Over the past week, we received two big decisions from two different California courts on two vastly different issues. One was a decision that has no precedential effect, but which garnered a lot of headlines, particularly in tech circles. That case was decided correctly. The other received almost no attention, but which is precedential. And that case was wrongly decided.
The Computer Fraud and Abuse Act and Data Scraping
I have a been a long-time critic of the CFAA, a law put together so haphazardly and over so many years that it is difficult to resolve important questions of statutory interpretation. The key legal question that arises under the CFAA - at least in the context of employee claims - is when one exceeds her authorized access to a protected computer or accesses that computer "without authorization." Put another way, many cases have analyzed claims of insider misappropriation within the CFAA's statutory text, even though it seems clear the statute didn't really have that type of case in mind.
But applying the "without authorization" language of the CFAA goes beyond just employment claims, as reflected in the important case of hiQ Labs, Inc. v. LinkedIn Corp. The case involved another question of statutory interpretation: whether the CFAA prohibited access to public LinkedIn profiles after LinkedIn revoked permission to such access.
A little background is essential, since the idea of an open internet is crucial to the case's disposition. hiQ Labs is a data analytics company. Its business model revolves around scraping data off of LinkedIn users' public profiles. It then can offer products to its client companies: an analysis of which employees are likely to leave or be recruited (such as by employees updating their skills and other LinkedIn fields) and a separate analysis of which skills individual workers possess.
LinkedIn demanded that hiQ stop scraping public data from its website, relying on its User Agreement and the term that prohibited data collection. hiQ sought injunctive relief, arguing that LinkedIn's threats undermined its business model and violated state statutory and common law. The analysis, though, hinged on the CFAA - for a reading of that statute in LinkedIn's favor would have preempted the offensive claims hiQ brought.
The district court found that the CFAA likely did not preclude hiQ's claims, and it relied on two general concepts. First, it distinguished other cases where CFAA infractions involved access to private, as opposed to public, data. And second, it looked to the law of trespass to conclude that, despite LinkedIn's supposed revocation of hiQ's access to public profiles on its website, hiQ hadn't circumvented any sort of authentication system to view those profiles. This analysis incorporated Professor Orin Kerr's influential Columbia Law Review article that discussed the law of trespass as explaining some of the ambiguity and context of the "without authorization" language in the CFAA.
The decision seems intuitive and obvious, but in large part it was constrained by the text of the CFAA itself, which has confounded courts over the years. Thank goodness we have thought leaders like Orin Kerr to make sense of the statute and provide the appropriate analytical framework on which courts can reconcile very difficult questions. Public websites need to be open and accessible, and operators cannot erect artificial barriers under the guise of an unread, boilerplate user agreement to invoke the specter of criminal liability for viewing and using what's freely available.
The second decision comes from the Supreme Court of California, where the Court absolved Latham & Watkins for its pursuit of a frivolous trade-secrets claim many years ago. That case made its way up to the Court of Appeal and is somewhat well-known to lawyers (like me) who believe that a robust, common-sense interpretation of "bad faith" is essential to defense fee-shifting claims. The case of FLIR Systems, Inc. v. Parrish, 174 Cal. App. 4th 1270 (2009), was the precursor to Parrish v. Latham & Watkins. In FLIR Systems, the Court of Appeal affirmed a fee award for the prevailing defendants after the plaintiff's trade-secret claim (and the expert testimony girding that claim) fell apart at trial. As the Court had held, the plaintiff's modest success in defeating summary judgment did not insulate the bad-faith fee award. That was a sound rationale: trade secrets plaintiffs often dodge, duck, and distract a trial court into believing there are factual issues in need of resolution.
Unfortunately, for the defendants in that case, the summary-judgment "loss" hurt them in a later, independent malicious prosecution claim that they brought against Latham & Watkins, the law firm that represented FLIR Systems. The Court of Appeal held that the so-called "interim adverse judgment" rule barred the malicious prosecution claim, a decision the Supreme Court of California affirmed last week.
That rule says that a malicious prosecution plaintiff cannot maintain a claim if a "trial court judgment or verdict" is rendered in favor of the plaintiff in the underlying suit - here the FLIR Systems litigation. The problem with applying this rule is that FLIR Systems' defeat of a summary judgment motion is not a judgment in and of itself. It's an interlocutory order that is not even appealable and is a reflection of the trial judge's perception that fact issues need a full airing in court. Indeed, a denial of a summary judgment motion is not a ruling on the merits in any sense.
California is ground-zero for crummy trade secrets claims, so the ruling is an important one. It is particularly important if the plaintiff cannot satisfy a fee award or if the pursuit of the claim caused collateral damage that flowed from the pursuit of the action (such as lost investors, delayed market entry, jettisoned goodwill). A fee award won't cover those damages, but a malicious prosecution suit will. The "interim adverse judgment" rule, applied to denials of summary judgment motions, is an artificial construct that insulates attorneys who pursue claims without an objective, good-faith basis. That they survive a summary judgment is by no means a reflection of the suit's merit, since the trial is where the facts are most tested. Courts need flexibility to assess whether the entirety of the prosecution was malicious, not whether the plaintiff's lawyers were skilled enough to defeat a motion.
An obvious consequence? California courts may see less summary judgment motions. Why risk it after the Latham & Watkins case?