• by Wendy Davis  @wendyndavis, November 7, 2022

A federal judge has handed down a mixed ruling in a long-running battle between LinkedIn and hiQ Labs, a defunct analytics company that scraped users' profiles. 

In a decision made public late Friday, U.S. District Court Judge Edward Chen in the Northern District of California said hiQ violated LinkedIn's terms of service by scraping its site, but also said LinkedIn may have waived its legal claim by waiting too long to take action.

“There is a genuine dispute of material fact as to whether LinkedIn knew about hiQ’s scraping and use of scraped data as early as October 2014,” Chen wrote. “If it did, a reasonable jury could find that LinkedIn relinquished its enforcement against hiQ’s scraping through its conduct -- aside from generally deploying anti-scraping technology against all scrapers, it did not take steps to legally enforce against known scraping by hiQ for years.”

The ruling means that unless the companies settle, a jury will decide whether to award LinkedIn judgment -- and potential monetary damages -- on its claim against hiQ for scraping. 

Another portion of the ruling was unequivocally favorable for LinkedIn: Chen sad hiQ violated LinkedIn's terms of service by hiring contractors to create fake profiles, and awarded LinkedIn summary judgment on that claim.

The legal fight between the two companies began in 2017, when LinkedIn demanded that hiQ stop using automated tools to gather data about users, and instituted technical blocks that aimed to prevent access by hiQ.

Among other arguments, LinkedIn said in its cease-and-desist letter to hiQ that its scraping violated the Computer Fraud and Abuse Act -- an anti-hacking law that prohibits companies from accessing servers without authorization.

After receiving the cease-and-desist letter, hiQ sued the social platform for allegedly acting anti-competitively. hiQ also sought a declaratory judgment that it wasn't violating the Computer Fraud and Abuse Act, and asked for an injunction requiring LinkedIn to stop blocking IP addresses used by hiQ.

hiQ said LinkedIn's attempt to prevent the data-gathering posed a risk to hiQ's business, which involved collecting information about users from LinkedIn's publicly available pages, analyzing the data to determine which employees were at risk of being poached, and selling the findings to employers.

LinkedIn countered both that it has the right to control its servers, and that hiQ was disregarding LinkedIn's terms of service as well as users' privacy.

Specifically, the social networking service said more than 50 million people used its "do not broadcast" tool, which allows people to change their profiles without having other users notified about the revision.

Chen initially sided with hiQ and issued a preliminary injunction that required LinkedIn to withdraw its cease-and-desist letter and to stop trying to prevent hiQ from accessing the site. (It recently emerged that hiQ went dormant years ago; after Chen learned the company was no longer operating, he lifted his earlier injunction.)

When Chen issued the injunction, he said hiQ faced the prospect of irreparable harm if it couldn't access users' publicly available profile data.

LinkedIn appealed the injunction to the 9th Circuit Court of Appeals, which upheld Chen's order on the grounds that hiQ's scraping probably didn't violate the Computer Fraud and Abuse Act because LinkedIn profiles aren't password-protected.

Chen's new ruling leaves open the question of hiQ's scraping violated the Computer Fraud and Abuse Act.

The decision was initially entered under seal on October 27. The following day, hiQ and LinkedIn held a settlement conference, according to court records.

It's not yet clear whether they intend to proceed to trial.

Earlier in the proceedings, outside advocacy groups weighed in on different sides of the dispute.

The watchdog Electronic Privacy Information Center sided with LinkedIn, arguing in a friend-of-the-court brief that users didn't necessarily know their data would be acquired and used in material that was sold to employers.

But the digital rights group Electronic Frontier Foundation sided with hiQ, arguing in a friend-of-the-court brief that the criminal anti-hacking law was never intended to cover scraping data from public sites.