New Media and Technology Law Blog

Category Archives: Computer Fraud and Abuse Act

Subscribe to Computer Fraud and Abuse Act RSS Feed

District Court Decision Brings New Life to CFAA to Combat Unwanted Scraping

On October 24, 2022, a Delaware district court held that certain claims under the Computer Fraud and Abuse Act (CFAA) relating to the controversial practice of web scraping were sufficient to survive the defendant’s motion to dismiss. (Ryanair DAC v. Booking Holdings Inc., No. 20-01191 (D. Del. Oct. 24, 2022)). The opinion potentially breathes life … Continue Reading

App Store Protected by CDA Immunity (and Limitation of Liability) for Losses from Fraudulent Crypto Wallet App

In a recent ruling, a California district court held that Apple, as operator of that App Store, was protected from liability for losses resulting from that type of fraudulent activity. (Diep v. Apple Inc., No. 21-10063 (N.D. Cal. Sept. 2, 2022)). This case is important in that, in a motion to dismiss, a platform provider … Continue Reading

DOJ Revises Policy for CFAA Prosecution to Reflect Developments in Web Scraping and Other Matters

On May 19, 2022, the Department of Justice (DOJ) announced that it had revised its policy regarding prosecution under the federal anti-hacking statute, the Computer Fraud and Abuse Act (CFAA). Since the DOJ last made changes to its CFAA policy in 2014, there have been a number of relevant developments in technology and business practices, … Continue Reading

Supreme Court Ends Long-Running Circuit Split over CFAA “Exceeds Authorized Access” Issue, Adopting a Narrow Interpretation That Will Reverberate in Scraping Disputes and Litigation over Departing Employees

In a closely-watched appeal, the Supreme Court, in a 6-3 decision, reversed an Eleventh Circuit decision and adopted a narrow interpretation of “exceeds unauthorized access” under the Computer Fraud and Abuse Act (CFAA), ruling that an individual “exceeds authorized access” when he or she accesses a computer with authorization but then obtains information located in … Continue Reading

Plaid Federal Electronic Surveillance Claims Dropped, Privacy Claims Survive

On April 30, 2021 a California district court trimmed various federal privacy-related claims, including the Computer Fraud and Abuse Act (CFAA) claim, from a highly-visible, ongoing putative class action against fintech services company Plaid Inc. (“Plaid”), but allowed other state law privacy claims to go forward.  The lawsuit involves Plaid’s alleged collection and use of … Continue Reading

Supreme Court Hears Oral Argument in Its First CFAA Case

On November 30, 2020, the Supreme Court held oral argument in its first case interpreting the “unauthorized access” provision of the Computer Fraud and Abuse Act (CFAA). The CFAA in part prohibits knowingly accessing a computer “without authorization” or “exceeding authorized access” to a computer and thereby obtaining information and causing a “loss” under the … Continue Reading

Important Developments (Including Supreme Court Review) in the Interpretation of the Computer Fraud and Abuse Act

We continue to wait to see if the Supreme Court will accept LinkedIn’s petition to overturn the Ninth Circuit’s blockbuster ruling in the hiQ Labs case.  In that case, the appeals court held that an entity engaging in scraping of “public” data had shown a likelihood of success on its claim that such access does … Continue Reading

Circuit Court Denies LinkedIn’s Petition for En Banc Review of hiQ Scraping Decision

Last month, LinkedIn Corp. (“LinkedIn”) filed a petition for rehearing en banc of the Ninth Circuit’s blockbuster decision in hiQ Labs, Inc. v. LinkedIn Corp., No. 17-16783 (9th Cir. Sept. 9, 2019). The crucial question before the original panel concerned the scope of Computer Fraud and Abuse Act (CFAA) liability to unwanted web scraping of publicly available social media … Continue Reading

LinkedIn Petitions Circuit Court for En Banc Review of hiQ Scraping Decision

On October 11, 2019, LinkedIn Corp. (“LinkedIn”) filed a petition for rehearing en banc of the Ninth Circuit’s blockbuster decision in hiQ Labs, Inc. v. LinkedIn Corp., No. 17-16783 (9th Cir. Sept. 9, 2019). The crucial question before the original panel concerned the scope of Computer Fraud and Abuse Act (CFAA) liability to unwanted web … Continue Reading

In Blockbuster Ruling, Ninth Circuit Affirms hiQ Injunction — CFAA Claim Likely Not Available for Scraping Publicly Available Website Data

In a ruling that is being hailed as a victory for web scrapers and the open nature of publicly available website data, the Ninth Circuit today issued its long-awaited opinion in hiQ Labs, Inc. v. LinkedIn Corp., No. 17-16783 (9th Cir. Sept. 9, 2019). The crucial question before the court was whether once hiQ Labs, … Continue Reading

CFAA Claim Dismissed in Scraping Suit, While Contract Claim Survives

This month, an Illinois district court considered another in the series of web scraping disputes that have been working their way through our courts.  In this dispute, CouponCabin, Inc. v. PriceTrace, LLC, No. 18-7525 (N.D. Ill. Apr. 11, 2019), CouponCabin alleged that a competitor, PriceTrace, scraped coupon codes from CouponCabin’s website without authorization and displayed … Continue Reading

“Cyberattack” Campaign That Purportedly Flooded YouTube Channel with “Dislikes” Not a CFAA Violation

A recent dispute between an advertiser AXTS Inc. (“AXTS”) and a video production company GY6vids (“GY6”) produced an interesting issue involving the federal Computer Fraud and Abuse Act (CFAA) – that is, whether an entity that allegedly overloaded another company’s YouTube channel content with a flood of “dislikes” following a contractual dispute is liable under … Continue Reading

CFAA and Breach of Contract Claims Dismissed in Website Data Scraping Suit

UPDATE: On November 1, 2018, the court dismissed the plaintiff’s amended complaint (which apparently dropped the CFAA claim and asserted Lanham Act and DMCA claims).  Specifically, the plaintiff asserted, among other things, that defendant removed the copyright management information (CMI) from plaintiff’s listings and website source code. The court ruled that plaintiff failed to show … Continue Reading

Court Denies TRO against Data Scraper That Accessed Private Database via Registered Accounts

UPDATE:  On October 22, 2018, the court denied the defendant’s CEO’s motion to dismiss for lack of personal jurisdiction. Subsequently, on January 2, 2019, the parties settled the matter and stipulated to a dismissal of the case. This past week, a Texas district court denied a bid from a web service for a temporary restraining … Continue Reading

Researchers May Challenge the Constitutionality of the CFAA “Access” Provision as Applied to Web Scraping

Such Scraping “Plausibly Falls within the Ambit of the First Amendment” The Ninth Circuit is currently considering the appeal of the landmark hiQ decision, where a lower court had granted an injunction that limited the applicability of the federal Computer Fraud and Abuse Act (CFAA) to the blocking of an entity engaging in commercial data … Continue Reading

Data Aggregator Seeks Ruling Allowing It to Scrape Public LinkedIn Data

UPDATE:  On February 22, 2018, the district court granted 3taps’s motion to relate its action to the ongoing hiQ v. LinkedIn litigation. This motion was based upon a local Northern District of California rule that holds that cases should be related when the actions concern substantially the same parties, transaction or event, and there would … Continue Reading

CFAA “Unauthorized Access” Web Scraping Claim against Ticket Broker Dismissed Because Revocation of Access Not Expressed in Cease and Desist Letter

A California district court issued an important opinion in a dispute between a ticket sales platform and a ticket broker that employed automated bots to purchase tickets in bulk. (Ticketmaster L.L.C. v. Prestige Entertainment, Inc., No. 17-07232 (C.D. Cal. Jan. 31, 2018)). For those of us who have been following the evolution of the law … Continue Reading
LexBlog

This website uses third party cookies, over which we have no control. To deactivate the use of third party advertising cookies, you should alter the settings in your browser.

OK