Case: Absolute Energy Solutions, LLC v. Trosclair, 2014 WL 360503 (S.D. Tex. Feb. 3, 2014)
Disputed issue of whether access was authorized for CFAA claim cannot be decided on motion to dismiss.
Access Principles
Motion to dismiss Computer Fraud and Abuse Act claim arguing that plaintiff’s allegations that defendants were not authorized to access plaintiff’s computers were wrong and defendants actually were authorized to access the computers, raised a factual dispute that could not be decided on a motion to dismiss.
The elements to a Section 1030(a)(2) claim require a plaintiff to show that a defendant: (1) intentionally accessed a computer, (2) without authorization or exceeding authorized access, and that he (3) thereby obtained information, (4) from any protected computer, and that (5) there was loss to one or more persons during any one-year period aggregating at least $5,000 in value.
The elements to a Section 1030(a)(4) claim require a plaintiff to show that a defendant: (1) accessed a protected computer, (2) without authorization or exceeding such authorization that was granted (3) knowingly and with intent to defraud, and thereby (4) furthered the intended fraud and obtained anything of value, causing (5) a loss to one or more persons during any one-year period aggregating at least $5,000 in value.
Intended Use Theory: The Fifth Circuit stated that “[a]ccess to a computer and data that can be obtained from that access may be exceeded if the purposes for which access has been given are exceeded.” quoting United States v. John, 597 F.3d 263, 272 (5th Cir. 2010).
Loss Principles
To satisfy the loss requirement and state a civil claim under the CFAA, plaintiff is not required to allege details or the exact nature of the loss. Rather, plaintiff must simply allege sufficient damages to establish that the elements of a 18 U.S.C. § 1030(g) claim have been met.