In Re Intuit Privacy Litigation

138 F. Supp. 2d 1272 | C.D. Cal. | 2001

138 F. Supp. 2d 1272 (2001)

In re INTUIT PRIVACY LITIGATION.

No. ED-CV00-123RT(RCX).

United States District Court, C.D. California.

April 10, 2001.

*1273 William S. Lerach, Milberg Weiss Bershad Hynes & Lerach LLP, San Diego, CA, Reed R. Kathrein, San Francisco, CA, Brian J. Robbins, Cauley & Geller, San Diego, CA, for plaintiffs.

Aton Arbisser, Tanja K. Shipman, Kaye, Scholer, Fierman, Hays & Handler, LLP, Los Angeles, CA, Phillip A. Geraci, New York City, for defendant In Re Intuit Privacy Litigation.

ORDER GRANTING IN PART AND DENYING IN PART DEFENDANT'S MOTION TO DISMISS PURSUANT TO FED.R.CIV.P. 12(b)(6)

TIMLIN, District Judge.

The court, Judge Robert J. Timlin, has read and considered defendant Intuit, Inc. ("Defendant")'s motion (the "Motion") pursuant to Fed.R.Civ.P. 12(b)(6) ("Rule 12(b)(6)"), plaintiffs Theresa Bruce and Joel Newby, on behalf of themselves and all others similarly situated ("Plaintiffs")'s opposition, and Defendant's reply. Based on such consideration, the court concludes as follows:

*1274 I.

BACKGROUND[1]

Plaintiffs filed their first consolidated amended class action complaint (the "FAC") in this court on July 28, 2000. Plaintiffs allege three federal statutory-based claims for violations of 18 U.S.C. § 2701, et seq. ("Section 2701"), 18 U.S.C. § 2511, et seq. ("Section 2511"), 18 U.S.C. § 1030, et seq. ("Section 1030") and two supplemental state claims: one based upon alleged violations of Article I, Section 7 of the California Constitution and a second for unjust enrichment (the "Supplemental State Claims").

Plaintiffs are computer-users who have visited Defendant's website: "www.quicken.com." Plaintiffs allege that Defendant violated their privacy rights during these visits primarily through implantation of "cookies."

Plaintiffs allege that:

A "cookie" is an electronic file that online companies, including Intuit, implant upon computer users' hard drives when those users visit Internet Web sites such as Quicken.com.... Cookies are generally created by Web servers and implanted on users' computers when they first establish their connection to the Web site or particular Web pages therein.
Cookies, which Internet companies can differentiate between by assigning unique identification numbers to each computer user, can contain virtually any kind of information. Cookies generally perform many convenient and innocuous functions, such as keeping track of items Web site visitors may purchase. Cookies are also commonly used to keep track of usernames and passwords to make it easier for people to access Web sites that require authentication to view certain Web pages.
The original purpose of the cookie, however, has been subverted by advertising entities like DoubleClick, and the companies that use such firms, as a method to track and record a particular user's movements across the Web and to gather, via rampant and undisclosed cookie implantation, among other things, personal and confidential information about computer users—information that computer users are unaware is being perpetually harvested for others' commercial benefit and enrichment. Information contained in implanted cookie files is sent back to the implanting company or entity each subsequent time that the user visits that Web site or particular Web page so that the information viewed by the Web user can be "linked" to the computer containing the cookie.

Plaintiffs allege that Defendant placed cookies on their computers.

II.

ANALYSIS

A Rule 12(b)(6) motion to dismiss for failure to state a claim is a disfavored one, see Hall v. City of Santa Barbara, 833 F.2d 1270, 1274 (9th Cir.1986), which may only be granted in extraordinary circumstances. See United States v. City of Redwood City, 640 F.2d 963, 966 (9th Cir. 1981). Essentially, a motion to dismiss for failure to state a claim tests plaintiffs compliance with the liberal requirements of Rule 8(a)(2) of the Federal Rules of *1275 Civil Procedure ("Rule 8(a)(2)"). See 5A Charles Alan Wright & Arthur R. Miller, Federal Practice and Procedure § 1356, at 294-96 (1990).

The burden imposed by Rule 8(a)(2) is a minimal one. Rule 8(a)(2) requires parties seeking relief in federal court by way of complaint, counterclaim, cross-claim, or third party complaint, to include "a short and plain statement of the claim showing that the pleader is entitled to relief." In meeting this requirement, a plaintiff need not set forth the legal basis for his claim, only the facts underlying it. See McCalden v. California Library Assoc., 955 F.2d 1214, 1223 (9th Cir.1990).[2] It is the burden of the party bringing a motion to dismiss for failure to state a claim to demonstrate that the requirements of Rule 8(a)(2) have not been met. See Kehr Packages, Inc. v. Fidelcor, Inc., 926 F.2d 1406, 1409 (3d Cir.1991) ("[U]nder Rule 12(b)(6) the defendant has the burden of showing no claim has been stated.")

A. Section 2701

Section 2707 permits a civil action by a person aggrieved by a violation of Section 2701. Section 2701 is violated where a person or entity:

(1) intentionally accesses without authorization a facility through which an electronic communication service is provided; or
(2) intentionally exceeds an authorization to access that facility; and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system.

Defendant contends that Plaintiffs have failed to state sufficient facts to allege a violation of Section 2701 in two respects: (1) Plaintiffs did not allege that Defendant was a "third party to the communications at issue" and (2) Plaintiffs did not sufficiently allege that Defendant "accessed an `electronic communication while it [was] in electronic storage in' an electronic communication system."[3]

1. Third-party

The court has difficulty understanding the basis of Defendant's contention that it could not have violated Section 2701 because it was in "communication" with Plaintiffs when the violation allegedly occurred. It is this court's view that Section 2701 does not require, nor has any court ever interpreted it to require, that a defendant accused of violating Section 2701 be a third-party to an electronic communication *1276 which eventually may be in electronic storage in a facility. More specifically, Section 2701 does not require that there be a "communication" at all, i.e. the existence or absence of communication is irrelevant. The primary act required for violation of Section 2701 is the act of accessing electronically stored data.[4] For example a hypothetical "hacker"[5] who accesses data in a computer without the owner's knowledge would be guilty of violating Section 2701 even though the hacker had no "communication" with the storing agency, i.e. the hacker is not a "third-party" to a communication.

In support of its contention that Section 2701 requires a defendant to be a "third-party to the communications at issue," Defendant cites Section 2701(c) which excepts from liability "conduct authorized ... (2) by a user of that service[6] with respect to a communication of or intended for that user...." It is unclear to the court how this exception buttresses Defendant's contention. Although it is true that a "communication" would need to exist for this exception to apply, this exception does not mean that a "communication" must be taking place at the time the violation of Section 2701 occurs or that the violator must be a third-party to that conversation.

Defendant relies primarily on two cases in support of its position. Neither is on point as both deal with the issue of authorization to access a facility. In State Wide Photocopy Corp. v. Tokai Fin. Serv., Inc., 909 F. Supp. 137 (S.D.N.Y.1995), the plaintiff, State Wide, alleged that the defendant, Tokai, "intentionally exceeded State Wide's authorization to use the proprietary information contained in the lease applications electronically submitted to Tokai by State Wide, which information was stored by Tokai and/or Tokai Bank on its computer facilities, and obtained and provided such proprietary information to Atlantic in violation of 18 U.S.C. § 2701." Id. at 145. The court reasoned that Tokai could not have violated Section 2701 because one has authorization to access one's own computers. See id. Unlike the plaintiff in State Wide, Plaintiffs are not alleging that Defendant accessed Defendant's computers; Plaintiffs are alleging that Defendant accessed Plaintiffs' computers.

In Sherman & Co. v. Salton Maxim Housewares, 94 F. Supp. 2d 817 (E.D.Mich. 2000), the defendant/counter-plaintiff, Salton, alleged that plaintiff/counter-defendant, Sherman, "accessed certain of [Salton's] sales information located in the Kmart network after his dismissal." Id. at 821. The court reasoned that Salton had failed to allege a violation of Section 2701 because:

Salton admits that Kmart provided Sherman with authorization to log on to the computer network to access information about vendors and products that Sherman was representing. Further, Kmart continued to provide James Sherman access to Salton's information after his dismissal by Salton. Salton has not pled nor offered to show that Kmart instructed Sherman that he no longer *1277 had authorization to access Salton's sales information. Nor has Salton pled or offered to show that there was an agreement between the parties that limited plaintiffs access on the Kmart network. Id.

Unlike the plaintiff in Salton, Plaintiffs here allege that they did not authorize Defendant to access data contained in the cookies it implanted on Plaintiffs' computers. If the thrust of Defendant's "third party" contention is that it was authorized to access data in Plaintiffs' computer, the court must reject it as it directly conflicts with Plaintiffs' allegations that Defendant was not so authorized, which allegations the court must accept as true for the purposes of a Rule 12(b)(6) motion to dismiss.

2. Electronic Storage

Defendant contends that (1) "[w]hile the complaint contains a conclusory allegation that [Defendant] accessed information while in electronic storage in plaintiffs' own computers (Complaint ¶ 52), there are no facts alleged to support the conclusion" and (2) "the facts that are alleged are entirely inconsistent with that conclusion," i.e. because the Plaintiffs allege that their personal information was "intercepted" they cannot also allege that it was "accessed."

a. Conclusory Allegations

As to Defendant's first contention, Plaintiffs have alleged that Defendant accessed data contained in "cookies" that it placed in Plaintiffs' computers' electronic storage. The court concludes that this allegation satisfies the liberal requirements of Rule 8(a)(2).

b. Inconsistent Allegations

As to Defendant's second contention, the court concludes that Plaintiffs' allegations are not impermissibly factually inconsistent. The contention appears to be premised on the proposition that one act cannot constitute both "accessing" electronic communications for the purposes of Section 2701 and "interception" of electronic communications for the purposes of Section 2511. The court need not reach the issue whether Defendant's proposition is an accurate statement of the law.[7] The fact that Plaintiffs have alleged that certain electronic communications were intercepted in transit at one time does not preclude it from also alleging that other electronic communications were accessed while in electronic storage at another time.

B. Section 2511

Section 2520 authorizes a civil action by "any person whose wire, oral, or electronic communication is intercepted, disclosed, or intentionally used in violation of this chapter." It appears that Plaintiffs allege that Defendant violated Section 251(1)(a) which provides:

(1) Except as otherwise specifically provided in this chapter any person who —
(a) intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication;
shall be punished as provided in subsection (4) or shall be subject to suit as provided in subsection (5).

*1278 Defendant contends that Plaintiffs have failed to properly plead a violation of Section 2511 because Plaintiffs did not allege that Defendant was a third-party-interceptor of, in contrast to a participant in, an electronic communication. Plaintiffs do not deny that Defendant was a participant to the electronic communications at issue, but contend that Defendant has violated Section 2511 because it intercepted the electronic communications with a criminal or tortuous purpose.[8]

Plaintiffs have failed to state any facts in their complaint which support the allegation that Defendant intercepted electronic communications for the purpose of committing a tortious or criminal act. Plaintiffs contend that the following acts (the "Acts"), committed by Intuit, satisfy the tortious purpose requirement:

Intuit and/or third-parties assisted by Intuit intercepted Class members' electronic communications for the purposes of implanting unauthorized cookies on Class members' computers; repeatedly accessing electronic communications without Class members' knowledge and consent so as to profile such persons' Web browsing habits; secretly tracking Class members' activities on the Internet and collecting personal information about consumers; and profiting from the use of the illegally obtained information, all to Intuit's benefit and Class members' detriment.

But Plaintiffs have not alleged that Defendant engaged in acts of interception for the purpose of facilitating the aforementioned Acts, and such a purpose cannot be reasonably inferred from the FAC.[9] For example, based upon the allegations in the complaint respecting how "cookies" are implanted, it is unclear to the court how intercepting Plaintiffs' electronic communications could have conceivably facilitated the placement of cookies on Plaintiffs' computers.

Plaintiffs do allege in the FAC that Defendant had a "tortious purpose or a purpose that violates the constitutional rights of plaintiffs and class members," but this bare allegation mirroring the statutory language is insufficient to survive a Rule 12(b)(6) motion to dismiss. See Schwarzer, Tashima & Wagstaffe, Federal Civil Procedure Before Trial § 9:211 ("The court need not accept as true conclusionary allegations or legal characterizations."); Halkin v. VeriFone, Inc., 11 F.3d 865, 868 (9th Cir.1993) ("Conclusory allegations of law and unwarranted inferences are insufficient to defeat a motion to dismiss for failure to state a claim.").

Plaintiffs also contend that Defendant's "purpose" is a question of fact which cannot be addressed in a motion to dismiss. Although the court must accept Plaintiffs' well-pled allegations as true in the context of a motion to dismiss under Rule 12(b)(6), the court has concluded that Plaintiffs have failed to sufficiently allege a tortious purpose — not that Plaintiffs' allegations are false.

Finally Plaintiffs contend that the criminal or tortious purpose requirement was satisfied because they alleged that Defendant violated Section 2511, Section 2701, *1279 and Section 1030[10] and that Defendant violated their California Constitutional right to privacy and was unjustly enriched. Again Plaintiffs have not alleged that Defendant intercepted their electronic communications with the purpose of facilitating these violations nor can the court reasonably infer that Defendant did so. See Sussman v. Am. Broad. Companies, 186 F.3d 1200, 1202-03 (9th Cir.1999) (affirming summary judgment granted in favor of defendant journalists who eavesdropped on telephone conversations; the court reasoned: "Under section 2511, the focus is not upon whether the interception itself violated another law; it is upon whether the purpose for the interception — its intended use — was criminal or tortious.... Where the tapping is legal, but is done for the purpose of facilitating some further impropriety, such as blackmail, section 2511 applies. Where the purpose is not illegal or tortious, but the means are, the victims must seek redress elsewhere.") (citations omitted).

Because Plaintiffs have failed to sufficiently allege a tortious or criminal purpose, dismissal of Plaintiffs' Section 2520 claim without prejudice is appropriate.[11]

C. Section 1030

Section 1030(g)[12] authorizes any person who suffers damage or loss by reason of a violation of Section 1030 to maintain a civil action. Section 1030, entitled "Fraud and Related Activity in Connection with Computers," prohibits a wide-range of conduct. Plaintiffs do not specify in either the FAC or their opposition to the Motion which portions of Section 1030 were violated by Defendant. It appears that Plaintiffs are invoking both Section 1030(a)(2)(C)[13] and *1280 Section 1030(a)(5)(A)[14]. Defendant contends that Plaintiffs have failed to satisfy Section 1030(a)(2)(C) and (a)(5)(A) scienter elements. It further contends that Plaintiffs have failed to allege economic damages as required by the statute.[15]

1. Scienter

A person violates Section 1030(a)(2)(C) where that person "intentionally accesses a computer without authorization or exceeds authorized access." Section 1030(a)(5)(A) requires that a defendant "knowingly cause the transmission of a program, information, code, or command." Plaintiffs have alleged that Defendant intentionally placed cookies on Plaintiffs' computers; the cookies allegedly allowed Defendant to retrieve data from Plaintiffs' computers. Plaintiffs allege that Defendant placed the cookies on the computers and retrieved the data for the purpose of monitoring Plaintiffs' web activity. The court concludes that these allegations are sufficient to satisfy scienter elements of Section 1030(a)(2)(C) and Section 1030(a)(5)(A).

2. Damage or Loss

The question presented by the parties is whether a plaintiff must suffer economic damages in order to bring a claim under Section 1030(g). The statute is not an example of clarity, and by reason of its ambiguity requires interpretation. Based on its interpretation, as discussed below, the court concludes that although a plaintiff need not always suffer economic damages to bring a valid Section 1030(g) claim, economic damages are a necessary element based on the facts alleged in this case.

This issue appears to be one of first impression in this circuit and to some extent, the federal courts.[16] Section 1030(g) provides that a person must suffer "damage or loss." The term "damage" is defined by the statute — while the term "loss," is not.

The parties proffer two possible statutory constructions. Under one construction, the term "loss" is construed as a subset of the term "damage," i.e. "loss" is "damage" so complete as to constitute destruction of whatever thing suffered the damage. Defendant advocates this construction. Under the alternative construction, "loss" is *1281 construed as meaning both economic and non-economic damages. Plaintiffs advocate this construction.

"[I]n interpreting a statute a court should always turn first to one, cardinal canon before all others. We have stated time and again that courts must presume that a legislature says in a statute what it means and means in a statute what it says there. When the words of a statute are unambiguous, then, this first canon is also the last: judicial inquiry is complete," Connecticut Nat'l Bank v. Germain, 503 U.S. 249, 253-54, 112 S. Ct. 1146, 117 L. Ed. 2d 391 (1992) (citations omitted), keeping in mind, of course, that "the meaning of words depends on their context." Shell Oil Co. v. Iowa Dept. of Revenue, 488 U.S. 19, 25 n. 6, 109 S. Ct. 278, 102 L. Ed. 2d 186 (1988) (citing NLRB v. Federbush Co., 121 F.2d 954, 957 (2nd Cir.1941) ("Words are not pebbles in alien juxtaposition; they have only a communal existence; and not only does the meaning of each interpenetrate the other, but all in their aggregate take their purport from the setting in which they are used....")). Furthermore, "unless otherwise defined, words will be interpreted as taking their ordinary, contemporary, common meaning." United States v. Smith, 155 F.3d 1051, 1057 (9th Cir.1998). Finally, "[w]e may not interpret a statute so as to render some of its language superfluous; at any rate, we may not do so lightly." Hearn v. W. Conference of Teamsters Pension Trust Fund, 68 F.3d 301, 304 (9th Cir.1995); see also Beisler v. Commissioner of Internal Revenue, 814 F.2d 1304, 1307 (9th Cir.1987) (en banc) ("We should avoid an interpretation of a statute that renders any part of it superfluous and does not give effect to all of the words used by Congress.").

Applying these canons, it is clear to the court that "loss" as it is used in Section 1030(g) means irreparable damage. Any broader interpretation of the term "loss" would render the term "damage" superfluous. As a consequence, the court concludes that in order to bring a civil action under Section 1030(g) a plaintiff must suffer "damage" as defined in Section 1030(e)(8). This determination does not mean, however, that an entity or individual must suffer economic damages to bring suit under Section 1030(g). Section 1030(g) limits plaintiffs to economic damages only if the violation involved "damage" as defined in Section 1030(e)(8)(A), which implicates damages due to a loss. Therefore, if a plaintiff suffers "damage" as defined in Section 1030(e)(8)(B)(C) or (D), non-economic damages would be available. This common-sense interpretation renders operative each term in Section 1030(g) and is consistent with the general scheme of Section 1030 which seeks to prevent computer fraud that causes loss or injury

Applying Section 1030(g) as interpreted above, the Plaintiffs' Section 1030 claim will be dismissed without prejudice. Plaintiffs do not contend that they have suffered "damage" as defined by Section 1030(e)(8)(B)(C) or (D), and the FAC does not include sufficient facts constituting an allegation or reasonable inference therefrom that Plaintiffs suffered at least $5,000 in economic damages.[17]

D. Supplemental Jurisdiction

The Motion as it relates to dismissal of the supplemental state claims is dependent upon dismissal of all the federal claims. Because the court will not dismiss Plaintiffs' *1282 Section 2707 federal claim, it will not dismiss the supplemental state claims.

III.

DISPOSITION

ACCORDINGLY, IT IS ORDERED THAT:

(1) Defendant's motion to dismiss as it relates to Plaintiffs' Section 2707 claim and the supplemental state claims is DENIED;

(2) Defendant's motion to dismiss as it relates to Plaintiffs' Section 1030 and Section 2520 claims is GRANTED without prejudice;

(3) Plaintiff shall have 23 days from the date of this order in which to file a Second Amended Complaint consistent with the analysis part of this order.

NOTES

[1] The following statement of facts is taken from Plaintiffs' FAC. When the court acts on a defendant's motion to dismiss pursuant to Rule 12(b)(6), the court must accept as true all material allegations in the complaint, as well as reasonable inferences to be drawn from them. See Pareto v. F.D.I.C., 139 F.3d 696, 699 (9th Cir.1998).

[2] Although a plaintiff need not explicitly identify the legal theory pursuant to which she seeks relief, "the pleadings must at least implicate [i.e., suggest] the relevant legal theories." Schott Motorcycle Supply, Inc. v. American Honda Motor Co., 976 F.2d 58, 62 (1st Cir.1992); cf. Hicks v. Arthur, 843 F. Supp. 949, 959 (E.D.Pa.1994) ("[A] pleading must be sufficient enough to enable the court to make out the potential viable legal theories upon which the complaint is based.")

[3] In addition to these two grounds, Defendant, in its notice of motion, assert that dismissal is appropriate because Plaintiffs did not allege that their "computers are communication service providers as required under the statute." It appears that Defendant has abandoned this contention because it is not discussed in their memorandum in support of the Motion. The court notes, however, that Section 2701 does not require that Plaintiffs' computers be "communication service providers" only that they be a facility through which an electronic communication service is provided (emphasis added). Defendant does brief the issue whether a computer would qualify as a "facility" for the purposes of Section 2701 for the first time in its reply brief, but this court does not consider arguments raised anew for the first time in a reply brief as to do so would unfairly deny the nonmoving party an opportunity to respond.

[4] Hereinafter, the court uses the term "data" interchangeably with the statutory term "electronic communication."

[5] Webster's II New College Dictionary (1995) defines a "hacker" as "one who gains unauthorized, usually illegal access to another's computer system." See also Steve Jackson Games v. United States Secret Service, 816 F. Supp. 432, 435 n. 2 (W.D.Tex.1993) (employing similar definition).

[6] Defendant's contention that it is a "user of that service" is directly in conflict with the complaint, as Plaintiffs allege that they did not intend to send the accessed data to Defendant. Accordingly, such an argument is inapplicable in the context of a motion to dismiss.

[7] The Ninth Circuit in United States v. Smith, 155 F.3d 1051, 1057 (1998) appears to adopt, in dicta, the holding of Steve Jackson Games, Inc. v. United States Secret Service, 36 F.3d 457 (5th Cir.1994) which is that an entity or individual violates Section 2511 only when it acquires electronic communications (in contrast to wire communications) while in transit. See id. at 460-63. The court in Smith also noted that "messages in electronic storage cannot, by definition, be acquired contemporaneously." Id. at 1058.

[8] Section 2511(2)(d) provides: "It shall not be unlawful under this chapter for a person not acting under state law to intercept a wire, oral, or electronic communication where such person is a party to the communication ... unless such communication is intercepted for the purpose of committing any criminal or tortious act in violation of the Constitution or law of the United States or of any State."

[9] The court notes that it does not reach the issue whether the Acts constitute tortious acts which would satisfy Section 2511(2)(d) if they were the purpose of the interception.

[10] Plaintiffs cite Thomas v. Pearl, 998 F.2d 447, 452 (7th Cir.1993), for the proposition that "`eavesdropping by wiretap may itself constitute such an invasion of privacy' so as to meet the tortious purpose exception of § 2511(2)(d)." Plaintiffs are quoting Thomas out of context. In the portion quoted by Plaintiffs, the Seventh Circuit is citing a case which stands for the proposition that eavesdropping can satisfy the elements for the common law tort of intrusion and not Section 2511(2)(d). The court in fact noted that "Thomas does not allege that Pearl has broken any laws other than the wiretapping law itself, which we presume does not destroy the exemption." Id.

[11] Analyzing Plaintiffs' Section 2511 claim was made particularly difficult by Plaintiffs' failure to identify the acts constituting interception or the information intercepted or, as discussed, the reason why Defendant would be intercepting its own communications. In fact, the only allegations which relate to acts of interception do not appear to directly involve Defendant. Plaintiffs allege that Defendant has advertisers who place "banner" advertisements on their web-page and that these banners allowed the advertisers to intercept electronic communications between the Defendant and Plaintiffs including "highly personal information that a user submits to a particular Web site on which the advertising appears." Although these facts might conceivably support a Section 2520 claim against the advertisers, Plaintiffs do not explain in their opposition to the motion how they could support a claim against Defendant.

[12] Section 1030(g) provides in pertinent part:

Any person who suffers damage or loss by reason of a violation of this section may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief. Damages for violations involving damage as defined in subsection e(8)(A) are limited to economic damages.

[13] Section 1030(a)(2)(C) provides in pertinent part:

(a) Whoever —

...

(2)intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains —

...

(C) information from any protected computer if the conduct involved an interstate or foreign communication.

...

Shall be punished as provided in subsection (c) of this section.

[14] Section 1030(a)(5)(A) provides in pertinent part:

(a) Whoever —

...

(5)(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct intentionally causes damage without authorization, to a protected computer;

...

Shall be punished as proved in subsection (c) of this section.

[15] Damage is defined in Section 1030(e)(8) as "any impairment to the integrity or availability of data, a program, a system, or information, that — (A) causes loss aggregating at least $5,000 in value during any 1-year period to one or more individuals; (B) modifies or impairs, or potentially modifies or impairs, the medical examination, diagnosis, treatment, or care of one or more individuals; (C) causes physical injury to any person; or (D) threatens public health or safety."

[16] Defendant cites two cases dealing with this issue. In Letscher v. Swiss Bank Corp., 1996 WL 183019, *3 (S.D.N.Y.1996), Judge Sand concluded that Section 1030(g) requires a showing of economic damages. However, Judge Sand engaged in no discussion of the statute and therefore the case does not aid this court. The court in McElwee v. Wharton, 1999 U.S.Dist.Lexis 5081 *17, (W.D.Mich. 1999) also fails to discuss the issue and simply cites to Letscher.

[17] Plaintiffs assert that their damages "exceed $5,000 in the aggregate." But the court need not reach the issue of aggregation because Plaintiff did not allege any economic damages in the complaint, individually or aggregated.

midpage