Amazon.com Services, LLC v. Perplexity AI, Inc.
Issue
In *Amazon.com Services, LLC v. Perplexity AI, Inc.*, the ACLU, ACLU of Northern California, and Knight First Amendment Institute argue that the Computer Fraud and Abuse Act does not reach an AI-powered browser that accesses platform data on behalf of authenticated, consenting users. The brief presses the non-obvious question of whether a platform's unilateral cease-and-desist letter can convert user-delegated access into criminal unauthorized access — and whether any CFAA construction that permits platforms to define their own liability triggers by sending demand letters would unconstitutionally chill automated journalism and public-interest research.
What Happened
The ACLU, ACLU of Northern California, and the Knight First Amendment Institute at Columbia University filed this amicus curiae brief at the Ninth Circuit (No. 26-1444) with consent of all parties under FRAP Rule 29, in support of Defendant-Appellant Perplexity AI and in favor of reversing the district court's preliminary injunction. The brief argues that when an AI tool acts at a logged-in user's direction using that user's credentials, it operates as an extension of the user's own authorized access, rendering a platform's separate objection to the AI entity legally irrelevant under the CFAA. Relying on *Van Buren v. United States*, *hiQ Labs v. LinkedIn*, and *Facebook v. Power Ventures*, amici contend that CFAA authorization turns on technical access gates — not on a platform's unilateral written demands — and that authenticated access to publicly viewable data does not become unauthorized merely because the platform objects to who is retrieving it. The brief also advances a constitutional avoidance argument, documenting that an expansive CFAA reading would chill adversarial platform research and automated investigative journalism, invoking *Sandvig v. Barr* and citing concrete examples including the NYU Ad Observatory and litigation against the Center for Countering Digital Hate.
Why It Matters
This brief pushes the Ninth Circuit toward a significant doctrinal extension of *hiQ Labs* — moving that decision's public-data logic into the contested terrain of authenticated, user-delegated AI agent access, a question no circuit has cleanly resolved. If the court accepts the user-authorization-as-delegation framework, it would effectively insulate a broad class of AI browsing and research tools from CFAA liability so long as they operate with a user's credentials and consent. The brief's treatment of *Facebook v. Power Ventures* is the argument's most vulnerable point: that decision specifically permitted CFAA liability to attach after an individualized cease-and-desist, and Amazon's stronger theory — that Perplexity was never independently authorized in the first place — maps more naturally onto *Power Ventures* than amici acknowledge. The constitutional avoidance thread is nonetheless significant: even if the textual argument fails, a ruling that endorses the chilling-effect analysis could constrain how broadly any CFAA holding is written. The case is worth watching as an early test of how appellate courts will apply *Van Buren*'s gates-up/down framework to AI agents acting on behalf of human users.
Related Filings
Other proceedings in the same litigation tracked by this monitor.
How accurate was this summary?