[titusjohnson]

There is clearly an API in play here. The article mentions it numerous times. The client app has to use an API to get its data, that's a downside of deploying a SPA. You need to make an API for it to get data from.

If you don't want to make an API that exposes raw data just write a SSR app. If you want to deploy a SPA, well, you have to deploy an API as well and you need to plan around the fact that when you throw an API out into the wild and authorize people to use it (by handing out auth tokens), well, people are gonna use it.

[infogulch]

Using SPA vs SSR as the sole factor in determining "published" status rings hollow for me, because it completely excludes any analysis based on intent, and intent usually matters in law! (Though I admit I'm not familiar in this case and this country.)

Also it's easy to poke holes: does this mean that scraping data from html is always hacking, regardless of the expressed intent? (See recent Missouri case for what that might degenerate into.) What if it's "semantic web" and the html contains metadata specifically designed to aid data extraction?

I think the parents should own the data, and that's why it should be open. But I don't think drawing the line based on which kind of technology is used to deliver the content is a good method of adjudicating published intent.

[titusjohnson]

Publication intent is trivial to verify.

Q) Are you able to retrieve a document using the credentials issued to you by the API? A) Yes: Then you're authorized to view it. No: You're not authorized to view it.

An API is the encoding of business rules around data access and modification. If your API is allowing access that you don't intend a user to have, fix your authorizations.

[infogulch]

See I like this argument better because it has nothing to do with being an API or HTML and everything to do with access authorization. It doesn't make sense for the government to have the power to control how the data the parents are authorized to view is displayed, or what tool they use to display it.

[zmmmmm]

> drawing the line based on which kind of technology is used to deliver the content is a good method

Apart from other reasons, it would almost certainly result in providers obfuscating data or reverting to SSR which is a perverse outcome.

[munk-a]

It might technically look like an API - but it could still not count as an API legally (for the constitutional trick) if the interface was not intended to be public.

If you want to stretch the terms, everything on and off the web that does communication is basically an API - it's just that some of those APIs use JSON to encode their data and make it really easy to access... and some of them bury it in mountains of HTML - but if the data is there the data is there. There really isn't a functional difference between a scraper that goes from TEXT => DATA and a json decoder that goes from TEXT => DATA except how easy it is to write and maintain it.

One outcome of this fight might be that government organizations are directed to use more proprietary communication methods which would be a poor outcome for everyone involved.

[urvader]

The law is not specific at all in regards to the format of the document. So to talk about an “API legally” has no meaning. In a private scenario it makes sense but what we are talking about here is public documents which are sent through an API. The city has responsibility to only send information I have (as a parent) legally right to see. How I parse it and present it is up to me as citizen (through an app or save it as json and upload to an excel file or such)

One implication of this project could be that government agencies in Sweden can not have private API:s.

To use more proprietary methods (private api:s) will have no effect on the constitutional law. You still have received a public document as a citizen.

[zmmmmm]

> How I parse it and present it is up to me as citizen

I know technologists like to think that way but very often the law doesn't work like that. They will think about intent - was the intent to give you the raw data or was the intent to convey a specific representation of it that may omit some parts or further transform or presentation layer changes to achieve a different final result to what the raw data would have conveyed?

If it is the latter then that is the "public document" you have access to, not the raw data from the API.

[KajMagnus]

> convey a specific representation ... is the "public document" you have access to, not the raw data

Seems you're saying it might be illegal to convert a HTML file to PDF format, or to use a screen reader to read the text.

I wonder in which country you are (where apparently there can be laws like that)

[withinboredom]

Or even just print it out. Or put it in a binder. Or make it your desktop wallpaper. Or print it on your toilet paper rolls. Or make paper airplanes out of it. Hmmm it seems like this is a bit of a ridiculous argument. I highly doubt any free government would/could make it illegal for me to print the laws on toilet paper, downloaded via their API.

[bjourne]

An app that parses a news sites articles, removes all advertisements from it, and adds its own might very well be illegal in some jurisdictions.

[zmmmmm]

that would be a bit less clear I think .... perhaps it may make it more concrete to think about an example.

Say the education department has a requirement that where ever a student's grades are displayed, the legend to explain their meaning and a disclaimer about limitations is included. It could even be a hard requirement (like, they got sued once for not doing it so their lawyers have told them they must enforce this). So they are careful that in their app, that requirement is always satisfied, since failing to do that could lead to harmful confusion that could impact a student.

So in their view the "document" they made public is the fully rendered version of that. If you print it out you are effectively doing a transformation that preserves its form and essential characteristics. If you screen shot it, cut out the disclaimers and legend and then paste it on a public web site ... you could create the same problems that you are by taking raw data out of the API.

[munk-a]

Here's one possible issue though - I asked (in another sibling comment) if `ls` could be considered a filesystem API - I strongly believe it is. That means we probably (for sanity's sake) need to differentiate internal vs. external APIs and provide a method for safely allowing this public document method to be well defined.

If a spy is filling out an expense report via secure email after an undercover mission to Norway (trying to figure out if Norway is hording lutefisk, I assume) which ends up resulting in a bombshell report to the public about international lutefisk accessibility then that report is clearly public - but the spy's expense report (including, I'd assume, their identity) is something that should logically be kept secret. There's some press secretary in the middle that takes the raw information and turns it into the scandal we all know it would be.

The data being transmitted over an API is not intended to be directly consumed by the public - there is, instead, an application that exists to take that raw data and transform it into something that is publicly viewable. That application is the corollary for our press secretary here.

I am concerned this might be a bigger rabbit hole than you expect. I totally agree that the town shouldn't flip out and be stupid calling in legal authorities like it currently is - but I think this might be more complex.

[withinboredom]

In this particular example, It’s likely none of that would be digital (over the web) and it would be classified.

[munk-a]

Possibly? Or maybe they use a web based expense reporting system like almost everybody in the modern world. I also think it's a pretty open argument whether the definition of what is and isn't an API relies on things being served on the web.

[monocasa]

Privately documented APIs are still APIs.

[munk-a]

I don't disagree (though when it comes to this particular case it's a question of what the opinion of Swedish courts is) but there's just a lot of grey area there.

Would you consider `ls` an API for exposing your filesystem?

[iamstupidsimple]

> Would you consider `ls` an API for exposing your filesystem?

I don't see why not.

It has an interface for input and output, conforms to well known specifications and is publicly documented.

There's also multiple implementations behind the API.

[randomswede]

I would consider "ls" a presentation tool that uses an API to present information about a file system. I would consider stat/lstat/opendir/readdir/closedir the API that "ls" use to gather the information.

[monocasa]

When you combine it with shell scripts, I'd say that ls is an API to itself.

[tsimionescu]

> One outcome of this fight might be that government organizations are directed to use more proprietary communication methods which would be a poor outcome for everyone involved.

I agree with the rest of your argument, but I think that this part is not necessarily a good example of the risks. Far easier would be to use a shared key between the app and the site, and thus use encryption to prevent reading the data, while still sending it in JSON over HTTPS. A pinned certificate would do the trick, at least on phones which prevent the user from inspecting app bundles.

[munk-a]

I think it depends on the outcome of the case - I could see some possible resolution like the Swedish supreme court declaring that JSON counts as a public record and that forcing a block on prohibitive encryption of JSON endpoints offered by the government (assuming everything the OP said about constitutionality is correct).

We've seen such bizarre technical decisions from high courts before.

[aliswe]

I dont think the swedish legal system uses precedents though. Does that matter?

[munk-a]

I don't know - I think all legal systems use precedents to a certain extent - they're just extremely formalized in America and Britain. Sorry but I'm not familiar enough with their system to reply with confidence but I would say that if a high court in a country rules a certain way, even if that isn't binding to future rulings, it will cause people to adjust their behavior to avoid falling into a trap that's been clearly called out already.

Uh, also, IANAL.