CFAA and Breach of Contract Claims Dismissed in Website Data Scraping Suit
This past week, an Illinois district court dismissed, with leave to amend, claims relating to a competitor’s alleged scraping of sales listings from a company’s website for use on its own site. (Alan Ross Machinery Corp. v. Machinio Corp., No. 17-3569 (N.D. Ill. July 9, 2018)).
The court dismissed a federal Computer Fraud and Abuse Act (CFAA) claim that the defendant accessed the plaintiff’s servers “without authorization,” finding that the plaintiff failed to plead with specificity any damage or loss related to the scraping and did not allege that the unlawful access resulted in monetary damages of $5,000 or more as required to maintain a civil action under the CFAA. In the court’s view, the “mere copying of electronic information from a computer system is not enough to satisfy the CFAA’s damage requirement.” The court also dismissed plaintiff’s breach of contract claims, concluding that defendant did not have notice of the plaintiff’s website terms and conditions based upon an unenforceable browsewrap agreement.
In the case, the plaintiff Alan Ross Machinery Corp. (“Alan Ross” or “Plaintiff”) alleged that its competitor Machinio Corp. (“Machinio” or “Defendant”) scraped sales listings of industrial machines from the Alan Ross website and listed such data on the Machinio site. Prior to the suit, the parties discussed entering into an arrangement to post Alan Ross’s listings on Machinio’s site for sale, but did not reach an agreement. Thereafter, Alan Ross alleged that it “expressly demanded that Machinio not scrape Alan Ross’s website” (it is not clear from the opinion or pleadings whether this demand was oral or in writing, but according to plaintiff, the demand was not heeded).
The plaintiff brought several claims, including CFAA (for accessing its site without authorization in circumvention of technical barriers) and breach of contract (for scraping the plaintiff’s site contrary to the terms and conditions). The plaintiff also brought Lanham Act and state law claims, all of which were dismissed without prejudice, and which are beyond the scope of this blog post.
The court dismissed the CFAA claim because the complaint failed to allege the requisite damage or loss, as plaintiff merely asserted it “had been harmed” due to the defendant’s scraping and that Machinio “used valuable information” it had scraped from plaintiff’s site. The court did not examine whether defendant had allegedly scraped plaintiff’s site “without authorization” (e.g., Did plaintiff’s demand constitute a revocation of access? Did any prior discussions between the parties give defendant adequate notice that scraping was not permitted under the website terms?). Therefore, in evaluating the significance of this decision, it is important to realize that, at least with respect to the CFAA claim, the court’s short opinion did not delve into many of the “authorization” issues that are typically pertinent to such a claim. In fact, as acknowledged by the court in dismissing the complaint without prejudice, the outcome had more to do with inadequate pleading, which may or may not be fortified with the filing of an amended complaint.
The court also dismissed the plaintiff’s breach of contract claims, ruling that defendant did not have notice of the site’s terms and conditions as they were presented in a browsewrap agreement, whereby the website presented a hyperlink to the terms at the bottom of every page but did not require users to affirmatively assent to the terms by registering or otherwise checking a box or clicking an “I Agree” button. The court noted that browsewrap agreements are enforced with only when a consumer has actual or constructive knowledge of a website’s terms and conditions and manifested assent to them, which was not the case here. The court rejected plaintiff’s argument that defendant had constructive knowledge of the terms based on plaintiff’s demand not to scrape the site, concluding that such an argument still does not assert that the defendant had knowledge of the site’s terms restricting scraping activities. The court, citing district court decisions from 2014 and 2012, said that “hyperlinking the terms and conditions at the bottom of every page is insufficient to provide adequate constructive notice to create a contract based on a browsewrap agreement.” According to the court, “without allegations that Machinio had notice of their existence, the terms and conditions are not an enforceable agreement.” Given the early stage of the litigation, the outcome of the contract claim is somewhat surprising. At the least, in this case, there may be arguable issues about whether the defendant may have had constructive notice of the website terms that would warrant further discovery about the method and extent of defendant’s access instead of dismissal.
To the extent the court’s holding is viewed as sound, it suggests that as a general matter, website owners should generally not rely on browsewrap agreements to be enforced. This leaves website owners seeking effective protection in a difficult position, as creating a clickwrap-like scheme that compels users to accept the terms before viewing online content may not necessarily provide the most efficient user experience.
This is the latest in a series of cases that questions whether the CFAA is a means for challenging unwanted scraping. We still await the Ninth Circuit’s view of the issue to be expressed in the appellate decision in the hiQ appeal, which concerns the availability of the CFAA in an instance of data scraping of a public website.