Latest interesting court case helps shed light onto the shaky legal status of scraping, crawling, botting, fake profiles and similar automatic processes to harvest great amounts of data from websites you do not own. To what extent are you allowed to go on a fishing expedition in somebody else’s pond?
Facebook has a whole separate set of Terms for Automated Data Collection where it’s prohibited without FB’s express written permission:
So, the law allows it but the Terms prohibit. Users must agree to the Terms prior to accessing the website; it’s contract law. So, what happens in courts when the law clashes against the Terms and platforms sue scrapers for violation of the Terms? Lately, scrapers have been winning, although not everybody was so lucky. In this post, I’ll describe what lessons can we learn from professors with fake LinkedIn profiles and other notable harvesters up to date.
Latest Case: Fake LinkedIn Research Profiles
So, the professors asked the court in 2016 to determine whether their intended research would be a crime under the CFAA. There is no easy answer to that question because courts disagree and produce inconsistent rulings.
In 2009, a California federal court judge acquitted a woman who was charged under the CFAA for contributing to a MySpace hoax that led to the suicide of a 13-year-old. Defendant was criminally charged under the CFAA for violating MySpace’s terms of service.
In 2013 a federal court in CA ruled that the data mining company 3Taps potentially violated the anti-hacking law by scraping real estate listings from Craigslist, after Craigslist had demanded that 3Taps stop doing so.
A 2015, a court threw out a the conviction of a police officer who had used a police database to look up information about women he knew personally. That, the judge reasoned, was not a criminal violation of the CFAA.
And yet other courts were much stricter. For example, in a 2010, there was a ruling that a Social Security Administration employee had violated the CFAA when he used an SSA database to look up information about people he knew personally. So, that’s contrary to what the other court had decided in the creepy cop’s case above. In 2006, a court ruled that an employee had violated the CFAA when, after quitting his job, he deleted valuable information from his work computer, as well as data that would have revealed his misconduct.