The IP Law Blog

Focusing on legal trends in data security, cloud computing, data privacy, and anything E

LinkedIn Profiles and the Applicability of the Computer Fraud and Abuse Act

Posted in Cyberspace Law, IP, Privacy, Web/Tech

LinkedIn is a popular professional networking website with more than half a billion members. Many of its users, in an effort to enhance their networking capabilities, make their profile public and available to anyone to review their personal details such as their employment, education, skill sets and other personal information. Although LinkedIn disclaims any ownership of the information its users post, this information has enormous value in the online marketplace.

For instance, web analytics companies have “harvested” this information for the purpose of analyzing it and/or selling their resulting analyses to third parties. One such company, HiQ Labs is a data analytics company that uses automated bots to harvest or “scrape” information from LinkedIn’s publicly available profiles, including data like names, job titles, work history and skills. HiQ Labs uses this information for two analytical products: (1) “Keeper,” which is used by employers to identify which employees are at the greatest risk of being recruited away so that they may take preventive measures; and (2) “Skill Mapper,” which aggregates the skill sets of employees in a particular workforce so that employers can determine where they may have “skill gaps.”

In May 2017, LinkedIn sent a cease and desist letter to HiQ Labs stating that it must stop accessing and copying data from LinkedIn’s servers and stated that LinkedIn would consider HiQ to be in violation of the Computer Fraud and Abuse Act (“CFAA”) (as well as other state and federal laws) if it continued its “scraping” activities. LinkedIn also warned HiQ that it had “implemented technical measures to prevent HiQ from accessing and assisting others to access LinkedIn’s site through systems that detect, monitor and block scraping activity.”

HiQ sued LinkedIn and sought a preliminary injunction preventing LinkedIn from taking these actions, claiming that they violated California law. HiQ also sought declaratory relief that LinkedIn could not invoke the CFAA (or other similar statutes) to shut down HiQ’s efforts. The District Court granted HiQ a preliminary injunction against LinkedIn after finding that HiQ had demonstrated a substantial likelihood of prevailing on the merits of its claims against LinkedIn and would suffer severe irreparable injury, i.e., the loss of its business model if such injunctive relief was not granted. LinkedIn immediately appealed this ruling to the Ninth Circuit.

After finding that the District Court did not abuse its discretion in finding the presence of irreparable harm, as well as the likelihood that HiQ would prevail under various state theories, the Ninth Circuit turned its attention to the applicability of the CFAA and whether LinkedIn could invoke it in an attempt to preempt HiQ’s state law claims. The CFAA prohibits a person or entity from “intentionally access[ing] a computer without authorization or exceed[ing] authorized access, … thereby obtain[ing] … information from any protected computer.…” (18 U.S.C. § 1030(a)(2).) The CFAA provides various criminal penalties and civil liability for violations of its provisions.

Under the CFAA, almost any computer that is attached to the internet is covered as a “protected computer.” This would include the servers that LinkedIn used to host its members’ public profiles from which HiQ Labs would “scrape” data.

The primary issue that the Ninth Circuit considered was whether the sending of the cease and desist letter by LinkedIn to HiQ Labs meant that any further access of LinkedIn’s public member profiles by HiQ constituted access “without authorization” in violation of the CFAA. The Ninth Circuit began by recognizing that in other contexts, it had recognized that “without authorization” should have a non-technical meaning, essentially meaning the accessing of “a protected computer without permission.” For instance, in United States v. Nosal, 844 F.3d 1024 (9th Cir. 2016), the Ninth Circuit had held that an employee who used other employees’ log-in credentials to access his former employer’s computer system had accessed a “protected computer” “without authorization” in violation of the CFAA. HiQ Labs argued that where access to the computer information is open to the general public (such as LinkedIn’s public member profiles), CFAA’s requirement of “without authorization” was not applicable. The Ninth Circuit agreed with this reasoning, or in any event, concluded that it had “raised a serious question as to this issue” so that the District Court did not err in granting the injunction.

Next, the Ninth Circuit examined the CFAA’s legislative history and concluded that it also supported its decision. It noted that the CFAA “was enacted to prevent intentional intrusion onto someone else’s computer – specifically, computer hacking.” For instance, the original CFAA, in 1984, was limited to a narrow range of computers, primarily those containing national security information and financial data, or those operated by the government. In 1996, the CFAA was brought into any “protected computer” in order “to increase protection for the privacy and confidentiality of computer information.” The Ninth Circuit reasoned that “the CFAA is best understood as an anti-intrusion statute and not as a `misappropriation statute.'”

The Ninth Circuit also distinguished two cases, the Nosal case and Power Ventures v. Facebook, 844 F.3d 1058 (9th Cir. 2016), upon which LinkedIn was relying. The Court easily distinguished Nosal by finding that Nosal had used other employees’ log-in credentials to access his former employer’s computers. Thus, the computer information that was accessed was “plainly one which no one could access without authorization.”

Likewise, in the Power Ventures v. Facebook case, Power Ventures had developed tools to circumvent I.P. barriers and gain access to password-protected Facebook profiles. Thus, Power Ventures was accessing data on Facebook servers that were protected by Facebook’s user name/password authentication system, which the Court reasoned was distinguishable from what HiQ was doing by “scraping” publicly available information.

The Ninth Circuit also stated that its limitation on the applicability of the CFAA to publicly available computer information was similar to its analysis of cases brought under the Stored Communication Act (“S.C.A.”), which contains a similar “without authorization” provision. Furthermore, given that the CFAA provides for criminal penalties (as well as civil liability), the “rule of lenity” favored adopting a narrow interpretation of the CFAA’s “without authorization” provision. Thus, the Ninth Circuit concluded that when a computer network generally permits public access to its data, especially given that LinkedIn claimed to have no ownership of the information posted by its users, the Court will generally find that no violation of the CFAA. The Ninth Circuit noted, however, that there could be other remedies available to LinkedIn for this type of conduct, including copyright infringement, misappropriation, unjust enrichment, and/or breach of privacy.

The Ninth Circuit’s decision in HiQ demonstrates that the Ninth Circuit is willing to place some limitations as to the scope of the CFAA’s applicability. However, given that the case is still in its preliminary stages, it is possible that the Court will allow LinkedIn to pursue other legal theories in an attempt to try to stop HiQ from “scraping” its publicly available member profiles. Stay tuned.

Landlords – Watch out for Trademark-Infringing Tenants!

Posted in IP, Trademark Law

Landlords whose tenants sell counterfeit goods can be liable for trademark infringement if they have knowledge of the infringing acts or are willfully blind to the infringement.

In Luxottica Group v. Airport Mini Mall, LLC, 932 F.3d 1303 (11th Cir. August 2019), Oakley, Inc. and its parent Luxottica sued the owners of a shopping mall in Georgia for contributory trademark infringement under the Lanham Act (15 U.S.C. §1114).  Luxottica and Oakley make and sell high-end sunglasses under the Ray-Ban and Oakley trademarks.  Continue Reading

Federal Circuit Invalidates Garage Door Opener Patent Because It Is an Abstract Idea

Posted in IP, Patent Law

Have you ever driven away from your home and then had that irritating doubt in your mind as to whether you remembered to close your garage door? I know I have. No matter how hard I try to search my brain’s archives, I really don’t remember whether I closed the garage door even though I close it 99.9% of the time! In that moment, you wish there was a way to check that doesn’t require turning around and going back home to see if you really left the house wide open for anyone to walk in.

Well The Chamberlain Group, Inc. (“Chamberlain”) thought it had patented an invention that could help with this type of problem—a garage door opener that wirelessly transmits information such as whether the door is open or closed. See U.S. Patent No. 7,224,275 (the “’275 Patent”). Specifically, the patent “relates to an apparatus and method for communicating information about the status of a movable barrier, for example, a garage door.” Continue Reading

The USPTO Denies Tom Brady’s Application to Register TOM TERRIFIC

Posted in IP, Trademark Law

The USPTO recently refused legendary quarterback Tom Brady’s application to register the mark TOM TERRIFIC. If you’re like me, you’re wondering why Tom Brady would want to register such a trademark. Well, according to Brady, he wanted to obtain the rights to the mark to prevent people from referring to him by that nickname. But that response isn’t satisfactory for those of us who know about trademark law for a couple of reasons. Continue Reading

Supreme Court Ruling In Pirate Ship Copyright Case Could Sink State Immunity

Posted in Copyright Law, IP

The Supreme Court is set to hear the case of Allen v. Cooper which addresses the constitutionality of the Copyright Remedy Clarification Act (“CRCA”). The purpose of the CRCA is to abrogate sovereign immunity enjoyed by States and State actors under the Eleventh Amendment for claims of copyright infringement. The CRCA provides as follows: Continue Reading

Federal Circuit Holds IPR Proceedings on Pre-AIA Patents is Not an Unconstitutional Taking Under the Fifth Amendment

Posted in IP, Patent Law

In CELGENE CORPORATION v. PETER, the Federal Circuit recently affirmed the PTAB’s decisions finding appealed claims obvious. However, more importantly, the Federal Circuit also held that the retroactive application of IPR proceedings to pre-AIA patents is not an unconstitutional taking under the Fifth Amendment.

Regarding the constitutional issue of whether the retroactive application of IPRs to pre-AIA patents is an unconstitutional taking, the Federal Circuit noted that The Supreme Court left open this challenge with
the following passage near the end of its decision in Oil States Energy Servs., LLC v. Greene’s Energy Grp., LLC, 138 S. Ct. 1365, 1379 (2018) as follows: Continue Reading

Ninth Circuit Inquiry on Non-Competes Could Have Huge Implications

Posted in IP

The Ninth Circuit recently asked the California Supreme Court to provide it with guidance concerning certain types of non-compete provisions that could have huge ramifications for California’s business environment.  In essence, the Ninth Circuit asked the California Supreme Court whether section 16600 of the California Business and Professions Code bars agreements between businesses that place a restriction on one business from doing business with another.  Depending on how the California Supreme Court answers the inquiry, the result could have a massive impact on a wide range of agreements in California such as franchise agreements, manufacturer/distributor agreements, joint ventures, etc. Continue Reading

Do Your Homework Before Suing for Patent Infringement!

Posted in IP, Patent Law

The federal patent laws provide for an award of attorneys’ fees to the prevailing party in exceptional patent infringement cases.  35 U.S.C. §285.  An exceptional case is determined based on the totality of the circumstances.  A case can be exceptional due to a substantive legal position taken by a party or a party’s unreasonable litigation tactics.  Courts can and will award attorneys’ fees to a prevailing defendant if the plaintiff was not justified in filing a patent infringement suit in the first place by failing to conduct a proper investigation of infringement before filing suit. Continue Reading

Rule Change Requires U.S. Counsel for Foreign-Domiciled Trademark Applicants

Posted in IP, Trademark Law

The United States Patent and Trademark Office (the “USPTO”) explains that

“A trademark is a brand name. A trademark or service mark includes any word, name, symbol, device, or any combination, used or intended to be used to identify and distinguish the goods/services of one seller or provider from those of others, and to indicate the source of the goods/services.”

Continue Reading

Goodbye Majestic Yosemite Hotel, Welcome Back Ahwahnee Hotel

Posted in Intellectual Property Litigation, IP

A few years ago, when the concessionaire for Yosemite National Park (the “Park”), Delaware North, was informed that the Park planned to consider other concessionaires, such as Aramark, Delaware North responded in shocking fashion. Delaware North responded that if it was going to be replaced as the concessionaire, it intended to take the Park’s intellectual property (the “IP”), such as the Ahwahnee Hotel and Curry Village, with it unless it was paid $51 million for the IP. Although the Park disputed Delaware’s claim to the IP, it changed the names of certain venues such as the Ahwahnee Hotel, Curry Village, Badger Pass Skin Run, and the Wawona Hotel. The sites were renamed the Majestic Yosemite Hotel, Half Dome Village, Yosemite Ski and Snowboard Area, and Big Trees Lodge. Continue Reading