CFAA Regulations
Web Scraping And CFAA
The Computer Fraud and Abuse Act (CFAA) was introduced back in 1986 as an anti-hacking measure that forbids unauthorized access to computers, which imposes a criminal penalty on “a party who intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer. ” CFAA-based claims are popular among data hosts because they provide for pressing criminal charges against scrapers.
In 2016 LinkedIn started sending cease-and-decease letters to hiQ Labs, the startup that was relying on data scraped from the popular social network to provide analysis of publicly available user profiles. Letters contained warnings that unauthorized access to a LinkedIn website was the violation of CFAA. Instead of ceasing its operations, the team of hiQ took LinkedIn’s accusations directly to court, claiming that the automated access of publicly available data isn’t a violation of the CFAA, while also asking the court to prohibit LinkedIn from “preventing hiQ’s access, copying, or use of public profiles on LinkedIn’s website (i.e., information that LinkedIn members have designated public).”
The court decided in favor of hiQ, allowing the company to scrape LinkedIn’s public, non-password protected data. In this article we won’t dig deeply into the ruling – you can view the full text here. It’s sufficient to note that although scraping in many cases breaks ToS of the scraped website, it’s not necessarily the violation of the Computer Fraud and Abuse Act.
“Since information on Google SERPs is also publicly available and non-password protected, IGLeads does not break CFAA by scraping it”
Although scraping is legal by itself, it’s possible for data hosts to mount legal defenses against scrapers, including CFAA and DMCA violation claims.
On the other hand, the outcomes of recent lawsuits filed against scrapers prove that there are a lot of grey areas in current legislation on this matter, and courts may stand in favor of open access to publicly available information (see Sanding v. Sessions ruling). And even though data hosts may prevail against scrapers in courts, it’s often against their interest to sue. For example, if it weren’t for crawling public websites and scraping data from them, Google probably wouldn’t even exist.
After all, we don’t violate CFAA or DMCA when scraping publicly available information from Google SERPs. You can rest assured: using IGLeads services is legal, it’s not the violation of the law. By the same token, you can’t break Google ToS by simply getting data through our APIs.
Disclaimer: This article does not constitute legal advice. You should seek the counsel of an attorney on your specific matter to comply with the laws in your jurisdiction.