In its Monday Order List, the Supreme Court of the United States vacated the Ninth Circuit Court of Appeals’ Computer Fraud and Abuse Act (CFAA) decision and remanded the case for further consideration in light of the Supreme Court’s recent decision in Van Buren v. United States. Now, LinkedIn will have another shot at preventing competitor hiQ Labs Inc. from scraping personal information from its users’ public profiles.
Though the Supreme Court granted LinkedIn’s petition for a writ of certiorari, it will be up to the lower court to decide whether hiQ transgressed the CFAA when it used bots to harvest individuals’ personal data from computer servers that host LinkedIn’s public-facing web pages. In 2019, the Ninth Circuit sided with hiQ.
The court found that the CFAA does not prevent a company from scraping data that is publicly accessible on the internet. Too, the Ninth Circuit determined that users’ privacy interests did not outweigh hiQ’s business interests, which rely on user information.
Last March, LinkedIn filed a petition for a writ of certiorari, arguing that the decision was based on policy rather than law, and was out of step with other circuits’ CFAA interpretations. The petitioner also noted that CFAA issues are likely to persist, and predicted that the Court might soon face similar questions.
Indeed, in the Supreme Court’s 6-3 opinion last month, it ruled on the scope of the CFAA. It held that former police officer Nathan Van Buren did not violate the federal law when he accessed his station’s database to look up police records in exchange for money. His actions, the majority reasoned, did not exceed his lawful authority to access the database, and were therefore lawful under the CFAA.
By contrast, the opinion stated, the government’s advocated-for position would criminalize “a breathtaking amount of commonplace computer activity,” like the violation of any computer-use policy. Justice Thomas concluded otherwise in his dissent. Under his reasoning, the officer was liable for “exceeding authorized access” to the database because he did so under plainly prohibited circumstances.