Computer Fraud Suit Based On Real estate Records Fails – Illinois Northern District

images (1)

The Northern District of Illinois (Fidlar Technologies v. LPS Real Estate Data Solutions, 2015 WL 1059007 (N.D.Ill. 2015) granted summary judgment for a defendant real estate analytics firm in a computer fraud case filed by a software firm who makes paper real estate records available on-line for various county recorders offices across the country.

The plaintiff developed a program called “Laredo” that computerized real estate records and made them available to viewers for a fee.  The plaintiff sued when it found out that the defendant was using a web harvester to bypass plaintiff’s software controls and capture the electronic records.  The defendant’s harvester allowed it to disguise the amount of time it was spending on-line and so avoid paying print fees associated with the electronic data. 

The Computer Fraud And Abuse Act Claim

On its Computer Fraud and Abuse Act, 18 U.S.C. s. 1030 (“CFAA”) claim, the Court found there was a lack of evidence of defendant’s intent to defraud based on defendant evading the printing fees.  The CFAA defines an intent to defraud as acting “willfully and with specific intent to deceive or cheat, usually for the purpose of getting financial gain for one’s self or causing financial loss to another.”

The court noted that defendant offered sworn testimony that printing real estate records was a minor part of its business and that it did pay the various counties the maximum monthly access fee for the real estate data.  The defendant also produced evidence that it used its “client” program (which could avoid the time tracking and printing charges) not only in fee-charging counties, but also in those that didn’t charge at all.  This bolstered its argument that the harvester’s fee-avoidance was an unintended consequence of the defendant’s program.

Siding with the defendant, the court applied the CFAA restrictively.  It found that the Act’s aim is to punish those who access computers with the intention of deleting, destroying, or disabling information they find.

Attempting to avoid paying for minutes and printing fees – the “damage” alleged to have been done by the defendant here – wasn’t the type of damage contemplated by the CFAA.  The mere copying of electronic information from a computer system isn’t enough to satisfy the CFAA’s damage requirement.  18 U.S.C. § 1030(e)(8).

Trespass to Chattels

The plaintiff’s trespass to chattels claim was also rejected.  Trespass to chattel is an archaic legal doctrine aimed at protecting the integrity of someone’s personal property.  To successfully claim trespass to chattels, a plaintiff i must show “direct physical interference.”

The plaintiff’s claim that the defendant’s web harvester commands “physically touched” plaintiff’s computers and “substantially interfered” with plaintiff’s computer network wasn’t supported by the evidence.

The court noted that any interference was plaintiff’s claimed loss of subscription revenue and loss of goodwill.  These losses didn’t equal a physical threat to the proper functioning of plaintiff’s servers.

Afterwords:

Fidlar represents a court narrowly applying the CFAA so that it doesn’t cover the type of economic loss (e.g. subscription fees, etc.) claimed here by the plaintiff.  The case also amply illustrates that a successful CFAA claimant must show that its computer equipment or system was physically damaged or its data destroyed.  Otherwise, the proper remedy lies in a breach of contract or trade secrets violation.

 

 

Harvester of Sorrow? (IL Fed. Court Tackles Computer Fraud Case

tape recorder (photo credit: Google Images: www.strangehistory.net)

Fidlar Technologies v. LPS Real Estate Data Solutions, Inc., 2013 WL 5973938 (C.D.Ill. 2013), a high-tech diversity suit, examines internet data “harvesting” and whether it gives rise to Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (CFAA) and common law tort liability. 

The plaintiff developed a computer program that allowed recorder of deeds’ offices from around the country to provide users with public access to real estate records for a fee.  The defendant software company developed a data harvester program that bypassed plaintiff’s protective controls and then captured the real estate data without paying fees.

When plaintiff found out, it brought CFAA claims and state law trespass to chattels claims against the defendant.  Defendant moved to dismiss plaintiff’s claims.

Held: Defendant’s motion to dismiss denied.

Reasons:

The CFAA provides a civil cause of action to a plaintiff injured by computer fraud or hacking.  A CFAA “transmission claim” prohibits a defendant from knowingly transmitting a program (such as a data harvester) without authorization that causes damage to a protected computer.  A CFAA plaintiff must show loss of at least $5,000 in any one-year period.  18 U.S.C. §§ 1030(a), (c).

The Court found that plaintiff sufficiently pled damage, loss and intent under Federal notice pleading rules.  Plaintiff’s claim that defendant’s harvesting activity compromised plaintiff’s software satisfied the CFAA’s damage definition – since it alleged an impact to the “integrity” of the software.  18 U.S.C. 1030(e)(8)(CFAA damage definition). 

Plaintiffs also adequately pled loss of at least $5,000 under the CFAA: plaintiff claimed it spent over $80,000 investigating the extent of defendant’s invasion of plaintiff’s software and in making software repairs and adjustments to prevent further service interruptions.  ¶¶ 7-8; 18 U.S.C. 1030(e)(11)(loss definition).  

Lastly, the Court found the plaintiff’s intentional conduct allegations – that defendant’s intentionally and without permission, used plaintiff’s software – were sufficient under FRCP 8’s “short plain statement” strictures.  ¶ 6.

The Court also sustained (in part) the plaintiff’s trespass to chattel claims.  Trespass to chattel – a sparingly used tort occasionally applied to cyberspace lawsuits – provides a remedy where a defendant intentionally interferes with the plaintiff’s personal property and causes harm to it.  ¶ 9. 

The plaintiff’s trespass to chattel claim based on its computer data wasn’t actionable since electronic public data isn’t physical or private property owned by the plaintiff.  

But plaintiff did make out a trespass to chattels claim with respect to its computer servers.  The servers were sufficiently tangible (or physical) to underlie a trespass to chattels claim.  Plaintiff’s claim that defendant accessed the servers and impaired the servers’ quality, condition and value adequately met the Federal notice pleading standard. ¶¶ 10-11.

Defendant’s Counterclaim

Defendant’s injunctive relief and tortious interference claims were rejected.  The court found that plaintiff’s conduct was privileged under the “honest advice” privilege and the First Amendment Petition Clause.  

The latter privilege applied since the counties with whom plaintiff dealt were all government agencies.  Plaintiff’s statements to the counties concerning the defendant’s unauthorized data mining were protected “petitions” to those counties: plaintiff asked the counties to cut off defendant’s access to plaintiff’s software.  ¶¶ 14-17.

Afterwords:

– Computer Fraud plaintiffs can satisfy notice pleading standards by alleging plausible facts of intent, damage and loss exceeding $5,000;

– Trespass to chattels tort applies to physical computer hardware and servers but not to computer data;

A business competitor has some latitude to make disparaging statements about a competitor where the statements are substantially true, opinions and not facts or are privileged.

 

Nasty Flood of Phone Calls and E-Mails Gives Rise to Computer Fraud Damage Claim – 6th Cir.

In Pulte Homes International Union of North America, 648 F.3d 295 (6th Cir. 2011), the Sixth Circuit addressed the Computer Fraud and Abuse Act (CFAA) in a case where a national labor union launched a barrage of  harassing telephone calls and e-mails against a Michigan home builder that fired a union member.

The plaintiff home sued the union under the CFAA after orchestrated a nation-wide torrent of phone calls and e-mails to plaintiff and its key executives.  The volume of calls – many coming via an auto-dialer – and e-mails basically overburdened and shut down plaintiff’s phone system and computer server.

The 6th Circuit reversed the District Court’s 12(b)(6) dismissal of plaintiff’s CFAA “transmission” claim and reinstated it.  

The “Transmission” Claims 

A CFAA transmission claim requires a plaintiff to show a defendant’s knowing and unauthorized transmission of a program, code, or command that intentionally causes damage to a protected computer.  18 U.S.C. § 1030(a).  

An example of a transmission claim is a hacker or rogue employee who infects a computer system with a virus.  The Pulte Court held that plaintiff’s phone and email systems were “protected computers” under the CFAA and the defendants’ thousands of e-mail and phone blasts constituted “transmissions.”

Under the CFAA, any device that’s not a typewriter or calculator will qualify for protected computer status.

CFAA damage denotes “any impairment to the integrity or availability of data, a program, a system or information.”  18 U.S.C. §1030(e)(8).  The Court noted that the Oxford English Dictionary defined “impairment” as a “deterioration” or “injurious lessening or weakening.” 

The Court held that the Union’s alleged conduct fit squarely into this damage definition.  The Court noted that the volume of calls and e-mails sent by the union prevented plaintiff’s customers from contacting it and so overwhelmed plaintiff’s computer system that it severely stunted plaintiff’s normal business operations. 

On the CFAA intent element, the Court cited plaintiff’s wide-ranging allegations that the union’s conscious objective was to overwhelm and damage plaintiff’s business systems.  The cumulative effect of the allegations against the Union signalled the Union’s intentional conduct.  Since the plaintiff’s allegations demonstrated damage to its computer systems and the Union’s intent, the Court held that the plaintiff successfully pled a CFAA transmission claim.  Id.

The “Access” Claim

A CFAA access claim requires a plaintiff to allege a defendant “intentionally accessed a protected computer without authorization”. 18 U.S.C. § 1030(a)(5)(B), (C).  

Here, the plaintiff failed to demonstrate the Union accessed plaintiff’s phone and computer systems without authorization  under the CFAA since plaintiff allowed all members of the public to call its offices, visit its company web page, and send e-mails to it. 

Take-aways: Pulte provides a good summary of CFAA transmission and access claims and gives content to the CFAA’s damage requirement.  The case also shows how difficult it can be for an employer who has a freely available website, e-mail and phone system (basically, every single company in the U.S.), to meet the without authorization prong of a CFAA access claim.