INTELLECTUAL PROPERTY LAW: The Legal Battle over Social Data Extraction Tools

Vol. 29 No. 6

By

Jonathan H. Blavin (jonathan.blavin@mto.com) is a partner at the law firm of Munger, Tolles & Olson LLP in San Francisco, California. His practice focuses on intellectual property and antitrust issues.

 

This article provides an overview of the various legal issues relating to data extraction tools, which are at the center of the increasingly competitive social networking market.

Common law trespass to chattels. One of the first and most prominent cases was eBay, Inc. v. Bidder’s Edge, Inc., 100 F. Supp. 2d 1058 (N.D. Cal. 2000). Bidder’s Edge was an auction aggregation site that used an automatic crawling tool that searched various auction websites and “scraped” information from these sites. Bidder’s Edge accessed the eBay site approximately 100,000 times a day, and the effect of the robots over time was to “consume the processing and storage resources” of eBay’s system.

The court held that Bidder’s Edge’s use was unauthorized and intentional, as Bidder’s Edge had violated eBay’s terms of use and ignored its requests to stop using its crawlers. With respect to the damage requirement, the court found most persuasive that denying an injunction “would likely encourage other auction aggregators to crawl the eBay site, potentially to the point of denying effective access to eBay’s customers.”

The California Supreme Court in Intel Corp. v. Hamidi, 71 P.3d 296 (Cal. 2003), narrowed the potential scope of the eBay decision. The court held that a former Intel employee’s e-mails to current Intel employees, despite requests by Intel to stop sending messages, did not constitute a trespass of Intel’s e-mail system. The court rejected the suggestion of the eBay decision that unauthorized use of another’s chattel is actionable even without any present showing of injury. Under the reasoning of Hamidi, a social networking site plaintiff would need to establish that a data extraction tool caused an actual, non–de minimis impairment to its physical property or a legal interest in that property, diminishing its quality or value.

Unauthorized computer access statutory violations. The Computer Fraud and Abuse Act (CFAA) prohibits “accessing a computer without authorization or exceeding authorized access” and thereby obtaining “information.” Section 502 of the California Comprehensive Computer Data Access and Fraud Act is closely analogous, prohibiting access to computer systems “without permission.” Both the CFAA and Section 502 make statutory violations a criminal act with criminal penalties. A central issue in cases involving the CFAA and Section 502 is whether a data extraction tool’s violation of the terms of use of a website alone is sufficient to render access to the site “unauthorized” or “without permission” to give rise to a cause of action.

In Facebook, Inc. v. ConnectU LLC, 489 F. Supp. 2d 1087 (N.D. Cal. 2007), Facebook sued a competing social networking site that accessed Facebook to collect “millions” of e-mail addresses of Facebook users, and then used those e-mail addresses to solicit for itself. The court held that ConnectU was subject to and allegedly violated Facebook’s terms of use and that such conduct would constitute access to Facebook “without permission” within the meaning of Section 502.

In Facebook, Inc. v. Power Ventures, Inc., No. C 08-05780 JW, 2010 WL 3291750 (N.D. Cal. July 20, 2010), the court disagreed with the ConnectU court on this point. Here, Facebook sued Power.com, a website designed to integrate various social networking or e-mail accounts into a single portal. The site also asked Facebook users to select which of their friends should receive a Power.com invitation and sent those friends unsolicited e-mails to join Power.com that purportedly came from “Facebook” and used a “@facebookmail.com” address. The court rejected on constitutional vagueness grounds the holding of ConnectU that the mere violation of the Facebook terms of use constituted access “without permission.” In determining where to draw the liability line, the Power Ventures court held that a “distinction can be made between access that violates a term of use and access that circumvents technical or code-based barriers that a computer network or web site administrator erects to restrict the user’s privileges within the system, or to bar the user from the system altogether”; unlike the former, the latter may “subject a user to liability under Section 502.”

In the CFAA context, the courts are likewise split on the issue.

CAN-SPAM Act. To state a claim under the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act), a party must allege that the defendant sent e-mails containing “materially false or materially misleading” header information. The statute defines false or materially misleading headers to include “information that is technically accurate but includes an originating electronic mail address, domain name, or Internet Protocol address the access to which for purposes of initiating the message was obtained by means of false or fraudulent pretenses representations.”

In the ConnectU case, the court dismissed Facebook’s CAN-SPAM claim, noting that even if there was “deception in connection with the manner in which ConnectU gathered the destination email addresses,” there was “nothing in the complaint suggesting that emails subsequently sent to those addresses included headers that were misleading or false as to the source from which they originated, or in any other manner.” By contrast, in Power Ventures, the court granted summary judgment for Facebook on its CAN-SPAM claim, holding that although the defendants were the “initiators” of the e-mail messages, their software program “caused Facebook servers to automatically send the e-mails,” which contained an “@facebookmail.com” address. Thus, as the header information did “not accurately identify the party that actually initiated the e-mail within the meaning of the Act,“ the header information was “materially misleading as to who initiated the e-mail.”

Copyright infringement. Data extraction tools also potentially raise copyright infringement issues. As the court made clear in Power Ventures, “Facebook does not have a copyright on user content, which ultimately is the information that Defendants’ software seeks to extract.” Nonetheless, the court held that Facebook had adequately pled a claim for copyright infringement because Power.com had made an unauthorized “cache” copy of the Facebook website into a computer’s RAM, which as a collection of noncopyrighted material arranged in an original way was subject to copyright protection.

Although users who access Facebook’s website necessarily make a temporary cache copy of the site into their computers’ RAM, they do so with authorization. By contrast, when the Power.com extraction tool accessed the Facebook website, it violated the Facebook terms of use, and thus the complaint had “sufficiently alleged unauthorized access” resulting in unauthorized cache copies.

DMCA. Section 1201(a) of the Digital Millennium Copyright Act (DMCA) prohibits “circumvention” or trafficking in tools that “circumvent” a “technological measure that effectively controls access to a work protected” under the Copyright Act. Section 1201(b) prohibits trafficking in technology that circumvents a technological measure that “effectively protects” a copyright owner’s right.

To the extent social data extraction tools circumvent technological measures protecting against unauthorized access to copyright content, both the traffickers and users of such tools may be liable under the DMCA as well. In Power Ventures, the court held that Facebook had adequately alleged a DMCA claim given that the Facebook terms of use bar the use of “automated programs to access the Facebook website,” which was subject to copyright protection.

 

ABA Intellectual Property Law Section

This article is an abridged and edited version of one that originally appeared on page 12 of Landslide®, May/June 2012, (4:5).
For more information or to obtain a copy of the periodical in which the full article appears, please call the ABA Service Center at 800/285-2221.
Website: www.americanbar.org/iplaw.
Periodicals: Landslide® magazine, published six times annually (both in print and online); eNews, timely Section developments sent monthly; The Legislative Newsletter by ABA-IPL’s Washington, D.C., legislative consultant.
CLE and Other Programs: 28th Annual Intellectual Property Law Conference; multiple CLE webinar/teleconferences throughout the year.
Books and Other Recent Publications: ANDA Litigation: Strategies and Tactics for Pharmaceutical Patent Litigators; Trademark and Deceptive Advertising Surveys; A Legal Strategist’s Guide to Trademark Trial and Appeal Board Practice, 2d ed.; Music & Copyright in America; Starting an IP Law Practice.

 

 

 

 

 

 

 

 

 

 

Advertisement

  • About GPSolo magazine

  • Subscriptions

  • More Information

  • Contact Us