The U.S. Supreme Court has given LinkedIn another chance in its legal fight to stop HR technology firm HiQ Labs from scraping LinkedIn user data against the company’s demands.
The nation’s highest court this week issued a writ of certiorari, noting it may hear the case, but telling the appeals court to first redo its earlier decision in favor of HiQ. The court told the U.S. Court of Appeals for the 9th Circuit to retry the case in light of a recent Supreme Court ruling in a similar case.
HiQ Labs, founded in 2012 in Silicon Valley, scrapes publicly available data, including LinkedIn member updates, and analyzes it to predict when workers are likely to quit their jobs. It then sells its conclusions to employers.
In May 2017, LinkedIn tried to block HiQ’s access with a cease-and-desist order. HiQ fought back and won a court injunction against the ban, despite LinkedIn’s arguments that HiQ’s data scraping violated the Computer Fraud and Abuse Act (CFAA) of 1986.
The CFAA aims at anyone who “intentionally accesses a computer without authorization or exceeds authorized access.”
A lower court found that the CFAA didn’t apply to HiQ because the firm scraped information available to the general public. The 9th Circuit agreed.
LinkedIn appealed to the Supreme Court in the fall of 2019, and it’s been in the queue ever since.
In recent weeks, LinkedIn’s case appeared to dim when the Supreme Court handed down a ruling in a case that went against a data owner in favor of a misbehaving user. Van Buren vs. the United States concerned a Georgia patrol officer who retrieved license-plate information from state archives and sold it to the third party. Though all parties agreed what he’d done violated police policy, the Supreme Court determined the officer didn’t violate the CFAA because Van Buren had authorized access to the data in question.
But on June 7, LinkedIn filed a petition arguing the Van Buren ruling did not define what “authorized access” meant. LinkedIn said the ruling left open whether such access was defined only by technological, “code-based” restrictions or whether it can also encompass limits contained in contracts or policies — such as LinkedIn’s cease-and-desist order.
Several months ago, the Electronic Privacy Information Center filed an amicus brief in support of LinkedIn’s case.
Megan Iorio, a lawyer at the center, told the AIM Group by email:
“The Supreme Court’s interpretation of the CFAA in Van Buren depends on the authorization of the individual, not on the general public’s default authorization. LinkedIn has a strong argument that it revoked HiQ’s authorization to access LinkedIn’s servers by blocking the company’s computers from accessing its servers and sending a cease-and-desist letter. The Ninth Circuit will now have to directly confront this argument.”
Orin Kerr, a data-privacy expert who teaches at the University of California, Berkeley, seemed to agree that the case hinges on this point. He wrote on Twitter, “Does a cease-and-desist letter close the gate that makes a public website off-limits to its recipient, so that visiting is like hacking in? Or does putting information out there in public where everyone has access an open gate that authorizes everyone to visit the public URL?”
The issues at stake have gained greater urgency in light of the controversy around Clearview AI, a firm that builds facial-recognition software for surveillance systems. The company bases the technology on publicly available photos without direct permission from the subjects.
“Since the Ninth Circuit’s decision, news about Clearview AI … has changed the discussion around the privacy interests in ‘publicly available’ data,” Iorio wrote. “LinkedIn has a chance to relitigate the CFAA claims in light of the threat from Clearview AI and others who would scrape users’ personal information to use for nefarious purposes.”
After the Ninth Circuit retries the case, the Supreme Court has indicated it will hear any appeal that may result. However, the high court could simply vacate its writ of certiorari and let the new decision stand.
The AIM Group asked HiQ Labs and its attorneys for comments but has not heard back. We will update this article when we do.