hiQ Labs, Inc. v. Linkedin Corporation

Filing 199

ORDER by Judge Edward M. Chen Deferring in Part and Denying in Part #182 Plaintiff's Motion to Dismiss and Strike Counterclaims. (emcsec, COURT STAFF) (Filed on 4/19/2021)

Download PDF
1 2 3 4 UNITED STATES DISTRICT COURT 5 NORTHERN DISTRICT OF CALIFORNIA 6 7 HIQ LABS, INC., Plaintiff, 8 v. 9 10 LINKEDIN CORPORATION, Defendant. 11 United States District Court Northern District of California Case No. 17-cv-03301-EMC ORDER DEFERRING IN PART AND DENYING IN PART PLAINTIFF’S MOTION TO DISMISS AND STRIKE COUNTERCLAIMS Docket No. 182 12 13 14 This case arises out of Plaintiff hiQ Labs, Inc.’s access to and use of public profiles of 15 Defendant LinkedIn Corp.’s users. hiQ initiated this lawsuit against LinkedIn, bringing claims 16 for, inter alia, declaratory relief, tortious interference, and unfair competition. In response, 17 LinkedIn has asserted counterclaims, including violation of the federal Computer Fraud and Abuse 18 Act, breach of contract, and misappropriation. Currently pending before the Court is hiQ’s motion 19 to dismiss the counterclaims. Having considered the parties’ briefs and accompanying 20 submissions, the Court hereby DEFERS in part and DENIES in part hiQ’s motion. I. 21 22 FACTUAL & PROCEDURAL BACKGROUND LinkedIn is a company that provides a social network for professionals. See Countercl. ¶ 23 20. Members of LinkedIn “create individual profiles that serve as their professional profiles 24 online.” Countercl. ¶ 21. Today, the company has more than 700 million members worldwide. 25 See Countercl. ¶ 21. 26 27 28 LinkedIn gives its members numerous privacy protections and privacy choices. For example: • “[I]f a member decides that he or she wants to delete his or her profile, LinkedIn 1 will permanently delete the account and all of the data that the member posted to 2 LinkedIn within 30 days.” Countercl. ¶ 56 (alleging that this “helps ensure that 3 members are the ones who have ultimate control over [their information]”). 4 • Members can choose to have all or part of their profiles exempt from indexing by 5 well-known search engines such as Google, Bing, and Duck Duck Go. See 6 Countercl. ¶ 55. 7 • When members update information in their profiles, they can choose whether to 8 broadcast that change on LinkedIn. See Countercl. ¶ 57 (alleging that, if a member 9 chooses the “Do Not Broadcast” setting, the “changes that the member makes to his or her profile will be visible, but the fact that the member made a change will not 11 United States District Court Northern District of California 10 be broadcast to his or her LinkedIn connections or to anyone else”); see also 12 Countercl. ¶ 58 (alleging that this feature was put in place “in response to feedback 13 from LinkedIn members who were hesitant to update their profiles for fear that 14 their co-workers or employers would suspect they were searching for a new job or 15 otherwise thinking of leaving their current jobs”). 16 “LinkedIn’s website and servers are not unconditionally open to the general public.” 17 Countercl. ¶ 25. “This is because LinkedIn’s servers are protected by sophisticated defenses . . . 18 that evaluate whether to grant each request made to LinkedIn’s servers.” Countercl. ¶ 25. These 19 defenses “currently block hundreds of millions of requests to access guest profiles per day from 20 bots and scrapers, which constitute the majority of the requests made to LinkedIn’s servers for 21 guest profiles.” Countercl. ¶ 25. 22 23 Examples of LinkedIn’s defenses include the following: • The Sentinel system. “Through Sentinel, LinkedIn maintains a list of IP addresses 24 that are not permitted to make calls on LinkedIn’s servers because they either have 25 in the past or are engaged in abuse.” Countercl. ¶ 27. 26 • LinkedIn’s “robots.txt” file. The file “provides a set of instructions to any 27 automated technologies visiting the LinkedIn site, as well as an explicit warning 28 . . . [,] that the use of bots to access LinkedIn without express permission is strictly 2 1 prohibited.” Countercl. ¶ 33. The file “does permit some webcrawlers (e.g., search 2 engines such as Google or Bing) to crawl and index the site.” Countercl. ¶ 33; see 3 also Countercl. ¶ 55 (alleging that that LinkedIn’s “Privacy Policy expressly 4 informs members that search engines may index and display information in their 5 profiles” but “LinkedIn limits such indexing to well-known search engines, such as 6 Google, Bing and Duck Duck Go”; furthermore, “LinkedIn permits members to 7 choose the parties of their profiles that search engines index, or to opt out of this 8 feature entirely”). 9 • LinkedIn’s “custom rules.” LinkedIn applies “over 200 custom rules . . . to requests made to its servers to determine whether the requests is from a human or 11 United States District Court Northern District of California 10 bot.” Countercl. ¶ 30. Some of the rules fall under LinkedIn’s Guest Request 12 Scoring System and Member Request Scoring System. The Guest Request Scoring 13 System “monitors and limits page requests made by users who are not logged into 14 LinkedIn. If unusual patterns or high levels of activity are detected, the user is 15 redirected to LinkedIn’s log-in page and is prevented from viewing additional 16 LinkedIn pages while not logged in.” Countercl. ¶ 32. “The Member Request 17 Scoring System monitors page requests made by LinkedIn members while logged 18 into their accounts. If high levels of activity are detected for certain types of 19 accounts, the member is logged out and may either be warned, restricted, or 20 challenged with a CAPTCHA in order to log back into LinkedIn.” Countercl. ¶ 31. 21 • Password barrier. “Much of the information on LinkedIn’s website is behind a 22 password barrier. Periodically, LinkedIn will prevent ‘logged-out’ users from 23 viewing more than a certain number of pages before being asked to enter a user 24 name and password to see more.” Countercl. ¶ 34. 25 • The FUSE system. “FUSE scans and imposes a limit on the activity that an 26 individual LinkedIn member may initiate on the site. This limit is intended to 27 prevent would-be data scrapers utilizing automated technologies from quickly 28 accessing a substantial volume of member profiles.” Countercl. ¶ 26. 3 In addition to the above defenses, LinkedIn’s User Agreement “prohibits accessing and 1 2 scraping of LinkedIn’s website through automated software and other technologies.” Countercl. ¶ 3 36; see also Countercl. ¶ 49 (citing § 8.2 of the User Agreement). Members of LinkedIn are 4 subject to the User Agreement but so too are users and visitors of the LinkedIn website. See 5 Countercl. ¶ 37. For example, “[t]he relevant version of the User Agreement, effective October 6 23, 2014, states that ‘You agree that by clicking “Join Now[,]” “Join LinkedIn” “Sign Up” or 7 similar[] registering, accessing, or using our services . . . , you are entering into a legally binding 8 agreement (even if you are using our Services on behalf of a company).’” Countercl. ¶ 37. Notwithstanding these measures, hiQ accesses and aggregates publicly available profiles 9 on LinkedIn and uses the data for the data analytic tools it sells. 11 United States District Court Northern District of California 10 A. 12 hiQ’s First Amended Complaint (“FAC”) In its FAC, hiQ asserts the following claims for relief: 13 (1) A declaratory judgment that hiQ has not violated and will not violate the Computer 14 Fraud and Abuse Act of 18 U.S.C. § 1030 by accessing LinkedIn public profiles. 15 (2) A declaratory judgment that hiQ has not violated and will not violate the Digital 16 Millennium Copyright Act, 17 U.S.C. § 1201, by accessing LinkedIn public 17 profiles. 18 19 20 21 (3) A declaratory judgment that hiQ has not committed and will not commit common law trespass to chattels by accessing LinkedIn public profiles. (4) A declaratory judgment that hiQ has not violated and will not violate California Penal Code § 502(c) by accessing LinkedIn public profiles. 22 (5) Intentional interference with contract. 23 (6) Intentional interference with prospective economic advantage. 24 (7) Unfair competition in violation of California Business & Professions Code § 25 17200. 26 (8) Unlawful competition in violation of § 17200. 27 (9) Fraudulent competition in violation of § 17200. 28 4 1 B. In its responsive counterclaims, LinkedIn pleads the following causes of action against 2 3 LinkedIn’s Counterclaims hiQ: 4 (1) Violation of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030. 5 (2) Violation of the California Comprehensive Computer Access and Fraud Act, Cal. Pen. Code § 502 et seq. 6 7 (3) Breach of contract. 8 (4) Misappropriation. 9 (5) Trespass to chattels. 10 C. Before LinkedIn filed its counterclaims in the instant case, this Court issued an order 11 United States District Court Northern District of California Prior Court Rulings 12 granting hiQ a preliminary injunction with respect to its claims for relief. See hiQ Labs, Inc. v. 13 LinkedIn Corp., 273 F. Supp. 3d 1099 (N.D. Cal. 2017) (hereafter hiQ I). LinkedIn appealed that 14 order; the Ninth Circuit affirmed. See hiQ Labs, Inc. v. LinkedIn Corp., 938 F.3d 985 (9th Cir. 15 2019) (hereinafter hiQ II). LinkedIn thereafter filed a petition for a writ of certiorari with the 16 Supreme Court. LinkedIn’s petition is still pending. II. 17 18 19 A. DISCUSSION Legal Standard Federal Rule of Civil Procedure 8(a)(2) requires a complaint to include “a short and plain 20 statement of the claim showing that the pleader is entitled to relief.” Fed. R. Civ. P. 8(a)(2). A 21 complaint that fails to meet this standard may be dismissed pursuant to Federal Rule of Civil 22 Procedure 12(b)(6). See Fed. R. Civ. P. 12(b)(6). To overcome a Rule 12(b)(6) motion to dismiss 23 after the Supreme Court’s decisions in Ashcroft v. Iqbal, 556 U.S. 662 (2009), and Bell Atlantic 24 Corp. v. Twombly, 550 U.S. 544 (2007), a plaintiff’s “factual allegations [in the complaint] ‘must . 25 . . suggest that the claim has at least a plausible chance of success.’” Levitt v. Yelp! Inc., 765 F.3d 26 1123, 1135 (9th Cir. 2014). The court “accept[s] factual allegations in the complaint as true and 27 construe[s] the pleadings in the light most favorable to the nonmoving party.” Manzarek v. St. 28 Paul Fire & Marine Ins. Co., 519 F.3d 1025, 1031 (9th Cir. 2008). But “allegations in a 5 1 complaint . . . may not simply recite the elements of a cause of action [and] must contain sufficient 2 allegations of underlying facts to give fair notice and to enable the opposing party to defend itself 3 effectively.” Levitt, 765 F.3d at 1135 (internal quotation marks omitted). “A claim has facial 4 plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable 5 inference that the defendant is liable for the misconduct alleged.” Iqbal, 556 U.S. at 678. “The 6 plausibility standard is not akin to a probability requirement, but it asks for more than a sheer 7 possibility that a defendant has acted unlawfully.” Id. (internal quotation marks omitted). In the instant case, hiQ has challenged under Rule 12(b)(6) each of LinkedIn’s five 8 9 counterclaims: (1) Violation of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030. 11 United States District Court Northern District of California 10 (2) Violation of the California Comprehensive Computer Access and Fraud Act, Cal. Pen. Code § 502 et seq. 12 13 (3) Breach of contract. 14 (4) Misappropriation. 15 (5) Trespass to chattels. 16 B. Violation of the Computer Fraud and Abuse Act The Computer Fraud and Abuse Act (“CFAA”) provides in relevant part: “Whoever . . . 17 18 intentionally accesses a computer without authorization or exceeds authorized access,[1] and 19 thereby obtains . . . information from any protected computer . . . shall be punished” by fine or 20 imprisonment.” 18 U.S.C. § 1030(a)(2)(C). In its decision affirming the preliminary injunction in this case, the Ninth Circuit provided 21 22 guidance on its views of the CFAA. It determined, for example, that hiQ had raised a serious 23 question as to its contention that, “where access is open to the general public, the CFAA ‘without 24 authorization’ concept is inapplicable.” hiQ II, 938 F.3d at 1000. Primarily relying on the Ninth Circuit’s decision, hiQ argues that the Court should dismiss 25 26 27 28 “[E]xceeds authorized access” under the CFAA “means to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.” 18 U.S.C. § 1030(e)(6). 6 1 1 LinkedIn’s CFAA counterclaim. At this juncture, however, the Court finds it prudent to defer 2 ruling on hiQ’s motion because LinkedIn has asked the Supreme Court to review the Ninth 3 Circuit’s decision. In addition, the Supreme Court currently has before it a case that will address a 4 related issue – i.e., when does a person exceed authorized access under the CFAA? – that may 5 well have an impact on the instant case. See United States v. Van Buren, 940 F.3d 1192 (11th Cir. 6 2019), certiorari granted by 140 S. Ct. 2667 (2020). These circumstances counsel against a ruling 7 on the CFAA counterclaim at this point in the proceedings. The Court will be in a better position 8 to address the counterclaim once the Supreme Court has issued its decision in Van Buren and/or 9 the instant case. 10 C. Violation of the California Comprehensive Computer Access and Fraud Act, Cal. Pen. United States District Court Northern District of California 11 Code § 502 et seq. 12 LinkedIn has also asserted a counterclaim for violation of the California Comprehensive 13 Computer Access and Fraud Act. The relevant provision in the Act can be found in California 14 Penal Code § 502(c), which provides in relevant part as follows: 15 16 17 [A]ny person who commits any of the following acts is guilty of a public offense: (1) Knowingly accesses and without permission alters, damages, deletes, destroys, or otherwise uses any data, computer, computer system, or computer network in order to either (A) devise or execute any scheme or artifice to defraud, deceive, or extort, or (B) wrongfully control or obtain money, property, or data. (2) Knowingly accesses and without permission takes, copies, or makes use of any data from a computer, computer system, or computer network, or takes or copies any supporting documentation, whether existing or residing internal or external to a computer, computer system, or computer network. 18 19 20 21 22 23 24 25 26 .... (7) Knowingly and without permission accesses or causes to be accessed any computer, computer system, or computer network. 27 Cal. Pen. Code § 502(c). Section 502(c)(7) bears similarity to the CFAA, focusing on 28 unauthorized access. However, §§ 502(c)(1) and (2) are different from the CFAA (at least as 7 1 interpreted by the Ninth Circuit), focusing instead on unauthorized use. See also United States v. 2 Christensen, 828 F.3d 763, 789 (9th Cir. 2016) (noting that, “[i]n contrast to the CFAA, the 3 California statute does not require unauthorized access” but rather “knowing access[;] [w]hat 4 makes that access unlawful is that the person ‘without permission takes, copies, or makes use of’ 5 data on the computer”); Power Ventures, 844 F.3d at 1069 (noting that, e.g., § 502(c)(2) is 6 different from the CFAA). Although § 502 is not on all fours with the CFAA, the Court nevertheless finds it prudent 7 8 to defer ruling on the § 502 counterclaim as well. The Supreme Court’s decision in Van Buren 9 and/or the instant case may still affect the § 502 analysis – e.g., whether, as a matter of policy, the use of public information should be deemed criminal conduct. 11 United States District Court Northern District of California 10 D. 12 Breach of Contract LinkedIn’s breach-of-contract counterclaim is predicated on the User Agreement which 13 “prohibits accessing LinkedIn’s website through automated means” and “prohibits scraping data 14 from LinkedIn’s website using automated means.” Countercl. ¶¶ 115-16. According to LinkedIn, 15 “hiQ’s conduct has damaged LinkedIn, and caused and continues to cause irreparable harm and 16 injury to LinkedIn.” Countercl. ¶ 125 (emphasis added). 17 In its motion, hiQ seeks to dismiss only part of the counterclaim. hiQ points out that, in its 18 order granting a preliminary injunction, this Court stated: “hiQ signed up as a LinkedIn user and is 19 thus bound by the User Agreement[,] [b]ut LinkedIn has since terminated hiQ’s user status.” hiQ 20 I, 273 F. Supp. at 1107 n.4. Similarly, the Ninth Circuit in affirming the preliminary injunction 21 order stated: “[h]iQ is no longer bound by the User Agreement, as LinkedIn has terminated hiQ’s 22 user status.” hiQ II, 983 F.3d at 991 n.5. Based on these statements, hiQ argues: “LinkedIn’s 23 claim that hiQ ‘continues to’ breach the User Agreement is precluded by the findings of this Court 24 and the Ninth Circuit,” and, “as LinkedIn cannot state a claim for any continuing or ongoing 25 breach of the User Agreement, LinkedIn’s claim of injunctive relief or for relief accrued past the 26 date of hiQ’s termination should be struck.” Mot. at 12 (emphasis added). 27 28 The problem with hiQ’s position is that, even if LinkedIn terminated hiQ as a LinkedIn member subject to the User Agreement (a fact that LinkedIn disputes), that does not necessarily 8 1 mean that hiQ is not subject to the User Agreement. In its counterclaim, LinkedIn alleges that 2 “[a]ny future use of LinkedIn’s website by hiQ is subject to the terms of the User Agreement,” 3 Countercl. ¶ 126, because, “[b]y its terms, the User Agreement applies not only to LinkedIn 4 members, which hiQ was, but to anybody who uses LinkedIn’s website.” Countercl. ¶ 51 5 (emphasis added). According to LinkedIn, “[a]t all relevant times, LinkedIn . . . prominently 6 displayed a link to the User Agreement on LinkedIn’s homepage. Those who use LinkedIn’s 7 website with actual knowledge of the terms of the User Agreement are required to abide by those 8 terms if they choose to access LinkedIn’s website.” Countercl. ¶ 109. In support, LinkedIn cites 9 Nguyen v. Barnes & Noble Inc., 763 F.3d 1171 (9th Cir. 2014). 10 Nguyen is an arbitration-related case; nevertheless, it contains principles relevant to the United States District Court Northern District of California 11 instant case because the defendant there argued, inter alia, that the plaintiff was subject to an 12 arbitration provision based on Terms of Use posted as a hyperlink on the defendant’s website. 13 The Ninth Circuit noted that 14 [c]ontracts formed on the Internet come primarily in two flavors: "clickwrap" (or "click-through") agreements, in which website users are required to click on an "I agree" box after being presented with a list of terms and conditions of use; and "browsewrap" agreements, where a website's terms and conditions of use are generally posted on the website via a hyperlink at the bottom of the screen. . . . 15 16 17 "Unlike a clickwrap agreement, a browsewrap agreement does not require the user to manifest assent to the terms and conditions expressly . . . [a] party instead gives his assent simply by using the website." Indeed, "in a pure-form browsewrap agreement, 'the website will contain a notice that – by merely using the services of, obtaining information from, or initiating applications within the website – the user is agreeing to and is bound by the site's terms of service.'" Thus, "by visiting the website – something that the user has already done – the user agrees to the Terms of Use not listed on the site itself but available only by clicking a hyperlink." "The defining feature of browsewrap agreements is that the user can continue to use the website or its services without visiting the page hosting the browsewrap agreement or even knowing that such a webpage exists." "Because no affirmative action is required by the website user to agree to the terms of a contract other than his or her use of the website, the determination of the validity of the browsewrap contract depends on whether the user has actual or constructive knowledge of a website's terms and conditions." 18 19 20 21 22 23 24 25 26 27 28 Id. at 1175-76. The Ninth Circuit continued by noting that “courts have consistently enforced browsewrap 9 1 agreements where the user had actual notice of the agreement”; in contrast, “where . . . there is no 2 evidence that the website user had actual knowledge of the agreement, the validity of the 3 browsewrap agreement turns on whether the website puts a reasonably prudent user on inquiry 4 notice of the terms of the contract.” Id. at 1176-77. Thus, under Nguyen, LinkedIn has a basis for arguing that, if hiQ has actual notice of the 5 terms of the User Agreement (which contains, e.g., a prohibition against scraping), it can be 7 subject to those terms. Although currently hiQ is allowed access to the LinkedIn website and to 8 copy or use public profiles posted thereon under the preliminary injunction, this does not mean 9 that hiQ is entitled to a permanent injunction. Based on the counterclaim as pled, LinkedIn has a 10 basis for asserting that it is entitled to a permanent injunction – or at least a declaration – that hiQ 11 United States District Court Northern District of California 6 is subject to the User Agreement in the future. Because whether hiQ can be bound to the User 12 Agreement raises a factual question, the counterclaim cannot be dismissed at this juncture. 13 E. 14 Misappropriation The California Court of Appeal has explained that 15 [c]ommon law misappropriation is one of a number of doctrines subsumed under the umbrella of unfair competition. It is normally invoked in an effort to protect something of value not otherwise covered by patent or copyright law, trade secret law, breach of confidential relationship, or some other form of unfair competition. The elements of a claim for misappropriation under California law consist of the following: (a) the plaintiff invested substantial time, skill or money in developing its property; (b) the defendant appropriated and used the plaintiff's property at little or no cost to the defendant; (c) the defendant's appropriation and use of the plaintiff's property was without the authorization or consent of the plaintiff; and (d) the plaintiff can establish that it has been injured by the defendant's conduct. 16 17 18 19 20 21 22 United States Golf Ass'n v. Arroyo Software Corp., 69 Cal. App. 4th 607, 618 (1999) [hereinafter 23 USGA]. 24 In its counterclaim, LinkedIn alleges that hiQ engaged in misappropriation because, 25 “without authorization, [it] wrongfully accessed LinkedIn’s website, computer systems and 26 servers, and obtained data from the LinkedIn site. The data that hiQ took included time-sensitive 27 updates to member profiles.” Countercl. ¶ 130. In response, hiQ makes two arguments: (1) 28 LinkedIn has no ownership interest in the data allegedly misappropriated (rather, that data belongs 10 1 to LinkedIn members) and (2) any misappropriation counterclaim here would be preempted by the 2 California Uniform Trade Secret Act (“CUTSA”). 3 1. Property Rights 4 hiQ’s first argument is, in essence, that LinkedIn has no property rights at issue in the instant case. hiQ is corrected that LinkedIn’s members, and not LinkedIn itself, owns the 6 information in their public profiles. However, that does not mean that LinkedIn has no property 7 rights. As LinkedIn points out, there may be “quasi-property” rights that are protected. For 8 example, one company can misappropriate “another’s commercial advantage” by misappropriating 9 the “‘expenditure of labor, skill, and money’ of another.” Am. Cyanamid Co. v. Am. Home 10 Assurance Co., 30 Cal. App. 4th 969, 976-77 (1994) (quoting International News Service v. 11 United States District Court Northern District of California 5 Associated Press, 248 U.S. 215, 239 (1918) [hereinafter INS]). 12 As indicated above, California’s recognition of this kind of misappropriation is based on 13 INS which recognized a property interest in “hot news.” See id.; see also Sammons & Sons v. 14 Ladd-Fab, Inc., 138 Cal. App. 3d 306, 311 (1982) (noting that “INS expanded existing concepts of 15 unfair competition to include protection against appropriation of competitive advantage ‘acquired 16 by complainant as the result of organization and the expenditure of labor, skill, and money’ by a 17 defendant who thereby ‘is endeavoring to reap where it has not sown’”). In INS, the plaintiff and 18 the defendant were competitors in the gathering and distribution of news and its publication for 19 profit in newspapers throughout the United States.” INS, 248 U.S. at 229. The plaintiff filed suit 20 to stop the defendant from, inter alia, copying news from bulletin boards and early editions of the 21 plaintiff’s newspapers and selling it, “either bodily or after rewriting it, to defendant’s customers.” 22 Id. at 231. 23 The Supreme Court noted that, while “the news of current events may be regarded as 24 common property[,] [w]hat we are concerned with is the business of making it known to the 25 world.” Id. at 235. “The peculiar value of news is in the spreading of it while it is fresh.” Id. In 26 other words, 27 28 although we may and do assume that neither party has any remaining property interest as against the public in uncopyrighted news matter after the moment of its first publication, it by no means 11 1 2 3 4 5 6 follows that there is no remaining property interest in it as between themselves. For, to both of them alike, news matter, however little susceptible of ownership or dominion in the absolute sense, is stock in trade, to be gathered at the cost of enterprise, organization, skill, labor, and money, and to be distributed and sold to those who will pay money for it, as for any other merchandise. Regarding the news, therefore, as but the material out of which both parties are seeking to make profits at the same time and in the same field, we hardly can fail to recognize that for this purpose, and as between them, it must be regarded as quasi property, irrespective of the rights of either as against the public. 7 Id. at 236 (emphasis added). California courts have cited INS approvingly. See, e.g., Balboa Ins. 8 Co. v. Trans Glob. Equities, 218 Cal. App. 3d 1327, 1342 (1990) (“Common law misappropriation 9 presents a final legal theory under the broad unfair competition umbrella. The doctrine originated 10 United States District Court Northern District of California 11 12 13 14 15 16 17 in the United States Supreme Court's decision of [INS].”). hiQ suggests that, to the extent INS is recognized under California law, INS should be narrowly construed and limited to cases where: (i) a plaintiff generates or gathers information at a cost; (ii) the information is time-sensitive; (iii) a defendant's use of the information constitutes free-riding on the plaintiff's efforts; (iv) the defendant is in direct competition with a product or service offered by the plaintiffs; and (v) the ability of other parties to free-ride on the efforts of the plaintiff or others would so reduce the incentive to produce the product or service that its existence or quality would be substantially threatened. 18 Nat’l Basketball Ass’n v. Motorola, Inc., 105 F.3d 841, 845 (2d Cir. 1997) [hereinafter “NBA”]. 19 But hiQ has cited no California state court opinion adopting this narrow view. Rather, the 20 elements of a common law misappropriation claim under California law have been outlined above. 21 See Balboa, 218 Cal. App. 3d at 1342 (recognizing that common law misappropriation has its 22 roots in INS but not limiting the claim to the hot news context and stating that “[t]he cause of 23 action has three elements: (1) the plaintiff has invested substantial time and money in development 24 of its . . . property; (2) the defendant has appropriated the [property] at little or no cost; and (3) the 25 plaintiff has been injured by the defendant’s conduct”) (internal quotation marks omitted). 26 Although hiQ has cited Pollstar v. Gigmania, Ltd., 170 F. Supp. 2d 974, 979 (E.D. Cal. 2000), 27 where the district court applied the Second Circuit’s approach above, that case is not dispositive. 28 hiQ has cited no California case that imposes the NBA restrictions, even in a case involving “hot 12 1 2 news.” If anything, California authority rejects, at least in part, the narrow interpretation. For 3 instance, in USGA, the state court expressly rejected the argument that an essential element of a 4 misappropriation claim was direct competition between the plaintiff and the defendant. See 5 USGA, 69 Cal. App. 4th at 618 (“Under the California law applicable here, . . . the essential 6 elements of a misappropriation claim simply do not include any such requirement of proof of 7 direct competition between the plaintiff and the defendant.”). Cf. Colo. Escrow & Title Servs., 8 LLC v. Deinema, No. 2012CV387, 2015 Colo. Dist. LEXIS 1802, *34-36 (Colo. Dist. Ct. Jan. 23, 9 2015) (noting that Colorado law recognizes a misappropriation claim “where one either wrongfully profits from another’s expenditure of labor, skill or money, or capitalizes wrongfully 11 United States District Court Northern District of California 10 on the commercial values of another”; rejecting the argument that such a claim requires that the 12 plaintiff and defendant be competitors – it was enough that “ESI has profited from TCR's 13 accumulation and organization of public records”). 14 Finally, even if the Court were inclined to adopt a narrow view of INS, LinkedIn has still 15 met that standard (at least based on the allegations made by the parties). For example, regarding 16 direct competition, hiQ itself has charged LinkedIn with blocking hiQ’s access because LinkedIn 17 “wants to monetize [its] data itself with a competing product.” hiQ I, 273 F. Supp. 3d at 1117. 18 Also, to the extent information must be time sensitive, LinkedIn has alleged that “[t]he data that 19 hiQ took included time-sensitive updates to member profiles.” Countercl. ¶ 130. Finally, there 20 are questions of fact as to whether hiQ is a free rider with respect to LinkedIn and whether hiQ’s 21 use of LinkedIn’s data reduces LinkedIn’s incentive to invest in its infrastructure. 22 2. CUTSA Preemption 23 hiQ argues that, even if LinkedIn has a property interest to support a misappropriation 24 counterclaim, the counterclaim must still be dismissed based on CUTSA preemption. This 25 contention lacks merit. As LinkedIn points out, the misappropriation counterclaim is not 26 preempted because the whole point of such a claim is to protect a property right “not otherwise 27 covered by patent or copyright law, trade secret law, breach of confidential relationship, or some 28 other form of unfair competition.” USGA, 69 Cal. App. 4th at 618 (emphasis added). 13 hiQ points out that, under certain circumstances, there can be CUTSA preemption even 1 2 where the property right at issue does not constitute a trade secret per se. For instance, in Lifeline 3 Food Co. v. Gilman Cheese Corp., No. 5:15-cv-00034-PSG, 2015 U.S. Dist. LEXIS 64155 (N.D. 4 Cal. May 15, 2015), the district court noted that the “CUTSA may supersede ‘claims based on the 5 misappropriation of information that does not satisfy the definition of trade secret under CUTSA’ 6 when ‘the basis of the alleged property right is in essence that the information is not . . . generally 7 known to the public,’ because then ‘the claim is sufficiently close to a trade secret claim that it 8 should be superseded.’” Id. at *3. However, in the instant case, LinkedIn is not making any claim 9 that the public profiles are confidential or not generally known to the public. Rather, the property right it is claiming is based on the labor, skill, money, etc. that it put into developing the 11 United States District Court Northern District of California 10 professional networking system. There is thus no basis for CUTSA preemption. 12 F. Trespass to Chattels “Under California law, trespass to chattels ‘lies where an intentional interference with the 13 14 possession of personal property has proximately caused injury.’” Intel Corp. v. Hamidi, 30 Cal. 15 4th 1342, 1350-51 (2003). The owner of the property may recover actual damages suffered by 16 reason of the impairment of the property or the loss of its use.2 See id. at 1351. Injunctive relief is 17 also possible where there is threatened injury. See id. at 1352 (asking whether the defendant’s 18 actions “cause or threatened to cause damage to Intel’s computer system, or injury to it rights in 19 that personal property”). In its motion, hiQ argues that the trespass claim should be dismissed because LinkedIn has 20 21 failed to adequately allege injury. In response, LinkedIn contends that it has adequately alleged 22 existing injury as well as threatened future injury. Regarding existing injury, LinkedIn contends that a small amount of harm can support 23 24 trespass to chattels. See Opp’n at 24. In support, it cites Thrifty-Tel, Inc. v. Bezenek, 46 Cal. App. 25 26 27 28 In Intel, the California Supreme Court rejected the plaintiff’s argument that its damages included the time its staff spent time attempting to block the defendant’s email messages. “‘[I]t is circular to premise the damage element of a tort solely upon the steps taken to prevent the damage. Injury can only be established by the completed tort’s consequences, not by the cost of the steps taken to avoid the injury and prevent the tort; otherwise, we can create injury for every supposed tort.’” Intel, 30 Cal. 4th at 1359. 14 2 1 4th 1559 (1996). In Thrifty-Tel, the plaintiff was a company that provided long-distance telephone 2 services. “Subscribers' telephones are programmed with a confidential access code and a six-digit 3 authorization code that directs calls into Thrifty-Tel's computerized switching network. An 4 unauthorized user who knows both an access and an authorization code can make long-distance 5 calls without being charged for them.” Id. at 1563. During a three-day period, the defendants’ 6 children “gained entry into Thrifty-Tel’s system with [a confidential] code [that a friend knew] 7 and conducted manual random searches for a six-digit authorization code. They made 8 approximately 90 calls, consuming roughly 24 minutes of telephone time during the first 2 days.” 9 Id. at 1564. The following day, they made “72 manual attempts to identify an authorization code over an almost 16-minute period.” Id. The state appellate court found that the plaintiff had a valid 11 United States District Court Northern District of California 10 trespass claim and remanded to the trial court to determine damages. See id. at 1570, 1572 12 (holding that “the superior court erred in awarding contract or tort damages based on [a] tariff 13 instead of requiring plaintiff to prove actual damages”). 14 But Thrifty-Tel is distinguishable from the instant case in that, there, an actual entry into 15 the plaintiff’s system was made, thus making the case more akin to a traditional computer hacking 16 or “breaking and entering” claim whereas, here, there has been an alleged burden on LinkedIn’s 17 servers and/or infrastructure. Thus, more on point than Thrifty-Tel is the California Supreme 18 Court opinion in Intel which noted that, “[s]hort of dispossession, personal injury, or physical 19 damage . . . , intermeddling is actionable only if the chattel is impaired as to its condition, quality, 20 or value or . . . the possessor is deprived of the use of the chattel for a substantial time” – i.e., “for 21 a time so substantial that it is possible to estimate the loss caused thereby.” Intel, 30 Cal. 4th at 22 1357 (internal quotation marks omitted; adding that “‘[a] mere momentary or theoretical 23 deprivation of use is not sufficient unless there is a dispossession’”). This statement from Intel 24 suggests that, at least as to impaired use, the quantum of harm cannot be negligible. 25 26 27 28 That being said, LinkedIn fairly argues that there is a question of fact as to what extent hiQ’s actions burdened LinkedIn’s servers/infrastructure. LinkedIn has alleged: • “[S]craping traffic has grown substantially over the past few years.” Countercl. ¶ 82. 15 1 • “LinkedIn . . . receives many millions of unauthorized requests of its servers from 2 bots every day. The volume . . . reached 95 million requests per day by the outset 3 of the parties’ dispute, and has further increased dramatically during this litigation.” 4 Countercl. ¶ 82. 5 • “[T]aken in the aggregate, automated scrapers place a substantial burden on 6 LinkedIn’s infrastructure – reaching at present into hundreds of millions of blocked 7 access requests per day.” Countercl. ¶ 83. “[T]he significant volume of automated 8 scraping activity forces LinkedIn to invest more in capital and operational 9 resources than it otherwise would if it were able to prevent these access requests from ever happening. Scraping operations force LinkedIn to alter its priorities for 11 United States District Court Northern District of California 10 use of its computing resources and impair the efficiency of such resources.” 12 Countercl. ¶ 83. 13 • prior to May 23, 2017 [the date of the cease-and-desist letter].” Countercl. ¶ 68. 14 15 “On information and belief, hiQ’s bots made millions of calls to LinkedIn’s servers • “The full extent of hiQ’s illicit scraping is not currently known to LinkedIn, as hiQ 16 has gone to substantial lengths to hide its methods from public view.” Countercl. ¶ 17 64. 18 19 In short, the requests generated by hiQ’s bots burden LinkedIn’s servers. As to future injury, LinkedIn has also alleged enough to support a request for injunctive 20 relief. Regarding injunctive relief, the California Supreme Court took note in Intel of two district 21 court decisions finding that unauthorized robotic data collection from a company’s publicly 22 accessible website was a trespass on the company’s computer system in part because of “the 23 deleterious impact this activity could have, especially if replicated by other searchers, on the 24 functioning of a Web site’s computer equipment.” Intel, 30 Cal. 4th at 1354. Tracking Intel, 25 LinkedIn makes the following allegations in support of its counterclaim for trespass to chattels: (1) 26 “LinkedIn owns, possesses, and/or has the right to possess the servers and infrastructure used to 27 run its business”; (2) “hiQ intentionally interfered with LinkedIn’s use and possession” of such; 28 and (3) “hiQ’s conduct, if expanded and/or replicated unchecked by others, will cause harm to 16 1 LinkedIn in the form of impaired condition, quality and value of its servers, infrastructure and 2 services.” Countercl. ¶¶ 136-37, 139; see also Countercl. ¶ 84 (“It is only because of LinkedIn’s 3 ongoing protection efforts as well as its willingness to spend increasing amounts to maintain a 4 high service level that it has been able to prevent a degradation in the quality of its services.”); 5 Countercl. ¶ 85 (“LinkedIn will be forced into making the choice of investing more in its 6 infrastructure to ensure the availability of its website, or succumbing to the burden of bot-based 7 scraping.”). III. 8 9 CONCLUSION For the foregoing reasons, the Court denies hiQ’s motion to dismiss the counterclaims for breach of contract, misappropriation, and trespass to chattels. The Court defers ruling on the 11 United States District Court Northern District of California 10 motion to dismiss the counterclaims for violation of the CFAA and California Penal Code § 502. 12 For administrative purposes only, the Court terminates hiQ’s motion to dismiss, even 13 though the CFAA and § 502 counterclaims have not yet been addressed. To be clear, this 14 termination does not bar hiQ from renewing its motion to dismiss the CFAA and § 502 15 counterclaims once the Supreme Court issues its decision in Van Buren and/or this case. 16 17 IT IS SO ORDERED. 18 19 Dated: April 19, 2021 20 21 22 ______________________________________ EDWARD M. CHEN United States District Judge 23 24 25 26 27 28 17

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.


Why Is My Information Online?