Craigslist has used a variety of technological and legal methods to prevent unauthorized parties from violating its terms of use by scraping, linking to, or accessing user postings for their own commercial purposes. For example, in April, craigslist obtained a $60.5 million judgment against a real estate listings site that had allegedly received scraped craigslist data from another entity. And craigslist recently reached a $31 million settlement and stipulated judgment with Instamotor, an online and app-based used car listing service, over claims that Instamotor scraped craigslist content to create listings on its own service and sent unsolicited emails to craigslist users for promotional purposes. (Craigslist, Inc. v. Instamotor, Inc., No. 17-02449 (Stipulated Judgment and Permanent Injunction Aug. 3, 2017)).
In its complaint, craigslist alleged that Instamotor violated craigslist’s terms of use by scraping user content from craigslist’s site to populate used car listings on its own service. Craigslist alleged that this caused complaints from craigslist users who listed their vehicles for sale exclusively on craigslist, only to later discover that their listings and contact information were being posted on Instamotor without their consent.
Craigslist also alleged that Instamotor sent unsolicited commercial emails to promote its services through craigslist’s system to users whose listings were scraped (Instamotor purportedly used a “white-listed mail service…disguising the messages’ true origin” to bypass craigslist spam prevention tools). In fact, craigslist alleged that defendant hired a team based in the Philippines to extract content, send emails to craigslist users to seek additional information about their user car listings without disclosing their affiliation with Instamotor.
The complaint further alleged that Instamotor had posted at least fifty ads to craigslist, thereby affirmatively agreeing to craigslist’s terms of use. Craigslist’s terms of use, among other things, prohibits “robots, spiders, scripts, scrapers, crawlers, etc.,” along with “misleading, unsolicited, unlawful, and/or spam postings/email.”
Based on the foregoing, craigslist brought multiple claims including breach of contract and CAN-SPAM (and related claims under state anti-spam law), and sought an injunction prohibiting Instamotor from scraping craigslist’s site and sending its users spam. Craigslist did not allege a violation of the Computer Fraud and Abuse Act (the “CFAA”). The timing is interesting, as shortly after this stipulated judgment was entered, the Northern District of California granted a preliminary injunction against LinkedIn, finding that LinkedIn was unlikely to prevail against a data scraper on a CFAA claim. (See hiQ Labs, Inc. v. LinkedIn, Corp., 2017 WL 3473663 (N.D. Cal. Aug. 14, 2017)).
As part of the stipulated judgment, Instamotor agreed to a $31 million monetary judgment for breach of craigslist’s terms of use and violations of CAN-SPAM. It also agreed to a permanent injunction barring it, or a third party on its behalf, from accessing, scraping or harvesting craigslist content via automated means and thereafter distributing craigslist content and user information. Interestingly, the stipulation expressly states there are no exceptions for prohibited access and use of craigslist data, including any claims of fair use or implied license. The injunction also bars defendant from “directly or indirectly circumventing technological measures that control access to any craigslist website,” including IP address blocks and sets of instructions communicated via robots.txt files. In addition, the defendant, or a third party acting on its behalf, is prohibited from sending or paying others to send spam emails to any craigslist email addresses, user, member or poster in violation of the CAN-SPAM Act. Lastly, the defendant agreed to delete any craigslist data in its possession.
With this latest litigation victory by craigslist, particularly in view of the decision in LinkedIn, the law surrounding data scraping continues to evolve. As articulated in LinkedIn, many advocate that content on publicly-available websites is implicitly free to harvest and exploit, while web services hosting valuable user-generated content or other data typically wish to exercise control over which parties can access and use it for commercial purposes. Moreover, hedge fund managers and other investors are increasingly collecting and analyzing big data to discover usable investment insights, including such data obtained from web scraping. If anything, this latest settlement should inform entities involved in scraping activities of the importance of understanding the range of prohibitions contained in a website or app’s terms of use, the effect of opening an account and agreeing to a site’s terms, and the possible legal issues that can arise when a site’s technical protective measures are bypassed.