Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Craigslist sent a legally valid cease & desist letter to 3taps, explicitly revoking their default-allowed access.

I can have a site on the public internet and ban certain people from visiting it, then enforce that in court if they do?

That seems... strange.



I view it much like a bar owner. The bar is default-open to any patron. But, if a patron gets drunk and makes a scene, they can be asked to leave. If that patron sneaks around back and climbs in through an open window, they are trespassing.

The actual legal details may be different, but that's how I see this case.


That's a bit naive: If that's the case, then you need to put a user/password. Having a website on the internet is like shouting on a public square: it's main function is to be accessible world-wide (or internet-wide).

So if you "shout" on a public square (blog, post, etc.) you can't tell which group of people can and can not hear what you say.

The bar example would be fit for websites that raise paywalls, or some sort of access control.

That's idiotic, it's just another case where the judge is 20 years behind current affairs, he is judging something he clearly doesn't understand.


Having a website is not at all like 'shouting on a public square' and is exactly like having a bar open to the public.

Craigslist told a patron they couldn't come in any more. The patron put on a fake mustache and tried to come in the back door.

Would you support someone scraping a blog to repost it elsewhere? Do you support crawlers that don't respect robots.txt? I don't see a problem with Craigslist saying 'No, you can't scrape our users content to post on your website'.

The exact details of which laws and how the court case went may not be correct, but at a theoretical level the website as open-to-public bar/store/etc is a perfectly valid analogy.


Of course I don't support a crawler who steals content, it's immoral and should be punished by law and community. But the way they approached this in court, is overly dangerous and sets a precedent (for the anglosaxon law system) which could be very dangerous. It's way to broad.

An open bar to the public? At a bar you have a degree of physical contact which conveys info you can not have via internet, that's why the 'square' example fits better (imho). But example apart, I'm with you on this: the court case sets a dangerous precedent.


So you're saying google could send a cease and desist to all microsoft employees and keep them off of google.com?

Isn't the ruling considering automated scraping in some way different from normal browsing?


Yes, Google could in fact do that. It would be impossible to actually enforce, but they could absolutely do it.

They don't have any reason to, so they don't, but they could.


And what makes it hilarious is that the fake moustache is seemingly illegal.


Wrong, wrong, wrong. It's the coming in after being told not to that's illegal. The fake moustache is just an instrumentality.


That's where I get hesitant; I'm on Craigslist's side and fully agree with the bar analogy, but this legal precedent could easily get misused.

Fake mustaches for everyone!


> this legal precedent could easily get misused

It's actually pretty narrow. If you have received sufficient notice that you are no longer allowed to access a resource (in this case, the cease and desist letter), then you can't use technical measures to mask who you are and try to access the resource.


What you said is unrelated to the mustache, and really should be rephrased to this:

> It's actually pretty narrow. If you have received sufficient notice that you are no longer allowed to access a resource, then you can't access the resource.


> Having a website is not at all like 'shouting on a public square' and is exactly like having a bar open to the public.

It's hilarious that you would claim that one strained meatspace analogy is completely wrong, and your other strained meatspace analogy is completely right.

This is why laws in one context should not be mapped by analogy over to another context; they should be derived from the fundamental moral principle that the original law codified.


Not that hilarious really. You can have a web site and prevent certain people from entering. You can have a bar and prevent certain people from entering. You can not shout on a public square and prevent certain people from listening.


You can have a cardboard box and prevent people from entering. Therefore a website is like a cardboard box. You can have a moon colony and prevent people from entering. Thus a website is like a moon colony.


Sure... in terms of whether you can control access to it... which is what we're talking about. As opposed to trying to control access to what you are shouting on a public square.


That's idiotic, it's just another case where the judge is 20 years behind current affairs, he is judging something he clearly doesn't understand.

I'm so tired of hearing this from hackers who have never taken a law class or picked up a book. Many hackers are abysmally ignorant of the law, and not all that good at critical thinking either. Some of those won't even listen to an explanation of how it does work, but double down on their ignorance and throw a tantrum instead.


Don't mistake disagreement for ignorance.


That seems perfectly in line with existing property rights.

If I have a house and certain people are visiting it against my will, then I have legal recourse to prevent them from doing so.

That it's digital doesn't really change the fact that, at the least, what 3taps was doing maps to trespassing. (Theft, at the worst, but I'm wary of invoking the 'copying isn't theft' mantra).


A request was made for a resource on a server, and that server fulfilled the request. There was no access "against the will" of the server. If the owner of the server configured the server incorrectly, I don't see why the client should be legally liable.


A cease and desist order from the company that owns the server pretty effectively illustrates that it is indeed "against the will" of the server's owners. I'll wholly concede that the server itself doesn't have a will of its own, but otherwise, server configuration is not of any legal concern.

It's worth noting that this is different than just misconfiguration hacks, where somebody gains access to something completely private because the server allowed it. I agree that in those circumstances, no culpability should be found on the part of the 'hacker'. However, in this case, Amazon said "Hey you. What you're doing? Stop it."

Moreover, they did so with a letter written by their attorneys. Not legally binding, sure, but at the same time, a pretty clear illustration that the access wasn't wanted.


If you have a house, then it's your responsibility to have doors with locks and windows which are closed.

You cannot have a house in a public space accessible worldwide, without doors or windows, and then randomly get to decide who can and can't visit, and have it enforced by courts.


"If you have a house, then it's your responsibility to have doors with locks and windows which are closed."

Legally, it isn't.

"You cannot have a house in a public space accessible worldwide, without doors or windows, and then randomly get to decide who can and can't visit, and have it enforced by courts. "

Completely and totally false. Trespass to land, in fact, doesn't even require that you intend to trespass, only that you voluntarily traveled to the location. You do not need to know it's someone else's property or that you are trespassing to be liable.

Getting injunctive relief is more difficult for other reasons, but you would at least get nominal damages.

I think you will find trespass to land doctrines are not in your favor in this argument. You may want to try to argue it isn't like land at all :)


If you have property, and the house is on that property, then yes, you can. If I build my house in the public commons, on property that I do not own or lease, then I haven't any property rights as a homefront, and the relationship is more akin to one of a storefront than a home.

If we're extrapolating from commercial property rights, then again, stores and merchants have the right to refuse entry to persons they choose as well, even though those buildings are in common areas, and their doors are commonly unlocked to allow free entry to all.

Further, it is not incumbent upon you to have doors, windows and locks to prevent entry from your property, as the property needn't be a house at all, but could simply be land. I have the right to expel trespassers from land I own, whether or not any dwellings or structures exist upon such property.

Even if you're assertion is just that I should have doors and locks to prevent them entering just my home, that is again a false claim. Whether or not my property is secure might be a matter of insurance liability, but does not obviate me from the expectation that others will respect my property rights. Even if I have no doors, windows, locks, or even walls, I have the right to expel others from my property.


No. Even if I leave my door wide open and piles of glittering jewels on the floor, that doesn't give you the right to walk in and help yourself. Likewise, if I walk down the street in a fancy suit, you don't have the right to mug me, and I don't have the obligation to arm myself against your attacks. It might be prudent to do so, but there's no obligation. In this case, Craigslist's C&D letter gave 3taps abundant warning of what not to do, and what consequences might ensue.

We had this discussion here on HN some days back when the ruling came down. Just because something is possible doesn't give you the right to do it.


Haha so if you forget to lock your doors I get to just take all your shit because it was your responsibility to lock them up and I gotcha? No


You can have and enforce a terms-of-service agreement for users without strongly and strictly identifying every user at every moment. You can enforce copyright on a dataset from a database through the courts. You do not have to allow every use just because you have allowed a certain use. These things should not be surprising.

EDIT: I googled it because I could smell the wrong in my statement, it's not called copyright it's called "database right" because a compilation of facts is not a creative work. Still the right is real regardless of the distinction.

EDIT2: CraigsList is a US company and apparently if you read deeper into the WikiPedia article, US copyrights do not respect databases and so it's not a real thing. Sorry for muddying the waters, but it doesn't change that service providers can have terms of service irrespective of how strongly they work to identify and segregate their users.


You can have a house or a business on a public street and ban certain people from visiting it as well. Why does it seem strange that the same law applies online?


I have always considered websites to be comparable to public shops. Any "client" can enter and profit from a "[web] service" given by a "server", so it seems much more fitting than a private house or office, which would be comparable to the backend, itself off limits in most cases.

And in most cases, in the areas I've lived in, you have no right to refuse service to "certain people". So, yes, this seems just as bad as a baker who would refuse a certain subset of people from even entering his shop.


Just about any store in the USA can ban customers for non-discriminatory reasons. For example, if you go to a restaurant, start swearing at the servers, throwing your food, and misbehaving, you'll quickly find yourself banned from the location.

I think it varies by state, but as long as the banning isn't because you're part of a protected class[1], a private establishment can refuse service for any reason it sees fit, including none at all.

[1]http://en.wikipedia.org/wiki/Protected_class


Ah, yes, that's what I meant by most cases. If you establish rules that do not discard a class of the population, then it's very much acceptable to reject those who infringe them, in my opinion.

In any case, I was just correcting your analogy, not your premise.


Right, and banning a customer from a store is equivalent to a computer denying a request from a remote client. But in this case, the computer didn't deny the request.


No, banning a customer is almost exactly equivalent to sending the sort of C&D letter that Craigslist sent. I'm banned from Walmart for life, and was asked to sign a trespass warning explaining that if I'm found on Walmart property, I'll be charged with trespassing. That's Walmart's right.

Just because the door is open doesn't mean that everyone is welcome to go through it. The same holds true for websites just as it holds true for grocery stores.


In the U.S. you do have the right to arbitrarily refuse service, except on the basis of certain specific classifications: race, religion, ethnicity, etc. Nothing keeps me from closing my shop to people named Joe, people below 5'8", people who like Battlestar Galactica, etc.

The way that works is that someone entering a public shop has implied license to be on the property. But that implied license can be explicitly revoked to exclude specific people.


Because to access any computer resource remotely, you just send a request to the computer, and the computer either replies with the requested data, or it refuses. If someone requests to enter your house, and you allow it, then you shouldn't be able to have the government punish that person.


Because anyone with half a clue knows that anything you put on the Internet isn't safe. Law bound or otherwise, lol


Why don't you try scraping book reviews from Amazon onto your own website and see what happens?


You're conflating violating copyright with committing a crime under the CFAA.

Then again, the Obama administration wants to make it a felony to stream compyrighted material, so maybe the conflation isn't so outrageous after all.


Is it about visiting and scraping the site, or what they do with the content they scrape?


Both. CL wanted them to stop scraping their site because they were republishing content without CL's explicit permission.


What if they weren't republishing the data? I believe it's against TOS to scrape at all.

Presume they were scraping the data to /dev/null, would that still be an issue?

Further, aren't some things INTENDED to be scraped? Like their RSS feeds?


I believe all of that is against the law after they were specifically told not to via a C&D.


Just like you can have a store on the public street but ban certain people from visiting it, yes.


It seems...normal. Same way you can have a store on the public street and ban certain people from visiting it, then enforce that in court if they do.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: