HiQ Labs, Inc. v. LinkedIn Corp., 090919 FED9, 17-16783
|Opinion Judge:||BERZON, CIRCUIT JUDGE.|
|Party Name:||hiQ Labs, Inc., Plaintiff-Appellee, v. LinkedIn Corporation, Defendant-Appellant.|
|Attorney:||Donald B. Verrilli Jr. (argued) and Chad I. Golder, Munger Tolles & Olson LLP, Washington, D.C.; Jonathan H. Blavin, Rosemarie T. Ring, Nicholas D. Fram, and Elia Herrera, Munger Tolles & Olson LLP, San Francisco, California; E. Joshua Rosenkranz, Orrick Herrington & Sutcliffe LLP, New York, New ...|
|Judge Panel:||Before: J. Clifford Wallace and Marsha S. Berzon, Circuit Judges, and Terrence Berg, District Judge. WALLACE, CIRCUIT JUDGE, SPECIALLY CONCURRING:|
|Case Date:||September 09, 2019|
|Court:||United States Courts of Appeals, Court of Appeals for the Ninth Circuit|
Argued and Submitted March 15, 2018 San Francisco, California
Appeal from the United States District Court for the Northern District of California, D.C. No. 3:17-cv-03301-EMC, Edward M. Chen, District Judge, Presiding
Donald B. Verrilli Jr. (argued) and Chad I. Golder, Munger Tolles & Olson LLP, Washington, D.C.; Jonathan H. Blavin, Rosemarie T. Ring, Nicholas D. Fram, and Elia Herrera, Munger Tolles & Olson LLP, San Francisco, California; E. Joshua Rosenkranz, Orrick Herrington & Sutcliffe LLP, New York, New York; Eric A. Shumsky, Orrick Herrington & Sutcliffe LLP, Washington, D.C.; Brian P. Goldman, Orrick Herrington & Sutcliffe LLP, San Francisco, California; for Defendant-Appellant.
C. Brandon Wisoff (argued), Deepak Gupta, Jeffrey G. Lau, and Rebecca H. Stephens, Farella Braun & Martel LLP, San Francisco, California; Aaron M. Panner, Gregory G. Rapawy, and T. Dietrich Hill, Kellogg Hansen Todd Figel & Frederick PLLC, Washington, D.C.; Laurence H. Tribe, Cambridge, Massachusetts; for Plaintiff-Appellee.
Nicholas J. Boyle, John S. Williams, and Eric J. Hamilton, Williams & Connolly LLP, Washington, D.C., for Amicus Curiae CoStar Group Inc.
Perry J. Viscounty, Latham & Watkins LLP, San Francisco, California; Gregory G. Garre, Latham & Watkins LLP, Washington, D.C.; for Amicus Curiae Craigslist Inc.
Marc Rotenberg and Alan Butler, Electronic Privacy Information Center, Washington, D.C., for Amicus Curiae Electronic Privacy Information Center.
Thomas V. Christopher, Law Offices of Thomas V. Christopher, San Francisco, California, for Amicus Curiae 3taps Inc.
Jamie Williams, Corynne McSherry, Cindy Cohn, and Nathan Cardozo, Electronic Frontier Foundation, San Francisco, California, for Amici Curiae Electronic Frontier Foundation, DuckDuckGo, and Internet Archive.
Kenneth L. Wilton and James M. Harris, Seyfarth Shaw LLP, Los Angeles, California; Carrie P. Price, Seyfarth Shaw LLP, San Francisco, California; for Amicus Curiae Scraping Hub Ltd.
Before: J. Clifford Wallace and Marsha S. Berzon, Circuit Judges, and Terrence Berg, [*] District Judge.
Preliminary Injunction / Computer Fraud and Abuse Act
The panel affirmed the district court's preliminary injunction forbidding the professional networking website LinkedIn Corp. from denying plaintiff hiQ, a data analytics company, access to publicly available LinkedIn member profiles.
Using automated bots, hiQ scrapes information that LinkedIn users have included on public LinkedIn profiles. LinkedIn sent hiQ a cause-and-desist letter, demanding that hiQ stop accessing and copying data from LinkedIn's server. HiQ filed suit, seeking injunctive relief based on California law and a declaratory judgment that LinkedIn could not lawfully invoke the Computer Fraud and Abuse Act ("CFAA"), the Digital Millennium Copyright Act, California Penal Code § 502(c), or the common law of trespass against it.
Affirming the district court's grant of the preliminary injunction in favor of hiQ, the panel concluded that hiQ established a likelihood of irreparable harm because the survival of its business was threatened. The panel held that the district court did not abuse its discretion in balancing the equities and concluding that, even if some LinkedIn users retain some privacy interests in their information notwithstanding their decision to make their profiles public, those interests did not outweigh hiQ's interest in continuing its business. Thus, the balance of hardships tipped decidedly in favor of hiQ.
The panel further held that hiQ raised serious questions going to (1) the merits of its claim for tortious interference with contract, alleging that LinkedIn intentionally interfered with its contracts with third parties, and (2) the merits of LinkedIn's legitimate business purpose defense. HiQ also raised a serious question as to whether its state law causes of action were preempted by the CFAA, which prohibits intentionally accessing a computer without authorization, or exceeding authorized access, and thereby obtaining information from any protected computer. LinkedIn argued that, once hiQ received its cause-and-desist letter, any further scraping and use of LinkedIn's data was without authorization within the meaning of the CFAA. The panel concluded that hiQ had raised a serious question as to whether the CFAA's reference to access "without authorization" limits the scope of statutory coverage to computer information for which authorization or access permission, such as password authentication, is generally required.
Finally, the panel held that the district court's conclusion that the public interest favored granting the preliminary injunction was appropriate.
Specially concurring, Judge Wallace wrote that he concurred in the majority opinion. He wrote separately to express his concern about appealing from a preliminary injunction to obtain an appellate court's view of the merits.
BERZON, CIRCUIT JUDGE.
May LinkedIn, the professional networking website, prevent a competitor, hiQ, from collecting and using information that LinkedIn users have shared on their public profiles, available for viewing by anyone with a web browser? HiQ, a data analytics company, obtained a preliminary injunction forbidding LinkedIn from denying hiQ access to publicly available LinkedIn member profiles. At this preliminary injunction stage, we do not resolve the companies' legal dispute definitively, nor do we address all the claims and defenses they have pleaded in the district court. Instead, we focus on whether hiQ has raised serious questions on the merits of the factual and legal issues presented to us, as well as on the other requisites for preliminary relief.
Founded in 2002, LinkedIn is a professional networking website with over 500 million members. Members post resumes and job listings and build professional "connections" with other members. LinkedIn specifically disclaims ownership of the information users post to their personal profiles: according to LinkedIn's User Agreement, members own the content and information they submit or post to LinkedIn and grant LinkedIn only a non-exclusive license to "use, copy, modify, distribute, publish, and process" that information.
LinkedIn allows its members to choose among various privacy settings. Members can specify which portions of their profile are visible to the general public (that is, to both LinkedIn members and nonmembers), and which portions are visible only to direct connections, to the member's "network" (consisting of LinkedIn members within three degrees of connectivity), or to all LinkedIn members.1 This case deals only with profiles made visible to the general public.
LinkedIn also offers all members-whatever their profile privacy settings-a "Do Not Broadcast" option with respect to every change they make to their profiles. If a LinkedIn member selects this option, her connections will not be notified when she updates her profile information, although the updated information will still appear on her profile page (and thus be visible to anyone permitted to view her profile under her general privacy setting). More than 50 million LinkedIn members have, at some point, elected to employ the "Do Not Broadcast" feature, and approximately 20 percent of all active users who updated their profiles between July 2016 and July 2017-whatever their privacy setting-employed the "Do Not Broadcast" setting.
LinkedIn has taken steps to protect the data on its website from what it perceives as misuse or misappropriation. The instructions in LinkedIn's "robots.txt" file-a text file used by website owners to communicate with search engine crawlers and other web robots-prohibit access to LinkedIn servers via automated bots, except that certain entities, like the Google search engine, have express permission from LinkedIn for bot access.2 LinkedIn also employs several technological systems to detect suspicious activity and restrict automated scraping.3 For example, LinkedIn's Quicksand system detects non-human activity indicative of scraping; its Sentinel system throttles (slows or limits) or even blocks activity from suspicious IP addresses;4 and its Org Block system generates a list of known "bad" IP addresses serving as large-scale scrapers. In total, LinkedIn blocks approximately 95 million automated attempts to scrape data every day, and has restricted over 11 million accounts suspected of violating its User Agreement, >[5including through scraping.
HiQ is a data analytics company founded in 2012. Using automated bots, it scrapes information...
To continue readingFREE SIGN UP