Slashdot Mirror

← Back to Stories (view on slashdot.org)

EFF: Accessing Publicly Available Information On the Internet Is Not a Crime (eff.org)

Posted by BeauHD on from the free-for-all dept.

An anonymous reader quotes a report from EFF: EFF is fighting another attempt by a giant corporation to take advantage of our poorly drafted federal computer crime statute for commercial advantage -- without any regard for the impact on the rest of us. This time the culprit is LinkedIn. The social networking giant wants violations of its corporate policy against using automated scripts to access public information on its website to count as felony "hacking" under the Computer Fraud and Abuse Act, a 1986 federal law meant to criminalize breaking into private computer systems to access non-public information.

EFF, together with our friends DuckDuckGo and the Internet Archive, have urged the Ninth Circuit Court of Appeals to reject LinkedIn's request to transform the CFAA from a law meant to target "hacking" into a tool for enforcing its computer use policies. Using automated scripts to access publicly available data is not "hacking," and neither is violating a website's terms of use. LinkedIn would have the court believe that all "bots" are bad, but they're actually a common and necessary part of the Internet. "Good bots" were responsible for 23 percent of Web traffic in 2016. Using them to access publicly available information on the open Internet should not be punishable by years in federal prison. LinkedIn's position would undermine open access to information online, a hallmark of today's Internet, and threaten socially valuable bots that journalists, researchers, and Internet users around the world rely on every day -- all in the name of preserving LinkedIn's advantage over a competing service. The Ninth Circuit should make sure that doesn't happen.

8 of 175 comments (clear)

  1. Wait just a minute... by kenh · · Score: 4, Interesting

    Using automated scripts to access publicly available data is not "hacking," and neither is violating a website's terms of use .

    If I'm reading this correctly, I'm not so sure I agree with that last bit, about "violating terms of use". So all terms of use are null and void (if my browser can find it, it's publicly accessible, no matter what I have to agree to in order to get access to it?)? For example, if I have a website that stipulates you must agree not to disseminate the information made available to you by agreeing to these terms of use, you remain free to ignore that agreement?

    Or are they saying that an automated script that can bypass a Term of Use agreement isn't hacking?

    --
    Ken
    1. Re:Wait just a minute... by ColaMan · · Score: 5, Insightful

      If:

      I can send a simple http request to your server, and

      Your server sends me the information without doing its homework, then

      Sucks to be you.

      Don't want your information to be scraped? Have it behind a login - free or otherwise - then ban accounts that are slurping down 10,000 pages a day.

      Ohhhhh then it wouldn't be easily indexed by search engines and thus findable by the general public and your site would fade into obscurity. What to do!? Courts to the rescue, it seems!

      --

      You are in a twisty maze of processor lines, all alike.
      There is a lot of hype here.
    2. Re:Wait just a minute... by mycroft822 · · Score: 4, Insightful

      I think they are only making the argument that you can't charge someone with felony hacking because they are accessing the information you make publicly available in a way you don't like.

    3. Re:Wait just a minute... by omnichad · · Score: 4, Insightful

      if I'm reading this right (and I may not be), using your login and ignoring Terms of Use is A-OK.

      You're reading it wrong. Using your login and ignoring terms of use is a breach of contract (albeit a unilateral EULA). It is not and should not, however, be considered felony computer hacking under the CFAA.

    4. Re:Wait just a minute... by rtb61 · · Score: 4, Informative

      Dipstick, I can freely ignore all terms of service you specifically do not get me to agree to and by law that means specifically. You must actively seek my agreement and obtain it, prior to claiming I agree to anything. All you can do is deny service, you can not make any claims beyond that. Otherwise numbnuts, I could put a claim below the fold, that to read anything above the fold means you agree to pay me a million dollars. You must actively seek actual agreement to terms of service, prior to making claims, you can only deny service nothing more not make claims for providing a service. You are clearly too wrapped up in the bullshit of post purchase end user licence agreements which are illegal in the majority of countries and only legal in the US because of corruption and bias towards corporations. It's like the old readers digest bullshit of sending you stuff, claiming you bought if and you owe them money if you did not send it back, nope, a lie, they have no right to claim service off you, they sent it to you for free, they gifted it to you. Same as the internet, unless you actively seek agreement and then refuse service if agreement is not achieved, than you can not claim payment for accessing you service.

      --
      Chaos - everything, everywhere, everywhen
  2. robots.txt by Anonymous Coward · · Score: 4, Insightful

    Shouldn't a "good bot" abide by https://www.linkedin.com/robots.txt?

  3. Who's a good bot? by Chelloveck · · Score: 4, Funny

    Who's a good bot? You're a good bot! Yes you are. YES YOU ARE!

    --
    Chelloveck
    I give up on debugging. From now on, SIGSEGV is a feature.
  4. Arrest records... by b0s0z0ku · · Score: 5, Interesting

    Let's use a different example. Arrest records and mugshots on police agencies' websites. Let's say Jane Doe, born 1/1/1970 got arrested for a particularly heinous crime. Murder, or robbery at gunpoint.

    Six months later, a court ruled her not guilty. She was able to petition to have the public arrest record on the Yoknapatawpha County Sheriff's office website deleted.

    However, in the interim, it's been scraped and archived by database companies using the data for employer background checks. Every time she applies for a job with a large employer, her application either gets round-filed, or she has a lot of explaining to do.

    What's worse, in the state of Winnemac, there are six Jane Does with that same birthday, all of which have the same record in their background check database...

    Does information still want to be free?