U.S. Court Rules Web Scraping Is Legal, Huge Win For Frequent Flyers?

The U.S. Court of Appeals for the 9th Circuit has found for the second time that web scraping of publicly accessible data doesn’t violate the Computer Fraud and Abuse Act.

[T]he Ninth Circuit reaffirmed its original decision and found that scraping data that is publicly accessible on the internet is not a violation of the Computer Fraud and Abuse Act, or CFAA, which governs what constitutes computer hacking under U.S. law.

The leading case arguing that password-sharing is impermissible under the Computer Fraud and Abuse Act only says it’s a crime when account access has been affirmatively revoked, which isn’t the case when giving your active account password to services like Award Wallet, KVS Tool, or The Points Guy app.

And the Supreme Court has drawn a distinction between gaining unauthorized access to a computer system (narrow) and exceeding existing authorization (broad). The Computer Fraud And Abuse Act surely belongs in any hang of shame for egregious laws. This one allows corporations to weaponize their terms and conditions, criminalizing use of websites that they publish publicly. Courts are finally starting to push back.

This may have important implications for frequent flyers. Airlines have sought to use the legal muscle of this law to,

This 9th Circuit ruling comes in a case that’s already been to the Supreme Court, and might go back. The appeals court precedent isn’t binding nationwide, and there may yet be circuit splits interpreting the Computer Fraud and Abuse Act (so different law applying in different parts of the country, especially problematic when dealing when access to online networks). So this isn’t the final word, and various forms of access may be distinguishable from this case involving LinkedIn’s attempt to stop Hiq Labs fro accessing and analyzing its user profiles to understand employee attrition.

Nonetheless, this is progress reining in a tool that allows companies to use the government for its own ends, criminalizing what should at most be a civil matter, and limiting the ability of users to manage their own data in the manner they prefer.

(HT: @aheeger)

About Gary Leff

Gary Leff is one of the foremost experts in the field of miles, points, and frequent business travel - a topic he has covered since 2002. Co-founder of frequent flyer community InsideFlyer.com, emcee of the Freddie Awards, and named one of the "World's Top Travel Experts" by Conde' Nast Traveler (2010-Present) Gary has been a guest on most major news media, profiled in several top print publications, and published broadly on the topic of consumer loyalty. More About Gary »

More articles by Gary Leff »


  1. IANAL, but it’s not clear to me how this would apply to check in tools or account balance checkers. Those all require some sort of authentication, so I don’t see where they qualify as public, or “gate up”.

    But if we get Southwest fares elsewhere, that’s a small win.

  2. It would be great if Expertflyer would be allowed to search for upgrade space on UA again. I used to use that a fair amount to avoid constant checking of their website. Of course, UA now has so little, I don’t fly them much for international any more.

  3. +1 on @swag comment. Wouldn’t this apply to publicly available information only and not information that requires login (and consequently individual agreement to comply with T’s & C’s that prohibit 3rd party access)?

  4. Hold your horses people. Just because it isn’t illegal doesn’t mean any 3rd party has unlimited access to proprietary data. Airlines can rightfully claim that data such as frequent flyer accounts, fares, seat availability, etc are proprietary and protected under trade secrets or copyright law. Remember you don’t own ANYTHING related to your FF account, even the points, as all that remains legally the property of the airline.

    IMHO this doesn’t change anything outside of eliminating criminal charges against 3rd parties. It sure doesn’t mean the airlines will have to open the kimono and share their data.

Leave a Reply

Your email address will not be published.