[co-author: Carina Arellano, Summer Associate]
This Legal Alert is a follow up to our June 3, 2021 Legal Alert, “Supreme Court Narrows Scope of the Computer Fraud and Abuse Act,” and provides an overview of relevant legal developments related to the topic as well as considerations for entities seeking to engage in web-scraping practices.
Computer Fraud and Abuse Act
The Computer Fraud and Abuse Act (“CFAA”) generally prohibits computer hacking and enumerates severe criminal penalties when an individual “intentionally accesses a computer without authorization or exceeds [his or her] authorized access.” The CFAA also includes a private right of action in which persons suffering “damage” or “loss” as a result of a CFAA violation can sue the violator for money damages and equitable relief.
Two recent high-profile cases concerning CFAA interpretation will affect the legality of web scraping for publicly available information. As a reminder, web scraping is the process of extracting data from a website or specific webpage.
Van Buren v. United States and “Exceeding Authorized Access”
On June 3, 2021, the U.S. Supreme Court ruled in Van Buren that an individual “exceeds authorized access” when such individual “accesses a computer with authorization but then obtains information located in particular areas of the computer—such as files, folders, or databases—that are off limits to [the individual].” In other words, the Court found that an individual may be liable under the CFAA on a “gates-up-and-down” approach. On the one hand, an individual may not be liable under the CFAA if they are authorized to access an entire computer system, (i.e. the gates are up), and access any portion(s) thereof. On the other hand, an individual may be liable under the CFAA if they are granted access only to a limited portion of a computer syste ..
Support the originator by clicking the read the rest link below.