LinkedIn recently filed suit in the Northern District of California against Doe Defendants for allegedly “scraping” data about its users from its website through fake profiles and software bots. The case number is 5:2016-cv-4463.
LinkedIn alleges that the data scraping that was performed using fake profiles and bots was in violation of its user agreement, the Computer Fraud and Abuse Act, and the Digital Millennium Copyright Act, among other things.
LinkedIn sets forth various facts giving rise to the suit. It alleges that the Doe Defendants circumvented LinkedIn’s safeguards against scraping and essentially engaged in hacking. “Through its proprietary platform, LinkedIn allows its members to create, manage, and share their professional histories and interests online…In order to protect the data that LinkedIn’s members entrust to LinkedIn, LinkedIn employs numerous technical measures designed to detect, limit, and block ‘scraping’ – the extraction and copying of data – on its website.” The complaint goes on to state that the Doe Defendants circumvented several of those technical barriers.
The complaint also sets forth the perceived harm caused by the Doe Defendants: “The Doe Defendants’ unlawful conduct has harmed and threatens the LinkedIn platform in several ways. First, their actions have violated the trust that LinkedIn members place in the company to protect their information. Their unauthorized scraping also increased the strain on LinkedIn’s network servers and caused LinkedIn to expend time and resources investigating and responding to their misconduct. Further, in aid of their illegal activities, the Doe Defendants created thousands of fake LinkedIn profiles that polluted the LinkedIn user environment.”
LinkedIn’s complaint seeks to identify the Doe Defendants through their Internet service providers and to permanently enjoin them from further copying its data. The complaint also seeks damages, costs, and the destruction of all data already taken from LinkedIn’s website.
It is worth noting that much of LinkedIn’s complaint revolves around the alleged breached of its User Agreement. If the Doe Defendants really did violate the terms of the User Agreement by using bots and fake profiles, at least facially that makes it seem as if LinkedIn’s breach of contract claim might be one of its strongest.
However, the complaint also states that the LinkedIn website is an original copyrighted work and it casts the suit as an intellectual property action. But while it may be true that LinkedIn’s website is a copyrighted work, what remains to be seen is whether LinkedIn can prevail in arguing that certain data from that copyrighted work is subject to copyright protection, particularly since much of that data relates to the personal details of others that LinkedIn does not own and that is publicly available elsewhere through sites like Avvo and personal web pages.
Some commentators have argued that LinkedIn is using this suit as a way to intimidate the Doe Defendants and stop what is otherwise legal activity, and in fact LinkedIn already permits some data scraping by “whitelisted” entities for search engine indexing and other things. However, LinkedIn could contend that it is free to operate and restrict its privately owned website however it sees fit and that it has consented to the whitelisted entities being able to data scrape.
LinkedIn is apparently having trouble identifying the Doe Defendants. An order was granted at the beginning of November to extend the time allowed for LinkedIn to serve its complaint, with the order noting that “LinkedIn has been diligent in attempting to identify the Doe Defendants but, despite its efforts, including substantial third party discovery, is not currently in possession of information sufficient to identify them.”