Page 230 - A Study on the Role of UGC Platforms in Copyright Law:An Intermediary-oriented Approach
P. 230
A Study on the Role of UGC Platforms in Copyright Law: Chapter 7 Platform Users’ Entitlement to UGCs: Human Use and Web Scraping
An Intermediary-oriented Approach
“giving the user greater privileges” when “computer code” has been used “to create a barrier
133
designed to block the user from exceeding his privileges on the network”’. The password
authentication system is the most common type of code-based authorisation.
This thesis endorses the code-based authorisation approach. First, it is consistent with the
original purpose of the CFAA. The CFAA was designed to prevent computer hacking, such
as cookie poisoning, hidden field manipulation, parameter tampering, cross-site scripting
134
and backdoor exploiting. Such hacking cannot be done unless the hacker has spent much
time and effort and has the skills to crack the authentication security system. Only code-
based authorisation incurs a high enough cost of decryption to meet the hacking standard,
whereas softer technological measures such as IP address blocks and CAPTCHA do not. For
example, an ordinary user can sidestep IP address blockers by using a different computer in a
different place, wielding privacy protecting tools such as VPNs, or merely turning a modem
135
on and off. In addition, CAPTCHA cannot effectively hinder robots because many popular
web browsers have provided a variety of free and automated anti-CAPTCHA tools. 136
Second, CFAA at its core is a trespass law whose scope is determined by the shared
social norm ‘that tell[s] us, at an intuitive level, when entry to property is forbidden and
137
when it is permitted’. As open access is a fundamental principle underpinning the origin
138
and development of the Internet, accessing another platform’s database is presumably
lawful unless the platform being accessed explicitly indicates otherwise. If a platform wishes
to restrict access, it should impose code-based authorisation because only this technological
measure is robust enough to act as a fence that ‘divides open spaces from closed spaces
139
on the Web’ and provides a sufficient alarm for putative accessers. Softer technological
measures such as IP address blocks and CAPTCHA, which do not involve much cost to
circumvent, are akin to a ‘no trespassing’ sign that can provide little, if any, deterrence
against unauthorised access. As Jamie William observed, attaching easily circumvented
140
technological measures to a publicly available UGC platform is like ‘publishing a newspaper
but then forbidding someone to read it’. It is insufficient to establish notice that would hinder
141
access.
133 Orin S. Krerr, ‘Norms of Computer Trespass’ (2016) 116 Columbia Law Review 1143, 1164
134 IBM, ‘The Dirty Dozen: Preventing Common Application-Level Hack Attacks’ (Online Security Management White Paper,
December 2007) 2-4 <ftp://ftp.software.ibm.com/software/rational/web/.../r_wp_dirtydozen.pdf> accessed 19 May 2019.
135 Williams, ‘‘Automation Is Not “Hacking”’ (n 118) 442.
136 There are at least 3 extensions that can work on Firefox, Chrome, Internet Explorer and Safari web browsers to automatically
bypass CAPTCHA. Raymond, ‘3 Extensions to Auto Solve and Bypass CAPTCHA in Web Browsers’ (Raymond, 2017)
<https://www.raymond.cc/blog/bypass-captcha-firefox-auto-solving-captcha-monster/> accessed 18 May 2019.
137 hiQ Labs, Inc. v. LinkedIn Corp., 273 F. Supp.3d 1099, 1111 (N.D. Cal. 2017).
138 Krerr (n 133) 1171.
139 hiQ Labs, Inc. v. LinkedIn Corp., 273 F. Supp.3d 1099, 1112 (N.D. Cal. 2017).
140 Splichal (n 122) 1856.
141 Williams, ‘Automation Is Not “Hacking”’ (n 118) 443.
• 216 •
