Internet Law at the Supreme Court

Although I love teaching patent law, my favorite class to teach is often Internet Law. This next year I’ll be teaching it both to law students and as a sophomore-level undergraduate class. One thing that is great about the class is that all of the students already have a set of preconceived notions about how internet society should work, but without much information about the legal background.

Here are three cases Supreme Court petitions that I’ve been following that are closely related to civil internet law issues:

= = = = =

LinkedIn Corporation v. hiQ Labs, Inc., No. 19-1116. (Cert Pending)

In the case, LinkedIn told hiQ to stop scraping data from its public website and also created a technical barrier to block the bulk scraping (while keeping the LinkedIn user information on the public-facing website).  In response, hiQ deployed a set of bots to circumvent the barriers and harvest the data. The 9th circuit sided with hiQ – finding no violation of the Computer Fraud and Abuse Act (CFAA).  The petition asks:

Whether a company that deploys anonymous computer “bots” to circumvent technical barriers and harvest millions of individuals’ personal data from computer servers that host public-facing websites—even after the computer servers’ owner has expressly denied permission to access the data—“intentionally accesses a computer without authorization” in violation of the Computer Fraud and Abuse Act.

[LinkedIn Petition].

= = = = =

Malwarebytes, Inc. v. Enigma Software Group USA, LLC, No. 19-1284 (Cert. Pending)

Malwarebytes is another case out of the 9th Circuit and focuses the filtering-immunity provision of the Communications Decency Act (CDA). 47 U.S.C. § 230(c)(2).  The CDA has been receiving substantial airtime recently with President Trump & Senator Hawley’s push to limit the ability of online service providers like Twitter, Google, and Facebook from politically motivated filtering. The relevant text of the statute is follows:

(2) Civil liability: No provider or user of an interactive computer service shall be held liable on account of—

(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected, or

(B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in paragraph (1).

The case involves the defendant Malwarebytes whose anti-malware software identified the plaintiff Enigma’s software as “potentially unwanted.”  Enigma sued –alleging that Malwarebytes improperly “configured its software to block users from accessing Enigma’s software in order to divert Enigma’s customers.”  The district court found immunity, but the 9th Circuit reversed — holding that “anticompetitive animus” bypassed the 230(c)(2) defense, leading to the question presented to the Supreme Court:

Whether federal courts can derive an implied exception to Section 230(c)(2)(B) immunity for blocking or filtering decisions when they are alleged to be “driven by anticompetitive animus.”

[Malwarebytes Petition]. In my view, the 9th Circuit decision and briefing thus far misses the mark by failing to analyze the “good faith” requirement in the analysis.

= = = = =

Hunt v. Board of Regents of the University of New Mexico, No. 19-1225.

Paul Hunt, was a UNM medical school student back in 2012 and posted the following anti-abortion tirade on Facebook soon after Obama’s election:

The Republican Party sucks. But guess what. Your party and your candidates parade their depraved belief in legal child murder around with pride.

Disgusting, immoral, and horrific. Don’t celebrate Obama’s victory tonight, you sick, disgusting people. You’re abhorrent.

Shame on you for supporting the genocide against the unborn. If you think gay marriage or the economy or taxes or whatever else is more important than this, you’re fucking ridiculous.

You’re WORSE than the Germans during WW2. Many of them acted from honest patriotism. Many of them turned a blind eye to the genocide against the Jews. But you’re celebrating it. Supporting it. Proudly proclaiming it. You are a disgrace to the name of human.

So, sincerely, f[***] you, Moloch worshiping

[Stars added for your sensibilities.]

The University found the post “unprofessional.” Hunt offered to remove the expletives, but the university found that insufficient. Hunt then sued on first amendment grounds.  The district court and 10th Circuit both rejected Hunt’s case on qualified immunity, with the appellate panel finding no precedent barring “reasonable medical school administrators [from] sanctioning a student’s off-campus, online speech for the purpose of instilling professional norms.”

The question presented:

Whether Respondents violated Mr. Hunt’s clearly established rights as a private citizen under the First Amendment by punishing him for his off-campus, political speech.

[Hunt Petition]


6 thoughts on “Internet Law at the Supreme Court

  1. 2

    Re LinkedIn v. hiQ – has the DMCA anti-circumvention approach been tried in this situation before?

    1. 2.1

      DMCA is based on copyright law. The user profile information scraped from LinkedIn would not seem to be subject to copyright protection under Feist Publications, Inc., v. Rural Telephone Service Co., 499 U.S. 340 (1991), so you wouldn’t have a DMCA claim.

      1. 2.1.1

        Linkedin profiles seems well beyond the mere name/address info in Feist. But…the profiles are probably not LinkedIn’s copyright.

        That said, the DMCA does not actually forbid circumventing copy control measures (vs. selling something that does it). It does forbid circumventing access controls…though it’s unclear whether Linkedin actually employs ‘technical measures’ to prevent *access* to the public profiles.

        To be honest, I’m more surprised Linked didn’t argue some GPDR derivative claim (e.g, using their users’ personal data in unauthorized ways, which exposes them to liability). For PR reasons if nothing else.


          Data scraped has no aspect of creativity captured in a medium.

          Any “GDPR” liability would be LinkedIn’s – as they provide the information to the public.


            I don’t know about you, but I’ve seen some pretty creative descriptions on resumes / Linkedin Profiles.

Comments are closed.