SAN FRANCISCO (CN) — A federal judge enjoined LinkedIn on Monday from keeping its website off limits to a company that tells employers which of their workers may be “flight risks.”
U.S. District Judge Edward Chen enjoined LinkedIn from blocking San Francisco-based data-analytics firm hiQ from collecting data from public LinkedIn profiles that hiQ uses to sell intelligence reports to employers.
“The court is doubtful that the Computer Fraud and Abuse Act (CFAA) may be invoked by LinkedIn to punish hiQ for accessing publicly available data,” Chen wrote in a 25-page ruling.
HiQ sued in June, claiming LinkedIn improperly invoked the Computer Fraud and Abuse Act when it sent a cease-and-desist letter in May, saying it would hold hiQ criminally liable if it kept accessing its website. HiQ claims LinkedIn revoked its access for anticompetitive purposes, in violation of the First Amendment.
LinkedIn claims HiQ uses anonymous, automated bots to bypass its data-scraping protections and track changes to profiles that users choose not to broadcast, undermining its privacy commitment to members.
HiQ sells information to clients — including CapitalOne, eBay and GoDaddy — on which employees may be seeking a new job, based on information culled primarily from public LinkedIn profiles.
Chen found that allowing LinkedIn to use the Computer Fraud and Abuse Act to revoke access to its public website would have “sweeping consequences” for access to online data, and would expand the scope of the 1984 law, amended in 1986, well beyond its original purpose: to prevent hacking.
“The CFAA was not intended to police traffic to publicly available websites on the Internet – the Internet did not exist in 1984,” Chen wrote. “The CFAA was intended instead to deal with ‘hacking’ or ‘trespass’ onto private, often password-protected mainframe computers.”
Chen agreed with Georgetown University law professor Orin Kerr, who argued that access to free and open spaces on the internet should be deemed “unauthorized” only when one bypasses an authentication requirement, such as entering a password.
Bypassing technical measures designed to block bots from public websites is not the same as entering a password-protected mainframe without permission, Chen ruled.
“A user does not ‘access’ a computer ‘without authorization’ by using bots, even in the face of technical countermeasures, when the data it accesses is otherwise open to the public,” Chen wrote.
However, he said this does not prevent LinkedIn from using countermeasures and the force of law to block malicious attacks and intrusions on its servers.
Chen found the balance of hardships tipped in hiQ’s favor because it relies primarily on LinkedIn data for its business, and would likely to go bankrupt without access to that information.
He found that hiQ plausibly alleged that LinkedIn revoked its access to crush a competitor, rather than to protect the privacy interests of its members.
LinkedIn CEO Jeff Weiner announced plans in June to launch a new data analytics service to inform employers what kinds of skills they need from workers and where that talent exists.
Such a service would compete directly with hiQ’s “Skill Mapper” product, which analyzes skills listed in the public LinkedIn profiles of its clients’ employees.
“There is thus a plausible inference that LinkedIn terminated hiQ’s access to its public member data in large part because it wanted exclusive control over that data for its own business purposes,” Chen wrote.
In a brief phone interview, HiQ attorney Carl Wisoff said he and his client “were pleased that the court ruled in our favor,” but said he was still reviewing the ruling and declined further comment.
LinkedIn spokeswoman Nicole Leverich said in an email: “We’re disappointed in the court’s ruling.” She added: “This case is not over. We will continue to fight to protect our members’ ability to control the information they make available on LinkedIn.”
Wisoff is with Farella Braun & Martel in San Francisco.
LinkedIn manages the largest online professional network on the planet, with more than 500 million members in more than 200 countries, according to its website. Microsoft bought it for $26.2 billion in 2016.