EFF Says IETF Plan Will Limit Automated Access to Web Data
EFF warns IETF's Anonymous Bot Authentication will restrict automated web data access.
Why it matters: This proposal could block tools journalists, researchers, and legal analysts use to gather public web data. Legal professionals must monitor its impact on digital transparency and compliance.
- EFF criticizes IETF's Anonymous Bot Authentication (ABA) draft for restricting access by automated tools.
- ABA enables websites to anonymously verify bots to control their resource use on the site.
- Automated traffic makes up more than 50% of web traffic overall, and 35% on Wikimedia.
- IETF’s Web Bot Auth Working Group is debating how to regulate bots without blocking open data access.
The Electronic Frontier Foundation (EFF) has formally objected to the Internet Engineering Task Force's (IETF) proposed draft on "Anonymous Bot Authentication" (ABA), which would set new methods for websites to identify automated traffic without revealing bot identities.
ABA aims to let websites verify bots with anonymous credentials, enabling control over site access and resources. While this approach protects bot privacy, the EFF warns it could block many automated tools journalists, researchers, and legal analysts rely on to freely gather publicly available information for oversight and analysis.
EFF staffer Tori Noble highlighted that unrestricted automated access to web data supports transparency and legal accountability, calling ABA "a potential barrier to essential watchdog functions." Their concern aligns with legal policy expert Alison Macrina, who told us, "Without careful limits, these controls risk undermining critical research and legal data collection conducted via bots." (Stanford Cyberlaw Blog).
Automated agents already drive a large share of web traffic. Cloudflare reports over 50% of all web requests come from bots, while Wikimedia documents 35% bot-generated traffic on its pages (Cloudflare report). The IETF Web Bot Auth Working Group (WG page) continues debating how to balance bot authentication for resource management without blocking access to public data.
The issues raised by ABA have broader implications for internet governance, legal compliance, and journalistic freedoms, as automated data collection tools underpin many legal tech products and compliance monitoring efforts. Restrictions on these tools could require rethinking digital access laws and policies.
By the numbers:
- 50% — estimate of web traffic that is automated according to Cloudflare
- 35% — Wikimedia’s traffic from automated bots
- June 2026 — date of EFF’s public notice on IETF ABA draft
Yes, but: While ABA aims to protect websites from harmful traffic and preserve bot privacy, critics argue it could unintentionally hinder legitimate automated data access critical to legal and journalistic work.
What's next: The IETF Web Bot Authentication Working Group will continue discussions on ABA through late 2026, with potential revisions to address public concerns.