Interesting decision yesterday from the First Circuit (EF Cultural Travel v. Zefer Corp.; via Howard*) concerning whether a party who built technology used to gather information from a travel Web site could be enjoined on the basis of asserted violations of the Copyright Act or the Computer Fraud and Abuse Act (CFAA). Although the Court upheld the district court's injunction against Zefer, which built a tool that would help an EF competitor "'scrape' the prices from EF's website and download them into an Excel spreadsheet," it did so on the limited ground that neither Zefer nor any other party on notice could help "a tentatively-identified wrongdoer" -- Zefer's co-defendant Explorica -- exploit wrongfully obtained confidential information. (Explorica was formed by former EF employees, some of whom had confidentiality agreements, and was subject to an injunction previously endorsed by the Court). The Court rejected the notion that the scraper could "exceed authorized access" under the CFAA in the absence of technological barriers to access or express statements purporting to prohibit access:

This case itself illustrates the flaws in the "reasonable expectations" standard. Why should the copyright symbol, which arguably does not protect the substantive information anyway, Feist Publ'ns, Inc. v. Rural Tel. Serv. Co., 499 U.S. 340, 344-45 (1991), or the provision of page-by-page access for that matter, be taken to suggest that downloading information at higherspeed is forbidden. EF could easily include--indeed, by now probably has included--a sentence on its home page or in its terms of use stating that "no scrapers may be used," giving fair warning and avoiding time-consuming litigation about its private, albeit "reasonable," intentions. Needless to say, Zefer can have been in no doubt that EF would dislike the use of the scraper to construct a database for Explorica to undercut EF's prices; but EF would equally have disliked the compilation of such a database manually without the use of a scraper tool. EF did not purport to exclude competitors from looking at its website and any such limitation would raise serious public policy concerns. [citations omitted]

For purposes of its analysis the Court assumed that the fraud requirement for a CFAA violation had been satisfied, or was not an obstacle to an injunction. The Court did not elaborate on whether it thought statements purporting to prohibit scraping would have any effect beyond helping to define the scope of "authorized" access, and it also declined to reach Zefer's argument that its actions enjoyed First Amendment protection, as the injunction was aimed only at misuse of confidential information. Unexpected fact: this opinion does not even mention "trespass." Must not have been raised below (?). *I'm thinking Howard has the makings of a successful Vegas act coming together, although he'll need a snappier name than "The Perpetually Astounding and Endearingly Clever Human Advance Sheet," which is all I can come up with at the moment.