It appears that the CFAA`s prohibition on accessing a computer “without authorization” is violated when an individual circumvents a computer`s generally applicable rules regarding access permissions, such as username and password requirements, to access a computer. It is likely that while a computer network generally allows public access to its data, a user`s access to that publicly available data does not constitute unauthorized access under the CFAA. The data hiQ wishes to access is not the property of LinkedIn and has not been classified as private by LinkedIn through such an authorization system. HiQ has therefore raised serious questions about whether LinkedIn can rely on the CFAA to prevent hiQ`s potentially founding claim for forgery. The 9th Circuit first ruled against LinkedIn in 2019, arguing that the CFAA was not preventing anyone from scraping publicly available data. The Supreme Court ordered the Court of Appeals to overturn its judgment and reconsider the case in light of its own June 2021 CFAA decision in Van Buren v. United States. LinkedIn has no intention of dropping the case. In a statement, LinkedIn spokesman Greg Snapper said: “We are disappointed with the court`s decision. This is a preliminary decision and the case is far from closed. LinkedIn argued: “We will continue to fight to protect our members` ability to control the information they provide on LinkedIn.
If your data is taken without permission and used in a way to which you have not consented, this is not acceptable. On LinkedIn, our members entrust us with their information, which is why we prohibit unauthorized scraping on our platform. The common practice of “scraping” publicly available data from a website has been legally attacked. A landmark court decision (HiQ Labs v. LinkedIn) recently concluded that scratching is legal, but LinkedIn said that “the case is far from over.” Tse said it boils down to companies that keep publicly available information on their websites cannot rely on the CFAA to prohibit others from crossing off that data, even if the companies later revoke access to the information or if scraping data is a violation of the websites` terms of service. “Companies must require prior authorization, such as a username and password, to access the data first so that scraping that data is enforceable under the CFAA,” he said. Good news for archivists, scientists, researchers and journalists: scraping publicly available data is legal, according to a U.S. Court of Appeals ruling.
The judges said they “prefer a narrow interpretation of the CFAA`s `without authorization` provision so as not to turn a criminal piracy law into a `full Internet police warrant.`” They also found that the public interest favours access to LinkedIn data. It`s not a negligible challenge, but the data was publicly available at the time of scraping, and the benefits outweigh the disadvantages of considering web scraping as a practice. “As a reminder, . There is no federal law specifically prohibiting the practice of scraping or extracting data from websites,” said Shing Tse, an attorney in the Houston office. “We agree with the district court that companies like LinkedIn have a free hand to decide on any basis who can collect and use data – data that does not belong to the companies. The fact that they otherwise make them available to the public for viewers and that the companies themselves collect and use risks creating information monopolies that would serve the public interest,” the judgment reads. The case in the Ninth Circuit was originally filed by LinkedIn against Hiq Labs, a company that uses public data to analyze employee turnover. LinkedIn said Hiq`s massive scraping of LinkedIn user profiles violates its terms of service, amounts to hacking, and is therefore a violation of the CFAA. LinkedIn lost the lawsuit against Hiq for the first time in 2019 after the Ninth District determined that the CFAA was not preventing anyone from scraping publicly available data. Recently, we shared more about how LinkedIn tackles scratching, including defining the universe of unauthorized activity, how we protect our members, and some of the technical measures we use to prevent abuse on our platform. Another way to protect our members and their data is to take legal action against those who cause harm on our platform.
LinkedIn claims that HiQ`s access to member data threatens its members` privacy, but that`s just a fig leaf; What really matters is data, access and profit. We are constantly working to advance our technical and legal enforcement efforts, and we will continue to keep you informed of progress and our work to keep members safe. This is a victory for scientists, archivists, journalists, researchers and companies like hiQ that use publicly available data. Or at least, it`s a win for now. First, the courts ruled that LinkedIn could not block HiQ. This was followed by the Ninth Circuit in 2019 with a reiterating ruling that LinkedIn couldn`t stop the startup from recovering data. As District Judge Marsha Berzon ruled at the time, “there is little evidence that LinkedIn users who choose to make their profiles public have an expectation of privacy regarding the information they post publicly, and it is doubtful that they will.” LinkedIn argued that its application “addresses the very issue that the Court left open in the Van Buren case. LinkedIn set goals around its servers by employing “code-based” technical measures to prevent hiQ from scratching data (which hiQ bypassed via bots) and by sending a cease and desist letter to hiQ, thereby expressly revoking any “permission” hiQ had to access LinkedIn`s computers. Van Buren explicitly left open the question of whether these methods of refusal and revocation of the permit or other methods of doing so qualify as “doors down” under Article 1030(a)(2), according to which the massive scraping of data by hiQ takes place “without authorization.” LinkedIn said the technical barriers it uses include its robot.txt file and “several technology systems designed to detect suspicious activity and limit automated scraping.” Overall, the benefits of scratching for research, commercial competition and the public outweigh the costs. The courts should reaffirm their support for this common practice and defend it against any legal challenge.
Tech Moves: OfferUp appoints a new CTO; Amazon data center manager leaves the company; and more While I agree with the court`s decision in this case, I have concerns about some cases of using recovered data. For example, HiQ Labs claims to “provide a crystal ball that helps. Identify skills gaps or turnover risks months in advance. For example, the company`s Keeper product analyzes the risk of fluctuation. For those who haven`t followed the scratch saga so far, the court`s decision is the latest in a sprawling case first initiated in 2017 by Linkedin against hiQ Labs, a rival data science company discovered by retrieving personal data from LinkedIn users` public profiles, which hiQ would then sell to corporate clients and recruiters. who are interested in Say which employee is likely to leave their job in the coming months. While there are many corporate intelligence tools that offer similar scraping services, LinkedIn wanted to make an example of hiQ in particular, sending a cease and desist letter to the company five years ago. It seems obvious that public data on a website is public. But that has never stopped people from arguing that scraping — copying data from public websites — is somehow illegal. Now, the U.S. Court of Appeals for the Ninth Circuit has ruled in hiQ Labs, Inc. v.
LinkedIn Corp. that LinkedIn cannot prevent competitor hiQ Labs from removing publicly available data from LinkedIn users. After LinkedIn sent its cease and desist letter in 2017, hiQ asked the U.S. District Court for the Northern District of California to issue an injunction restraining LinkedIn from interfering with its data recovery practices or “abusing the law to destroy hiQ`s activities.” After the Court of Appeals first ruled in favor of hiQ in 2019, Microsoft asked the Supreme Court to review the decision. The Supreme Court refused to hear the case, but ordered the Court of Appeal to overturn its earlier decision and reconsider the case. On Monday, the Court of Appeal upheld its 2019 decision, a decision a LinkedIn spokesperson called disappointing. HiQ did not immediately respond to a request for comment. This case has dragged on for almost five years. LinkedIn demanded in 2017 that hiQ refrain from retrieving LinkedIn data.
LinkedIn has also begun blocking hiQ`s access and ability to pull data from LinkedIn`s public profiles. LinkedIn argued that hiQ`s actions violated several laws, including the Computer Fraud and Abuse Act (CFAA) and LinkedIn`s Terms of Service. Van Buren`s case used a “doors up or down” analogy. Either the data is open and the door is at the top, or it is not open and the door is broken. HiQ argued that – on a publicly accessible website – there is no door, or at least the door is at the top. The Ninth Circuit agreed, ruling that “the concept of `without permission` does not apply to public websites.” The decision is the latest in a long legal battle dating back to 2017, when LinkedIn sent hiQ a cease and desist letter to prevent access to the site, arguing that scraping the data would violate users` privacy and the site`s terms. LinkedIn has already tried to prevent other companies from collecting data from its website. The recent decision of the 9th Judicial Circuit was based on the Supreme Court`s decision in the Van Buren case that if the information is publicly available, no authorization to use that data is required.
For example, in HiQ Labs v. LinkedIn, if a LinkedIn user closes their account, LinkedIn has certain obligations based on its privacy policy for processing that user`s data after account closure, and LinkedIn is responsible for compliance with this Agreement.