There is one area in which Craigslist Inc. appears particularly invested these days: its legal bills. Notoriously cutthroat, this online classified marketplace has steadfastly clung to its bare-boned business blueprint while resisting any form of growth or innovation over the years. Craigslist has not, however, shied away from taking on its would-be competitors in court, oftentimes those attempting only to “add[] a layer of value” to the Craigslist formula. Not surprisingly, Craigslist’s arsenal of litigation weapons has become quite vast in recent years: claims arising under the Copyright Act, the Lanham Act, and the Computer Fraud and Abuse Act (CFAA), as well as claims of unjust enrichment, conspiracy, and even trespass to chattel,all aimed at scrappy upstarts sporting a fraction of Craigslist’s resources. Many of these rival companies have employed “web scrapers” to aggregate publicly available data on Craigslist’s servers and then repackage or otherwise make available this content for third-party users.In some cases, this activity clearly constitutes misappropriation or theft, but generalizing these companies’ motives is tricky. Very often these competing companies appear to be simply trying to enhance and augment the Craigslist model, which is a desirable result in a free and unfettered market.

Several recent court orders in the U.S. District Court for the Northern District of California signal a major early victory for Craigslist over these web scrapers and data aggregators, even though much of the early media attention has centered on where Craigslist’s lawsuit fell short: the copyright infringement claims. Indeed, what was lost on many mainstream commentators (but certainly not legal bloggers) is that the application of the CFAA to online “intrusion,” specifically to Craigslist’s competitors’ web scraping activities. The April and August 2013 orders on the defendants’ motions to dismiss found these activities actionable under the CFAA,which is alarming because the scraped data in question was available on freely accessible, public websites. Moreover, these orders subvert a recent decision from the U.S. Court of Appeals for the Ninth Circuit, United States v. Nosal,which had narrowed the application of the CFAA and its use as a weapon of private enforcement against web scrapers and other data aggregators.9 In brief, Nosal stands for the proposition that users’ violations of a website’s “Terms of Use” (TOU) could not alone form the basis of CFAA liability.The Nosal case is significant because it seemingly halted the runaway train that the CFAA had become in California. Further, it marked a departure from other circuits by offering a lean, sensible interpretation of the CFAA’s thorniest provision: what activities constitute “unauthorized access.” However, the Craigslist orders still leave open questions about whether Nosal was the great panacea that it first appeared to be, or if it managed to change anything at all.

While there are causes of action that ought to be (and are) available to plaintiffs wishing to guard against unwanted intrusion, CFAA civil actions should not be among them. This cause of action is poorly suited to address complex property issues in the digital age, and it may simultaneously chill web innovation and foster anticompetitive behavior in the market. While it is unclear whether the Northern District of California will ever reach the merits in Craigslist, these early decisions suggest that the court may have misapplied Nosal, or may be poised to misapply it in the future. While Nosal seemed to take a forward step in squaring the circle—particularly with regard to the CFAA’s more troubling provisions—the Northern District’s misguided application of the CFAA post-Nosal illustrates deeper infirmities within the CFAA. Indeed, courts cannot and should not stretch the CFAA to cover unanticipated and uncontemplated forms of technology, and in this regard the CFAA is ripe for a simple statutory fix. A CFAA “safe harbor” of sorts, borrowed from language found in a related statute, would help modernize a statute that has, over time, swept within its ambit a new class of unintended defendants.

Part I of this Comment begins by tracking the CFAA’s evolution in the Ninth Circuit as applied in the internet realm. Part II examines the Nosal decision and whether the court properly applied it in Craigslist. Part II also examines the implications for web start-ups seeking to exploit existing, publicly available data if the Northern District eventually holds against 3Taps Inc. at trial or on summary judgment. Finally, Part III proposes a statutory solution that creates a safe harbor within the CFAA for users accessing public computer systems, effectively removing these defendants from the purview of the CFAA. This Comment focuses on developments principally in the Ninth Circuit, as California web companies are perhaps most poised to litigate these types of issues.