43 comments

[ 3.2 ms ] story [ 95.9 ms ] thread
Honest question: how is a lawsuit filed against someone whose identity isn’t known? Is there a term for it?

I’m curious about the specific mechanics of the lawsuit. Presumably the judge would make a ruling, and then that ruling would stick if and when the identity became known. But is that how it actually works?

Also, is there a way for Anna’s Archive to defend themselves without revealing their identity?

>The complaint accuses Washington citizen Maria Dolores Anasztasia Matienzo and several “John Does” of operating the search engine and scraping WorldCat data. So I guess they're accusing Maria of running the site?
If you aren't identified you can't defend yourself, which I assume would be an issue. I'd expect that the ruling can only stick for the one named defendant, unless the names of the other accused become known as the lawsuit progresses.
I believe part of the issue is that the other John Does may be people in other countries (according to the lawsuit) which may add to the issues with identifying and/or charging them.
IANAL, but AIUI filing a John Doe lawsuit is acceptable because there are statutes of limitations on how long you have to file a suit. By filing a case with an unknown defendant, you protect your right to sue while you go about gathering evidence.

You’re still going to have to sue someone identifiable at the end of it, but they can’t argue that your suit is too old (since the reason it’s too old is that the defendant was hiding their identity, not that you weren’t timely in noticing and responding to the infringement).

So they found the operator because they did some opsec mistakes while scraping? Man that sucks. Now is the time to back up the Archive I guess. Hope some good samaritan comes along as dedicated to the cause as them... Godspeed Anna, you've been incredibly helpful in setting information free
They claim to have found the operator...

The evidence they present for that is that she wrote a python library to interact with their websites (or in their words "developed a repository for a python module for interacting with OCLC's WorldCat(r) Affiliate web services"). Also that she worked for a competitor, describes herself as an archivist, and has publicly stated that libraries and archives should be open and publicly available.

It's not exactly convincing evidence that she's involved with Anna's Archive IMHO.

As a former library developer, I've written all sorts of little bits like that for all sorts of archives and databases and publicly supported open access. If that's really all they've got, it's pretty light. I imagine they've at least got some sort of access logs, surreptitiously viewed conversations about it, or something similar.
They probably found her identity a different way but only show this to the public (she most likely is 'Anna')
That's just your speculation. This is not the FBI or NSA, it's a private company doing some random homework. They could well have got it wrong.
(comment deleted)
A software developer who once volunteered at a library in 2012 wrote in that very year a Python library to interact with a library catalog [1]. What more evidence do you need that she was involved in a scraping operation in [checks notes] 2023?

Her name (Maria Dolores Anasztasia Matienzo) even contains the letters Anna (almost), so she must be the mastermind behind Anna's Archive!

Her library is the top search result if you search for WorldCat in github. Though I personally would have gone with bookops-worldcat, since they claim they made major changes to the library to account for 2020 API changes in WorldCat.

1: https://github.com/anarchivist/worldcat

Welp, I glanced at her github and when I decent see any recent related projects assumed that it had been taken private, it didn't even occur to me to look at projects that hadn't been touched in a decade!
If they are suing someone for writing a python library that was transparently and non-anonymously published, without any evidence the author participated in any of the scraping acts... that feels like extra evil.

Really not thrilled to see an organization which claims to represent the interests of libraries stepping so hard on freedom of expression to write software. Pretty shameful.

It says scraping. I thought scraping was legal?
"In addition to harvesting data from WorldCat.org, the defendants are also accused of obtaining and using credentials of a member library to access WorldCat Discovery Services. This opened the door to yet more detailed records that are not available on WorldCat.org."
AKA they used their library card number to login via their public library. At least that's how it works with my local library.
So in essence another "is scraping a cyberattack" suit, along with asking for damages because their hard work is now available for free.

The interesting thing here is imho that WorldCat is that WorldCat is a bibliographic database, mostly listing the collections of OCLC members, along with other information about these works. Obviously this information takes work to collect and organize, and that's what the membership fees are for. But for financial harm to come to OCLC (beyond the costs of being scraped) it seems to me that libraries would have to decide that they don't want to pay membership fees and instead use the scraped, less up-to-date version of the catalog? How likely is that to actually happen at any scale?

between "scraping is cyberattack" and "damages" is "Lists, Directories, and Databases" generally do not fall "Under Copyright Law"

from https://www.justia.com/intellectual-property/copyright/lists...

A work must have at least a minimal amount of creativity to get copyright protection. This can pose a barrier to copyrighting compilations of facts, such as lists, directories, and databases. The information in them is not original, but they still may receive protection if the people who compiled them used some creativity in the process of selecting or arranging the information. This does not mean that the selection process must be unprecedented or bizarre, but it should not be so mechanical that it required no thought. For example, a telephone directory likely will not receive copyright protection because listing the names in alphabetical order does not show enough creativity. (The Supreme Court reviewed this situation in the main case discussing copyrights for lists and directories.)

...

Many lists are similar to the telephone directory example considered by the Supreme Court. These include mailing lists, membership and subscriber lists, street addresses, and directories that list the contact information for certain groups of people, such as college alumni. In most cases, copyright will not be appropriate for these lists because they are arranged in an obvious manner. They are typically arranged alphabetically or numerically, and the people compiling the list do not choose which items to include. Moreover, a mailing list of people who made political contributions that was organized by zip code was found to lie outside the boundaries of copyright protection.

...

Factory and store inventories do not receive copyright protection. They are meant to be comprehensive, so no choice is involved in compiling their content. Also, they are generally arranged in alphabetical or numerical order. Businesses may be able to protect their inventories as trade secrets instead.

This lawsuit is for tortious interference with prospective business relationships

"Plaintiff OCLC Online Computer Library Center, Inc (“OCLC”) brought suit against Defendants Clarivate, Plc; Clarivate Analytics (US) LLC; ProQuest, LLC; and Ex Libris (USA), Inc. Alleging that Defendants are tortiously interfering and conspiring to tortiously interfere with its contractual relationships and tortiously interfering and conspiring to tortiously interfere with its prospective business relationships. This matter is before the Court on Plaintiff’s motion for temporary restraining order and preliminary injunction, Doc. 4." from https://librarytechnology.org/docs/27467.pdf

Worth noting is that in EU databases can have special IP protections in themselves
A part of their damage claim is based on the costs incurred by this so-called cyberattack. "These hacking attacks [scraping mostly JSON] materially affected OCLC’s production systems and servers, requiring around-the-clock efforts from November 2022 to March 2023 to attempt to limit service outages and maintain the production systems’ performance for customers. To respond to these ongoing attacks, OCLC spent over 1.4 million dollars on its systems’ infrastructure and devoted nearly 10,000 employee hours to the same." Also "During this time, customers threatened and likely did cancel their products and services with OCLC due to these disruptions."

Those are probably the most valid angles to push here. Mostly the invested time and money since they are actually quantifiable, as opposed to the people who maybe probably definitely canceled their service because of the disruption.

They allege 2.2T downloaded. Over that time frame of 5 months, I calculate about 1.5Mbit download rate. The 10k hours over the timespan they specify is over 10 employees working 40 hours a week. None of their claims make any sense.
Right? In the end it cost, what, a couple dollars in bandwidth?, a couple hundred? A couple thousand? Fine I'll make you whole out of my pocket change. Meanwhile how much did you waste on that laywer?
Agreed, but scraping can cause DDDoS and goes against ToS. But it's obvious here why they're making such claims, they're trying to crackdown on free knowledge sharing.
yep. there are some attempts where libraries try to use different data sources but worldcat is the monopoly. the relationship between libraries and worldcat has sometimes been an adversarial relationship.

the information is sourced from the libraries yet worldcat holds them hostage to their data with membership fees.

It's also unclear to what extent bibliographic records are copyrightable, as "facts" are not copyrightable. (At least in the US). It's not clear they _aren't_, at least some elements, but it's also not clear they are.

OR, if they WERE copyrightable, that the copyright would belong to OCLC rather than the thousands of libraries which contributed them (generally without compensation).

It is noteable that OCLC does not really mention copyright or any copyright grounds in the lawsuit.

It really does seem to be a case of "we think we can make violating ToS a violation of this Ohio law against hacking."

As a librarian-software-engineer myself, it is sad to me how the rich ecosystem of cooperatively owned library consortia of the 20th century, which operated non-profit in interest aligned with those of their member-owners... has been largely consolidated into enormous ostensibly "non-profit" coroporations which act as if the might as well be for-profits, trying to maximize revenue from their "member" customers, and regardless of any larger mission or values their library members purportedly have.

I've fallen behind and haven't really been keeping up with the newest digital institutions, but this article has given me some great pointers for digital libraries to investigate when I've got the time or need. Thank you, OCLC!
Interestingly if you run a textual analysis comparing what the accused has written and what 'Anna' has written in various forums (including this one), there are some similarities that would be difficult to otherwise explain. So it seems likely they have found the culprit.
I think original name might be Mark Matienzo who is the 2012 winner of Mark A. Greene Emerging Leader Award from Society of American Archivists [0] and reported here [1] where you can find a picture.

This can be discovered by reading the Professional Bio at https://matienzo.org/ which appears to be owned by the individual named as the defendant.

[0] https://www2.archivists.org/governance/handbook/section12-em...

[1] https://www.infodocket.com/2013/11/20/mark-matienzo-named-di...

Appreciate the concern! We're not making any public statements about this lawsuit but rest assured we're fine.
(comment deleted)