Chegg Is Likely to Prevail on Its Anti-Scraping Contracts Claim…But Doesn’t Get an Injunction–Chegg v. Doe (Guest Blog Post)

July 26, 2023 · by · in Licensing/Contracts, Trespass to Chattels

by guest blogger Kieran McCarthy

Most web-scraping cases fit into one of two categories:

  • Cases where companies are innovating with data in ways that data hosts/owners don’t like, and courts try to accommodate competing interests in accordance with prevailing legal theories, including breach of contract, the CFAA, misappropriation, and various forms of intellectual property protection. Power Ventures, hiQ Labs, the ill-fated Southwest cases, and all the fancy new generative AI cases broadly fit into this category.
  • Cases where someone is pilfering data and/or ripping off someone’s business wholesale, and the only question is which claims will be used to take them down.

Based on the complaint, Chegg v. Doe apparently falls into the latter category. And while these types of cases may not seem that important or interesting, often the jurisprudence in this area of law is dictated by these cases and applied to the first category of cases.

* * *

Chegg is an online learning platform that sells something called Chegg Study, “a service that provides step-by-step solutions to problems in commonly used textbooks for high school and college students.” Chegg at 1.

Chegg claims that a site called Homeworkify has circumvented Chegg’s platform and controls to provide solutions to Chegg Study for free. In addition to providing Chegg’s for-pay services online for free, Homeworkify has used and continues to use Chegg’s name in Google Advertising. The horror!

The first and most important wrinkle in this case is that Chegg can’t figure out who is responsible for Homeworkify. The domain registration is cloaked. Chegg sent a cease-and-desist letter to Homeworkify’s domain registrar, Namecheap, its proxy server, Cloudflare, and the email address associated with domain registration, but they have found nothing. Chegg then subpoenaed NameCheap and Cloudflare, who complied with the subpoenas and provided details about the information that had been provided to them, but that all turned out to be a dead end, too. Whoever is behind Homeworkify, he/she/they/it is one crafty scraper!

After failing to unearth the person behind Homeworkify, Chegg brought a motion for a preliminary injunction to shut down Homeworkify and serve the owner by email. Much to my surprise, the motion failed on both counts! Score one win for the crafty scraper! (for now…)

CFAA claims

Chegg brought a CFAA claim against the defendant because: 1) its data is behind a log-in screen; 2) Chegg thinks that the defendant got the data while using a free trial; and 3) the defendant is still using the data to undermine Chegg’s core business after getting the cease-and-desist letter.

The court says that using scraped data after receiving a cease-and-desist notice is not a violation of the CFAA, even if the data was collected from beneath a log-in from a site that prohibits scraping. That’s a reasonable inference from Van Buren, but no court has explicitly said as much before.

The court says that if Chegg could prove that they had taken measures to block the defendant’s access after sending the cease-and-desist, and defendant continued to access the data, that might be grounds for a CFAA claim. But if defendant scraped all the data before getting a cease-and-desist letter and while it still had valid access, no degree of subsequent misuse creates a CFAA claim. Access after revocation triggers a CFAA claim, not data misuse.

The court also seems to imply a full-fledged return to the Power Ventures regime with language about cease-and-desist + “measures to block” + ongoing access = CFAA claim.

If Chegg’s cease-and- desist specifically outlawed continued access to Chegg’s solutions through free trial accounts and Chegg imposed technological barriers to stop Homeworkify from doing so, and Homeworkify continued to access Chegg content in this manner, Power Ventures teaches that this may very well constitute a CFAA violation.

Id at 2.

This seems a bit overbroad and should be limited by the key holding of hiQ Labs I and II, which is that CFAA claims from accessing public data are inapt, regardless of whether the host sent a cease-and-desist letter. Still, this case more closely resembles Power Ventures compared to hiQ Labs in that the data is accessed from beneath a log-in screen. Also, this is dicta. Thus, we probably shouldn’t read too much into this passage for its implications for public/not-behind-a-login data.

Breach of Contract

As is common with scraping cases in 2023, just because the scraper prevails on the CFAA claim doesn’t mean the scraper is going to prevail.

Defendant created an account to access Chegg’s data. When doing so, defendant had to agree to the Terms and Privacy Policy. Those terms and privacy policies were hyperlinked. The terms prohibited scraping.

The court found that defendant “likely” breached Chegg’s terms. That’s enough to prevail on the “likelihood of success” prong for the preliminary injunction.

Irreparable Harm

Even though the court found the plaintiff was likely to succeed on the merits on its breach of contract claim, that the balance of equities tipped in Chegg’s favor, and that the public interest favored an injunction, the court could not be persuaded–on a default judgment, no less–that Chegg faced irreparable harm.

Chegg presented evidence of 34 “thumbs up” votes on a solution to one of its problems on defendants’ site as evidence that Homeworkify was harming its business. The court said that while that was some evidence of economic damages, it wasn’t good enough for preliminary injunctive relief. The harm had to be significant enough that it threatened the possibility of Chegg’s “extinction,” and 34 likes didn’t show that.

Chegg claimed that:

Absent injunctive relief, Homeworkify may continue to “disseminate Chegg’s stolen content on Homeworkify with impunity.” Mot. at 15.

Id at 6.

The judge in this case, Charles Breyer (former Justice Breyer’s younger brother), was not persuaded:

Chegg may well be right. But a movant is not entitled to injunctive relief because harm is ongoing or may continue, or because there is a likelihood of success on the merits of some of its claims. Just as Chegg has not shown on this record that it has suffered irreparable harm from Homeworkify’s past dissemination of Chegg’s solutions, it has not shown that Homeworkify poses a risk of additional irreparable harm in the future.

This is the most interesting part of the case for me. The court holds a very high bar for what constitutes irreparable harm. I feel like 19 out of 20 judges would have just granted this injunction. But not Judge Charles Breyer! If harm tantamount to “extinction” is the future prerequisite for PI relief, a lot of injunctions will get denied. I feel like this case will be cited by defendants in the 9th Circuit in preliminary injunction proceedings for years to come!

Service by Alternative Means

Chegg sought permission to serve defendants by email, since it has not yet been able to do so in person and it doesn’t know who the person/s is yet. But since Rule 4(f)(3) only allows courts discretion to allow plaintiffs to serve foreign defendants by email, and Chegg hadn’t been able to confirm one way or another where the defendant is, or who he/she/they/it is, this motion was denied as well.

Conclusion

This case is interesting because it articulates and applies some of the probable inferences from Van Buren with some clarity, because it shows some of the practical challenges of litigating against incognito web scrapers, and because it shows that Charles Breyer DOES NOT GRANT PRELIMINARY INJUNCTIONS LIGHTLY!