Posts Tagged: "Computer Fraud and Abuse Act"

The United States Supreme Court today ruled that a former police sergeant did not flout Section (a)(2) of the Computer Fraud and Abuse Act (CFAA) because that provision “does not cover those who…have improper motives for obtaining information that is otherwise available to them.” The opinion, authored by Justice Amy Coney Barrett, contradicts the U.S. government’s reading of the statute. Three justices dissented from the majority.

In Van Buren v. United States, argued December 1, the Supreme Court has a chance to address how the Computer Fraud and Abuse Act applies when a defendant is authorized to access and obtain information from a computer but subsequently uses this information for a purpose that is not permitted. The outcome of this case is important to every company that has computer data and will provide guidance on how best to protect that data.

Much has already been written in a relatively short period of time since the Eleventh Circuit decided Compulife Software, Inc. v. Newman, __ F.3d __, 2020 WL 2549505, (11th Cir. May 20, 2020). However, such commentaries have not addressed whether this decision is legally supportable and whether other circuits should follow this decision, which would provide a legal basis for website operators under certain circumstances to pursue unwarranted scraping of their websites. This is particularly important because the Supreme Court is currently considering whether to grant certiorari in a case involving whether website scraping is legal under the Computer Fraud and Abuse Act (CFAA). Depending on the outcome of this matter, website operators may be extremely restricted to prevent scraping under that statute.

Intangible assets today make up nearly 84% of enterprise value for companies listed on the S&P 500. This material growth in intellectual property as an asset on U.S. company balance sheets has placed increased demands on the office of General Counsel. Protecting intangible assets against computer theft and pursuing litigation against wrongdoers has become a major and timely concern, especially in the context of an increasingly virtual world due to the global pandemic. A recent brazen and sophisticated computer intrusion into the records of over 145 million Americans launched from computer hackers based in China led to criminal prosecutions under the Computer Fraud and Abuse Act (CFAA).

We live in a world where data has become an increasingly valuable asset and huge companies are built on the collection and analysis of publicly available data. Yet, there is no federal statute that directly protects this type of information or even directly addresses how this information should be treated. Instead, businesses are often forced to rely on the Computer Fraud and Abuse Act (CFAA) in order to protect this valuable asset or commodity, which originally only provided criminal sanctions and was enacted to address computer hacking. Most recently, the Ninth Circuit in hiQ Labs, Inc. v. Linkedin Corp., 938 F.3d 985 (9th Cir. 2019), addressed under what circumstances a company may legally “scrape” data from another company’s website. There, the court determined on hiQ’s motion for preliminary injunction that “scraping” publicly available information from LinkedIn likely is not a violation of the CFAA because the LinkedIn computers are publicly accessible and hiQ thus did not access the computers “without authorization” as required by the CFAA. Under these circumstances, the court determined that it did not matter that LinkedIn had sent a cease and desist letter to hiQ prohibiting such access. This is a potentially very important decision for companies on both sides of this issue and for the general public, at least in the Ninth Circuit.

LinkedIn recently filed suit in the Northern District of California against Doe Defendants for allegedly “scraping” data about its users from its website through fake profiles and software bots. LinkedIn alleges that the data scraping that was performed using fake profiles and bots was in violation of its user agreement, the Computer Fraud and Abuse Act, and the Digital Millennium Copyright Act, among other things.