Feeds

Use of web archive was not hacking, says US court

Though bypassing its protection measures could be

High performance access to file storage

The use of web archive The Wayback Machine did not constitute hacking in the case of a law firm which used the web archive to see pages which owners did not want it to see, a US court has ruled.

The deliberate bypassing or evasion of the archive's protection measures could still be deemed hacking, though, said Judge Robert Kelly, the judge in the Eastern District of Pennsylvania. In this case, protection mechanisms put in place by the page owners had failed.

In a dispute over intellectual property, patient advocacy group Healthcare Advocates sued Health Advocate Inc. The company being sued was represented by law firm Harding Earley Follmer & Frailey.

Law firm Harding viewed a number of Health Advocates' web pages on The Wayback Machine on 9 July. On 7 or 8 July that company's president, Kevin Flynn, had put a robots.txt file on its pages which should have barred the Wayback Machine from accessing its pages. But lawyers at Harding were able to view the pages because of a malfunction at The Wayback Machine.

"Plaintiffs' expert, Gideon Lenkey, has testified that the Harding firm was able to view archived screenshots of Healthcare Advocates' website because the servers at Internet Archive were not respecting robots.txt files," said Kelly's ruling. "Mr Lenkey also testified that the Harding firm did not engage in 'hacking'."

Circumventing an electronic protective measure breaks federal law in the US, and Healthcare Advocates brought a law suit against Harding.

Kelly ruled, though, that because Healthcare Advocate's protections malfunctioned, there was no protection to break or bypass.

"When the Harding firm accessed Internet Archive’s database on 9 July, 2003, and 14 July, 2003, it was as though the protective measure was not present," he wrote. "Charles Riddle and Kimber Titus simply made requests through the Wayback Machine that were filled. They received the images they requested only because the servers processing the requests disregarded the robots.txt file present on Healthcare Advocates' website.

"As far as the Harding firm knew, no protective measures were in place in regard to the archived screenshots they were able to view. They could not avoid or bypass any protective measure, because nothing stood in the way of them viewing these screenshots. The Harding firm did not use alter code language to render the robots.txt file void like the defendant in Corley did with the encryption," said Kelly.

"They did not 'pick the lock' and avoid or bypass the protective measure, because there was no lock to pick. The facts show that the Harding firm received the archived images solely because of a malfunction in the servers processing the requests."

Healthcare Advocates also claimed that Harding had breached copyright law in their viewing and use of the web pages, but Kelly ruled that the law firm's activity constituted fair use of the material.

The company also claimed that the activity broke the Computer Fraud and Abuse Act, a claim Kelly also rejected.

Kelly granted summary judgment in Harding's favour. He said in his ruling: "It would be an absurd result if an attorney defending a client against charges of trademark and copyright infringement was not allowed to view and copy publicly available material, especially material that his client was alleged to have infringed."

The ruling said that in this case the placing of a robots.txt file, which is most often used to give instructions to search engine "robots" on what pages of a website should not be indexed, constitutes a "technological measure" within the DMCA.

That ruling will have limited relevance in other cases, though. No court in the US has yet said that such a file constitutes a technological measure in every case, and Kelly warned against interpreting his specific ruling in that way.

"The only way to gain access would be for Healthcare Advocates to remove the robots.txt file from its website, and only the website owner can remove the robots.txt file. Thus, in this situation, the robots.txt file qualifies as a technological measure effectively controlling access to the archived copyrighted images of Healthcare Advocates," he said. "This finding should not be interpreted as a finding that a robots.txt file universally qualifies as a technological measure that controls access to copyrighted works under the DMCA."

Copyright © 2007, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

3 Big data security analytics techniques

More from The Register

next story
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Whoever you vote for, Google gets in
Report uncovers giant octopus squid of lobbying influence
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.