On The Case

HiQ v. LinkedIn: Does First Amendment limit application of computer fraud law?

(Reuters) - In 1986, when Congress enacted the Computer Fraud and Abuse Act, the Internet was still in its larval stage. Some U.S. government agencies communicated via the Defense Department’s Arpanet, the Internet’s precursor. Universities and research centers were just starting to network with the government and each other. Commercial Internet service providers didn’t exist. Tim Berners-Lee hadn’t yet published his revolutionary proposal to link computers around the world to share information. Mark Zuckerberg was 2 years old.

The CFAA, in other words, was not written to answer the question posed in litigation between the data analytics company hiQ and the social media site LinkedIn: Does a social media site control access to information its users post publicly? As I’ve previously explained, hiQ’s business is to sell employers data analysis bases on their employees’ public LinkedIn profiles. LinkedIn believes hiQ’s data harvesting violates its rules. In May, LinkedIn sent hiQ a cease-and-desist letter advising the data company that LinkedIn had blocked its access to members’ profiles. If hiQ attempted to circumvent the block, LinkedIn said, it could face prosecution under the 1986 computer fraud law, which criminalizes unauthorized access to a computer.

Last month, hiQ sued LinkedIn, seeking an injunction to allow hiQ to continue scraping public data from LinkedIn. LinkedIn is allowing hiQ access while the litigation moves forward, but hiQ’s CEO, Mark Weidick, has said (including to me in an interview Tuesday) that his business probably won’t survive if it loses its case against LinkedIn.

But hiQ’s fate is hardly the only consequence of the case. U.S. District Judge Edward Chen of San Francisco, who presided last week over a hearing on hiQ’s motion for a preliminary injunction, will have to decide whether the CFAA is in tension with the First Amendment. Can private Internet companies use the CFAA to control access to public information? Or does the doctrine of constitutional avoidance preclude interpreting the 1986 law in a way that implicates the First Amendment?

It’s no accident that both hiQ and LinkedIn brought in top-notch constitutional lawyers to argue at last week’s hearing. Former U.S. Solicitor General Donald Verrilli of Munger Tolles & Olson represented LinkedIn, which contends hiQ has no First Amendment right of access to LinkedIn’s computer servers. Under the 9th Circuit’s interpretation of the CFAA, LinkedIn argued, hiQ is akin to a trespasser who has been warned to go away.

Verrilli drew an analogy between LinkedIn’s publicly available profiles and books in a public library. “You go and get books and other information and material from the public library, but the fact that the information’s available to the public in that sense doesn’t mean that you can break into the library with a crowbar at two in the morning because you’re seized with a desire to read ‘Moby Dick’,” Verrilli said. “It doesn’t mean that you can take a book out, when you’re supposed to return it in two weeks, and keep it for a year, because you want that information. It doesn’t mean if your library privileges have been revoked for abusing the rules, that you can show a fake ID at the door to get back in. The information’s public, but it’s subject to conditions.”

Verrilli’s library comparison was sufficiently compelling that hiQ’s constitutional heavyweight, Harvard professor Laurence Tribe, took care to counter it. Library books, he said, used to have borrowing cards in the back of books showing how often books were checked out. A borrower could presumably could have looked at those cards to figure out which books were most popular – a rudimentary form of the data analytics hiQ performs. LinkedIn, in Tribe’s analogy, is trying to use the threat of government prosecution under the CFAA to bar hiQ from looking at an electronic equivalent of those old-school library book cards.

“For the government to make it a crime for me to make use of that information because they want to be the … exclusive distributors of information about what’s popular to read would, of course, be unconstitutional,” Tribe said. “That’s the setting in which I want to put this case.”

According to hiQ, which is also represented by Farella Braun & Martel, LinkedIn’s trespassing comparisons don’t apply because hiQ never ventured beyond public LinkedIn profiles. The data company didn’t use someone else’s password to access LinkedIn, for example, or hack LinkedIn servers. HiQ argued that social media sites like Facebook, LinkedIn and Twitter are modern-day public forums, as the U.S. Supreme Court just held in June, in Packingham v. North Carolina. The CFAA, hiQ contends, cannot be read to give LinkedIn the power to use government authority to suppress the public flow of information.

“Giving any powerful entity, public or private, the ability to choke off, at its discretion, speech … is a dangerous path down which we should not go,” Tribe said at the hearing.

Judge Chen, who previously presided over one of the 9th Circuit’s landmark CFAA cases, U.S. v. Nosal, was admirably engaged with both sides’ lawyers during oral argument, thanking them at the end of the hearing for their “superb” presentations. He promised a quick decision, since, as he said, “I've got a feeling it's not going to end here.”

I’ve got a feeling he’s right about that.