Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

e-Commerce Law & StrategyLJN NewslettersNewsSections

Strategy Against Scrapers

By J.T. Westermeier
December 31, 2013

Today's leading case relating to the Computer Fraud and Abuse Act, 18 U.S.C. '1030 (CFAA) is United States v. Nosal, 676 F.3d 854 (9th Cir. 2012). In the Nosal case, the Ninth Circuit, in an en banc decision, expressed great concern over imposing criminal liability under the CFAA for violations of private computer use policies like website terms of use. The Ninth Circuit notes that if use restrictions are subject to criminal liability under the CFAA violations of those user policies could be transformed into criminal crimes simply because a computer is involved. As such, the Ninth Circuit believes the CFAA should be narrowly interpreted. Using this narrow interpretation regarding access restrictions, a district court in California found a CFAA violation in the Craigslist Inc. v. 3Taps Inc., 2013 WL 4447520 (N.D. Cal. Aug. 16, 2013); and Craigslist Inc. v. 3Taps Inc., 2013 WL 1819999 (N.D. Cal. April 30, 2013), cases.

Craigslist Ruling

Even with this requirement for the CFAA to be narrowly construed, a new strategy related to the CFAA has evolved based on this Craigslist Inc. v. 3Taps Inc. case. Id. In the Craigslist case, the district court determined that Craigslist could take action to stop 3Taps from scraping and copying content from Craigslist's publicly accessible website. These actions serve as the framework for this strategy against scrapers. 3Taps used scraping activities to copy all of the content from the Craigslist website.

Craigslist took two relevant steps to stop 3Taps' scraping activities. First, Craigslist sent a cease-and-desist letter to 3Taps, informing 3Taps “that this letter notifies you and your agents, employees, affiliates, and/or anyone acting on your behalf are no longer authorized to access, and are prohibited from accessing Craigslist's website or services for any reason.” The cease-and-desist letter was unambiguous. Craigslist specifically denied 3Taps authorization to access the Craigslist website for any purpose. Access to Craigslist's website was specifically prohibited for any purpose. In addition to the unequivocal cease-and-desist letter, Craigslist configured its website to block access from IP addresses associated with 3Taps. The ruling provides that 3Taps, notwithstanding the cease-and-desist letter and technological measures to bar 3Taps' access, bypassed these technological barriers by using different IP addresses and proxy servers to conceal its identity and continue scraping content from the Craigslist website.

In the Craigslist case, the district court held that where a user has been unambiguously notified that its access to a website is not authorized the user is therefore liable under the CFAA for accessing the Craigslist website without authorization.

Conclusion

Scrapers are a major concern to many content owners. The Craigslist case provides the framework for developing viable CFAA claims against scrapers using an unambiguous cease and desist letter to deny the scrapers with any authorization to access the content owner or licensee's website for any purpose. If you know the identity of companies or individuals that are scraping your website content, you should consider, among other strategies, including in your cease and desist letter to the scraper unequivocal access restrictions prohibiting any access to your website for any purpose whatsoever.

J. (“Jay”) T. Westermeier is Of Counsel to Finnegan, Henderson, Farabow, Garrett & Dunner LLP, in the firm's Reston, VA, office. A member of this newsletter's Board of Editors, he is past president of the International Technology Law Association (ITech Law) (formerly known as the Computer Law Association), a Life Fellow of the American Bar Foundation, 2001 Burton Award recipient. He can be reached at [email protected].

Today's leading case relating to the Computer Fraud and Abuse Act, 18 U.S.C. '1030 (CFAA) is United States v. Nosal, 676 F.3d 854 (9th Cir. 2012). In the Nosal case, the Ninth Circuit, in an en banc decision, expressed great concern over imposing criminal liability under the CFAA for violations of private computer use policies like website terms of use. The Ninth Circuit notes that if use restrictions are subject to criminal liability under the CFAA violations of those user policies could be transformed into criminal crimes simply because a computer is involved. As such, the Ninth Circuit believes the CFAA should be narrowly interpreted. Using this narrow interpretation regarding access restrictions, a district court in California found a CFAA violation in the Craigslist Inc. v. 3Taps Inc., 2013 WL 4447520 (N.D. Cal. Aug. 16, 2013); and Craigslist Inc. v. 3Taps Inc., 2013 WL 1819999 (N.D. Cal. April 30, 2013), cases.

Craigslist Ruling

Even with this requirement for the CFAA to be narrowly construed, a new strategy related to the CFAA has evolved based on this Craigslist Inc. v. 3Taps Inc. case. Id. In the Craigslist case, the district court determined that Craigslist could take action to stop 3Taps from scraping and copying content from Craigslist's publicly accessible website. These actions serve as the framework for this strategy against scrapers. 3Taps used scraping activities to copy all of the content from the Craigslist website.

Craigslist took two relevant steps to stop 3Taps' scraping activities. First, Craigslist sent a cease-and-desist letter to 3Taps, informing 3Taps “that this letter notifies you and your agents, employees, affiliates, and/or anyone acting on your behalf are no longer authorized to access, and are prohibited from accessing Craigslist's website or services for any reason.” The cease-and-desist letter was unambiguous. Craigslist specifically denied 3Taps authorization to access the Craigslist website for any purpose. Access to Craigslist's website was specifically prohibited for any purpose. In addition to the unequivocal cease-and-desist letter, Craigslist configured its website to block access from IP addresses associated with 3Taps. The ruling provides that 3Taps, notwithstanding the cease-and-desist letter and technological measures to bar 3Taps' access, bypassed these technological barriers by using different IP addresses and proxy servers to conceal its identity and continue scraping content from the Craigslist website.

In the Craigslist case, the district court held that where a user has been unambiguously notified that its access to a website is not authorized the user is therefore liable under the CFAA for accessing the Craigslist website without authorization.

Conclusion

Scrapers are a major concern to many content owners. The Craigslist case provides the framework for developing viable CFAA claims against scrapers using an unambiguous cease and desist letter to deny the scrapers with any authorization to access the content owner or licensee's website for any purpose. If you know the identity of companies or individuals that are scraping your website content, you should consider, among other strategies, including in your cease and desist letter to the scraper unequivocal access restrictions prohibiting any access to your website for any purpose whatsoever.

J. (“Jay”) T. Westermeier is Of Counsel to Finnegan, Henderson, Farabow, Garrett & Dunner LLP, in the firm's Reston, VA, office. A member of this newsletter's Board of Editors, he is past president of the International Technology Law Association (ITech Law) (formerly known as the Computer Law Association), a Life Fellow of the American Bar Foundation, 2001 Burton Award recipient. He can be reached at [email protected].

Read These Next
COVID-19 and Lease Negotiations: Early Termination Provisions Image

During the COVID-19 pandemic, some tenants were able to negotiate termination agreements with their landlords. But even though a landlord may agree to terminate a lease to regain control of a defaulting tenant's space without costly and lengthy litigation, typically a defaulting tenant that otherwise has no contractual right to terminate its lease will be in a much weaker bargaining position with respect to the conditions for termination.

How Secure Is the AI System Your Law Firm Is Using? Image

What Law Firms Need to Know Before Trusting AI Systems with Confidential Information In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.

Pleading Importation: ITC Decisions Highlight Need for Adequate Evidentiary Support Image

The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.

Authentic Communications Today Increase Success for Value-Driven Clients Image

As the relationship between in-house and outside counsel continues to evolve, lawyers must continue to foster a client-first mindset, offer business-focused solutions, and embrace technology that helps deliver work faster and more efficiently.

The Power of Your Inner Circle: Turning Friends and Social Contacts Into Business Allies Image

Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.