Companies use a variety of causes of actions to protect their websites from competitors or others wanting to “scrape” data from their site using automated tools. Over the years, legal doctrines such as copyright infringement, misappropriation, unjust enrichment, breach of contract, and trespass to chattels have all been asserted, though many of them have limited applicability or are otherwise imperfect options for site owners. One of the most commonly used tools to protect against scraping has been a federal statute: the Computer Fraud and Abuse Act (CFAA). The CFAA is a cybersecurity law passed in 1986 as an amendment to the Comprehensive Crime Control Act of 1894. Originally drafted to address more traditional computer “hacking,” the CFAA prohibits intentional access to a computer without authorization, or in excess of authorization. Due to both the criminal and civil liability that it imposes, the CFAA has been an effective tool to discourage scraping, with website operators arguing that by simply stating on the site that automated scraping is prohibited, any such activity is unauthorized and gives rise to CFAA liability. An ongoing case between data analytics company hiQ Labs Inc. and LinkedIn questions the extent to which companies may invoke the CFAA as it pertains to scraping of this type of data.
In the last decade, social media platforms have embedded themselves in the human resources function in companies worldwide. Companies like LinkedIn and Indeed have built empires based on clever deployment of social media to assist in the hiring and networking processes, even as human resource professionals use social media for more than finding the next great executive or software engineer to propel the business forward. Social media plays a key role in hiring, firing and all aspects of employee management and relations. Various studies and surveys have shown that up to 80% of all companies make some use of social media platforms in human resource decisions.
Since my last post on the subject (“LinkedIn Grapples with the Ripples of a 2012 Data Breach”), there have been several developments related to LinkedIn’s 2012 data breach. First, in May, LinkedIn announced it has finished the process of invalidating passwords at risk, specifically LinkedIn accounts that had not reset their passwords since the 2012 breach:
Last week on the official LinkedIn blog, the company’s chief information security officer, Cory Scott, reported the company had become aware of an additional set of data that has just been released consisting of e-mail and hashed password combinations of more than 100 million LinkedIn members. This recent release is related to a 2012 unauthorized access and disclosure of LinkedIn members’ passwords:
Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012. We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach. –Linkedin Official Blog, May 18, 2016
Do you consider yourself famous? If the answer is no, then you have likely never been concerned with the invasion of your right of publicity. The right of publicity is the right of a person in his or her identity—name or likeness or any other indicia of identity. This right protects persons from the taking of an identity for commercial gain without proper remuneration. For example, a cereal manufacturer could not place a picture of a celebrity on the cereal box without consent by that celebrity (and a license to use the picture, if protected by copyright law). Using such a picture would necessarily create a false association between the product—the cereal—and the celebrity. Because the celebrity has value in his or her likeness, the right of publicity allows the celebrity to protect that identity (and not have it be devalued or taken advantage of by others for commercial gain).