Researchers’ Challenge to CFAA Moves Forward–Sandvig v. Sessions

4 04 2018

This is a lawsuit brought by four professors and a media organization (First Look, publisher of the Intercept). Plaintiffs study real estate, finance, and employment transactions and seek to highlight the discriminatory effects of algorithms. To do so, they create fake profiles, including profiles for minorities, and test the profiles. The court describes this as akin to testing for discrimination in the housing or loan markets. For example, plaintiffs intend to use bots to create fake profiles which then will surf real estate websites, simulating the behavior of minority groups. The plaintiffs intend to then scrape the websites to record the displayed properties. Similarly, several of the other plaintiffs intend to use bots to crawl job-seeker profiles, then create fake employer profiles so they can search for candidates and see how they are ranked. They also intend to create fake job-seeker profiles and have these fictitious job-seekers apply for fictitious jobs, to see how algorithms rank candidates. Both the professors and First Look intend to publicize their findings.

They all contend their actions leave them susceptible to the risk of prosecution under the CFAA. They brought an action for declaratory relief alleging First Amendment and Due Process Claims.

. . .

Standing: In the pre-enforcement context, a plaintiff has to establish that she has an intention to engage in conduct (1) that is affected with a constitutional interest; (2) that is proscribed by statute and (3) which gives risk a credible risk of prosecution.

The court says plaintiffs’ activity has a constitutional dimension, among other things, because:

scraping plausibly falls within the ambit of the First Amendment.

The court says cases broadly recognize the right to record “matters of public interest.” Scraping, at least as it encompasses information located in a “public forum,” falls within this right. The court says plaintiffs also have an interest in making “harmless misrepresentations” to websites.

Case citation: Sandvig v. Sessions, 2018 WL 1568881 (D.D.C. March 30, 2018)

more

The content in this post was found at https://blog.ericgoldman.org/archives/2018/04/researchers-challenge-to-cfaa-moves-forward-sandvig-v-sessions.htm

Clicking the title link will take you to the source of the post. and was not authored by the moderators of freeforafee.com.

 

Powered by WPeMatico



Data Aggregator Seeks Ruling Allowing It to Scrape Public LinkedIn Data

22 02 2018

Proskauer

Jeffrey Neuburger on February 20, 2018

In the latest development in the legal controversy over scraping, 3taps, Inc. (“3taps”), a data aggregator and “exchange platform” for developers, filed suit against LinkedIn seeking a declaratory judgment that 3taps would not be in violation of the Computer Fraud and Abuse Act (CFAA) if it accesses and collects publicly-available data from LinkedIn’s website. (3Taps Inc. v. LinkedIn Corp., No. 18-00855 (C.D. Cal. filed Feb. 8, 2018)).  The basis of 3Taps’s complaint is last year’s hotly-debated California district court ruling (hiQ Labs, Inc. v. LinkedIn, Corp., 2017 WL 3473663 (N.D. Cal. Aug. 14, 2017)), where the court granted a preliminary injunction compelling LinkedIn to disable any technical measures it had employed to block a data analytics company from scraping the publicly available data on LinkedIn’s website. The hiQ ruling essentially limited the applicability of the CFAA as a tool against the scraping of publicly-available website data.  [For an analysis of the hiQ lower court decision, please read the Client Alert on our website].

more

The content in this post was found at https://newmedialaw.proskauer.com/2018/02/20/data-aggregator-seeks-ruling-allowing-it-to-scrape-public-linkedin-data/ Clicking the title link will take you to the source of the post. and was not authored by the moderators of privacynnewmedia.com. Clicking the title link will take you to the source of the post.

Powered by WPeMatico



CFAA “Unauthorized Access” Web Scraping Claim against Ticket Broker Dismissed Because Revocation of Access Not Expressed in Cease and Desist Letter

10 02 2018

Proskauer

By Jeffrey Neuburger on February 9, 2018

A California district court issued an important opinion in a dispute between a ticket sales platform and a ticket broker that employed automated bots to purchase tickets in bulk. (Ticketmaster L.L.C. v. Prestige Entertainment, Inc., No. 17-07232 (C.D. Cal. Jan. 31, 2018)). For those of us who have been following the evolution of the law around the use of automation to scrape websites, this case is interesting. The decision interprets some of the major Ninth Circuit decisions of recent memory on liability for web scraping.  Indeed, two weeks ago, we wrote about a case in which the Ninth Circuit interpreted certain automated downloading practices under the CFAA and CDAFA. Also, we wrote about and are awaiting the decision in the hiQ v. LinkedIn appeal before the Ninth Circuit. Also prior posts on the topic include a discussion of a noteworthy appeals court opinion that examined scraping activity under copyright law and the scope of liability under the DMCA anticircumvention provisions.  These seminal decisions and the issues they raise were expressly or implicitly addressed in the instant case. While we will briefly review some of the highlights of this decision below, the case is a must-read for website operators and entities that engage in web scraping activities.

 

more


The content in this post was found at https://newmedialaw.proskauer.com/2018/02/09/cfaa-unauthorized-access-web-scraping-claim-against-ticket-broker-dismissed-because-revocation-of-access-not-expressed-in-cease-and-desist-letter/ and was not authored by the moderators of freeforafee.com. Clicking the title link will take you to the source of the post.



VPPA Still Doesn’t Protect App Downloaders–Perry v. CNN

5 01 2018

Plaintiff sued CNN under the Video Privacy Protection Act, alleging that CNN wrongly disclosed plaintiff’s viewing records without plaintiff’s consent. The allegation is that plaintiff used the CNN app, which records viewing history, and CNN sent this information to Bango, a third party data analytics company. CNN allegedly disclosed to Bango the viewing activity along with the MAC address (a unique string of numbers associated with plaintiff’s device). Bango then allegedly used the information to link the user’s MAC address to other information and built a profile of plaintiff that includes the name, location, phone number, email address, and payment information, combined with the viewing history that CNN disclosed.

 

more

The content in this post was found at http://blog.ericgoldman.org/archives/2017/05/vppa-still-doesnt-protect-app-downloaders-perry-v-cnn.htm and was not authored by the moderators of freeforafee.com. Clicking the title link will take you to the source of the post.



Craigslist Garners $60 Million Judgment against Radpad in Scraping Dispute

31 12 2017

For years, craigslist has aggressively used technological and legal methods to prevent unauthorized parties from violating its terms of use by scraping, linking to or accessing user postings for their own commercial purposes.  In its latest judicial victory, on April 13, 2017, craigslist obtained a $60.5 million judgment against Radpad on various claims relating to harvesting content from craigslist’s site and sending unsolicited commercial emails to craigslist users. (Craigslist, Inc. v. RadPad, Inc., No. 16-01856 (N.D. Cal. Apr. 13, 2017)).

more

The content in this post was found at https://newmedialaw.proskauer.com/2017/04/17/craigslist-garners-60-million-judgment-against-radpad-in-scraping-dispute/ and was not authored by the moderators of freeforafee.com. Clicking the title link will take you to the source of the post.



Court Issues Injunction Barring Blocking of Scraping and Holds CFAA Likely Doesn’t Apply

30 12 2017

A Green Light for Screen Scraping? Proceed With Caution…

While the law relating to screen scraping  is unclear, a recent landmark decision from the Northern District of California, hiQ Labs, Inc. v. LinkedIn, Corp., 2017 WL 3473663 (N.D. Cal. Aug. 14, 2017), appears to limit the applicability of the CFAA as a tool against scraping. Indeed, in granting injunctive relief against LinkedIn’s blocking of hiQ’s scraping activities, the hiQ court noted that, by invoking the CFAA, “[c]ompanies could prevent competitors or consumer groups from visiting their websites to learn about their products or analyze pricing.” While the hiQ decision suggests that, at least in some circumstances, scraping of publicly available websites does not give rise to a cause of action under the CFAA, scrapers beware – the road may still have some rough patches ahead.

more


The content in this post was found at https://newmedialaw.proskauer.com/2017/08/24/court-issues-injunction-barring-blocking-of-scraping-and-holds-cfaa-likely-doesnt-apply/ and was not authored by the moderators of freeforafee.com. Clicking the title link will take you to the source of the post.



Supreme Court Denies Appeals of Notable Data Scraping, Computer Fraud Decisions from Ninth Circuit

27 12 2017

This past week, the Supreme Court denied the petitions for certiorari in two noteworthy Ninth Circuit decisions that had interpreted the scope of liability under the federal Computer Fraud and Abuse Act (CFAA) in the context of wrongful access of company networks by employees and in instances involving unwanted data scraping from publicly available websites. (See Power Ventures, Inc. v. Facebook, Inc., 844 F.3d 1058 (9th Cir. 2016), cert. denied (Oct. 10, 2017); Nosal v. U.S., 828 F.3d 865 (9th Cir. 2016) (Nosal II), cert. denied (Oct. 10, 2017)).   Power Ventures involved a social media aggregation service that scraped Facebook user data with the permission of the user. There, the appeals court had held that while a violation of the terms of use of a website—without more—cannot be the basis for liability under the CFAA, a commercial entity that accesses a public website after permission has been explicitly revoked can be civilly liable under the CFAA.  In Nosal II, the Ninth Circuit had ruled that a former employee, whose access has been revoked, and who uses a current employee’s login credentials to gain network access to his former company’s network, violated the CFAA.

With the Court declining to review, this important pair of rulings about the breadth of CFAA liability will stand.

more


The content in this post was found at https://newmedialaw.proskauer.com/2017/10/13/supreme-court-denies-appeals-of-notable-data-scraping-computer-fraud-decisions-from-ninth-circuit/ and was not authored by the moderators of freeforafee.com. Clicking the title link will take you to the source of the post.



Internet tracking software maker to face wiretapping trial, court rules

20 08 2016
A US federal appeals court says the maker of an online spying tool can be sued on accusations of wiretapping. The federal lawsuit was brought by a man whose e-mail and instant messages to a woman were captured by the husband of the woman. That husband used that data as a “battering ram” as part of his 2010 divorce proceedings.

It’s the second time in a week that a federal court has ruled in a wiretapping case—in favor of a person whose online communications were intercepted without consent. The other ruling was against Google. A judge ruled that a person not using Gmail who sent e-mail to another person using Gmail had not consented to Gmail’s automatic scanning of the e-mail for marketing purposes. Hence, Google could be sued (PDF) for alleged wiretapping violations.

For the moment, the two outcomes are a major victory for privacy. But the reasoning in the lawsuit against the makers of the WebWatcher spy program could have ramifications far beyond the privacy context—and it places liability on the producers of spyware tools.

more

The content in this post was found at http://arstechnica.com/tech-policy/2016/08/internet-tracking-software-maker-to-face-wiretapping-trial-court-rules/ and was not authored by the moderators of freeforafee.com. Clicking the title link will take you to the source of the post.



Nosal Update: Ninth Circuit Hears Oral Arguments on Password Sharing and Scope of Computer Fraud and Abuse Act

2 12 2015

Seyfarth Shaw

October 28th, 2015

Amy Abeloff & Robert B. Milligan
On October 20, 2015, a Ninth Circuit panel consisting of Chief Judge Sidney Thomas and Judges M. Margaret McKeown and Stephen Reinhardt heard oral argument from the U.S. Department of Justice and counsel for David Nosal on Nosal’s criminal conviction arising under the Computer Fraud and Abuse Act (CFAA).   In 2013, Nosal was found to have violated the CFAA by allegedly conspiring to obtain access to company information belonging to his former employer, executive search firm Korn Ferry, through the borrowing of another employee’s login password. He was also convicted of trade secret misappropriation under the Economic Espionage Act.

more.

The content in this post was found at http://www.tradesecretslaw.com/2015/10/articles/computer-fraud/nosal-update-ninth-circuit-hears-oral-arguments-on-password-sharing-and-scope-of-computer-fraud-and-abuse-act/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TradingSecrets+%28Trading+Secrets%29 and was not authored by the moderators of freeforafee.com. Clicking the title link will take you to the source of the post.

 



Joomla bug puts millions of websites at risk of remote takeover hacks

2 12 2015
 Arstechnica
October 23, 2015
Dan Goodin

Millions of websites used in e-commerce and other sensitive industries are vulnerable to remote take-over hacks made possible by a critical vulnerability that has affected the Joomla content management system for almost two years.

The SQL-injection vulnerability was patched by Joomla on Thursday with the release of version 3.4.5. The vulnerability, which allows attackers to execute malicious code on servers running Joomla, was first introduced in version 3.2 released in early November 2013. Joomla is used by an estimated 2.8 million websites.

“Because the vulnerability is found in a core module that doesn’t require any extensions, all websites that use Joomla versions 3.2 and above are vulnerable,” Asaf Orpani, a researcher inside Trustwave’s Spiderlabs, wrote in a blog post. The vulnerability, and two closely related security flaws, have been cataloged as CVE-2015-7297, CVE-2015-7857, and CVE-2015-7858.

more.

The content in this post was found at http://arstechnica.com/security/2015/10/joomla-bug-puts-millions-of-websites-at-risk-of-remote-takeover-hacks/ and was not authored by the moderators of freeforafee.com. Clicking the title link will take you to the source of the post.