SAN FRANCISCO (CN) — In a case pitting privacy rights against the freedom to public information, a federal judge Thursday weighed whether to restore a company’s access to LinkedIn data so it can tell employers which of their workers are “flight risks.”
“If restrictions are placed on that process, that has serious implications for future research, access and speech,” U.S. District Judge Edward Chen said at the Thursday hearing.
HiQ, the plaintiff in the case, collected and analyzed data from hundreds of thousands of public LinkedIn profile pages. Its attorneys on Thursday asked Chen to grant a temporary restraining order to bar LinkedIn from cutting off its access to public member profiles.
LinkedIn claims HiQ uses anonymous, automated bots to bypass security measures that block entities from scraping data from its website.
HiQ says that LinkedIn has no right to restrict access to public information, and that LinkedIn is using its members’ alleged privacy as a pretext to stifle competition.
“This is not about privacy rights,” HiQ attorney Carl Wisoff told the court. “They are trying to prevent people from collecting it in a way that’s commercially feasible.”
LinkedIn members can choose to make their profiles visible to the public, and may choose not to share or broadcast certain changes they make to their profile. By regularly scraping data from LinkedIn’s website, HiQ can detect and analyze those changes and sell the information to employers.
HiQ, a 3-year-old San Francisco startup, boasts that it can help employers “pinpoint with laser-like accuracy” which employees are a “flight risk,” according to LinkedIn’s brief opposing HiQ’s request for a restraining order.
“This is directly contrary to the privacy commitments LinkedIn makes to members: letting them control their data and whether they want to broadcast that they made a change to their profile,” LinkedIn attorney Jonathan Blavin said.
LinkedIn sent HiQ a cease-and-desist letter on May 23, saying its unauthorized access to LinkedIn members’ violates the Computer Fraud and Abuse Act, copyright law and California Penal Code Section 502.
But HiQ says that trying to hold it criminally liable for retrieving public information would violate the First Amendment and constitutional principles that protect a free and open marketplace of ideas.
“This is discrimination against commercial speakers,” Wisoff told the judge.
Blavin countered that giving anonymous, automated bots unfettered access to scrape data from its website is not a protected form of speech.
“These bots aren’t speaking,” Blavin said. “They’re extracting data.”
Chen was not so sure. He said that gathering information from a public website could be interpreted as a protected First Amendment activity.
“The right to receive information is just as critical as the right to express information,” Chen said.
LinkedIn cited the 2013 ruling from the Northern District of California, Craigslist v. 3taps, which held that nothing in the Computer Fraud and Abuse Act prevents “a computer owner from selectively revoking authorization to access its website.”
HiQ says the user agreement does not apply to it when it collects data as a third party on LinkedIn profiles. HiQ says it would be unreasonable to allow LinkedIn to stifle HiQ’s First Amendment right to access to information merely by sending a cease-and-desist letter.
On the issue of irreparable harm, HiQ attorney Deepak Gupta said the company could be destroyed within a month if its access to LinkedIn data is not restored.
“It is likely to go under,” Gupta said. “Employees are coming to work, and there’s nothing to do.”
Blavin said LinkedIn also faces irreparable harm, in the form of a loss of trust, member privacy and good will.
Though Chen seemed inclined to deem collecting public data a protected First Amendment activity, he expressed concern that LinkedIn members may not have been made fully aware that changes to their profile could be tracked and shared with third parties, including their employers.
But Chen appeared unwilling to accept the argument that HiQ could be criminally liable under the Computer Fraud and Abuse Act if it continues to scrape data after receiving a cease-and-desist letter.
“You would think a website could control certain levels of access, but the idea that something would be criminalized is troubling,” Chen said.
Chen asked both parties to work out a possible stipulation that would allow HiQ access to LinkedIn data for about 30 days before he rules on the motion for a preliminary injunction. He gave the parties have until the end of business on Friday to report back on a possible compromise. Otherwise, Chen said, he will issue a ruling on HiQ’s request for a temporary restraining order.
LinkedIn manages the largest online professional network on the planet, with more than 500 million members in more than 200 countries, according to its website. It was purchased by Microsoft for $26.2 billion in 2016.
Wisoff and Gupta are with Farella Braun & Martel; Blavin with Munger, Tolles & Olson, all in San Francisco.