Varied Rulings on 'Screen Scraping'

By Kenneth A. Adler
August 01, 2003

The courts continue to wrestle with how to map existing law onto the shifting terrain of computer technology. And it appears that new controversies are arising faster than judicial consensus can form. One of the latest controversies surrounds “screen scraping,” a process by which a software program simulates a user's interaction with a Web site to access information stored on that site. A screen scraper not only can enter the information a human user would, but also can capture the Web site's replies. This facility may include the ability to extract substantial portions of data stored on the site ' and therein lies the beginning of the controversy.

Many users welcome scrapers. Scrapers can permit a user to enter certain information once, such as user names and passwords. With the push of a button, the scraper software is sent off to access various third-party Web sites to which the user subscribes, automatically input the appropriate information, and retrieve the desired information from these sites. This relieves the user from having to endure the tedium of individually accessing each Web site and manually and serially entering in repetitive information.

Controversy arises, however, when commercial entities use scraping software to collect substantial amounts of information from their competitors' Web sites, even when the information is provided to the public and is readily obtainable by manual means by individual inquiry. Several courts have addressed a company's use of such related technologies as “spiders,” “robots,” and “Web crawlers” to gather information from a competitor's Web site.

Notably, many of these decisions have relied upon the law of trespass in determining whether such access is actionable. Compare, eg, Ticketmaster Corp. v. Tickets.Com Inc., 2000 U.S. Dist. LEXIS 12987, (C.D.Calif. Aug. 10, 2000), aff'd 248 F.3d 1173 (9th Cir. 2001) (finding that a trespass claim based upon Web crawling had “some merit” but not enough to justify the issuance of a preliminary injunction), with eBay Inc. v. Bidder's Edge Inc., 100 F. Supp.2d 1058 (N.D. Calif. 2000) (finding that a Web crawler's generation of 80,000 to 100,000 requests a day to a Web site constituted a trespass to chattels) and Oyster Software v. Forms Processing, 2001 U.S. Dist. LEXIS 22520 (N.D. Calif. Dec. 6, 2001) (although Web crawlers placed only a “negligible” load on a Web site's servers, no more than mere “use” of a plaintiff's computer system was necessary to establish a trespass claim).

Two recent decisions, one in the U.S. Court of Appeals for the 1st Circuit and another in a trial court in Texas, squarely address claims against screen scraping activity. Yet the issue is presented under different legal theories in each case. The 1st Circuit analyzes screen scraping under the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. '1030 (2000), while the Texas court, like those in the cases cited above, rests its decision on the law of trespass.

Computer Fraud and Abuse Act

The first of these recent screen scraping decisions is that of the 1st Circuit in EF Cultural Travel BV v. Zefer Corp., 318 F.3d 58 (1st Cir. Jan. 28, 2003) (EF II). The court's earlier treatment of the subject appears in the related case, EF Cultural Travel BV v. Explorica Inc., 274 F.3d 577 (1st Cir., Dec. 17, 2001) or EF I, as discussed below.

The facts underlying both EF cases involve a dispute between EF Cultural Travel and defendant Explorica Inc., competitors in the student travel industry. Importantly, Explorica was founded by several of EF's former employees. Explorica contracted with the Zefer Corp. to design and code a software program that would scrape EF's pricing information from the EF Web site and download it into an automated spreadsheet. Based on this information, Explorica set off to compete with EF by setting its own prices, on average, 5% lower. Altogether, Zefer ran the scraper twice (making up more than 30,000 interrogations of the EF Web site), to collect 2000 and 2001 tour prices, collecting approximately 60,000 lines of data.

EF sued Zefer and Explorica in federal court, seeking a preliminary injunction on the grounds of copyright infringement and under the CFAA. The District Court refused to grant summary judgment on the copyright claim, but issued a preliminary injunction on the basis of the CFAA, because the scraper software exceeded the “reasonable expectations” of authorized access of ordinary users of the EF Web site.

The District Court reasoned that the scraping activities exceeded the defendants' authorized use of the EF Web site because “access was facilitated by use of confidential information (about certain codes used on the EF Web site that would permit the screen scraper to function more effectively) obtained in violation of the broad confidentiality agreement signed by EF's former employees.” Specifically, the District Court relied on 18 U.S.C. '1030(a)(4), which provides:

Whoever … knowingly and with intent to defraud, accesses a protected computer without authorization or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5000 in any 1-year period … shall be punished as provided [below].

“Exceeds authorized access,” as defined by the CFAA, means “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accessing party is not entitled so to obtain or alter.” 18 U.S.C. ?1030(e)(6). The District Court concluded that a lack of authorization need not be explicit and observed that EF's Web site included not fewer than three warnings that should have put the defendants on notice about reasonable use of the EF Web site ' the copyright notice on the EF home page with a link provided to permit contacting the company with user questions; the provision of confidential codes by Explorica to Zefer; and the fact that the Web site functioned to permit typical users to display the information one page at a time.

On appeal, the 1st Circuit, in its first decision in the case (274 F.3d 577, EF I) addressed only the preliminary injunction as it applied to Explorica. (Zefer was by then in bankruptcy proceedings, and its appeal was automatically stayed.) The court relied on the broad confidentiality agreement between the former EF employees who now operated Explorica to conclude that their breach of the agreement exceeded “authorized access.”

Furthermore, the court rejected Explorica's contention that EF should not be permitted to sustain its private cause of action because EF could not demonstrate that Explorica's actions had caused the “damage or loss” required by the CFAA.

The court agreed that EF could not meet the CFAA's standard for “damage,” ie, “impairment to the integrity or availability of data, a program, a system or information that … causes loss aggregating at least $5,000 in value during any one year period to one or more individuals.” 18 U.S.C. '1030(e)(8). However, the court concluded that EF had sustained possibly compensable “losses.”

Although “loss” is not defined by the statute, the court noted that a reasonable definition of “loss” could include lost business, loss of good will, and the cost of diagnostic and remedial measures taken by EF after it discovered the scraping. The court held that “[EF] unquestionably suffered a detriment and a disadvantage. … Congress' use of the disjunctive 'damage or loss,' confirms that it anticipated recovery in cases involving other than purely physical damage.”

The appeals court in EF I concluded that EF would likely succeed on the merits on its CFAA claim and upheld the District Court's injunction. The court did not, however, address related arguments concerning whether mere use of scraper software constituted unauthorized access under the statute.

Upon lifting of the automatic stay resulting from its bankruptcy proceedings, Zefer appealed the validity of the injunction as applied to it. The 1st Circuit, after reviewing the findings of its earlier decision, noted that the evidence before it concerning Zefer's knowledge of the confidential nature of the information provided by Explorica was inconclusive and that, in any event, the same information could have been obtained by Zefer through a manual examination of the EF Web site. The court focused once more on whether the use of the scraper software had exceeded authorized access under the CFAA.

Yet the court rejected the District Court's “reasonable expectations” standard for determining what conduct constituted “unauthorized access” under the CFAA where no express limits on access exist. Instead, the court observed, “[W]e think that the public Web site provider can easily spell out explicitly what is forbidden and, consonantly, that nothing justifies putting users at the mercy of a highly imprecise, litigation-spawning standard like 'reasonable expectations.' If EF wants to ban scrapers, let it say so.”

The court concluded with some cogent advice for Web site operators: “[W]ith rare exceptions, public Web site providers ought to say just what non-password protected access they purport to forbid.” The opinion strongly suggests, although it does not hold, that a clear statement by a Web site provider that scraping is unauthorized will give rise to a cause of action under the CFAA.

Trespass

In contrast with the approach taken by the 1st Circuit in the EF decisions, a recent Texas court relied on a finding of trespass in issuing a temporary injunction against screen scraping by a commercial party. Like the 1st Circuit, the Texas court focused on the existence of Web site terms and conditions, but in this case prohibited such use.

In American Airlines Inc. v. Farechase Inc., No. 167-194022-02 (67th District Court, Texas, March 8, 2003), the court issued a temporary injunction against Farechase, prohibiting it from the sale or distribution of its Web automation software. The software, also a type of screen scraper, was designed to access American Airlines' Web site and automatically seek out and aggregate American Airlines' flight, seat availability and pricing information, including fares available only through AA.com and not generally available for commercial purposes. Farechase had marketed the software to commercial users, travel distribution centers, and travel agents.

American Airlines repeatedly notified Farechase to cease and desist from scraping AA.com and distributing software designed to access and scrape data from AA.com. In response, rather than ceasing its scraping activities, Farechase revised its software to include a “masking” feature that permitted the software to disguise itself to prevent detection by American Airlines.

American Airlines argued that Farechase violated AA.com's terms of services by accessing the fare and flight information for commercial purposes, thus, as the court noted, “frustrating American's objectives and efforts in developing and maintaining AA.com.” The court classified Farechase's actions as “intentional,” “without authorization” and interfering with the airline's possessory interest in its computer system.

The court concluded, “Farechase's conduct intermeddles with and interferes with American's personal property. Such conduct constitutes a trespass” that substantially interfered with the airline's “efforts to reduce the cost of distribution of its airline tickets.”

In its decision, the court held that Farechase's actions had directly harmed American Airlines, causing it to endure losses with respect to the capacity and operation of its computer systems, lost or reduced customer good will and lost opportunities for gaining and increasing customer good will through the reduced fares available via the AA.com site. In addition, the court found that Farechase's scraping activities increased American Airlines' expenses and “adversely affect[ed] and harm[ed] American and the condition, quality and value of American's property.” Finally, the court observed, Farechase had announced plans for wider distribution of the software, which the court said “imminently threatens to adversely impact and harm the performance of AA.com and to place additional burdens on American's Web site infrastructure.” Based on its findings, the court enjoined Farechase from its scraping activities.

Sufficient Notice

Although these are early scraping decisions, and the theories of liability are not uniform, it is difficult to ignore a pattern emerging that the courts are prepared to protect proprietary content on commercial Web sites from uses which are undesirable to the owners of such sites. The degree of protection for such content is not settled, however, and will depend on the type of access made by the scraper, the amount of information accessed and copied, the degree to which the access adversely affects the Web site owner's system and the types and manner of prohibitions on such conduct.

While the law in this area becomes more settled, entities contemplating using scraping programs to access a public Web site should consider whether such action is authorized by reviewing the terms of use and other terms or notices posted on or made available through the site. Owners of Web sites should consider adding or revising appropriate terms of use to their sites while clearly specifying how their Web site content can be displayed, accessed and used by site visitors, as well as any prohibitions on such access and use.

Yet it is important to note that merely adding prohibitive language to a Web site's terms of use in and of itself may be insufficient. See Specht v. Netscape Communications Corp. Inc., 306 F.3d 17 (2nd Cir. Oct. 1, 2002) (the U.S. Court of Appeals for the 2nd Circuit refused to enforce an arbitration provision inserted in the end user license agreement for a free software plug-in.) As such, merely providing access to the terms of use may not provide sufficient notice to users to be binding upon them. Therefore, it would be prudent for Web site owners wanting to bind its users to terms of use to require assent either by use of a click wrap requiring a click-through of an “I Agree” button or by other means to ensure that the terms of use and modifications to such terms are available to the user prior to use, and are conspicuously placed on the site.

Kenneth A. Adler Donald R. Ballman

The courts continue to wrestle with how to map existing law onto the shifting terrain of computer technology. And it appears that new controversies are arising faster than judicial consensus can form. One of the latest controversies surrounds “screen scraping,” a process by which a software program simulates a user's interaction with a Web site to access information stored on that site. A screen scraper not only can enter the information a human user would, but also can capture the Web site's replies. This facility may include the ability to extract substantial portions of data stored on the site ' and therein lies the beginning of the controversy.

Many users welcome scrapers. Scrapers can permit a user to enter certain information once, such as user names and passwords. With the push of a button, the scraper software is sent off to access various third-party Web sites to which the user subscribes, automatically input the appropriate information, and retrieve the desired information from these sites. This relieves the user from having to endure the tedium of individually accessing each Web site and manually and serially entering in repetitive information.

Controversy arises, however, when commercial entities use scraping software to collect substantial amounts of information from their competitors' Web sites, even when the information is provided to the public and is readily obtainable by manual means by individual inquiry. Several courts have addressed a company's use of such related technologies as “spiders,” “robots,” and “Web crawlers” to gather information from a competitor's Web site.

Notably, many of these decisions have relied upon the law of trespass in determining whether such access is actionable. Compare, eg, Ticketmaster Corp. v. Tickets.Com Inc., 2000 U.S. Dist. LEXIS 12987, (C.D.Calif. Aug. 10, 2000), aff'd 248 F.3d 1173 (9th Cir. 2001) (finding that a trespass claim based upon Web crawling had “some merit” but not enough to justify the issuance of a preliminary injunction), with eBay Inc. v. Bidder's Edge Inc. , 100 F. Supp.2d 1058 (N.D. Calif. 2000) (finding that a Web crawler's generation of 80,000 to 100,000 requests a day to a Web site constituted a trespass to chattels) and Oyster Software v. Forms Processing, 2001 U.S. Dist. LEXIS 22520 (N.D. Calif. Dec. 6, 2001) (although Web crawlers placed only a “negligible” load on a Web site's servers, no more than mere “use” of a plaintiff's computer system was necessary to establish a trespass claim).

Two recent decisions, one in the U.S. Court of Appeals for the 1st Circuit and another in a trial court in Texas, squarely address claims against screen scraping activity. Yet the issue is presented under different legal theories in each case. The 1st Circuit analyzes screen scraping under the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. '1030 (2000), while the Texas court, like those in the cases cited above, rests its decision on the law of trespass.

Computer Fraud and Abuse Act

The first of these recent screen scraping decisions is that of the 1st Circuit in EF Cultural Travel BV v. Zefer Corp. , 318 F.3d 58 (1st Cir. Jan. 28, 2003) (EF II). The court's earlier treatment of the subject appears in the related case, EF Cultural Travel BV v. Explorica Inc. , 274 F.3d 577 (1st Cir., Dec. 17, 2001) or EF I, as discussed below.