An anonymous reader quotes a report from Ars Technica: Scraping a public website without the approval of the website’s owner isn’t a violation of the Computer Fraud and Abuse Act, an appeals court ruled on Monday. The ruling comes in a legal battle that pits Microsoft-owned LinkedIn against a small data-analytics company called hiQ Labs. HiQ scrapes data from the public profiles of LinkedIn users, then uses the data to help companies better understand their own workforces. After tolerating hiQ’s scraping activities for several years, LinkedIn sent the company a cease-and-desist letter in 2017 demanding that hiQ stop harvesting data from LinkedIn profiles. Among other things, LinkedIn argued that hiQ was violating the Computer Fraud and Abuse Act, America’s main anti-hacking law. This posed an existential threat to hiQ because the LinkedIn website is hiQ’s main source of data about clients’ employees. So hiQ sued LinkedIn, seeking not only a declaration that its scraping activities were not hacking but also an order banning LinkedIn from interfering. A trial court sided with hiQ in 2017. On Monday, the 9th Circuit Appeals Court agreed with the lower court, holding that the Computer Fraud and Abuse Act simply doesn’t apply to information that’s available to the general public. […] By contrast, hiQ is only scraping information from public LinkedIn profiles. By definition, any member of the public has authorization to access this information. LinkedIn argued that it could selectively revoke that authorization using a cease-and-desist letter. But the 9th Circuit found this unpersuasive. Ignoring a cease-and-desist letter isn’t analogous to hacking into a private computer system. “The CFAA was enacted to prevent intentional intrusion onto someone else’s computer — specifically computer hacking,” a three-judge panel wrote. The court notes that members debating the law repeatedly drew analogies to physical crimes like breaking and entering. In the 9th Circuit’s view, this implies that the CFAA only applies to information or computer systems that were private to start with — something website owners typically signal with a password requirement. The court notes that when the CFAA was first enacted in the 1980s, it only applied to certain categories of computers that had military, financial, or other sensitive data. “None of the computers to which the CFAA initially applied were accessible to the general public,” the court writes. “Affirmative authorization of some kind was presumptively required.”
Read more of this story at Slashdot.
Source:
https://yro.slashdot.org/story/19/09/09/2151217/web-scraping-doesnt-violate-anti-hacking-law-appeal-court-rules?utm_source=rss1.0mainlinkanon&utm_medium=feed