In a closely watched decision last month, the U.S. Court of Appeals for the Ninth Circuit delivered data journalists an important legal victory, holding that scraping a publicly available website doesn’t violate the Computer Fraud and Abuse Act — the federal anti-hacking law. While the opinion won’t be the last word on the subject, it begins to dispel some of the ambiguities that (as we’ve written before) the powerful too often wield to chill investigative journalism online.
The case, hiQ Labs, Inc. v. LinkedIn Corp., involved a brawl between the professional social networking platform and a business intelligence firm that built its product by collecting data from public-facing LinkedIn profiles. In 2017, LinkedIn sent hiQ a cease-and-desist letter objecting that hiQ’s conduct violated the site’s terms of service — and thus the CFAA — while instituting automated tools designed to block the bots hiQ used to do it. The firm, in turn, sued LinkedIn for interfering with its business and won a preliminary injunction requiring LinkedIn to withdraw its cease-and-desist order. A panel of the Ninth Circuit affirmed that decision in an important 2019 opinion that the Reporters Committee highlighted at the time.
But that wasn’t the end of the road for hiQ, because LinkedIn asked the U.S. Supreme Court to review the Ninth Circuit’s decision. While the Supreme Court didn’t agree to hear the case in full, it did send it back to the court of appeals for a redo after the justices had their first substantial chance to interpret the CFAA in a different case, Van Buren v. United States. And while Van Buren imposed important guard rails on the CFAA, including by highlighting the dangers of broad interpretations for routine “journalism activity” that the Reporters Committee had emphasized in a coalition brief, it didn’t squarely resolve whether (and if so when) the Act might limit scraping.
When the case returned to the Ninth Circuit, we filed a friend-of-the-court brief urging the court to reinstate its original conclusion — and explaining why Van Buren underlined that scraping is not a crime. (Though hiQ was a civil case, the CFAA is also a criminal statute, and courts are bound to interpret the law consistently in each context.) As we argued, letting website owners prohibit the press and public from noticing what they themselves have chosen to publish to the open internet would have a chilling effect on important, public-spirited information-gathering online. Thankfully, the Ninth Circuit agreed and affirmed the lower court’s order once again.
This decision doesn’t settle all the questions that matter to data journalists. The Ninth Circuit didn’t reach our argument that this kind of information-gathering is affirmatively protected by the First Amendment — a question with important stakes in light of the diversity of other laws, from state computer crime statutes to torts like trespass, that private parties have attempted to wield to draw digital property lines around their sites. And other federal courts will have the opportunity to weigh in on the CFAA question as well — though as the first major decision on the issue since Van Buren, we hope the hiQ opinion charts a course for those future judges to follow.
At a minimum, the development is a promising one for the growing share of newsgathering that takes place online. And we’ll continue advocating for data journalists’ rights as new cases arise.
The Technology and Press Freedom Project at the Reporters Committee for Freedom of the Press uses integrated advocacy — combining the law, policy analysis, and public education — to defend and promote press rights on issues at the intersection of technology and press freedom, such as reporter-source confidentiality protections, electronic surveillance law and policy, and content regulation online and in other media. TPFP is directed by Reporters Committee attorney Gabe Rottman. He works with Stanton Foundation National Security/Free Press Legal Fellow Grayson Clary and Technology and Press Freedom Project Legal Fellow Gillian Vernick.