Category: Computer Fraud and Abuse Act

Seventh Circuit Jettisons Software Firm’s Computer Fraud Case – No Damages Evidence

Earlier this year, the Seventh Circuit affirmed summary judgment for a real estate analytics company sued by a software firm who claimed the company was pilfering on-line land records.

The plaintiff in Fidlar Technologies v. LPS Real Estate Data Solutions, 810 F.3d 1075 (7th Cir. 2016) developed a software program called “Laredo” that computerized real estate records and made them available to viewers for a fee.  The plaintiff sued when it found out that the defendant was using a web harvester to bypass plaintiff’s software controls and capture the electronic records.  The defendant’s harvester allowed it to disguise the amount of time it was spending on-line and so avoid paying print fees associated with the electronic data. 

The Computer Fraud And Abuse Act (CFAA) Claim

The Court found the was a lack of evidence to support plaintiff’s Computer Fraud and Abuse Act (CFAA) claim as plaintiff could not show the defendant’s “intent to defraud” or “damage” under the CFAA. See CFAA, 18 U.S.C. s. 1030.

CFAA: Intent to Defraud (18 U.S.C. s. 1030(a)(4)

The CFAA defines an intent to defraud as acting “willfully and with specific intent to deceive or cheat, usually for the purpose of getting financial gain for one’s self or causing financial loss to another.” An intent to defraud can be shown by circumstantial evidence since direct intent evidence is typically unavailable.

The Court credited the defendant’s sworn testimony that printing real estate records was a minor part of its business and that it did pay maximum monthly access fees for computerized real estate data.  

The defendant also produced evidence that it used its harvester not only in fee-charging counties, but also in those that didn’t charge at all.  This bolstered its argument that the harvester’s fee-avoidance was an unintended consequence of the defendant’s program.

Finally, the Court noted that defendant’s agreements with the various county offices (which made the real estate data available) didn’t expressly prohibit the use of a web harvester. These factors all weighed against finding intentional conduct under the CFAA by the defendant analytics company.

CFAA: Transmission and Damage Claim (18 U.S.C. s. 1030(a)(5)(a)

The Seventh Circuit also rejected the plaintiff’s CFAA transmission claim; echoing the District Court’s cramped construction of the CFAA.  The Court described the CFAA’s aim as punishing those who access computers in order to delete, destroy, or disable information.

“Damage” is defined in the CFAA as “any impairment to the integrity or availability of data, a program, a system or information….” 1030(e)(8). The Court interpreted this as destructive behavior aimed at injuring physical computer equipment or its stored data. Examples of this type of damaging conduct includes using a virus or deleting data.  Flooding an email account with data could also qualify as CFAA damage according to at least one case cited by the court. 

Here, the defendant’s conduct didn’t impair the integrity of any computer hardware or compromise any real estate data. The defendant’s attempt to bypass on-line printing access and print fees is not the type of damage envisioned by the CFAA.  According to the Court, mere copying of computer data doesn’t fit the CFAA’s damage definition.  18 U.S.C. § 1030(e)(8).

Afterwords:

Fidlar represents a court narrowly applying the CFAA so that it doesn’t cover the type of economic loss (e.g. subscription fees, etc.) claimed here by the plaintiff.  The case also illustrates that a successful CFAA claimant must show its computer equipment was physically harmed or its data destroyed.  Otherwise, a plaintiff will have to choose a non-CFAA remedy such as a breach of contract, trespass to chattels or trade secrets violation.

 

Is The Refusal To Give Up Control of a Private LinkedIn Group A Trade Secret Violation? IL ND Weighs In

image

When a former media company executive refused to turn over a private LinkedIn group’s contact information, the company responded with a multi-count lawsuit.

In CDM Media USA, Inc. v. Simms, 2015 WL 1399050 (N.D. Ill Mar. 25, 2015), the plaintiff company alleged that the LinkedIn group (the “Group”), which was geared towards high-level IT professionals and administered by the defendant, was company property.  The plaintiff also claimed the Group’s comments threads were competitively valuable trade secrets.

The plaintiff joined a common law misappropriation claim premised on the allegation that the defendant downloaded confidential company data on to his cell phone and refused to return it.

In partially granting the ex-employee’s motion to dismiss, the court considered whether social media content and contacts can qualify for trade secret protection under the Illinois Trade Secret Act.

The LinkedIn Private Group: A Trade Secret? Maybe

The court first considered whether the Group (which contained nearly 700 members) fit the definition of a trade secret under Illinois law.  An Illinois trade secret plaintiff must allege (1) the existence of a trade secret, (2) misappropriation of that trade secret, and (3) that the trade secret was used in the defendant’s business. The Illinois Trade Secrets Act (ITSA) defines “trade secret” to include, among other things, “list of actual or potential customers.” 765 ILCS 1065/2(d).

A key common law trade secrets factor is the time and expense incurred in developing a client base.  The more time and money spent, the better chance of showing a trade secret.

Here, the media company’s allegation that the Group was developed at significant expense over several years and was secret enough to give plaintiff a competitive advantage over rival B2B marketers was sufficient to state a trade secrets claim under the Act for purposes of a motion to dismiss.

The court found that “too little is known” about how the Group was set up, its contents and how it impacted the plaintiff’s business to definitively rule that the Group wasn’t a trade secret as a matter of law.

The Group Communications/Comments: Not A Trade Secret

The court rejected the plaintiff’s trade secrets claim based on the Group comments.  While the court allowed that in some cases a social media group’s communications might qualify as a trade secret, the plaintiff failed to pinpoint the specific Group content that was secret or that gave the plaintiff advantage over the competition.  Because the Group trade secrets allegations were too vanilla, that claim was dismissed.

Defendant’s Cell Phone Data: No Allegation of Use in Business

The plaintiff’s trade secrets claim premised on the allegation that the defendant swiped information from plaintiff’s private database and downloaded it to his cell phone also failed.  Trade secrets misappropriation requires an allegation that defendant actually used a trade secret in his business.  Here, the plaintiff failed to allege that defendant used any of the cell phone data in the course of his current employment.

Lastly, the court found the plaintiff’s “inevitable disclosure” allegations to sparse to be actionable.

Under the inevitable disclosure rule, a trade secrets claim will succeed if the plaintiff shows the defendant can’t function or operate in his new job without relying on the plaintiff’s trade secrets.  Here, the plaintiff failed to allege any facts to support his bare-bones assertion that defendant would inevitably disclose plaintiff’s trade secrets to defendant’s new employer.

Afterwords:

Post-worthy for its modeling of some creative lawyering: trade secrets law isn’t the typical legal theory of choice in a dispute over who owns a private social media account;

If a private social media group is secret enough to give an employer a competitive advantage and was developed over a lot of time and expense, the group can qualify as a trade secret;

Even under Federal notice pleading, a plaintiff must allege use in business to establish misappropriation and must give some specifics to support an inevitable disclosure theory.

Computer Fraud Suit Based On Real estate Records Fails – Illinois Northern District

images (1)

The Northern District of Illinois (Fidlar Technologies v. LPS Real Estate Data Solutions, 2015 WL 1059007 (N.D.Ill. 2015) granted summary judgment for a defendant real estate analytics firm in a computer fraud case filed by a software firm who makes paper real estate records available on-line for various county recorders offices across the country.

The plaintiff developed a program called “Laredo” that computerized real estate records and made them available to viewers for a fee.  The plaintiff sued when it found out that the defendant was using a web harvester to bypass plaintiff’s software controls and capture the electronic records.  The defendant’s harvester allowed it to disguise the amount of time it was spending on-line and so avoid paying print fees associated with the electronic data. 

The Computer Fraud And Abuse Act Claim

On its Computer Fraud and Abuse Act, 18 U.S.C. s. 1030 (“CFAA”) claim, the Court found there was a lack of evidence of defendant’s intent to defraud based on defendant evading the printing fees.  The CFAA defines an intent to defraud as acting “willfully and with specific intent to deceive or cheat, usually for the purpose of getting financial gain for one’s self or causing financial loss to another.”

The court noted that defendant offered sworn testimony that printing real estate records was a minor part of its business and that it did pay the various counties the maximum monthly access fee for the real estate data.  The defendant also produced evidence that it used its “client” program (which could avoid the time tracking and printing charges) not only in fee-charging counties, but also in those that didn’t charge at all.  This bolstered its argument that the harvester’s fee-avoidance was an unintended consequence of the defendant’s program.

Siding with the defendant, the court applied the CFAA restrictively.  It found that the Act’s aim is to punish those who access computers with the intention of deleting, destroying, or disabling information they find.

Attempting to avoid paying for minutes and printing fees – the “damage” alleged to have been done by the defendant here – wasn’t the type of damage contemplated by the CFAA.  The mere copying of electronic information from a computer system isn’t enough to satisfy the CFAA’s damage requirement.  18 U.S.C. § 1030(e)(8).

Trespass to Chattels

The plaintiff’s trespass to chattels claim was also rejected.  Trespass to chattel is an archaic legal doctrine aimed at protecting the integrity of someone’s personal property.  To successfully claim trespass to chattels, a plaintiff i must show “direct physical interference.”

The plaintiff’s claim that the defendant’s web harvester commands “physically touched” plaintiff’s computers and “substantially interfered” with plaintiff’s computer network wasn’t supported by the evidence.

The court noted that any interference was plaintiff’s claimed loss of subscription revenue and loss of goodwill.  These losses didn’t equal a physical threat to the proper functioning of plaintiff’s servers.

Afterwords:

Fidlar represents a court narrowly applying the CFAA so that it doesn’t cover the type of economic loss (e.g. subscription fees, etc.) claimed here by the plaintiff.  The case also amply illustrates that a successful CFAA claimant must show that its computer equipment or system was physically damaged or its data destroyed.  Otherwise, the proper remedy lies in a breach of contract or trade secrets violation.