674 F. Supp. 2d 1102 | D. Minnesota | 2009
Brenda CZECH, individually and on behalf of a class of similarly situated individuals, Plaintiff,
v.
WALL STREET ON DEMAND, INC., a Delaware Corporation, and John Does, Defendants.
United States District Court, D. Minnesota.
*1104 Matthew R. Salzwedel, Esq., and Robert K. Shelquist, Esq., Lockridge Grindal Nauen PLLP, and Myles McGuire, Esq., KamberEdelson, LLC, counsel for Plaintiff.
Glenn M. Salvo, Esq., J.D. Jackson, Esq., and Lola Velazquez-Aguilu, Esq., Dorsey & Whitney, LLP, counsel for Defendant Wall Street on Demand.
MEMORANDUM OPINION AND ORDER
DONOVAN W. FRANK, District Judge.
INTRODUCTION
This matter is before the Court on Defendant Wall Street on Demand, Inc.'s motion to dismiss for failure to state a claim (Doc. No. 24). For the reasons stated below, this Court grants in part and denies in part the motion and dismisses Plaintiff Brenda Czech's federal claims with prejudice, but dismisses her state-law claims without prejudice.
FACTUAL AND PROCEDURAL BACKGROUND
Czech commenced this action on behalf of herself and a proposed class after receiving unwanted text messages on her cell phone that were sent by Defendant Wall Street on Demand ("WSOD"). As alleged in Czech's Second Amended Complaint, WSOD provides custom websites, reports, and tools for financial services industry customers, who in turn use WSOD's products to provide their clients or end-users with the ability to request and receive financial information. One service WSOD provides its customers is financial information sent via electronic text messaging to wireless devices owned by the customers' end-users. Specifically, WSOD allows customers to subscribe to a Watch List Alert, such that WSOD can forward text messages to the customers' end-users' wireless devices, such as cell phones. WSOD allegedly does not track recycled or cancelled wireless telephone numbers and, as a result, text messages are sometimes sent to persons who have not subscribed to receive Watch List Alerts.
Czech alleges that she began receiving unwanted text messages from WSOD on her cell phone after she purchased a new cell phone service plan from an established national carrier. Czech asserts that she has received unwanted text messages from WSOD as recently as February 2008. As a result, Czech alleges that she incurred fees and charges related to her receipt of those messages, although she does not allege the amount of those charges or attach a bill for those charges. Czech asserts that she did not stop receiving the messages from WSOD until she contacted a lawyer, who in turn contacted WSOD.
In January 2009, Czech, on behalf of herself and a proposed class, commenced this action against WSOD and other unnamed defendants, alleging (1) claims for violations of three provisions of the Computer Fraud and Abuse Act ("CFAA"), 18 U.S.C. § 1030; (2) a claim for trespass to chattels; and (3) a claim for unjust enrichment. After Czech filed an Amended Complaint and WSOD filed its Answer, WSOD moved for judgment on the pleadings. This Court denied that motion without prejudice and granted Czech thirty days to amend her Complaint. (Doc. No. 21.) After she filed her Second Amended *1105 Complaint, WSOD filed the present motion to dismiss with prejudice for failure to state a claim.
DISCUSSION
The present civil action raises the interesting question of whether the Computer Fraud and Abuse Act which was originally enacted as a criminal law prohibiting such actions as damaging another's computer system or stealing information from it, 18 U.S.C. § 1030 (Supp. II 1984) presently extends to permit a claim for damages and injunctive relief, now that it also authorizes civil actions under certain conditions, against one who has sent unwanted text messages to another's cell phone. An annoyance? Quite possibly. The basis for a civil action under either subsection 1030(a)(2)(C), subsection 1030(a)(5)(A), or subsection 1030(a)(5)(C) of the CFAA? The Court thinks not.
I. Rule 12(b)(6) and Pleading Standards
In deciding a motion to dismiss pursuant to Rule 12(b)(6), a court assumes all facts in the complaint to be true and construes all reasonable inferences from those facts in the light most favorable to the complainant. Morton v. Becker, 793 F.2d 185, 187 (8th Cir.1986). In doing so, however, a court need not accept as true wholly conclusory allegations, Hanten v. Sch. Dist. of Riverview Gardens, 183 F.3d 799, 805 (8th Cir.1999), or legal conclusions drawn by the pleader from the facts alleged, Westcott v. City of Omaha, 901 F.2d 1486, 1488 (8th Cir.1990). A court may consider the complaint, matters of public record, orders, materials embraced by the complaint, and exhibits attached to the complaint in deciding a motion to dismiss under Rule 12(b)(6). Porous Media Corp. v. Pall Corp., 186 F.3d 1077, 1079 (8th Cir.1999).
To survive a motion to dismiss, a complaint must contain "enough facts to state a claim to relief that is plausible on its face." Bell Atl. Corp. v. Twombly, 550 U.S. 544, 545, 127 S. Ct. 1955, 167 L. Ed. 2d 929 (2007). Although a complaint need not contain "detailed factual allegations," it must contain facts with enough specificity "to raise a right to relief above the speculative level." Id. at 555, 127 S. Ct. 1955. As the United States Supreme Court recently reiterated, "[t]hreadbare recitals of the elements of a cause of action, supported by mere conclusory statements," will not pass muster under Twombly. Ashcroft v. Iqbal, ___ U.S. ____, 129 S. Ct. 1937, 1949, 173 L. Ed. 2d 868 (2009) (citing Twombly, 550 U.S. at 555, 127 S. Ct. 1955). In sum, this standard "calls for enough fact[s] to raise a reasonable expectation that discovery will reveal evidence of [the claim]." Twombly, 550 U.S. at 556, 127 S. Ct. 1955.
II. Earlier Proceedings
In its earlier Order, the Court concluded by noting that it "has serious doubts concerning the future viability of Czech's CFAA claim[s]." (Doc. No. 21 at 11.) The Court agreed with WSOD that with respect to each of Czech's three particular claims under the CFAA, Czech had only offered "a formulaic recitation of the statute." (Id. at 8, 10.)[1]
WSOD now contends that Czech's "Second Amended Complaint contains nothing truly new" that adequately responds to the Court's earlier-expressed concerns. (Doc. No. 35 at 1.) WSOD argues that the *1106 present Complaint (1) "does not say how many so-called unwanted text messages she received" (but rather only claims "they were `numerous'"); (2) "does not say that she lost use of her cell phone, even temporarily"; (3) "does not say that the text messages filled her phone's memory preventing her from receiving `wanted' text messages"; and (4) "does not say that her use of her cell phone was hindered in any way" or that she actually incurred any extra charge due to the unwanted text messages from WSOD. (Id. at 1-2.)
At thirty-three pages, Czech's Second Amended Complaint is plainly longer than the earlier sixteen-page version that this Court dismissed as inadequate, but much of the new material simply provides background discussion of cell phone and text-messaging technology and the various problems wireless customers might experience. (Doc. No. 23, ¶¶ 32-34 (asserting potential for criminal fraud).) While this Court does not disagree that unwanted text messages, like spam e-mail, are an annoyance, whether receipt of such messages can establish a civil action under the CFAA is, of course, a different question.
III. The CFAA and Claims For Receiving Unwanted Text Messages
Although the CFAA originated purely as a criminal statute, and primarily remains so to this day, it now extends a private cause of action to any individual "who suffers damage or loss by reason of a violation of" the Act's prohibitions. 18 U.S.C. § 1030(g).[2] Moreover, to bring a civil action under the CFAA, a plaintiff must show a violation of one of the CFAA's substantive provisions, as set forth in § 1030(a), and also establish that such "conduct involves 1 of the factors set forth in subclauses (I), (II), (III), (IV), or (V) of subsection (c)(4)(A)(i)." Id.[3]
A. Elements of CFAA Civil Actions and Czech's Particular Claims
WSOD now asserts that Czech's various CFAA claims fail to state a claim for four reasons: (1) Czech fails to allege WSOD accessed her cell phone without authorization; (2) Czech fails to allege WSOD acted with criminal intent; (3) Czech fails to allege WSOD obtained information from her cell phone; and (4) Czech fails to allege WSOD caused damage to her cell phone. (Doc. No. 35 at 5-6.)[4] At the *1107 outset, Czech takes issue with WSOD's recitation of the purported elements of her three CFAA claims, contending that she need not plead both that WSOD obtained information from, and caused damage to, her cell phone for each of her particular CFAA claims. (Doc. No. 37 at 3.)
Plaintiff asserts three specific claims under the CFAA: (1) a claim for the unauthorized obtaining of information from a cell phone in violation of 18 U.S.C. § 1030(a)(2)(C) the "information claim"; (2) a claim for intentionally causing "damage" to a cell phone by a "transmission" in violation of 18 U.S.C. § 1030(a)(5)(A) the "transmission claim"; and (3) a claim for causing "damage" (and perhaps also "loss") to a cell phone by intentionally accessing that phone without authorization in violation of 18 U.S.C. § 1030(a)(5)(C) the "access claim." (Doc. No. 23, ¶¶ 90-92.)
The elements of each of these particular claims under the CFAA differ somewhat. With respect to Czech's two CFAA claims under Section 1030(a)(5), a transmission claim under subsection 1030(a)(5)(A) imposes liability on:
(a) Whoever
...
(5)(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer.
18 U.S.C. § 1030(a)(5)(A) (2008) (emphasis added).[5] The statute defines "damage" as "any impairment to the integrity or availability of data, a program, a system, or information." Id. § 1030(e)(8).[6]
Somewhat similarly, an access claim under subsection 1030(a)(5)(C) imposes liability on:
(a) Whoever
...
(5)(C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss.
18 U.S.C. § 1030(a)(5)(C) (2008) (emphasis added).[7] The statute does not define "accesses." As noted above, the statute essentially defines "damage" as "any impairment" to the cell phone. It separately defines "loss" as
*1108 any reasonable cost to any victim, including the costs of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of services.
Id. § 1030(e)(11). Thus, while "damage" pertains to a physical or operational impairment of the device, "loss" concerns any pecuniary cost incurred by the device's owner.
Finally, with respect to her information claim, subsection 1030(a)(2)(C) of the CFAA imposes liability on:
(a) Whoever
. . .
(2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains
. . .
(C) information from any protected computer.
18 U.S.C. § 1030(a)(2)(C) (2008). The statute does not define either "obtains" or "information." As Czech correctly notes, neither her transmission claim nor her access claim, unlike her information claim, requires that WSOD "obtain" any "information" from her phone when engaging in the prohibited conduct.
As Czech also correctly notes, her information claim, unlike her other two CFAA claims, does not itself require that WSOD has caused "damage" to her phone by obtaining such information. But the private right of action provision of the CFAA limits any civil action under "this section" to one who "suffers damage or loss by reason of a violation of" the Act's prohibitions. 18 U.S.C. § 1030(g).[8] In short, every claim, including her information claim under subsection 1030(a)(2)(C), requires either directly by the substantive terms of the claim itself or indirectly by the requirements of Section 1030(g) either "damage" or "loss." See SKF USA, Inc. v. Bjerkness, 636 F. Supp. 2d 696, 720 (N.D.Ill.2009) (concluding that "damage or loss" requirement of subsection 1030(g) applies to claim under subsection 1030(a)(2)(C)); America Online, Inc. v. Nat'l Health Care Discount, Inc., 121 F. Supp. 2d 1255, 1276 (N.D.Iowa 2000) (noting that "it appears the elements of a claim under subsection (a)(2)(C) have been met," but concluding that "[n]evertheless, even having reached this conclusion, we again arrive at the issue of damages" and denying summary judgment for plaintiff because plaintiff had not made the requisite damage showing).
As noted above, however, the civil action provision also requires, in addition to "damage or loss" due to an underlying substantive violation of the statute, conduct involving one of the five factors of subsection (c)(4)(A)(i). 18 U.S.C. § 1030(g) (2008).[9] Although the current *1109 version of the statute built over the years by accretion through various amendments is arguably not a model of clarity with respect to the requirements for civil damages actions, the Court concludes that the requirement of subsection 1030(g) that a civil action plaintiff suffer "damage or loss" as a result of a violation is separate from the requirement that such a plaintiff show that the violative conduct involves one of the five factors of subsection (c)(4)(A)(i). See P.C. of Yonkers, Inc. v. Celebrations! The Party and Seasonal Superstore, LLC, 2007 WL 708978, at *4-6 (D.N.J. Mar. 5, 2007) (explaining that subsection 1030(g) "sets forth a two-part injury requirement," (1) a "root injury of damage or loss; and (2)... one of five operatively-substantial effects" (emphases added)).[10]
This is not to say that there is never any interaction between the two separate requirements. Here, for purposes of the five factors of subsection (c)(4)(A)(i), Czech has alleged an aggregate "loss" of at least $5,000 as required by subsection (c)(4)(A)(i)(I). Thus, where (as here) a plaintiff adequately pleads a "loss" under subsection (c)(4)(A)(i)(I), such allegations would seem to also satisfy the requirement confining civil actions to one "who suffers damage or loss."[11]
In sum, a civil action under subsection 1030(g) of the CFAA requires: (1) establishing the elements of the particular substantive (criminal) offense under subsection 1030(a); (2) establishing that the plaintiff suffered "damage or loss" as a result of such a violation (although some, but not all, such offenses themselves already require "damage" and one now requires "damage and loss"); and (3) establishing one of the five types of conduct specified under subsection (c)(4)(A)(i), which are also required under subsection 1030(g) (some of which might also constitute "damage" or "loss").
Thus, for purposes of civil liability under the CFAA, Plaintiff's particular claims here require that she establish "damage" or "loss" as follows:
her information claim requires "loss" (by virtue of her having premised her *1110 civil action on the "loss" factor under the private cause of action clause);
her transmission claim as well as her access claim requires "damage" (by virtue of their own terms) and "loss" (by virtue of her having premised her civil action on the "loss" factor under the private cause of action clause); and,
to the extent her access claim involves access occurring after the September 2008 amendments, such a claim requires "damage and loss" (by virtue of its own terms, the civil action clause requiring only "damage or loss").
In its previous Order, this Court addressed an issue of statutory interpretation regarding the one type of conduct (from the five possible "factors" available under subsection 1030(g)'s incorporation of subsection (c)(4)(A)(i)) on which Czech premised her civil action an aggregate loss of "at least $5,000 in value" and concluded that "Czech has sufficiently alleged this element of the CFAA." (Doc. No. 21 at 7.) But because it is clear that the parties had presented only an issue of statutory interpretation, in resolving which of two possible readings Congress intended, this Court (by agreeing with Plaintiff's reading) was not ruling that her allegations of such an aggregate loss met the applicable pleading standard under Rule 12(b)(6) as construed by Twombly and Iqbal.
The allegations of her previous Complaint on this point were as formulaic and conclusory as those addressing the substantive violations under subsection 1030(a). (Doc. No. 9, ¶ 56 (merely asserting that Czech and other class members have suffered aggregate damages of at least $5,000 as required by subsection 1030(c)(4)(A)(i)(I)).) And consistent with its general conclusion that the earlier complaint was lacking the requisite specific facts, the Court noted that while Czech "alleges that she incurred fees and charges related to her receipt of the unwanted text messages, "she does not allege the amount of those charges or attach a bill for those charges." (Doc. No. 21 at 2.) In short, adequate facts plausibly establishing such "losses" must still be pled.[12]
Accordingly, to survive the present motion to dismiss, Czech must adequately plead sufficient facts plausibly showing: (1) a violation of any of the three substantive provisions under subsection 1030(a) on which she relies; (2) "damage or loss" as a result of such a violation; and (3) an aggregate loss of at least $5,000. But as noted above, while maintaining a civil action for any violation of the CFAA requires a showing of a resulting "damage or loss," for purposes of the particular claims of the present action, satisfying requirement (3) by adequately pleading facts showing an aggregate $5,000 loss would also satisfy requirement (2), which requires pleading "damage or loss" suffered as a result of a violation of the CFAA.
B. Czech's Information Claim and Whether WSOD Obtained Information From Czech's Cell Phone
To plead an "information claim" under the CFAA, Czech must first satisfactorily allege facts that WSOD "intentionally accesse[d]" Czech's cell phone "without authorization or" by exceeding "authorized access, and thereby obtain[ed] ... information from" the cell phone. Although WSOD also disputes the sufficiency of Czech's allegations that WSOD intentionally gained unauthorized access to her cell *1111 phone, the Court will first address the element that WSOD obtained information from the cell phone.
In its earlier Order, the Court agreed with WSOD that Czech's Amended Complaint "merely offers a formulaic recitation of the statute, which is insufficient under Twombly, 550 U.S. at 545 [127 S. Ct. 1955]." (Doc. No. 21, at 8.) In the Amended Complaint that this Court found deficient, Czech had alleged that WSOD
intentionally accessed without authorization and/or exceeded the authorized access to [Czech's] cellular telephone and the wireless devices of the other members of the Class by sending them unauthorized Watch List Alert text messages, thereby obtaining information from those wireless devices.
(Doc. No. 9 (Am. Compl.) ¶ 52.) Czech defended the earlier Complaint by contending that WSOD obtained information from her and other class members by, among other things, "obtaining operation and storage capacity, bandwidth, and memory from their wireless devices" and by receiving a "receipt or delivery notification" from the wireless devices after the text messages were sent. (Doc. No. 16 at 11 (citing Am. Compl. ¶¶ 17, 24).) In rejecting those arguments, the Court noted that
although Czech further alleges that WSOD's messages (1) caused the wireless devices to slow in operation; (2) consumed bandwidth; (3) depleted the wireless devices' memory; and (4) frustrated users (id. at ¶ 24), these allegations are insufficient to allege that WSOD actually obtained information from Czech's cell phone. There are no allegations concerning how WSOD gained information from Czech, even assuming her cell phone was slowed or its memory depleted. Moreover, Czech's frustration with the receipt of unwanted text messages in no way allows WSOD to gain information from Czech. Finally, assuming WSOD's messages did indeed consume bandwidth, there are no allegations in the Amended Complaint concerning how consumption of a cell phone carrier's bandwidth results in the obtaining of information about an end-user from his or her device.
(Doc. No. 21.)
In support of her newly-amended allegations that WSOD "obtained information" in violation of the CFAA, Czech makes two basic arguments: (1) that the CFAA requires only that the defendant observed information, not that it physically removed information, and (2) that even if the CFAA required actual removal of information, the Second Amended Complaint now adequately alleges such removal.
1. Observation of Information
Czech now alleges that contrary to what the parties earlier had assumed the CFAA required with respect to an information claim, it is now clear that "[t]he threshold for alleging that a person `obtained information' under CFAA is minimal" because the legislative history clarifies that the obtaining of information for purposes of the CFAA "`includes mere observation of the data'" and does not require "`physically removing the data from its original location or transcribing the data.'" (Doc. No. 37 at 15 (quoting 1986 Senate Report).)
But even assuming the CFAA thus applies to those who "merely read" information, Czech's Second Amended Complaint still fails to meet the standard for pleading an "information claim" under the CFAA based on the receipt of unwanted text messages. In support of her contention that merely viewing information satisfies the requirement under the CFAA that a violator obtain information, Czech relies on United States v. Drew, 259 F.R.D. 449 (C.D.Cal.2009), to draw an analogy between *1112 websites and text messages. In Drew, the court "noted that the latter two elements of the section 1030(a)(2)(C) crime" that is, accessing a computer involved in interstate commerce and obtaining information by unauthorized access "will always be met when an individual using a computer contacts or communicates with an Internet website." Id. at 457.
But the Court notes that while the CFAA apparently applies to a broad range of "data processing devices," there is a fundamental difference between viewing websites and communicating with wireless devices such as cell phones by sending text messages.[13] A website, by definition, offers information (text, data, images) to anyone wishing and able to view it, whereas a cell phone (or other comparable wireless device) in its reception mode only receives incoming audio calls or text messages. Thus while anyone accessing a website will "obtain information" in the sense of viewing the text, data, or images available on that website, there is no plausible basis to conclude that the sender of a text message to a cell phone will likewise "obtain information," even by merely viewing or reading it, from the cell phone to which it sent the text message. Accordingly, even accepting Czech's argument that the CFAA extends to merely viewing information, a CFAA action confined to cell phones and comparable wireless devices simply does not present the possibility of viewing information as would a CFAA action regarding websites such as that at issue in Drew.[14]
In sum, the Court rejects Czech's contention that her allegations that when sending text messages WSOD obtained information from her cell phone by merely viewing such information as would one who is viewing a website state a claim for violating subsection 1030(a)(2)(C).
2. Removal of Information
Undeterred, Czech contends that even if the CFAA requires WSOD to have actually taken or removed information from her cell phone, her Second Amended Complaint now satisfactorily pleads allegations supporting that element of her information claim. Czech argues that the transmission of a text message results in the sender receiving a response "that the wireless number is active, the general geographic area where the user is located (via the [recipient's area code]), and that future text messages can be sent to that active wireless number." (Doc. No. 37 at 17.) Czech further contends that "[k]nowing that a particular wireless number is active" and the associated area code "allows the sender ... to sell, license, or otherwise market that number to others," and allows senders "to evade restrictions" imposed by Do Not Call lists and other comparable opt-out mechanisms. (Id. at 18.) Finally, she claims that WSOD also obtained information by "obtaining a portion of the finite *1113 permanent or hard drive memory storage capacity of the phone." (Id.)
WSOD counters by arguing that Czech's Second Amended Complaint "simply dresses up the same allegations" that this Court previously rejected. (Doc. No. 35 at 12.) The Court agrees with WSOD that Czech's amended pleadings still fail to plausibly allege that WSOD obtained information from her phone simply by sending an unauthorized text message to it, as the new version merely dresses up the old rejected allegations in bulkier attire. The Court previously rejected as insufficient allegations that WSOD obtained information either by "`obtaining operation and storage capacity, bandwidth, and memory from their wireless devices,'" or "by receiving a `receipt or delivery notification' from the wireless devices after the text messages were sent." (Doc. No. 21 at 8.) The relevant allegations of the Second Amended Complaint presently under scrutiny merely inflate the earlier-rejected allegations with more verbiage, but fail to plausibly allege that the sender of a text message thereby obtains information from the recipient's cell phone.
Where the "computer" at issue under the CFAA is a cell phone or other comparable wireless device, rather than what is commonly known as a personal computer used for word processing, databases, etc., simply sending a text message to such a cell phone does not involve anything comparable to gaining unauthorized access to another's personal computer or computer network and then viewing (much less copying or removing) a word processing document or a database file. In short, sending a text message is essentially a one-way communication that does not implicate the obtaining of information from the recipient's cell phone, as this Court understands the intent of Congress.[15]
3. "Loss" Resulting From WSOD Having Obtained Information
But in any event, even if this Court would accept Czech's arguments that WSOD somehow obtained information from her cell phone, her civil action based on an information claim would still require that she incurred "damage" or "loss" as defined under the CFAA. Because this is a civil action for damages or equitable relief under subsection 1030(g), Czech must establish that she suffered "damage or loss by reason of" the particular violation of subsection 1030(a) that is, by WSOD having obtained information from her cell phone. America Online, Inc. v. Nat'l Health Care Discount, Inc., 121 F. Supp. 2d 1255, 1275-76 (N.D.Iowa).[16] And because *1114 she claims an aggregate loss of at least $5,000 as the requisite factor, the Court will assume that Czech alleges "loss" rather than "damage" for purposes of her information claim.
Although Czech alleges she incurred a "loss" as defined under the CFAA essentially, any reasonable consequential cost incurred she has not plausibly alleged how any such costs resulted from the violation, that is, from WSOD having obtained information. The information purportedly obtained from Czech's cell phone "that the wireless number is active, the general geographic area where the user is located (via the [recipient's area code]), and that future text messages can be sent to that active wireless number" (Doc. No. 37 at 17) does not result in any cost to her.[17]
Such supposed costs must be distinguished from a cost incurred due to her receipt of the text message itself for example, additional phone charges beyond her monthly "bucket plan" which she would have incurred even if sending the text messages did not also thereby allow WSOD to obtain information from her phone. And in any event, as the Court noted earlier, Czech still has not alleged any particular additional charges incurred during any month so as to support any plausible allegation that she in fact was forced to pay such costs.
In sum, Czech does not state an information claim on which relief may be granted under the CFAA because she has failed to plead any facts supporting a plausible claim that WSOD obtained information from her phone or that she incurred any resulting loss.
C. Czech's Transmission Claim and Whether WSOD Intentionally Caused "Damage" to Czech's Cell Phone
To plead a "transmission claim" under the CFAA, Czech must satisfactorily allege facts that WSOD "knowingly cause[d] the transmission of a program, information, code, or command, and as a result of such conduct, intentionally cause[d] damage without authorization, to" Czech's cell phone. 18 U.S.C. § 1030(a)(5)(A). For purposes of the present motion, the Court will assume that when WSOD sends text messages, it "knowingly causes the transmission of a program, information, code, or command."
In addition, the Court understands Czech's CFAA claims to be based, at bottom, on the fact that the text messages she received were unwanted. In other words, Czech would not attempt to premise a CFAA claim here had she signed up for WSOD's service. Thus the question largely reduces to whether sending unwanted messages "intentionally causes damage without authorization" to Czech's cell phone.
1. Czech's Allegations of "Damage" Remain Conclusory
In its earlier Order, this Court agreed with WSOD that the allegations in *1115 paragraph 24 of the prior version of the Complaint, even assuming they are true, do not explain how Czech or the proposed class members suffered any damage, but rather amount only to a formulaic recitation of the statute. Czech had claimed that the damage she alleged in paragraph 24 particularly, the slowing of the wireless devices and the depleting of memory impair the ability of and interrupt end-users' wireless-device service. The Court disagreed, finding such allegations "merely conclusory statements listing generalized grievances that are insufficient under Twombly." (Doc. No. 21 at 10.)
WSOD now argues that the "Second Amended Complaint does nothing more than elaborate on these conclusory allegations with more generalized grievances." (Doc. No. 35 at 16.) WSOD notes that although all versions of the complaint allege a two-year span of receiving unwanted text messages, there is still no factual allegation that as a result "Plaintiff was unable to make or receive a single phone call or send or receive a single text message." (Id. at 17.)
Czech counters by contending that the expanded allegations of her Second Amended Complaint now satisfy the Court's concerns (and thus the applicable pleading standard) because they assert that
unauthorized text messages deplete or exhaust a cell phone's limited RAM or ROM, thereby causing its other operations and functions to slow or lock up completely (Doc. No. 23, ¶ 27);
unauthorized text messages "can cause" a phone to shut down and automatically reset by rebooting, reformatting its memory and erasing any stored information (id. ¶ 28);
unauthorized text messages misallocate, interfere with and/or deplete the phone's wireless bandwidth that would otherwise be dedicated to other calls or messages (id. ¶ 30);
unauthorized text messages temporarily and/or permanently misallocate, deplete or consume the phone's "hard drive" memory storage capacity (id. ¶ 31); and
the unauthorized text messages that Czech herself (and other class members) in fact received (1) depleted or exhausted her RAM/ROM and caused slow performance, (2) misallocated, interfered with or depleted her phone's wireless bandwidth, and (3) misallocated, depleted or consumed her phone's hard drive storage capacity (id. ¶¶ 70-72).
(Doc. No. 37 at 20-23.)
The Court recognizes that Czech's Second Amended Complaint expands the allegations of purported "damage" to include, among other things, claims that Czech herself incurred various types of "damage" to her cell phone due to WSOD's unwanted text messages. But the Second Amended Complaint, while perhaps personalizing the pleadings by adding allegations that Czech experienced such "damage" to her cell phone, nevertheless remains too generalized and abstract in that it still only postulates that WSOD's unwanted text messages caused "damage" to Czech's cell phone by consuming limited resources.
The general damages allegation added to Czech's Second Amended Complaint that the "unauthorized text messages Plaintiff received from WSOD substantially interrupted the functioning of Plaintiff's cellular telephone and impaired the integrity and availability of data, program(s), system(s), or information found in or on Plaintiff's cellular telephone" (Doc. No. 23, ¶ 69) simply tracks the statutory definition of "damage." As noted above, the CFAA defines "damage" as "any impairment to the integrity or availability of *1116 data, a program, a system, or information." 18 U.S.C. § 1030(e)(8).[18]
In the apparent attempt to avoid this shortcoming, Czech also now amplifies that general allegation by alleging the particular ways in which WSOD's unauthorized messages consumed the limited resources of Czech's cell phone. (Doc. No. 23, ¶¶ 70-72.) But as WSOD contends, this expanded restatement of the earlier allegations does not add anything new or different that could plausibly support a claim that Czech actually incurred such unauthorized "damage" as the intentional result of WSOD's transmissions. (Doc. No. 35 at 1-2, 16-17.) In sum, Czech's pleadings regarding her information claim under the CFAA remain conclusory and, therefore, inadequate.
Furthermore, the Court understands Czech's theory of "damage" under the CFAA as being confined to the use or consumption of a device's finite resources that results in an actual impairment of service. (Doc. No. 23, ¶ 26 (claiming WSOD caused device "to slow and/or lag in operation" and "impaired the availability of and interrupted the wireless-device service"), ¶ 27 (claiming messages deplete RAM/ROM and thus cause device "to slow or lag in operation, or actually lock up completely"), & ¶ 31 (same).) In addition, Czech relies on America Online, Inc. v. Nat'l Health Care Discount, Inc., 121 F. Supp. 2d 1255 (N.D.Iowa), to support her argument that "damage under [the] CFAA can be found where unwanted electronic communications causes [sic] a computer to slow or otherwise diminish the capacity of the computer to function." (Doc. No. 37 at 22 (emphasis added).) There, the court concluded that "when a large volume of UBE [unsolicited bulk e-mail] causes slowdowns or diminishes the capacity of AOL to serve its customer, an `impairment' has occurred to the `availability' of AOL's `system.'" Id. at 1274 (emphasis added).[19]
The alternative would be to construe Czech's complaint as alleging that "damage" under the CFAA occurs simply by any use or consumption of a device's limited resources.[20] For example, some allegations of the Complaint might suggest that any incoming message will "damage" a cell phone simply by consuming some of its finite resources without regard to the effect *1117 on a user's service. (E.g., Doc. No. 23, ¶¶ 30, 71 (alleging that incoming messages consume limited bandwidth and thus cause statutory "damage")).
The problem with such a theory is that it would extend "damage" under the CFAA to include the receipt of any unwanted electronic communication under any circumstance. For example, a civil action under the CFAA would exist where a cell phone owner received a single short unwanted text message from WSOD (e.g., "Buy Intel") that consumed a certain amount of the wireless device's resources (in terms of RAM/ROM, hard drive storage, etc.) but occurred under circumstances that did not actually involve any impairment to the cell phone user's service (that is, a small message received while not receiving other messages or audio calls such that even the cumulative effect of all such incoming communications did not overwhelm the device's finite resources). It is far from obvious, or even plausible, that a theory of "damage" under the CFAA was intended by Congress to include situations where the receipt of a text message, albeit unwanted, simply used a cell phone as intended but without causing any actual impairment of the recipient's service.
Moreover, such a theory would necessarily extend "damage" to include the receipt of even wanted messages. Taking the Second Amended Complaint at face value, Czech alleges that unwanted text messages consumed finite device resources so as to "damage" her phone. (Doc. No. 23, ¶¶ 26-31, 69-72.) But her allegations permit no distinction between wanted and unwanted messages an unwanted message of a given size presumably consumes the same amount of resources as would a wanted message of the same size and the fact that the message is unwanted does not mean that it is inherently more "damaging" compared to a wanted message the messages were simply unwanted, but not anything in the nature of a computer virus, a "worm" program or spyware.
In other words, there is no difference between a wanted (or expected) message and an unwanted message in terms of its incremental effect on a cell phone's operations or functionality. Consistent with her theory, any incoming message will necessarily use some of the phone's RAM/ROM, hard drive storage capacity, etc. Thus a theory of "damage" as any depletion of a device's finite resources would extend to any incoming message wanted or unwanted regardless of the size of the message and the surrounding circumstances, that is, whether it is received while the device is also receiving other messages competing for the same finite resources.
The Court thus understands Czech to allege consistent with what seems more likely to have been the intent of Congress "damage" as confined to an impairment of performance that occurs only when the cumulative impact of all calls or messages at any given time exceeds the device's finite capacity so as to result in a slowdown, if not an outright "shutdown," of service. (Doc. No. 23, ¶ 31.)[21]
*1118 But as WSOD argues, Czech's pleadings still do not contain any factual allegation that as a result of receiving WSOD's messages "Plaintiff was unable to make or receive a single phone call or send or receive a single text message." (Doc. No. 35 at 17.) As currently drafted, the Second Amended Complaint still fails to allege that Czech, despite claiming to have received unwanted text messages from WSOD for some two years, in fact experienced on any given particular day an actual impairment of her ability to receive wanted text messages or phone calls due to the receipt of unwanted messages from WSOD. Czech alleges no specific facts (much less provides any supporting affidavit) asserting, for example, that she learned that a friend attempted to contact her by phone on a particular date but was unable to get through while Czech was receiving unwanted test messages from WSOD.
Rather, Czech alleges but in a wholly conclusory fashion that WSOD's unwanted messages "caused the wireless devices of Plaintiff and the members of the Class to slow and/or lag in operation" and thereby "impaired the availability of and interrupted the wireless-device service of Plaintiff and the members of the Class." (Doc. No. 23, ¶ 26.) Accordingly, even the expanded allegations remain conclusory and, therefore, insufficient.
2. Sending Unwanted Text Messages Does Not Plausibly State A Transmission Claim Under the CFAA
Apart from her conclusory allegations of "damage," the Court fails to see how Czech could shoehorn her claim that WSOD sent her unauthorized text messages into the statutory framework of a transmission claim. Thus it is perhaps not surprising that Czech's allegations remain conclusory. And this Court's independent attempt to puzzle out how Czech's claim that the receipt of unwanted text messages fits the parameters of a transmission claim results in nothing but roadblocks.[22]
Even confining "damage" to an actual impairment of service, Czech's theory of liability alleges that unwanted messages cause such an impairment, but presumably would not extend to the receipt of wanted messages. But as discussed above, given the inherent limitations of such devices' physical capacities as alleged in the Second Amended Complaint that any incoming text message uses finite resources even messages that Czech wanted or expected to receive could overwhelm her cell phone's limited capacity so as to impair service. A concentrated burst of wanted or expected messages could have the same disruptive effect as a comparable burst of unwanted messages.
Conversely, the fact that an incoming message is unwanted does not mean that its receipt, be it alone or in addition to wanted messages, would necessarily overwhelm a cell phone's capacity. Such messages would not impair the owner's service unless and until their individual size or aggregate cumulative size at any given time would exceed the phone's capacity.
So even if "damage" is confined to the receipt of messages that result in an impairment of service, Czech's theory of liability still seems to require some limitation that separates those that send unwanted messages that actually impair cell phone service from those that send wanted messages. Under the terms of the statute, to establish a transmission claim, Czech must provide facts that plausibly allege that sending unwanted text messages constitutes a transmission that "intentionally causes damage without authorization." 18 *1119 U.S.C. § 1030(a)(5)(A) (emphasis added). But even if such intent is what could validate her transmission claim, such intent presents a question of causation, particularly intentional causation. See America Online, Inc. v. Nat'l Health Care Discount, Inc., 121 F. Supp. 2d 1255, 1274-76 (N.D.Iowa) (denying plaintiff's motion for summary judgment on liability for subsection 1030(a)(2)(C) and subsection 1030(a)(5)(C) claims, even though court concluded that a large volume of unsolicited bulk e-mail that caused a slowdown or diminished the capacity of AOL to serve its customer would constitute an "impairment" of AOL's system, because there remained disputed issues of material fact as to whether defendant's "UBE caused the requisite damage for purposes of the statute") (emphasis added).
In short, to be plausible, Czech's theory of liability would turn, at least in part, on whether the culpable conduct was intended to cause the prohibited outcome. In other words, Czech thus must allege facts plausibly supporting a theory that by sending unwanted text messages WSOD intended to cause damage to Czech's cell phone, and such a theory of liability must subject those who send unwanted messages but not those who send wanted messages to a civil action. And assuming that Czech's allegations are read to premise a claim only where actual impairment of service occurs so as to constitute "damage" under the CFAA, she must allege facts that WSOD intended to damage her phone by sending messages to wireless devices such as hers that it not only knew were not currently operated by subscribers to its service that the sender knew the recipient does not want such messages but also knew would be pushed past their operational limits by WSOD's unwanted message that the sender knew the circumstances of the recipient's device when such messages would be received.
But there is nothing alleged in the Second Amended Complaint that WSOD knew the circumstances of Czech's phone usage such that WSOD could, at any given time, intend to disrupt her service by sending unwanted text messages that would exhaust the phone's limited resources. (Indeed, it is far from clear that a sender could know such information.) And, in fact, Czech contends that WSOD "automatically sends text messages to whatever wireless phone number(s)" a user has entered "regardless of whether the person receiving the text messages actually wants to receive or has authorized receiving the text messages." (Doc. No. 23, ¶ 5.) Czech essentially alleges only that WSOD failed to keep its subscriber list current and accurate by weeding out from its database those numbers no longer belonging to active subscribers. (Id. ¶¶ 49-60.) Such a failure might sound in negligence, but could not constitute the intentional causing of unauthorized damage to wireless devices. Moreover, as WSOD contends, such negligence might not be its own, but rather that of its former subscribers who "`terminate their wireless-carrier service... but fail to update or delete their old or discontinued wireless numbers from their Watch List Alert Account.'" (Doc. No. 35 at 10-11 (quoting ¶ 52 of Czech's Second Amended Complaint).)
Moreover, WSOD, which charges its customers for the service of providing financial information to them, has no plausible reason to intentionally send text messages containing such financial information to those it knows have not paid for that service.[23] Thus, it is far from clear and *1120 indeed highly implausible that WSOD thereby intended to cause such "damage without authorization."
The Court does not intend to stifle novel legal arguments advocating the extension of existing law, but such arguments particularly when premised on complicated statutory provisions must be at least plausible. Here, Czech has not adequately spelled out how her claim could fit within the statute. But for purposes of this motion to dismiss, the Court need not rely on this particular inquiry into the plausibility of Czech's transmission claim because it is clear that her allegations of the basic parameters of such a claim, particularly the necessary element of "damage," remain conclusory. See supra § III.C.1.
D. Czech's Access Claim and Whether WSOD Intentionally Caused Damage to Czech's Cell Phone
To plead an "access claim" under CFAA, Czech must satisfactorily allege facts that WSOD "intentionally accesse[d]" Czech's cell phone "without authorization, and as a result of such conduct, cause[d] damage" ("and loss" to the extent the unauthorized access occurred after the 2008 amendments). 18 U.S.C. § 1030(a)(5)(C) (2008); see generally U.S. Bioservices Corp. v. Lugo, 595 F. Supp. 2d 1189, 1193 (D.Kan.2009) (noting that CFAA was intended as a "criminal statute focused on `hackers' who trespass into computers" and addressing "access"). In short, Czech must allege facts that could support a claim that WSOD's sending of unwanted text messages "intentionally accesses" Czech's cell phone "without authorization" and thereby causes "damage."[24] The Court's conclusion, with respect to Czech's transmission claim, that her allegations of damage remain conclusory also dooms her access claim.
In the context of an access claim, however, it is not the damage that must be unauthorized (as with a transmission claim), but rather the access to the cell phone. Compare 18 U.S.C. § 1030(a)(5)(A) with id. § 1030(a)(5)(C). But even assuming that by sending a text message the sender "accesses" the recipient's phone, and that sending such a message to one who does not want it thus "accesses" the phone "without authorization," to be liable on an access claim the act of sending text messages to a recipient who does not want them must still cause "damage." And the damage must result from such unauthorized access that is intentional. Id. § 1030(a)(5)(C) (imposing liability on one who "causes damage" as "a result of" "intentionally access[ing]" a cell phone "without authorization"). Thus, the same problems that confront one pleading a transmission claim based on sending unwanted text messages would seem to also plague one trying to plead an access claim based on that same conduct: such a plaintiff must plead facts plausibly showing an intent to impair the recipient's service.
But while WSOD's sending of text messages to the cell phone of a recipient who has not authorized such messages might constitute unauthorized "access," for WSOD to be liable, that unauthorized access must still be intentional WSOD must have intended to send messages to those, *1121 like Czech, who did not want them. Here, again, there are no plausible facts alleged that WSOD intended to send its messages to those who had not signed upand paidfor that service. In short, the Second Amended Complaint contains no facts supporting any plausible theory of damage as a result of WSOD "intentionally" accessing cell phones by sending text messages to those that were not current subscribers.
E. None of Czech's CFAA Claims Are Supported by Any Adequate Pleading of "Loss"
One final nail seals the coffin on all three of Czech's CFAA claims. As discussed above, a civil action based on any of her three claims requires a showing of "loss." Accordingly, she must plead facts plausibly supporting a conclusion that the "loss" that she allegedly incurred was a result of the prohibited conduct, be it WSOD having obtained information by sending the unwanted text messages, or the "damage" WSOD inflicted by sending the unwanted messages.[25]
WSOD contends that "the only new information [added to the Second Amended Complaint] . . . is the concession that she pays $5 each month for a plan permitting her cell phone to receive up to 300 text messages per month at no additional charge." (Doc. No. 35 at 17 (emphasis in original).) Moreover, Czech does not plead that while she stayed within that limit with respect to text messages that she wanted or expected, the unwanted WSOD messages she in fact received pushed her over that limit so as to result in any surcharge. As the Court noted in its earlier Order, while Czech had alleged "that she incurred fees and charges related to her receipt of [the unwanted WSOD] messages," she did "not allege the amount of those charges or attach a bill for those charges." (Doc. No. 21 at 2.) Likewise, the Second Amended Complaint neither references any specific financial charges allegedly incurred due to WSOD's conduct nor attaches any comparable supporting documentation of such losses she in fact incurred.[26] And in any event, even had she in fact incurred such a charge, it would not have been due to any "damage" WSOD caused her cell phone, that is, any impairment of her service.
In sum, the Court concludes that Czech has failed to state a claim under the CFAA because she has failed, at a minimum, to sufficiently allege that WSOD obtained information from her cell phone in violation of the CFAA or that WSOD intended to damage her cell phone by sending text messages to those that were not current subscribers, or that any pecuniary loss *1122 Czech might have suffered was a result of WSOD having violated the CFAA by either of those actions.
IV. Czech's State-Law Claims
In its earlier Order, the Court found it prudentbased on its doubts about Czech's CFAA claimto delay addressing the state law claims until it would reach a final decision on the CFAA claim. (Doc. No. 21 at 11.) WSOD now asks this Court to exercise its supplemental jurisdiction over Czech's claims for trespass to chattels and unjust enrichment, and dismiss them too with prejudice. (Doc. No. 35 at 24-25.) She asks that if this Court dismisses her federal claim with prejudice, it should dismiss her state-law claims without prejudice so that she can pursue them in state court. (Doc. No. 37 at 34.)
The Court declines to dismiss Plaintiff's state law claims with prejudice. The bases for the dismissal with prejudice of her federal claimfor example, her inability to establish the particular statutory requirements of "damage" and "loss"do not necessarily also preclude her non-statutory state-law claims. Moreover, the Court is unable to conclude simply on the face of the Complaint that Czech could never recover on her claim for trespass to chattels under any applicable state's law, see Register.com, Inc. v. Verio, Inc., 126 F. Supp. 2d 238, 248-50 (S.D.N.Y.2000) (finding that use of automated software search robot to search another's database constitutes trespass to chattels); America Online, Inc. v. Nat'l Health Care Discount, Inc., 121 F. Supp. 2d 1255, 1277-78 (N.D.Iowa 2000) (finding that sending bulk e-mail constituted trespass to chattels); America Online, Inc. v. LCGM, Inc., 46 F. Supp. 2d 444, 451 (E.D.Va.1998) (concluding that transmission of bulk e-mail constituted trespass to chattels); America Online v. Prime Data Systems, Inc., 1998 WL 34016692 (E.D.Va. Nov. 20, 1998) (awarding damages and injunctive relief based in part on trespass to chattels claim), or on her claim for unjust enrichment, see Nat'l Health Care Discount, Inc., 121 F.Supp.2d at 1278-79 (addressing claim for unjust enrichment and denying plaintiff's motion for summary judgment). And this Court is not the preferred venue for addressing the merits of the "novel and fact-intensive issues raised by" Czech's state-law claims that are premised on "unsettled state law." (Doc. No. 37 at 35.) Whether she may base her novel claims on these long-recognized causes of action is an issue for the state courts.[27]
CONCLUSION
Plaintiff's federal claim under CFAA still failsafter two attempts at amendmentto articulate a claim on which relief may be granted. Accordingly, the Court dismisses with prejudice her CFAA claim. But the Court is in no position to likewise conclude that Plaintiff's state-law claims also suffer from incurable deficiencies so as to preclude her the opportunity to file them in an appropriate state court.
Based on the foregoing, and all the files, records and proceedings herein, IT IS HEREBY ORDERED that:
1. WSOD's motion to dismiss (Doc. No. 24) is GRANTED IN PART (insofar as it seeks dismissal with prejudice of Czech's federal CFAA claims) and DENIED IN PART (insofar as it seeks dismissal with prejudice of Czech's state-law claims).
*1123 LET JUDGMENT BE ENTERED ACCORDINGLY.
NOTES
[1] The Court recognized, however, that to state a claim under the CFAA, a plaintiff need only allege the required elements pursuant to the notice pleading standard of Rule 8(a)(2), not the heightened pleading standard of Rule 9(b). E.g., SKF USA, Inc. v. Bjerkness, 636 F. Supp. 2d 696, 719 n. 13 (N.D.Ill.2009); P.C. of Yonkers, Inc. v. Celebrations! The Party and Seasonal Superstore, LLC, 2007 WL 708978, at *6 (D.N.J. Mar. 5, 2007).
[2] Consistent with the Court's earlier ruling, all references to the CFAA are to the 2008 version unless otherwise noted. Although Czech alleges she received the unwanted text messages at issue starting in 2006 and continuing into 2008, the parties largely cite the latest version of the statute. While the 2008 amendments reorganized the structure of certain provisions of Section 1030, Pub.L. 110-326, Title II, § 204(a)(2)(C), Sept. 26, 2008, 122 Stat. 3561, the substance of the relevant provisions at issue remains largely unchanged since 2001. Compare 18 U.S.C. § 1030(a), (g) (2001) (integrating "factors" required for civil action as additional requirements for substantive offense under subsection 1030(a)(5)(B)) with 18 U.S.C. § 1030(a), (c), (g) (2008) (articulating "factors" required for civil action as bases for particular level of punishment under subsection 1030(c)). The only change of any substantive relevance here is that the 2008 amendments added, in subsection 1030(a)(5)(C), the requirement that the unauthorized access cause "loss" in addition to "damage." Pub.L. 110-326, § 204(a)(1) (rewriting subsection 1030(a)(5)).
[3] With respect to these five factors, Czech's Second Amended Complaint alleges only conduct involving subclause (I), which requires a "loss to 1 or more persons during any 1-year period ... aggregating at least $5,000 in value." Id. § 1030(c)(4)(A)(i)(I). In its earlier motion, WSOD had argued that the CFAA does not allow private plaintiffs like Czech to reach the $5,000 loss threshold by aggregating losses among multiple computers owned by multiple individuals, but the Court rejected that statutory interpretation argument. (Doc. No. 21 at 5-7.)
[4] In its earlier Order, the Court did not address whether Czech had not adequately pled that WSOD accessed her cell phone without authorization or that WSOD acted with criminal intent, because WSOD raised these arguments for the first time in its reply. (Doc. No. 21 (citing Myre v. State of Iowa, 53 F.3d 199, 201 (8th Cir.1995) (refusing consideration of argument raised for first time in reply brief)).)
[5] All three provisions at issue apply to a "protected computer," which the statute defines (as relevant here) as a "computer" that is "used in or affecting interstate or foreign commerce or communication." 18 U.S.C. § 1030(e)(2)(B). There is no dispute that Czech's cell phone (as well as the various similar wireless devices used by the proposed class members) would constitute such a "computer" as further defined in 18 U.S.C. § 1030(e)(1). For convenience and brevity, the Court will refer to the devices at issue as "cell phones," with the understanding that it includes similar wireless devices used by other class members.
[6] The statute does not define "transmission," "program," "information," "code" or "command."
[7] As noted above, the requirement that such conduct under subsection 1030(a)(5)(C) causes "loss" as well as "damage" was added only by the 2008 amendments. While much, if not all, of the allegedly violative conduct at issue here occurred before the 2008 amendments, the additional requirement of "loss" under that subsection is irrelevant here, because Czech would still have to show "damage" the same as she would to establish a subsection 1030(a)(5)(A) claim, would still have to show "damage or loss" to maintain a civil action under subsection 1030(g), and would still have to show an aggregate "loss" of $5,000 as the additional requisite factor under subsection 1030(g).
[8] The civil action provision was added only in 1994, Pub.L. 103-322, Title XXIX, § 290001(d), Sept. 13, 1994, 108 Stat.2097-99, to what had been up to then a purely criminal prohibition since it was originally enacted in 1984, Pub.L. 98-473, Title II, § 2102(a), Oct. 12, 1984, 98 Stat. 2190. See America Online, Inc. v. Nat'l Health Care Discount, Inc., 121 F. Supp. 2d 1255, 1272 n. 15 (N.D.Iowa 2000). Although other aspects of the private right of action provision have changed since 1994, that provision has always required that the person seeking damages or equitable relief suffer "damage or loss" due to a violation of the CFAA. E.g., 18 U.S.C. § 1030(g) (2006); 18 U.S.C. § 1030(g) (2000); 18 U.S.C. § 1030(g) (1994).
[9] Although the private right of action authorizing civil suits by those suffering "damage or loss" was added to Section 1030 as subsection 1030(g) in 1994, the limitation on such civil actions to conduct that involves one of the five specified "factors" was not added until 2001. Pub.L. 107-56, Title V, § 814(e), Oct. 26, 2001, 115 Stat. 366. Since then, the precise parameters of that limitation have changed only slightly (and without any relevance to the present action). Pub.L. 110-326, § 204(a)(3), Sept. 26, 2008, 122 Stat. 3560 (shifting "factors" required for civil actions from substantive provisions of subsection 1030(a)(5) to punishment provisions of subsection 1030(c)). One court seems to view these "factors" as only limitations that "describe the harms recognized by a civil action rather than [as] pleading requirements." SKF USA, Inc. v. Bjerkness, 636 F. Supp. 2d 696, 720 (N.D.Ill.2009). But this Court need not join that particular debate because here Czech has limited her action to the factor of an aggregate "loss" of $5,000, and thus this provision would not pose any additional pleading requirement (other than the amount) beyond the "damage or loss" clause of subsection 1030(g).
[10] When Congress amended subsection 1030(g) in 2001 by also requiring for civil actions one of the five specified types of conduct, it did not repeal the existing requirement that a plaintiff bringing a civil action establish that she suffered "damage or loss," nor did it amend that requirement by providing that one could show such "damage or loss" simply by establishing one of the five types of conduct, that is, by defining "damage or loss" in terms of those five factors. Rather, it removed those factors from the definitional limitations of "damage" under subsection 1030(e)(8) and added them as additional requirements for a civil action under subsection 1030(g). Pub.L. 107-56, Title V, § 814(d)(3), (e), Oct. 26, 2001, 115 Stat. 366.
[11] Likewise, "damage affecting a computer" under subclause (V) would seem to constitute damage for purposes of the "damage or loss" clause of subsection 1030(g). But other types of conduct under subsection (c)(4)(A)(i) for example, "a threat to public health or safety" under subclause (IV) would not seem to constitute either "damage" or "loss" as defined by the CFAA.
[12] The Court does not suggest that Czech herself must have incurred a loss of at least $5,000. But as a purportedly representative member of the alleged class (Doc. No. 23, ¶ 82), she must have incurred some additional charge as a result of WSOD's allegedly wrongful conduct.
[13] When the CFAA was first enacted in 1984, the personal computer revolution was in full swing, but cell phones and other such wireless devices were not widely used by the public until substantially later. And as Czech herself notes, "text messaging was not widely offered or used on a commercial basis until around 2000." (Doc. No. 23, ¶ 18.) As the relevant technology has evolved over the last 25 years, the CFAA apparently continues to implicate a wider range of "computer" devices that are not necessarily similar in terms of all of their features and capabilities.
[14] In addition, Drew involved a criminal prosecution for violation of the CFAA. 259 F.R.D. at 451-52. Here, in contrast, Czech's civil action must satisfy not only the requirements of a substantive violation of Section 1030(a), but also the requirements of Section 1030(g) for maintaining a civil action that the plaintiff suffered "damage or loss by reason of a violation of" Section 1030. See infra Section I.A.3.
[15] There are no allegations that WSOD obtained, for example, credit card numbers or passwords from Czech's cell phone.
[16] In America Online, Inc. v. Nat'l Health Care Discount, Inc., the court denied the plaintiff's motion for summary judgment on the issue of liability for the violation of subsection 1030(a)(2)(C) and subsection 1030(a)(5)(C). (The 2000 version of the provisions of the statute at issue there was essentially similar to those at issue here.) The court concluded that "when a large volume of UBE [unsolicited bulk e-mail] causes slowdowns or diminishes the capacity of AOL to serve its customer, an `impairment' has occurred to the `availability' of AOL's `system.'" 121 F.Supp.2d at 1274 (and noting supporting declarations that UBE imposed a substantial burden on AOL's system). But while the plaintiff had in fact suffered such a slowdown, the court nevertheless denied the plaintiff's motion because even though a violation of the CFAA seemed otherwise established, there remained disputed issues of material fact as to whether the defendant's "UBE caused the requisite damage for purposes of the statute." Id. at 1276 (emphasis added). The plaintiff's "problem, both for purposes of summary judgment and at trial, is showing specifically that [defendant's] UBE, which by [the plaintiff's] admission represents a mere fraction of the quantity of UBE regularly forced through AOL's system, caused the requisite `damage' contemplated by the statute." Id. at 1275. While the UBE may have cost the plaintiff over $50,000, that fact "does not, necessarily, mean [the defendant's] actions caused an `impairment to the integrity or availability of data, a program, a system, or information,' which directly resulted in a $50,000 loss." Id.
[17] Czech further contends that "[k]nowing that a particular wireless number is active" and the associated area code "allows the sender ... to sell, license, or otherwise market that number to others," and allows senders "to evade restrictions" imposed by Do Not Call lists and other comparable opt-out mechanisms. (Id. at 18.) But there are no allegations that WSOD in fact sold or licensed her number, much less that she then incurred any resulting cost. Finally, she claims that WSOD also obtained information by "obtaining a portion of the finite permanent or hard drive memory storage capacity of the phone." (Id.) But, similarly, there are no plausible allegations that this resulted in any cost to her.
[18] Czech further asserts that the parameters of liability under the CFAA recognize no de minimus or nominal damage exception. (Id. at 23.) The Court agrees. 18 U.S.C. § 1030(e)(8) (defining damage as "any impairment"). But the question remains whether Czech's allegations establish that her receipt of unwanted text messages necessarily constitutes "impairment" of any magnitude.
[19] In support of this "damage" argument that unsolicited bulk e-mail ties up the recipient's computer Czech also relies on America Online, Inc. v. Prime Data Systems, Inc., 1998 WL 34016692 (E.D.Va. Nov. 20, 1998). But there, the plaintiff alleged claims under the CFAA in addition to four other statutory and common law claims. And in granting a default judgment, the court concluded only that "by sending large quantities of unsolicited e-mail messages through plaintiff's computer servers to plaintiff's customers, defendants willfully infringed plaintiff's registered trade and service marks ... and that defendants' acts constitute trespass to chattels under Virginia law." Id. at *3. Beyond referencing plaintiff's CFAA claim at the beginning of the opinion, the court never again mentioned that statute even though it did expressly discuss damages in terms of the Lanham Act, the Virginia state-law statutory claims, and Virginia common law of trespass to chattels. Id. at *3-4.
[20] The Court assumes the truth of Czech's allegations that cell phones and other such wireless devices have finite resources in terms of RAM/ROM, bandwidth and hard drive storage capacity. But it is far from self-evident and Czech has provided no explanation of why it should be true that the incremental impact of any incoming call or message necessarily "impairs" such a device so as to constitute "damage."
[21] At least in the context of cell phones, it is difficult to accept any naked assertion that Congress intended to extend the scope of "damage" to the normal use of a cell phone in receiving text messages, be they wanted or unwanted, such that the transmission of any text message would cause "damage." Such a theory would seem to necessarily require an additional statutory limitation that would prevent those that send authorized messages from being exposed to liability. Granted, liability under subsection 1030(a)(5)(A) extends only to transmissions that cause "damage without authorization." Under this theory, only an unwanted message causes unauthorized damage, whereas a wanted message would still cause "damage" but not "without authorization," such that WSOD would not be liable for sending messages to those that signed up to receive them. But the Court doubts Congress intended such a structurally-awkward scheme of liability under the CFAA.
[22] The parties have largely approached the issue in terms of the particular elements individually. Fair enough, as far as it goes. But ultimately, the elements have to fit together to form a viable cause of action under the statute.
[23] While Czech alleges that WSOD had a financial motive to send the text messages to as many recipients as possible (Doc. No. 23, ¶ 24), she fails to explain any plausible theory as to how WSOD could earn a net profit by sending messages to those that have not paid for such a service. Granted, the recipient would likely have to pay for receiving even those messages that they did not want, but it is far from clear how WSOD, rather than the cellular service provider, would receive a benefit from those charges.
[24] Again, whereas "damage" is defined generally as impairment of the phone itself, "loss" is defined generally as pecuniary injury to the phone's owner. 18 U.S.C. § 1030(e)(8), (11). And the Court's discussion of "damage" to Czech's phone with respect to her transmission claim applies equally to her access claim.
[25] With respect to her information claim, the Court has already explained that any loss could not have been due to WSOD obtaining information from Czech (assuming that even occurred). See supra § III.B.3. With respect to her transmission and access claims, the prohibited conduct that must cause the "loss" required by subsection 1030(g) to support a civil action is, in effect, the "damage" resulting from the prohibited conduct of both subsection 1030(a)(5)(A) and subsection 1030(a)(5)(C), respectively. See 18 U.S.C. § 1030(g) (requiring that injury occur "by reason of a violation of this section"). (Even assuming Czech received all of the unwanted text messages before the effect of the 2008 amendments that added the requirement of "loss" under 1030(a)(5)(C), such an access claim has always required, by its own terms, "damage.")
[26] For example, insofar as Czech could receive up to 300 text messages per month for the flat fee of $5, she would have incurred no "loss" under the CFAA if she received 300 messages in a particular month even if all 300 were unwanted messages from WSOD. The only exception would be if unused incoming capacity could be "rolled-over" to subsequent months, but Czech does not allege that her service included any such feature.
[27] In so concluding, however, this Court of course implies nothing about Czech's ability to state a claim under state law, much less her ultimate chances of recovering on such claims.