Is scraping data from a publicly available website trade secret misappropriation? Based on a new opinion from the Eleventh Circuit, It might be.
In Compulife Software, Inc. v. Newman, Compulife Software, a life insurance quote database service alleged that one of its competitors scraped millions of insurance quotes from its database and then sold the proprietary data themselves. Compulife brought a number of claims against its competitors, including misappropriation of trade secrets under Florida’s version of the Uniform Trade Secrets Act (FUTSA) and under the Federal Defend Trade Secrets Act (DTSA).
Following a bench trial, Magistrate Judge James Hopkins found that, while Compulife’s underlying database merits trade secret protection, the individual quotes generated through public Internet queries to the database do not. So using a bot to take those individual quotes one by one did not constitute a misappropriation of trade secrets. On appeal, however, the Eleventh Circuit disagreed, vacated, and remanded the case.
Facts of the Case
Compulife’s main product is its “Transformative Database,” which contains many different premium-rate tables that it receives from life insurance companies. While these rate tables are available to the public, Compulife often receives these tables before they are released for general use. In addition, Compulife applies a special formula to these rate tables to calculate its personalized life insurance quotes.
Compulife sells access to its “Transformative Database” to life insurance agents. The agents can either buy a “PC version” of the database or an “internet-engine version” of the database. In addition, Compulife provides access to the database to consumers for free through its Term4Sale.com website. When an individual gets a quote from the Term4Sale website, the site automatically refers that individual to an insurance agent who works with Compulife.
The defendants operate two competing life insurance quote websites: NAAIP.org and beyondquotes.com. “NAAIP” stands for National Association of Accredited Insurance Professionals. Through NAAIP.org, the defendants offer a “Life Insurance Quoter Engine” that is similar to and partly copied from Compulife’s “Transformative Database.” Life insurance agents can sign up for a free website through NAAIP.org and put NAAIP’s life insurance quoter on their own website. Beyondquotes.com functions just like Compulife’s Term4Sale website. Individuals can use that site to obtain free life insurance quotes and are then referred to a NAAIP affiliated life insurance agent.
As part of other efforts to take its proprietary data, Compulife alleged that the defendants retained an Israeli hacker to run automated queries on the Term4Sale website to obtain individual quotes that would be used in the defendants’ competing sites.
Trade Secret Misappropriation
Under either the FUTSA or the DTSA, to prove trade secret misappropriation, Compulife had to show that (1) it possessed a trade secret and (2) the trade secret was misappropriated, either by one who knew or had reason to know that the secret was improperly obtained or by one who used improper means to obtain it. Misappropriation can be shown through improper acquisition, disclosure, or use.
With respect to the hacker’s queries to its Term4Sale website, Compulife acknowledged that any individual could visit the Term4Sale website to obtain a quote and that there was no restriction on how an individual could use a quote obtained from the Term4Sale website. Similarly, the Term4Sale website engine was also available on Compulife customer websites, and those sites were also freely accessible to the public.
Judge Hopkins held that, while the underlying Transformative Database is a trade secret, the individual quotes are not. Thus, Compulife’s FUTSA and DTSA claims alleging misappropriation of these quotes necessarily failed.
Judge Hopkins also found that Compulife failed to establish a claim of misappropriation through either use or acquisition.
On appeal, the Eleventh Circuit held that Judge Hopkins erred in reasoning that the public availability of quotes on Compulife’s Term4Sale site automatically precluded a finding that scraping those quotes constituted misappropriation.
The Eleventh Circuit recognized that the quotes’ public availability is important to the first prong of trade-secret misappropriation—the initial determination whether a protectable secret exists. The Court held that public availability creates a vulnerability, which—if unreasonable—could be inconsistent with the reasonable precautions requisite to trade secret protection.
The Court, however, held that, even granting that individual quotes themselves are not entitled to protection as trade secrets, Judge Hopkins failed to consider the possibility that so much of the Transformative Database was taken—in a bit-by-bit fashion—that a protected portion of the trade secret was acquired.
The Court found that Judge Hopkins correctly concluded that the scraped quotes were not individually protectable trade secrets because each is readily available to the public but held that does not in and of itself resolve the question whether, in effect, the database as a whole was misappropriated. The Court reasoned that, even if quotes aren’t trade secrets, taking enough of them must amount to misappropriation of the underlying secret at some point.
The Court further held that the fact that the defendants took the quotes from a publicly accessible site does not automatically mean that the taking was authorized or otherwise proper. Although Compulife plainly gave the world implicit permission to access as many quotes as is humanly possible, a robot can collect more quotes than any human practicably could. So, while manually accessing quotes from Compulife’s database is unlikely ever to constitute improper means, using a bot to collect an otherwise infeasible amount of data may well be.
As noted in recent posts, website owners have many tools at their disposal to combat unauthorized webscraping. The Eleventh Circuit reminds website owners that they may have one more arrow in the quiver. If the website owner can establish that the underlying data viewed in the aggregate is entitled to trade secret protection, it would be no defense under the Eleventh Circuit’s reasoning that the data is taken bit-by-bit through public access.