ORDER GRANTING CISCO’S MOTION FOR PARTIAL SUMMARY JUDGMENT; DENYING MULTIYEN’S MOTION FOR PARTIAL SUMMARY JUDGMENT
Presently before the Court are Defendants and Counterclaimants Cisco Sys *889 terns, Inc. and Cisco Technology, Inc.’s (collectively, “Cisco”) Motion for Partial Summary Judgment Against Counterdefendants Peter Alfred-Adekeye (“Adekeye”) and Multiven, Inc. (collectively, “Multiven”) 1 and Counterdefendants’ Motion for Partial Summary Judgment. 2 The Court conducted a hearing on June 7, 2010. Based on the papers submitted to date and oral argument, the Court GRANTS Cisco’s Motion and DENIES Multiven’s Motion.
A. Background
1. Undisputed Facts
Cisco Systems, Inc. is a leading provider of networking equipment (primarily switches and routers) and related services. 3 Cisco Technology, Inc. is a wholly-owned subsidiary of Cisco Systems, Inc. 4 Until May 2005, Adekeye was a Cisco employee. (Answer ¶¶45, 47.) During his employment with Cisco, Adekeye worked as a Technical Assistance Center (“TAC”) engineer. (Id. ¶45.)
On or about March 2, 2005, Adekeye incorporated Multiven. (Answer ¶ 48.) Multiven is a Delaware Corporation that purports to provide service and maintenance support for router and networking systems, including those placed in the market by Cisco. 5 At all relevant times, Adekeye has been the CEO of Multiven. (Id. ¶ 49.)
2. Procedural History
On December 1, 2008, Multiven filed this action against Cisco alleging, inter alia, monopolization and attempted monopolization of the market for provision and maintenance of Cisco network software in violation of the Sherman Act, 15 U.S.C. § 2. (Complaint ¶¶ 17-61.) On November 20, 2009, Cisco filed a First Amended Answer and Second Amended Counterclaims alleging, inter alia, violation of the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030, violation of the California Penal Code § 502, and violation of the California Unfair Competition Law (“UCL”), Cal. Bus. & Prof.Code § 17200 et seq. (hereafter, “SAC,” Docket Item No. 59.)
Presently before the Court are the parties’ Motions for Partial Summary Judgment.
B. Standards
Although motions for partial summary judgment are common, Rule 56 of the Fed *890 eral Rules of Civil Procedure, which governs summary judgment, does not contain an explicit procedure entitled “partial summary judgment.” However, partial summary judgment is inherent in that Rule 56(a) provided for summary judgment on “all or part of the claim.” Thus, a party may move for summary judgment on the liability issues in a claim, leaving the issue of damages, for example, for trial.
The purpose of summary judgment “is to isolate and dispose of factually unsupported claims or defenses.”
Celotex v. Catrett, 477
U.S. 317, 323-24,
As with a motion on the entire claim, under Rule 56(c), partial summary judgment is proper “if the pleadings, depositions, answers to interrogatories, and admissions on file, together with the affidavits, if any, show that there is no genuine issue as to any material fact and that the moving party is entitled to judgment [on a part of the claim or an affirmative defense] as a matter of law.” Fed.R.Civ.P. 56(c). The moving party “always bears the initial responsibility of informing the district court of the basis for its motion, and identifying the evidence which it believes demonstrates the absence of a genuine issue of material fact.” Celotex, 477 U.S. at 323, 106 5.Ct. 2548. The non-moving party must then identify specific facts “showing a genuine issue for trial.” Fed.R.Civ.P. 56(e).
When evaluating a motion for partial or full summary judgment, the court views the evidence through the prism of the evidentiary standard of proof that would pertain at trial.
Anderson v. Liberty Lobby Inc., 477
U.S. 242, 255,
C. Discussion
1. Cisco’s Motion re: the CFAA Claim
Cisco move for summary judgment on their CFAA claim on the ground that on multiple occasions and without authorization, Adekeye used a Cisco employee’s password to gain access to Cisco’s computer systems and download Cisco’s proprietary and copyrighted software. (Cisco’s Motion at 2.) Multiven respond that Adekeye only used a Cisco employee’s password to access Cisco’s computer systems once, and on that occasion he had the employee’s permission to do so. 6
The Ninth Circuit has explained the purpose of the CFAA as follows:
*891 The CFAA was enacted in 1984 to enhance the government’s ability to prosecute computer crimes. The act was originally designed to target hackers who accessed computers to steal information or to disrupt or destroy computer functionality, as well as criminals who possessed the capacity to access and control high technology processes vital to our everyday lives. The CFAA prohibits a number of different computer crimes, the majority of which involve accessing computers without authorization or in excess of authorization, and then taking specified forbidden actions, ranging from obtaining information to damaging a computer or computer data.
LVRC Holdings LLC v. Brekka,
Although Cisco’s Counterclaim only alleges violation generally of 18 U.S.C. § 1030, and does not specify which subsections cover Adekeye’s alleged actions, 7 Cisco move for Summary Judgment pursuant to §§ 1030(a)(4) and 1030(a)(5)(A)(iii). (See Cisco’s Motion at 11.) Thus, the Court only considers those two subsections for purposes of this Motion.
To successfully bring an action under § 1030(a)(4), a plaintiff must show that the defendant: (1) accessed a “protected computer,” (2) without authorization or exceeding such authorization that was granted, (3) “knowingly” and with “intent to defraud,” and thereby (4) “furthered] the intended fraud and obtained] anything of value,” causing (5) a loss to one or more persons during any one-year period aggregating at least $5000 in value.
See
18 U.S.C. § 1030(a)(4);
LVRC Holdings,
To successfully bring an action under § 1030(a)(5)(A)(iii), a plaintiff must show that the defendant: (1) accessed a “protected computer,” (2) without authorization, 8 (3) intentionally, and (4) “as a result of such conduct, cause[d] damage.” 9
The Court addresses the elements necessary to establish liability under the CFAA in turn.
a. Protected Computer
At issue is whether Adekeye accessed a “protected computer,” as that term is defined under the statute.
The CFAA defines a “protected computer” as one “which is used in interstate or foreign commerce or communication.” 18 U.S.C. § 1030(e)(2)(B). The Ninth Circuit has found that “[a]s both the means to engage in commerce and the method by which transactions occur, the Internet is an instrumentality and channel of interstate commerce.”
United States v. Sutcliffe,
Here, the parties do not dispute that Cisco’s network is connected to the internet. (See Cisco’s Motion at 12-13; Multiven’s Opposition.) Thus, the Court *892 finds that computers using the Cisco network are “protected” within the meaning of the statute.
b. Without Authorization
At issue is whether Adekeye accessed secure areas of Cisco’s network without authorization.
In the context of the CFAA, the Ninth Circuit has held that “a person uses a computer ‘without authorization’ ... when the person has not received permission to use the computer for any purpose ... or when the employer has rescinded permission to access the computer and the defendant uses the computer anyway.”
LVRC Holdings,
Here, Adekeye is a former employee of Cisco, however, there is no evidence that any privileges he had as an employee to access secure areas of the Cisco website extended beyond his employment. Cisco, however, has presented unrebutted evidence that upon leaving Cisco’s employ, neither Adekeye nor Multiven had Cisco’s permission or authorization to access Cisco’s network. (Bouja Decl. ¶ 3.) Thus, the Court finds that any access by Adekeye to secure areas of the Cisco network was without authorization.
Multiven admit that on one occasion Adekeye accessed secure areas of the Cisco network. They contend however, that a Cisco employee, Wes Olson, supplied Adekeye with his login and password, thus authorizing Adekeye to access the restricted website. (Multiven’s Opposition at 7-12.) It is undisputed that Wes Olson provided Adekeye with his login and “external” password. Olsen declares that the password was given to Adekeye “to give him access to Cisco’s network on one occasion, for a specific purpose.” 10 However, it is also undisputed that an employee’s giving his login and password to Adekeye was a violation of Cisco’s policies, and thus Olson’s providing access to Adekeye in this manner did not constitute a valid authorization.
Accordingly, the Court finds that there is no genuine issue of material fact that Adekeye accessed secure areas of the Cisco server without authorization.
c. Knowledge and Intent
Cisco contend that Adekeye, without authorization, accessed Cisco’s network “knowingly” and with “intent to defraud” within the meaning of the CFAA. (Cisco’s Motion at 14-16.)
Neither “knowingly” or “intentionally” are specifically defined by the CFAA. Thus, the court applies the “fundamental canon of statutory construction ... that, unless otherwise defined, words will be interpreted as taking their ordinary, contemporary, common meaning.”
Perrin v. United States,
Here, Cisco present evidence that on multiple occasions, a person accessed the Cisco secure computer server from an IP address tied to Adekeye. (Bouja Decl. ¶¶ 4, 10.) Cisco further present evidence that Olson, a current Cisco employee who had an investment and business relationship with Adekeye, gave Adekeye his unique Cisco-issued user ID and external password. 11 In his declaration, Olson admits that giving Adekeye the password was a violation of Cisco’s policies, and he states that based on conversations he had with Adekeye, Adekeye was aware of this fact. (Id. ¶ 3.)
Adekeye admits that on one occasion, he used Olson’s password to access Cisco’s secure network. 12 Adekeye declares that Olson “volunteered” the password, and that he never downloaded any Cisco software using Olson’s password for use in his business. (Id.) As to his mental state at the time that he accessed Cisco’s network, Adekeye declares,
Because Olson was a salesperson and/or manager for Cisco at the time he gave me his login and password information, I believed that he was authorized to do so. Olson was also heavily involved with sales and operations for Cisco at that time. Olson never told me what areas of Cisco’s website I could or could not access or for what purpose I could use his information. In fact, when Olson gave me his login and password information he did not give me any warning or instruction for its use. 13
In response to Cisco’s evidence that an individual using an IP address associated with Adekeye used Olson’s password to access Cisco’s network on multiple occasions, Multiven present evidence that throughout the time period in which the alleged invasions were taking place, Olson was a daily visitor to Adekeye’s home, which then also served as the Multiven office. (Adekeye Opposition Decl. ¶¶ 3, 4.) According to Adekeye, Olson had access to the computers in Adekeye’s home, and used them to remotely access the Cisco network.
(Id.
¶ 4.) However, Cisco’s undisputed evidence shows that during the time period in which the unauthorized accesses occurred from the IP address associated with Adekeye, Olson was traveling extensively out of the area.
14
In the face of undisputed evidence that the Cisco network was accessed on multiple occasions from an IP address associated with Adekeye, along with the undisputed evidence that Olson provided Adekeye with his login
*894
and password, Adekeye’s self-serving testimony that he only accessed the secure website once cannot create a genuine triable issue of fact as to whether he only accessed the website on one occasion.
See Kennedy v. Applause, Inc.,
Given the number of times that Adekeye accessed the secure areas of the Cisco network, the Court finds that no reasonable juror could conclude that Adekeye actually believed that he had Cisco’s authorization to do so. Even if Adekeye genuinely believed that Olson gave him authorization for a limited purpose on one occasion, there is no evidence that Adekeye had any reason to believe that having Olson’s login and password gave him unlimited authorization to access Cisco’s secure website at will. Furthermore, as a former Cisco employee, Adekeye cannot create a genuine issue of material fact as to his knowledge that he was entering areas of the Cisco network without authorization by merely claiming ignorance of Cisco’s policy prohibiting such access for non-employees. (See Bouja Decl. ¶ 3.) Finally, Adekeye has admitted that his reason for accessing Cisco’s secure website was to gather information about which Cisco employees have access to “bug fixes,” referring to Olson as a “whistleblower.” 15 It is not within the realm of reason for Adekeye to have believed that Cisco would authorize one of its employees to provide his login and password to a purported competitor to carry out whistleblowing activities.
Accordingly, the Court finds that there is no genuine issue of material fact that Adekeye acted with the requisite mental state for liability under the CFAA when he accessed Cisco’s network.
d. Damage and Loss
At issue is whether Cisco have suffered damage or loss within the meaning of the statute.
The CFAA defines “damage” as “any impairment to the integrity or availability of data, a program, a system or information.” 18 U.S.C. § 1030(e)(8). The CFAA defines “loss” as “any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.”
Id.
§ 1030(e)(ll). Although the Ninth Circuit has not explicitly addressed the issue, district courts in the Ninth Circuit have held that it is not necessary for data to be physically changed or erased to constitute damage to that data.
Shurgard Storage Centers, Inc. v. Safeguard Self Storage, Inc.,
Here, Cisco present evidence that Cisco’s operating software valued at over $14,000 was subject to unauthorized downloads, resulting from unauthorized intrusions into Cisco’s secure website originating from the IP address associated with Adekeye. (Bouja Decl. ¶ 17.) Adekeye’s only response to this evidence of unauthorized downloads was his testimony that he “never downloaded any software using Wesley Kent Olson’s password(s) for use in [his] business.” (Adekeye Decl. ¶ 6.) Adekeye did not deny using Olson’s password to download software for purposes other than his business. Furthermore, Cisco present evidence that Cisco expended at least $75,000 investigating the intrusions into their network and “restoring the security and integrity of Cisco’s proprietary systems.” (Id.) Thus, the Court finds that there is no genuine issue of material fact that Adekeye’s unauthorized access of Cisco’s network caused Cisco damage and loss in excess of $5000.
Since there are no genuine issues of material fact remaining as to the elements for liability under the CFAA, the Court GRANTS Cisco’s Motion for Summary Judgment as to their claim under the CFAA.
2. Ciscos’ Motion re: California Penal Code § 502 Claim
Cisco move for summary judgment as to their claim under California Penal Code § 502 on essentially the same grounds as their claim under the CFAA. (Cisco’s Motion at 12.)
California Penal Code § 502(c), the California corollary to the CFAA, provides, in pertinent part:
[A]ny person who commits any of the following acts is guilty of a public offense:
(1) Knowingly accesses and without permission alters, damages, deletes, destroys, or otherwise uses any data, computer, computer system, or computer network in order to either (A) devise or execute any scheme or artifice to defraud, deceive, or extort, or (B) wrongfully control or obtain money, property, or data.
(2) Knowingly accesses and without permission takes, copies, or makes use of any data from a computer, computer system, or computer network, or takes or copies any supporting documentation, whether existing or residing internal or external to a computer, computer system, or computer network.
(3) Knowingly and without permission uses or causes to be used computer services.....
(7) Knowingly and without permission accesses or causes to be accessed any computer, computer system, or computer network.
Here, Cisco’s Section 502 claim is based on the identical facts as their CFAA claim. Since the necessary elements of Section 502 do not differ materially from the necessary elements of the CFAA for purposes of this action, the Court finds that there are no genuine issues of material fact remaining as to Cisco Section 502 claim.
*896 Accordingly, the Court GRANTS Cisco’s Motion for Summary Judgment as to their claim under Section 502(c).
3. Multiven’s Motion re: Cisco’s UCL Claim
Multiven move for summary judgment as to Cisco’s UCL claim on the ground that Cisco have suffered no injury in fact, and thus do not have standing to bring such a claim. (Multiven’s Motion at 2.) Multiven contend that UCL standing is limited to individuals who suffer losses of money or property that are eligible for restitution. 16 Cisco respond that eligibility for a restitutionary remedy is not a requirement for UCL standing, and Cisco’s have adequately demonstrated that they suffered a loss. 17
The UCL prohibits “any unlawful, unfair or fraudulent business act or practice.”
18
Cal. Bus. & Prof.Code § 17200. To have standing to bring a cause of action under the UCL, a plaintiff must have “suffered injury in fact and [ ] lost money or property as a result of the unfair competition.” Cal. Bus. & Prof.Code § 17204. More specifically, under section 17204, a plaintiff must show “either prior possession or a vested legal interest in the money or property allegedly lost.”
Walker v. USAA Cas. Ins. Co.,
In a recent case, the Court found that standing under the UCL does not require a loss of money or property that is eligible for restitution.
19
In that case, the Court followed Judge Chesney’s reasoning in
Fulford v. Logitech, Inc.,
to hold that a plaintiff has UCL standing if it alleges a loss of money or property in which it had prior possession or a vested legal interest, even if that loss is not eligible for restitution.
As Multiven point out, the Ninth Circuit cited
Buckland
as authority for the proposition that UCL standing requires a showing of “lost money or property.”
Walker,
As previously discussed, Cisco present evidence that Cisco’s operating software valued at over $14,000 was subject to unauthorized downloads, allegedly resulting from Adekeye’s invasion into Cisco’s network, and that Cisco expended at least $75,000 investigating the intrusions into their network and restoring the security of its systems. (Bouja Decl. ¶ 17.) The Court finds that Cisco have made a sufficient showing of a loss of money or property resulting from Adekeye’s alleged invasions into Cisco’s network to impart UCL standing. The loss of valuable software and the considerable expense of investigating security breaches and possible compromise of the integrity of the network constitute substantial economic loss. Moreover, prior to the alleged unauthorized download of Cisco’s software, Cisco had possession of, and a vested legal interest in that software. 20
Accordingly, the Court DENIES Multiven’s Motion for Partial Summary Judgment as to Cisco’s UCL claim on the ground that Cisco have not adequately shown an injury in fact to impart standing.
4. Multiven’s Motion to Stay
On June 8, 2010, Multiven filed a Motion to Stay Counterclaims, (hereafter, “Motion to Stay,” Docket Item No. 234.) Multiven contend that further litigation of the counterclaims will jeopardize Adekeye’s Fifth Amendment privileges in parallel criminal proceedings arising out of the same factual circumstances. (Motion to Stay at 5-7.) Multiven further contend that the factors recognized by the Ninth Circuit in
Keating v. Office of Thrift Supervision,
Here, Adekeye has already voluntarily submitted declarations in support of Multiven’s briefs regarding the parties’ cross-motions for summary judgment and has been deposed extensively, including fourteen hours of deposition testimony that he voluntarily provided in Vancouver, Canada prior to his arrest. Without deciding whether Adekeye was sufficiently aware of the likelihood of criminal prosecution for his declarations and deposition testimony to effect a waiver of his Fifth Amendment rights,
21
the Court finds that continuing the litigation will only minimally implicate Adekeye’s Fifth Amendment rights, given the extensive testimony he has already provided in this case.
See F.T.C. v. J.K. Publ’ns, Inc.,
Accordingly, the Court DENIES Multiven’s Motion to Stay Counterclaims.
D. Conclusion
The Court GRANTS Cisco’s Motion for Partial Summary Judgment as to Cisco’s claims under the CFAA and California Penal Code § 502. The Court DENIES Multiven’s Motion for Partial Summary Judgment as to Cisco’s UCL claim.
The Court DENIES Multiven’s Motion to Stay Counterclaims.
Notes
. (hereafter, "Cisco’s Motion,” Docket Item No. Ill, redacted public version; Docket Item No. 134, seal version.)
. (hereafter, "Multiven’s Motion,” Docket Item No. 108.)
. (Declaration of Alex X. Bouja in Support of Motion of Cisco Systems, Inc. and Cisco Technology, Inc. for Partial Summary Judgment Against Peter Alfred-Adekeye and Multiven, Inc., hereafter, "Bouja Decl.,” Docket Item No. 112, redacted public version.) Multiven have filed extensive objections to the Declaration of Mr. Bouja. (See Defendants' Evidentiary Objections to the Declaration of Alex T. Bouja and Exhibits Thereto Submitted in Support of Plaintiff's Motion for Partial Summary Judgment Against Peter AlfredAdekeye and Multiven, hereafter, "Objections,” Docket Item No. 163.) Upon review of the Declaration of Mr. Bouja, the Court finds that Mr. Bouja has sufficiently demonstrated that he has personal knowledge of the matters about which he attests. As Cisco's Program Manager of Legal Investigations, Mr. Bouja may testily to the nature of the investigation that Cisco undertook and the information that Cisco gleaned as a result of that investigation. Accordingly, the Court OVERRULES Multiven's Objections for the purposes of these Motions.
. (Answer to the Second Amended Counterclaims ¶ 23, hereafter, "Answer,” Docket Item No. 73.)
. (Civil Complaint for Damages and Injunctive Relief, hereafter, "Complaint,” Docket Item No. 1.)
. (Opposition to Cisco Systems, Inc.’s Motion for Partial Summary Judgment Against Peter Alfred-Adekeye at 4, hereafter, "Multiven’s Opposition,” Docket Item No. 162, redacted version.)
. (See SAC ¶¶ 123-31.)
. In their statement of the elements of § 1030(a)(5)(A)(iii), Cisco add the term "exceeding such authorization that was granted” to the statutory language "without authorization.” (See Cisco’s Motion at 11.) The Court finds that unlike § 1030(a)(4), § 1030(a)(5)(A)(iii) does not contain the phrase "exceeding such authorization that was granted.”
. Since the CFAA is primarily a criminal statute, and §§ 1030(a)(4) and 1030(a)(5)(A)(iii) create criminal liability for violators of the statute, the Court applies the version of the CFAA that was in effect at the time that Adekeye allegedly committed the wrongs.
See LVRC Holdings,
. (Declaration of Kent Olson 113, hereafter, “Olson Decl.,” Docket Item No. 113.)
. (Olson Decl. ¶¶ 3, 14.)
. (Declaration of Peter Alfred-Adekeye in Support of Motion for Partial Summary Judgment ¶ 6, hereafter, “Adekeye Decl.,” Multiven's Motion, Ex. 1.)
. (Declaration of Peter Alfred-Adekeye Opposition Motion by Cisco Systems, Inc. and Cisco Technology, Inc. for Partial Summary Judgment ¶ 6, hereafter, "Adekeye Opposition Decl.,” Multiven's Opposition, Ex. 1.)
. Cisco’s unrebutted evidence shows that Olson was in India from November 6-12, 2005; in Illinois from April 30-May 3, 2007; in Washington, D.C. from June 12-16, 2007; in Southern California from March 9-19, 2007; and on one occasion, he was logged into the Cisco network from a neighboring city while the use at the IP address associated with Adekeye was also logged in. (Declaration of Patrick M. Ryan in Support of Cisco’s Reply in Support of its Motion for Partial Summary Judgment Against Peter Alfred-Adekeye and Multiven, hereafter, "Ryan Decl.,” Ex. A at 58:21-59:5, 59:6-14, 59:18-60:1, 65:11-67:20, Docket Item No. 177; Bouja Decl. ¶ 16(d), Ex. J; Supplemental Declaration of Alex T. Bouja in Support of Motion of Cisco Systems, Inc. and Cisco Technology, Inc. for Partial Summary Judgment Against Peter AlfredAdekeye and Multiven, Inc. ¶¶ 17-19, Exs. KLM, Docket Item No. 176.)
. (See, e.g., Adekeye Decl. ¶ 6 ("When I accessed Cisco’s website on that one occasion, it was only to confirm amongst other things that it was not only Cisco's engineers that had access to the bug fix page but also its nontechnical managers and salespeople.”); Adekeye Deposition Transcript, Vol. 2 at 525:12-15 ("So Mr. Olson acting in whistleblower capacity volunteered information, and he even volunteered, without being asked, his username and password for his Cisco.com website....”), Declaration of Patrick M. Ryan in Support of Cisco's Opposition to Multiven’s Motion to Stay Counterclaims, Ex. B, Docket Item No. 259.)
. (Reply to Opposition to Multiven's Motion for Partial Summary Judgment at 2-9, hereafter, "Multiven’s Reply,” Docket Item No. 174.)
. (Cisco’s Opposition to Multiven’s Motion for Partial Summary Judgment at 4-6, hereafter, "Cisco's Opposition,” Docket Item No. 164.)
. The California Supreme Court has stated that "the primary form of relief available under the UCL to protect consumers from unfair business practices is an injunction, along with ancillary relief in the form of such restitution 'as may be necessary to restore to any person in interest any money or property, real or personal, which may have been acquired by means of such unfair competition.’ ”
In re Tobacco II Cases,
.(Order Granting in Part and Denying in Part Defendants’ Motion to Dismiss; Denying Motion to Strike, Case No. C 08-5562 JW, Docket Item No. 23.)
. The Court notes that even if eligibility for a restitutionary remedy were a prerequisite for UCL standing, Cisco's showing of loss would still be sufficient. Specifically, Cisco have presented evidence that Adekeye took Cisco's property, in the form of software downloads, without permission. In the event that Cisco were successful in proving that Adekeye took such action, an appropriate remedy would be return of the unlawfully downloaded software to Cisco.
.
see Brown v. United States,