Microsoft's subsidiary LinkedIn lost an appeal in the 9th US Court of Appeals Monday against hiQ Labs Inc., with three justices unanimously holding that hiQ could continue to scrap publicly available information from the site , Reuters reported.
LinkedIn sent a cease and desist to hiQ, a data analytics firm, in 2017, arguing in part that the latter's practice of scraping publicly available information from their platform violated the Computer Fraud and Abuse Act (1986). The CFAA is notoriously vaguely written and makes it illegal to access a "protected computer" without or in excess of "authorization" – to open the door to factual interpretations that can be used to criminalize behavior, not even near what traditionally will be understood as hacking. (As TechDirt noted in 2016, it appears that obscurity about "authorization" invites major tech companies to take credit from federal prosecutors based on their own incentives "rather than politics.") Per Ars Technica, hiQ sued when LinkedIn "seeks not only a statement that the scraping activities were not hacking, but also an order prohibiting LinkedIn from disrupting. ”
hiQ won an injunction that prevented LinkedIn from blacklisting them from their site with technical tools in 2017. Monday's ruling upholds both the injunction and found that scraping publicly available data does not violate the CFAA.
Circuit Judge Marsha Berzon wrote that hiQ could go out of business without injunction, as well as claiming that allowing companies to control who can use publicly available data would give them too much power, Reuters wrote:
She also said that giving companies like LinkedIn "free rein" over who can use public user data risked creating "information man opolies" that harm public interest.
"LinkedIn has no protected real estate interest in the data users have contributed, as users retain ownership of their profiles, "Berzon wrote." And when it comes to publicly available profiles, users clearly intend for others to access them, "including potential employers.
According to Ars Technica, the judges also noted that The CFAA in the 1980s applied to specific computer systems with economic, military or protected data, not the scattered public Internet today: “None of the computers the kinas that CFAA initially used were available to the public. Confirmatory authorization of any kind was presumptively necessary. “In contrast, public LinkedIn profiles are explicitly intended by their creators to be accessible to anyone with an Internet connection.
Berzon also suggested that if LinkedIn really wanted to stop scraping the data, it could simply make all profiles private: "Of course, LinkedIn could satisfy its & # 39; free rider & # 39; concern by eliminating the public access option , albeit at a cost to the preferences of many users and, possibly, to their own bottom line. "
The order "does not establish that site scraping is entirely legal, but goes a long way toward establishing that it is not a federal crime," University of California, Berkeley attorney professor Orin Kerr told the Associated Press . Kerr added that the governing certified people "cannot be arrested and prosecuted just for visiting" a website.