50 comments

[ 3.2 ms ] story [ 59.8 ms ] thread
So they want you to send them your physical hard drive, presumably to assure themselves that the data has been erased...

But then they also want you to 'delete any data in your possession', so they already know that that is bullshit.

Maybe they want to check what data was scraped?
The letter just asks for a copy of all the data downloaded on a hard drive, meaning they just want to see what you have copied and named a hard drive as a particular medium to receive the data on.

It's clear that they intend for it to be an otherwise clean drive, since the mention they're going to wipe the drive before returning it.

Again, they're not asking for any specific drive, just that you turn over a copy of all the data collected on a medium that's easy for them to use.

It's so that they can nail you to the wall with the evidence you willfully sent them when they take you to court.
Damn straight. Do not engage these people, do not answer any correspondence - speak to a lawyer if they proceed to legal threats.
Good point, getting legal advice before doing anything seems like a safe plan!
This. They're just gathering more evidence by getting you to hand them a hard drive with this on it.
Yeah, I'd definitely send some unused external hard drive only containing the "stolen" data. And I also find this overkill and ridiculous, I wouldn't think anybody would ever do that in 2014. But then you have majors suing people who uploaded 1 song for million bucks, so, don't be a hero and call your lawyer!
Be sure to enable full-drive encryption first. They just asked for a hard drive they could copy and erase; they didn't say jack about it being in a readable format.

See also: formatted with DragonFlyBSD's "Hammer" filesystem. Archived in BinHex. Saved with Base37 encoding. And 9-bit bytes. In the "/home/leopard/music" directory of a fresh Debian Potato install.

Do you have some old full-sized SCSI 40MB drive lying around? It'd be amusing to see them trying to connect that to any modern computer... http://www.biocomp.net/seagate_st4766n.jpg
You might be able to buy old mainframe platters on eBay. I would love to see their faces... Or maybe send them one of those new MacBook SSD's ;-)
Do what lawyers do, print all data paper, randomly order the pages, and then deliver by truck in boxes.
Ask them for their fax number, and beam them the contents of your drive in binary.

Ask them if they have a LOT of paper first.

Based on the email, I get the feeling that ext3 might be hard enough for them to connect to.
You could also mention that the original data is on a SSD drive that is soldered to the motherboard of your MacBook Air/High-End Notebook/Chromebook and point out that even if you did send them a hard drive with a copy of everything downloaded that it would be just a copy. The original is uploaded 'onto the cloud' and not easy to delete even if you did smash the MBP to pieces, GCHQ/Guardian style.

Therefore, there is no need to send a drive, even a small child could understand that. A lawyer-type asking for 'the drive' does not get around this detail of how 's and 0's can be easily copied. Point out there is no need for the show.

Finally, go nucular on them. Say you are going to post your scraper tool onto github with full instructions on how to scrape their site unless $3,141,592.65 is donated by them to the EFF by teatime on Tuesday.

The letter didn't ask for "the drive that the data was one", it asked for "a drive with the data on it", which (when taken with comments about wiping the drive) indicate they just want to see a copy of the data, and named a hard drive as a convenient medium to exchange it on.

    > SSD drive that is soldered to the motherboard of your MacBook Air/High-End Notebook/Chromebook 
Nitpick of something I hear a lot: No SSD is soldered on in a MacBook Air or any Chromebook I've seen[1]. You may need an unusual screwdriver (MBA – maybe worse for a Chromebook) to get the bottom cover off, but then it's just a single screw. The PCs I've seen are similar, but I don't have as much experience there.

I assume the confusion started because the RAM is soldered.

[1] You can see internal pictures at chromium.org, e.g. http://www.chromium.org/chromium-os/developer-information-fo...

Wtf...

Even if you were going to comply, how can you be sure they wouldn't steal YOUR data?

They asked for a copy of the data on an otherwise clean hard drive, likely because they want to assess what he copied.

From the letter, it's clear that they don't expect anything else to be there, since they comment that they're going to wipe the drive when they're done looking at it, before returning the drive.

The drive is just meant as a convenient way to transfer a large amount of data.

So all these ignore it comments are generally ok but it depends on who you're dealing with. Remember that TOS violations are covered under the CFAA, CL has a reputation for this sort of behavior.
Yeah, I'm definitely complying.
I don't think you need to comply unless this is a court order. I wouldn't comply with anything short of that because you're essentially helping them build a case against you.
Don't waste your time. Do nothing.
TOS only apply if you agreed to them, and TOS cannot violate any other laws.

Also, the demander would have to prove it was a Bot or something, and that actual data was downloaded. It could be just a guy with a lot of free time to browse every page on the site.

in any regard -- this demand is ludicrous.

I agree -- Anything short of a court order (what CL does) isn't worth complying with. A bot is pretty easy to pick out from a technical perspective. It's a lot of requests originating from a single ip in a short time frame.
just curious; what evidence do they have that you saved any data in the first place?
Why would you post the text of such an absurd claim and not name who it is? Do you really fear them that much / desire to use their services that much that you would put up with this?
Do +not+ comply with the demand.

There is nothing (law, morals, or else) that prevents one from scraping a publicly accessible website.

"There is nothing (law, morals, or else) that prevents one from scraping a publicly accessible website."

Can you point to any legal precedent that supports your contention (honest question)?

No, it would be the other way around. You would have to find legal precedent that implies you must obey random requests for data from website operators...

(and I'm pretty sure there is none).

Maybe he wants to make sure they get a hold of <i>his</i> hard drive that he'll be taking in on Monday, not some random HNer's drive with some surprise that gets there first?
Will you be in any way released from legal liability by complying?

This sounds like "We don't quite have enough evidence that you did it, please admit to it fully so we have enough to throw the book at you".

I'll be the one to say it then.

It's a trap!

Don't do anything without an attorney. The Monday deadline is to ensure you don't stop and think of that option.

Do not respond.

Call an attorney. Let the attorney write the response, if any. Don't send a potential adversary evidence they don't have and don't try to figure this out yourself without professional legal advice.

Consider the legal fees insurance against an irrational amount of future awfulness.

This is the best advice.
as a condition demand a signed letter of the cease and desist that includes releasing you of legal liabilitie to be sent to yourself and the state attorney to be signed on delivery.
Web scraping may be against the terms of use of some websites. The enforceability of these terms is unclear.[5] While outright duplication of original expression will in many cases be illegal, in the United States the courts ruled in Feist Publications v. Rural Telephone Service that duplication of facts is allowable. U.S. courts have acknowledged that users of "scrapers" or "robots" may be held liable for committing trespass to chattels,[6][7] which involves a computer system itself being considered personal property upon which the user of a scraper is trespassing. The best known of these cases, eBay v. Bidder's Edge, resulted in an injunction ordering Bidder's Edge to stop accessing, collecting, and indexing auctions from the eBay web site. This case involved automatic placing of bids, known as auction sniping. However, in order to succeed on a claim of trespass to chattels, the plaintiff must demonstrate that the defendant intentionally and without authorization interfered with the plaintiff's possessory interest in the computer system and that the defendant's unauthorized use caused damage to the plaintiff. Not all cases of web spidering brought before the courts have been considered trespass to chattels.[8]
How did they link up your visits/scrapes to an email in the first place? You shouldn't have responded to the emails. If they're serious, I would think they would/will have sent certified mail. Then you can take it seriously, but not until then.
Gut instinct is that that looks like a nigerian-scam level email. Not quite sure what they are fishing for or what they hope to get out of the disk they want you to send but I'd just ignore it. Almost certainly that will be the end of it. If they escalate to a real lawyer contacting you by paper mail, then look into a quick consult with a local attorney to see what if anything you should do.

But do stop scraping the site and stay clear of any involvement with it in the future.

I'd just ignore it. Or send them an old (blank) drive, along with an invoice for your time.
Some more context here: https://twitter.com/recborg/status/482629723663507456

> @redheadjessica it's a business with a physical location that I sometimes frequent - they'd ban me from it.

[edit: I wonder if the pages scraped a publicly accessible. Maybe they are only accessible on LAN while at said location? This might put an interesting twist on things (as everyone here is just assuming a site accessible on the public Internet.]

Can you give us more context on what you scraped?
It might be fun to mess with them a little, but if they send you any real legal threats consult an attorney, and don't reply to any more of their email's.
does an email attachment with their data constitute returning it to these people? You may not need to go to all the trouble of dropping off your hard drive.

But in all seriousness, enjoy your new toilet paper because that's all that letter is good for!

Why did you take the site down? Wouldn't that appear as an admission of guilt on some level?
This calls for a very simple response: "rotfl!"