[VIP] Let’s Chat About hiQ Labs v. LinkedIn

It’s good to be home and be able to write and think out loud on issues that might impact the industry. It’s doubly good to be able to do it with the best audience out of the most informed readership in the industry.

I’m actually a bit surprised that others who are far more tech-focused than I tend to be haven’t already started talking about this. But maybe there’s another CRM to be reviewed, or some brokerage technology initiative that will come to nothing to promote. Nonetheless, we need to talk about hiQ Labs v. LinkedIn, the Ninth Circuit Court of Appeals decision that was just handed down.

That this will have an impact on real estate is a given. The question is, how much impact? And of what kind?

Let’s think this through together.

The Court Decision

Let’s try to summarize this complicated case, if we can. Basically, the perception appears to be that hiQ Labs limits the scope of CFAA (Computer Fraud and Abuse Act). Under this narrowing, CFAA is about hacking, not about scraping websites.

The backstory is that hiQ Labs is a company that scrapes public user profiles on LinkedIn to create “people analytics” products to sell to companies looking for new employees or looking to keep their own. LinkedIn knew about hiQ Labs for years, but did nothing about it until 2017 when it sent a cease-and-desist letter demanding that hiQ Labs stop scraping its website.

Instead of caving, hiQ Labs brought suit, got a preliminary injunction, which was appealed, and this decision ensued.

Legal point: the ruling makes it clear that this is just about that preliminary injunction, not about the underlying case itself. But as is usually the case with PI’s, how the court rules there usually affects the ultimate ruling because of jurisprudential rules about such things. I’m not gonna get into it here, because it’s really not that important.

The CFAA Holding

The core of the ruling is that CFAA does not prohibit “unauthorized” access to and copying/scraping of publicly accessible information:

First, the wording of the statute, forbidding “access[] . . . without authorization,” 18 U.S.C. § 1030(a)(2), suggests a baseline in which access is not generally available and so permission is ordinarily required. “Authorization” is an affirmative notion, indicating that access is restricted to those specially recognized or admitted. See, e.g., Black’s Law Dictionary (10th ed. 2014) (defining “authorization” as “[o]fficial permission to do something; sanction or warrant”). Where the default is free access without authorization, in ordinary parlance one would characterize selective denial of access as a ban, not as a lack of “authorization.” Cf. Blankenhorn v. City of Orange, 485 F.3d 463, 472 (9th Cir. 2007) (characterizing the exclusion of the plaintiff in particular from a shopping mall as “bann[ing]”).

The court goes on to say that CFAA was “enacted to prevent intentional intrusion onto someone else’s computer–specifically, computer hacking.” So it’s more of a “breaking-and-entering” thing than it is a “misappropriation/theft” thing. And when information/data is publicly available, it’s hard to claim theft.

Minor Point That Might Be Relevant

One minor point I’d like to touch on is the fact that this lawsuit was by a company who claimed that being denied access to LinkedIn user profiles would basically put them out of business. The basic lawsuit that hiQ Labs brought was tortious interference with contract, since it has contracts with its clients to deliver products based on scraping LinkedIn data.

The Ninth Circuit found that pretty compelling, even when balanced against “privacy concerns” of LinkedIn users:

In short, even if some users retain some privacy interests in their information notwithstanding their decision to make their profiles public, we cannot, on the record before us, conclude that those interests—or more specifically, LinkedIn’s interest in preventing hiQ from scraping those profiles—are significant enough to outweigh hiQ’s interest in continuing its business, which depends on accessing, analyzing, and communicating information derived from public LinkedIn profiles.

I think this might be relevant for us.

Likely Outcome?

Well, for one thing, hiQ Labs essentially legitimizes all businesses based on scraping publicly available information with or without authorization from the website owner/operator. Sure, this will hit the LinkedIns, the Facebooks, the Instagrams, and so on of the world hard. It might impact travel websites, hotel sites, etc.

But that it could definitely impact real estate should be obvious to everyone here.

All property listings are, for all intents and purposes, publicly available. How could they not be, when they are fundamentally advertisements of homes for sale? It would be an odd thing to have an advertisement, but refuse to advertise it. (Realistically, it only happens with super-luxury homes of celebrities.)

For starters, Zillow.com, Redfin, all public-facing real estate websites of any kind can now be scraped without fear by any company who has a business productizing that data. CFAA does not prohibit such things, and Terms of Use (which LinkedIn obviously had), user agreements, and the like will not stop data scraping for business purposes.

The one business case I can think of off the top of my head is Agent Profiles and ratings. Zillow’s Agent Ratings are public information. Again, how could they not be, since the whole point is for a consumer to be able to find agents with 4.5-star ratings and such. Homelight, a site focused on helping consumers find the best agent, can immediately start scraping every public real estate agent profile, star ratings, consumer reviews, etc., aggregate them and start trying to make money from it.

I’m confident that there are other businesses that can be created by scraping publicly available real estate information from the web. Hell, I might start one myself depending on how the Supreme Court rules on this, since appeal seems inevitable to me. 🙂

In my mind, the only thing likely protected from scraping are photographs because they are subject to copyright. But copyright did not prevail in hiQ Labs so it remains to be seen if courts will prevent scraping of photos.

The Next Frontier

I think there’s more here. Consider the fact that LinkedIn does have public-facing data, obviously, but most of its information is only available to registered and logged in LinkedIn users. The court’s ruling here does not address that “semi-public” information, merely nothing that LinkedIn’s User Agreement does not apply since LinkedIn terminated hiQ Labs’s user account. But the obviously-biased EFF (Electronic Freedom Foundation) thinks that’s the next step:

This is an extremely important holding that limits the mistakes in the Ninth Circuit’s earlier rulings in Nosal II and Power Ventures. The court says that those earlier cases control in situations where authorization is generally required—because data is not public—and the website owner either revokes that authorization or never gives it in the first place. But the court relies on a very narrow interpretation of public information that may not hold up in practice. Once someone logs on to Facebook, for example, a wealth of “private” information is available to every user of the service, making this information essentially publicly available. And, as we pointed out in these earlier cases, if a user grants a third party access, the third party has a form of authorization, even if the website itself would prefer the third party not have access. In any case, if authorization turns on whether or not someone has to log in to a free service, then this incentivizes a move to shield public information behind a log-in page.

That is likely the next fight, and it will likely be Facebook or LinkedIn or some other social network that has to fight it. The whole point is that some “private” information isn’t private at all. I mean, who in the world thinks posting something to Facebook is private?

The implications for real estate of this next part is simply enormous. The MLS is a private network today. But is it truly “private” in the meaning of CFAA and other statutes? Is a property listing (an advertisement) truly private if it is being put in front of 100,000 real estate agents? There is a real argument there to be made that such information is not “private” so as to constitute scraping it a crime.

This little piece is especially relevant when it comes to things like sold data, withdrawn, terminated, expired, etc. That data is not on Zillow. That data is within the MLS, and at least in the U.S. (Canada has a whole different scheme on this thanks to Commissioner of Competition v. TREB), it is considered nonpublic data.

Welp, if that wall is breached, because putting data in front of tens of thousands of real estate agents is not truly “private” then we have something of a scenario at hand.

Let’s keep this short and leave it there, as I have a lot of real work to do today. But let me know what you think in comments or in the Lounge.

Happy Friday, and have a wonderful weekend!



Share & Print

Rob Hahn

Rob Hahn

Managing Partner of 7DS Associates, and the grand poobah of this here blog. Once called "a revolutionary in a really nice suit", people often wonder what I do for a living because I have the temerity to not talk about my clients and my work for clients. Suffice to say that I do strategy work for some of the largest organizations and companies in real estate, as well as some of the smallest startups and agent teams, but usually only on projects that interest me with big implications for reforming this wonderful, crazy, lovable yet frustrating real estate industry of ours.

Get NotoriousROB in your Inbox

The Future of Brokerage Paper

Fill out the form below to download the document