The Weekly Breach Breakdown Podcast by ITRC - Scraping By - S3E31

Show Transcript

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for November 10, 2022. Each week, we look at the most recent events and trends related to data security and privacy. This week, we look at a very important court decision that has been more than five years in the making that could have a profound impact on the collection and use of personal information. We’re calling this episode “Scraping By” for reasons that will become obvious in just a second. Hint: it has to do with data scraping.

Long-time followers of the Weekly Breach Breakdown know that one of the pieces of advice the ITRC routinely offers is don’t overshare information on social media. That’s because your information may be packaged and re-sold by social media platforms. However, it is also for another reason: once you post your information, it may be scraped – legally – if it’s posted on a public website.

What is Scraping?

Scraping is when legitimate businesses and cybercriminals use software to collect the information posted on a website, aggregate it, and then sell or share it. Collecting that information – that you have willingly and knowingly posted for the world to see – is known as data scraping.

Data Analytics Company HiQ Begins Scraping Information

Ten years ago, a data analytics company, HiQ, started using automated bots to scrape information from websites. Sometime before 2016, HiQ began to scrape information that LinkedIn users included on their public profiles, including names, job titles, work history and skills. HiQ used that information, along with a proprietary algorithm, to generate "people analytics," which it sold to business clients.

LinkedIn Sends Cease & Desist Letter

LinkedIn, soon enough, figured out the information its users posted on the platform had value. That’s when the trouble started. In 2017, LinkedIn sent HiQ a cease and desist letter, quoting the terms and conditions for using the platform, which specifically prohibited data scraping from the site. LinkedIn also noted that it had implemented technical barriers to prevent data scraping from the site. 

HiQ’s basic answer was “pound sand,” followed by a lawsuit that made it to the U.S. Supreme Court and multiple trips to the Ninth Circuit Court of Appeals and the district trial court in Northern California. 

Court Rules HiQ’s Actions Violated LinkedIn’s Terms & Conditions

HiQ won most of those appeals as courts determined the HiQ data scraping did not violate federal and state computer crime statutes. However, this week, the original trial court ruled the HiQ data scraping did violate LinkedIn’s terms and conditions. The court further ruled the violation of the T’s & C’s could be enforced as a breach of contract.

What the Court Ruling Means

Businesses that want to protect their data from being scraped need to ensure their terms and conditions for use are up-to-date to prohibit scraping. The important part is that they must actively seek to enforce the prohibition. The trial court’s order makes it clear that LinkedIn’s actions to enforce the user agreement allowed them to claim HiQ’s actions were a breach of contract that could lead to remedies.

The bottom line is if your business knows of a violation of your terms and conditions, and you want them to be enforceable, talk to your counsel and ask them to act. 

Tell Our Veterans Thank You This Veterans Day!

A point of personal privilege here at the end of this week’s podcast. Friday, November 11, is Veterans Day. Be sure to tell any Veteran you know or meet tomorrow and every day thanks for keeping us safe and free. Thank your family members, too, for their service. Many ITRC staff members have loved ones who have served or are currently serving. We want to thank all who have served or currently serve. 

Contact the ITRC

If you want to learn how to protect your personal or business information or think you have been the victim of an identity crime, visit our website www.idtheftcenter.org. You can also speak with an expert advisor on the phone (888.400.5530), chat live on the web, or exchange emails during our normal business hours (Monday-Friday, 6 a.m.-5 p.m. PST). 

Be sure to listen to our sister podcast, the Fraudian Slip. On our final episode of the year on December 9, we will discuss our predictions for 2023. We will return next week with another episode of the Weekly Breach Breakdown.