[BreachExchange] Scraping data from websites is not hacking or a crime, rules Appeals Court in US

[Matthew Wheeler]

https://www.neowin.net/news/scraping-data-from-websites-is-not-hacking-or-a-crime-rules-appeals-court-in-us/

The Ninth Circuit Court of Appeals may have set an important precedent in
the tech world. The court has essentially concluded that “Data Scraping” is
not hacking. Hence, it might not be illegal to scrape data from websites,
and social media platforms, unless there are defensive technologies in
place.

After listening to the arguments in a case that involved Microsoft-owned
LinkedIn and competitor hiQ Labs, the Ninth Circuit Court of Appeals has
concluded that scraping publicly available data does not constitute a
federal crime. The case dates back to 2017 which LinkedIn had filed against
hiQ Labs. The social media platform for professionals had objected to its
data being scraped.

LinkedIn essentially wanted hiQ Labs to immediately cease scraping public
data from the social networking site. During the first trial, the court
sided with hiQ Labs, noting that LinkedIn couldn’t invoke federal hacking
laws to stop the practice. The court opinioned that hiQ Labs’ behavior
didn't seem to violate any laws, and hence, the company’s actions could not
be classified as a crime.

LinkedIn appealed the ruling to the United States Supreme Court, which
remanded the case back to the Ninth Circuit court. The Appeals Court had
recently deliberated on a case that reportedly involved a former Georgia
police officer who was accused of violating the Computer Fraud and Abuse
Act (CFAA) by looking up license plate data in exchange for bribes.

The Ninth Circuit Court of Appeals seems to have made a distinction between
“improper use”, “unauthorized access”, and “authorized access”. The
judgment reads:

As we have noted, however, a defining feature of public websites is that
their publicly available sections lack limitations on access; instead those
sections are open to anyone with a web browser. In other words, applying
the ‘gates analogy’ to a computer hosting publicly available webpages, that
computer has erected no gates to lift or lower in the first place.”

Simply put, had LinkedIn deployed mechanisms to prevent data from being
scraped, hiQ Labs would have been in the wrong. However, since there were
no restrictions, LinkedIn's insistence that hiQ Labs must cease its
practice doesn’t have any merit.

The ruling could have a significant impact on data scraping. The practice
has long infuriated social media platforms. Startups and smaller
competitors to giants like Facebook have aggressively devised algorithms to
scrape large chunks of data to quickly build and finetune their
technologies. Needless to mention, tech giants have fiercely opposed the
idea of data scraping. But henceforth, they might not have legal recourse,
unless they deploy technologies to prevent the practice.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220419/27bf5dec/attachment.html>