Scraping By: Reconsidering Law & Technology for Online Data Collection - May 19, 2022

As illuminated by a timely 2021 HotTopics program, in last year’s Van Buren decision the Supreme Court accepted arguments by USTPC and many others that the 1986 Computer Fraud and Abuse Act (CFAA) should not be read to label security researchers and others as illegal “trespassers” prohibited from scraping data without the source website’s prior permission. The Court’s opinion, however, was based on just one part of the CFAA—and a narrow one at that.

Just weeks ago, at the Court’s direction in a suit by LinkedIn against data analytics firm HiQ, the influential US Court of Appeals for the Ninth Circuit reaffirmed the fundamental “takeaway” from Van Buren and may well have made it substantially broader by expressly allowing scraping from “publicly accessible” online sources.

Will the Ninth Circuit’s April HiQ ruling usher in a Golden Age of security research, pave a path to financial ruin for now-lucrative websites like LinkedIn, threaten personal privacy, dangerously take the CFAA out of law enforcement’s prosecutorial quiver, or all/none of the above?!?

Join us next Thursday, May 19 from 5:00–6:30pm EDT for “Scraping By: Reconsidering Law & Technology for Online Data Collection” when USTPC Law Subcommittee Chair and appellate attorney Andy Grosso moderates a panel of legal and technical experts who’ll tackle these issues and more! Registration here is required but free to all.


Panelist Bios

Andrew Grosso (Moderator) has been Principal Attorney with Andrew Grosso & Associates in Washington, DC since 1994. Prior to entering private practice, he served from 1983–1994 as an Assistant U.S. Attorney in the Middle District of Florida, and in Boston in the District of Massachusetts, concentrating in the criminal prosecution of government program fraud. He founded the Department of Justice’s first health care fraud task force and was a founding member of the Department’s national Health Care Fraud Working Group. Mr. Grosso’s practice includes the prosecution of False Claim Act whistleblower or “qui tam” cases, hi-tech commercial litigation, corporate compliance matters and internal investigations, Internet and privacy law, and cyber security and cyber litigation. He has acted as counsel to the Massachusetts Institute of Technology and co-authored the resulting “Report to the President: MIT and the Prosecution of Aaron Swartz.”

Mr. Grosso has served on the Council for the American Bar Association’s (ABA) Criminal Justice Section; has chaired that Section’s Committee on Science, Technology and Forensics; and has been a member of the Committee for the International Freedom for Scientists for the American Physical Society (APS). Since 1996 he has been a member of the U.S. Technology Policy Committee (USTPC) of the Association for Computing Machinery (ACM) and currently chairs USTPC’s Law Subcommittee. He also has twice chaired the ABA’s National Institute for CyberLaw.


Megan Iorio is Senior Counsel and Amicus Director at the Electronic Privacy Information Center (EPIC). Megan’s work covers a wide range of issues, including the Fourth Amendment, First Amendment, biometric privacy, privacy implications of web scraping and aggregation of “publicly available” information, privacy rights enforcement and justiciability, robocall protections, and limiting the flow of location data. Megan has filed amicus briefs on emerging privacy and technology issues in cases before the U.S. Supreme Court, federal appellate courts, and the high courts of California, New Jersey, Pennsylvania, and Massachusetts. Megan has also argued for EPIC before the New Jersey Supreme Court in State v. Andrews (compelled decryption of a cell phone) and Bozzi v. City of Jersey City (right to privacy in personal information in government records).

Previously, Megan was the Organizing Director of Just Foreign Policy, where she led grassroots campaigns promoting progressive foreign policy reform. Megan graduated from Georgetown Law, where she was a Public Interest Fellow. During law school, Megan worked at the United Nations Relief and Works Agency (UNRWA) in Jerusalem, Georgetown’s Human Rights Institute, and Georgetown’s Center on Privacy & Technology. She received her undergraduate degree from New York University. Megan is a member of the D.C. bar.


Lorraine Kisselburgh, the immediate past Chair of ACM’s global Technology Policy Council, is a social scientist studying the social implications of emerging technologies, including privacy, ethics, and collaboration (see Privacy Ethics in Research and Design); technological contexts of social interaction; and gender in STEM contexts. She has been awarded over $2 million in grants to support her research and teaching, including $1.1 million from the National Science Foundation at Purdue University, where she developed a framework to enhance ethical reasoning skills of researchers, and platforms for creative collaboration. She has been recognized as a Faculty Fellow in the Center for Education and Research in Information Assurance and Security (CERIAS), the Inaugural Faculty Scholar in the Butler Center for Leadership, a Diversity Faculty Fellow, and was recipient of the Violet Haas Award in recognition of her efforts on behalf of women.

A member of ACM’s USTPC since 2005, she was also a member of the 2018 Task Force to revise ACM’s Code of Ethics. She currently serves on the Board of Directors for the Center for AI and Digital Policy (CAIDP) where she leads an Advanced AI Policy Seminar; as Co-Chair of the IEEE AI Governance Standards Committee (Case Studies); and on the Advisory Board of the Electronic Privacy Information Center (EPIC). In 2018 she was Scholar-in-Residence at the Electronic Privacy Information Center (EPIC) in Washington, D.C., coordinating the development of the Universal Guidelines for Artificial Intelligence. She received her M.S. and Ph.D. from Purdue University, and her A.B. cum laude from the University of Southern California.


Mark Rasch is a computer security and privacy expert and a lawyer in Bethesda, Maryland and a Professor of Cyberlaw and Cyber-crime at George Washington University School of Law. Rasch’s career spans more than 35 years of corporate and government cybersecurity, computer privacy, regulatory compliance, computer forensics and incident response.

Earlier in his career, Rasch was with the U.S. Department of Justice where he led the department’s efforts to investigate and prosecute cyber and high-technology crime, starting the computer crime unit within the Criminal Division’s Fraud Section, efforts which eventually led to the creation of the Computer Crime and Intellectual Property Section of the Criminal Division. He was responsible for various high-profile computer crime prosecutions, including Kevin Mitnick, Kevin Poulsen and Robert Tappan Morris.

Mark is a frequent commentator in the media on issues related to information security and is the author of hundreds of articles about the Internet, Internet privacy, hacking, cryptocurrency, blockchain and ransomware.


Jody Westby is the CEO of Global Cyber Risk LLC, a cybersecurity advisory and technical services consulting firm. GCR’s clients include large, mid-sized, and small businesses, non-profit organizations, and governments to evaluate their cybersecurity posture, identifying gaps and deficiencies, and remediating exposures. Ms. Westby also is a professional blogger for Forbes, serves as Adjunct Professor to Georgia Institute of Technology’s School of Computer Science, and was previously Adjunct Distinguished Fellow to Carnegie Mellon CyLab. She was lead author on Carnegie Mellon’s Governing for Enterprise Security Implementation Guide, which was developed for boards and senior management and authored the 2008, 2010, 2012, and 2015 Governance of Cybersecurity survey reports. Prior to founding Global Cyber Risk, Ms. Westby served as senior managing director for PricewaterhouseCoopers where she was responsible for information security, privacy, information sharing, and critical infrastructure protection issues across the federal government. Previously, Ms. Westby was Director of Domestic Policy for the U.S. Chamber of Commerce.

Ms. Westby is a member of the bars of the District of Columbia, Colorado, and Pennsylvania, and of the American Bar Association (ABA). She is chair of the ABA’s Privacy and Computer Crime Committee (Section of Science & Technology Law) and was chair, co-author, and editor of its International Guide to Combating Cybercrime, International Guide to Cyber Security, International Guide to Privacy, and Roadmap to an Enterprise Security Program (endorsed by the Global CSO Council). She is author of the Legal Guide to Cybersecurity Research and the Legal Guide to Botnet Research, published by ABA Publishing in July 2013. Ms. Westby also serves as co-chair of the ABA Criminal Justice Section’s Cybercrime Committee. She is serving her fourth term on the ABA President’s Cybersecurity Task Force. She received her B.A., summa cum laude, from the University of Tulsa, and a J.D., magna cum laude, from Georgetown University Law Center. She is a member of the Order of the Coif.


Scraping By: Reconsidering Law & Technology for Online Data Collection

Follow Us!

For news of upcoming HotTopics programs follow @ACMpolicy and @USTPC on Twitter. Miss prior HotTopics? Catch them all here on demand.

Join USTPC here.