The U.S. federal Court of Appeals for the Ninth Circuit has held that taking data from a website by scraping, crawling or other automated means, does not violate computer abuse state statutes in California and Nevada, even if the method of taking is prohibited by the website’s terms of use, as long as the taking itself, putting aside the method, generally is permitted in the first instance.
The ruling was delivered in a dispute between Oracle and Rimini Street, a provider of third-party support for Oracle’s enterprise software. Rimini Street used automated tools to download publicly accessible software from Oracle’s website, although the website’s terms of use prohibited use of automated methods to obtain content.
This landmark holding may have important implications on one of the unsettled questions of computer law in the United States: whether taking data from a website by automated means violates the U.S. federal Computer Fraud and Abuse Act (CFAA). Although the Ninth Circuit did not address the applicability of its holding to the CFAA (as opposed to computer abuse state laws), its reasoning may be equally applicable to the CFAA. Pending before the Ninth Circuit is another computer scraping dispute with CFAA applicability, HIQ Labs v. LinkedIn, which may be the Ninth Circuit’s next opportunity to extend its present holding to the CFAA.