Is there a difference in value of a businesses’ confidential information vis-a-vis copyrighted material? Is the taking of the former any less of a “loss” or “damage” to a business than the taking of the latter?
Or is it something else?
On April 1, 2011, I posted “Taking of Confidential Info Alone Not “Loss” Under CFAA” regarding the recent ruling in Direct Supply, Inc. v. Pedersen, No. 10-C-0278 (E.D. Wis. 2011) in which the court found that an employee’s unauthorized accessing, copying, and possessing confidential information–without more–does not constitute a “loss” to the employer under the Computer Fraud and Abuse Act, 18 U.S.C. § 1030, et. seq.
On April 6, 2011, another court added a twist to this issue. The United States District Court for the Southern District of California entered an Order permitting the Plaintiff to take immediate discovery in Liberty Media Holdings, LLC v. Does 1 – 59, No. 10-1823 (S.D. Cal. Apr. 6, 2011), a copy of which is available Here. The discovery implications of the court’s ruling isn’t the point of this post — the point is the court’s somewhat sua sponte analysis of whether the plaintiff’s claims could survive a motion to dismiss under Rule 12.
The Liberty Media case involves gay porn!
There. I said it. Snicker and laugh a little and then we can get into the real meat of the issue. Seriously … Liberty Media is the producer of a certain gay porn website (and no, I am not going to link to it — if you’re that interested, find it yourself). Liberty Media claims that various unknown people using certain identifiable IP addresses accessed it’s server and obtained its copyrighted materials by bypassing the necessary payment and login steps required by users of the website. Liberty Media sued alleging, inter alia, violations of the Computer Fraud and Abuse Act (“CFAA”).
In its April 6, 2011 Order explaining the basis for its ruling permitting the Plaintiff to take immediate discovery, the court analyzed whether Liberty Media’s claim under the CFAA could withstand a Rule 12 Motion to Dismiss. In analyzing the pleading of Liberty Media’s CFAA claim it stated the following:
Here, Plaintiff’s Complaint alleges that Defendants unlawfully and without authorization entered into its computer server, which was used in interstate commerce, where Plaintiff’s copyrighted materials were contained, stole Plaintiff’s copyrighted materials, valued in excess of $15,000, and as a result of such conduct, caused Plaintiff to suffer damage. Based on these facts, §1030(g) authorizes Plaintiff’s civil action. Therefore, it appears that Plaintiff has alleged the prima facie elements of a violation of 18 U.S.C. § 1030. As a result, the Court finds that Plaintiff’s action in this regard could withstand a motion to dismiss.
(Order p. 5). According to this court, the taking of copyrighted materials constitutes “damage” under the CFAA, and such an action could be maintained. Yet the court in Direct Supply found that a former employee’s taking of his former employer’s confidential information did not constitute a “loss” under the CFAA and, therefore, the action could not be maintained for, among other reasons, because
The “purpose of the Computer Fraud [and] Abuse Act (“CFAA”), 18 U.S.C. § 1030, is to punish individuals who destroy data and “the statute was not meant to cover the disloyal employee who walks off with confidential information.” Von Holdt v. A-1 Tool Corp., 714 F. Supp.2d 863 (N.D. Ill. 2010) (quoting Kluber Skahan & Assoc., Inc. v. Cordogen, Clark & Assoc., Inc., 2009 WL 466812 at *8 (N.D. Ill. 2009)).
Direct Supply, Inc. v. Pedersen, No. 10-C-0278 (E.D. Wis. 2011) (Order p. 3). Despite the statement above, the Direct Supply Court did look to see exactly what confidential information the Plaintiff specified as being taken and was not satisfied that the Plaintiff had satisfied its inquiry. We do not know, however, whether a specific delineation of such information would have satisfied the court or not; based upon the quoted language above, if I were a betting man, I’d say that given the tone of the court’s opinion, it would not have mattered.
Can we reconcile these two cases? Probably not, for several reasons:
- They were decided by different courts;
- One specified more clearly what was taken than did the other;
- One involves an analysis of the CFAA’s “damage” provision, the other, it’s jurisdictional “loss” requirement;
- One involves a direct (and presumably more thoroughly argued and briefed) motion to dismiss, the other a somewhat sua sponte analysis of whether the claims would survive a motion to dismiss;
- One involves the taking of copyrighted material, the other, confidential information; and
- Probably many other reasons …
In future cases, different courts may very well find that a plaintiff has a greater value in copyrighted materials than they do in their confidential and proprietary business information. Perhaps in other cases they may find the opposite, depending on the facts. A more through analysis of this issue would require the depth of a law review article and, therefore, is beyond the scope of this post. However, there are a couple of things that we can take from this:
- If the plaintiff has detailed facts of what was taken and how it is valued, it had better plead them;
- There are numerous discrete procedural issues involved in successfully maintaining a CFAA claim; and
- The development of case law under the CFAA is still in its infancy and it is important to keep abreast of how the law is developing and, sometimes, changing.
- Taking of Confidential Info Alone Not “Loss” Under CFAA (shawnetuma.com)
- Computer Fraud and Abuse Act Can Prohibit Employee From Deleting Emails (shawnetuma.com)
- What’s Happening in the Class Action Against Sony About Removing OtherOS? (groklaw.net)
- Former Employee’s Deletion of Data May Constitute CFAA “Damage” (shawnetuma.com)
- CFAA Not Subject to Rule 9 (shawnetuma.com)