LinkedIn Appeals Important CFAA Ruling Regarding Scraping Public Info Just As Concerns Raised About Clearview
from the this-could-get-interesting dept
Last fall we were happy to see the 9th Circuit rule against LinkedIn in its CFAA case against HiQ. If you don’t recall, the CFAA is the “anti-hacking” law that has been widely abused over the years to try to shut down perfectly reasonable activity. At issue is whether “scraping” information violates a terms of service, and thus, the CFAA. A few years back, the same court ruled in favor of Facebook against Power Ventures, saying that even though Power’s users gave permission to Power and handed over their login credentials, Power was violating the CFAA in scraping Facebook, because the information was behind a registration wall — and because Facebook had sent a cease-and-desist.
In the HiQ case, despite what seemed to be a similar fact pattern, the court ruled against LinkedIn, saying it could not block HiQ’s scraping via a CFAA claim, with the main “difference” being that LinkedIn information was publicly viewable, and therefore should be open to scraping. I still don’t quite see the difference between the cases — because in the Facebook situation, once you have a login, the information is effectively available in the same manner, but that is how the courts ruled. After first asking (and not getting) an en banc review (and then asking for more time), LinkedIn has now asked the Supreme Court to weigh in on this issue (hat tip to Media Post). I worry that the court might make things much worse if it does take the case, and block all kinds of scraping.
Of course, one thing that’s notable since the 9th Circuit ruling came down — all of the attention that Clearview AI has received over the last few months, for its frightening facial recognition app, built of of scraping “public” social media images and profiles. This use of scraping has convinced some — even some who seemed to support the HiQ ruling — that perhaps there should be limits on scraping. I think that’s a kneejerk reaction, and focusing in too narrowly on the wrong issue. The issue there is not with scraping, but with the specific use of the data as an attack on privacy going well beyond the internet itself (i.e., tracking and identifying people out in the real world). It’s one thing to focus on that issue, as opposed to saying that’s an argument against free scraping.
At a time when we’re so worried about competition, the ability to scrape is incredibly important. It’s how competitors can be built in a world with network effects. If other companies can build compatible services, without having to do a deal with Facebook or Linkedin or YouTube or Twitter, that enables more competition much more easily. And yet, too many efforts are being made to cut off that kind of interoperability. The LinkedIn case is just one example. If the Supreme Court does take it up, let’s hope they recognize just how important this kind of adversarial interoperability can be, rather than buying into some nonsense about how scraping must be blocked and not allowed.
As for the petition itself, the question LinkedIn is asking the Court to review is whether or not bots can scrape websites, even after receiving a cease-and-desist letter:
Whether a company that deploys anonymous computer ?bots? to circumvent technical barriers and harvest millions of individuals? personal data from computer servers that host public-facing websites?even after the computer servers? owner has expressly denied permission to access the data??intentionally accesses a computer without authorization? in violation of the Computer Fraud and Abuse Act.
While I can understand the Clearview-like horror stories some may put forth about this activity, to allow companies to block all scraping like this would create huge problems for both a functioning internet (hello search…) as well as competition.