i think the point of the article, or at least our interest in it, is that this is a terrible business arrangement. if you can't look at past tolerance as evidence of acceptable use, then you effectively can't ever afford to invest in building a business unless you're lawyered-up
Why is any other business obligated to help you invest in building your own business?
Obviously, Google and others who have innovated in the space can set the terms of service as onerous or ambiguous as they want to. You can choose whether or not you want to invest in building something around someone else's products.
Don't like the TOS? Develop it yourself or use another product.
The grandparent was saying why Google should be less ambiguous: because more people will build on top of their apis if the legal situation is predictable. The comment was written from the point of view that Google is setting up bad incentives if they want developers to use their apis, not that developers have a moral right to Google being reasonable.
You seem to say those are the only two options. There's clearly a third one: use the API and, if they suddenly enforce the excessively onerous terms, go public in an effort to make them back down from public pressure.
This has been shown viable time and again, with App Store rejections and the like. It is obviously high-risk but sometimes worthwhile.
There is a bunch of laws that govern what someone who has innovated, developed, and authored can and can't dictate; they're called "intellectual property laws". Even if they've collected it, Google does not own information about the road system; facts themselves, like "Road A exists at lat X and long Z", cannot be copyrighted.
See Feist v. Rural Telephone for more on this. The only reason application of Feist is generally limited in cases of online access is because we have a theory that accessing a publicly available database containing phone numbers is akin to accessing someone else's private property, and therefore they can dictate whatever they want under theories like trespass to chattels, whereas consulting a printed telephone book in your home is decidely not accessing the phone company's property.
This is a pernicious, subtle issue now that we're becoming so dependent on online access provided by someone else's servers instead of accessing printed documents that we possess in our homes. Possession is 9/10 of the law, as they say. We need to rethink how "possession" applies to digital resources.
Likewise, there are laws around how much access a private property owner must grant to members of the public, especially if that property owner is running a business that is generally accessible to the public. Private property owners are allowed to declare some people trespassers, but each jurisdiction has different laws surrounding what the public can do on private property and when a trespass is allowable. For example, California's state constitution guarantees the right to hold reasonable protests in private shopping centers that are generally accessible to the public, whether the property owner likes it or not.
No one is saying there is a requirement for another business "to help invest" in any other; there may be requirements not to interfere with someone else's business by attempting to block what is otherwise public and freely available access to non-copyrightable information.
IANAL.
Routebuilder is fortunate that OpenStreetMap has collected much of the same data and that they can just code against a different API and continue to operate.
"Mapping data" is too broad of a term, because it probably includes a lot of copyrightable information. However, the factual basics, like GPS coords, are not copyrightable.
An individual data point maybe not, but even something like "there is a road between X1,Y1 and X2,Y2" you can't just extract from Google Maps and put in OSM, at least not multiple times. There are surprisingly few generally usable data sources (some government datasets that have been put under open licenses, Microsofts permits to use Bing's aerial photography as a basis for OSM, ...)
I'm not sure if OSM really needs to be as cautious as they are. I don't see how you could argue that "Main St begins at X1, Y1" and "Main St end at X2,Y2" is a single copyrightable work instead of 2 separate non-copyrightable facts. The sentence or package which contains these two separate data points may be a unique work that qualifies for copyright protection, but the raw data points aren't once you separate them out.
Open-source projects have a history of being hyper-sensitive to these concerns so that they never have to waste time with lawyers lobbing IP claims. A certain distribution derived from the sources released by a prominent North American enterprise Linux vendor comes to mind, as does WINE's refusal to accept any code from anyone who has any relationship with or connection to Microsoft whatsoever.
Google has clear TOS that disallow copying data so it isn't just about copyright, and EU database rules are anyway a much bigger concern than US copyright law.
OpenStreetMap needs to be useful for everyone, not just people in jurisdictions with more liberal copyright laws.
But you can't really separate these datapoints, at least not in a legally safe manner. If you take a "work", reduce it down to the basic data it probably was created from and rebuild a basically identical work, how do you defend against the claim that you copied it? You could try to go through multiple steps, done by different entities, and hope to hide that way, but coordinating that makes you vulnerable again.
How could a project like OSM make sure that it didn't happen on a large, clearly violating scale (because many people make copies of small parts, recreating the larger, protected work), especially if it isn't established what an internationally safe standard is.
In practice, you are right, you can copy a single street from google maps to OSM. I bet some mappers in the history of OSM have traced screenshots of google maps or something. But that is only safe because it can't be proven, unless you are unlucky enough to copy a canary.
If all you have is a compilation of facts, then yes, people can copy the data points one by one, alter the format slightly, and have a wholly separate work that has no legally recognized parentage. This is why you don't see a lot of plain collections of facts for sale.
As far as I know, Google Maps is protected from scripts copying the data points out only by its Terms of Use, which the CFAA basically eval()s into law.
Google Maps won't disappear overnight because they do provide a substantial amount of beneficial proprietary data, like the illustrations and private aerial/satellite imagery (imagery from sources like NASA is public domain), their scripts that allow easy embedding, the ability to connect to one's Google account, and so forth. But there is no legal protection of the raw data points used to build Google Maps as far as I know.
Let me reiterate that I'm not a lawyer and no one should do anything based on my posts.
> Why is any other business obligated to help you invest in building your own business?
They aren't, but most businesses are regulated to prevent them from screwing your business.
If were renting a property for my burger stand a fast food giant could not buy the property and evict me without notice.
Common carriers from shippers to telecoms are regulated. Banks and lending are regulated too. Many businesses are regulated. Sure it slows things down, but it also creates stability.
I do not know what fair API use looks like, but some kind of regulation seems likely. Likely the kind of thing in the article will fall into grey areas.
Sorry, but if we just look at the Google Maps API as an example, it would be a HUGE stretch to consider them a common carrier. The mapping data industry has huge competition right now. We're not even in the same realm of consideration for "regulation" of an API. That is ridiculous.
The simple reality is that Google can control in any way shape or form how their API is consumed. Like I said, if you don't like that, don't build your business on the API. You do not have a right to anyone's API, regardless of how important the data is to your pet project or unicorn idea.
This same argument comes up when the Twitter API consumers get all up in arms because the business they built solely on top of Twitter's platform is all the sudden deemed irrelevant because of API access changes or terms of service changes. Tough tootles! And guess what, your API scraping twitter feed re-display iOS app is not innovation!
I personally think that "free APIs" are great, but if you don't have it in your business plan to share a portion of your revenue with external API data providers when they eventually ask, then you are going to get yourself in the position that the OP did.
> We're not even in the same realm of consideration for "regulation" of an API. That is ridiculous.
Why not ? Plenty of financial APIs are regulated (and beyond horrible). The government has decided that anyone with a banking license and a certain amount of money stored at the central bank can use them. And God help you if you try to use the international APIs, they are so incredibly incredibly horrible.
Without this plenty of financial services wouldn't exist, no way would smaller banks be able to operate. Despite how badly designed it all is, without a doubt it is a very good thing that these APIs exist and are regulated.
Maybe regulation of APIs is exactly what we need. Hell, maybe we can even learn from the mistakes in financial APIs first and then regulate these APIs.
Yes. The current legal situation with access to online resources is an absolute, unmitigated disaster.
My advice to anyone building anything significant off an API or scraped access: do it anonymously. Never reveal your real identity. Never use your real IP. Don't process credit cards. Don't register an identifiable LLC. Run it out of China or Russia where American companies will have a hell of a time trying to get to you.
If you depend on one entity's API, that entity is not going acquire you. At best, your product will be ripped off and they'll make you irrelevant. This happens to popular mobile applications all the time.
At worst, you'll get sued civilly, get your wages and bank accounts garnished, lose all of your possessions, and get criminally prosecuted under the CFAA, end up doing some time, and eventually get released with the stipulation that you never touch a computer or access the internet again for the rest of your life.
Unless you can ramp up to doing tens of millions of revenue per year (or have investors willing to pony that up) before the company you depend on notices/decides they don't like you anymore and sends out their law firm, you're dead meat, no matter what the details of your case are and no matter how wrong they are.
These are not problems you want. It's easier to put your service in the onion and run it from there, access all external data via proxy, only accept Bitcoin for payment, and never tell anyone the link to your real-world identity. Granted it takes good opsec to continue this for a long time, which is really hard to pull off, but it may be doable depending on your level of commitment.
Scraped content is one thing, but most APIs require a unique key. Forget "trying to get to you": they already know everything they need to know to cut off your API access.
Break their mobile apps. Use their own API key against them. Also break their websites.
For example, for Google, look at Google Keep – that one leaks API keys directly in the list of accessed URLs, the key has been the same for years, and provides access to Maps and Keep. Same with YouTube (the app packages an API key for the v3 data API) or the WolframAlpha app. Many more apps, from simple "what’s for lunch at my uni’s cafeteria" to Transit apps all leak API keys. Preferably you use the key of an app from the same company which maintains the API, so you can guarantee to always find a recent one.
I spent a few weeks last summer extracting API keys for next to all services out of apps, and breaking some DRM solutions, just to get experience with reversing software (which was something I had a course about at uni at the same time, and the experience helped me with homework).
A rotating schema of pirated API keys seems even less sustainable than just risking use of a proprietary API. Not something on which I'd want to build a business either. At some point, the effort of reverse engineering exceeds that of actually building the damn thing for yourself.
The reverse engineering can be automated (as the official apps have to use the key at some point), and as the official app won’t get cut off from support, you can just continue using the latest version of it.
Yeah, but you can usually acquire an network of API keys without making the connection obvious (depends on their API access policies of course) and rotate them as appropriate. Also, many APIs offer the same data through a public interface that can be accessed by scraping, so you can scrape and avoid identifying yourself.
LLCs do not protect against tort liability. They'll pierce the veil. See Facebook v. Power Ventures, Inc., where the founder was found personally liable for 3 million dollars in damages despite the fact that he was a) accessing Facebook on a specific user's behalf at their request and therefore was essentially a browsing device and b) was not violating copyright by any reasonable standard (Ticketmaster v. RMG is not reasonable) since the content he was downloading was owned by the user requesting the download.
and that's bad for tech, and bad for america