The U.S. Court of Appeals for the 9th Circuit has found for the second time that web scraping of publicly accessible data doesn’t violate the Computer Fraud and Abuse Act.
[T]he Ninth Circuit reaffirmed its original decision and found that scraping data that is publicly accessible on the internet is not a violation of the Computer Fraud and Abuse Act, or CFAA, which governs what constitutes computer hacking under U.S. law.
The leading case arguing that password-sharing is impermissible under the Computer Fraud and Abuse Act only says it’s a crime when account access has been affirmatively revoked, which isn’t the case when giving your active account password to services like Award Wallet, KVS Tool, or The Points Guy app.
And the Supreme Court has drawn a distinction between gaining unauthorized access to a computer system (narrow) and exceeding existing authorization (broad). The Computer Fraud And Abuse Act surely belongs in any hang of shame for egregious laws. This one allows corporations to weaponize their terms and conditions, criminalizing use of websites that they publish publicly. Courts are finally starting to push back.
This may have important implications for frequent flyers. Airlines have sought to use the legal muscle of this law to,
- Prevent tracking of fares on their website, for instance Southwest Airlines sues to prevent other sites from displaying their schedules and prices that they publicly list at Southwest.com
- Southwest Airlines has also blocked services that automate check-in for flights exactly 24 hours prior to departure (which determines a passenger’s boarding order, and being able to snipe this might depress ‘early bird check-in’ sales)
- Delta, United, Southwest and American have all, to varying degrees, blocked certain services that help members track their frequent flyer account balances. The Points Guy and American Airlines are currently suing each other over this. Award Wallet recently stopped tracking AAdvantage accounts apparently under legal threat
- American also shut down the ‘Sequence Decoder’ app that flight attendants used to help manage their schedules and pick up extra trips when the airline is short of staff.
This 9th Circuit ruling comes in a case that’s already been to the Supreme Court, and might go back. The appeals court precedent isn’t binding nationwide, and there may yet be circuit splits interpreting the Computer Fraud and Abuse Act (so different law applying in different parts of the country, especially problematic when dealing when access to online networks). So this isn’t the final word, and various forms of access may be distinguishable from this case involving LinkedIn’s attempt to stop Hiq Labs fro accessing and analyzing its user profiles to understand employee attrition.
Nonetheless, this is progress reining in a tool that allows companies to use the government for its own ends, criminalizing what should at most be a civil matter, and limiting the ability of users to manage their own data in the manner they prefer.
(HT: @aheeger)
IANAL, but it’s not clear to me how this would apply to check in tools or account balance checkers. Those all require some sort of authentication, so I don’t see where they qualify as public, or “gate up”.
But if we get Southwest fares elsewhere, that’s a small win.
Amazing. This is the first time in 40 years I actually agree with the 9th Circuit.
More to come…..
It would be great if Expertflyer would be allowed to search for upgrade space on UA again. I used to use that a fair amount to avoid constant checking of their website. Of course, UA now has so little, I don’t fly them much for international any more.
+1 on @swag comment. Wouldn’t this apply to publicly available information only and not information that requires login (and consequently individual agreement to comply with T’s & C’s that prohibit 3rd party access)?
Great news for KVS Tool!!!
Hold your horses people. Just because it isn’t illegal doesn’t mean any 3rd party has unlimited access to proprietary data. Airlines can rightfully claim that data such as frequent flyer accounts, fares, seat availability, etc are proprietary and protected under trade secrets or copyright law. Remember you don’t own ANYTHING related to your FF account, even the points, as all that remains legally the property of the airline.
IMHO this doesn’t change anything outside of eliminating criminal charges against 3rd parties. It sure doesn’t mean the airlines will have to open the kimono and share their data.
KVS gets to come out of the legal gray area again. Woot!
Yes, let’s hope Award Wallet and Expert Flyer can have full functionality.