Craigslist can use anti-hacking law to stop firm from scraping its data, court rules

Craigslist has won another victory in a closely-watch court fight over who can use the treasure trove of public data found on the classified ad giant’s website.

In a ruling handed down last week in San Francisco, a federal judge said that Craigslist can invoke a controversial anti-hacking law to stop a start-up known as 3Taps from gaining access to its website.

3Taps had argued that the law in question, known as the Computer Fraud and Abuse Act (CFAA), should only apply to non-public information protected by passwords or firewalls — not free, public data found on sites like Craigslist. US District Judge Charles Breyer disagreed with this view, ruling that 3Taps had accessed Craigslist’s website “without authorization” under the plain meaning of the CFAA.

While Craigslist is a public website, the company blocked 3Taps from accessing the site and also issued a cease-and-desist letter in order to stop the start-up from collecting its classified data and making it available to others.

After Craigslist blocked it, 3Taps turned to so-called “IP rotation technology” (tools that disguised its identity) to continue to visit the site and scrape data. The judge ruled that this IP-masking was enough to violate the anti-hacking statute, dismissing concerns that this ruling would criminalize ordinary internet use:

The calculus is different where a user is altogether banned from accessing a website. The banned user has to follow only one, clear rule: do not access the website […]

Nor does prohibiting people from accessing websites they have been banned from threaten to criminalize large swaths of ordinary behavior. It is uncommon to navigate
contemporary life without purportedly agreeing to some cryptic private use policy governing an employer’s computers or governing access to a computer connected to the internet. In
contrast, the average person does not use “anonymous proxies” to bypass an IP block set up to enforce a banning communicated via personally-addressed cease-and-desist letter.

The decision is already causing a stir in the legal and technology community, where scholars like Orin Kerr have argued that masking IP addresses is a common tactic that does not amount to “circumventing a technological barrier” under the CFAA.

The decision is also likely to fuel debate over Craigslist’s aggressive legal tactics against other companies that use it data to create more user-friendly websites. Critics argue thatCraigslist has become an ugly, out-dated monopoly and resent its efforts to crush sites like PadMapper, a real estate site that uses Craigslist data to plot rental listings on a map.

Judge Breyer’s ruling on the CFAA is only a preliminary one, and part of a more complicated, ongoing case that also turns on copyright and antitrust laws. Here’s last week’s CFAA ruling:

Craigslist Ruling on CFAA

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

  • Flash analysis: Collaborative consumption – a first look at the new web-sharing economy
  • Connected consumer first-quarter 2013: Analysis and outlook
  • Social media in Q1: commerce and discovery dominated


GigaOM