Disappointing: LinkedIn Abusing CFAA & DMCA To Sue Scraping Bots

from the please-don't-do-this dept

It's been really unfortunate to see various internet companies that absolutely should know better, look to abuse the CFAA to attack people using tools to scrape public information off of their websites. In the past few years, we've seen Facebook and Craigslist do this (with Facebook recently winning in court).

Now LinkedIn is doing the same thing, suing a bunch of anonymous users for scraping public information from LinkedIn. This is not the first time the company has done this. A few years ago, the company (using the exact same lawyers) filed a very similar lawsuit, eventually figuring out that the scraping was done by a wannabe competitor, HiringSolved, which pretty quickly settled the lawsuit, agreeing to pay $40,000 and erase all the data it collected.

The latest lawsuit appears to be more of the same, claiming that the scraping violates both the CFAA and the DMCA:
During periods of time since December 2015, and to this day, unknown persons and/or entities employing various automated software programs (often referred to as “bots”) have extracted and copied data from many LinkedIn pages. To access this information on LinkedIn’s site, the Doe Defendants circumvented several technical barriers employed by LinkedIn that prevent mass automated scraping, and have knowingly and intentionally violated various access and use restrictions in LinkedIn’s User Agreement, which they agreed to abide by in registering LinkedIn member accounts. In so doing, they have violated an array of federal and state laws, including the Computer Fraud and Abuse Act, 18 U.S.C. §§ 1030, et seq. (the “CFAA”), California Penal Code §§ 502 et seq., and the Digital Millennium Copyright Act, 17 U.S.C. §§ 1201 et seq. (the “DMCA”), and have engaged in unlawful acts of breach of contract, misappropriation, and trespass.
This is bullshit. Courts have directly held that violating a terms of service does not equate to a CFAA violation for "unauthorized access" or "exceeding authorized access." Here, it appears that LinkedIn is hoping that the combination of claiming a terms of service violation with attempts to get around technological protection measures makes it a CFAA violation.

I completely understand that LinkedIn may not like the fact that people are scraping its data, and that they've found ways around LinkedIn's attempts to block such scraping via technological means, but it's a dangerous slippery slope when a company is claiming that a terms of service violation violated the CFAA -- and that getting around simple blocks becomes a DMCA 1201 anti-circumvention violation. Both of these are problematic: saying that violating the terms of service violates the CFAA is a stretch and saying that violating the DMCA by getting around protection technology -- even if not for the purpose of infringing on copyrights -- is a problem.

Of course, this lawsuit, like the last one, is probably really designed to just sniff out who's running the bots, and to push them into a settlement where they'll stop doing so.

Still, this lawsuit seems particularly ridiculous coming just weeks after LinkedIn's founder and chairman, Reid Hoffman, funded a $250,000 disobedience award at MIT's Media Lab. The point of that award is to encourage people to engage in disobedience to change society in a positive way -- which is something that people often use scraping for. And yet, here his company is engaging in a legal battle that will make that kind of scraping much more risky. I know and like Hoffman, who is quite a smart, thoughtful and principled guy. And I have no idea if he even knew this lawsuit was going to be filed. But I think it sends the wrong message when he's encouraging useful hacking on the one hand, while his company (which, yes, was just sold to Microsoft) is suing people for doing the very same thing of hacking on the other hand.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: bots, cfaa, dmca, scraping
Companies: linkedin


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 16 Aug 2016 @ 8:53am

    Any one else besides me curious as to what these "several technical barriers" are?
    Any takers on betting that at least some of them amount to "we told users not to do this in our EULA that no one reads"?

    link to this | view in thread ]

  2. icon
    Christopher (profile), 16 Aug 2016 @ 10:44am

    Scraping for profit is not the same as scraping for freedom.

    LinkedIn users really, really don't like to have their information harvested and used to become the targets of spam campaigns and unsolicited contact. And yet, you've managed to equate this with people pulling taxpayer-funded academic papers out from behind paywalls.

    Save your outrage for a better target. I'm actually pretty glad LinkedIn is going after these bottom-feeders.

    -C

    link to this | view in thread ]

  3. identicon
    Thad, 16 Aug 2016 @ 11:19am

    Re: Scraping for profit is not the same as scraping for freedom.

    Whether or not I *like* having my information harvested by bots is irrelevant to whether or not it's *legal*.

    In fact, I don't recall ever giving LinkedIn any copyright enforcement authority on the information on my profile. LinkedIn doesn't own the copyright to the resume excerpts I copied and pasted onto my profile there, and it certainly doesn't own the basic information about which companies I worked for during which years, which is publicly available information and not copyrightable at all.

    I'm all for fighting spammers, but they should be sued and prosecuted for *spamming*. They should *not* be sued or prosecuted under overbroad interpretations of copyright and computer security laws simply for scraping information that is freely available and voluntarily disclosed.

    link to this | view in thread ]

  4. identicon
    SpaceLifeForm, 16 Aug 2016 @ 11:32am

    Maybe fix

    s/linkedin/microsoft/

    link to this | view in thread ]

  5. identicon
    Thad, 16 Aug 2016 @ 11:46am

    Re: Maybe fix

    The purchase isn't final yet, and even if it were, the actions of a subsidiary aren't necessarily dictated by the parent company.

    That said, I don't see MS objecting, either.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 16 Aug 2016 @ 3:16pm

    Evading controls =/= freely available


    >> scraping information that is freely available and voluntarily disclosed.


    What about creating fake profiles, circumventing controls and fraudulently connecting with real people? Where do you draw the line? Scraping information that is privileged and only available to contacts that are within a network and scraping non-public information is not the same as scraping public information as you allege.

    My profile on LinkedIn is not freely available nor voluntarily disclosed to the general public. Only do my contacts see all the details. Is it shame on me for connecting with a fraudulent (or perhaps hijacked?) profile where I share non-public information, or is it shame on the fraudulent party? LinkedIn's ToS is unambiguous here. CFAA violation is more solid than Mike is suggesting, depending upon the degree of "Fraud and Abuse" that took place.

    link to this | view in thread ]

  7. identicon
    Never Will I Sign Up With Those, 17 Aug 2016 @ 9:48am

    SCUMBAGS

    LINKEDIN is a scumbag company. Even after being sued for scraping my friend's email contacts and notifying those contacts that "My friend had invited me to join LinkedIn", which he denies vehemently, they continued to practice that scumbag tactic, lying to get people to sign up. FUCK LinkedIn.

    link to this | view in thread ]

  8. identicon
    Thad, 17 Aug 2016 @ 8:15pm

    Re: Evading controls =/= freely available

    Using the CFAA to charge somebody with a felony for violating a click-through agreement is a gross abuse of the law that goes far beyond its original intent. Just because it's being used against people you don't like in this case doesn't mean it's ethical.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.