UNIVERSITY of NOTRE DAME
Scraping Photographs
Note by Maggie King
2. Id.
4. Louise Matsakis, Scraping the Web Is a Powerful Tool. Clearview AI Abused it, Wired (Jan. 25, 2020, 7:00 AM), https://www.wired.com/story/clearview-ai-scraping-web/.
6. Donie O’Sullivan, This Man Says He’s Stockpiling Billions of Our Photos, CNN Business (Feb. 10, 2020, 9:18 AM), https://www.cnn.com/2020/02/10/tech/clearview-ai-ceo-hoan-ton-that/index.html.
8. Jacquellena Carrero, Access Granted: A First Amendment Theory of Reform of the CFAA Access Provision, 120 Colum. L. Rev. 131, 150 (2020).
Introduction
In January 2020, a recurrent debate around modern surveillance techniques was reignited, after the New York Times reported that a little-known start up Clearview AI was selling facial recognition technology to police departments.1 The software enables law enforcement to identify with high accuracy a suspect caught on camera within minutes of running the image through Clearview’s system.2 Lawmakers and at least forty different interest groups called for a ban or moratorium on facial recognition technology, citing everything from the pitfalls, to the uncertainties and general big brother-like nature of the software.3
But another debate also ensued in response to the news. Wired published an article arguing that Clearview had “abused” the laws intended to enable a free and open internet when it built its facial recognition tool off scraping photos from social media.4 Technology companies took a different stance in this debate. Facebook, Twitter, and Google all immediately sent cease-and-desist letters to Clearview to stop scraping their users’ photographs. Those actions suggested that in scraping photographs, Clearview had not so much abused laws but rather broken them.5
These responses highlight an important, and unresolved legal question: Is scraping photographs legal? To build its software, Clearview AI claims to have scraped more than 3 billion photos from the internet, including from popular social media platforms like Facebook, Instagram, Twitter and YouTube.6 Companies seeking to halt scraping activities have historically relied heavily on anti-hacking laws, and analogized scraping to hacking. The US federal government and all fifty states have each enacted statutes that protect against hacking, or “unauthorized access to computers.”7 The most recent caselaw suggests run-of-the-mill data scraping does not per se violate federal or state hacking laws as long as the data scraped is public or authorized for access to the entity doing the scraping. However, “[t]he wide variety of outcomes in scraping-related litigation demonstrates that courts are uncertain of what exactly constitutes computer hacking,”8 much less whether current interpretations of the laws would apply equally to photographs. Beyond hacking laws, those seeking to enjoin scraping activities have brought claims that scraping violates trespass to chattels, contracts, and federal copyright laws. In fact, in response to Clearview AI’s alleged scraping of photographs, a Facebook attorney said in a since-deleted tweet that Clearview was “not only violating terms of sites, but also committing copyright infringement by using people’s photos this way.”9 At present, no major scraping cases have addressed the scraping of photographs on any of these claims. But scraping photographs does interact with copyright and other existing laws in ways that differ from traditional scraping cases. In short, while the legality of scraping data generally is trending towards legal, with some uncertainty remaining, the issue of scraping photographs in particular is not settled. Rather, the legal debate around scraping photographs is only just emerging.
This note explores whether any existing laws prohibit scraping photographs, as suggested by Facebook and other big tech companies’ recent actions against Clearview. After examining each potential claim, this note argues that no existing law should be construed to hold Clearview liable for scraping photographs, because doing so would create inconsistencies in existing law. But also, the apparent legality of Clearview’s scraping activity presents an argument for a reversal of the recent trend towards laws that, guided by the principle of a free and open internet, favor scraping. Rather, the apparent legality of activity that ultimately enables otherwise unrestrained modern surveillance techniques presents an argument for a return to federal laws that provide stronger defenses for cyberproperty. Part I explains the concept and technology of scraping photographs and the extraction of facial scan data for use in facial recognition algorithms. Part II clarifies the state of the law on scraping under the claims that are most commonly brought against scraping activities, including the Computer Fraud and Abuse Act (CFAA), copyright, and contract law. Part III applies these doctrines to scraping photographs and extracting facial images. Part IV provides policy arguments for the direction scraping law should take in light of this note’s findings regarding the state of the law today. Part V briefly concludes.
Click here to view the full text of this Note.
1. Kashmir Hill, The Secretive Company that Might End Privacy as We Know It, N.Y. Times (Jan. 18, 2020), https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html?smid=nytcore-ios-share&fbclid=IwAR3tu5Zy1gMSAuVaF2jSmRGr6Hp7iqaxhKU6qBXnf1MActx13XL9KNduuEw.
3. Chris Mills Rodrigo, Government Privacy Watchdog Under Pressure to Recommend Facial Recognition Ban, The Hill (Jan. 27, 2020, 4:31 PM), https://thehill.com/policy/technology/480152-government-privacy-watchdog-under-pressure-to-recommend-facial-recognition (“Forty groups, led by the Electronic Privacy Information Center, sent a letter Monday to the agency calling for the suspension of facial recognition systems ‘pending further review.’”). For an example of a proposed moratorium on the technology at the state level, see H.B. 2856, 66th Leg., Reg. Sess. (Wash. 2019-2020). See, U.S. Dep’t Of Com., Face Recognition Vendor Test (FRTV) Part 3: Demographic Effects (2019) (For a recent, leading report on the pitfalls and uncertainties of facial recognition technology, NIST produced a report
5. Alfred Ng & Steven Musil, Clearview AI Hit With Cease-and-Desist From Google, Facebook Over Facial Recognition Collection, CNET (Feb. 5, 2020, 6:10 PM), https://www.cnet.com/news/clearview-ai-hit-with-cease-and-desist-from-google-over-facial-recognition-collection.
7. Orin S. Kerr, Cybercrime’s Scope: Interpreting “Access” and “Authorization” in Computer Misuse Statutes, 78 N.Y.U. L. Rev. 1596 (2003).
9. Kevin Keller (@kevinkeller), TWITTER (Jan. 18, 2020), https://twitter.com/kevinkeller/status/1218622954168152064.
- Privacy Law & Data Protection
Article by Philip M. Nichols
Notre Dame Journal on Emerging Technologies ©2020