Poetry in lockdown: hiQ to Supremes / Please leave LinkedIn scrape ruling / well enough alone
Data science firm won previous ruling over pulling data from jobseekers' network
Data science startup hiQ Labs has responded [PDF] to a Supreme Court petition from LinkedIn, urging justices to avoid revisiting the earlier Ninth Circuit appeal court ruling that stated web scraping doesn't contravene federal hacking legislation.
Founded in 2012, hiQ Labs describes itself as a "data science company, informed by public data sources, applied to human capital." It offers two products: Keeper, which aims to limit employee turnover, and Skill Mapper, which identifies hidden competencies in existing competencies. Much of this intelligence is derived from accessing the LinkedIn profiles of existing employees.
The Ninth Circuit ruling - from September 2019 - at the heart of this dispute states that web scraping of publicly available content doesn't violate the Reagan-era Computer Fraud and Abuse Act (CFAA). Passed in 1986, the CFAA is broadly analogous to the UK's Computer Misuse Act, imposing both civil and criminal liability for anyone who accesses a computer "without authorization" or "exceeds authorized access".
Yes, Prime Minister, rewrite the Computer Misuse Act: Brit infosec outfits urge reformREAD MORE
Because the CFAA predates the modern internet, its definition of unauthorised access is somewhat muddy, and has largely been clarified by later case law.
In this situation, LinkedIn argued that since it instructed hiQ to refrain from accessing content published on the platform via a cease-and-desist letter, any further attempts to scrape the professional networking site would be without authorisation, and therefore illegal under the CFAA.
HiQ filed suit and quickly won a preliminary judgment, which was subsequently affirmed by the Ninth Circuit. In its ruling, dating 9 September 2019, the Ninth Circuit argued that authorisation is typically required for something that's not already available. In the case of LinkedIn, "the default is free access".
LinkedIn's Supreme Court petition, filed 9 March 2020, raises the concern that if sites are unable to limit the access of third parties to information provided by their users, there could be privacy concerns.
"The decision below has extraordinary and adverse consequences for the privacy interests of the hundreds of millions of users of websites that make at least some user data publicly accessible," LinkedIn argued in its petition.
"Users do not expect, or consent to, the exploitation of their personal information in perpetuity by third parties that the users and the website owner did not authorize and whose interests are not aligned with the interests of the owners of that personal information."
In its response, submitted on Thursday 25 June, hiQ Labs describes this line of argument as "disingenuous", noting that LinkedIn aims to use and monetise its data in a similar manner, via the firm's Talent Keeper tool.
hiQ Labs also referred to the Ninth Circuit judgement, casting doubt on whether those who make their profiles public have a genuine expectation of privacy.
The Supreme Court now has to decide whether to push forward on this case, or to let the matter rest with the Ninth Circuit's judgement. We have asked LinkedIn and hiQ Labs for comment. ®