Today's leading case relating to the Computer Fraud and Abuse Act, 18 U.S.C. §1030 (CFAA) is United States v. Nosal, 676 F.3d 854 (9th Cir. 2012). In the Nosal case, the Ninth Circuit, in an en banc decision, expressed great concern over imposing criminal liability under the CFAA for violations of private computer use policies like website terms of use. The Ninth Circuit notes that if use restrictions are subject to criminal liability under the CFAA violations of those user policies could be transformed into criminal crimes simply because a computer is involved. As such, the Ninth Circuit believes the CFAA should be narrowly interpreted. Using this narrow interpretation regarding access restrictions, a district court in California found a CFAA violation in the Craigslist Inc. v. 3Taps Inc., 2013 WL 4447520 (N.D. Cal. Aug. 16, 2013); and Craigslist Inc. v. 3Taps Inc., 2013 WL 1819999 (N.D. Cal. April 30, 2013), cases.

Craigslist Ruling

Even with this requirement for the CFAA to be narrowly construed, a new strategy related to the CFAA has evolved based on this Craigslist Inc. v. 3Taps Inc. case. Id. In the Craigslist case, the district court determined that Craigslist could take action to stop 3Taps from scraping and copying content from Craigslist's publicly accessible website. These actions serve as the framework for this strategy against scrapers. 3Taps used scraping activities to copy all of the content from the Craigslist website.

Craigslist took two relevant steps to stop 3Taps' scraping activities. First, Craigslist sent a cease-and-desist letter to 3Taps, informing 3Taps "that this letter notifies you and your agents, employees, affiliates, and/or anyone acting on your behalf are no longer authorized to access, and are prohibited from accessing Craigslist's website or services for any reason." The cease-and-desist letter was unambiguous. Craigslist specifically denied 3Taps authorization to access the Craigslist website for any purpose. Access to Craigslist's website was specifically prohibited for any purpose. In addition to the unequivocal cease-and-desist letter, Craigslist configured its website to block access from IP addresses associated with 3Taps. The ruling provides that 3Taps, notwithstanding the cease-and-desist letter and technological measures to bar 3Taps' access, bypassed these technological barriers by using different IP addresses and proxy servers to conceal its identity and continue scraping content from the Craigslist website.

In the Craigslist case, the district court held that where a user has been unambiguously notified that its access to a website is not authorized the user is therefore liable under the CFAA for accessing the Craigslist website without authorization.

Conclusion

Scrapers are a major concern to many content owners. The Craigslist case provides the framework for developing viable CFAA claims against scrapers using an unambiguous cease and desist letter to deny the scrapers with any authorization to access the content owner or licensee's website for any purpose. If you know the identity of companies or individuals that are scraping your website content, you should consider, among other strategies, including in your cease and desist letter to the scraper unequivocal access restrictions prohibiting any access to your website for any purpose whatsoever.