SAN FRANCISCO (CN) — On remand from the Supreme Court, a Ninth Circuit panel signaled Monday that it will reaffirm its prior stance that companies like LinkedIn cannot use a 1984 anti-hacking law to block automated bots from scraping data from its public webpages.
“The point of ‘without authorization’ was to make hacking — illegal hacking — a crime, and when you’re talking about the world wide web, how can this be considered comparable to illegal hacking,” asked U.S. District Judge Terrence Berg during oral arguments Monday. Berg, a Barack Obama appointee, sits on the panel by designation from the Eastern District of Michigan.
In 2019, the Ninth Circuit ruled that LinkedIn, which manages the world's largest online professional social network, could not invoke the Computer Fraud and Abuse Act (CFAA) to block a company called hiQ from deploying bots to mine data from its public website.
HiQ uses the information to sell intelligence reports to corporate clients on which of their employees might be seeking a new job. LinkedIn argues that activity undermines its privacy commitments to members because it enables hiQ to track when users make changes to their profiles, even if they choose not to publicize those changes.
In a ruling issued this past June, the U.S. Supreme Court clarified the scope of the 37-year-old anti-hacking law in Van Buren v. United States. The 6-3 decision held that the CFAA does not cover people who “have improper motives for obtaining information that is otherwise available to them.”
The Supreme Court then vacated the Ninth Circuit’s prior decision in hiQ v. LinkedIn and asked the appeals court to reconsider the case in light of its decision in Van Buren.
On Monday, LinkedIn attorney Donald Verrilli insisted the Supreme Court’s recent decision supports his client’s position that hiQ violated the law by accessing LinkedIn public profiles without authorization. Verrilli said that permission was revoked when LinkedIn started blocking hiQ’s IP addresses and sent the company a cease-and-desist letter.
“I don’t think this court took account of the ‘gates up, gates down’ idea that the Supreme Court has now said is the way in which one answers the question of whether access is without authorization, and I think in particular here the point is that we brought down a gate,” Verrilli said.
U.S. Circuit Judge Marsha Berzon, a Bill Clinton appointee, said accepting that position would give private companies the power to revoke one’s access to a public webpage for any reason and make someone criminally liable for continuing to access it.
“You are asserting the authority to selectively ban anybody’s IP number if you feel like it,” Berzon said. “Then that person is a federal criminal if you decide some individual person can’t access LinkedIn’s otherwise publicly available profiles.”
Verrilli cited the Ninth Circuit’s 2016 decision in Facebook v. Power Ventures, which held that a company violated the CFAA when it circumvented Facebook’s technological barriers to access its data after receiving a cease-and-desist letter.
“Our principal argument here is that intentional circumvention of code-based technological barriers — in this case, it’s the IP blocking mechanisms — that constitutes access without authorization,” Verrilli said.
HiQ attorney Renita Sharma argued that nothing in the Supreme Court’s Van Buren decision gives entities like LinkedIn the power to cut off a company or person's access to public webpages.
Berzon asked the hiQ lawyer to imagine a brick-and-mortar store with a sign reading: “We reserve the right to deny service to anyone.” If someone banned from the store reenters the premises, wouldn’t that qualify as trespassing, the judge asked.
Sharma replied that public webpages are not private property in the way that retail stores are. She said the webpages are more akin to billboards visible from a public road.
“You wouldn’t say you require prior authorization to look at a billboard, and you wouldn’t say you could hack into a billboard,” Sharma said.
Judge Berg suggested that it could lead to absurd results and cause unintended consequences if private companies can decide who is and isn’t legally allowed to access their public webpages.
“You’re putting in the hands of the private sector the ability to criminalize conduct which is essentially just accessing a publicly accessible website where the default is that it should be available for all to see,” Berg said.
Groups that promote freedom of access to online information, including the Electronic Frontier Foundation and Reporters Committee for Freedom of the Press, filed amicus briefs urging the court to reaffirm its prior decision that private companies like LinkedIn can’t block HiQ's data-scraping bots. They say a ruling in favor of LinkedIn could chill the use of bots and other tools by researchers and journalists to mine data from publicly available websites.
After about an hour of debate, the panel took the arguments under submission.
Senior U.S. Circuit Judge J. Clifford Wallace, a Richard Nixon appointee, joined Berzon and Berg on the panel.
Follow @NicholasIovino
Subscribe to Closing Arguments
Sign up for new weekly newsletter Closing Arguments to get the latest about ongoing trials, major litigation and hot cases and rulings in courthouses around the U.S. and the world.
