This past month, professional networking site LinkedIn Corp., was given more time to file a petition for certiorari challenging a Ninth Circuit finding that hiQ Labs Inc. (“hiQ”), a workforce data analytics startup, did not violate federal hacking laws by “scraping” LinkedIn member profiles without LinkedIn’s permission.
Data scraping, or web scraping, is a method where a computer program extracts data from websites. The data that is extracted is often considered to be human-readable information. The question of who owns data that is scraped from public websites is now at the doorstep of one of the largest technology social media companies in the United States.
A preliminary injunction was first granted as to LinkedIn’s bot blockers, “holding that it was unlikely that [LinkedIn] would be able to prove its Computer Fraud and Abuse Act claim.” hiQ Labs Inc., 273 F.Supp.3d at 1103. Moreover, the district court found that hiQ would suffer irreparable harm in the absence of preliminary relief. Therefore, it did not reach an answer on the question of the DMCA. hiQ Labs Inc., 273 F.Supp.3d at 1105. LinkedIn quickly appealed to the Ninth Circuit, arguing that they are not required to give hiQ, or any other company, a “free ride” and, thus, the preliminary injunction should be thrown out. Hailey Konnath, LinkedIn Can’t Halt Startup’s Info Scraping, 9th Cir. Says, Law360, Sept. 9, 2019. However, the Ninth Circuit panel agreed with the district court and affirmed that the data hiQ scrapes is not owned by LinkedIn, nor has it “been demarcated by LinkedIn as private using such an authorization system.” hiQ Labs Inc. v. LinkedIn Corp.. Accordingly, the Ninth Circuit found that “HiQ has therefore raised serious questions about whether LinkedIn may invoke the CFAA to preempt hiQ’s possibly meritorious tortious interference claim.” hiQ Labs Inc., No. 17-16783 at 34. Importantly, the Ninth Circuit found that “LinkedIn has no protected property interest in the data contributed by its users, as the users retain ownership over their profiles” and the information is fundamentally public and “available to anyone with a web browser.” hiQ Labs Inc., No. 17-16783 at 17.
LinkedIn is hoping that the United States Supreme Court will look to the First Circuit when considering commercial scraping, as it held in 2003 that “where a publicly accessible website bans data scrapers, further access by those scrapers is without authorization.” See EF Cultural Travel BV v. Zefer Corp.. The Ninth Circuit’s decision appeared to narrow the definition of “without authorization” when considering the CFAA, as it distinguished between scraping data available on public profiles and scraping data protected behind log-in information. The Ninth Circuit panel found that because“[t]he CFAA was enacted to prevent intentional intrusion onto someone else’s computer –specifically, computer hacking,” the data that hiQ was scraping on public profiles did not amount to what the court considered to be “breaking and entering” nor did it rise to the definition of computer hacking. hiQ Labs Inc., No. 17-16783 at 17 (citing United States v. Nosal). The Ninth Circuit’s reasoning may shift the current understanding of what it means to be “without authorization” and narrow the current construction of the CFAA.
LinkedIn’s original deadline to file its petition was February 6, 2020. It now has until March 9, 2020.