A recent federal appellate decision that requires LinkedIn to allow its site to be scraped by analytics company hiQ Labs threatens users' privacy, the company argues in a petition filed Monday with the U.S. Supreme Court.
LinkedIn is asking the Supreme Court to intervene in a 3-year-old battle with hiQ -- an analytics company that gathers data from LinkedIn's publicly available pages, analyzes the information to determine which employees are at risk of being poached, and sells the findings to employers.
In May of 2017, LinkedIn demanded that hiQ stop scraping data.
LinkedIn contended that the scraping violates the Computer Fraud and Abuse Act -- a 1986 law that makes it illegal to access computer services without authorization.
LinkedIn sent a cease-and-desist letter to hiQ, prompting the analytics company to sue LinkedIn for allegedly acting anti-competitively. hiQ also sought a declaratory judgment that it wasn't violating the anti-hacking law, and asked for an injunction requiring LinkedIn to stop blocking hiQ.
LinkedIn countered that it has the right to control its servers, and that hiQ was disregarding LinkedIn users' privacy. The social networking service said more than 50 million people have used its "do not broadcast" tool, which enables users to change their profiles without having other users notified about the revision.
U.S. District Court Judge Edward Chen in the Northern District of California sided with hiQ and granted the company a preliminary injunction, ruling that its business could suffer irreparable harm if it couldn't access publicly available data.
LinkedIn appealed to the 9th Circuit, where the company argued it's entitled to protect the data on its servers, and that hiQ has no valid antitrust claim.
Last year, a three-judge panel of the 9th Circuit upheld the injunction, ruling that hiQ's scraping probably didn't violate the Computer Fraud and Abuse Act because LinkedIn profiles are not password-protected.
LinkedIn is now asking the Supreme Court to review that ruling.
Among other arguments, LinkedIn says companies like itself, which allow users to publicly post data, should be able to use the Computer Fraud and Abuse Act to prevent outside developers from drawing on that information.
“The decision below has extraordinary and adverse consequences for the privacy interests of the hundreds of millions of users of websites that make at least some user data publicly accessible,” LinkedIn writes. “Users do not expect, or consent to, the exploitation of their personal information in perpetuity by third parties that the users and the website owner did not authorize and whose interests are not aligned with the interests of the owners of that personal information.”
LinkedIn also notes that hiQ isn't the only scraper. Controversial facial recognition company Clearview AI reportedly built a faceprint database by scraping more than 3 billion photos from social media sites.
“Clearview has exploited that scraped data to support a powerful facial recognition technology that it has already licensed to more than 600 law enforcement agencies and offered to some private individuals and companies,” LinkedIn writes. “And Clearview will surely not be the last company to engage in such conduct.”
The dispute has already garnered attention from outside organizations. Last year, the digital rights group Electronic Frontier Foundation sided with hiQ, arguing in a friend-of-the-court brief that the criminal anti-hacking law was never intended to cover scraping data from public sites.
But advocacy group Electronic Privacy Information Center aligned itself with LinkedIn, arguing in a friend-of-the-court brief that users didn't necessarily know their data would be acquired and used in material that was sold to employers.