This article was written by John Swinson, Karen Litherland, Kai Nash and Linus Schibler.
A recent decision in the United States has cast light on the legality of screen scraping and how Australian courts may interpret such conduct.
In hiQ Labs v LinkedIn Corp[1] (the hiQ Case), the Court considered, amongst other things, whether hiQ Labs' (hiQ) conduct of screen scraping data from public LinkedIn profiles amounted to unauthorised access under the US Computer and Fraud Abuse Act.
HiQ Labs is an analytics company that uses screen scraping to gather data available on the internet about company employees. The data that has been scraped is then analysed to consider the employee's "flight risk" – that is, the risk of the employee leaving the company. LinkedIn, a corporate online social networking platform, hosts millions of public profiles containing information about users' work history, achievements and work networks. Part of hiQ's business model is to scrape data from the public profiles of LinkedIn members to then provide businesses with a 'flight risk' analysis.
What is screen scraping?
Screen scraping is one of a variety of different methods of obtaining information from a website or database, typically by way of a computer program (such programs are often referred to as "bots", "webbots", "crawlers", "harvesters", or "spiders"). The term "screen scraping" is used where the scraper program extracts the key data which will appear on the end-users' screen display (i.e. ignoring sections of coding and merely seeking to extract plain text from a webpage).
The law surrounding screen scraping in Australia is relatively uncertain and divergent however the implementation of screen scraping by businesses is already fairly common. For example, a price comparison website may use screen scraping to copy the prices of TVs from electronic retailer websites and present them in a searchable list for interested customers.
Screen scraping raises a number of legal issues:
- Is it unauthorised access to a computer system, and therefore a computer crime?
- Is it breach of contract if the website terms of use prohibit screen scraping?
- Is it copyright infringement?
- Is it misleading conduct?
- Is it trespass on the computer system, the old tort of trespass to goods?
There has been widespread commentary by those on either side of the pro and anti-screen scraping debate and a push by some encouraging regulators to follow the international trend of clamping down on the activity. Others argue that the practice facilitates an increase in competition which is ultimately beneficial to consumers. The debate around screen scraping continues and will be an evolving space to watch in the coming months and years.
This article considers how screen scraping could be construed by Australian law in the context of the HiQ Case.
Illegality
In the hiQ Case, the Ninth Circuit appeals court found in favour of the screen scraper. The Court affirmed the District Court's decision to grant a preliminary injunction stopping LinkedIn from preventing hiQ from accessing publicly available LinkedIn profiles.
LinkedIn put forward a number of arguments in support of the injunction, the most notable being that hiQ's access of the information was unauthorised access under the US Computer and Fraud Abuse Act. This law makes it a crime to access a computer system without authorisation.
LinkedIn had sent hiQ a cease and desist letter requesting that hiQ stop scraping its data. LinkedIn argued that any access by hiQ after hiQ had received the letter was unauthorised. The Court upheld the decision of the District Court that in this instance - even though hiQ had received a cease and desist letter from LinkedIn, hiQ accessing the information on the LinkedIn member profiles was not unauthorised. The most relevant factor in this decision was that the LinkedIn users made their profiles public and were aware that their information would be accessible by anyone with an internet browser.
Australia has a similar form of cybercrime legislation which creates an offence to access a computer system without authority to do so.[2] While Australian courts are by no means bound by decisions of Courts in foreign jurisdictions, the hiQ Case may give some insight as to reasoning Australian Courts may follow when determining the meaning and scope of unauthorised access to a computer system in the context of screen scraping.
Breach of contract
Often, website terms of use or the user terms for an online service have prohibitions on copying data, and some explicitly prohibit users from screen scraping.
Screen scraping could amount to a breach of contract under Australian law if the relevant website's terms of use expressly prohibit the scraping of data for a commercial purpose. This issue has not been judicially considered in Australia.
The main issue here is whether there is a binding contract with the person who does the screen scraping.
There is a greater probability of a successful breach of contract claim in situations where the website user is required to expressly consent to the relevant terms and conditions of the website (i.e by clicking 'I Agree' before entering a particular website or when creating an account). This type of contract, known as a 'clickwrap contract' is likely to be enforceable in Australia.
Conversely, it is generally assumed that a 'browsewrap contract' (that is, where terms of use are available on a website but a user is not required to expressly accept those terms before access the website or relevant services) will not be enforceable in Australia.
There is further difficulty in establishing that a contract has been formed in the instance where no human is involved, and an automated robot bypasses the terms of use. Can a robot enter into a contract? US courts have found that the use of a 'robot' may be sufficient to impute constructive knowledge of terms of use in some circumstances.[3]
Copyright infringement
If copyright material is scraped from a website and substantially reproduced elsewhere without the permission of the copyright owner, it is likely that the copyright in the scraped material has been infringed.
Copyright protects the expression of ideas, but not facts or the ideas themselves. If what is scraped is merely a set of facts, will this be copyright infringement?
The key factors in successfully asserting a claim of copyright infringement in relation to screen scraping are:
- copyright must actually subsist in the material that has been scraped; and
- assuming copyright does subsist in that material, it must be substantially reproduced in material form without the permission of the copyright owner.
The position is stronger for the website owner in the circumstances where screen scraping pulls creative works such as images, long passages of text or video/audio data. For example, if hiQ was scraping and reproducing the content of articles posted by LinkedIn users, this would more likely amount to copyright infringement (but this is not what hiQ was doing).
Recent Australian case law has created a degree of uncertainty as to whether copyright subsists in a compilation of facts or a database of information.
Often, the purpose of screen scraping is to pull large amounts of data and information from websites (for example, pricing, location, availability, size etc). What may be scraped may be "facts" not protected by copyright.
To the extent copyright subsists in the scraped data as a dataset, where the scraper reorganises the scraped material in a substantially different way, there may not be copyright infringement.
Trade mark infringement, passing off or misleading and deceptive conduct
There is a risk of trade mark infringement, passing off or misleading and deceptive conduct if trade marks or branding are being scraped and reproduced. If the scraper uses the trade marks when producing the content that has been scraped there is a risk that the scraper creates a misleading or confusing connection between a trade mark owner's business and a scraper's website or service. This may give rise to a trade mark infringement or passing off claim, or an action for misleading and deceptive conduct under the Australian Consumer Law.
Trespass to goods
There is no Australian authority in relation to actions in trespass and screen scraping. Under Australian law, any direct, intentional and unauthorised interference with a good in the possession of another, no matter how slight, may constitute a trespass.
It has long been held that damage is not an absolute requirement for an action in trespass to succeed in Australia.[4] Australian courts might limit relief to situations where the act of trespass "interferes" with the rights of the owner, either by causing the server to slow down, by detrimentally impacting the relevant website, or by diminishing the value of the website in some material way. In particular, the tort might apply to situations where the interference is for an illegitimate commercial purpose, which could include screen scraping for commercial use. However, it is not clear whether Australian courts would limit relief to these circumstances.
At first instance, hiQ also requested that the District Court make a declaration that hiQ had not violated the common law of trespass to chattels.[5] The Court, again, found that it was not necessary to make this type of declaration for the purpose of granting an injunction and neither party argued the issue on appeal.
Conclusion
There have been a number of screen scraping lawsuits in the U.S. and Europe, but none reported in Australia.
One issue that may arise soon is when a third party scrapes the scrapers website. The original scraper claims that it is not doing anything wrong when collecting the data, but then tries to protect what it has scraped from other scrapers. This will raise interesting issues, particularly if the original scraper puts in place better legal protections than those of the sites it scrapes.
Another complexity is when the scraping takes place in an offshore jurisdiction such as the Philippines but the content that is scraped is a website in Australia. What is the appropriate law to apply – Australian law or Philippines law? This may be a crucial question if the law in the offshore jurisdiction allows scraping.
[1] hiQ Labs, Inc. v. LinkedIn Corp (2019) 938 F.3d 985.
[2] Cybercrime Act 2001 (Cth) which is incorporated into the Criminal Code Act 1995 (Cth) and state & territory legislations.
[3] Register.com Inc v Verio Inc (2004) 356 F. 3d 393.
[4] Penfolds Wines Pty Ltd v Elliot (1946) 74 CLR 204.
[5] hiQ Labs, Inc v LinkedIn Corporations (2017) 273 F.Supp 3d 1099