g31000harvestThe website for the G31000 Global Institute of Risk Management has been discovered to be harvesting content from its LinkedIn ISO 31000 discussion group, apparently without permission of LinkedIn and against its terms of service. Furthermore, the site is posting LinkedIn user photos and contact information without the permission of such users.

The “Discussions” page on the G31000 site “clones” selected discussion threads from the G31000 LinkedIn group, without any redaction of user personal information. This would appear to be a serious breach of both the LinkedIn User Agreement. While an examination of the site’s code seems to show an official LinkedIn API is not being used to gather the information, if G31000 were using a legally obtained API, it would still be in violation of the LinkedIn APIs Terms of Use, which prohibits harvesting entire content, and posting user information without first requiring users to opt into such third party usage.

In just one example discovered on 1 April, 2014, posts originally appearing on LinkedIn, for members only, appeared on the public G31000 and cloned information that included two members’ private email addresses as well as many users’ names and photos. (The photo below shows the information, with member emails redacted.)

G31000 clones LinkedIn content

Click to enlarge

The G31000 LinkedIn page was shut down for nearly a week after the profile of the organization’s founder, Alex Dali, was investigated for containing fabricated information. Mr. Dali’s profile was restored once he provided LinkedIn documented evidence, but the profile of an alleged G31000 female employee was permanently deleted, when it was discovered to have been utilizing a photo of an cosmetics model, and was actually being used by Mr. Dali. The use of photos of anyone other than the member is prohibited by LinkedIn terms of service.

G31000 appears to stand in multiple violations of the LinkedIn policies, including this section of the general User Agreement (emphasis added):

7.2. Misuse of the Services

LinkedIn may restrict, suspend or terminate the account of any Member who abuses or misuses the Services. Misuse of the Services includes inviting other Members with whom you do not know to connect; abusing the LinkedIn messaging services; creating multiple or false profiles; using the Services commercially without LinkedIn’s authorization, infringing any intellectual property rights, violating any of the Do’s and Don’ts listed in Section 10, or any other behavior that LinkedIn, in its sole discretion, deems contrary to its purpose

In addition, LinkedIn prohibits a user to “reverse engineer, decompile, disassemble, decipher or otherwise attempt to derive [LinkedIn] source code.” By copying the content, G31000 may have violated a large number of specific prohibitions, such as that a user may not:

  • Sell, sponsor, or otherwise monetize a LinkedIn Group or any other service or functionality of LinkedIn, without the express written permission of LinkedIn
  • Deep-link … unless expressly authorized in writing by LinkedIn or for the purpose of promoting your profile or a Group on LinkedIn as set forth in the Brand Guidelines
  • Remove any copyright, trademark or other proprietary rights notices
  • Collect, use, copy, or transfer any information, including, but not limited to, personally identifiable information
  • Share information of non- Members without their express consent
  • Infringe or use LinkedIn’s brand, logos or trademarks
  • Use manual or automated software, devices, scripts robots, other means or processes to access, “scrape,” “crawl” or “spider” any web pages or other services contained in the site
  • Use bots or other automated methods to access LinkedIn, add or download contacts, send or redirect messages, or perform other similar activities through LinkedIn, unless explicitly permitted by LinkedIn
  • Engage in “framing,” “mirroring,” or otherwise simulating the appearance or function of LinkedIn’s website

Alex Dali has relied on the size of the G31000 discussion group — currently at over 30,000 users — as a means of establishing the organization’s validity in the risk management profession.

In a related problem for Mr. Dali, his profile has been updated to indicate he is employed by LinkedIn, which is untrue.  This would be a violation of LinkedIn policy which mandates a user may not “misrepresent … current or previous positions and qualifications, or … affiliations with a person or entity, past or present.”

dalilinkedin3

LinkedIn has acknowledged that they are investigating the issues.

Advertisements

ISO Benchmark

Why we report on these topics

Since 2000, Oxebridge has worked to improve ISO and related certification schemes by identifying problems and then proposing solutions. We report on issues affecting standards users because so few other news outlets do. Our belief is that in order to fix the problems in these schemes, we must first understand the nature and breadth of those problems. Our reporting aims to do just that. Elsewhere on the Oxebridge site you will find White Papers and other articles proposing ideas to correct these problems.

Services

Available Tools

Oxebridge SWAG