In May, when lawyers for tech goliath LinkedIn warned a tiny data-scraping operation to stop gathering information from its members’ profiles, they probably didn’t realize they were teeing up a weighty legal conundrum over the “public square” characteristics of privately owned social media sites.
Yet because of the crucial role that data analytics now plays in society, a squabble of seemingly traffic-ticket dimensions has drawn world-class legal talent, with Harvard Law School professor Laurence Tribe enlisted in the data-miner’s defense, while former Solicitor General Donald Verrilli, Jr., has been retained by LinkedIn, which was acquired by Microsoft (MSFT) last year for $26 billion.
On Thursday the “people analytics” startup known as hiQ Labs, which has built its whole business on data scoured from LinkedIn’s member profiles, will ask a federal judge in San Francisco to order its unwilling host to stop blocking its bots, citing federal and state constitutional free speech guarantees.
“Data analytics on public information is a foundation stone of the modern internet,” wrote Tribe and two other hiQ lawyers in a brief filed last week. They depict hiQ as following in the footsteps of such seminal web pioneers as Alta Vista, Excite, and Google. “Without such technologies internet users would be unable to make sense of the billions of web pages that exist in this modern marketplace of ideas,” the brief continues. “To allow LinkedIn to impose debilitating financial and criminal liability on a startup for accessing public pages would have a widespread chilling effect on innovation across the country, and thereby thwart valuable commercial and academic research.”
In response, LinkedIn portrays the case as far simpler. LinkedIn “is a private entity with a right to control access to its private property and to decide how and to whom it will make information available from its servers as part of its business,” argue its lawyers, Verrilli and Jonathan Blavin, both of Munger Tolles & Olson. “hiQ has identified no plausible legal justification for the unprecedented relief it seeks—a mandatory injunction granting hiQ access to LinkedIn’s computers so that hiQ can . . . threaten the privacy … of LinkedIn’s members and the integrity of LinkedIn’s relationship with those members.” (LinkedIn earned $975 million in revenue for the first quarter of 2017.)
‘The modern public square’
Because hiQ’s information-gathering activity informs its communications with clients, hiQ maintains that it is entitled to free-speech protection. The First Amendment of the U.S. Constitution, however, ordinarily protects citizens only against government attempts to limit speech—not actions by private companies, like LinkedIn. For that reason, hiQ relies mainly on the free speech provision of the California state constitution, which has been found to afford protection even in certain quasi-public forums, like privately owned shopping malls. In addition, hiQ hopes to capitalize on language from a U.S. Supreme Court decision handed down just last month, in which the justices characterized social media sites—including Facebook, LinkedIn, and Twitter—as the equivalent of “the modern public square,” and one of “the most important places . . . for the exchange of views” today. In that case, Packingham v. North Carolina, the court struck down, on First Amendment grounds, a state law that broadly banned convicted sex offenders from accessing social media sites.
Based in San Francisco, hiQ was founded in 2012, has raised about $14.5 million in financing, and employs 23 people, of whom 11 have advanced degrees, it says. The company offers corporate clients data analysis of their own workforces. To do this, it analyzes data that its automated web-crawling software programs, or “bots,” gather from the employees’ public profiles on LinkedIn. One hiQ service, called Keeper, for instance, identifies which employees hiQ judges to be most irreplaceable and the greatest flight risks. Another service, called Skill Mapper, assesses talent deficiencies in the client’s workforce. In its briefs, hiQ identifies eBay, Capital One, and GoDaddy as clients, and claims that Bank of New York Mellon, Chevron, and IBM are among its “prospective clients.”
While there is no dispute that hiQ uses only public profiles—information that LinkedIn members have elected to leave open to the world—LinkedIn deploys multiple technological shields in an effort to render even that information off-limits to bots. Bots, the company argues in its briefs, pose security threats to its members (they may be being operated by identity thieves or fraudsters, for instance) and technical threats to the site (in that they could bring it down through overload, including denial-of-service attacks). While LinkedIn does permit bots from certain known search engines, like Google and Bing, it blocks about 95 million data-scraping attempts per day, according to its briefs.
“LinkedIn has no idea whether a bot may have ‘good’ intentions, or whether it is a malicious actor, such as a hacker seeking to take down the LinkedIn site, a spammer, or an identity thief,” the company’s lawyers wrote in a brief filed last week.
Sometime this spring, LinkedIn says, it learned that hiQ’s bots were somehow piercing its standard lines of defenses. hiQ claims, in contrast, that LinkedIn actually knew what it had been doing for years, but only started objecting recently, after forming a plan to launch a competing “people analytics” service of its own.
On May 23 LinkedIn’s lawyers served hiQ with a cease-and-desist letter, alleging that hiQ, by circumventing its technological shields, was violating the federal Computer Fraud and Abuse Act and a California anti-hacking statute, among other laws. Later, LinkedIn started rebuffing hiQ’s bots—successfully, this time—by blocking seven internet addresses it had figured out belonged to hiQ.
On June 7 hiQ sued in federal court in San Francisco, asking for a judicial declaration that its practices were lawful, and a temporary restraining order preventing LinkedIn from locking out its bots.
Do bots have constitutional rights?
“By selectively blocking a company from access to its public profiles for anticompetitive purposes,” says hiQ attorney Deepak Gupta, of Farella Braun & Martel, in an interview, “LinkedIn is acting unlawfully not only as a matter of unfair competition law but also as a matter of the constitutional law of both the United States and California.”
In a press statement, LinkedIn says: “Our members control the information that they make available to others on LinkedIn and they trust us to honor that control. HiQ is taking member data, without their knowledge, and using it for purposes our members haven’t agreed to.”
U.S. District Judge Edward M. Chen will preside over Thursday’s hearing. At an earlier proceeding, on June 29, he appeared torn by the issues presented. On the one hand, he expressed skepticism that the federal Computer Fraud and Abuse Act—a criminal statute—really barred the mere use of bots to harvest public information. “You can get it manually if you hired a hundred million people to do it,” he observed, “but if you want to do it quickly and automatedly, you can’t do it? That is a crime?”
At the same time, he seemed reluctant to mint a broad, new constitutional right that might prevent LinkedIn and other sites from warding off the millions of bot attacks they sustain daily.
If Judge Chen doesn’t grant hiQ a preliminary injunction, the startup may turn into a shutdown. HiQ attorney Gupta acknowledged at a hearing last month that, without a court order, the company was “likely to go under.” Though LinkedIn agreed to a standstill agreement on June 29, permitting hiQ’s bots to resume scouring the site until Judge Chen ruled, the outfit appears to have no Plan B.
“Employees are coming to work,” Gupta said when LinkedIn was blocking its bots, “and there’s really nothing for them to do.”