Accessing A Public Website Is Not A Crime, And Craigslist Should Back Away From Its Lawsuit Claiming Such
from the bad-legacy dept
We’ve written a few times about Craigslist’s unfortunate and misguided lawsuit against 3taps and Padmapper, companies which aggregated Craigslist data, allowing others to build useful services on top of Craigslist, driving additional traffic and usage back to Craigslist. It’s upsetting on the basic level that Craigslist is attacking companies that make its data more useful, and it’s doubly upsetting given that Craigslist itself is generally such a big supporter of basic internet freedoms and good policy online. To see it so aggressively attack some other innovators — with very broad and dangerous interpretations of both copyright law and the Computer Fraud and Abuse Act (CFAA) is immensely troubling. Perhaps more troubling is that the district court initially bought some of Craigslist’s expansive arguments on both fronts (while pushing back on the most extreme arguments). Still, the ruling was dangerous on many levels, and now the EFF (which often works with Craigslist on things) has filed an amicus brief arguing against this dangerous interpretation.
Specifically, the EFF is (quite reasonably) concerned about the court’s ruling that said because Craigslist sent a cease and desist letter to 3taps, and 3taps changed its IP address and continued visiting Craigslist’s site, that it had violated the CFAA — even though the website was freely available to the public.
The CFAA does not and should not impose liability on anyone who accesses information publicly available on the Internet. Because the CFAA and Penal Code § 502 imposes both civil and criminal liability, it must be interpreted narrowly. That means information on a publicly accessible website can be accessed by anyone on the Internet without running afoul of criminal computer hacking laws. In the absence of access, as opposed to use, restrictions, Craigslist cannot use these anti-hacking laws to complain when the information it voluntarily broadcasts to the world is accessed, even if it is upset about a competing or complementary business.
EFF points out, both in its blog post and in its filing, how much Craigslist itself benefits from an open internet, and why it’s not good that it’s now fighting against that very principle.
But benefits to this openness remain and Craigslist itself is a notable example of these benefits. Craigslist provides a popular and wide reaching classified advertising service, allowing people to post mostly free classified ads that can be seen by anyone anywhere in the world without charge. Craigslist claims that 60 million people use Craigslist in the United States each month, that 100 million classified ads are posted each month and that the site receives 50 billion page views per month. It receives 2 million new job postings a month, supports advertisements posted in 13 different languages and has more than 700 local sites in 70 countries. It is one of the 25 most visited websites in the United States.
Craigslist’s enormous success is a result of its openness: anyone anywhere can access any of its websites and obtain information about apartments for rent, new jobs or cars for sale. Its openness means that Craigslist is the go to place on the web for classified ads; it users post on Craigslist because they know their ads will reach the largest audience.
But what Craigslist is trying to do here is to use the CFAA’s provisions to enforce the unilateral determinations it has made concerning access to its website, an Internet site that it has already chosen to open up to the general public, attempting to turn a law against computer hacking into a new tool. But prohibiting access to an otherwise publicly available website is not the type of harm that Congress intended to be proscribed in the CFAA, and nowhere in the legislative history is there any suggestion that the CFAA was drafted to grant website owners such unbridled discretion.
Hopefully the court recognizes the troubles of its earlier ruling, and Craigslist also recognizes the folly of this approach.
Filed Under: access, cfaa
Companies: 3taps, craigslist, eff, padmapper
Comments on “Accessing A Public Website Is Not A Crime, And Craigslist Should Back Away From Its Lawsuit Claiming Such”
I just love when the EFF/ACLU stand firmly in their positions despite the fact that it may lead them to go against usual partners (this case) or even support extremist groups such as the ACLU supporting KKK in their First Amendment rights.
This kind of attitude show lack of bias. This builds trust. This drives my money to their pockets.
Reason for CL behavior -- Their TOS is very closed
This is specific to posting, but shows the CL mindset:
It is expressly prohibited to post content to craigslist using any automated means. Users must post all content personally and manually through all steps of the posting process. It is also expressly prohibited for any user to develop, offer, market, sell, distribute or provide an automated means to perform any step of the posting process (in whole or in part). Any user who develops, offers, markets, sells, distributes or provides an automated means to perform any step of the posting process (in whole or in part) shall be responsible and liable to CL for each instance of access to craigslist (by any user or other third party) using that automated means.
Re: Reason for CL behavior -- Their TOS is very closed
It’s hard to see how this is enforceable. Even if it is, there’s an obvious time-honored workaround in the software industry: the chinese firewall. Have a user merely describe exactly what what steps are required to perform the various functions, and have a non-user write the software that implements those steps.
Re: Re: Reason for CL behavior -- Their TOS is very closed
it was hard to see how Amex’s TOS were enforceable, and yet they just were upheld on appeal…
NOW, ALL stupid fucking EULA’s, TOS’s, etc are going to be sitting pretty with this ruling…
in other words: SNAFU, we are screwed, the korporadoes are king…
good luck with that revolution, digital serfs…
art guerrilla
aka ann archy
eof
Commercial use versus public users.
A major distinction between the entities that Craigslist offers its data to. It’s unfair competition for another business to use Craigslist data. It’s not public like facts of the score in a baseball game, it’s generated by Craiglist, as is the underlying draw of the managed biz.
Not that I’m for Craigslist. Nor is that apparently their argument: I’d guess because anti-trust has been morbid since the 80’s.
Still, the principles are clear: 3taps and Padmapper don’t pay for the value they get, nor visibly return any, only GRIFT off Craigslist. — If your business relies on someone else to do the work, then it’s a GRIFTING BUSINESS MODEL.
It’s clear that Mike worries about the ignore “sunk (or fixed) costs” business model of his grifter pals being found illegal.
Since Craigslist has tried repeatedly to dissuade such use and 3taps and Padmapper are informed that they’re not authorized, then it’s definitely a valid case.
If I were the judge, though, I’d strongly imply that the parties should settle out of court with some nominal fee to Craigslist.
Take a loopy tour of Techdirt.com! You always end up same place!
http://techdirt.com/
Every “new business model” here requires first getting valuable products — especially money and labor — for free.
04:07:20[f-50-2]
Re: Commercial use versus public users.
Craigslist’s entire business model is based on users posting things on Craigslist; in other words, Craigslist sits back and relies on its users to do the work. By that logic, Craigslist is “Grifting” as much as 3taps and Padmapper, perhaps more.
Re: Re: Commercial use versus public users.
Google?
Re: Commercial use versus public users.
“It’s not public like facts of the score in a baseball game, it’s generated by Craiglist”
Yes, it’s not facts – it’s content provided by people other than Craigslist (their users). The list is generated by an algorithm, but the data contained within that list is not created by them.
“If your business relies on someone else to do the work, then it’s a GRIFTING BUSINESS MODEL.”
It’s worth repeating that Craigslist do exactly this, unless you’re going to try and claim that the software and platform are “the work”. In which case you’re agreeing that the 3rd parties in this case are already doing their own work, and thus your argument is inapplicable.
It’s not often you see people destroy their own arguments in the process of making them, but this is you…
Re: Re: Commercial use versus public users.
It’s not generated by Craigslist, it’s generated by the people who post ads on Craigslist.
Re: Commercial use versus public users.
So driving traffic to craigslist isn’t visibly returning value?
Cathy,
have you EVER heard of “The Phone Book?”
This also take information available elsewhere and makes it publicly available. Is this grifting?
When sending traffic to a service IS the MO and end game of a service, it’s DEMONSTRABLY not grifting.
I presume you feel the same way about those city maps for tourists. They use company logos, don’t they?
Histrionic response in 3…2…1…
Accessible == redistributable?
I’m not sure I agree that just because something is publicly available on the internet that anyone else can copy and post that information on their own site, particularly for commercial gain. What if instead of ads these were pictures or videos? Would it still be ok in your mind, Mike, for some other site to scrape that content and publish it themselves, even if with attribution?
I’m not a fan of litigation over these sorts of things in general but I can’t help but see CL’s point here.
Re: Accessible == redistributable?
Using Padmapper as an example, how it works is that users search for apartment rentals, Padmapper gets data from various sites, and then gives users links to those sites. It drives more traffic to those sites by making their data more easily searchable, in essence making those sites more valuable. It’s the exact same as a site like Expedia or Travelocity aggregating flight lists so users can compare prices. Craigslist gains, Padmapper gains, the user gains. Craigslist is not harmed.
Re: Accessible == redistributable?
I’m not sure I agree that just because something is publicly available on the internet that anyone else can copy and post that information on their own site, particularly for commercial gain.
That’s not the argument that anyone in this case has made.
Would it still be ok in your mind, Mike, for some other site to scrape that content and publish it themselves, even if with attribution?
Again, that’s unrelated to the question of whether this is a CFAA violation.
I don’t know if those sites’ use of Craigslist run afoul of the Terms of Service agreement, but most mundane violations are not hacks. If accessing a service that’s open to the pubic is “hacking”, then accessing a store that’s open to the public is “trespassing”.
To put this into a real world context, stores usually have policies that dictate what is or isn’t appropriate conduct for their patrons. These include the typical “no shirt, no shoes, no service” policy, or being overly loud or rude to other customers. Even though none of them are inherently illegal, they can get you escorted out by store security all the same. The store can even refuse service to repeat offenders. These are the sorts of things that are akin most the typical website TOS violations.
However, getting into things that private to an individual or to the company is what crosses the line. Things like digging through a customer’s unattended bag or picking the lock on the managers office can get you arrested. Similarly, hacking involves unauthorized access to information or services that are private to an individual or to the company. Things like bypassing an authentication system to access individual email accounts or gaining access to a website’s internal database.
I am confused. When I accessed Craigs List I did not agree to their TOS. How am I bound by the TOS>
Craigslist should have used Trespass to Chattels
This isn’t a hacking case. They keep it open, there are consequences for having the data open. Sending a cease and desist shouldn’t result in CFAA or Copyright liability (criminal or otherwise).
It might be a trespass case, however, if 3tap’s and Padmapper’s use causes unreasonable loads on Craigslists servers.
Courts should do more to require plaintiffs to file the correct type of lawsuit with the correct type of remedy.
"Drive more traffic to site"
Before I make my point I want to say that I personally feel CraigsList is somewhat short sighted of its own potential and usefulness to the public.
That said, the argument that driving more viewers to a website through aggregation has a “hole” in it. The opinion fails to consider that the website may have specific interests in how its site is viewed. There may be analytics valuable to the site that are tainted or completely ruined by allowing third party methods for finding the data. My analogy is supermarket or “big-box” store marketing. All of the offerings in a store are rarely laid out in logical fashion, items grouped together with similar items. There is a degree of randomness, and pairing of complimentary items. This forces the shopper to spend a little more time seeking things out with the hope that they will find more to buy, things they may have forgotten or better yet impulse purchases. Certainly this is for the vendor’s benefit not the consumer’s.
And certainly this is a possible explanation for any site’s motivation to dis-allow third party “helpers” when they seem to have no interest in providing similar services them selves.
Re: "Drive more traffic to site"
I don’t think that’s a “hole” in the argument at all. If someone has visited the site as a result of using the app, the app has driven traffic to the site.
If CL (for instance) really objects to people bypassing all the clicks needed to get to a particular listing, it would be trivial for them to prevent that from working. Resorting to lawsuits is totally unnecessary.
Re: "Drive more traffic to site"
My analogy is supermarket or “big-box” store marketing. All of the offerings in a store are rarely laid out in logical fashion, items grouped together with similar items.
And it would not be illegal to make an app that lets someone input their shopping list and then give them directions around the store to get everything in the quickest manner possible.
Publicly Available !!??
The CFAA does not and should not impose liability on anyone who accesses information publicly available on the Internet. Because the CFAA and Penal Code ? 502 imposes both civil and criminal liability, it must be interpreted narrowly. That means information on a publicly accessible website can be accessed by anyone on the Internet without running afoul of criminal computer hacking laws. In the absence of access, as opposed to use, restrictions, Craigslist cannot use these anti-hacking laws to complain when the information it voluntarily broadcasts to the world is accessed, even if it is upset about a competing or complementary business.
[emphasis added]
What about the recent case where someone got jail time by simply changing the querystring in the URL to find other users’ information???!!!
https://www.techdirt.com/articles/20101008/04054011333/is-passing-query-string-data-in-referral-urls-a-privacy-violation.shtml
http://www.techdirt.com/articles/20111015/20563516374/company-thanks-guy-who-alerted-them-to-big-security-flaw-sending-cops-bill.shtml
Are there any alternatives to CL?
Well, obviously a CFAA charge won’t stick since hardly anyone has been convicted under it. However re-publishing (not simply accessing or copying) copyrighted data from a public website is clearly copyright infringement.
Re: Re:
However re-publishing (not simply accessing or copying) copyrighted data from a public website is clearly copyright infringement.
If that’s what they’re doing, which I understand they’re not. And if classifieds are subject to strong copyright protection. And if CL, rather than the users, owns the copyright on them.