10-CV 932 Landmark Credit Union v. Doberstein

Listen to this article

Civil Procedure
Subject matter jurisdiction; CFAA

Merely accessing and disseminating information from a protected computer does not suffice to create a cause of action under the Computer Fraud Abuse Act.
“[T]here are several fatal flaws with the core of the federal claim, the allegation that Doberstein ‘intentionally accessed a protected computer without authorization’ and ‘recklessly cause[d] damage.’ First, the term ‘damage’ has a very specific definition under the CFAA. Damage is defined as ‘any impairment to the integrity or availability of data, a program, a system, or information.’ 18 U.S.C. § 1030(e)(8). The plaintiff’s allegations indicate that, at best, the defendant accessed and disclosed information from Landmark’s computer. (Compl. ¶¶ 29-31, 37). However, seemingly every court in this circuit that has interpreted the meaning of the word ‘damage’ in the CFAA has held that ‘damage’ does not ‘encompass harm from the mere disclosure of information’ and the CFAA ‘is not intended to expansively apply to all cases where a trade secret has been misappropriated by use of a computer.’ United States Gypsum Co. v. Lafarge N. Am., 670 F. Supp. 2d 737, 744 (N.D. Ill. 2009); Garelli Wong & Assocs. v. Nichols, 551 F. Supp. 2d 704, 710 (N.D. Ill. 2008) (‘[A] civil violation of the CFAA requires “impairment to the integrity or availability of data, a program, a system, or information” . . . [a]llegations of trade secret theft and misappropriation do not suggest such a violation’); Sam’s Wines & Liquors, Inc. v. Hartig, No. 08-CV-570, 2008 U.S. Dist. LEXIS 76451, at *8 (N.D. Ill. Sept. 24, 2008) In fact, the Seventh Circuit, in the only case in which the Court of Appeals has interpreted the civil remedy in the CFAA, has noted that Congress crafted Section 1040(a)(5)(B) of the CFAA because of a concern to thwart ‘attacks by disgruntled programmers who decide to trash the employer’s data system on the way out’ of the company. Int’l Airport Ctrs., L.L.C. v. Citrin, 440 F.3d 418, 419 (7th Cir. 2006) (dictum). Such conduct is light-years away from the conduct alleged by the plaintiff of the defendant. There is virtually no support for the proposition that merely accessing and disseminating information from a protected computer suffices to create a cause of action under the CFAA. The CFAA claim borders on the frivolous, and the court can only surmise that the CFAA claim was alleged in an attempt to artificially create federal jurisdiction for this case.”
10-CV 932 Landmark Credit Union v. Doberstein
E.D.Wis., Stadtmueller, J.