CFAA Claim Dismissed in Scraping Suit, While Contract Claim Survives
This month, an Illinois district court considered another in the series of web scraping disputes that have been working their way through our courts. In this dispute, CouponCabin, Inc. v. PriceTrace, LLC, No. 18-7525 (N.D. Ill. Apr. 11, 2019), CouponCabin alleged that a competitor, PriceTrace, scraped coupon codes from CouponCabin’s website without authorization and displayed them on its own website.
After discovering PriceTrace’s scraping activities, CouponCabin sent PriceTrace a cease and desist letter demanding that PriceTrace stop scraping data from CouponCabin’s website. CouponCabin alleged that PriceTrace continued to access and scrape data from CouponCabin’s website even after the C&D letter was sent. As a result, CouponCabin brought several causes of action against PriceTrace, including claims under the Computer Fraud and Abuse Act (CFAA), tortious interference and breach of contract.
The court found that CouponCabin’s C&D letter had revoked PriceTrace’s access to its site and that PriceTrace’s alleged continued access to the website plausibly stated a violation of the CFAA’s “unauthorized access” provision (18 U.S.C. §1030(a)(2)(C)). Ultimately, however, the court dismissed the CFAA claims with leave to amend, due to plaintiff’s failure to plead the requisite amount of damage or loss as required to maintain a civil action under the CFAA.
“CouponCabin is simply alleging that PriceTrace was able to circumvent CouponCabin’s website security, with no allegation that such evasion impairs or harm the website. Absent allegation of impairment, CouponCabin has merely alleged that PriceTrace accessed CouponCabin’s website without authorization.”
The plaintiff had more luck in its state law claims. The court allowed its tortious interference claims to proceed, as the court found plausible CouponCabin’s allegations that its coupon codes appearing on PriceTrace’s site could cause CouponCabin to earn less in commissions. The contract claim also survived dismissal. Under the terms of CouponCabin’s site, “harvesting” information is prohibited and PriceTrace allegedly violated such terms when it scraped the site without permission. A link to CouponCabin’s terms is located at the bottom of the page in a so-called browsewrap, where the terms provide that they are valid against any user of the site. Courts generally enforce browsewrap agreements when there is actual or constructive knowledge of the terms. See, e.g., DHI Group, Inc. v. Kent, No. 16-1670 (S.D. Tex. Oct. 26, 2017) (allegations that an entity knew or should have known about the browsewrap agreement in question because it uses a similar agreement on its own site).
Here, the court avoided the factual question of whether the terms were conspicuous or whether PriceTrace viewed the terms or otherwise acquiesced to the terms due to its usage of CouponCabin’s site. Instead, the court allowed the contract claim to go forward based on the allegation that PriceTrace received the C&D letter from CouponCabin that highlighted the terms yet still continued to access the site despite this knowledge.
The court’s holding suggests that, as a general matter, the ability to rely on the enforceability of browsewrap agreements is unsettled. This of course leaves website owners seeking to combat unwanted scraping in a difficult position, as creating a clickwrap process that compels users to accept the terms before viewing website content may not necessarily provide a favorable user experience, particularly for the type of e-commerce business operated by CouponCabin.
This is one in a series of cases that questions whether the CFAA is a viable means for challenging unwanted scraping (and the court may yet revisit the CFAA claim if the plaintiff files an amended complaint). We also anticipate some additional clarity of this important issue when the Ninth Circuit issues its appellate decision in the hiQ appeal, which concerns the availability of the CFAA in an instance of data scraping of a website.