Using information available on a public website doesn’t count as hacking. That’s what the 9th U.S. Circuit Court of Appeals told LinkedIn, Microsoft’s work-focused social media network. It might seem like common sense when put like that, but Microsoft and LinkedIn have been appealing that very idea in hopes of stopping startup HiQ from scraping its public user data. This week, the tech giant lost the appeal 3-0.
HiQ Labs is a startup that analyzes data available on public LinkedIn profiles to help employers determine if employees are likely to leave their positions. This process involved HiQ scraping data from LinkedIn en masse; Microsoft sent the company a cease and desist letter in 2017, citing the Computer Fraud and Abuse Act. The company even went so far as to put measures in place to keep HiQ from scraping the site. HiQ responded by suing LinkedIn. HiQ wanted first to prove that scraping data, from LinkedIn or otherwise, is not hacking. Second, it asked the court to force LinkedIn to open its doors back up.
The court sided with HiQ back in 2017, and so Microsoft and LinkedIn took things to the Appeals Court. The court once again sided with HiQ and agreed with the lower court. Information that is available publicly online is not covered by the Computer Fraud and Abuse Act. The three-judge panel noted that protected information is typically protected by a password. LinkedIn users can choose to make their data private, and HiQ was not attempting to access that information.
The court also agreed with HiQ’s assertion that for LinkedIn to block it from access would threaten the existence of the company and interfere with the company’s contracts with its clients.
A win for the open internet
Craigslist has taken similar measures to those of LinkedIn, stating that allowing scraping will make it easier for what it calls “bad actors” to target its users for marketing through phone, email, and text.
CBS News quotes California law professor Orin Kerr as calling the decision a “major decision for the open internet.” He said that while it doesn’t explicitly define scraping as legal, it does not qualify as a federal crime. To prevent HiQ’s scraping, LinkedIn would have to force users to make their profiles private. Unauthorized access of private information on a website is illegal; looking at a website isn’t.