Scraping public websites not a violation, appeals court rules

The Voice • September 2019

An appeals court recently ruled that public web scraping – the act of extracting information from websites – does not violate any anti-hacking laws. A common practice in today’s data-driven world, companies like hiQ run algorithms that peruse through public websites like Facebook and LinkedIn, pulling analytics to utilize for research, marketing, and more. HiQ, a San Francisco-based company, developed a talent management algorithm focused on people analytics and data science machine learning. LinkedIn, hiQ’s main target for web scraping, sent the company a cease-and-desist letter demanding that they discontinue their data harvesting ways, claiming that it violated the Computer Fraud and Abuse Act. The Computer Fraud and Abuse Act (CFAA) covers most of America’s anti-hacking laws and regulations, acting as the go-to determinate for whether or not an entity has broken anti-hacking laws.

HiQ took the case to court, claiming their web scraping operations were not breaking any laws and sought to receive a court order, preventing LinkedIn from interfering with their algorithm. In 2017, a trial court sided with hiQ, deeming the methods legal, and on September 9th, the Circuit Appeals Court concluded the same. The court ruled that when the CFAA was enacted in the 1980’s, it was only directed towards specific categories of computers that housed military, financial, and other sensitive data. The law was then expanded in 1996, where the goal of the Act was broadened to “increase protection for the privacy and confidentiality of computer information”. Due to this legislation, the Appeals Court ruled that any information placed on public-facing websites accessible by the masses is, in fact, not private. To determine data or information as private, entities must employ the use of a permission requirement of some form.

The CFAA continues to be examined and evaluated by persons and companies throughout the nation as technology advances. A California federal trial court argued that two companies scraping Craigslist to provide viewing alternatives violated the Act. While the companies in question settled and agreed to cease their Craigslist scraping, it blurs the line between what the Computer Fraud and Abuse Act prohibits and what it allows.