The website for the G31000 Global Institute of Risk Management has been discovered to be harvesting content from its LinkedIn ISO 31000 discussion group, apparently without permission of LinkedIn and against its terms of service. Furthermore, the site is posting LinkedIn user photos and contact information without the permission of such users.
The “Discussions” page on the G31000 site “clones” selected discussion threads from the G31000 LinkedIn group, without any redaction of user personal information. This would appear to be a serious breach of both the LinkedIn User Agreement. While an examination of the site’s code seems to show an official LinkedIn API is not being used to gather the information, if G31000 were using a legally obtained API, it would still be in violation of the LinkedIn APIs Terms of Use, which prohibits harvesting entire content, and posting user information without first requiring users to opt into such third party usage.
In just one example discovered on 1 April, 2014, posts originally appearing on LinkedIn, for members only, appeared on the public G31000 and cloned information that included two members’ private email addresses as well as many users’ names and photos. (The photo below shows the information, with member emails redacted.)
Click to enlarge
The G31000 LinkedIn page was shut down for nearly a week after the profile of the organization’s founder, Alex Dali, was investigated for containing fabricated information. Mr. Dali’s profile was restored once he provided LinkedIn documented evidence, but the profile of an alleged G31000 female employee was permanently deleted, when it was discovered to have been utilizing a photo of an cosmetics model, and was actually being used by Mr. Dali. The use of photos of anyone other than the member is prohibited by LinkedIn terms of service.
G31000 appears to stand in multiple violations of the LinkedIn policies, including this section of the general User Agreement (emphasis added):
7.2. Misuse of the Services
LinkedIn may restrict, suspend or terminate the account of any Member who abuses or misuses the Services. Misuse of the Services includes inviting other Members with whom you do not know to connect; abusing the LinkedIn messaging services; creating multiple or false profiles; using the Services commercially without LinkedIn’s authorization, infringing any intellectual property rights, violating any of the Do’s and Don’ts listed in Section 10, or any other behavior that LinkedIn, in its sole discretion, deems contrary to its purpose
In addition, LinkedIn prohibits a user to “reverse engineer, decompile, disassemble, decipher or otherwise attempt to derive [LinkedIn] source code.” By copying the content, G31000 may have violated a large number of specific prohibitions, such as that a user may not:
- Sell, sponsor, or otherwise monetize a LinkedIn Group or any other service or functionality of LinkedIn, without the express written permission of LinkedIn
- Deep-link … unless expressly authorized in writing by LinkedIn or for the purpose of promoting your profile or a Group on LinkedIn as set forth in the Brand Guidelines
- Remove any copyright, trademark or other proprietary rights notices
- Collect, use, copy, or transfer any information, including, but not limited to, personally identifiable information
- Share information of non- Members without their express consent
- Infringe or use LinkedIn’s brand, logos or trademarks
- Use manual or automated software, devices, scripts robots, other means or processes to access, “scrape,” “crawl” or “spider” any web pages or other services contained in the site
- Use bots or other automated methods to access LinkedIn, add or download contacts, send or redirect messages, or perform other similar activities through LinkedIn, unless explicitly permitted by LinkedIn
- Engage in “framing,” “mirroring,” or otherwise simulating the appearance or function of LinkedIn’s website
Alex Dali has relied on the size of the G31000 discussion group — currently at over 30,000 users — as a means of establishing the organization’s validity in the risk management profession.
In a related problem for Mr. Dali, his profile has been updated to indicate he is employed by LinkedIn, which is untrue. This would be a violation of LinkedIn policy which mandates a user may not “misrepresent … current or previous positions and qualifications, or … affiliations with a person or entity, past or present.”
LinkedIn has acknowledged that they are investigating the issues.
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 35 years’ experience implementing ISO 9001 and AS9100 systems, and helps establish certification and accreditation bodies with the ISO 17000 series. He is a vocal advocate for the development and use of standards from the point of view of actual users. He is the writer and artist of THE AUDITOR comic strip, and is currently writing the DR. CUBA pulp novel series. Visit www.drcuba.world
