Yet another “data scraping” case is percolating in the Northern District of California. Craigslist has sued the online aggregator 3Taps, Inc. (and others), claiming that they illegally copied Craigslist’s classified apartment listings. In effect, 3Taps was attempting to disintermediate Craigslist—to insert itself between Craigslist and its users.
3Taps filed a motion to dismiss the multiple claims asserted in the suit, most of which was denied in the decision linked below.
Of particular interest is the court’s refusal to dismiss Craigslist’s claim that 3Taps violated the Computer Fraud and Abuse Act (CFAA), a controversial federal “anti-hacker” statute that has been interpreted in conflicting ways by the federal courts (see an earlier post on this topic here), and which was the law Aaron Schwartz was accused of violating (contributing, many believe, to his suicide earlier this year).
The CFAA permits a civil cause of action against any person who “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains . . . information from any protected computer.” 18 U.S.C. § 1030(a)(c). Craigslist has alleged that 3Taps’ use of Craigslist’s listings violated a cease and desist letter Craigslist sent to 3Tap prohibiting it from republishing the listings. The court found that 3Taps’ continued use was a potential violation of the CFAA as the Ninth Circuit has interpreted that statute, and denied 3Taps’ motion to dismiss that claim.
This ruling is consistent with decisions in the First Circuit, the federal circuit which includes Massachusetts. (See, e.g., EFF Cultural Travel v. Explorica, 1st Cir. 2001).
Although the California district court denied 3Tap’s motion to dismiss the CFAA claim, it expressed its concerns around the policy issues raised by Craigslist’s CFAA claim in this case. Quoting from the opinion:
The parties have not addressed a threshold question of whether the CFAA applies where the owner of an otherwise publicly available website takes steps to restrict access by specific entities, such as the owner’s competitors. “Some commentators have noted that suits under anti-hacking laws have gone beyond the intended scope of such laws and are increasingly being used as a tactical tool to gain business or litigation advantages.” … The CFAA was passed in 1986, well before the development of the modern internet, and originally only covered certain computers operated by the federal government or financial institutions. … Although courts in this district have held that the CFAA may apply to unauthorized access to websites, the parties have not cited a case from this district or the Ninth Circuit addressing its application to information that is generally available to the public. … Applying the CFAA to publicly available website information presents uncomfortable possibilities. Any corporation could subject its competitors to civil and criminal liability for visiting its otherwise publicly available home page; in theory, a major news outlet could seek criminal charges against competing journalists for reading articles on its website.
These comments are a reflection of the Ninth Circuit’s concerns about the application of this statute, as described in the Ninth Circuit’s high-profile 2012 en banc decision in U.S. v. Nosal.
Last year (when this suit was filed) Professor Eric Goldman provided a trenchant analysis of the business issues facing Craigslist which motivated it to bring this lawsuit. He concluded, “even though it might look like Craigslist is making bizarre moves, I think its moves are quite rational. They’re exactly the kind of moves you’d expect from a panicked company realizing its uncomfortably precarious marketplace position.”