freedom by mspohr · 2017-12-14 11:06 · Score: 0

Kill an Iraqi and save the Internet!
(Is Ajit Pai Iraqi?)

--
I don't read your sig. Why are you reading mine?
Let's get this right by Anonymous Coward · 2017-12-14 11:14 · Score: 0

They are scraping Linkedin data from private individuals who probably don't know their information was made public.
So Linkedin was wrong, and those scraping your private now public information for profit are wrong.
Maybe not a violation of federal law, but EFF should be hamstringing the fuckers doing the scraping too.
Finally: for those who still think your information is private, you are very wrong.
Microsoft did it to Google too by Anonymous Coward · 2017-12-14 11:24 · Score: 0

LinkedIn (owned by Microsoft) did the same thing with Bing, using a bot to scrape Google's public search results.
The first step is to throw Microsoft's upper management in prison, and then we can decide what to do next.
Nope by Anonymous Coward · 2017-12-14 11:32 · Score: 0

It isn't a crime in real life, either. That's why we need better control over what is publicly accessible. Public records are one thing, corporate TOSes are another.
Money says.. NO! by Neuronwelder · 2017-12-14 11:34 · Score: 1

Just go to your local politician and buy a law. You can make anything illegal!! (Outlaw Lobbyists).
If they aren't using clever tricks to get it by raymorris · 2017-12-14 12:19 · Score: 2, Insightful

I'm thinking LinkedIn is wrong here, but a simple, clear-cut, and correct statement of public policy is more difficult than it first appears.
"accessing publicly available information" sounds pretty clear and simple, but the more I think about it, the murkier it becomes. Suppose in each of the following scenarios the data is by the owner's terms not to be accessed by bots and:
A) The system pops up a user/ password dialog before allowing access. User "admin" and an empty password works
B) The system pops up a user/ password dialog before allowing access. User "admin" and password "password" works
C) The system pops up a user/ password dialog before allowing access. User "admin" and password "correct horse battery staple" works
D) The system pops up a user/ password dialog before allowing access. Sending 17,000 requests each with a password that consists of a million null bytes followed by carefully crafted machine code to overwrite memory sometimes works
The thing is, ANY data that has been hacked over the internet was accessible to the public, if they public tried hard enough, and was clever enough in defeating access control measures. That makes it difficult to legistlate a bright-line rule.
What if you do it to COLLUDE? by mi · 2017-12-14 12:19 · Score: 0

EFF: Accessing Publicly Available Information On the Internet Is Not a Crime
Unless you work for Trump and access WikiLeaks...

--
In Soviet Washington the swamp drains you.
1. Re:What if you do it to COLLUDE? by Desler · 2017-12-14 16:27 · Score: 1
  
  The DNC did not have their emails available for all to see on the Internet with no access comtrlls. They were taken via unauthorized access and then republished without their permission to the Internet. So it’s basically nothing like this case at all. But don’t let pesky things like “facts” get in your way.
2. Re:What if you do it to COLLUDE? by mi · 2017-12-15 02:17 · Score: 1
  
  The DNC did not have their emails available for all to see on the Internet with no access comtrlls
  WikiLeaks did.
  
  --
  In Soviet Washington the swamp drains you.
What about LinkedIn's bots? by Anonymous Coward · 2017-12-14 12:40 · Score: 0

I won't weigh in on whether they're good or bad, but LinkedIn has its own bots that it used to trawl commercial web sites for user profile info... the output of which it uses to create "shell accounts" on LinkedIn, then issue emails to the lucky winners inviting them to sign up and claim their profile.
Re:It's not a crime because we have freedom by Anonymous Coward · 2017-12-14 15:58 · Score: 0

no dumbass
what about have links under a pay wall with no log by Joe_Dragon · 2017-12-14 17:09 · Score: 1

what about have links under a pay wall with no login needed and changing any one that hit's the paid zones with out paying as a hacker?? even when they can get to them from the out site with not even needing to go the you must pay page. And what if that paid zone was something like /docs or some other common name that some bots just auto scan for when indexing the web?
LinkedIn is now Microsoft. by Anonymous Coward · 2017-12-14 17:44 · Score: 0

From the story summary: "... the culprit is LinkedIn."

From the parent comment: "LinkedIn is a socially malignant business..."

LinkedIn is no longer LinkedIn. It is now Microsoft: "LinkedIn notifications directly within Windows 10".

Windows 10 is now gathering information for LinkedIn. The worst spyware ever made has become worse!
Well by Anonymous Coward · 2017-12-14 19:15 · Score: 0

DUH
Bad "good bots" list by Anonymous Coward · 2017-12-14 23:09 · Score: 0

The linked "good bots" list has at least two BAD bots among their list of the GOOD bots that create the most traffic.
Both ahrefsbot and semrushbot are SEO spammers according to their own web sites,you know the people who try to break search engines to get their own advertising sites listed before the actual information you search for... I've had to look them up after they showed up in the logs on my web server, and as a result, I have both of them blocked (along with a bunch of other bad bots).
make it an felony crime with court overview of con by Joe_Dragon · 2017-12-15 01:08 · Score: 1

make it an felony crime with court overview of contract and one that you have hunt on a web site does not count.
Re:It's not a crime because we have freedom by Anonymous Coward · 2017-12-15 04:28 · Score: 0

You have freedom? Where? You guys seem to be quite lacking in the Freedom department lately...
Copyright? by SnarkSide · 2017-12-15 06:48 · Score: 1

Could they argue that the contents of their site are covered by copyright and that scraping the site and using that info for commercial purposes, or acting to republish the material is a violation? Ordinarily I side with the freedom of access on these things, but really outside actors scraping the data from Linkedin threatens their business. I don't really want my data on Linkedin if it's going to get misused by third parties. Somehow fraud is always the end result of too much personal information being too accessible.
Re:what about have links under a pay wall with no by viperidaenz · 2017-12-17 08:57 · Score: 1

Either you're confused or your inability to grasp the english language has turned what I'm sure made sense in your head into gibberish as you typed it.