Greenburg v. Wray
2:22-cv-00122
D. Ariz.Jun 21, 2023Background:
- Amanda Wray ran a large Facebook group; Kimberly, Edmond, and Lindsay were members. Amanda’s spouse and other spouses were named to bind marital communities.
- Greenburg compiled records (photos, videos, social posts, background checks, his own commentary) in a Google Drive folder labeled the “CAN Folder,” shared with three people including his son.
- Greenburg’s son emailed screenshots from the CAN Folder to Kimberly; a photograph revealed the folder’s unique 68-character URL, and Greenburg was unaware a URL-only setting permitted access without logging in.
- Defendants used the disclosed URL to access the CAN Folder, downloaded, reorganized, deleted, and publicly disclosed its contents to the media.
- Greenburg sued under the CFAA § 1030(a)(2) alleging unauthorized access to a protected computer and $5,000+ aggregate loss; Defendants moved to dismiss the second amended complaint (SAC).
- The court found the CFAA claim plausible and denied dismissal as to Count I, but dismissed Counts II (civil conspiracy) and III (aiding and abetting) for failure to state Arizona-law claims.
Issues:
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Whether Defendants accessed Greenburg's Google Drive/CAN Folder "without authorization" under the CFAA | Access via the non-guessable 68-character URL, which was otherwise accessible only to four password-protected accounts, was unauthorized; inadvertent disclosure of URL did not grant authorization | Disclosure of the URL and lack of password protection mean access was authorized or not unlawful; accessing a single folder (not the whole Drive) weakens unauthorized-access claim | Court: Denied dismissal of CFAA claim — allegations make unauthorized access plausible; close call but survives pleading stage |
| Whether new factual allegations in the SAC materially change the prior analysis | New details (access to a single folder, multiple entry points) support finding of unauthorized access | New details materially alter the picture and warrant dismissal | Court: New allegations do not materially change the analysis; CFAA claim remains plausible |
| Whether additional authorities cited by Defendants require dismissal | Greenburg argues prior ruling and pleading standard control; discovery is needed | Defendants cite cases (e.g., Salinas, Ryanair) to show lack of protection and entitlement to dismissal | Court: Cited cases do not compel dismissal at motion-to-dismiss stage; factual development through discovery required |
| Whether Counts II and III (civil conspiracy and aiding & abetting under Arizona law) are adequately pleaded | Conspiracy and aiding/abetting flowed from the CFAA violation and related acts | A civil-conspiracy claim requires an underlying tort; CFAA is a federal statutory claim, not an Arizona tort; aiding/abetting insufficiently distinct from the primary conduct | Court: Dismissed Counts II and III — CFAA is not a state-law tort and pleading did not distinguish primary tortfeasor vs. aider/abettor |
Key Cases Cited
- Ashcroft v. Iqbal, 556 U.S. 662 (pleading standard; courts need not accept legal conclusions as true)
- Bell Atl. Corp. v. Twombly, 550 U.S. 544 (plausibility pleading standard)
- LVRC Holdings LLC v. Brekka, 581 F.3d 1127 (Ninth Circuit elements for a § 1030(a)(2) CFAA claim)
- hiQ Labs Inc. v. LinkedIn Corp., 31 F.4th 1180 (Ninth Circuit discussion of authorization under the CFAA)
- Theofel v. Farey-Jones, 359 F.3d 1066 (inadvertent disclosure of information does not automatically confer authorization)
- In re Bill Johnson's Restaurants, Inc., 255 F. Supp. 3d 927 (Arizona civil-conspiracy requires an underlying tort)
- Merritt v. Arizona, 425 F. Supp. 3d 1201 (elements for Arizona aiding-and-abetting claims)