Meta, the parent company of Facebook, is suing the US subsidiary of a Chinese tech firm - alleging that it offered data-scraping services for Facebook and Instagram.
And also publicly revealed a suit it is pursuing against an individual whom it alleges set up automated Instagram accounts to scrape data from some 350,000 Instagram users.
The two cases have been filed with the U.S. District Court for the Northern District of California.
Facebook vs. scrapers
While Meta and other internet companies are no stranger to battling web-scrapers-that is, using automated tools to scoop data en-masse from websites-the timing of these latest cases makes them especially newsworthy. It follows a March court ruling in the United States that reiterates an earlier judgment that web-scraping is allowed, forming the culmination of a long-running legal tussle between Microsoft-owned LinkedIn and a data science company called Hiq Labs that scraped personal information from LinkedIn to help its customers predict employee attrition.
While the outcome was very much welcomed by many throughout the industrial spectrum-from archivists scraping publicly available data, all the way to researchers and journalists-whose work relies on accessing such sources-it did, on the other hand, severely undermine legitimate privacy and security concerns how people's data can be leveraged without their permission. The court in this case ruled that scraping of public accessible information does not violate the Computer Fraud and Abuse Act, which is a cybersecurity law ruling computer hacking in the United States.
Not to be outdone, Meta now files identical litigation against a company called Octopus Data, which according to the lawsuit is the U.S. subsidiary of a "Chinese national high-tech enterprise." The parent company's website touts it as Shenzhen Vision Information Technology Co., and claims it "launched the core product" in 2016.
Another notable development is that Meta has confirmed it is indeed filing a lawsuit against a Turkey-based individual named Ekrem Ateş, who allegedly published scraped Instagram data to his own websites, or so-called "clone sites".
Instead of focusing on the entities under the cover of CFAA, Meta is taking complaints through the DMCA, which has a more focus on copyright and IP violations rather than hacking. To that point, in its complaint Meta specifically cites Section 3 of its terms of service, which state:
You retain your intellectual property rights (such as copyright and trademark) to any such content you post or otherwise share on Facebook and other Meta Company Products you use. Nothing in these Terms removes or limits these rights of yours to your own content; you are free to share your content with anyone else, anywhere you want.
Elsewhere, Facebook's terms also state that
You shall not collect content or information from users, or otherwise access Facebook through your use of automated means (such as harvesting bots, robots, spiders or scrapers) without our prior permission.
That being said, Meta claims that Octopus charges customers a fee for the use of an existent software product called Octoparse in mounting an attack, or the customers can also pay Octopus to scrape sites directly. To work, customers have to hand over access to their accounts, which, in turn, enables the software to tap into data usually available only to logged-in users: it retrieves information on Facebook friends, email addresses, birth dates, phone numbers, and Instagram followers, among other forms of engagement.
It’s also worth noting that Octoparse is not limited to Meta’s properties, either, with services offered across numerous sites including Twitter, YouTube, Amazon, LinkedIn and more.
The complaint filed by us alleges that Octopus has breached our Terms of Service and the Digital Millennium Copyright Act, for carrying out unauthorized and automated scraping activities to conceal their scraping and intent aimed at avoiding detection and blocking from Facebook and Instagram," Jessica Romero, Meta's director of platform enforcement and litigation, wrote in a blog post.
These new cases follow closely behind Meta's largely unscathed emergence from another data-scraping case it brought nearly two years ago against an Israeli company called BrandTotal, which offered a browser extension that siphoned off data about Facebook users. In this case, then, the judge granted summary judgment in favor of Meta on the argument that BrandTotal infringed Facebook's terms of use, while, in the same ruling, issuing a summary judgment which found BrandTotal accessed password-protected pages using fake user accounts, in violation of CFAA or California's CDAFA (Computer Data Access and Fraud Act).
Web scraping is about as old as the web itself, and it's not going anywhere anytime soon. But by targeting some of the worst offenders, from a corporate to an individual level, Meta aims to deter others from following the same track.