This past week, the Supreme Court denied the petitions for certiorari in two noteworthy Ninth Circuit decisions that had interpreted the scope of liability under the federal Computer Fraud and Abuse Act (CFAA) in the context of wrongful access of company networks by employees and in instances involving unwanted data scraping from publicly available websites. (See Power Ventures, Inc. v. Facebook, Inc., 844 F.3d 1058 (9th Cir. 2016), cert. denied (Oct. 10, 2017); Nosal v. U.S., 828 F.3d 865 (9th Cir. 2016) (Nosal II), cert. denied (Oct. 10, 2017)).   Power Ventures involved a social media aggregation service that scraped Facebook user data with the permission of the user. There, the appeals court had held that while a violation of the terms of use of a website—without more—cannot be the basis for liability under the CFAA, a commercial entity that accesses a public website after permission has been explicitly revoked can be civilly liable under the CFAA.  In Nosal II, the Ninth Circuit had ruled that a former employee, whose access has been revoked, and who uses a current employee’s login credentials to gain network access to his former company’s network, violated the CFAA.

With the Court declining to review, this important pair of rulings about the breadth of CFAA liability will stand.  What will be interesting – especially with respect to the nuanced issues surrounding CFAA liability for data scraping – is how the Ninth Circuit will clarify or refine its Power Ventures holding when it considers the appeal of the recent landmark decision from the Northern District of California in hiQ Labs, Inc. v. LinkedIn, Corp., 2017 WL 3473663 (N.D. Cal. Aug. 14, 2017), a ruling that distinguished Power Ventures and appeared to limit the applicability of the CFAA as a tool against scraping.