Ugh... I had a whole response typed out, clicked Preview and, in my sleep-addled state, closed the tab without posting. I'm not writing it all again, but the long and short of it is that there are four factors used in determining fair use and you're considering only one of them. I would argue that hiQ's use of LinkedIn's data does harm their ability to collect and sell it; I sure don't want hiQ mining shit about me from LinkedIn for the specific purpose for which they are doing so, so I'm less likely to continue maintaining my LinkedIn profile; I'm not alone in that, so yes, it does affect LinkedIn's business. Other factors include the purpose and character of the use (it's commercial, so it fails that test as well), the nature of the copyrighted work (time was spent collecting and compiling the data, time was spent designing the format and layout of the data, it's a creative work), and the amount and substantiality of the portion taken (all profile data is being scraped).
As for phonebooks, I actually raised that issue elsewhere. This isn't even a long thread; perhaps complete your research before assuming I don't know about fucking phonebooks, eh? As a patent lawyer, you should be really good at researching shit, shouldn't you? I mean, if you're good at your job, that is.
I get it, you're a patent lawyer with barely a passing familiarity with aspects of IP law outside of your specialization. Perhaps consult one of your colleagues specializing in copyright before replying again, though.
So wait, what you're saying is if my use of a short sample from a song doesn't affect the sale of that song, it's fair use? Sorry, Robert Van Winkle wouldn't have settled out of court if it looked like he was going to win against Bowie and Queen. What's happening here is practically the same. So, no, I don't think I'd like you to correct me again, since your "corrections" don't align with reality.
Fair used is determined based on four factors, which I'm sure you're quite familiar with (but hoping I'm not aware of for the sake of your argument):
- the purpose and character of your use (e.g. commercial or not - which is relevant here)
- the nature of the copyrighted work
- the amount and substantiality of the portion taken, and
- the effect of the use upon the potential market.
Your argument is, effectively, that only the latter of those factors matters. Sorry, Mr. Slashdot Lawyer, but you're wrong and the law as written says so quite clearly. You've got the books, look it up for yourself.
Regarding phone books, I've already raised that point elsewhere.
I get it, you're an IP lawyer who specializes in patent law. It's okay, there are a lot of facets to IP law and it's important to specialize and be good at your specialty; other specialties will suffer as a result, but that's fine. You might consult one of your colleagues specializing in copyright before continuing this conversation.
A compilation of facts can be copyrighted, but not the underlying data. If this company wants to extract those facts, data or other bits of information and create its own compilation, it violates no one's copyright. It doesn't matter whether those facts came from multiple sources or a single one.
If, in doing so, a copy of the compiled data is made... well...
The courts have ruled it is a fair use to record movies on your DVR for your own personal viewing
Yes, it is.
and it would arguably be the same for extracting a collection of data from an Internet source
Sure, for your own personal use.
provided that the entity didn't compete with that source
You mean provided the use was not commercial or for profit, right? After all, you're:
an intellectual property lawyer
Your appeal to authority does not imply correctness or completeness of understanding; especially so given the argument you just made.
You can, in fact, copyright a representation of facts you've done work to compile from multiple sources. LinkedIn has done work to compile their collection of facts and is entitled to copyright protection.
That is unlike, for example, a local phone directory, because the local phone company is the sole source of that data. A nationwide phone directory, comprising data collected from the various ILECs and CLECs, would be a copyrightable work. The bar being so low in that case would likely mean you'd be fine putting out your own version if you can prove you collected the data yourself, but it's still protected.
As for accessing a public website, well, HTTP provides for access control and it needs to be used here. Further, we're talking about LinkedIn which, like Facebook, participates in active tracking of users of other websites, so access to their servers is practically forced on you if you don't actively seek to avoid it. I can't tell you to stop letting me fling data at your face, then hold you liable when I don't stop, which is precisely why technical measures (on LinkedIn's part) would be necessary for this to be a CFAA issue.
My point was that there is plenty of equipment in use today (mostly high-end and expensive printers) which, of the file transfer protocols Windows speaks natively, only speak SMB1, and that the fault for those systems being online often lies with vendors, while the fault for those systems being misconfigured and the network they are on being vulnerable often lies with the IT department. I framed my argument in terms of a hospital because that's what I was replying to.
And you should know that many hospitals do use printers affected by this.
You can't copyright facts, but you can copyright collections of them, provided you've done more than simply compile facts you already had. That is, if you had to collect the facts from multiple sources, your representation of those facts is protected by copyright. LinkedIn's data is a collection of facts, which they collected from multiple sources.
I'm sure you're very familiar with patents, but you've missed some nuance of copyright law in your reply.
When it comes to reading (viewing in your museum example), which is what was discussed in the argument I was originally replying to, the above is absolutely true. When it comes to copying, it's a little more nuanced than that, of course; but, then, I was writing a Slashdot post, not a fucking dissertation, I certainly was not giving legal advice and, again, was arguing against someone who claimed that merely viewing something viewable from public space, which the owner readily serves up to you with no technical measures in place to protect it, is illegal. De-facto, it is not. That is, I was talking about vieweing, not copying, a fact that becomes abundently clear when you read the entire post, rather than just the first and last sentences.
And, with regard to LinkedIn's complaint, whether or not hiQ has the right to view the data is precisely what matters. They do have that right, which should render the complaint invalid.
Copyright, on the other hand, well... I talked about that in part of my post that you clearly skipped over.
Actually, both violate copyright, but the reality is that they can (and should) choose who they go after. And on those grounds, LinkedIn can and should issue a flurry of DMCA notices and sue for an injunction. They can't sue for damages without registering their copyright, including a copy of the work being registered, but they sure can get an injunction. The CFAA simply does not apply to publicly available data until and unless they get said injunction and even then it would be a hell of a stretch.
Also, I suppose it takes near average or higher intelligence to determine when someone is making an absurd argument in an attempt to point out the absurdity and incorrectness of the argument he is countering.
VLANs aren't a perfect solution, switch firmware can potentially be exploited and we're talking about potentially life-and-death critical infrastructure. Beyond that, if the vendors want the equipment on the public internet (which they do, which you'd understand had you read my entire post before spouting off), VLANs aren't really a solution.
Actually, anything you're able to view from a public space is fair game under current laws, with the exception of court orders stating otherwise. If hiQ's servers can view the content from the public internet (that is, if LinkedIn's servers serve it to them without them hacking around some technical measure), it's fair game unless LinkedIn gets an injunction against hiQ. That is, what you're claiming is really for the courts to decide.
Or, you know, LinkedIn could just claim copyright on their data and issue a series of DMCA notices.
IANAL but I've consulted several regarding a very similar issue in the past.
I didn't miss that, just look like you thing that extracting the title of a page constitutes "take the information and then sell it"
No, it looks like you missed where they're taking the entire content of the page and not just the title, since you keep coming back to "just the title".
It would be a whole different affair if i.e Google extracted and resold the amount of information that hiQ does, which of course was the point of the GP.
So, if Google took only key pieces of information, rather than the entire page, that would be problematic? Because Google takes the whole page, while hiQ takes key pieces of data; Google is actually taking, repackaging, and profiting from more of LinkedIn's data than hiQ is.
But, all of that is still highly irrelevant to what I was replying to.
I couldn't see the move as any more disastrous as entire hospitals going offline...
What, pray tell, do you think happens when the whole reason the hospital has SMB1 enabled on its systems in the first place is to talk to multi-hundred-thousand- and multi-million-dollar pieces of medical equipment (think MRI and such) that don't speak SMB2?
Therein lies the rub.
Yes, those machines should be on an air-gapped network shared only with the workstations used to control and operate them. No, the vendors of those machines will not allow that because they want realtime monitoring of the equipment. Blame those vendors for Microsoft really not being able to do anything about this; it's not like hospitals can say "fine, if you won't sell us a more up-to-date MRI we just won't have one at all", they'd face liability for not utilizing every available means of diagnosis and treatment.
On an otherwise air-gapped network which receives periodic functionality and security updates via local WSUS, SMB1 might be perfectly safe to use. In fact, there are a great many instances where SMB1 might not pose a problem, and many of them involve expensive equipment that only speaks SMB1. Why would MS push an update to piss of the majority of medium-to-large businesses, who are the typical users of such equipment and configurations?
Those are the only users they seem to care about not pissing off right now.
They want it read. By people. (And search engines.) They don't want it read by companies that take the information and then sell it as their business model.
I was pointing out that search engines "take the information and then sell it as their business model."
Not relevant to the argument being made, which was in response to someone claiming they want search engines to be able to do what search engines do then, in the very next sentence, claiming they don't want search engines to be able to do what search engines do.
They really are, though. LinkedIn has copyright on all of their content, in whole and in part, not just as a whole. That's how copyright works, otherwise I could change a single word in a book and republish it as an original work under its own copyright. It is also important to keep in mind that (most) search engines --
and Google specifically -- don't just grab the page title, META description (or first couple lines of content) and a word/phrase count, they grab the entire content of the page, and they do so in order to display the exact part of the content that contains your search term(s) -- as I mentioned earlier -- rather than a likely irrelevant summary or intro.
To do this, search engines must necessarily use the entire page and not just key pieces of data. That is, Google et-al get away with using more of LinkedIn pages without license than hiQ is using. Therein lies the problem.
Right, the issue here is the "we want to let search engines use it without license, but want to require a license for anyone else" attitude. Either require everyone who uses it to license it (even if you don't charge some of them), or require nobody to license it, that's more or less how copyright law works.
Oh? So they don't display page titles? And they've figured out a way to display the excerpt from the page that contains your search term(s) without collecting that data?
If my rotting, half-animal-eaten corpse helps catch a murderer, hey, there's my warm fuzzy. That goes double for a serial killer, as my body played a role in helping others stay alive.
Slashdot Mirror
Ugh... I had a whole response typed out, clicked Preview and, in my sleep-addled state, closed the tab without posting. I'm not writing it all again, but the long and short of it is that there are four factors used in determining fair use and you're considering only one of them. I would argue that hiQ's use of LinkedIn's data does harm their ability to collect and sell it; I sure don't want hiQ mining shit about me from LinkedIn for the specific purpose for which they are doing so, so I'm less likely to continue maintaining my LinkedIn profile; I'm not alone in that, so yes, it does affect LinkedIn's business. Other factors include the purpose and character of the use (it's commercial, so it fails that test as well), the nature of the copyrighted work (time was spent collecting and compiling the data, time was spent designing the format and layout of the data, it's a creative work), and the amount and substantiality of the portion taken (all profile data is being scraped).
As for phonebooks, I actually raised that issue elsewhere. This isn't even a long thread; perhaps complete your research before assuming I don't know about fucking phonebooks, eh? As a patent lawyer, you should be really good at researching shit, shouldn't you? I mean, if you're good at your job, that is.
I get it, you're a patent lawyer with barely a passing familiarity with aspects of IP law outside of your specialization. Perhaps consult one of your colleagues specializing in copyright before replying again, though.
So wait, what you're saying is if my use of a short sample from a song doesn't affect the sale of that song, it's fair use? Sorry, Robert Van Winkle wouldn't have settled out of court if it looked like he was going to win against Bowie and Queen. What's happening here is practically the same. So, no, I don't think I'd like you to correct me again, since your "corrections" don't align with reality.
Fair used is determined based on four factors, which I'm sure you're quite familiar with (but hoping I'm not aware of for the sake of your argument):
- the purpose and character of your use (e.g. commercial or not - which is relevant here)
- the nature of the copyrighted work
- the amount and substantiality of the portion taken, and
- the effect of the use upon the potential market.
Your argument is, effectively, that only the latter of those factors matters. Sorry, Mr. Slashdot Lawyer, but you're wrong and the law as written says so quite clearly. You've got the books, look it up for yourself.
Regarding phone books, I've already raised that point elsewhere.
I get it, you're an IP lawyer who specializes in patent law. It's okay, there are a lot of facets to IP law and it's important to specialize and be good at your specialty; other specialties will suffer as a result, but that's fine. You might consult one of your colleagues specializing in copyright before continuing this conversation.
A compilation of facts can be copyrighted, but not the underlying data. If this company wants to extract those facts, data or other bits of information and create its own compilation, it violates no one's copyright. It doesn't matter whether those facts came from multiple sources or a single one.
If, in doing so, a copy of the compiled data is made... well...
The courts have ruled it is a fair use to record movies on your DVR for your own personal viewing
Yes, it is.
and it would arguably be the same for extracting a collection of data from an Internet source
Sure, for your own personal use.
provided that the entity didn't compete with that source
You mean provided the use was not commercial or for profit, right? After all, you're:
an intellectual property lawyer
Your appeal to authority does not imply correctness or completeness of understanding; especially so given the argument you just made.
You can, in fact, copyright a representation of facts you've done work to compile from multiple sources. LinkedIn has done work to compile their collection of facts and is entitled to copyright protection.
That is unlike, for example, a local phone directory, because the local phone company is the sole source of that data. A nationwide phone directory, comprising data collected from the various ILECs and CLECs, would be a copyrightable work. The bar being so low in that case would likely mean you'd be fine putting out your own version if you can prove you collected the data yourself, but it's still protected.
As for accessing a public website, well, HTTP provides for access control and it needs to be used here. Further, we're talking about LinkedIn which, like Facebook, participates in active tracking of users of other websites, so access to their servers is practically forced on you if you don't actively seek to avoid it. I can't tell you to stop letting me fling data at your face, then hold you liable when I don't stop, which is precisely why technical measures (on LinkedIn's part) would be necessary for this to be a CFAA issue.
Precisely this. Especially important in the case of Facebook or LinkedIn, which you have to actively avoid if you wish to not access them.
My point was that there is plenty of equipment in use today (mostly high-end and expensive printers) which, of the file transfer protocols Windows speaks natively, only speak SMB1, and that the fault for those systems being online often lies with vendors, while the fault for those systems being misconfigured and the network they are on being vulnerable often lies with the IT department. I framed my argument in terms of a hospital because that's what I was replying to.
And you should know that many hospitals do use printers affected by this.
You can't copyright facts, but you can copyright collections of them, provided you've done more than simply compile facts you already had. That is, if you had to collect the facts from multiple sources, your representation of those facts is protected by copyright. LinkedIn's data is a collection of facts, which they collected from multiple sources.
I'm sure you're very familiar with patents, but you've missed some nuance of copyright law in your reply.
When it comes to reading (viewing in your museum example), which is what was discussed in the argument I was originally replying to, the above is absolutely true. When it comes to copying, it's a little more nuanced than that, of course; but, then, I was writing a Slashdot post, not a fucking dissertation, I certainly was not giving legal advice and, again, was arguing against someone who claimed that merely viewing something viewable from public space, which the owner readily serves up to you with no technical measures in place to protect it, is illegal. De-facto, it is not. That is, I was talking about vieweing, not copying, a fact that becomes abundently clear when you read the entire post, rather than just the first and last sentences.
And, with regard to LinkedIn's complaint, whether or not hiQ has the right to view the data is precisely what matters. They do have that right, which should render the complaint invalid.
Copyright, on the other hand, well... I talked about that in part of my post that you clearly skipped over.
Read the rest of my comments, then feel silly.
Actually, both violate copyright, but the reality is that they can (and should) choose who they go after. And on those grounds, LinkedIn can and should issue a flurry of DMCA notices and sue for an injunction. They can't sue for damages without registering their copyright, including a copy of the work being registered, but they sure can get an injunction. The CFAA simply does not apply to publicly available data until and unless they get said injunction and even then it would be a hell of a stretch.
Also, I suppose it takes near average or higher intelligence to determine when someone is making an absurd argument in an attempt to point out the absurdity and incorrectness of the argument he is countering.
VLANs aren't a perfect solution, switch firmware can potentially be exploited and we're talking about potentially life-and-death critical infrastructure. Beyond that, if the vendors want the equipment on the public internet (which they do, which you'd understand had you read my entire post before spouting off), VLANs aren't really a solution.
Actually, anything you're able to view from a public space is fair game under current laws, with the exception of court orders stating otherwise. If hiQ's servers can view the content from the public internet (that is, if LinkedIn's servers serve it to them without them hacking around some technical measure), it's fair game unless LinkedIn gets an injunction against hiQ. That is, what you're claiming is really for the courts to decide.
Or, you know, LinkedIn could just claim copyright on their data and issue a series of DMCA notices.
IANAL but I've consulted several regarding a very similar issue in the past.
I didn't miss that, just look like you thing that extracting the title of a page constitutes "take the information and then sell it"
No, it looks like you missed where they're taking the entire content of the page and not just the title, since you keep coming back to "just the title".
It would be a whole different affair if i.e Google extracted and resold the amount of information that hiQ does, which of course was the point of the GP.
So, if Google took only key pieces of information, rather than the entire page, that would be problematic? Because Google takes the whole page, while hiQ takes key pieces of data; Google is actually taking, repackaging, and profiting from more of LinkedIn's data than hiQ is.
But, all of that is still highly irrelevant to what I was replying to.
The SMB1 protocol is vulnerable. An implementation lacking the vulnerability would be incomplete and, likely, nonfunctional.
I couldn't see the move as any more disastrous as entire hospitals going offline...
What, pray tell, do you think happens when the whole reason the hospital has SMB1 enabled on its systems in the first place is to talk to multi-hundred-thousand- and multi-million-dollar pieces of medical equipment (think MRI and such) that don't speak SMB2?
Therein lies the rub.
Yes, those machines should be on an air-gapped network shared only with the workstations used to control and operate them. No, the vendors of those machines will not allow that because they want realtime monitoring of the equipment. Blame those vendors for Microsoft really not being able to do anything about this; it's not like hospitals can say "fine, if you won't sell us a more up-to-date MRI we just won't have one at all", they'd face liability for not utilizing every available means of diagnosis and treatment.
The owner of the site is perfectly within his rights to say 'these accesses are allowed, these are not'.
Yes, and they can do that with HTTP200 and HTTP403 status codes, respectively.
On an otherwise air-gapped network which receives periodic functionality and security updates via local WSUS, SMB1 might be perfectly safe to use. In fact, there are a great many instances where SMB1 might not pose a problem, and many of them involve expensive equipment that only speaks SMB1. Why would MS push an update to piss of the majority of medium-to-large businesses, who are the typical users of such equipment and configurations?
Those are the only users they seem to care about not pissing off right now.
They want it read. By people. (And search engines.) They don't want it read by companies that take the information and then sell it as their business model.
I was pointing out that search engines "take the information and then sell it as their business model."
Sorry you missed that.
Not relevant to the argument being made, which was in response to someone claiming they want search engines to be able to do what search engines do then, in the very next sentence, claiming they don't want search engines to be able to do what search engines do.
The two are not close.
They really are, though. LinkedIn has copyright on all of their content, in whole and in part, not just as a whole. That's how copyright works, otherwise I could change a single word in a book and republish it as an original work under its own copyright. It is also important to keep in mind that (most) search engines -- and Google specifically -- don't just grab the page title, META description (or first couple lines of content) and a word/phrase count, they grab the entire content of the page, and they do so in order to display the exact part of the content that contains your search term(s) -- as I mentioned earlier -- rather than a likely irrelevant summary or intro.
To do this, search engines must necessarily use the entire page and not just key pieces of data. That is, Google et-al get away with using more of LinkedIn pages without license than hiQ is using. Therein lies the problem.
Right, the issue here is the "we want to let search engines use it without license, but want to require a license for anyone else" attitude. Either require everyone who uses it to license it (even if you don't charge some of them), or require nobody to license it, that's more or less how copyright law works.
Oh? So they don't display page titles? And they've figured out a way to display the excerpt from the page that contains your search term(s) without collecting that data?
Please, tell me how this magic. works.
They don't want it read by companies that take the information and then sell it as their business model.
What do search engines do, then?
Laser-etch it onto some linguini, then pour some alfredo over it. Or, if you're feeling especially punny, use spaghetti.
If my rotting, half-animal-eaten corpse helps catch a murderer, hey, there's my warm fuzzy. That goes double for a serial killer, as my body played a role in helping others stay alive.