Computer Fraud and Abuse Act Claims Versus State Equivalents and Sufficiently Pleading Digital Claims
Posted By: Geoff Morris
In Capitol Audio Access, Inc. v. Umemoto, the United District Court, Eastern District of California, granted in part and denied in part the Defendant’s Fed.R.Civ.P. Rule 12(b)(6) Motion to Dismiss. The court dismissed the Plaintiff’s Computer Fraud and Abuse Act (“CFAA”), Stored Communications Act (“SCA”), and trespass claims. However, the court denied the Defendant’s attempts to dismiss the Plaintiff’s Federal copyright infringement, California trade secret, and California Comprehensive Computer Data Access and Fraud Act (“CCCDAFA”) claims. The case gives lessons on the differences between the CFAA and state equivalents and on how to sufficiently plead trespass on chattel claims in a digital context.
The claims arise from the Defendant’s purchase of a single user annual access Capitol’s Morning Report (“the Report”). Capitol alleged that the Defendant copied and distributed various daily Reports. Further, Capitol alleged that the Defendant shared the username and password to other persons in contravention to the User License.
First, Umemoto sought to have the copyright infringement claim dismissed because Capitol’s copyright registration for the disputed material was applied for, but not granted. The Court held that only a filing for registration is required to bring a copyright suit.
Second, Umemoto asserted that Capitol did not suffer damages required under the CFAA. The Court held that Capitol did not identify any impairment under 18 U.S.C. § 1030(e)(8) or lost revenue due to an interruption of service under 18 U.S.C. § 1030(e)(11). The Court reasoned that mere lost potential revenue is insufficient, on its own, to establish damages required by the CFAA.
Third, Umemoto sought to have the California Trade Secret claim dismissed because the Report, the username, or the password was not a Trade Secret. The Court rejected this argument and held that the Plaintiff had sufficiently pled facts to establish a trade secret claim. The Court reasoned that a trade secret could encompass the Report and the password. The Court noted that California’s Trade Secret law provided that a trade secret “[d]erives independent economic value … from not being generally known to the public’ and ‘is the subject of efforts that are reasonable under the circumstances to maintain its secrecy’ is entitled to trade secret protection.” (internal citations omitted). The Court recognized that Capitol’s User License prohibits the sharing of passwords and the distribution of the Report.
Fourth, in a quick statement, the Court dismissed Capitol’s SCA claim because Capitol did not assert that it was either a remote computer service or an electronic communication service as required under the SCA.
Fifth, Umemoto attempted to assert that Capitol’s CCCDAFA claims failed for similar reasons as its CFAA claims. However, the Court held that CCCDAFA’s made a “knowing access and without permission tak[ing], cop[ing], or mak[ing] use of any data” a public offense. The Court reasoned that Capitol sufficiently plead facts to allege a CCCDAFA claim.
Lastly, Umemoto sought to have the trespass claim dismissed. The Court dismissed the claim because the Capitol did not state a claim of trespass on chattels. The Court was not persuaded by Capitols claims that access behind a website’s paywall was sufficient for a trespass on chattels.
In conclusion, several points are raised by this case. First, even if a claim cannot be made under the CFAA, there may be a similar claim available under state law. Further, courts may be open to accepting that passwords and content stored behind a paywall may be trade secrets. Lastly, education continues to be required on the issue trespass on chattels in the digital context. If Capitol had claimed, and sufficiently plead as it appears it could, that the unauthorized use of server processing and data throughput were trespass on chattels. Server processing, while seemingly fast, does constitute actual use of physical mechanical and electrical components. Further, many internet service providers (“ISPs”) limit, or charge based on, the amount of data downloaded from a server. Therefore, Capitol has a right of use of physical infrastructure for the data to move from the server into the broad internet. Therefore, Umemoto’s apparent unauthorized use seems to be trespass on chattels.