http://qs1969.pair.com?node_id=381667

fletcher_the_dog has asked for the wisdom of the Perl Monks concerning the following question:

A friend of mine recently approached me about paying me to write some software that would automatically login into various websites to automatically check if his balances for things like cell phone minutes, checking accounts, credit card accounts are running low. This software would either email him or call him if anything was running low. This seems like it would be easy enough to do, as I have done similiar things with WWW::Mechanize before. My main concern is if there are any legal issues with automatically logging into websites, especially if it is for profit. Has anyone had any experience with this?

Replies are listed 'Best First'.
Re: OT: How legal are automated logins
by Joost (Canon) on Aug 10, 2004 at 17:39 UTC
[reply]
[reply]
        Check the robots.txt as well.
        Why? He's not spidering the website.

        MJD says "you can't just make shit up and expect the computer to know what you mean, retardo!"
        I run a Win32 PPM repository for perl 5.6.x and 5.8.x -- I take requests (README).
        ** The third rule of perl club is a statement of fact: pod is sexy.

[reply]
Re: OT: How legal are automated logins
by waswas-fng (Curate) on Aug 10, 2004 at 19:20 UTC
    So the complete steps for you would be:

    1. Collect the TOS and other license info from all the sites that you would wish to use this way.
    2. Collect the robots.txt files.
    3. Collect all of the information about your company.
    4. Contact a lawyer and get a legal opinion on what you are trying to do.


    These steps will get you good insight as to where your possible liabilities would be for offering this as a service or product. You will want to actually go through these steps as when you step over the threshold of doing something like this for personal use to doing it for profit you become a much bigger target for legal actions. I personally would not do it unless I had a lawyer tell me that there was very solid ground to stand on and I had some sort of company entity to sheild me from liability.


    -Waswas
[reply]
      Checking for robots.txt should not be done just once, but regularly. And not all terms of service are only readable by a lawyer.
[reply]
        I guess I would prefer the person to actually be defending me in a lawsuit tell me the scope of the license and my liabilities. I choose to specialize in unix, programming and networking not law -- Let me find bugs in the Layer's code and let him guide me on legal issues. =)


        -Waswas
[reply]
Re: OT: How legal are automated logins
by DrHyde (Prior) on Aug 11, 2004 at 08:48 UTC
    Oh for pity's sake, stop worrying! Just do it. If the service providers object, they can tell your friend to stop using your software.
[reply]
Re: OT: How legal are automated logins
by zentara (Archbishop) on Aug 11, 2004 at 12:46 UTC
    I wouldn't worry about the bank's robot.txt as much as what your "friend" will do if somehow his account gets hacked? Will he unjustly blame(and possibly sue) you?. You are doing it for money, so beware. Friendships can die quite suddenly when thousands of dollars are involved. Write a contract that makes it "his responsibility" for the use of the script.
    I'm not really a human, but I play one on earth. flash japh
[reply]
      This post comes closest to the real issue. It's perfectly legal for your friend to use such a program, but quite illegal for anyone else to use it, even you when you're testing it. This is because only your friend is the authorized user of any such accounts.

      It then only becomes illegal for your friend to use such a program if it creates some sort of unnecessary system load on the various companies' servers. Not likely, but you might be liable if it's due to a bug in your code (in theory, anyway).

      But if you think about it, the real problem that every post here has danced around is whether or not such a script doesn't have some pretty nasty inherent security flaws. Is it wise for such a program to exist anywhere that has automated access to your friend's financial information? Even the companies in question only have access to their own data, not ALL of it.

      I would refuse to set up such a system. If he wants someone to watch his balances for him, he needs a personal assistant and an agreement with the banks that the assistant has access to the info (or a caring wife whose name is also on the accounts). :-)

      Or, best of all, he should find out whether or not the banks themselves offer some sort of similar service. (You never know, and way more secure than any of the above.)

[reply]
        I would probably refuse to setup such as system too, even for myself.

        This brings up the whole spectre of 'weak security' on the internet, when it comes to financial data: WI-FI weaknesses, the ubiquitous "4-digit unique user access number", and the stupidity of people letting "their browser 'remember' the logon passwords to their account, while leaving their computers running unattended 24/7". It seems that "wide-eyed optimistic designers" are rushing in and promising banks that their security measures are adequate, for their proposed growing internet access projects.

        Either the financial institutions are willing "to eat losses" caused by the weak security, in order to save on security design; or they are just plain ignorant. I expect to see a "giant scandal" soon, on the level of an Enron ripoff, which will prompt the endless Congressional commitees and yada yada yada.........

        I'm not really a human, but I play one on earth. flash japh
[reply]

Back to Seekers of Perl Wisdom