Page 231 - A Study on the Role of UGC Platforms in Copyright Law:An Intermediary-oriented Approach
P. 231
A Study on the Role of UGC Platforms in Copyright Law: Chapter 7 Platform Users’ Entitlement to UGCs: Human Use and Web Scraping
An Intermediary-oriented Approach
Nevertheless, the above suggestions merely apply to the technological measures
implemented by UGC platforms and do not apply to the technological measures copyright
owners attach to their works. The copyright rules for the technological measures used by
copyright owners are discussed in Chapter 4.
(2) Unauthorised access v. unauthorised use
Fierce debates have arisen over the distinction between unauthorised use and
unauthorised access because only unauthorised access can establish liability under the
CFAA. Following the previous analysis, all access to the Internet is presumably lawful
unless the UGC platform formulates a code-based authorisation. Violations of code-based
authorisation belong to the category of unauthorised access because it imposes the same
restriction on both human browsers and web scrapers. Violation of any restriction other than
code-based authorisation constitutes unauthorised use regardless of what the restriction is
142
called.
This categorisation grew out of the notion that access restriction must serve as a
gatekeeper for all access. After all, a locked back door cannot be regarded as an effective
access control if the front door is open. If a restriction limits a web scraper’s access but
143
allows human users’ access, it cannot be treated as a restriction on access. As the court held
in the hiQ decision, ‘where an individual employs an automated programme that bypasses
a CAPTCHA—a programme designed to allow humans but to block “bots” from accessing
144
a site—he has still not entered the website “without authorisation”’. This opinion was
adopted in the more recent case of Sandvig v. Sessions, in which the court clarified that ‘it
does not constitute an access violation when the human who creates the bot is otherwise
allowed to read and interact with that site’. Rather than being categorised as an access
145
146
control, IP address blocks have been categorised as ‘speed bumps’. CAPTCHA has been
construed as ‘a way to slow a user's access rather than as a way to deny authorisation to
access’. ToUs/ToSs have also been interpreted as use restrictions, although they have
147
frequently been ‘framed in terms of access’. 148
(3) Revocation of access authorisation
A third question relates to the revocation of access authorisation. Websites have the
142 Wentworth-Douglass Hosp. v. Young & Novis Prof’l Ass’n, No. 10–CV–120–SM, 2012 WL 2522963, at *4 (D.N.H. June
29, 2012) (‘[T]he [plaintiff’s] policy prohibiting employees from accessing company data for the purpose of copying it to an
external storage device is not an “access” restriction; it is a limitation on the use to which an employee may put data that he
or she is otherwise authorized to access’.)
143 Lexmark Int’l, Inc. v. Static Control Components, Inc., 387 F.3d 522, 547 (6 Cir. 2004).
th
144 hiQ Labs, Inc. v. LinkedIn Corp., 273 F. Supp. 3d 1099, 1113 (N.D. Cal. 2017).
145 Sandvig v. Sessions, 315 F. Supp. 3d 1, 27 (D.D.C. 2018).
146 Krerr (n 133) 1147.
147 hiQ Labs, Inc. v. LinkedIn Corp., 273 F. Supp. 3d 1099, 1113 (N.D. Cal. 2017).
148 Craigslist Inc. v. 3Taps Inc. (Craigslist I), 942 F. Supp. 2d 962, 969 (N.D. Cal. 2013); United States v. Valle, 807 F.3d 508,
513, 524 (2d Cir. 2015).
• 217 •
