WSGR ALERT
MAY 2 010
OHIO DISTRICT COURT ALLOWS DATABASE “SCRAPING” CASE
TO PROCEED ON A VARIETY OF LEGAL THEORIES
Continued on page 2...
Aust in new Yo rk pAl o Alt o sAn Die Go sA n F rAnc isc o seAtt le sh AnGh Ai wAs hin Gton , D .c.
Recent years have seen the growth of online
data sources, such as online databases, e-
commerce catalogs, and social networking
sites, and associated services and
applications. This growth has been
accompanied by a corresponding increase in
the sophistication of technologies that
automate access and retrieval of online data,
a practice commonly referred to as “scraping.”
The Snap-On Bus. Solutions, Inc. v. O’Neil &
Assoc., Inc. case,1in which the plaintiff
alleged a variety of claims that are typical in
a scraping case, presents a timely opportunity
to review the developing body of case law
relating to automated access of third-party
systems, including scraping and the use of
third-party content. The plaintiff, Snap-On
Business Solutions (Snap-On), survived a
summary judgment motion and was allowed
to proceed to trial on a variety of claims it
brought against O’Neil & Associates (O’Neil)
in the Northern District of Ohio, in connection
with O’Neil’s use of a scraping tool to access
and replicate data from an online database
built and hosted by Snap-On.
Snap-On initially created the searchable
online database at issue for its client
Mitsubishi, using data and images provided
by Mitsubishi. Mitsubishi later decided to
move the database to another service
provider (O’Neil), but Snap-On refused to
provide the database to Mitsubishi unless
Mitsubishi paid an additional fee. Mitsubishi
and O’Neil agreed that O’Neil would retrieve
the data from Snap-On’s database through
the use of O’Neil’s “scraper tool.” O’Neil
proceeded to scrape the data from the Snap-
On database, simulating logins by Mitsubishi
personnel using access credentials supplied
by Mitsubishi. After experiencing
performance issues with its service, Snap-On
became aware of the scraping activity and
filed suit.
Computer Fraud and Abuse Act
Snap-On alleged violations of the federal
Computer Fraud and Abuse Act (CFAA), which
provides civil and criminal penalties for
accessing third-party computer systems
without authorization (including by exceeding
the scope of authorization). The court in
Snap-On found that a material question of
fact existed as to whether language in the
contract between Snap-On and Mitsubishi
making Mitsubishi responsible for
“authorization security” and “assigning user
names and passwords to authorized users”
gave it the power to authorize a third party to
access the online database, in light of other
language suggesting that users had to be
affiliated with Mitsubishi to be authorized.
In previous scraping cases, courts have
allowed plaintiffs to proceed with CFAA
claims on the grounds that scraping activity
was “unauthorized” in light of provisions in a
website’s terms of service prohibiting
automated access, commercial use of the
website, or use on behalf of a third party.2
Notably, all 50 states have enacted statutes
addressing computer abuse and fraud, and
unauthorized access, including California
Penal Code §502(c).
Trespass to Chattels
The court next discussed Snap-On’s common-
law trespass to chattels claim, which requires
a plaintiff to show that it was harmed by the
defendant’s interference with the use or
possession of the plaintiff’s personal property.
The court first held that Snap-On’s computer
servers were personal property susceptible to
a trespass claim.3Noting that courts in a
variety of prior scraping cases have taken
different positions on the form and substance
of damages required to support the claim,4
1 C 5:09-cv-01547-JG (N.D. Ohio, April 16, 2010).
2 See, e.g., Southwest Airlines v. Farechase, 318 F. Supp. 2d at 439-40 (N.D. Texas, 2004).
3 Citing Compuserve, Inc. v. Cyber Promotions, 926 F. Supp. 1015, 1021 (S.D. Ohio, 1997) and Universal Tube & Rollform Equip. Corp. v. YouTube, Inc.,504 F. Supp. 2d 260, 268 (N.D. Ohio,
2007).
4 Citing Register.com, Inc. v. Verio, Inc., 356 F.3d 393, 404 (2d. Cir., 2004) (intangible damage capable of causing harm in the aggregate is sufficient); eBay, Inc. v. Bidder’s Edge, Inc.,100 F.
Supp. 2d 1058, 1071 (N.D. Cal., 2000) (scraping activity that interfered with plaintiff’s ability to fully utilize servers for its own purposes is sufficient); Intel Corp. v. Hamdi, 71 P.3d 296
(Cal., 2003) (insufficient damage where plaintiff was not prevented from using its servers for a measurable length of time); and Ticketmaster Corp. v. Tickets.com, Inc., No. 99CV7654,
2000 WL 1887522, at *4 (C.D. Cal., 2000) (insufficient damage where scraper used a small percentage of processing power, and plaintiff did not show actual interference with regular
business operations).
