In September 2019, the Ninth Circuit held that hiQ Labs, Inc.’s (“hiQ”) collection and use of information that LinkedIn users shared on their public profiles did not violate the Computer Fraud and Abuse Act (“CFAA”) because the data was publicly available and therefore did not fall within the scope of the CFAA. Following the Ninth Circuit’s order, the Supreme Court issued a decision in Van Buren v. United States, wherein the Supreme Court held, in a 6-3 ruling, that a former Georgia police officer did not “exceed authorized access” within the meaning of the CFAA by accessing a state law enforcement computer database containing license plate information to determine whether an individual was an undercover officer. The Supreme Court concluded that an individual “exceeds authorized access” when he accesses a computer with authorization but then obtains information located in particular areas of that computer—such as files, folders, or databases—that are off-limits to him.
Continue Reading Ninth Circuit Reaffirms that Data Scraping from Public Websites Does Not Violate the Computer Fraud and Abuse Act
Supreme Court Resolves Circuit Split on Access Under Computer Fraud and Abuse Act
In a long-awaited decision, the Supreme Court resolved a circuit split about whether an individual with access to a computer system violates the Computer Fraud and Abuse Act (“CFAA”) by accessing information for an improper purpose. By a 6-3 decision authored by Justice Barrett, the Court held that an individual does not “exceed authorized access” within the meaning of the CFAA by misusing access to obtain information that is otherwise available to that person. While the case heard by the high court was a criminal case involving a former law enforcement officer’s criminal conviction, the decision nonetheless has broad ramifications for trade secrets and restrictive covenant litigation, as CFAA claims were often brought against employees who misused access rights to misappropriate information. The CFAA is a criminal statute that also provides a civil remedy, and CFAA claims were commonly raised to acquire federal subject matter jurisdiction, especially prior to the enactment of the Defend Trade Secrets Act in 2016, which provided an independent private cause of action in federal court for trade secret misappropriation.
Continue Reading Supreme Court Resolves Circuit Split on Access Under Computer Fraud and Abuse Act