What is “screen scraping” and is it lawful in Australia?
by Trevor Jeffords, Freehills
Trevor Jeffords of Freehills examines the screen scraping phenomenon and considers its legality. He discusses whether this activity contravenes any state laws, such as the Crimes Acts (NSW and VIC), the law of trespass or copyright. On the basis of these three areas of law he concludes that screen scrapers should obtain the consent of the web site owner prior to "scraping" a site.
Trevor is part of the Corporate Technology team at Freehills, Melbourne office. He has experience dealing with IT outsourcing agreements, web-development contracts, website linking affiliate agreements, web-based banking portals and general banking and litigation. Trevor is also an IT and website design lecturer.
What is screen scraping?
Screen scraping (or aggregation) is a method used to extract data from a series of webpages in order to consolidate that data on one central webpage. Companies that use this method are referred to as "aggregators".
Aggregation is used in many industries. For example, Bidder's Edge Inc. is a US internet auction aggregation site. The Bidder's Edge website allows users to search for items across numerous online auction sites without having to search each host individually. It does this via automated code robots which 'crawl' and 'scrape' data from the online databases of other auction sites.
In the banking sector, aggregators operate websites that allow customers to view their financial holdings at multiple financial institutions at a single location on the internet. Customers provide aggregators with their user names and passwords to all accounts they wish to see in one place on the internet. The aggregator uses this information to automatically access the customer's accounts, "scrape" the necessary data, and display this information to the customer in a consolidated form. Several account aggregators are currently operating in the US, such as Corillian, EZ Login, PayTrust, VerticalOne and Yodlee.
At present, the consolidated data displayed on most aggregators' websites is static and updates are conducted at regular intervals. However, this is likely to change as technology develops to the point where aggregator websites will be able to provide "live" data with the ability to send instructions - for example, an instruction to transfer funds direct to a financial institution.
Who loses out with screen scraping?
The service offered by aggregators is likely to be welcomed by many consumers because it enables them to conveniently view information sourced from a variety of websites at one single location. However, some companies who operate websites that have been scraped by aggregators have objected to the practice for various reasons, such as the potential diversion of custom from their website and the liability risks associated with data being extracted and possibly being corrupted or misused in circumstances which are beyond the control of the website owner. This raises the issue of whether an aggregator who scrapes information from a third party website needs to obtain the consent of the website owner. In Australia, it would seem that the answer to this question may be 'yes' on at least three grounds.
The first argument is based on state legislation which makes it an offence to access computer systems without lawful authority to do so. The second ground is based on the tort of trespass. The third ground is based on copyright law.
State Legislation
In each State of Australia, it is an offence to access a computer system without authority to do so. Taking Victoria and New South Wales as examples:
- Under s9A of the Summary Offences Act 1966 (Vic), a person must not gain access to, or enter, a computer system or part of a computer system without lawful authority to do so. (Penalty: $2500 or imprisonment for 6 months)
- Under s309(1) of the Crimes Act 1900 (NSW), a person who, without authority or lawful excuse, intentionally obtains access to a program or data stored in a computer is liable to imprisonment for six months or to a fine of $5000, or both.
It was argued during the debating of the amendments that created these laws that the unauthorised use of a computer system not involving criminal intent and harmful consequences should not be criminalised. Gartner Group's Dataquest [1] However this argument was rejected and at present, the laws of Victoria and New South Wales do not require fraudulent, criminal or malicious intent. Of course, as these statutes involve criminal offences, a successful conviction requires proof "beyond reasonable doubt" which is more stringent than the "balance of probabilities" threshold used for civil actions.
Trespass
It is well recognised that any unauthorised interference with goods in the possession of another constitutes trespass. However, it is unclear whether Australian courts will apply this traditional tort of trespass to an instance of unauthorised computer access. In the recent decision of the US District Court for California,eBay Inc -v- Bidder's Edge Inc, Gartner Group's Dataquest [2] eBay Inc was successful in obtaining an interim injunction on the basis of trespass which prevented Bidder's Edge scraping eBay Inc's internet auction website. In the US, it is necessary to show a likelihood of damage to succeed in an action for trespass. The court accepted that by using over 100,000 automated searches per day, Bidder's Edge Inc was "draining" eBay Inc's computer system resources away from legitimate customers and that this had caused some harm to eBay Inc. The decision has been criticised in the US on a number of fronts including on the basis that the harm to eBay was not in fact sufficient.
In Australia, on the other hand, it is generally accepted that damage is not required for a trespass to goods action to succeed; however, the monetary damage awarded by the court will be directly proportional to the loss suffered by the unlawful interference. Where the loss is minimal or non-existent, the court will only award nominal damages. The quantum of damage is probably not an issue however, for website owners who object to their websites being scraped. Their real remedy will be an order from the court injuncting the aggregator from continuing to trespass on the owner's website.
Copyright
In Australia copying data or substantially copying data from a third party website without the authority of the copyright owner may infringe s36 of the Copyright Act 1968 (Cth).
Issues which need to be considered here include:
- whether the data qualifies as an original "literary work" and is therefore capable of copyright protection; and
- who in fact owns the data - by way of example, where the data consists of the account information of a customer it might be argued that the data and any rights to the data is in fact "owned" by the customer and not the website operator.
Circumstances where consent to an aggregator accessing a third party website may be implied
The operator of a website will normally allow consumers to access and download data from the website for certain purposes. If all an aggregator is doing is accessing this data in its capacity as an agent for the consumer and the data is data specifically relating to the consumer (for example, the customer's account data), then the argument which can be run is that the aggregator's conduct is not in fact unauthorised. One risk with this argument is that the "scraping" of data by an aggregator (for example, because of the technical method in which the data is extracted) may go beyond the use which the consumer has been permitted by the website owner. The agency argument may also have less force where the data that is scraped does not specifically relate to the customer.
Footnotes
1 388 Vic. Parl. Deb. (L.C.) 470 (Hon. J. H. Kennan).
2 100 F.Supp 2d 1058.
June 2001 contents
|
