marc

New Research Paper Examines Legal and Technical Challenges of Harmful Web Scraping, Proposes Solutions

Mitigating Unauthorized Scraping Alliance to Host Webinar Discussion on June 22, 2023

WASHINGTON, D.C., June 16, 2023 – In a new research paper, Professor Timothy H. Edgar, Professor of the Practice of Computer Science, Brown University, and Lecturer on Law, Harvard Law School, examines the legal and technological challenges of harmful web scraping, highlights trends that could exacerbate the problem, and proposes possible legislative solutions, including amending the Computer Fraud and Abuse Act (CFAA) or addressing harmful web scraping through broader privacy legislation in the United States and elsewhere.

Professor Edgar seeks to define the problem of harmful web scraping and explains how lawyers and technologists have defined the technical concepts of authentication, authorization, and access control in different ways, with lawyers and the courts confused by these technical concepts.

In the paper, Professor Edgar notes three new trends that are aggravating the problem of malicious web scraping, including increased demand for scraped data related to the advent of generative AI, the breakdown of norms in the tech community against unwanted scraping, and the perception that decisions of federal courts to narrow the CFAA could be misinterpreted and misunderstood as a green light for unwanted scraping.

Professor Edgar asserts that website owners should be incentivized – or at least not deterred – from using technical measures to limit scraping that could impact the privacy and security of users and others whose data could otherwise be at the mercy of malicious bots, scrapers, and scammers. He argues that a useful first step in addressing the problem of harmful web scraping is for lawyers, policymakers, and computer security experts to come together to give terms like authentication, authorization, and access control their technical meaning to facilitate policy and legal solutions to these challenges.

In the paper, he says that policymakers in the United States and elsewhere should also take steps to prevent harmful scraping, while ensuring appropriate exceptions for scraping for valid commercial purposes and for legitimate and ethical research. Professor Edgar believes that Congress could do so by amending the CFAA, by addressing the problem of harmful scraping in comprehensive privacy legislation, or by doing both.

Talking Past Each Other: Webinar on The Legal and Technical Challenges of Harmful Web Scraping

The Mitigating Unauthorized Scraping Alliance (MUSA) will host a complimentary webinar discussion with Professor Edgar on Thursday, June 22, 2023 at 2:30 p.m. EDT to discuss this new research.

Media is invited.

About MUSA

MUSA brings together leading companies committed to protecting data from unauthorized scraping and misuse. In collaboration with industry members, policymakers, and the public, MUSA is focused on protecting user data through education, advocacy, public-private partnerships, and the sharing of reasonable practices to mitigate unauthorized scraping.

Highlights of MUSA International Data Privacy Day 2023 Event: The State of Unauthorized Scraping

In observance of International Data Privacy Day, the Mitigating Unauthorized Scraping Alliance (MUSA) hosted an event on January 31, 2023, featuring industry, legal, and academic experts who examined the issue of unauthorized data scraping and its impacts. Check out the videos below for some of the highlights from the event.

Highlights from Panels #1 and #3: The State of Unauthorized Scraping Enforcement & Its Impact on Industry

Highlights from Panel #2: The Impact of Unauthorized Scraping on Users

Webinar: The Legal and Technical Challenges of Harmful Web Scraping

Event Date/Time:

Thursday, June 22, 2023 | 2:30 p.m. – 3:10 p.m. ET

MUSA hosted an engaging discussion with cybersecurity expert and privacy lawyer Professor Timothy H. Edgar about his newest research on the issue of harmful web scraping. This webinar addressed common misunderstandings that lawyers and technologists may have regarding this topic. We delved into the technical concepts of authentication, authorization, and access control; explored their relationship to web scraping; and examined the current legislative limitations and potential solutions.

Speaker and Moderator:

David Patariu, Associate with Venable, Privacy Law Specialist (PLS); International Association of Privacy Law Specialists Fellow of Information Privacy, CIPP/US, CIPP/E, CIPM; (ISC)² CCSP, CISSP

Timothy Edgar, Professor of the Practice of Computer Science, Brown University; Senior Fellow, Watson Institute for International and Public Affairs; Lecturer on Law, Harvard Law School

Industry Practices to Mitigate Unauthorized Data Scraping

In the third video of our educational video series focused on unauthorized scraping mitigation, we identify institutional, prevention, detection/mitigation, and enforcement measures that companies of any size can adopt to mitigate unauthorized data scraping.