ORDER
THIS CAUSE сomes before the Court upon the Report and Recommendation filed by United States Magistrate Judge David A. Baker, filed on February 14, 2012 (Doc. 63). Judge Baker recommends that the Court grant Defendant’s Motion to Dismiss Plaintiffs’ Second Amended Complaint (Doc. 54) for failure to state a claim. Neither party filed an objection to the Report and Recommendation, and the time to do so has expired.
Magistrate Judge Baker thoroughly analyzed Plaintiffs’ claims in the Second Amended Complaint, which alleges violations of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (“CFAA”). Doc. 63, pp. 4-12. First, Judge Baker found that Plaintiffs’ admission that W. Anderson had “full administrative access” to Plaintiffs’ computer system (Doc. 51, ¶ 39) means that Anderson cannot be considered “without authorization” under the terms of the CFAA and thus Plaintiffs have failed to state a cause of action under any of the provisions of the Act that require unauthorized access. Doc. 63, p. 7. Second, even accepting a broad definition of the “loss” required by the CFAA, Plaintiffs’ allegations do not show an adequate connection between the acts of the alleged violator (Anderson) and the actual Defendants in this suit to support a cause of action under § 1030(a)(5)(A). Id., p. 12. The Court is satisfied that the Plaintiffs have failed to state any plausible claim for relief under the CFAA against these Defendants, and will dismiss their Second Amended Complaint with prejudice. Therеfore, after careful consideration of the Report and Recommendation of the Magistrate Judge in conjunction with an independent examination of the court file, the Court is of the opinion that the Magistrate Judge’s Report and Recommendation should be adopted, confirmed, and approved in all respects.
ACCORDINGLY, it is hereby ORDERED and ADJUDGED as follows:
1) The Report and Recommendation of the Magistrate Judge (Doc. 63) is adopted, confirmed, and approved in all respects and is made a part of this order for all purposes, including appellate review.
2) The Defendants’ Motion to Dismiss Plaintiffs’ Second Amended Complaint (Doc. 54) is GRANTED for failure to state a claim upon which relief can be granted. As this was*1288 Plaintiffs’ third attempt to state a claim upon which relief can be granted, the Second Amended Complaint is DISMISSED with prejudice.
3) The Clerk is directed to terminate all pending motions, enter judgment accordingly, and CLOSE this case.
Report And Recommendation
TO THE UNITED STATES DISTRICT COURT
This cause came on for consideration without oral argument on the following motion filed herein:
[[Image here]]
Background
In the initial Complaint, Plaintiffs pled a variety of state law claims against eleven defendants (Doc. No. 1). Following issuance of an Order to Show Cause why the complaint should not be dismissed for lack of a showing of diversity jurisdiction (Doc. No. 17), Plaintiff filed an Amended Complaint, which reiterated the state law claims and added two federal claims alleging violations of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (herein “CFAA” or “the Act”) (Doc. No. 21). Upon review, this Court issued a recommendation that the District Court decline to exercise supplemental jurisdiction over the numerous state law claims, and direct Plaintiff to file a second amended complaint asserting only the claims arising under federal law (Doc. No. 45). The District Court adopted that recommendation and granted Plaintiffs’ Agreed Motion for leave tо file a Second Amended Complaint (Doc. No. 50). Upon filing of the Second Amended Complaint (Doc. No. 51), Defendants filed the instant motion to dismiss. Plaintiffs responded to the motion (Doc. No. 58) and, on December 19, 2011, the District Court referred the matter to the undersigned. For the following reasons, it is respectfully recommended that the motion be granted, and the Second Amended Complaint be dismissed.
The Second Amended Complaint
As set forth more particularly below, Plaintiffs have filed a three count complaint against two Defendants — Marketcliq, Inc. and Russ Rogers — based on the alleged actions of Plaintiffs’ former employee (and non-party) Walter Anderson (herein “Anderson”). Plaintiffs allege that they have an established business website — “Trademotion.com”—which builds electronic commerce web solutions for original equipment manufacturers and their franchises and authorized automobile dealerships to sell, track, advertise and manage рarts (Doc. No. 51 at ¶ 23). As an important part of Plaintiffs’ business, they provide Search Engine Optimization (“SEO”) services to its dealership customers, which allows dealership clients to attract higher numbers of customers through the use of internet marketing. Id. at ¶¶ 24-28. Plaintiffs also developed an application and accompanying source code for the content management and organization of an automotive parts catalog from proрrietary information licensed to Plaintiffs. Id. at ¶ 29.
The Second Amended Complaint alleges that Marketcliq is a corporation formed on
Motion to Dismiss Standards of Law
In ruling on a motion to dismiss, a court views the complaint in the light most favorable to the plaintiff. Hunnings v. Texaco, Inc.,
To survive a motion to dismiss, a complaint must contain sufficient factual matter, accepted as true, to “state a claim to relief that is plausible on its face.” [Bell Atlantic Corp. v. Twombly,550 U.S. 544 ] at 570,127 S.Ct. 1955 , [167 L.Ed.2d 929 (2007) ]. A claim has facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged. Id., at 556,127 S.Ct. 1955 . The plausibility standard is not akin to a “probability requirement,” but it asks for more than a sheer possibility that a defendant has acted unlawfully. Ibid.
Ashcroft v. Iqbal,
Analysis
Defendants contend that Plaintiffs’ claims under the Act must be dismissed in that:
1) Plaintiffs have failed to sufficiently allege and cannot sufficiently allege that their computers were accessed by the Defendants “without authority” as required under the CFAA;
2) Plaintiffs have failed to sufficiently allege and cannot sufficiently allege that the CFAA violations caused any “impairment to the integrity of their computer systems” or otherwise caused any “interruption in service” as required by the CFAA; and
3) Because the Plaintiffs allege that Anderson was the only direct perpеtrator of the CFAA criminal provisions, the Defendants are not “violators” as that term is defined by the statute, and are therefore not subject to civil liability.
The Computer Fraud and Abuse Act
As observed by this Court in the prior Report (Doc. No. 45), the CFAA was de
The CFAA defines seven categories of conduct that can give rise to civil or criminal liability, and intentionally accessing a protected computer without authorization, and as a result of such conduct, causing damage and loss, gives rise to criminal liability. 18 U.S.C. § 1030(a)(5)(C). Civil liability requires an additional showing: “A civil action for a violation of this section may be brought only if the conduct involves 1 of the factors set forth in subclauses (I), (II), (III), (IV), or (V) of subsection (c)(4)(A)(I).” 18 U.S.C. § 1030(g). In order to establish civil liability, a plaintiff must also show that defendants additionally violated subsection (I) by causing “lоss to 1 or more persons during any 1-year period ... aggregating at least $5,000 in value” (or other damages not relevant here). 18 U.S.C. § 1030(c)(4)(A)(i)(I). Damages for a violation involving conduct described in subsection (c)(4)(A)(i)(I) are limited to economic damages. 18 U.S.C. § 1030(g).
Applied here, the Second Amended Complaint does not specify which of the described violations were allegedly committed by these Defendants and which of the factors listed in § 1030(e)(4)(A)(i) were involved. Construing thе allegations liberally, as detailed in their response brief (Doc. No. 58), it appears Plaintiffs are asserting that Anderson accessed a protected computer without (or in excess of his) authority to do so, with resulting damage. Thus, the Court assumes that Plaintiffs are alleging that Defendants violated subsections (a)(2)(C), (a)(4) and/or (a)(5) of 18 U.S.C. § 1030, which provide in relevant part that civil liability may be imposed upon whoever:
(2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains—
(C) information from any protected computer;
-or-
(4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud;
-or-
(5) (A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
(B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or
(C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss.
18 U.S.C. § 1030(a)(2), (a)(4), and (a)(5).
As observed by Defendants, all of these provisions (save for § 1030(a)(5)(A)) requires that access to the protected сomputer
It is the employer’s decision to allow or to terminаte an employee’s authorization to access a computer that determines whether the employee is with or “ ‘without authorization.’ Shamrock Foods Co. v. Gast,
With respect to the remaining possible claim under § 1030(a)(5)(A), Defendants contend that any such claim fails as Plaintiffs hаve not adequately alleged that Anderson caused “damage” or “loss” as defined by the Act. As noted above, under § 1030(a)(5)(A), a violator is one who “knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer.”
“Damage” is defined as “any impairment to the integrity or availability of data, a program, a system, or information.” 18 U.S.C. § 1030(e)(8).
*1292 The use of term “integrity” in the statute to define damage requires “some diminution in the completeness or usability of data or information on a computer system.” Resdev v. Lot Builders, No. 6:04-CV-1374ORL31DAB,2005 WL 1924743 , at *5 (M.D.Fla. Aug. 10, 2005). Likewise, the use of word “availability” suggests that a party asserting a claim under subsection 1030(a) may prove damage by showing that defendant’s actions somehow made certain data or program not readily obtainable.
Cheney v. IPD Analytics, L.L.C., No. 08-23188-CIV,
In the Second Amended Complaint, Plaintiffs allege thаt they suffered damages arising out of the fact that Plaintiffs were required to “expend substantial funds, in excess of five thousand dollars in order to track down the code issue, contact existing and prospective customers, negotiate with those customers for copies of records involving MARKETCLIQ [and Rogers] ... and repair Plaintiffs’ code.” (Second Amended Complaint ¶¶ 83, 97). There is no allegation that the computer or information on it was not useable or obtainable as required under this definition; rather, it appears that Plaintiffs allege that Anderson copied its confidential information (which did not make it unavailable to Plaintiffs) and inserted a script that diverted future leads or potential customers. An argument could be made that these allegations are sufficient to show “damage .. to a protected computer” under the Act, yet Plaintiffs fail to make it.
“Loss” is defined in the Act as “any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.” 18 U.S.C. § 1030(e)(ll). The parties differ as to whether or not this provision requires all losses to be incurred due to an interruption of service. The case law notes a split of authority, and the Eleventh Circuit has not decided the issue. Cases from the Southern District of Florida favor interpreting the provision to require an interruption of service. See, e.g., Cheney, supra,
On the other hand, courts in the Middle District and other districts have interpreted the provision more broadly. See, e.g. Klein & Heuchan, Inc. v. Costar Realty Information, Inc., 8:08-cv1227-T-30EAJ,
In light of all of the above, the Court finds that a cause of action under § 1030(a)(5)(A) against Anderson could well be supported on these facts. Plaintiffs, however, have not sued Anderson in this pleading. At issue is whether these allegations are sufficient to state a cause of action against these Defendants.
“The Violator”
Section 1030(g) states that “any person who suffers damage or loss by reasоn of a violation of this section may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief.” 18 U.S.C. § 1030(g). (Emphasis supplied). As set forth above, there are no allegations that either Defendant committed any of the actions complained of here. Rather, Plaintiffs rely on 18 U.S.C. § 1030(b), which provides: “Whoever conspires to commit or attempts to commit an offense under subsection (a) of this section shall be punished as provided in subsection (c).... ” Subsection (c) of the Act sets forth a range of criminal penalties. Thus, Plaintiffs seek recognition of a civil action solely against Defendants who are not alleged to have committed any of the specific acts in question. Even if the Court were to construe this section as providing for a private cause of action against co-conspirators, the allegations оf the operative complaint are insufficient to meet the Twombly plausibility standard.
As set forth above, the only possibly viable cause of action here is one relating to the insertion of a script to redirect leads.
Conclusion
For the reasons set forth above, the Court respectfully recommends that the motion be granted, and the Second Amended Complaint be dismissed for failure to state a claim.
Failure to file written objections to the proposed findings and recommendations contained in this report within fourteen (14) days from the date of its filing shall bar an aggrieved party from attacking the factual findings on appeal.
Notes
. The parties appear to concede for present purposes that Plaintiffs have adequately al
. Indeed, in their brief, Plaintiffs do not attempt to distinguish the relevant authority and fail to cite any cases on point.
. Plaintiffs fail to adequately address this argument in their papers, asserting that "Plaintiffs do not need to allege or prove thаt it also suffered damages as defined by the CFAA” as the Act "only requires that the plaintiff suffer a root loss or damage, not both.” (Doc. No. 58, n. 1). Plaintiffs are incorrect. "A careful analysis of subsection 1030(c)(4) (A)(i) (I) in conjunction with subsection 1030(a)(5)(A) yields a conclusion that in order to state a claim under subsection 1030(a)(5)(A) a party must allege both "damage” and a "loss” aggregating at least $5,000 in value." Cheney v. IPD Analytics, L.L.C., supra,
. There may be a vague claim that information was deleted by Anderson, but this claim is not set forth sufficiently to evaluate.
. The complaint makes reference to numerous “attached” exhibits, but the pleading contains no such attachments.