• by Wendy Davis  @wendyndavis, October 10, 2017

The Supreme Court on Tuesday refused to review a ruling that Power Ventures, a defunct aggregation service, violated a federal hacking law by scraping Facebook's site.

The court did not provide a reason for its move, which let stand a decision issued last year by the 9th Circuit Court of Appeals. The lower court said in its ruling that Power violated the Computer Fraud and Abuse Act by accessing Facebook after receiving a cease-and-desist letter. The anti-hacking law, which provides for private lawsuits as well as criminal penalties, prohibits people from accessing computers without authorization.

The battle between the companies dates to 2008, when Power was trying to grow a service that enabled people to use a single portal to log in to a variety of social networking companies -- including MySpace, LinkedIn, Twitter and Facebook. To accomplish this, Power asked users to provide log-in information for their social networking sites and then imported people's information.

In late 2008, Facebook sent a letter to Power demanding that it stop accessing the site. Power allegedly refused to comply with Facebook's demand. Instead, the company allegedly continued to draw on the passwords that users had provided in order to access their information.

Facebook accused Power of violating the Computer Fraud and Abuse Act. Power -- along with an array of digital rights groups -- countered that it didn't violate the anti-hacking law, because users voluntarily provided their log-in credentials.

A three-judge panel of the 9th Circuit said that Power violated the hacking law because it knew it wasn't authorized to access Facebook's computers after receiving the cease-and-desist letter.

Some of the same issues have come up in a recent battle between LinkedIn and HiQ, a startup that scrapes LinkedIn's publicly available pages, analyzes the information to determine which employees are at risk of being poached, and then sells its conclusions to employers.

LinkedIn contends that HiQ's scraping violates the Computer Fraud and Abuse Act. LinkedIn, owned by Microsoft, also implemented technical measures aimed at blocking HiQ.

HiQ then sued LinkedIn for allegedly acting anti-competitively. HiQ sought a declaratory judgment that it wasn't violating the anti-hacking law, and asked for an injunction requiring LinkedIn to stop blocking HiQ.

U.S. District Court Judge Edward Chen in the Northern District of California sided with HiQ. He granted the startup an injunction on the grounds that HiQ's business could suffer "irreparable harm" if prevented from accessing publicly available information about LinkedIn's members.

LinkedIn is now appealing that order.

The LinkedIn-HiQ dispute, like the one between Facebook and Power, centers on whether companies that access a site after receiving a demand to stop doing so violate a hacking law.

But the cases differ in at least one significant respect, according to internet law expert Venkat Balasubramani: The LinkedIn material isn't password protected. "The big difference is that Power Ventures involves password sharing and the material was behind a password," he says. "The question was whether users can delegate to third parties the ability to access the material."

HiQ is expected to submit its arguments to the 9th Circuit by the end of the month.