You can read about the case here.

Imagine you build a high-tech library. You put a security guard at the front door to check ID cards, and you lock the rare books in a glass cabinet. Now imagine a company sets up a service that rents out fake IDs and specialized lock-picking tools so anyone can sneak in, photocopy the rare books, and sell the copies. When you catch them, they say, “But the library is open to the public!”

This is the core of Google LLC v SerpApi, LLC (ND Cal, 19 December 2025).¹ A lawsuit filed in the Northern District of California that targets the “picks and shovels” of the web scraping industry. Unlike previous battles over who scrapes, this case attacks the methods used to bypass modern anti-scraping defences.

Who’s Involved?

• Google LLC (Plaintiff): The search monopolist that spends billions defending its data moats and developing sophisticated anti-bot systems like “SearchGuard”.
• SerpApi, LLC (Defendant): A prominent API provider that allows developers to scrape search engine results pages (SERPs) without building their own infrastructure, essentially keeping the “front door” open for other businesses.

Understanding the Technical Elements

What is an API wrapper for scraping? Scraping modern websites is hard. You have to manage:

• IP Rotation: Using thousands of residential proxies to hide your true location.
• CAPTCHA Solving: Automating the “I am not a robot” tests.
• Browser Fingerprinting: Making your bot look like a legitimate Chrome user on a MacBook.

SerpApi sells this complexity as a service. A developer simply sends a clean HTTP request to SerpApi, and SerpApi handles the messy work of bypassing Google’s defences to return structured JSON data.

Technical Problem: Circumvention vs Access

Google recently deployed a new anti-automation system called “SearchGuard”. They allege that SerpApi didn’t just scrape public data, but actively reverse-engineered this security layer. This includes using “cloaking” (showing one thing to Google and another to users) and sophisticated bot networks that mimic human behaviour to slide past the gates.

Understanding the Legal Frameworks/Statutes

The lawsuit hinges on a specific US law that turns technical circumvention into a legal crime.

The Digital Millennium Copyright Act (DMCA)

While often associated with pirated movies, the DMCA has a powerful section: 17 USC § 1201.² This provision makes it illegal to “circumvent a technological measure that effectively controls access” to a copyrighted work.

Think of it like digital breaking-and-entering. Even if you have a right to look at the data inside (fair use), picking the digital lock to get there is a separate crime. Google argues that “SearchGuard” is the lock, and SerpApi is selling the lockpicks.

Breach of Contract

This relies on Google’s Terms of Service (ToS), which explicitly forbid scraping, accessing the services via automated means, or bypassing restrictions. Google argues that by creating accounts to test their scrapers, SerpApi agreed to these terms and then immediately broke them.

The Arguments

Google’s Perspective

Legal argument

• DMCA Violation: SerpApi is trafficking in circumvention technology. Their business model depends on breaking Google’s digital locks.
• Parasitic Business: SerpApi resells Google’s proprietary “Knowledge Graph” and search rankings, profiting from Google’s investment without permission.
• Harmful Intent: The specific design of SerpApi’s system (obfuscation, proxies) proves they knew they were unauthorised.

Technical argument

• “SearchGuard” serves a legitimate security purpose. Bypassing it threatens the integrity of the platform for real users.
• SerpApi’s bot traffic degrades performance and consumes resources that should serve humans.

From Google’s complaint

“SerpApi has built a business on the unauthorised exploitation of Google’s resources… systematically evading the technological barriers Google has erected.”

SerpApi’s Perspective (Anticipated)

Legal argument

• Public Data: Search results are publicly accessible information, often consisting of facts (which cannot be copyrighted).
• Interoperability: Tools that help machines read the web are pro-competitive and essential for innovation.
• No “Effective” Control: If the data is visible to any browser without a login, is there really a “lock” to break?

Philosophical argument If Google is the gateway to the web’s information, banning APIs like SerpApi consolidates their monopoly. Developers need programmatic access to search data to build tools that compete with Google.

Why Does it Matter?

The “Lockpick” Precedent

If Google wins on the DMCA claim, it creates a dangerous precedent: companies could legally ban scraping simply by putting up any technical hurdle (even a weak one) and calling it a “technological measure”. This would weaponise copyright law to kill the open web.

The End of “Scraping as a Service”?

Many businesses rely on third-party scrapers because building in-house infrastructure is too expensive. A ruling against SerpApi could bankrupt the middleware layer of the data economy, forcing startups to either pay Google’s exorbitant official API prices or shut down.

The Legal Implications for Engineering

From an engineering perspective, this case shifts the risk profile:

• Scraping Public Data: Generally lower risk (hiQ v LinkedIn).³
• Bypassing Auth/CAPTCHAs: High risk. If your code includes modules specifically designed to solve CAPTCHAs or rotate User-Agents to evade specific blocks, you might be crossing from “scraping” into “circumvention”.

What Google Wants

• Injunctive Relief: A court order forcing SerpApi to stop scraping.
• Damages: Statutory damages under the DMCA (which can be massive per violation) and compensation for breach of contract.

Best Practices for the Future

Technical:

• Respect robots.txt where possible.
• If you hit a CAPTCHA, back off. Solving it programmatically is legally risky.
• Use official APIs if they are viable for your business model.

Business:

• Do not build a roadmap that relies 100% on a single third-party data source you do not control.
• Be aware that “publicly available” does not mean “freely available to bots”.

Footnotes

1. Google LLC v SerpApi, LLC, Case No 5:25-cv-10826 (ND Cal 2025). ↩

2. Digital Millennium Copyright Act 1998, 17 USC § 1201. ↩

3. hiQ Labs, Inc v LinkedIn Corp, 938 F 3d 985 (9th Cir 2019). ↩