
9th Circuit holds that scraping a public website does not violate the CFAA [pdf] - donohoe
http://cdn.ca9.uscourts.gov/datastore/opinions/2019/09/09/17-16783.pdf
======
Animats
This action does more than that. The court left the preliminary injunction
against LinkedIn in place: "The district court granted hiQ’s motion. It
ordered LinkedIn to withdraw its cease-and-desist letter, to remove any
existing technical barriers to hiQ’s access to public profiles, and to
_refrain from putting in place any legal or technical measures with the effect
of blocking hiQ’s access to public profiles. "_

So LinkedIn is prohibited from blocking hiQ's access by technical means.
That's a strong holding. If this case is eventually decided in favor of hiQ,
scrapers can no longer be blocked. Throttled a little, maybe, but no more than
other users doing a comparable query rate.

~~~
tgsovlerkhgsel
Not allowing the CFAA to be (ab)used to attempt to make scraping illegal makes
sense.

However, how is it reasonable to force a web site to serve its contents to a
third-party company, without being allowed to make a decision whether to serve
it or not? Serving the web site costs money, and the scraper surely isn't
going to generate ad income...

~~~
akersten
Ugh, yeah, the more I think about this ruling, the less I like it.

It's actually pretty insane to _force_ a site to serve content. I think both
parties are in the wrong here - HiQ for assuming they're entitled to receive a
response from LinkedIn's webservers, and LinkedIn for abusing the CFAA to try
to deny service rather than figure out a technical solution to their business
problem.

In my view:

* The data is public, and free of copyright. If you're a scraper and can get it, you haven't done anything wrong.

* The servers serving the data are still under LinkedIn's control, and they have no obligation or public duty to always serve that content. They could just as well block you based on your IP or other characteristics. If they want to discriminate and try to only let Google's scrapers access the data - what's wrong with that? Scraper brand is not a protected class. Tough taters if your business model "depends" on your ability to successfully make requests to another uninvolved company's webservers.

If I were the judge, I'd throw this out and let LinkedIn/HiQ duke it out
themselves - they deserve each other.

~~~
Xelbair
I would argue that under spirit of net neutrality you either serve your site
to everyone equally(the public facing part) or to no one.

Hosting costs money, servers cost money.. but maybe create a public facing API
that is way cheaper and easier to use than scraping your website? I see that
ruling in positive light that it might promote more open and structured access
to the public facing data.

~~~
eru
Why should you be forced to serve content to people who won't look at your
ads?

~~~
RobAley
Like disabled users with screen-readers?

~~~
ehvatum
I suppose we can give them a pass if they solve a bunch of captchas.

------
meowface
Considering the kind of _private_ scraping and selling tactics LinkedIn has
been chronically guilty of (and not just the ordinary "growth hack" stuff:
"LinkedIn violated data protection by using 18M email addresses of non-members
to buy targeted ads on Facebook" [1]), it's satisfying to see LinkedIn lose
this.

[1] [https://techcrunch.com/2018/11/24/linkedin-ireland-data-
prot...](https://techcrunch.com/2018/11/24/linkedin-ireland-data-protection/)

~~~
penagwin
I feel like this is a really common theme I've seen several times. Something
like "Music Lyric site X sues Google for embedding their lyrics in the results
directly" which is funny because site X got the lyrics by scraping them from
other sites.

Plus Google only exists from scraping content, but I believe their TOS
includes "don't scrape our content".

I find it really funny that the scrapers are battling scrapers - like guys you
only exist because you do THE EXACT SAME THING

~~~
ijidak
> Plus Google only exists from scraping content, but I believe their TOS
> includes "don't scrape our content".

Yes. This is EXTREMELY frustrating.

Of all companies to prevent scraping, Google is the most ironic.

Especially since their goal is to organize the world's information, it shocks
me that there's no way to get access to this organized information from
machine to machine.

~~~
3xblah
Perhaps this issue will be recognised in some of the antitrust investigations.

If I am not mistaken, they no longer claim "organize the world's information"
as their goal.

~~~
etaioinshrdlu
But it still is:

> [https://about.google/](https://about.google/)

"Our mission is to organize the world’s information and make it universally
accessible and useful."

~~~
3xblah
Appears I am mistaken. Cheers.

------
mullingitover
> LinkedIn has taken steps to protect the data on its website from what it
> perceives as misuse or misappropriation. The instructions in LinkedIn’s
> “robots.txt” file—a text file used by website owners to communicate with
> search engine crawlers and other web robots—prohibit access to LinkedIn
> servers via automated bots, except that certain entities, like the Google
> search engine, have express permission from LinkedIn for bot access.

Not a big fan of weev, but this sure seems like he got screwed if he was just
enumerating public web pages and went to jail for it.[1]

[1]
[https://en.wikipedia.org/wiki/Weev#AT&T_data_breach](https://en.wikipedia.org/wiki/Weev#AT&T_data_breach)

~~~
tick_tock_tick
Not saying the court made the right call but for that case the big issue for
the court was the pages were clearly not intended for the public and the
defendant knew it.

~~~
Kalium
I believe the salient issue is whether or not there were effective access
controls, not whether or not a page could be reasonably interpreted as
intended to be non-public.

~~~
henryfjordan
The real issue here is somewhere between both you and GP. What is required to
trigger the CFAA?

Does accessing a page the site owner doesn't want you to violate the CFAA or
do you need to hack through access controls?

~~~
txcwpalpha
As a real-world analogue: you can indeed be guilty of trespassing on someone's
property even if you don't have to jump over any fences or pick any locks to
get there. In some places, they don't even have to have a "no trespassing"
sign. Simply being present on someone else's property without an invitation
from them is illegal, and no, an open door does not count as an invitation.

~~~
LyndsySimon
You generally can’t be charged with trespass unless you refuse to leave when
told to do so.

An open door to a home is different, but unfenced property is 100% not
trespass until you refuse to leave.

~~~
txcwpalpha
That's not true at all. If you are aware that the property you are accessing
is not meant for your use, you can be charged with trespassing regardless of
if you have specifically been asked to leave or not.

It's even possible to be guilty of trespass even if you weren't aware that you
weren't allowed on the land. This is negligent trespassing.

~~~
admax88q
Negligence only applies I'm situations where a reasonable person should have
known. You're only able to be charged with trespassing whilst being unaware if
you were to so ridiculously unaware of your surroundings that any reasonable
person in the same situation _would_ have known that they were trespassing.

If a public park blends into somebodies private lawn you can't be charged with
tresspassing for stepping over the line.

------
henryfjordan
hiQ asked the court for a preliminary injunction to stop Linkedin from denying
them access, won it, and this is the result of Linkedin's appeal of that
injunction. This is not the end of the case.

The title is wrong. The 9th Circuit just ruled that hiQ has a decent enough
argument to move forward. The question of whether them scraping a public site
can violate the CFAA is not settled.

> We therefore conclude that hiQ has raised a serious question as to whether
> the reference to access “without authorization” limits the scope of the
> statutory coverage to computer information for which authorization or access
> permission, such as password authentication, is generally required

> The data hiQ seeks to access is not owned by LinkedIn and has not been
> demarcated by LinkedIn as private using such an authorization system. HiQ
> has therefore raised serious questions about whether LinkedIn may invoke the
> CFAA to preempt hiQ’s possibly meritorious tortious interference claim.

Note the tone of the language used in the ruling. The judge makes it pretty
clear that nothing is final here.

~~~
Miner49er
AP seems to be saying differently.
[https://apnews.com/1e1cacd92df74f48846e8bce5237b97d](https://apnews.com/1e1cacd92df74f48846e8bce5237b97d)

~~~
shkkmo
I think I would trust the opinion itself over a random AP reporter.

------
akersten
A good decision was reached, but it's a little worrying that the emphasis in
the ruling was mostly about a weighing of business interests rather than
affirming a right to access public information. If HiQ's business model had
not been jeopardized by LinkedIn's business desire to block them, I fear this
court could have easily gone the other way. I'd really love to see a ruling
that solidifies the right of someone to access publicly available data without
fear of repercussions. If this case makes it to SCOTUS, I would hope the
ruling is predicated on that rather than business harm.

Key paragraphs from the ruling:

> In short, even if some users retain some privacy interests in their
> information notwithstanding their decision to make their profiles public, we
> cannot, on the record before us, conclude that those interests—or more
> specifically, LinkedIn’s interest in preventing hiQ from scraping those
> profiles—are significant enough to outweigh hiQ’s interest in continuing its
> business, which depends on accessing, analyzing, and communicating
> information derived from public LinkedIn profiles.

> Nor do the other harms asserted by LinkedIn tip the balance of harms with
> regard to preliminary relief. LinkedIn invokes an interest in preventing
> “free riders” from using profiles posted on its platform. But LinkedIn has
> no protected property interest in the data contributed by its users, as the
> users retain ownership over their profiles. And as to the publicly available
> profiles, the users quite evidently intend them to be accessed by others,
> including for commercial purposes—for example, by employers seeking to hire
> individuals with certain credentials. Of course, LinkedIn could satisfy its
> “free rider” concern by eliminating the public access option, albeit at a
> cost to the preferences of many users and, possibly, to its own bottom line.

~~~
victor9000
> If HiQ's business model had not been jeopardized

I think this is more about validating hiQ's legal standing in the case.

------
supernova87a
This case is so ridiculous on multiple fronts that although this procedural
ruling (injunction) seems technically correct (to allow the case to proceed to
actual court), it could just as well have been thrown out with no difference
in or ultimate harm to the parties.

First, LinkedIn makes the claim that its users have a right to privacy against
scraping by such a 3rd party. That's laughable. As the court saw, their whole
business model is made on people sharing their profiles broadly and mostly to
the public.

Secondly, HiQ claims that LinkedIn's efforts to stop it from using the data
are tortious interference. That's bold -- suppose someone is taking your
assets (you believe illegally) and selling them to others -- can you imagine
the gall that the person taking your assets can sue you for interfering with
their subsequent sale of your assets?

Finally, that LinkedIn resorted to using the computer fraud and anti-terrorism
statutes to make their argument is ridiculous.

So much craziness to go around. I would've just tossed the case, but I guess
there is the whole bit about due process... Maybe HiQ will fail anyway at the
next substantive trial, but what a waste of time.

~~~
judge2020
> suppose someone is taking your assets

Except that, in the digital sense, it's only copied. They now have it, but you
didn't lose your assets or money besides the <$0.001 it costs to serve each
web page.

> So much craziness to go around.

I agree - I haven't read through the entire thing, but it looks like, instead
of saying "you can't scrape", they could implicity give a license to users for
personal and business use, but not be allowed the reselling of the data (of
course carefully worded to allow the likes of Recruiters and whatnot to do
so). It's like trying to argue that the DMCA says you can't create a torrent
file of some movie.

------
dx87
Would that ruling mean that sites could no longer refuse to show content based
on how they're accessed? For example, sites that won't load if the browser is
in headless mode, or sites that depend on javascript as a way of blocking
wget/curl.

~~~
freehunter
I have a scraper for a site that used to offer an API for their publicly
available site but removed the API with no warning. The info is still
available to the general public, but only through their website. I created a
scraper for the public page, but shortly after they switched to loading some
public information through Javascript so my HTML scraper couldn't see it
anymore. I ended up having to write an application around Selenium to load the
Javascript and import this public information. I'm just waiting for them to
start randomizing the CSS classes to make scraping even harder. The content is
static, even as data changes on the server it does not refresh on the page
unless you reload the page.

There is no reason why your page should refuse to load _plain text_ without
Javascript enabled.

~~~
Pfhreak
> There is no reason why your page should refuse to load plain text without
> Javascript enabled.

Sure there is. You prefer writing javascript and you want to serve your site
through a CDN.

You might not think that's a _good_ reason, but that's certainly a reason.

~~~
geggam
Until the ADA comes along and demands you create an accessible to the blind
site.

I've often wondered when the laws would start to be applied and I think its
coming

~~~
CalRobert
I have a website that's a full page map. I care about accessibility - is there
any way I can make this meaningfully accessible to the blind?

~~~
EpiphanyMachine
Look at WCAG 2 (web content accessiblity guidelines) they specify tags and
elements common screen readers will understand to help make you site
accessible.

This is a really good resource:
[https://accessibility.18f.gov/](https://accessibility.18f.gov/)

A lot of frameworks now have some accessiblity built in if you add the correct
attributes.

------
hartator
That’s awesome news. Thanks also to the EFF for all the work they are doing to
ensure fair use is still a thing. We’ll
([https://serpapi.com](https://serpapi.com)) be donating next year.

------
codedokode
This is actually bad, would not it be better if sites would be allowed to
block crawlers? I don't see what is the legal basis for forbidding to ban
scrapers. Is there a law that a site must serve pages for anyone?

~~~
3xblah
There is no legal basis for "forbidding to ban scrapers".

The question is whether there is any legal basis for banning scrapers, i.e.,
for blocking hiQ. In other words, if hiQ keeps scraping, are they violating
anyone's rights and/or breaking the law by doing that?

As long as that remains a legitimate, open question, then hiQ can argue they
should be allowed to keep scraping without incurring civil or criminal
liability. That is the purpose of the injunction. There could be no legal
basis for blocking hiQ. Until that question is resolved, hiQ can keep on
scraping.

------
meowface
Considering the kind of _private_ scraping and selling tactics LinkedIn has
been chronically guilty of (and not just the ordinary "growth hack" stuff:
"LinkedIn violated data protection by using 18M email addresses of non-members
to buy targeted ads on Facebook" [1]), it's satisfying to see LinkedIn lose
this.

[1] [https://techcrunch.com/2018/11/24/linkedin-ireland-data-
prot...](https://techcrunch.com/2018/11/24/linkedin-ireland-data-protection/)

------
cookie_monsta
So the champion of the public internet turns out to be a company that scrapes
your social media, MLs it and sells the results to your HR dept?

I'm reminded of Dave Chapelle's Halle Berry routine...

------
sebastianconcpt
_In short, even if some users retain some privacy interests in their
information notwithstanding their decision to make their profiles public, we
cannot, on the record before us, conclude that those interests—or more
specifically, LinkedIn’s interest in preventing hiQ from scraping those
profiles—are significant enough to outweigh hiQ’s interest in continuing its
business, which depends on accessing, analyzing, and communicating information
derived from public LinkedIn profiles._

Reasonable. If a platform helps you make information of an individual public,
then why it should matter for the platform how the market uses that public
information?

------
victor9000
On how this case relates to the CFAA:

We therefore conclude that hiQ has raised a serious question as to whether the
reference to access “without authorization” limits the scope of the statutory
coverage to computer information for which authorization or access permission,
such as password authentication, is generally required. Put differently, the
CFAA contemplates the existence of three kinds of computer information: (1)
information for which access is open to the general public and permission is
not required, (2) information for which authorization is required and has been
given, and (3) information for which authorization is required but has not
been given (or, in the case of the prohibition on exceeding authorized access,
has not been given for the part of the system accessed).

Public LinkedIn profiles, available to anyone with an Internet connection,
fall into the first category. With regard to such information, the “breaking
and entering” analogue invoked so frequently during congressional
consideration has no application, and the concept of “without authorization”
is inapt.

------
Shivetya
Volokh take is an interesting read [1]

I am curious how quickly most pages get put behind authorization. With the
wording of this ruling you could pretty much go snap up any blog side (say
like medium) and more. I wonder what kind of services would come out of that,
having the data in a format it can be more easier parsed/analyzed?

so every ecommerce site is fair game? I assume most are already being scraped
but I cannot imagine having to be in an environment where many of your
connections are not people

[1] [https://reason.com/2019/09/09/scraping-a-public-website-
does...](https://reason.com/2019/09/09/scraping-a-public-website-doesnt-
violate-the-cfaa-ninth-circuit-mostly-holds/)

~~~
ankurkwv
Hmm - I think a key in the ruling here was that LinkedIn maintains no
copyright claim on these pages. Users on LinkedIn retain ownership of their
profile data. Compare that to a blog and maybe copyright could come into play?
Not a lawyer just thinking out loud...

------
monksy
RIP Aaron Swartz

------
CosmicShadow
Even if LinkedIn loses and scrapers can no longer be blocked, they still just
switched to putting all profiles behind an authwall, or at least it's very
hard to not get an authwall. So could HiQ even carry on if they won anyway?

~~~
jolmg
I'm not very familiar with neither LinkedIn nor HiQ, but what would be the
problem with logging in before scraping?

~~~
henryfjordan
The reason the pages are public to begin with is that Google will only scrape
public pages for search indexing. LinkedIn wants to provide the pages ONLY to
google, so they tried telling hiQ to stop scraping without any physical
blockers (so as to not impede google's scraper).

If LinkedIn loses this case they (and others) might try to get Google to
change their policy (either use auth or some whitelisted IP addresses or
something).

------
kevin_b_er
Best hope that hiQ prevails. The slope slips very fast without LinkedIn's
defeat. If LinkedIn prevails, the "EULA" has the force of criminal law and not
just an agreement that lacks the meeting of the minds.

------
sha666sum
This is a weird case, as it turns the question of scraping on its head.
Normally you'd think "am I allowed to scrape?", but instead the question
becomes "am I allowed to prevent scraping?".

Anyways, I disagree with the court's judgment here. The users have consented
that their data be used in accordance with LinkedIn's privacy policy. Even if
it is publicly posted does not mean that the user has relinquished control
over their personal information for another company to do with as they wish.

------
dzonga
how about websites using nonsense css-classes usually autogenerated through
frameworks that make scrapping difficult ? I'm sure this ruling doesn't cover
that case ? well globally I wish authorities would rule that public data
should be published in computer accessible format e.g pdf's for humans and
xblr's / csv for machines e.g in financial reports. lots of data in pdf's that
costs a ton to mine. & tools like AWS Textract are hardly up to task.

------
prirun
eBay had better lawyers than LinkedIn:

[https://casetext.com/case/ebay-v-bidders-
edge](https://casetext.com/case/ebay-v-bidders-edge)

I'm glad this court ruled it wasn't a violation of CFAA. But using trespass to
prevent it seems reasonable. A private business should be allowed to restrict
certain kinds of use of its resources (servers, bandwidth, etc), especially if
it is beyond typical use. But if the load is typical and doesn't actually harm
LinkedIn, it seems less reasonable to restrict them. If LinkedIn doesn't want
automated access to their data because it is too much of a load on their
servers, then they should be required to ban ALL automated access, including
Google's bots. Of course they want Google's bots because that sends them
traffic.

Another reason I think it was stupid for LinkedIn to use CFAA is that it sets
them up to _be_ a protected computer system, with protected information. If
that is the case, it seems they could be liable for disclosing the information
to someone a user didn't want, like a stalked. It's rather dumb: LI is
claiming they host protected information, but it is only protected against
someone that might compete with them.

~~~
silentguy
> If LinkedIn doesn't want automated access to their data because it is too
> much of a load on their servers, then they should be required to ban ALL
> automated access, including Google's bots. Of course they want Google's bots
> because that sends them traffic.

By that logic, I should have access to linked premium features for free. Why
should linkedin give more data to people who pay?

------
sheeshkebab
Great, finally. Don’t pretend the information is public and then block access
to it.

It’s either private and inaccessible, or it’s free for all to use.

------
ummonk
Does this have implications for other scraping? (E.g.
[https://techcrunch.com/2019/05/20/instagram-influencer-
celeb...](https://techcrunch.com/2019/05/20/instagram-influencer-celebrity-
accounts-scraped/))

~~~
sometinsome
Or this other case [https://gizmodo.com/instagram-boots-ad-partner-hyp3r-for-
rep...](https://gizmodo.com/instagram-boots-ad-partner-hyp3r-for-reportedly-
scrapin-1837051804)

------
fulldecent2
LinkedIn is a public website? Every time I click from DDG it shows a login
page and zero content.

------
btown
A choice quote:

> In recognizing that the CFAA is best understood as an anti-intrusion statute
> and not as a “misappropriation statute,” Nosal I, 676 F.3d at 857–58, we
> rejected the contract-based interpretation of the CFAA’s “without
> authorization” provision adopted by some of our sister circuits. Compare
> Facebook, Inc. v. Power Ventures, Inc., 844 F.3d 1058, 1067 (9th Cir. 2016),
> cert. denied, 138 S. Ct. 313 (2017) (“[A] violation of the terms of use of a
> website—without more— cannot establish liability under the CFAA.”); Nosal I,
> 676 F.3d at 862 (“We remain unpersuaded by the decisions of our sister
> circuits that interpret the CFAA broadly to cover violations of corporate
> computer use restrictions or violations of a duty of loyalty.”), with EF
> Cultural Travel BV v. Explorica, Inc., 274 F.3d 577, 583–84 (1st Cir. 2001)
> (holding that violations of a confidentiality agreement or other contractual
> restraints could give rise to a claim for unauthorized access under the
> CFAA); United States v. Rodriguez, 628 F.3d 1258, 1263 (11th Cir. 2010)
> (holding that a defendant “exceeds authorized access” when violating
> policies governing authorized use of databases).

And:

> As one prominent commentator has put it, “an authentication requirement,
> such as a password gate, is needed to create the necessary barrier that
> divides open spaces from closed spaces on the Web.” Orin S. Kerr, Norms of
> Computer Trespass, 116 Colum. L. Rev. 1143, 1161 (2016). Moreover, elsewhere
> in the statute, password fraud is cited as a means by which a computer may
> be accessed without authorization, see 18 U.S.C. § 1030(a)(6),12 bolstering
> the idea that authorization is only required for password-protected sites or
> sites that otherwise prevent the general public from viewing the
> information.

My layman's (IANAL) interpretation of preliminary injunctions are that the
case is far from over, and this could be overturned at any time as more
deliberation is done (assuming LinkedIn wants to keep throwing money at that
relatively slim possibility). But now this research has been done, and future
courts have the ability to look to these references and lines of reasoning all
in one place.

EDIT:
[https://twitter.com/OrinKerr/status/1171116153948626944?ref_...](https://twitter.com/OrinKerr/status/1171116153948626944?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet)
is an analysis by the law professor cited above:

> BIG NEWS: 9th Circuit holds that scraping a public website likely does not
> violate the CFAA, even after website owner prohibits with a cease-and-desist
> letter; language strongly suggests CFAA only applies to bypassing
> authentication. Blog post up soon.
> [http://cdn.ca9.uscourts.gov/datastore/opinions/2019/09/09/17...](http://cdn.ca9.uscourts.gov/datastore/opinions/2019/09/09/17-16783.pdf)
> #N

~~~
ust
The post is now here:

[https://reason.com/2019/09/09/scraping-a-public-website-
does...](https://reason.com/2019/09/09/scraping-a-public-website-doesnt-
violate-the-cfaa-ninth-circuit-mostly-holds/)

------
OrgNet
I got 80,000 recipes from allrecipes.com... glad to know it was legal

------
anthony_doan
Sweet, I scraped a bit of data and have been holding off on putting it on to
my web app.

I think I'll transform the data a bit before putting it up there.

------
inbland
What if hiQ were to then go and sell the information that's been scraped from
public profiles? Would this be considered illegal?

~~~
colechristensen
I would assume the data would still be covered by copyright meaning they could
use that data and maybe create and sell derivative works, but not just scrape
and publish.

~~~
icebraining
Pictures and such are covered by copyright, but mere facts are not (at least
in the US):
[https://en.wikipedia.org/wiki/Feist_Publications,_Inc.,_v._R...](https://en.wikipedia.org/wiki/Feist_Publications,_Inc.,_v._Rural_Telephone_Service_Co).

~~~
baroffoos
Collections of facts are copyrightable. Which is why you can go out and make a
map of your local area but you may not copy the data from google maps. You may
end up with the exact same data and that is ok because you both copied the
same facts but if there is a mistake on google maps (Perhaps placed as a trap)
then you can be caught if your map has the same mistake.

~~~
icebraining
Only the _creative aspects_ of those collections of facts are copyrightable.
You can definitively copy from Google Maps, just like Feist could copy from
Rural; what you can't copy are the aspects of the maps that require
creativity.

As for trap streets, they don't help as much as you think; as we've seen,
simply showing that copying occurred is not enough. There was a theory that
the trap streets - since they were invented, not facts - could themselves be
copyrighted, but in _Alexandria Drafting Co. v. Amsterdam_ , the courts said
that copying a few trap streets among a bunch of facts was too minimal to be
considered infringement.

------
nirse
I have never heard of a 'cause-and-desist' letter before. Odd spelling mistake
for such a document.

------
asah
Congrats Darren! Can't wait for your next one to come out of stealth mode.

------
payne92
Flagged for misleading title.

~~~
akersten
Would you mind suggesting a more accurate title?

~~~
btown
9th Circuit issues injunction preventing LinkedIn from blocking hiQ's scraping
of public pages

(IANAL but this seems like a reasonable summary of the first paragraph of the
document.)

------
mirimir
This is a great opinion. But the 9th circuit is arguably still ~atypical.

------
V3ritas1337
Of course it isn't, it's known as implicit authorisation.

------
cwkoss
In tangentially related news, Reid Hoffman, LinkedIn co-founder, spent some
time last week defending Ito's connections to pedophile Epstein.

[https://twitter.com/anandwrites/status/1169952673988300800](https://twitter.com/anandwrites/status/1169952673988300800)

