Earlier this year, the Seventh Circuit affirmed summary judgment for a real estate analytics company sued by a software firm who claimed the company was pilfering on-line land records.
The plaintiff in Fidlar Technologies v. LPS Real Estate Data Solutions, 810 F.3d 1075 (7th Cir. 2016) developed a software program called “Laredo” that computerized real estate records and made them available to viewers for a fee. The plaintiff sued when it found out that the defendant was using a web harvester to bypass plaintiff’s software controls and capture the electronic records. The defendant’s harvester allowed it to disguise the amount of time it was spending on-line and so avoid paying print fees associated with the electronic data.
The Computer Fraud And Abuse Act (CFAA) Claim
The Court found the was a lack of evidence to support plaintiff’s Computer Fraud and Abuse Act (CFAA) claim as plaintiff could not show the defendant’s “intent to defraud” or “damage” under the CFAA. See CFAA, 18 U.S.C. s. 1030.
CFAA: Intent to Defraud (18 U.S.C. s. 1030(a)(4)
The CFAA defines an intent to defraud as acting “willfully and with specific intent to deceive or cheat, usually for the purpose of getting financial gain for one’s self or causing financial loss to another.” An intent to defraud can be shown by circumstantial evidence since direct intent evidence is typically unavailable.
The Court credited the defendant’s sworn testimony that printing real estate records was a minor part of its business and that it did pay maximum monthly access fees for computerized real estate data.
The defendant also produced evidence that it used its harvester not only in fee-charging counties, but also in those that didn’t charge at all. This bolstered its argument that the harvester’s fee-avoidance was an unintended consequence of the defendant’s program.
Finally, the Court noted that defendant’s agreements with the various county offices (which made the real estate data available) didn’t expressly prohibit the use of a web harvester. These factors all weighed against finding intentional conduct under the CFAA by the defendant analytics company.
CFAA: Transmission and Damage Claim (18 U.S.C. s. 1030(a)(5)(a)
The Seventh Circuit also rejected the plaintiff’s CFAA transmission claim; echoing the District Court’s cramped construction of the CFAA. The Court described the CFAA’s aim as punishing those who access computers in order to delete, destroy, or disable information.
“Damage” is defined in the CFAA as “any impairment to the integrity or availability of data, a program, a system or information….” 1030(e)(8). The Court interpreted this as destructive behavior aimed at injuring physical computer equipment or its stored data. Examples of this type of damaging conduct includes using a virus or deleting data. Flooding an email account with data could also qualify as CFAA damage according to at least one case cited by the court.
Here, the defendant’s conduct didn’t impair the integrity of any computer hardware or compromise any real estate data. The defendant’s attempt to bypass on-line printing access and print fees is not the type of damage envisioned by the CFAA. According to the Court, mere copying of computer data doesn’t fit the CFAA’s damage definition. 18 U.S.C. § 1030(e)(8).
Afterwords:
Fidlar represents a court narrowly applying the CFAA so that it doesn’t cover the type of economic loss (e.g. subscription fees, etc.) claimed here by the plaintiff. The case also illustrates that a successful CFAA claimant must show its computer equipment was physically harmed or its data destroyed. Otherwise, a plaintiff will have to choose a non-CFAA remedy such as a breach of contract, trespass to chattels or trade secrets violation.