TAKEAWAY: The Computer Fraud and Abuse Act incorporates traditional principles of tort causation, therefore, intervening or superseding cause can be an affirmative defenses to a CFAA claim.
In Denarii Systems, LLC v. Arab, 2013 WL 500826 (S.D. Fla. Feb. 11, 2013), the plaintiff brought a Computer Fraud and Abuse Act claim against the Defendants. One of the Defendants asserted intervening or superseding causation as an affirmative defense to the CFAA claim. The plaintiff then filed a Motion to Strike the affirmative defense which was pleaded as follows:
No action or inaction of Arab and/or Fuentes constituted the sole proximate, or joint proximate, cause of any of the injuries alleged by Denarii. Any damages allegedly suffered by Denarii were the result of superseding and intervening causes. To the extent Denarii suffered any damages, one or more individuals accessed its system or misappropriated its trade secrets, not the defendants. As such, a superseding and intervening cause forms the basis for the Complaint.
The plaintiff argued the affirmative defense should be stricken because it is only available in negligence cases and is inapplicable to statutory causes of action such as the CFAA. The Court disagreed and refused to strike the affirmative defense. It reasoned that,
In some CFAA cases, some courts have observed that at least with respect to costs incurred, “a CFAA plaintiff must . . . show . . . that the costs are `reasonable’ and that they were `caused’ by a CFAA violation.” Global Policy Partners, LLC v. Yessin, 686 F. Supp. 2d 642, 647 (E.D. Va. 2010). The court in Global Policy Partners, further noted that “the Supreme Court has construed federal statutes containing similar requirements [to the CFAA] to incorporate traditional principles of tort causation. . . .” Id. Thus, the undersigned cannot agree with the plaintiff’s position that causation is inapplicable to the statutory causes of action asserted in this action.
The lesson of Denarii Systems is that, if you are defending against a Computer Fraud and Abuse Act claim, (1) be sure to attack the causation link, and (2) make sure you plead intervening and supervening causation — as well as any other causation related defenses — as affirmative defenses.
If you have any questions or would like to talk computer fraud, data security or privacy, please feel free to give me a call (469.635.1335) or email me (firstname.lastname@example.org).
- Two Year Statute of Limitations of Computer Fraud and Abuse Act Accrued When Plaintiff “Suspected” Wrongdoing (shawnetuma.com)
- Court Implies Unknown “Backdoor Node” On Software Licensee’s Server To Monitor Infringement May Violate CFAA (shawnetuma.com)
- Employment Agreement Restrictions Determined Whether Employees Exceeded Authorized Access Under Computer Fraud and Abuse Act (shawnetuma.com)
- Another CFAA Case Dismissed Because Plaintiff Only Recited Elements in Complaint (shawnetuma.com)