Court: U.S. Court of Appeals for the Ninth Circuit
Date Filed: July 16, 2021
Update: On April 18, 2022, the U.S. Court of Appeals for the Ninth Circuit again concluded that scraping a publicly available website — a common data-journalism technique — does not violate the federal anti-hacking law, the Computer Fraud and Abuse Act.
Background: For years now, hiQ Labs — a company that provides data science services to human resource departments — has been locked in litigation with LinkedIn over hiQ’s practice of collecting information from public LinkedIn profiles. After LinkedIn sent hiQ a cease-and-desist letter, warning that the automated collection, or “scraping”, violated the site’s terms of service and the federal Computer Fraud and Abuse Act, hiQ went to court seeking an order that LinkedIn withdraw the letter and a declaration that its scraping was not prohibited by the CFAA.
In 2019, in an important decision, the Ninth Circuit agreed that the statute likely doesn’t prohibit scraping information that would be “available to anyone with a web browser.” (For more background on that opinion, you can read the analysis the Reporters Committee’s Gabe Rottman and Lyndsey Wajert wrote at the time.)
LinkedIn then sought review in the Supreme Court. After deciding a related question about the scope of the CFAA in Van Buren v. United States, the Court granted LinkedIn’s petition for the limited purpose of sending the case back to the Ninth Circuit for reconsideration in light of Van Buren. The Reporters Committee and a coalition of 30 media organizations filed a friend-of-the-court brief on remand — building on a media coalition brief that the Supreme Court cited favorably in Van Buren — to explain why scraping is an important tool for data journalists today and why the CFAA does not prohibit it.
Our Position: The Ninth Circuit should reinstate its conclusion that the CFAA does not prohibit scraping a public website, regardless whether the site has purportedly ordered a visitor to stop.
- As the Supreme Court explained in Van Buren, allowing platforms to threaten users with criminal liability when they violate a site’s terms of service would chill a sweeping range of innocuous or forthrightly beneficial conduct, including routine data journalism.
- Interpreting the CFAA to prohibit collecting information that a platform itself chose to make public would raise serious questions about the statute’s constitutional validity.
Quote: “If violating [a website owner’s] private preferences were the measure of CFAA liability, it would be up to the subject of an exposé to decide whether to criminalize routine investigative reporting techniques in any particular case.”
Related: The Reporters Committee has filed a series of friend-of-the court briefs defending the rights of journalists in the CFAA context, including in Van Buren itself and in a lawsuit that the City of Fullerton brought against a group of bloggers for accessing a public Dropbox account.