United States District Court, E.D. Pennsylvania
For QVC, INC., Plaintiff, Counter Defendant: CHAD A. RUTKOWSKI, LEAD ATTORNEY, ERICH MICHAEL FALKE, LESLEY M. GROSSBERG, THEODORE J. KOBUS, III, BAKER & HOSTETLER LLP, PHILADELPHIA, PA; RANDAL LEE GAINER, LEAD ATTORNEY, BAKER HOSTETLER, SEATTLE, WA.
For RESULTLY, LLC, Defendant: ANDREW GROSSO, LEAD ATTORNEY, PRO HAC VICE, ANDREW GROSSO & ASSOCIATES, WASHINGTON, DC; DAVID A. COHEN, LEAD ATTORNEY, THE CULLAN LAW FIRM, WASHINGTON, DC.
For RESULTLY, LLC, Counter Claimant: ANDREW GROSSO, LEAD ATTORNEY, ANDREW GROSSO & ASSOCIATES, WASHINGTON, DC; DAVID A. COHEN, LEAD ATTORNEY, THE CULLAN LAW FIRM, WASHINGTON, DC.
WENDY BEETLESTONE, J.
Before the Court is Plaintiff QVC, Inc.'s (" QVC" ) Motion for a Preliminary Injunction. QVC asks the Court to enjoin Defendant Resultly, LLC (" Resultly" ) from " selling, divesting, licensing, distributing, transferring, removing, pledging, or otherwise disbursing" any of its non-cash assets during the pendency of this litigation. Mot. at 1. This request arises out of incidents in May 2014, when Resultly's web-crawling program overloaded QVC's servers, which rendered QVC's customers unable to access its website and resulted in substantial lost sales. Compl. ¶ ¶ 1-3. When Resultly learned of the problem from QVC, it immediately stopped the web-crawling activity and assured QVC that it would not restart. Opp. at 1. QVC agrees that Resultly is no longer crawling its site and does not suggest that Resultly is disingenuous in stating that it would not to do so again. It does, however, contend that Resultly is in a precarious financial position and, as such, may sell its intellectual property rights in its web-crawling program to a third party which could, in turn, use the program to cause harm to QVC's server. Mot. at 2-3. QVC's Complaint asserts a violation of the Computer Fraud and Abuse Act (" CFAA" ), 18 U.S.C. § 1030(a)(5)(A), as well as a host of other state law claims under a variety of rubrics. Resultly argues that QVC is unlikely to succeed on the merits of its CFAA claim, that QVC will not suffer irreparable injury absent the requested relief, and that a preliminary injunction would result in greater harm to Resultly.
At the February 20, 2015 hearing to consider QVC's preliminary injunction, Resultly offered the testimony of Ilya Beyrak, Resultly's founder and CEO. QVC cross-examined Beyrak but declined to put on any of its own witnesses, relying instead on the affidavits of Randall L. Gainer, Sean Dwyer, and David Garozzo, and the arguments made in briefing. Based upon the parties' submissions, Beyrak's testimony, and oral argument, the Court denies QVC's motion for a preliminary injunction for the reasons set forth below.
A. The Parties
QVC is a " television and online retail giant" that markets and sells a wide variety of consumer products through live televised shopping programs, its websites, and other interactive media, including QVC.com. Mot. at 1; Gainer Decl. Ex. B at 2. In 2013, QVC reported that its e-commerce revenue was $3.2 billion--an average of around $8.7 million per day. Gainer Decl. Ex. B at 3.
Resultly is a four-year-old internet startup company that uses computer code to " crawl the web" to search hundreds of public websites of online retailers for the purpose of advertising to the public the merchandise of these entities in real time. Beyrak Decl. ¶ 3; Hr'g Tr. at 69:19-21. Resultly's intellectual property pertains to the method of choosing what information to crawl and extract from retailers' websites, and what information to display to users. Beyrak Decl. ¶ 8. It performs its crawling functions by utilizing and building
upon open source software. Hr'g Tr. at 24:15-25:12. Resultly hosts a consumer website and application that allows consumers to find products that are for sale, purchase them, and create and share collections with friends, peers, etc. Id. at 22:1-6. To illustrate, when a user on Resultly's webpage searches for a particular item, Resultly populates its page with items responsive to that search with product information it collects by crawling various retailers' websites. If a user wants to purchase any of those items, Resultly's webpage would take him or her directly to the retailer's website to complete the purchase. See id. at 32:6-15. Resultly views the service it provides as a benefit to both retailers and consumers. Dwyer Decl. Ex. A at 2. Recognizing this benefit, QVC allows many of Resultly's competitors, e.g., Google, Pinterest, The Find, and Wanelo, to crawl its website. Hr'g Tr. at 76:17-77:5. In fact, QVC has stated that its website is powerful enough to handle millions of such requests daily without issue. Mot. at 2 n.1.
B. Resultly's Use of Open Source Software
Resultly performs the crawling functions necessary to its business through a software program known as " abot." Beyrak Decl. ¶ 5; Hr'g Tr. at 24:12-25:12. The abot code is an open source C# (" C-sharp" ) web crawler, which means it is in the public domain on the Internet. Hr'g Tr. at 24:15-22. Resultly's software gives abot instructions on which websites it wants to crawl, as well as different configuration parameters, including whether Resultly wants to implement any " crawl delays," which control the speed at which Resultly's server pings a retailer's server with requests for information. Id. at 25:15-21. When abot returns pages that it crawls, Resultly processes that information through its own proprietary code. Id. at 25:8-12.
Even if Resultly does not sell its proprietary code, there is nothing preventing another company from using abot to crawl QVC's server in the same manner as Resultly. Id. at 25:22-26:5. In fact, abot is the most popular crawler written in .NET and has been downloaded nearly 10 million times. Id. at 26:2-5.
C. Resultly's Business Model
Resultly's business model is dependent on the functional operation of retail websites that it crawls so as to maximize purchases made by customers who access those business websites through Resultly's website. Beyrak Decl. ¶ 9. Beyrak testified that Resultly's " purpose as a business is to find new products, find when products go on sale, and to provide that information to our users, who are people looking to purchase those types of items, and find new items that they have otherwise not found." Hr'g Tr. at 30:12-18. To achieve these goals, Resultly needs to maintain good relationships with retailers so that they do not block Resultly from crawling their websites. See id. at 41:5-15. Moreover, Resultly needs the retailers' websites to be functional so that its users can complete purchases of items they discover through Resultly. See id.
D. Resultly's Business Plan
Beyrak testified that Resultly's goal as of May 2014 was to produce a product and grow its user base. Id. at 30:22-31:2. When it accomplishes this goal, it will then seek to monetize that user base through advertising or some other mechanism. Id. at 31:3-5.
Meanwhile, Resultly currently makes money by collecting commissions on purchases made when a Resultly user clicks through Resultly's site to buy an item
directly from a retailer. Id. at 31:6-15; 32:6-15. Resultly does not obtain the commission directly from the retailers whose sites it crawls. Instead, retailers such as QVC have an " affiliate" relationship with an intermediary company such as Commission Junction, whereby QVC pays the affiliate a percentage of the purchases made by users the affiliate brings to QVC's website. Id. at 73:12-74:24. Companies such as Commission Junction in turn enter into a contract with VigLink, another intermediary that brings traffic to the affiliate retailers' websites by forming relationships with " publishers," i.e., companies like Resultly that specialize in creating a user base of people who are looking to purchase products. Id. at 73:15-24.
In short, when a Resultly user buys a product on QVC, QVC pays a commission to Commission Junction (or a company in a similar affiliate position); Commission Junction then pays a share to VigLink; and finally VigLink pays a share of what it has received to Resultly. Id. at 72:20-74:24.
E. May 2014 Events
Resultly began crawling QVC's website in May 2014. For a certain period of time, Resultly crawled QVC's website for development purposes without complaint from QVC. Id. at 26:13-27:12. Around May 9, 2014, Resultly began crawling the QVC website for production purposes. Id. at 26:13-20. On May 9 and 11, QVC's servers experienced an overload that impaired consumers' ability to use the site. Mot. at 1. QVC argues that the crash was caused because of the speed at which Resultly crawled its server. Compl. ¶ 14. QVC further argues that it was unable to quickly block Resultly's requests because Resultly had used IP addresses that were not identifiable as coming from a web-crawler. Id. ¶ 15.
At some point, presumably May 11, QVC was able to identify and block Resultly's IP addresses, which restored service to the QVC.com website. See Garozzo Decl. ¶ 11.
1. QVC's Relationship with Akamai
Requests for information and other content made to QVC.com from various internet users and software programs are routed through servers owned by Akamai Technologies, Inc. (" Akamai" ). Id. ¶ 4. QVC uses a program called Akamai Security Monitor, including the program's Web Application Firewall (" WAF" ) feature. Id. The WAF feature allows QVC operations specialists to set rules that are defined to warn and protect QVC.com from malicious requests. Id. ¶ 5. The Akamai servers are configured to cache certain content of the QVC.com website so that if the server has the requested content cached, Akamai can serve the response back to the requestor. Id. ¶ 6. If the response is not cached, Akamai will make a request to the QVC servers to obtain a response. Id. Akamai would then, based on defined caching rules, cache the response, and send the response back to the requestor. Id.
Due to QVC's relationship with Akamai, any request Resultly sent to QVC would actually hit Akamai's servers first. Hr'g Tr. at 29:10-13. If Resultly's question could be answered by the cached information on Akamai's server, Akamai would return the answer to Resultly. Id. at 29:21-30:3. If Akamai determined that its cached version was too out-of-date to answer the request, Akamai would then request the information from QVC's server. Id. at 71:6-72:4. When asked if he was
aware of a risk of overloading QVC's site in spite of QVC's relationship with Akamai, Beyrak responded that he would not know the risk of overload because it would be " purely based on the configuration" between Akamai and QVC's server. Id. at 65:12-24.
2. Resultly's User Agent
A user agent is a " string" that is passed by a browser or other device, to a website, to identify what software is being used by that device to access the site. Id. at 35:12-23. Typically, Resultly includes the word " Resultly" at the end of its user agent string. Id. at 36:25-37:12. There is no requirement that Resultly identify itself this way. Id. at 82:12-16. However, Resultly wants to identify itself so as to " encourage retailers to participate on [Resultly's] platform." Id. at 36:25-37:12. At one point in 2014, likely including the period during which Resultly was crawling QVC's website, Resultly's user agent identification did not include the word " Resultly." Id. at 36:17-24; 37:14-38:11. Beyrak testified that this was a mistake, and Resultly corrected the user agent to identify Resultly when it discovered the omission. Id. at 37:14-38:11.
QVC argues that because Resultly's user agent did not identify itself as a crawler, QVC believed that the requests were coming from individual customers instead of a bot. Garozzo Decl. ¶ 12. Beyrak testified that Resultly never attempted to mask or hinder identification of its IP addresses or bot. Hr'g Tr. at 38:14-16. Moreover, Beyrak testified that because Resultly's IP addresses are registered, QVC could have identified Resultly from its IP addresses either by referencing the American Registry of Internet Numbers (" ARIN" ), by typing any of the IP addresses into address bar of a web browser, or conducting a " reverse look-up" of one of the IP addresses, which would have shown Resultly's name. Id. at 39:5-40:19. Beyrak testified that if QVC had used any of these methods, it would have immediately identified Resultly. Id. QVC could then either reach out to Resultly to request that it stop its activity, id., or block Resultly by submitting a request to Akamai to create WAF rules blocking all requests coming from Resultly's IP addresses. See Garozzo Decl. ¶ 10.
3. Rate of Requests
QVC's Complaint alleges that Resultly " sent search requests on QVC's website at rates ranging from 200-300 requests per minute to up to 36,000 requests per minute, which overloaded QVC's website." Compl. ¶ 17. A letter from QVC's Assistant General Counsel, Vincent A. LaMonaca, to Beyrak states that the rate of requests coming from Resultly " approach[ed] 40,000 requests per minute." Gainer Decl. Ex. A. However, Beyrak testified that the maximum instructions that Resultly's server could send to QVC would likely be 10 to 20,000 per minute. Hr'g Tr. at 51:12-24.
Beyrak testified that the number of requests Resultly's server can send per minute is a function of the server's computing power, i.e., the number of requests that its server can make, and the speed at which the server makes its requests. See id. at 56:24-57:4. The computing power of Resultly's server is fixed. Id. at 54:22-55:3. However, the speed at which Resultly's server can send requests depends upon whether or not the retailer has specified a crawl delay in a " robots.txt" file. Id. at 42:4-13. If a retailer has specified a crawl delay of twenty seconds, for example, Resultly's server will honor that standard and wait twenty seconds between requests, even if it has the capacity to send requests faster. See id. at 42:9-13. If the retailer has not specified a crawl delay, it was Resultly's practice in May 2014 that Resultly's
server would send requests as soon as it received a response to its previous request. Id.
There is no industry standard that sets the outer limits of what a crawl rate should be. Id. at 66:6-11. Beyrak testified that the appropriate crawl rate for any particularly website would depend upon the circumstances and would take into account multiple factors, including " how many servers the company has, what technology they have, if the site is static or dynamic content, what language it's written in, how efficient it is, how many other requests they have coming in and whether those requests are coming from users or other bots." Id. at 49:22-50:4. When asked on cross examination what crawl rate Beyrak would suggest to QVC, Beyrak responded that he would need to know more information, but at a minimum, he would advise them to set the crawl delay for any unknown robots " to some high arbitrary number, in order to ensure protection." Id. at 50:17-24. Depending on the circumstances, Beyrak would sometimes suggest a crawl delay for a retail website at ten to twenty seconds. Id. at 51:1-11. Beyrak noted that a crawl delay of one second between requests is " super, super low." Id. at 66:15-18.
Beyrak testified that Resultly used one server to crawl QVC.com. Id. at 28:14-16. QVC does not specify a crawl delay through the robots.txt file. Mot. at 2; Garozzo Decl. ¶ 13. Thus, the speed at which the Resultly server operated depended on how quickly QVC's site responded. Hr'g Tr. at 28:21-24. QVC argues that it does not want to set a crawl delay because it wants to allow other web programs, such as Google, to crawl its websites. Garozzo Decl. ¶ 13. However, Beyrak testified that QVC had the ability to set a crawl delay for Resultly, or any other unknown crawler, independent of any delay that might set for another company such as Google. Id. at 79:22-80:7; 83:9-20.
F. Negotiations Between QVC and Resultly
On May 28, 2014, QVC sent Resultly a cease-and-desist letter. Gainer Decl. Ex. A. The letter informed Resultly that its web-crawling activities overloaded QVC's servers by requesting information at a rate approaching 40,000 requests per minute. Id. Upon notification of a possible problem, Resultly immediately ...