in

Court rules that data scraping is legal in LinkedIn appeal

It seems self-evident that public data on a website is, well, public. But, that’s never stopped people from arguing that scraping–copying data from public websites–is somehow illegal. Now, the  U.S. Ninth Circuit Court of Appeals has ruled in the hiQ Labs, Inc. v. LinkedIn Corp. that LinkedIn can’t stop its competitor, hiQ Labs, from scraping LinkedIn users’ publicly available data. 

This case has been dragging on for almost five years. LinkedIn demanded in 2017 that hiQ cease and desist from scraping LinkedIn data. LinkedIn also began blocking hiQ’s access and its ability to scrape data from public LinkedIn profiles. LinkedIn argued that hiQ’s actions violated several laws, most notably the Computer Fraud and Abuse Act (CFAA) and LinkedIn’s terms of use. 

Initially, the courts ruled that LinkedIn couldn’t block HiQ. This was followed up by the Ninth Circuit in 2019 with a decision repeating that LinkedIn couldn’t stop the startup from data scraping. As Circuit Judge Marsha Berzon ruled at the time, “there is little evidence that LinkedIn users who choose to make their profiles public maintain an expectation of privacy with respect to the information that they post publicly, and it is doubtful that they do.” 

LinkedIn, however, wasn’t done. The company took the case to the US Supreme Court. The high ruled that since its 2021 decision in Van Buren v. United States showed that the federal computer crime law doesn’t criminalize scraping publicly available internet information, the LinkedIn case needed another look. So, SCOTUS sent the case back to the Ninth Circuit. 

The Van Buren case used a “gates-up-or-down” analogy. Either data is open and the gate is up, or it’s not open, and the gate is down. HiQ argued that –on a publicly available website — that there is no gate to begin with, or at the very least, the gate is up. The Ninth Circuit agreed, ruling that “the concept of ‘without authorization does not apply to public websites.”

This is a win for academics, archivists, journalists, researchers, and companies like hiQ that use data that’s been made publicly available. Or, at least, it’s a win for now. 

LinkedIn has no intention of letting the case go. In a statement, LinkedIn spokesperson Greg Snapper said, “We’re disappointed in the court’s decision. This is a preliminary ruling and the case is far from over.” LinkedIn argued, “We will continue to fight to protect our members’ ability to control the information they make available on LinkedIn. When your data is taken without permission and used in ways you haven’t agreed to, that’s not OK. On LinkedIn, our members trust us with their information, which is why we prohibit unauthorized scraping on our platform.”

In an amicus brief on the case filed by the Electronic Frontier Foundation (EFF)  and the Internet Archive, the EFF and Internet Archive argued that while “LinkedIn is right to recognize the threat to individual privacy posed by actors who obtain personally-identifying information and misuse it to harm people,” they missed the boat by using the CFAA, which is meant to stop hackers. Following that logic, you end up with such nonsense as the Republican Missouri Governor Mike Parson who argued that a journalist who found a website that had revealed teachers’ social-security numbers was a hacker. 

Instead, the EFF argues, LinkedIn should join the EFF in “pushing Congress and state legislatures to adopt consumer and biometric privacy laws that would prohibit services from collecting people’s sensitive information without their consent.”

Related Stories:


Source: Networking - zdnet.com

Microsoft: We're boosting our bug bounties for these high-impact security flaws

FBI warning: These hackers are targeting developers and DevOps teams to break into crypto firms