Category: Litigation

January 28, 2008 Computer Crime, Litigation

Damage under CFAA must involve some diminution of the system to be actionable

Garelli Wong & Assoc. v. Nichols, No. 07-6227, 2008 WL 161790 (N.D. Ill. January 16, 2008)

A recent decision from the U.S. District Court for the Northern District of Illinois presents a pretty typical fact pattern (employee leaves with sensitive data to work for a competitor), but also gives some useful guidance on the scope of the Computer Fraud and Abuse Act, 18 U.S.C. 1030 et seq. (CFAA).

Plaintiff Garelli Wong and Associates provides temporary placement for accounting professionals. When defendant Nichols worked for Garelli, he signed an NDA and learned a lot about the company’s clients, employees and strategy.

So when Garelli learned that Nichols allegedly copied a bunch of information before jumping ship, it sued. In addition to breach of contract, Garelli claimed Nichols violated the CFAA.

Nichols moved to dismiss the CFAA claim pursuant to Fed. R. Civ. P. 12(b)(6). The court granted the motion. It held that the CFAA requires a plaintiff to plead both damage and loss, and that Garelli failed to sufficiently plead both.

The CFAA defines “damage” as “impairment to the integrity or availability of data, a program, a system, or information.” Citing approvingly to the unpublished case of ResDev v. Lot Builders, 2005 WL 1924743 (M.D. Fla. August 10, 2005), which held that the word “integrity” required “some diminution in the completeness or useability of data or information on a computer system,” the court sided with Nichols. He had contended that CFAA liability does not arise merely by copying data. A violation of the CFAA requires more — some adverse effect on the system.

Garelli’s loss allegation essentially got Twomblied. The court found that Garelli’s allegations of loss — essentially a formulaic recitation of the CFAA’s $5,000 threshold language — did not provide the grounds of the entitlement to relief with more than labels and conclusions.

January 22, 2008 Anonymity, Copyright, Litigation

Anonymous alleged infringer identified with little substantive inquiry into infringement claim

[In re Subpoena Issued Pursuant to the Digital Millennium Copyrigt Act to: 43SB.com, No. 07- 6236, 2007 WL 4335441 (D. Idaho, December 7, 2007).]

When the general counsel for Melaleuca, Inc. saw some negative content someone had posted about the company on the Web site 43rdstateblues.com, he sent a cease and desist letter demanding the content be removed. The letter, however, did not accomplish its intended purpose. Instead, the site owner posted the entire letter.

Melaleuca did not give up, but just adapted its strategy. It served a DMCA subpoena [see 17 U.S.C. §512(h)] on the site, seeking to identify the person who posted the letter “so that [Melaleuca] might seek redress for copyright infringement.” Melaleuca claimed that its copyright rights in the letter were infringed when it was posted online. (Claiming copyright in cease and desist letters is not a new tactic.  See, e.g., here and here.) 

The website moved to quash the subpoena, asserting, among other things, that the letter was not subject to copyright protection, and that the failure by Melaleuca to establish a prima facie case of copyright ownership was fatal to the subpoena.

The court denied the motion to quash. The Web site had argued that Melaleuca could not own a copyright in the letter, according to 17 U.S.C. 102(b)’s exclusion of “any idea, procedure, process, system, method of operation, concept, principle or discovery” form copyright protection. But the court rejected that argument.

Declining to “go into an in-depth analysis of the merits of a copyright infringement claim in determining whether to quash [the] subpoena,” the court found that Melaleuca’s copyright registration in the letter was sufficient to establish ownership of a valid copyright.  As for alleged copying, the court found that posting of the entire letter was sufficient.

There are a couple of interesting observations to be made from this decision.  First, unlike cases in which plaintiffs seek to uncover the identity of anonymous defendants accused of defamation [see here], this court gave – relatively speaking – little inquiry into the merits of the plaintiff’s case.  Perhaps it felt that such an analysis was not necessary given that the Copyright Office had already determined copyrightable subject matter to exist (when it issued the registration certificate).

A second interesting question arises when one considers how the court might have ruled had the defendant asserted fair use as a basis for the motion to quash. (Doesn’t it seem like posting a cease and desist letter on the Internet, ostensibly for eliciting public ridicule, is a transformative use?) Given the fact intensive inquiry of a fair use analysis, the court would have probably reached the same conclusion, if anything to put off the factfinding until later.  But would a court do that in other cases where the offending, anonymous use is more obviously fair?     

November 28, 2007 Anonymity, First Amendment, Litigation

Arizona state court adopts three part test for unmasking anonymous online speakers

Test adds an additional “balancing of the competing interests” element to the Cahill test

Mobilisa, Inc. v. Doe, — P.3d —-, 2007 WL 4167007 (Ariz. App. November 27, 2007)

Plaintiff filed suit in Washington state court against an anonymous (“John Doe”) defendant which it accused of violating the Computer Fraud and Abuse Act and the Stored Communications Act. Doe allegedly accessed the plaintiff’s computer system and obtained a copy of an “intimate” email which he forwarded to a number of people.

Plaintiff served a subpoena on Doe’s Arizona-based email provider, seeking to uncover Doe’s true identity. The email provider and Doe individually, through counsel, objected, but the Arizona court ordered that Doe’s identity be revealed. The court looked to the 2005 case of Doe v. Cahill which requires (1) that the anonymous party sought to be unmask be given notice of the proceedings, and (2) that the party seeking the identity of the anonymous party put forth sufficient facts to survive a motion for summary judgment.

Doe appealed the lower court’s order which required he be identified. On appeal, the Arizona Court of Appeals remanded the matter back to the trial court. It held that although the court correctly applied the two Cahill factors, it should have considered a third factor, namely, a balancing of the relative interests of the parties. Consideration of this third factor, the court held, would help ensure that the important First Amendment rights at issue in anonymous speech cases would be adequately protected.

November 20, 2007 Electronic Discovery, Litigation

No spoliation sanctions for deletion of email where CD copies had been made

Bakhtiari v. Lutz, — F.3d —-, 2007 WL 3377215 (8th Cir. November 15, 2007)

Not too many e-discovery (or any type of discovery) disputes get to the federal courts of appeal. But we have a recent decision from the Eighth Circuit that addressed the topic of “spoliation” when emails had been deleted.

A party in litigation is guilty of spoliation when the court finds that he or she “intentionally destroyed evidence with a desire to suppress the truth.” Greyhound Lines, Inc. v. Wade, 485 F.3d 1032, 1035 (8th Cir. 2007). Plaintiff Bakhtiari filed suit against the University of Missouri-Rolla and a number of administrators there, alleging Title VII and civil rights violations. He had been terminated from his position as a teaching assistant in the chemistry department.

Soon after Bakhtiari was terminated, but before he filed suit, the university’s IT staff backed up the contents of his email account onto two CDs. The university then allowed the messages to be deleted as part of “automated systems maintenance.” It turned over a copy of the CDs to Bakhtiari, but he claimed that large portions of data were missing.

At the trial court level, Bakhtiari claimed that the university should be sanctioned for spoliation for deleting the email messages from the server. The court denied this motion, however, and Bakhtiari sought review with the Eighth Circuit. On appeal, the court affirmed the denial of the motion.

The appellate court held that the lower court did not abuse its discretion in finding that the IT staff had taken appropriate steps to backup the data, and that Bakhtiari may himself have been responsible for the missing portions. Moreover, there was credible evidence that third parties had access to the account before the backups were made, and that Bakhtiari had asked that portions be deleted. Bakhtiari had failed to demonstrate, the court held, that the university acted with a “desire to suppress the truth.”

November 16, 2007 Copyright, Litigation

This case is not off to a good start

Windy City Marketing, Inc. v. Places Advertising, Inc., No. 07-6401 (N.D. Ill., filed November 12, 2007) [Download the complaint]

Windy City Marketing, a Chicago company, has filed a federal lawsuit against a startup competitor, Places Advertising, Inc. The suit alleges infringement of copyright allegedly owned by Windy City Marketing in certain bound marketing pieces called “inside chicago”. Windy City Marketing claims that Places Advertising has wrongfully copied the marketing materials and is distributing those to Windy City Marketing’s customers.

The big problem with the complaint is that there is no allegation that Windy City Marketing owns a registration in the works at issue. A quick read of Section 411 of the Copyright Act will reveal what’s wrong with this picture. You gotta have a registration before you can file a lawsuit for copyright infringement. For the plaintiff’s sake, thank goodness for Fed. R. Civ. P. 15.

November 15, 2007 Employment, Ethics, Litigation, Privacy

Be careful with email because your employer is “looking over your shoulder”

Workplace email policy destroyed attorney-client privilege

Scott v. Beth Israel Medical Center, — N.Y.S.2d —-, 2007 WL 3053351 (N.Y. Sup. October 17, 2007).

Dr. Scott, who used to work for Beth Israel Medical Center in New York, sued his former employer for breach of contract and a number of other different things. Before he was terminated, however, he had used his work email account to send messages to his attorneys, discussing potential litigation against Beth Israel.

When Dr. Scott found out that Beth Israel was in possession of these email messages, he asked the court to order that those messages be returned to him. He argued that they were protected from disclosure to Beth Israel under the attorney client privilege.

Beth Israel argued that they were not subject to the privilege because they were not made “in confidence.” There was an email policy in place that provided, among other things, that the computers were to be used for business purposes only, that employees had no personal right of privacy in the material they create or receive through Beth Israel’s computer systems, and that Beth Israel had the right to access and disclose material on its system.

Dr. Scott argued that New York law [CPLR 4548] protected the confidentiality. Simply stated, CPLR 4548 provides that a communication shouldn’t lose its privileged character just because it’s transmitted electronically.

The court denied Dr. Scott’s motion for a protective order, finding that the messages were not protected by the attorney client privilege.

It looked to the case of In re Asia Global Crossing, 322 B.R. 247 (S.D.N.Y. 2005) to conclude that the presence of the email policy destroyed the confidential nature of the communications. The policy banned personal use, the hospital had the right to review the email messages (despite Scott’s unsuccessful HIPAA argument), and Dr. Scott had notice of the policy.

The decision has implications for both individuals and the attorneys who represent them. Employees should be aware that when they are sending messages through their employer’s system, they may not be communicating in confidence. And attorneys sending email messages to their clients’ work email accounts, on matters not relating to the representation of the employer, must be careful not to unwittingly violate the attorney client privilege.

What’s more, although the decision is based on email communications, it could affect the results of any case involving instant messaging or text messaging through the company’s server.

August 14, 2007 Litigation

Looking for a suit coat that coordinates with pajama pants

Below is an excerpt from a recent decision in the case of Ideal Instruments, Inc. v. Rivard Instruments, Inc., a patent case from the Northern District of Iowa. [— F.Supp.2d —-, 2007 WL 2296407 (N.D. Iowa, August 10, 2007)] In the future we’ll think it quaint that this deserved special mention in the court’s written opinion. But I’m sure clients will appreciate the cost savings. And imagine trying a federal case while telecommuting!

The court held the Markman hearing in this case on August 3, 2007. The Markman hearing in this case was the first instance in which this court has conducted a hearing using teleconferencing and “webcasts” of the parties’ presentations over the internet. The court and the parties found that this procedure was also extremely effective in both presenting the parties’ arguments and saving the parties substantial sums in attorney fees and travel costs.

***

Owing to the last minute notice by the plaintiff of a desire to present materials using PowerPoint via a webcast and some technical difficulties with working out the procedure to surrender “moderator” rights from one party to the other, the parties actually presented separate, simultaneous webcasts, one for the plaintiff’s presentation and one for the defendants’ presentation, instead of a single webcast. In fact, the parties used different webcast hosts in this case: one used Netspoke and the other used Webex. The court and the parties each logged in to both webcasts at the beginning of the conference call, then switched between them as the parties made their arguments. Although not as elegant a procedure as a single webcast would likely have been, the simultaneous webcasts procedure was very effective, eliminated the technical difficulties in the short time available, and proved quite workable. One “glitch” that occurred when the plaintiff “timed out” of the defendants’ webcast was quickly remedied by the plaintiff logging back in. The parties had also taken the precaution of providing the court and each other with copies of their presentation slides by e-mail prior to the hearing, so that even when the plaintiff temporarily lost the defendant’s webcast, the plaintiff was able to follow the defendant’s presentation by using the copy that the plaintiff had received. The court heartily recommends requiring such a backup procedure when using technology, whether new or tested and true, even though “Murphy’s Law” has not yet been codified into the United States Code.

July 17, 2007 Litigation

Public policy concerns invalidate AOL forum selection clause

Dix v. ICT Group, Inc., — P.3d —-, 2007 WL 2003407 (Wash. July 12, 2007)

Dix v. ICT Group was one of the first decisions discussed here at Internet Cases back in early 2005. I wrote about the Washington appellate court’s decision in the case, which reversed a lower court’s dismissal of a class action suit against AOL under Washington’s Consumer Protection Act. The Washington Supreme Court has now affirmed the appellate court’s decision. The court held that the forum selection clause in AOL’s terms of service, which called for all consumer disputes to be heard in Virginia, should not be enforced, because to do so would be against public policy of the state of Washington.

The plaintiff AOL users claim that AOL violated the Washington state Consumer Protection Act by tricking them into signing up for additional AOL accounts. The trial court dismissed the action, on grounds that the suit should have been brought in a court in Virginia, according to AOL’s terms of service. But there is a substantial problem with the situation the dismissal created — Virginia does not recognize class action suits of the type being brought by the plaintiffs. The Washington plaintiffs were thereby denied the sort of remedy they could have obtained in Washington.

The appellate court and the state supreme court observed the significance of the various plaintiffs’ interests at stake. None of the plaintiffs alleged more than $250 or so in damages. So it would not be practicable for each individual plaintiff to seek recovery against AOL. The class action mechanism would be the best way to obtain recovery for small amounts among a large number of persons. The importance of this public policy outweighed the benefits of enforcement of the forum selection clause which, under U.S. Supreme Court authority, was presumptively valid. See, e.g., The Bremen v. Zapata Off-Shore Co., 407 U.S. 1, 10, 92 S.Ct. 1907, 32 L.Ed.2d 513 (1972).

October 27, 2006 Electronic Discovery, Evidence, Litigation, Privacy

Parties must use neutral forensics examiner in file-sharing case

Case highlights important privacy interests in electronic discovery dispute.

From Ray Beckerman, we learn of the U.S. District Court for the Eastern District of Texas’s decision on a motion to compel discovery filed by the recording industry against an accused file-sharer. While the defendant will have to submit her hard drive for forensic examination to see whether she had any copyrighted sound recordings stored on it, she will not have to turn it over to the recording industry’s forensic expert.

Instead, seeking to “balance the legitimate interests of both sides,” the court ordered the parties to select a neutral computer forensics expert to conduct the inspection. Such an approach, the court found, would protect the disclosure of the defendant’s personal information, such as personal correspondence, household financial matters, school homework, and perhaps attorney-client privileged information.

Although in theory this sounds like a reasonable approach to protect the confidentiality of the defendant’s information, one could be troubled by a particular part of the court’s decision. The order states that “the Plaintiffs shall have the right to suggest hard drive search methodologies to the neutral expert and the expert shall make every effort to utilize those methodologies.”

But there is nothing in the order giving the defendant the right or opportunity to object to those methodologies. With an obligation to “make every effort” to comply with the suggestions of the plaintiffs, just how neutral is that forensic examiner really going to be?

Sony BMG Music Entertainment et al. v. Arellanes, No. 05-CV-328 (E.D. Tex., October 27, 2006).

August 25, 2006 Copyright, Electronic Discovery, Litigation

Evidence-destroying defendant severely sanctioned in P2P file-sharing case

In the case of Arista Records v. Tschirhart, the U.S. District Court for the Western District of Texas has shown little mercy on a defendant accused by record companies of illegal file-sharing.

Knowing that a court order was in place requiring her to turn over her hard drive to be copied, the defendant allegedly used “wiping” software in an attempt to destroy all evidence of her illegal P2P file sharing. In response, the plaintiff record companies moved, pursuant to Fed. R. Civ. P. 37(b), for the most severe form of sanctions against the defendant – entry of default against her. The court granted the plaintiffs’ motion, and provided them with 30 days to submit a proposed order spelling out their damages.

Given that the record companies’ expert opined that the defendant had downloaded over 200 sound recordings during 2005, those requested damages will probably be substantial. Statutory damages under the Copyright Act can go as high as $150,000 per work infringed, in the most egregious cases.

In reaching its decision to enter default against the defendant, the court exercised its inherent power to do so, making a note of its obligation to act with “restraint and discretion.” It found that the defendant had acted in bad faith. That bad faith was exacerbated – and the default was further warranted – by the fact that the defendant herself was responsible for the destruction of evidence, that the deletion of the files destroyed the strongest evidence relevant to the plaintiff’s infringement claims, and that less drastic sanctions would not be appropriate.

Not only was the sanction intended to dissuade the plaintiff from destroying evidence in the future, it was intended to make an example out of her. Merely awarding the plaintiffs their attorney’s fees or giving the jury an adverse inference instruction at trial would not have been enough to remedy the situation. Given the defendant’s “blatant contempt” for the court and a “fundamental disregard for the judicial process,” only default would be an adequate punishment and deterrent to others considering similar conduct.

[Hat tip to Techdirt for posting on this case.]

Arista Records, LLC, v. Tschirhart, No. 05-372 (W.D. Tex., August 23, 2006).

Scroll to top