On January 14, 2021, Southwest Airlines Co. (“Southwest”) filed a complaint in a Texas district court against an online travel site, Kiwi.com, Inc. (“Kiwi”), alleging, among other things, that Kiwi’s scraping of fare information from Southwest’s website constituted a breach of contract and a violation of the Computer Fraud and Abuse Act (CFAA). (Southwest Airlines Co. v. Kiwi.com, Inc., No. 21-00098 (N.D. Tex. filed Jan. 14, 2021)). Southwest is no stranger in seeking and, in most cases, obtaining injunctive relief against businesses that have harvested its fare data without authorization – ranging as far back as the 2000s (See e.g., Southwest Airlines Co. v. BoardFirst, LLC, No. 06-0891 (N.D. Tex. Sept. 12, 2007), and as recently as two years ago, when we wrote about a 2019 settlement Southwest entered into with an online entity that scraped Southwest’s site and had offered a fare notification service, all contrary to Southwest’s terms.
According to the current complaint, Kiwi operates an online travel agency and engaged in the unauthorized scraping of Southwest flight and pricing data and the selling of Southwest tickets (along with allegedly charging unauthorized service fees), all in violation of the Southwest site terms. Upon learning of Kiwi’s scraping activities, Southwest sent multiple cease and desist letters informing Kiwi of its breach of the Southwest terms. It demanded that Kiwi cease scraping fare data, publishing fares on Kiwi’s site and using Southwest’s “Heart” logo in conjunction with the selling of tickets. Kiwi responded and sought to form a business relationship, an overture that Southwest refused. According to Southwest, when discussions failed to yield a resolution, Kiwi allegedly continued its prior activities, prompting the filing of the suit.
In the complaint, Southwest asserted that it prohibits online travel websites from the unauthorized sale of Southwest flights and any other attempts to scrape fare data for any commercial purpose without permission. Beyond the prohibition on scraping, the terms also state that, by accessing the Southwest site, the user also agrees it “will not use the [Southwest site] for or in connection with offering any third party product or service not authorized by Southwest.”
Southwest asserted multiple causes of action, including breach of contract, violations of the CFAA (and Texas state computer trespass law), unjust enrichment and Lanham Act claims. Southwest is seeking monetary damages and an injunction barring Kiwi from, among other things, scraping data from Southwest’s site, publishing Southwest fare information on its site, and accessing Southwest’s site in any way that violates the terms.
Some interesting points:
-
While it is not entirely clear from the complaint, Southwest’s site terms, upon which the breach of contract claims are based, are seemingly presented to users as a browsewrap agreement (that is, presented as a link at the bottom of every screen such that the user is presumed to assent to the terms by using the website). In this case, the court might not have to consider the enforceability of the browsewrap terms based only on Kiwi’s alleged repeated access to the Southwest website, given that Southwest purportedly gave Kiwi actual notice of the terms in its multiple cease and desist letters. Case law suggests that the enforceability of website terms may, in some cases, be contingent on instances of actual or constructive notice of the terms that occur outside of accessing a website (e.g., in this case, receipt of a cease and desist communication providing the terms and conditions governing access to the site.)
-
In its CFAA claim, Southwest asserted that Kiwi accessed Southwest’s protected computers or servers without authorization or in excess of authorization (as outlined by Southwest’s terms) and obtained data from Southwest’s servers, including fare and pricing information. In its defense, Kiwi likely will seek to rely on the Ninth Circuit’s landmark hiQ decision (which, the Supreme Court is currently considering whether to review), and which casts doubt on the viability of a CFAA claim in connection with the scraping of “public” data. This of course begs the question of whether fare information, which is accessible subject to the restrictions of Southwest’s terms, is, in fact, “public” data. Does the fact that the site’s restrictive terms seem to be presented as a browsewrap agreement (rather than a clickwrap agreement where a user must take an action to accept the terms) have relevance? And what if the terms are held to be enforceable based on actual or constructive notice through a cease and desist letter – does that convert what might otherwise be “public” data to non-pubic data? Assuming the Supreme Court does not accept review and lets the Ninth Circuit’s hiQ decision stand, the Texas district court is not bound by Ninth Circuit precedent, and it would be interesting to see how another federal court construes the bounds of the CFAA in the scraping context. Also, of note, the upcoming Supreme Court decision in Van Buren, a criminal CFAA matter that hinges on the scope of “unauthorized access,” may affect the instant case between Southwest and Kiwi.
Scraping is a common practice and used by companies across almost all industries, yet the legal principles associated with scraping are still being developed. This complaint is the latest “shot across the bow” of web scraping. We will continue to watch this case and other relevant developments. In the meantime, both publishers of websites and those involved in scraping should evaluate the claims in this case to determine what, if any, practical steps it suggests to minimize risk in this evolving area.