Blog August 24, 2022
"Scraping" of a Publicly-Accessible Website Database May Be Misappropriation of Trade Secrets
- Person title
In a lengthy decision, the Eleventh Circuit held in Compulife v. Newman, No. 18-12004 (11th Cir. May 20, 2020), that a database may contain trade secret information even though the database contents can be accessed through a publicly available website.
The plaintiff, Compulife, sold access to a compilation of life insurers' premium rate tables. One product it sold was an internet-quote engine called the "web quoter." The web quoter allowed licensees to embed a feature on its own website that connected to Compulife's database server. Prospective life-insurance purchasers visiting licensees' website could enter their demographic information, and receive a responsive quote retrieved from Compulife's database.
The defendants were also in the business of generating life-insurance quotes through their own website. Their "Life Insurance Quote Engine," however, allegedly contained information copied from Compulife's web quoter.
Among the alleged acts of espionage used, Compulife contended that the defendants hired a programmer to "scrape" data from Compulife's server. The programmer created a "bot" that could make many requests automatically to Compulife's web quoter service. Although the data could be obtained manually by the public through the licensees' websites one request at a time, the bot's speed allowed the defendants to partially copy the database behind Compulife's web quoter. In all, the bot requested and saved insurance premium estimates totaling more than 43 million quotes every possible combination of demographic data within two zip codes in New York and Florida. Compulife alleged that the defendants then used the scraped data as the basis for generating quotes on their own websites.
In a bench trial, the magistrate judge concluded that Compulife did not demonstrate, among other claims, trade secret misappropriation. Although the magistrate judge found Compulife's database to be a trade secret, he determined that the defendants hadn’t misappropriated it.
On appeal, the Eleventh Circuit reversed. Its analysis focused on whether the database lost trade secret protection because the individual quotes it contained and which the defendants scraped—were publicly available. The court stated it was correct for the magistrate to conclude that the scraped quotes were not individually protectable trade secrets because each is readily available to the public. Nevertheless, in effect, the database as a whole could be a trade secret if it was misappropriated. "Even if quotes aren’t trade secrets," the court explained "taking enough of them must amount to misappropriation of the underlying secret at some point. Otherwise, there would be no substance to trade-secret protections for compilations,' which the law clearly provides."
Importantly, the court looked to the means of acquisition: the web scraping bot. Certainly, Compulife had given implicit permission to obtain as many quotes as humanly possible, but not as much as a bot could obtain. But "while manually accessing quotes from Compulife’s database is unlikely ever to constitute improper means, using a bot to collect an otherwise infeasible amount of data may well be in the same way that using aerial photography may be improper when a secret is exposed to view from above." That there was no usage restriction on the website in place did not automatically render the scraping of the public website improper.
The Court identified two relevant cases that aided its analysis. The first was the classic case of E. I. duPont deNemours & Co. v. Christopher, 431 F.2d 1012, 1014 (5th Cir. 1970). In this case from the former Fifth Circuit, DuPont claimed that trade secrets had been misappropriated by photographers who took pictures of its methanol plant from a plane. The Fifth Circuit held that the aerial photography constituted improper means even though DuPont had left the its facility open to inspection from the air. Misappropriation occurred whenever a defendant acquires the secret from its owner “without his permission at a time when he is taking reasonable precautions to maintain its secrecy.”
The court also pointed to the district court case of Physicians Interactive v. Lathian Sys., Inc., CA 03-1193-A, 2003 WL 23018270, at *8 (E.D. Va. Dec. 5, 2003). It noted that the court there held that hacking a public-facing website with a bot amounted "improper means." "There can be no doubt," the district court wrote, "that the use of a computer software robot to hack into a computer system and to take or copy proprietary information is an improper means to obtain a trade secret, and thus is misappropriationâ¦."
The Eleventh Circuit in Compulife stopped at whether the scraped data was a trade secret and did not reach the question of whether the actions in this case was in fact misappropriation. It remanded to answer whether the block of data the defendants took was large enough to constitute appropriation of Compulife's database, and whether the bot used in this case was an improper means under the Florida trade secret statute.
This Compulife case may provide another legal avenue to protect websites and their content from scraping. Another avenue for improper scraping—the Computer Fraud and Abuse Act (CFAA)—has had mixed results in the circuits over the years. Most recently, in HiQ Labs Inc. v. LinkedIn Corp., 938 F. 3d 985, (9th Cir. 2019), the Ninth Circuit held that scraping data from public LinkedIn profiles did not amount to, effectively, "computer hacking" to warrant protection under that statute. LinkedIn has filed a petition for writ of certiorari with the Supreme Court.
Author: David Conrad
The opinions expressed are those of the authors on the date noted above and do not necessarily reflect the views of Fish & Richardson P.C., any other of its lawyers, its clients, or any of its or their respective affiliates. This post is for general information purposes only and is not intended to be and should not be taken as legal advice. No attorney-client relationship is formed.
Article March 31, 2020
Fish Attorneys Author Law360 Article, "Client Advocacy Tips For Remote Hearings During COVID-19"
Blog May 22, 2018
Federal Circuit Holds That Plaintiff Bears the Burden of Proving Venue in Patent Cases
Blog May 2, 2018
What do human traffickers, money launderers, and patent non-practicing entities have in common?
Blog February 22, 2018
Federal Circuit Takes Up Venue Burden Issue
Blog December 18, 2017
Unanswered Questions After TC Heartland
Blog October 13, 2016
Federal Circuit Affirms the Dismissal of a Complaint That Insufficiently Pleaded Joint Infringement
Blog August 16, 2016
Federal Circuit Once Again Finds That a Functional Claim Term is Indefinite Even Without the Use of "Means."
Blog January 29, 2016
The Federal Circuit trend to strengthen the standard for definiteness
Blog February 10, 2023
President Biden Signs "Protecting American Intellectual Property Act of 2022" Into Law
Article February 10, 2023
Senior Principal D.J. Healey Authors Westlaw Today Article "As Congress and the FTC Target Non-Compete Clauses, Could NDAs Become Collateral Damage?"
Blog April 28, 2022
Crafting a Comprehensive Trade Secret Strategy
Blog March 16, 2021
Extraterritorial Application of the Defend Trade Secrets Act
Blog March 11, 2021
Preserving Trade Secrets at District Court Hearings and Trials
Blog January 19, 2021
Recent Developments in Trade Secrets Damages
Article July 7, 2020
Fish Attorneys Author Article in Bloomberg Law, "INSIGHT: SCOTUS Decision on Computer Fraud Act Could Impact Trade Secrets"
Article June 17, 2020
Fish Attorneys Author Law360 Article, "What To Know About Licensee Standing In Trade Secret Cases"
Blog June 10, 2020
"Pin Down" Your Trade Secrets So the Court Can "Do Its Job" A Case Study
Article April 20, 2020