
US court rules masking IP address to access blocked Website violates law - tanglesome
http://www.zdnet.com/us-court-rules-masking-ip-address-to-access-blocked-website-violates-law-7000019701/
======
Shish2k
TL;DR: "this is a decision applying only to a narrow, specific circumstance."
\- Craigslist sent a legally valid cease & desist letter to 3taps, explicitly
revoking their default-allowed access. 3taps changed their IP and continued
scraping -- it's the ignoring of the cease & desist that's the problem; that
they did so by changing IP is just a technical detail.

~~~
grecy
> Craigslist sent a legally valid cease & desist letter to 3taps, explicitly
> revoking their default-allowed access.

I can have a site on the public internet and ban certain people from visiting
it, then enforce that in court if they do?

That seems... strange.

~~~
jemfinch
You can have a house or a business on a public street and ban certain people
from visiting it as well. Why does it seem strange that the same law applies
online?

~~~
devcpp
I have always considered websites to be comparable to public shops. Any
"client" can enter and profit from a "[web] service" given by a "server", so
it seems much more fitting than a private house or office, which would be
comparable to the backend, itself off limits in most cases.

And in most cases, in the areas I've lived in, you have no right to refuse
service to "certain people". So, yes, this seems just as bad as a baker who
would refuse a certain subset of people from even entering his shop.

~~~
ori_b
Just about any store in the USA can ban customers for non-discriminatory
reasons. For example, if you go to a restaurant, start swearing at the
servers, throwing your food, and misbehaving, you'll quickly find yourself
banned from the location.

I think it varies by state, but as long as the banning isn't because you're
part of a protected class[1], a private establishment can refuse service for
any reason it sees fit, including none at all.

[1][http://en.wikipedia.org/wiki/Protected_class](http://en.wikipedia.org/wiki/Protected_class)

~~~
baddox
Right, and banning a customer from a store is equivalent to a computer denying
a request from a remote client. But in this case, the computer _didn 't_ deny
the request.

~~~
jemfinch
No, banning a customer is almost exactly equivalent to sending the sort of C&D
letter that Craigslist sent. I'm banned from Walmart for life, and was asked
to sign a trespass warning explaining that if I'm found on Walmart property,
I'll be charged with trespassing. That's Walmart's right.

Just because the door is open doesn't mean that everyone is welcome to go
through it. The same holds true for websites just as it holds true for grocery
stores.

------
Karunamon
On one hand, if a site has taken technical measures to keep you out, you have
no right to be there and deserve some kind of punishment for circumventing it.

On the other hand, the fact that this punishment is a felony record is just a
little bit pathetic (c.f. Aaron Swartz).

You don't get in that much trouble for trespassing IRL.

~~~
Delenda
So many people seem to miss this point! Regular meatspace trespassing already
has laws surrounding it. Laws that don't destroy your life. Step back into a
store you're banned from in disguise and get caught? You're not faced with
losing your ability to vote, no chances to acquire work, hundreds of millions
of dollars of debt, decades of jail time, etc. Felony charges ruin lives, and
shouldn't be just lightly sprinkled into otherwise mundane cases like these.

~~~
anigbrowl
There is in fact such a thing as felony trespassing. I suggest you consult
Google before firing off legal opinions.

 _You 're not faced with losing your ability to vote, no chances to acquire
work, hundreds of millions of dollars of debt, decades of jail time, etc._

You know anything involving a jail sentence of over a year is a felony, right?
You seem to think felony crimes all carry a life sentence or somesuch.

~~~
jack-r-abbit
_You know anything involving a jail sentence of over a year is a felony,
right?_

Actually, I did NOT know that... part of me thought it couldn't be right. But
here you go:
[http://www.law.cornell.edu/uscode/text/18/3559](http://www.law.cornell.edu/uscode/text/18/3559)
Thanks.

------
parfe
This is pretty much an analog of how trespassing in a public accommodation,
such as Walmart, works.

You're welcome until someone tells you otherwise. You can't legally go back in
just because you changed your shirt and put on a hat.

~~~
gcb0
Actually it's just so.

They say "no shirt no service". You show up with a shirt and get service.

You get blocked from one ip, you show up from another you get service.

~~~
epo
You didn't understand what he wrote did you?

------
jetti
Something that strikes me and is a bit tangential but this quote made me think
of this:

"The case in question, Craigslist vs. 3Taps, revolved around a copyright
infringement claim by Craigslist against data gathering company"

If Craiglists is claiming copyright on all content, wouldn't that make them
solely responsible for all of that content? Wouldn't then the "safe harbor"
that many online communities use not apply and wouldn't the illegal content
that was/continues to be on Craigslist become Craigslist legal responsibility?

~~~
IanDrake
>If Craiglists is claiming copyright on all content, wouldn't that make them
solely responsible for all of that content?

Yes, a million times yes. I've made this argument several times.

However, this is no longer a copyright issue. Now we're just talking about
access to their servers.

~~~
jetti
>However, this is no longer a copyright issue. Now we're just talking about
access to their servers.

I would disagree. The whole issue stems from a copyright issue. Without a
copyright infringement claim you wouldn't get the cease & desist letter.
Without that letter, you wouldn't have the specific situation which leads to
this verdict.

~~~
sejje
Is this correct? Can't they send a C&D for violating their terms of use, which
forbids accessing their servers with software?

(On an aside, doesn't their terms of use disqualify access with a browser, or
really any piece of software?)

~~~
IanDrake
>Is this correct?

No, it's not. A C&D letter is a legal threat or warning. I could send you a
C&D for sneezing too close to me.

Having received a C&D letter myself from CL, I can assure you there are
multiple issues they claim. You can find this C&D letter at DocStock. CFAA
violations are one claim, copyright violations are another.

[http://www.docstoc.com/docs/76524735/Craigslist-Cease-and-
De...](http://www.docstoc.com/docs/76524735/Craigslist-Cease-and-Desist)

------
IanDrake
From 3Taps:
[https://3taps.com/images/pics/430_Statement%20Re%20craigslis...](https://3taps.com/images/pics/430_Statement%20Re%20craigslists%20Misuse%20of%20the%20CFAA.pdf)

>3taps does not now scrape craigslist’s servers, and therefore, cannot be in
violation of the CFAA

This was my understanding of how their system works. CL (for their own
benefit) allows other sites to index their content. 3Taps indexes from the
cache of these sites, thus never touching CL's servers.

Now as others have said, you got banned by walmart, now you're sending someone
else to buy stuff for you...no more trespassing issues.

~~~
sengstrom
Good extension of that analogy :) The real issue isn't scraping the data
(which is very hard to prevent unless you put in some sort of access control),
but what you do with it once you have it. This is where I can sympathize with
CL's complaint. It comes down to ownership of the information in a particular
listing and whether you can prove that it is yours or not.

------
epo
Why are people so obtuse? The IP has very little to do with anything.

The IP ban was supplementary to a cease and desist. If 3Taps continued to
attempt access via a non-banned IP after the cease and desist then they are in
contempt of court. The attempt at bypassing the ban merely proves bad faith on
3Taps' part.

~~~
IanDrake
>cease and desist then they are in contempt of court

No. A cease and desist is a letter drafted by anyone asking someone to stop
doing something. It's not a court order and the court is not involved in it,
so you can't be held in contempt.

------
BWStearns
Perhaps we need a bifurcation of US computer law to divide malicious hacking
from more benign misuse like this case. It seems a bit absurd that a major
bank hack should be prosecuted under the same law as unauthorized webscraping.
Perhaps a civil misuse akin to a speeding ticket is necessary for the internet
(though this clearly brings its own questionable enforcement questions).

~~~
pc86
Everybody speeds. Not everybody even accesses Craigslist (eg) let alone
accesses Craigslist after receiving explicit instruction they are no longer
permitted to. I agree there should be a differentiation, but how? Hacking into
BAML trying to steal money is obviously and should be a felony with harsh
punishment. Scraping Craigslist is probably more benign, but you're still
attempting to profit off the information obtained that you know the
(supposed?) copyright-owner does not want you to access.

~~~
BWStearns
Hit them with copyright abuse then. Not every crime commissioned on a computer
should be treated as a computer crime.

Doing so functionally leads to double jeopardy on all manner of civil and
criminal cases and the opportunity for excessively punitive sentencing and
sanctions that are basically optional to apply. IANAL, but this seems to
introduce an unacceptable degree of discretion in the law.

As an example, if I send an extortion message via post, I get in trouble for
extortion. If I do it via email should that be a computer crime as well? I
guess it's up for debate since most everything is, but I feel comfortable
enough to say clearly not.

~~~
lutusp
> Not every crime commissioned on a computer

Commissioned? ITYM "committed". Yes?

~~~
BWStearns
<pedant>
[http://www.thefreedictionary.com/commission](http://www.thefreedictionary.com/commission)
definition 3. </pedant>

~~~
lutusp
Yes, understood, but I think the OP means "committed".

------
tsaoutourpants
Great, so now if I put a notice that no government employees are allowed to
use my Web site, and they do anyway, I can sue them? :)

~~~
qnr
My first thought when reading the article was to prohibit RIAA and MPAA from
visiting torrent trackers etc. You can even preemptively send them a C&D
letter in pretty legalese.

~~~
gwu78
If these servers used IP block lists and sent cease and desist letters to an
organization on the list that they believed bypassed the restrictions and
accessed the server anyway (how would they prove that?), and it turns out
there is no evidence of contributing to copyright infringement, then would the
server owners have a claim under the CFAA?

The interpretation of the CFAA in this Order only applies to the facts of the
3Taps case, but assuming this case actually went to trial and in its decision
the Court parroted what it has said already regarding the validity of CL's
CFAA claims, then it one could at least argue that _any_ computer owner should
be entitled to enjoy the protections of the CFAA against unauthorized access
to that computer, in order to protect all information that through such access
can be obtained.

I hope others besides you and I will give this idea some more thought.

------
graycat
Yes, like the sun coming up in the morning, now that the Internet is
important, the lawyers and lawyer legislators have goals.

The candidates are, make the Internet faster, make it more secure, improve the
quality of the content, lower the costs, improve access to it, write laws
about it, bring legal cases about it, and tax it.

May I have the envelope, please? The the winner is (drum roll), tax it. First
runner up is write laws about it. And second runner up is bring legal cases
about it.

The way of the world.

If a child has only a hammer, then each time they see something, they want to
hit it. So, lawyers want to pass laws, raise taxes, and bring legal cases.
Improve things? No. Be a leach on society? Yes.

Here's the most astounding, incongruous thing of all: How did the Internet get
so far without lawyers?

~~~
mindslight
I can only wonder at what doomsday scenario the lawlyers think would occur if
this access wasn't a crime. Anything that could happen can already happen from
foreign or anonymous addresses without recourse. I can only come to the
conclusion that by not understanding or even shunning how the Internet works
on a technical level, they can't appreciate that it actually already is just a
system of rules. So they think it naturally needs to be "improved" with rules
of the style they're used to working with (centrally dictated, overreaching,
ill-specified, and inefficiently enforced).

~~~
graycat
Yes, nicely put.

Since the only tool they have is a hammer, they see everything as a nail. And,
as legislators, judges, prosecutors, and litigators, they like to see
'problems' everywhere; like some English major, and many lawyers were, who
looks at formula fiction and sees good against evil, white hats against black
hats, where the point of the story is for good to defeat evil and get the
girl.

Here as often elsewhere in our society, the lawyers should just go drink
something sickening and just get the hack out of our lives, out of our way,
and quit being dangerous, destructive leaches on the work of good and
productive people.

Time for a lawyer joke:

Q. On the highway is a dead skunk and a dead lawyer. What is the difference?

A. There are tire tracks ahead of the dead skunk.

No one wants to run over a skunk; they are cute, sweet, harmless little
animals and fun until threatened and turn and raise their tails. Lawyers,
however, ....

Lawyers, just quit causing trouble for normal, harmless people. Stop it.
Please, just _stop_ it. Go do something else. I'm putting this nicely.
However, if I win a big bundle in the lottery, maybe I'll fund the ACLU, EFF,
and even more aggressive legal organizations to go after any lawyers making
trouble for harmless people, e.g., Aaron Swartz.

Lawyers need some insight into people. Well, here's one: From grade school,
high school, and college, it's not good to have everyone else in school think
of you as worse than a rabid dog. And if people think of you this way, then
there's nothing the school principal, teachers, and rules can do really to
protect you. Instead, you can get hit in the back on the playground, on the
way home find some tough, angry kids who don't like you, never get invited to
parties, lose your homework and find it in the toilet, etc. Adults don't do
such things, but the feelings can be the same and still you can be ostracized,
rejected, hated, pushed out, scorned, avoided, friendless, etc. Really, you
can be alone and learn what essentially every baby mammal knows from birth --
it's not good to be alone.

Net, again, once again, either be hated or just quit, _stop_ it, hurting
harmless people. Dutch uncle advice. Word to the wise.

I know; I know; in law school you were proud to be taught how to "think like a
lawyer". Now, out in the real world with normal humans, you need to learn
again how to think like a human. Again, yet again, just for you, quit hurting
harmless people; this advice is good for both the harmless people and you. Are
you getting this? Got it?

Right, you noticed that this is not a legal issue. Right; in strong
contradiction to what you learned in law school, not everything in life is a
legal issue. Beginning to understand now?

~~~
mindslight
Hey hey, no need to preach to me.

> _if I win a big bundle in the lottery, maybe I 'll fund the ACLU, EFF, and
> even more aggressive legal organizations to go after any lawyers making
> trouble for harmless people_

By saying this, you're tacitly admitting that some lawyers are fighting the
good fight. And above, there's plenty of non-lawyers proposing broken
analogies with trespassing, even though one can't prevent access to their
house with certainty nor easily mitigate damages.

So "lawyers" aren't the root problem, but the general dislike of them
certainly points to it - legal complexity that grows without bounds. And while
this is fueled by lawyers (and others) tending to want the world to work the
way they already understand, channeling rage at them only obscures the actual
problems.

~~~
graycat
I believe that the situation of the Internet and what I mentioned are simpler
than your remarks.

First, for my remarks, I concentrated on asking lawyers -- legislators,
prosecutors, judges, and litigators -- to quit hurting harmless people.
Simple. Nothing about legal "complexity" can argue against this.

Second, for the Internet, lawyers should mostly just f'get about it. Just
ignore it. Don't make or prosecute laws about it. Don't have civil suits about
it. F'get about computer industry patents. Just go do something else. In
particular, again, no problems with legal "complexity".

For "private property" and what's on Web sites, just f'get about it. It's
simple, dirt simple:

(A) The Internet is new and different and nothing like much of anything
before. It's not like a house, storefront, bookstore, front yard, newspaper,
etc., and trying to force the Internet onto some such Procrustean bed is just
destructive nonsense.

(B) If an owner of a Web site has some data they don't want spread around,
then they should not put it on their Web site. Just don't do it.

If they do, then their ability to 'protect' their data is zip, zilch, and
zero. Both technically, for reasons simple to deep and profound, and legally,
in practice, they can't protect such data and likely never will be able to.
So, don't put the data out there. If they do, then f'get about the lawyers and
protecting that data.

Sorry 'bout that, but copyright laws were not designed for the Internet and
digital data.

A Web site owner can try to be like the MPAA and RIAA and try to hold on to
the past, but, for many reasons lawyers can't effectively stop, it won't work.
That's just the way it is, no matter what laws get passed, no matter how many
wacko, paranoid, OCD, Boston federal prosecutors grit their teeth and think
that they see monsters in closets, how many confused, ill-informed SCOTUS
decisions there are, etc. It's tilting against windmills.

In the meantime, lots of lawyers will be causing lots of damage and doing
nearly no good, all for no good reason.

The Internet was just fine before the CFAA. And we don't need SOPA or PIPA.

Sure, a citizen should make his views known to Congress. Alas, Congress is
full of lawyers, and it's tough to _break through_ to them; could use 1000
board-feed of 2 x 4's to break over their heads to see if they are just
resting or deep into some _profound_ legal thinking. Gotta wake them up and
have them get their hands _off_ the Internet, and keep the NSA off the
Internet.

I can't turn Congress, but I can guarantee Congress that via technical means
the Internet can circumvent nearly any laws they pass. So, f'get about the
Internet.

~~~
mindslight
> _I concentrated on asking lawyers -- legislators, prosecutors, judges, and
> litigators -- to quit hurting harmless people._

Every person generally thinks they're doing good in the world. They certainly
don't think they're hurting harmless people for fun, they honestly think
they're protecting other people. You need to understand this if you want to
have any hope of getting to root causes.

> _If an owner of a Web site has some data they don 't want spread around,
> then they should not put it on their Web site. Just don't do it._

See, this is the exact opposite of the truth - it's quite possible to publish
data online and employ access methods to control who can access it. By arguing
your case this way, you are undermining yourself - the _reason_ we have a
legal system with laws etc because things like murder/robbery/etc are
impossible to prevent, so the only thing we can do is punish transgressors.
Computers give us the ability to implement absolute restrictions formally. The
push to implement ambient-authority retributive laws comes from management
types who don't devote want to spend the effort to implement formalized
restrictions, and want to cry foul after the fact.

~~~
graycat
> Every person generally thinks they're doing good in the world.

I think we mostly know who's harmless. We know for kitty cats and puppy dogs:
In my neighborhood, cats are free to wander but dogs are not.

> See, this is the exact opposite of the truth - it's quite possible to
> publish data online and employ access methods to control who can access it.

Wrong, fundamentally technically and practically. I told you it can't be done,
and you just didn't believe me.

Once that toothpaste is out of the tube, it can't be put back in.

Once a secret is out, can't pull it back.

Once some data is sent over the Internet, the person who receives it has it,
all of it, and can technically can do essentially anything with it. E.g., when
a Web site sends a Web page, it's gone, the whole thing, HTTP header lines,
HTML mark-up 'elements', CSS 'properties' and values, software in JavaScript,
text, files in JPG, PNG, GIF, MP3, WAV, etc. The computer receiving this data
is free to store it on hard disk, manipulate it many ways, back it up, send
it, etc. Net, that data's gone, out'a there, out in the public, beyond
control, with no self destruct mechanism, no time out clock, no string to pull
it back. Can't track it; mostly can't trace it; in practical terms can't say
where it came from, can't claim ownership of it, in no practical terms can
enforce copyright for it. Etc.

Sure, can embed a secret 'watermark' in a PNG file, but that doesn't do much
good, e.g., as the file passes from person to person. Besides, such a
watermark might get lost if the image is resized.

Yes, can put some carefully constructed errors in text and numerical data, but
maybe only parts of the data get used or copied, and, again, after the data
passed through many hands tough to say who originally 'stole' it, and for the
rest they had no knowledge that the data was stolen.

Yes, can set up strong authentication for users and use strong encryption when
sending the data, but eventually some user gets the data as 'plain text', that
is, not encrypted, and now can redistribute it to friends, family, etc. It's
just bits and can be stored, copied, transmitted, modified, etc. So, one
'authorized' user leaks the data and it's gone and essentially out to the
public.

For a Web site trying to block a user, it is essentially impossible to know if
the user returned -- with a different IP address, MAC address, ISP, Web
browser string HTTP_USER_AGENT, etc. Searching the user's house or office also
is unpromising since the data could be on DVD below the insulation on the
floor of the attic, stored in the cloud, etc.

Again, yet again, as a practical matter, now and over the horizon, if a Web
site doesn't want their data out in the public and usable by every Tom, Dick,
and Harry for whatever, then they should just never have their Web site send
that data. And, really, there's nothing laws or lawyers can do about this
except cause a lot of trouble.

Again, more generally, lawyers should just f'get about the Internet.

------
wil421
At first it sounded like Craigslist was bullying someone but reading more into
the article it seems that they had a valid reason to take them to court. They
asked them to top multiple times, even resorting to blocking their IP block,
and they still crafted deceiving ways to work around it.

Although I feel Craigslist had a reasonable complaint, I do not like the
precedence that this could set for further cases. This could set the stage for
all kinds frivolous lawsuits.

~~~
nitid_name
I thought 3tap get around the IP block by scraping the google cache?

------
RyanMcGreal
And so the reach of the CFAA continues to creep outward, transforming more
minor violations into felonies.

------
asolove
"US court rules opening a door violates law" (... if you were ordered not to
come onto someone's private property)

------
burgreblast
"Craigslist: the company that made IP address masking illegal."

I hope Craig figures out how to unwind this. It would be a terrible legacy to
have your good fame traded for bad.

Who wants to be the big company that fought a startup so hard that it created
new internet restrictions for the rest of us? I wish they had just bought
3taps and added the functionality.

~~~
anigbrowl
Well, seeing as that's not what actually happened I think they don't need to
worry about it.

------
signed0
If this violates law, then surely ignoring robots.txt also violates the law.
In this case website owners should be able to sue Cyveillance (Comcast
outsourced copyright enforcement to them).
[http://en.wikipedia.org/wiki/Cyveillance](http://en.wikipedia.org/wiki/Cyveillance)

~~~
anigbrowl
You would want to first take the stop of notifying Cyveillance that you had
found they were ignoring your robots.txt and demanding that they stop doing
so, or else face legal action. After that, yes, go for it.

------
gnicholas
Great legal analysis on Volokh Conspiracy:
[http://www.volokh.com/2013/08/18/district-court-holds-
that-i...](http://www.volokh.com/2013/08/18/district-court-holds-that-
intentionally-circumventing-ip-address-block-is-unauthorized-access-under-the-
cfaa/)

------
gwu78
I hope we see more discussion of the 3Taps case. The Order denying 3Taps
Motion to Dismiss Craiglist's CFAA claims is an interesting read. Keep in mind
this is not the final disposition of the CFAA claims. This is an order on a
pre-trial motion. It just tells us the Court intends to consider those claims
along with the others _if_ the case proceeds to trial. (There is always the
possibility the case may not get there.)

The Court vociferously rips through 3Taps' arguments for dismissing the CFAA
claims.

Anyone who is net savvy who has ever encountered the CFAA has no doubt
pondered the problems in its vague, non-technical language and then in its (to
no one's surprise) capricious application. The 3Taps case stands to be yet
another example of the CFAA's flaws on parade.

Do the Courts see gross deficiencies in the CFAA's language and how this can
affect the CFAA's application? If yes, would they rather deal with them now or
just leave them for another day?

Consider what this Court says when faced with the question of what constitutes
"without authorization" under the CFAA. Note this is when the computer in
question is otherwise open to the public and lacks any access controls such as
password protection or approved originating IP addresses:

"To be sure, later cases may confront difficult questions concerning the
precise contours of an effective 'revocation' of authorization to access a
generally public website. This Court cannot and does not wade into that
thicket, except to say that under the facts here, which include the use of a
technological barrier to ban all access, 3Taps' deliberate decision to bypass
that barrier and continue accessing the website constituted access 'without
authorization' under the CFAA."

A "thicket" indeed. And we shall let it grow. I often see the word thicket
used to describe the problems with patents. And we all see how those problems
have played out so far.

Since access authorization and its revocation are apparently difficult
standards to pin down in the computer context, just for fun, if you'll join me
for a small thought experiment, I invite you to take a different angle and
look at the CFAA in a "new" light.

The second sentence of the Order defines the applicability of the CFAA in no
uncertain terms: "The CFAA imposes civil and criminal liability on 'whoever...
intentionally accesses a computer without authorization... and thereby
obtains... information from any protected computer. 18 USC S.1030(a)(2)(c)."

This is quite broad in scope. Anyone with an ounce of computer network savvy
can see that.

It's also very general in terms of who it protects. There's no mention of who
the presumed victim might be.

What if the protected party is an individual consumer? Might the CFAA protect
individual persons, and not just entities like governments and companies?

Let's assume the consumer has a computer. Let's further assume the computer
stores information. Sound plausible so far? Let's further assume the consumer
tries to protect the information on the computer. Still with me? OK, now let's
assume that information has value to some third party. I don't want to limit
the reaches of this thought experiment by giving examples (with which you
might find fault), but in the case you just cannot fathom a scenario where a
person wants to protect information stored on her computer: assume that some
companies want access to her email address book or web browsing history and
she would rather keep that information private. Finally, let's assume that the
consumer wants to revoke the authorization of certain of these third parties
to access the information, but the determined engineers employed by these
third parties opt to bypass the barriers that the consumer puts up and obtain
the information, perhaps by stealth.[1]

Hopefully, if I've done a decent job, you can see the CFAA could, at least in
theory, under this Court's very general statement of the law, be used by an
individual to protect her information stored on her computer from companies
who proceed to access it without her authorization, in addition to, as in the
3Taps case, protecting information of a company like Craigslist from
competitors who wish to access CL's information without CL's
authorization.[2][3] If not, pay no mind and resume your usual train of
thought. Who wants to bet this case gets settled out of court?

1\. You might ask how the consumer would go about revoking authorization. Does
she need to send cease and desist letters? Maybe. Maybe not. I'd argue
whatever she does it needs to be clear.

2\. CL's protected information is of course information submitted by
individual users. And see 3.

3\. The weakness of CL's case, from a copyright infringement perspective, is,
according to some commentators, that the information CL is seeking to protect
is not created by CL but by users, who may or may not have transferred
enforcement rights to CL. Here is another issue to consider: Did the drafters
of the CFAA care whether the complainant has any rights to the protected
information?

------
MarcScott
A prime example of when HN should allow titles to be editorialised.

------
themodelplumber
I'm just beginning to learn about scraping--how common is it for companies
(even those with junk APIs or none at all) to take these sorts of actions
against scrapers?

~~~
eli
Probably most don't care, but it really depends on what you're scraping and
who owns it.

If the data is central to someone's business (e.g. Ticketmaster, airlines, or
anything you had pay to access), I'd tread real carefully.

~~~
pbhjpbhj
In Europe there are database rights to consider too.

~~~
eli
Possibly in the US too. But that's almost beside the point: being sued kinda
sucks even if you prevail.

------
andyidsinga
hypothetically, lets say someone shares a link to a online newspaper article
with me. I click through and encounter a pay-wall. knowing how these things
often work, i simply google the title of the article, then go into the same
article via the search results, get in and have thus successfully avoided the
pay-wall.

have i run afoul of the law?

------
tomorgan
and that, kids, is why making APIs is so darn important!

------
beefxq
The end of freedom.

------
NN88
Is that...TOR?

------
justthetip
Mask is a poor choice of words.

It like saying you are banning me from taking a nissan sentra to your
business. If I come back in a toyota corolla I've broken your law.

What you really meant to say is that I am banned, not the car. Since you don't
know who I am, you can't ban me...only the car.

This law is stupid.

