NovelPoster v. Javitch Canfield Group
140 F. Supp. 3d 954
N.D. Cal.2014Background
- NovelPoster amended its CFAA and CDAFA claims after an initial order granting defendants’ first judgment on the pleadings.
- Defendants allegedly gained and maintained control of NovelPoster’s online accounts, changing passwords without authorization in 2013 and locking NovelPoster out for months.
- Defendants continued to access NovelPoster’s accounts and misrepresented authorization to vendors during the control period.
- NovelPoster alleges substantial damages including impairment of data, time and costs to restore and assess damages, and lost revenue from disrupted website operations.
- Defendants eventually turned over most passwords in January 2014 but deleted certain email accounts and communications during the period of control.
- NovelPoster’s First Amended Complaint seeks CFAA and CDAFA relief, with specific loss and damage allegations supporting a $5,000 threshold for CFAA claims.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| CFAA damage and loss sufficiency | Damage and loss alleged exceed $5,000 and include data impairment and costs. | No adequate pleading of CFAA damage or loss tied to the alleged violations. | First Amended Complaint adequately pleads CFAA damage and loss. |
| CFAA “without permission” and damage to data | Defendants accessed without authorization and caused data unavailability, constituting damage. | Disagree that data unavailability constitutes CFAA damage or that there was unauthorized access. | Allegations support CFAA damage through impairment of data and unauthorized access. |
| CDAFA damage and loss sufficiency | CDAFA has no $5,000 minimum; damage or loss suffices. | Same allegations do not justify relief under CDAFA. | CDAFA claims survive; damages allegation meets CDAFA standard. |
| Without permission under CDAFA (502(c)) | Defendants exceeded authorization by changing passwords and denying access; also applicable under 502(c)(5) for disruption of services. | Power Ventures-like barrier-overcoming requirement limits CDAFA liability; 502(c) defenses apply. | NovelPoster may proceed on 502(c)(5) and 502(c)(1)-(4) and (7) at pleading stage; sufficient to show “without permission” and overcame barriers. |
Key Cases Cited
- Capitol Audio Access, Inc. v. Umemoto, 980 F. Supp. 2d 1154 (E.D. Cal. 2013) (CDAFA damages do not have a $5,000 minimum)
- Mintz v. Mark Bartelstein & Associates, Inc., 906 F. Supp. 2d 1017 (C.D. Cal. 2012) (loss includes costs of investigating intrusions and remedial measures)
- Mintel Int’l Grp., Ltd. v. Neergheen, 2010 WL 145786 (N.D. Ill. Jan. 12, 2010) (loss pleading standards under CFAA)
- Multiven, Inc. v. Cisco Sys., Inc., 725 F. Supp. 2d 887 (N.D. Cal. 2010) (data damage can be found even without physical data change)
- Doyle v. Taylor, 2010 WL 2163521 (E.D. Wash. 2010) (damage under CFAA subject to data impairment or interruption of service)
- Del Monte Fresh Produce, N.A., Inc. v. Chiquita Brands Int’l Inc., 616 F. Supp. 2d 805 (N.D. Ill. 2009) (CFAA damage requires impairment or disruption; data copying alone not enough)
- SKF USA, Inc. v. Bjerkness, 636 F. Supp. 2d 696 (N.D. Ill. 2009) (loss must relate to investigation or repair after data impairment)
- T-Mobile USA, Inc. v. Terry, 862 F. Supp. 2d 1121 (W.D. Wash. 2012) (data need not be physically changed to be damaged under CFAA)
- Weingand v. Harland Financial Solutions, Inc., 2012 WL 2327660 (N.D. Cal. 2012) (diverges on CDAFA barrier-overcoming interpretation; not mandatory)