In a change of course for cases applying the Computer Fraud and Abuse Act, a California District Court has made it more difficult for plaintiffs to plead a case for violation of the CFAA by subjecting it to the heightened pleading requirement of Rule 9 which requires the plaintiff to allege the who, what, when, where, and how of the alleged fraudulent conduct as well provide an explanation as to why a statement or omission complained of was false and misleading.
In March of 2011, I blogged about Facebook, Inc. v. MaxBounty, Inc., a case in which a court specifically found that claims under the Computer Fraud and Abuse Act are not subject to the heightened pleading requirement of Rule 9. (CFAA Not Subject to Rule 9) That has been the trend for how courts have treated the CFAA every since then but, on December 3, 2012, another court analyzed the law and decided to handle it differently.
In Oracle America, Inc. v. Service Key, LLC, the United States District Court for the Northern District of California issued an Order in which it analyzed prior courts’ treatment of this issue and found that the CFAA claim must be pleaded with particularity under Rule 9(b) which requires that common law fraud claims be pleaded with particularity. The Court began by looking at Rule 9(b) and, more importantly, the reason for the rule. Federal Rule of Civil Procedure 9(b) requires that
[i]n alleging fraud or mistake, a party must state with particularity the circumstances constituting fraud or mistake. The purpose of this rule is to ensure that defendants accused of the conduct specified have adequate notice of what they are alleged to have done, so that they may defend against the accusations. Without such specificity, defendants in these cases would be put to an unfair disadvantage, since at the early stages of the proceedings they could do no more than generally deny any wrongdoing. Concha v. London, 52 F.3d 1493, 1502 (9th Cir. 1995).
The Court then looked to 9th Circuit precedent, Kearns v. Ford Motor Co., 567 F.3d 1120 (9th Cir. 2009), that found “Rule 9(b) nonetheless applies where ‘a unified course of fraudulent conduct is alleged’ as the basis of the claim. Such claims are ‘said to be “grounded in fraud” or to “sound in fraud,” and the pleading as a whole must satisfy the particularity requirement of Rule 9(b).'” Id. at 1125. The Court then looked to the underlying facts of Oracle’s claim and found the Computer Fraud and Abuse Act claims were “grounded in fraud” or “sound in fraud” and, therefore, were subject to the Rule 9(b) heightened pleading standard.
The basis for the MaxBounty decision, and other decisions finding CFAA claims were not subject to rule 9(b) was because it is well settled that the “fraud” referred to in the CFAA is not the same “fraud” as common law fraud; to defraud under the CFAA simply means wrongdoing and does not require proof of common law fraud. The Oracle Ameica decision did not specifically disagree with that underlying proposition, however, it did find the cases cited by Oracle had not taken Kearns into account. The court found those decisions unpersuasive and, instead, held that the pleadings asserting claims under the Computer Fraud and Abuse Act “must allege ‘the who, what, when, where, and how’ of the alleged fraudulent conduct and ‘set forth an explanation as to why [a] statement or omission complained of was false and misleading.'”
Should you or anyone you know need assistance in dealing with possible claims under the Computer Fraud and Abuse Act or just want to talk about the law in general, please feel free to give me a call (469.635.1335) or email me (firstname.lastname@example.org) and I will be more than happy to talk with you!
-Shawn E. Tuma