Analytics company hiQ Labs is urging the Supreme Court to avoid intervening in a battle over data with social networking service LinkedIn.
In papers filed Thursday, hiQ argues that the 9th Circuit Court of Appeals correctly decided that LinkedIn couldn't draw on a federal anti-hacking law to prevent its publicly available web pages from being scraped for data.
“The unanimous decision of the court of appeals ... reflects a commonsense and correct application of the Computer Fraud and Abuse Act,” hiQ writes.
The dispute between the two companies dates to May of 2017, when the Microsoft-owned LinkedIn demanded that hiQ stop scraping data for its analytics business.
hiQ gathers data from LinkedIn's publicly available pages, analyzes the information to determine which employees are at risk of being poached, and sells the findings to employers.
LinkedIn contended that the scraping violates the Computer Fraud and Abuse Act -- a 1986 law that makes it illegal to access computer services without authorization.
LinkedIn sent a cease-and-desist letter to hiQ, following which the analytics company sued LinkedIn for allegedly acting anti-competitively.
hiQ also sought a declaratory judgment that it wasn't violating the anti-hacking law, and asked for an injunction requiring LinkedIn to stop blocking hiQ.
LinkedIn countered that it has the right to control its servers, and that hiQ was disregarding LinkedIn users' privacy.
The social networking service said more than 50 million people have used its "do not broadcast" tool, which enables users to change their profiles without having other users notified about the revision.
U.S. District Court Judge Edward Chen in the Northern District of California sided with hiQ and granted the company a preliminary injunction, ruling that its business could suffer irreparable harm if it couldn't access publicly available data.
LinkedIn appealed to the 9th Circuit, which upheld the injunction. That court said hiQ's scraping probably didn't violate the Computer Fraud and Abuse Act because LinkedIn profiles aren't password-protected.
LinkedIn recently asked the Supreme Court to review that ruling. Among other arguments, LinkedIn says companies that allow users to publicly post data should be able to use the Computer Fraud and Abuse Act to prevent outside developers from drawing on that information.
“The decision below has extraordinary and adverse consequences for the privacy interests of the hundreds of millions of users of websites that make at least some user data publicly accessible,” LinkedIn wrote in its request for review. “Users do not expect, or consent to, the exploitation of their personal information in perpetuity by third parties that the users and the website owner did not authorize and whose interests are not aligned with the interests of the owners of that personal information.”
But hiQ argues that the data about users it collects is already public.
“All of the information hiQ gathers is publicly available, and LinkedIn’s users have chosen to make it so,” the company writes.
The analytics company also argues that LinkedIn is interpreting the anti-hacking law in a way that violates the First Amendment.
“The First Amendment protects access to information,” hiQ writes. “LinkedIn not only seeks to prohibit hiQ outright from engaging in the protected activity of gathering publicly available information but also seeks to wield the [Computer Fraud and Abuse Act] as a tool to chill use of the information.”
hiQ adds that questions surrounding the privacy of data that people post online should be left to Congress.
“Data privacy in the age of the Internet -- even if relevant here -- presents a complex issue that requires balancing various interests, such as the use of publicly available data to promote academic research, and is therefore better suited for the legislative branch to address as needed,” hiQ argues.
The dispute between the companies has drawn significant attention from outside organizations. Last year, the digital rights group Electronic Frontier Foundation sided with hiQ, arguing in a friend-of-the-court brief that the criminal anti-hacking law was never intended to cover scraping data from public sites.
But advocacy group Electronic Privacy Information Center weighed in on behalf of LinkedIn, arguing in a friend-of-the-court brief that users didn't necessarily know their data would be acquired and used in material that was sold to employers.