Information Security, Top News

LinkedIn accused of chilling access to information online



It’s the epic legal battle that has bitterly divided US business opinion, and its critics believe could have a chilling effect on digital competition.

It’s about the future of the internet, and it’s not net neutrality, amazingly, but another head-to-head some think has the potential to be every bit as significant and then some: the court case pitting social media giant LinkedIn against a miniscule Silicon Valley startup called hiQ Labs.

The latest development is that an alliance of the Electronic Frontier Foundation (EFF), search engine DuckDuckGo, and the Internet Archive, have weighed in on hiQ’s side, last week filing documents backing the startup’s case and accusing LinkedIn of trying to stifle “open access to information online.”

Why the angst? As ever, money, authority and who gets to own precious disruption.

LinkedIn, of course, is a professional networking platform, while hiQ is a company that makes its money by “scraping” LinkedIn’s public member profiles to feed two analytical systems, Keeper and Skill Mapper.

Keeper can be used by employers to detect staff that might be thinking about leaving while Skill Mapper summarises the skills and status of current and future employees.

For several years, this presented no problems until, in 2016, LinkedIn decided to offer something similar, at which point it sent hiQ and others in the sector cease and desist letters and started blocking the bots reading its pages.

LinkedIn’s case has two main arguments:

  1. hiQ is scraping data that belongs to LinkedIn and threatens its members’ privacy
  2. It does this using bot-scraping programs that have negative effects

Controversially, it invoked the famous 1986 Computer Fraud and Abuse Act (supposedly inspired by Hollywood movie WarGames) as part of its case, a criminal anti-hacking law that also featured in a famous 2009 case Facebook brought against Power Ventures.

More recently, similar issues have emerged from airline Ryanair’s case against Expedia for alleged fare scraping.



Data scraping, its seems, has become a booming tech sector that increasingly divides the industry ideologically.

One side believes LinkedIn is simply trying to shut down a competitor wanting to access public data LinkedIn merely displays rather than owns. Allowing it to do this using a law as draconian as the CFAA would threaten competition and perhaps even (in an echo of net neutrality arguments) the open internet.

Said the EFF:

LinkedIn’s position will also impact journalists, researchers, and watchdog organizations, who (increasingly) rely on automated tools including scrapers to support their work, much of which is protected First Amendment activity.

The other sees companies such as hiQ as parasitic. According to Rammi Essaid of Distil Networks, allowing hiQ’s case to succeed might also inadvertently legitimise “bad bots” which conduct harmful activities such as:

Denial-of-service attacks, competitive data mining, online fraud, account hijacking, data theft, stealing of intellectual property, unauthorized vulnerability scans, spam and digital ad fraud.

So far, hiQ is just about winning the legal battle and in August was handed an interim court judgement requiring LinkedIn to stop blocking hiQ’s scraping bots from accessing its site. The next stop in this case comes in March 2018 when the court will hear oral arguments.

Caught in the middle of this are millions of LinkedIn users who set about creating and building a profile they hope will gain them professional visibility.

Having that possibly inaccurate or out-of-date information mined by a hidden third party in ways that might disadvantage them was probably not what they had in mind when they joined.

Or perhaps, because all hiQ is doing is accessing what anyone can already see, that’s inevitable anyway.

Which raises the disturbing possibility that what hiQ v LinkedIn is really about is not so much the adage that users are now the product, but whose product they are destined to become.




Source : Naked Security



Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.