From Casetext: Smarter Legal Research

In re America Online, Inc.

United States District Court, S.D. Florida
Apr 19, 2001
168 F. Supp. 2d 1359 (S.D. Fla. 2001)

Summary

concluding that the phrase "without authorization" in the CFAA "contemplate a situation where an outsider, or someone without authorization, accesses a computer"

Summary of this case from Diamond Power Intern., Inc. v. Davidson

Opinion

No. 00-1341.

April 19, 2001.

Justin Graem Witkin, Levin Middlebrooks Mabie Thomas, Mitchell et al, Pensacola, FL, Joseph Michael Matthews, Colson Hicks Eidson Colson et al, Coral Gables, Fl, Mila F. Bartos, Finkelstein Thompson Loughran, Washington, DC, Daniel C. Girard, Girard Green, San Francisco, CA, Lloyd W. Gathings, II, Gathings Associates, Birmingham, AL, Daniel R. Karon, Gallagher Sharp Fulton Norman, Cleveland, OH, Joseph P. Danis, Carey Danis, St. Louis, MO, Thomas Frederic Gonzalez, Charles T. Wiggins, J. Nixon Daniel, III, Beggs Lane, Pensacola, FL, James Richard Hooper, Orlando, FL, Robert Bruce Carey, Norton Frickey Associates, Colorado, CO, Steve W. Berman, Sean R. Matt, Hagens Berman, Seattle, WA, Michael Hyman, Much Shelist Freed Denenberg, Ament Bell Rubenstein, Chicago, IL, Alan Schulman, Robert S. Gans, Berstein Litowitz Berger Grossman, San Diego, CA, Kevin P. Roddy, Hagens Berman, Los Angeles, CA, Gordon M. Fauth, Jr., A.J. De Bartolomeo, Eric H. Gibbs, Girard Green, San Francisco, CA, William S. Lerach, Milberg Weiss Bershad Hynes Lerach, San Diego, CA, John G. Emerson, Jr., The Emerson Firm, Houston, TX, Robert J. Berg, Bernstein Liebhard Lifshitz, New York City, Lawrence A. Sucharow, Peter E. Zinman, Goodkind Labaton Rudoff Sucharow, New York City, William J. Pinilis, Morristown, NJ, Lionel Z. Glancy, Los Angeles, CA, Peter S. Pearlman, Cohn Lifland Pearlman Herrmann Knopf, Saddle Brook, NJ, Kevin Yourman, Weiss Yourman, Los Angeles, CA, Michael D. Braun, Timothy J. Burke, Stull Stull Brody, Los Angeles, CA, John Charles Murdock, Jeffrey Goldenberg, Murdock Beck Goldenberg Benintendi, Cincinnati, OH, Douglas M. Brooks, Gilman Pastor, Saugus, MA, W. Lewis Garrison, Jr., Romaine S. Scott, III, Garrison Scott Gamlbe Rosenthal, Birmingham, AL, Jules Brody, Stull Stull Brody, New York City, Joseph H. Weiss, Weiss Yourman, New York City, for Ronald Kieves, Jonathan Konetz, Flo Kelly, Patrick B. North, Elizabeth Cofino, Juan Cofino, Mary Beth Bisselle, Donald L. Jaykins, Edwin Reano-Vasquez, Farhad Khazai, Howard Schuman, Christal Schmidt, Margaret P. Henshall, EZ Booking, Inc., Russell A. Hightower, Michael S. Muzio, Eric Lloyd, James M. Felker, David Parker, Michelle L. Irish, Donald T. Rubin, Garry Veak, Scott Goldberg, Olga Vaca, David Drew, Lee Zinman, Mark Lofty, Susan Poplawski, Steven Langert, Melody Munro, Robert Kerr, Jr., Mary Jane Kerr, Vincent C. Kent, M.D., David P. Bershad, Mary D. Rennie, Jasper J. Lovoi, Jr., Joe D. Malley, Antionette Brooks, Matthew Fishman, Susan Fishman, Robin Yarnell, Merk French, Jackey Lee, Connie Dexter Kinser, Eddie Jean Harp, Alan Wayne, Galaxy Internet Services, Inc., Susan Schilling, Frosty Chuba, Scott Wise, Paul Barnes, Patsy Barnes, Custom Call Services, Inc., on behalf of themselves and all other Alabama consumers who installed America Online Version 5.0 Software, Paul Barnes, Patsy Barnes, Metropolitan Marketing Services, Inc., Custom Call Services, Inc., Taylor Robinson, Jerri K. Thaman, Jonathan Rosenblum, Consumer Plaintiffs, and Scott F. Johnson, consolidated plaintiffs.

Joseph Peter Klock, Jr., Robert C.L. Vaughan, Steel Hector Davis, Miami, FL, Terry C. Young, Lowndes Drosdick Doster Kantor Reed, Orlando, FL, Roman P. Wuller, Robert J. Wagner, Thompson Coburn, St. Louis, MS, B. John Pendleton, Jr., McCarter English, Newark, NJ, Mia Higgins, Kirkland Ellis, New York City, Eugene F. Assaf, Thomas D. Yannucci, Kirkland Ellis, Washington, DC, James Eugene Burke, Keating Muething Klekamp, Cincinnati, OH, Michael J. Beck, Clerk of the Panel, Judicial Panel on Multidistrict Litigation, Washington, DC, John A. DeSisto, Featherstone DeSisto, Denver, CO, Andrew J. Berman, James T. Fousekis, Lisa M. Sitkin, Steinhart Falconer, San Francisco, CA, George Allan Van Fleet, Vinson Elkins, Houston, TX, for America Online, Inc., defendants.

Henk Brands, Kellogg Huber Hansen Todd Evans, Washington, DC, for Software Information Industry Association.



ORDER ON DEFENDANT'S MOTIONS TO DISMISS


THIS CAUSE is before the court upon the defendant America OnLine, Inc's ("AOL") motions to dismiss (DE #95. 97). There are two classifications of plaintiffs in this case: the individual consumers ("consumers") and the Internet Service Providers ("ISPs"). Each of these plaintiff groups has filed a complaint against AOL, and these cases have been consolidated under the above-captioned case number. The court has federal question and supplemental jurisdiction over both cases pursuant to 28 U.S.C. §§ 1331 and 1367. AOL has filed motions to dismiss both of the plaintiffs' complaints pursuant to Federal Rule of Civil Procedure 12(b)(6). On March 3, 2001, the court heard oral argument on the motions to dismiss. Upon consideration of the pleadings and the arguments of counsel, AOL's motions to dismiss the consumers' (DE # 95) and Galaxy's complaints (DE # 97) are granted in part and denied in part.

On June 2, 2000, with the agreement of AOL, the Judicial Panel on Multi-district Litigation ("the MDL Panel") transferred pending federal cases to this district for coordination and consolidation of pretrial proceedings. The MDL Panel subsequently transferred more than forty related cases to Florida, and with the exception of Galaxy's case, these cases have been consolidated in the consumers' complaint.

Factual Background

I. Nature of Case

This case involves claims by individuals and corporations who allegedly were injured by AOL's Internet and online access software version 5.0 ("AOL 5.0"). The consumers have brought a class action on behalf of similarly situated consumers who installed AOL 5.0 into their personal computers. Their complaint is a consolidation of cases pending in various district courts across the United States. The consumers have asserted seven counts against AOL: count I, violation of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030(a)(5); count II, violation of state consumer protection acts, brought under the laws of all fifty states and the District of Columbia; count III, unfair and deceptive acts and practices and consumer fraud; count IV, product liability for defective design; count V, product liability for failure to warn; count VI, negligence; and count VII, negligent misrepresentation.

The named representatives of the consumer class are: Flo Kelly, a Florida resident; Merk French, a California resident; Robin Yamell, a California resident; Patricia Mitchell Carrick, a California resident; Jim M. Felker, a California resident; Eric Lloyd, a California resident; Joanne Donsky, a California resident; Susan Poplawski, a New Jersey resident; Robert and Mary Jane Kerr, New Jersey residents; and Mark H. Harken, a Texas resident. The consumers seek class certification, but no motion to certify has yet been filed.

Galaxy Internet Services, Inc. ("Galaxy"), the representative ISP, has brought a class action on behalf of similarly situated ISPs that have subscribers who have downloaded or installed AOL 5.0. Galaxy's complaint contains four counts count I, attempted monopolization of the Internet service market in violation of 15 U.S.C. § 2; count III, violation of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030; count V, unfair or deceptive business practices, brought primarily under M.G.L. c. 93A § 11 and comparable statutes of other states; and count VI, tortious interference with existing and prospective contractual relationships. This complaint was originally filed in the United States District Court for the District of Massachusetts, but it was transferred to the Southern District of Florida and consolidated with the consumers' complaint.

Galaxy seeks class certification, but no motion to certify has yet been filed.

In its response to AOL's motion to dismiss, Galaxy withdrew counts II and IV of its complaint, which were for violations of the Clayton Act, 15 U.S.C. § 14, and the Electronic Communications Privacy Act, 18 U.S.C. § 2701, respectively.

II. Factual Allegations

A. The Consumers' Complaint

The following facts are derived from the consumers' complaint.

AOL is an ISP that establishes Internet connections through a dial-up Internet account provided by the corporation. By June 30, 1999, AOL had become the world's largest ISP to residential homes, providing 34,311,550 residential online subscribers with its services. Cons.Compl. at ¶¶ 33, 35. While the six largest ISP operators account for 78.9% of online subscribers, AOL alone accounts for 52% Cons. Compl. at ¶ 35.

According to the consumers, AOL's intent for the past six years has been to monopolize the market for online services to American households. Cons.Compl. at ¶ 39. One way AOL has attempted to meet this goal is by providing a free disc of its program to every household with a computer, accompanied by a "free trial subscription." Cons.Compl. at ¶ 40. Another marketing technique has been to negotiate with computer manufacturers so that a consumer receives AOL when it purchases a new computer system. Cons. Compl. at ¶ 40. A purchaser of such a system need only click on the AOL icon of its computer to install and configure AOL's Internet access software. Cons. Compl. at ¶ 40. The consumers claim that AOL carefully calculated that, once AOL's Internet access programs had been installed into residential computers, consumers would be unlikely to change ISPs. Cons. Compl. at ¶ 43. According to the consumers, AOL recognized that most consumers would suffer through many inconveniences, including poor reliability, bad service, and higher prices, rather than cancel their AOL service and go through the process of starting over again with another ISP. Cons.Compl. at ¶ 44. Moreover, once installed, AOL's software would "take over" the consumer's desktop computer through numerous icons, default applications pop-up windows, and a window covering an entire screen. Cons.Compl. at ¶ 46.

On October 5, 1999, AOL announced the release of its fifth generation of Internet access software. AOL 5.0. Cons.Compl. at ¶ 49. In a massive marketing campaign, AOL distributed millions of copies of its software and made AOL 5.0 available online. Cons.Compl. at ¶ 50. AOL told consumers that AOL 5.0 was "risk free," "cost nothing," and "provided superior benefits." Cons.Compl. at ¶¶ 2.50-59. The consumers claim that AOL knew these representations were false because AOL chose to distribute its 5.0 version disks to consumers despite its knowledge that the program included substantial bugs. Cons. Compl. at ¶¶ 60, 61, 81, 82.

According to the complaint by installing AOL 5.0 into their computers, consumers unknowingly have exposed and continue to expose their computer systems and software to a defectively designed and/or unreasonably dangerous software installation process that "changes" the host system's communications configuration and settings so as to interfere with any non-AOL communications and software services. Cons. Compl. at ¶ 62. AOL 5.0 allegedly causes three kinds of damage to computers. First, AOL 5.0 cuts off non-AOL Internet access. That is, after installing AOL 5.0, many consumers report that they no longer can connect to other ISPs they are using or might want to use in the future. Cons.Compl. at ¶¶ 58-74. Second, AOL 5.0 disrupts consumers' local area network. Third, the program causes instability in consumers' computer systems and applications and; as a result causes computer systems to crash. Despite all of these problems, AOL has failed to remedy consumers' complaints or to fix its software. Cons.Compl. at ¶ 91.

B. Galaxy's Complaint

The following facts are derived from Galaxy's complaint.

Like AOL, Galaxy is an ISP that charges a fee for the service of providing Internet access. As ISPs, Galaxy and AOL typically offer other services besides dial-up to the Internet, such as e-mail, web hosting, domain name service, and proprietary online service. Computer users may utilize the services of more than one ISP at any given time. Gal. Compl. at ¶¶ 6-8. Galaxy claims that approximately eight percent of AOL's 22 million subscribers also subscribe to other ISPs. Gal. Compl. at ¶ 8.

The allegations contained in Galaxy's complaint are similar to those made by the consumers. Galaxy also claims that AOL embarked upon a massive marketing campaign to promote its 5.0 program Gal. Compl. at ¶ 12. Although AOL represented to the public that AOL 5.0 was a superior program, Galaxy states that AOL knew these representations were false and that it knowingly distributed its program so as to interfere with any non-AOL communications software and services used by consumers. Gal. Compl. at ¶¶ 13, 14. AOL 5.0 caused changes to the settings and configurations of consumers' computers regardless of whether consumers responded "no" when asked during the installation process of AOL 5.0 if they wanted to make AOL their "default provider." Gal. Compl. at ¶ 14.

Galaxy and other ISPs have received numerous complaints from their subscribers who are also AOL customers. Gal. Compl. at ¶ 15. These subscribers have reported problems in accessing Galaxy and other ISPs services. AOL 5.0's interferences have caused difficulties not only for these consumers, but also for Galaxy and other ISPs who have had to expend technical support costs to diagnose, analyze, and resolve the problems caused by AOL 5.0. Gal. Compl. at ¶ 18.

Standard for Motion to Dismiss

To warrant dismissal of a complaint under Rule 12(b)(6) of the Federal Rules of Civil procedure, it must be "clear that no relief could be granted under any set of facts that could be proved consistent with the allegations." Blackston v. Alabama, 30 F.3d 117, 120 (11th Cir. 1994) (quoting Hishon v. King Spalding, 467 U.S. 69, 73, 104 S.Ct. 2229, 2232, 81 L.Ed.2d 59 (1984)). Determining the propriety of granting a motion to dismiss requires courts to accept all the factual allegations in the complaint as true and to evaluate all inferences derived from those facts in the light most favorable to the plaintiff. See Hunnings v. Texaco, Inc., 29 F.3d 1480, 1483 (11th Cir. 1994). The threshold of sufficiency that a complaint must meet to survive a motion to dismiss is exceedingly low. See Ancata v. Prison Health Svcs. Inc., 769 F.2d 700, 703 (11th Cir. 1985) (citation omitted); Jackam v. Hospital Corp. of America Mideast. Ltd., 800 F.2d 1577, 1579 (11th Cir. 1986). "[U]nless it appears beyond doubt that the plaintiff can prove no set of facts in support of his claim which would entitle him to relief," the complaint should not be dismissed on grounds that it fails to state a claim upon which relief can be granted. M/V Sea Lion V v. Reyes, 23 F.3d 345, 347 (11th Cir. 1994) (citation omitted). Nevertheless, to survive a motion to dismiss, a plaintiff must do more than merely "label" his claims. See Blumel v. Mylander, 919 F.Supp. 423, 425 (M.D.Fla. 1996). Moreover, when on the basis of a dispositive issue of law no construction of the factual allegations will support the cause of action, dismissal of the complaint is appropriate. See Marshall County Bd. of Educ. v. Marshall County Gas Dist., 992 F.2d 1171, 1174 (11th Cir. 1993).

Analysis

I. AOL's Motion to Dismiss the Consumers' Complaint

In support of its motion to dismiss the complaint filed by the consumers, AOL makes two primary arguments. First, it states that by installing AOL 5.0 and agreeing to the terms of the Terms of Service Agreement, the consumers' exclusive remedy became the replacement of defective AOL software. AOL's second argument is that the Computer Fraud and Abuse Act, 18 U.S.C. § 1830, does not apply to this case because AOL's access to consumers' computers was not unauthorized and the damage allegedly caused by AOL 5.0 does not meet the minimum statutory amount. Each of these arguments is addressed in more detail below.

A. Exclusive Remedy Provision

AOL's first argument in support of their motion to dismiss the consumers' complaint is that, by downloading AOL 5.0, the consumers agreed that their only remedy in the event of defective software would be the replacement of the program. AOL contends that in order to install AOL 5.0, the consumers had to consent to the terms of AOL's Terms of Service ("TOS") Agreement by clicking a box marked "I AGREE." The relevant provision under the TOS Agreement states. "[M]ember expressly agrees that the use of AOL, AOL software, and the Internet is at member's sole risk." Def.'s Mtn., Ex. A. With respect to disputes relating to the software, the TOS Agreement provides, "AOL's entire liability and your exclusive remedy . . . shall be the replacement of any AOL software found to be defective." Id. If the consumers have any other dispute, the TOS Agreement states, "[Y]our sole and exclusive remedy . . . is the cancellation of your account as detailed below in Section 7." Id. The TOS Agreement also purports to limit AOL's liability for consequential damages. Id. According to AOL, under Virginia law, these provisions prevent the consumers from seeking punitive damages, compensatory damages, disgorgement, injunctive relief, and attorneys' fees.

AOL contends that this issue must be decided under Virginia law because the TOS Agreement contained a Virginia choice of law provision. The court declines to address the choice of law issue at this time.

AOL's argument is premature as a basis for a motion to dismiss. Contractual limitation of remedies is an affirmative defense, and it is not a ground upon which the consumers' complaint can be dismissed. See Tamiami Partners, Ltd. v. Miccosukee Tribe of Indians of Fla., 177 F.3d 1212, 1220 n. 5 (11th Cir. 1999) (holding that waiver of contractual right to arbitration was affirmative defense that could not be considered as a basis for motion to dismiss). Although the existence of an affirmative defense usually will not support a 12(b)(6) motion, a district court may dismiss a complaint when the complaint's "own allegations indicate the existence of an affirmative defense, so long as the defense clearly appears on the face of the complaint." Fortner v. Thomas, 983 F.2d 1024, 1028 (11th Cir. 1993) (quoting Quiller v. Barclays Am. Credit. Inc., 727 F.2d 1067, 1069 (11th Cir. 1984)).

AOL's allegations that the consumers waived their claims for damages by entering into the TOS Agreement are not supported by the consumers' complaint because the consumers have raised no claims that are based on the TOS Agreement. Their causes of action are based on a federal statute, state statutes, and common law theories of recovery. Even if the complaint contained allegations regarding this issue, it is inappropriate for the court to rule on it at this time as a matter of law because the factual record on this issue has not been developed, and there appear to be disputed issues of fact regarding the TOS Agreement. The parties dispute the circumstances surrounding the execution of the TOS Agreement, whether the damage to the computers was done before or after the TOS Agreement was executed, and whether AOL knew its 5.0 program was defective prior to attempting to limit the consumers' remedies. Because the issue of the consumers' waiver of remedies is more appropriately determined pursuant to a motion for summary judgment, AOL's motion on this point is denied.

While the court concludes that AOL's waiver of remedies argument is premature, it also recognizes that it may be dispositive of this case. As a result, whether the TOS agreement contained a valid exclusive remedy provision is an issue that must be addressed as soon as possible. During oral argument both AOL and the consumers agreed that proper resolution of this issue would require limited merits discovery, but the court's omnibus order of December 4, 2000, which set pretrial procedures, provides that merits discovery shall not begin until September of 2001. This reflects the tension between the court's twin goals of promptly resolving the waiver issue and avoiding the costs that may be incurred by unnecessary discovery.

Following oral argument, during which the court informed the parties that it would require their assistance in finding a resolution to this matter, the parties filed supplemental briefs containing suggestions for crafting a procedure to address the waiver issue. The court has considered the parties' positions and has determined that this matter should be set on an expedited discovery and summary judgment track. Regarding the waiver issue only, the parties shall abide by the following procedures.

1. Within ten days of the entry of this order, AOL and the consumers shall each submit a discovery plan to the court.
2. On Wednesday, May 9, 2001, at 10:00 a.m., the parties shall meet with Magistrate Judge Robert L. Dube to craft a discovery plan that is limited to the waiver issue. Limited discovery on this matter will commence immediately upon the approval of the discovery plan by Magistrate Judge Dube.
3. The discovery and briefing schedule on the waiver issue shall run concurrently with class discovery and certification.
4. By July 17, 2001, AOL shall file a motion for summary judgment on the waiver issue only. By August 17, 2001, the consumers shall file a response to the motion, and AOL, shall file its reply by September 7, 2001.
5. The court will hold oral argument on this motion for summary judgment, along with the motion for class certification, on November 2, 2001.

B. The Computer Fraud and Abuse Act

AOL's second argument seeks to dismiss the consumers' federal claim, which is under the Computer Fraud and Abuse Act ("CFAA"), 18 U.S.C. § 1030. Specifically, the consumers have brought suit under 18 U.S.C. § 1030(a)(5), which states:

(a) Whoever —

. . . .

(5)(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
(B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or
(C) intentionally accesses a protected computer without authorization, and, as a result of such conduct, causes damage;

. . . .

shall be punished as provided in subsection (c) of this section.

Although this statute is designed primarily to punish criminal violations, it recognizes private causes of action for individuals damaged by computer fraud: "Any person who suffers damage or loss by reason of a violation of this section may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief." 18 U.S.C. § 1030(g). AOL seeks to dismiss the consumers' claim by arguing that the CFAA does not apply to the facts of this case.

1. Authorization

As an initial matter, AOL argues that the CFAA claim fails because AOL's access to the consumers' computers was not "without authorization," as required by 18 U.S.C. § 1030. According to AOL, the consumers expressly authorized the installation of AOL 5.0 on their computers. AOL contends that, at most, it exceeded the scope of its authority by distributing defective software, but exceeding the scope of authorization is not a situation that is covered by 18 U.S.C. § 1030(a)(5), the only provision under which the consumers have brought suit.

a. AOL's Position

In support of its argument. AOL states that other provisions under the CFAA specifically provide for access "without authorization" and access that "exceeds" authorization. These provisions are: § 1030(a)(1), which states, "having knowingly accessed a computer without authorization or exceeding authorized access . . ."; § 1030(a)(2), which states, "intentionally accesses a computer without authorization or exceeds authorized access . . ."; and § 1030(a)(4), which states, "knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access . . ." In contrast, § 1030(a)(5), the provision under which the consumers have brought suit, only states, "causes damage without authorization . . .". AOL argues that, if Congress had intended to include instances where a defendant exceeds authorized access in § 1030(a)(5), it would have included the "exceeding authorized access" language in the provision, as it did in other sections of the CFAA. The consumers counter that the term "authorize", as used in the CFAA, must be read broadly enough so as to encompass AOL's actions.

b. Principles of Statutory Construction

Determining whether §§ 1030(a)(5)(A)(C) provide a basis for the consumers' CFAA claim requires an interpretation of the phrases "authorize" and "exceeds authorization" and the significance of the latter phrase's absence from the subsections in question. Canons of statutory construction must guide this interpretation. As stated by the Eleventh Circuit, the starting point for all statutory interpretation is the language of the statute itself. See Harris v. Garner, 216 F.3d 970 (11th Cir. 2000). A court must assume that Congress used the words in a statute as they are commonly and ordinarily understood, and if the statutory language is clear, no further inquiry is necessary. See id. In examining the pertinent statutory language, a court cannot look at a word or term in isolation, it must look at the entire statutory context and scheme. See Federal Reserve Bank of Atlanta v. Thomas, 220 F.3d 1235, 1239 (11th Cir. 2000) (citations omitted). If the statutory language is ambiguous, a court may examine extrinsic materials, including legislative history, to determine Congressional intent. See id.; see also Dowling v. United States, 473 U.S. 207, 213, 105 S.Ct. 3127, 3131, 87 L.Ed.2d 152 (1985) ("[W]hen assessing the reach of a federal criminal statute, we must pay close heed to the language, legislative history, and purpose in order to strictly determine the scope of the conduct the enactment forbids. . . ."); Iraola CIA. S.A. v. Kimberly-Clark Corp., J.N., 232 F.3d 854, 857 (11th Cir. 2000) (discussing statutory interpretation); Shaw v. Toshiba Am. Info. Sys., Inc., 91 F.Supp.2d 926, 931 (E.D.Tex. 1999) (engaging in statutory construction of CFAA). In this case, the language at issue in 18 U.S.C. § 1030(a)(5)(A)-(C) is clear. Thus, fidelity to the plain meaning of the provisions is warranted.

c. The Statutory Language Is Clear

Subsection 1030(e)(6) of Title 18 defines the term "exceeds authorized access" to mean "to access a computer with authorization and to use such access to obtain or alter information in the computer that the accessor is not entitled to obtain or alter." By including this term within the definitional section of the CFAA, Congress has indicated that the term has a specific meaning within the statutory scheme. Furthermore, Congress excluded the term "exceeds authorized access" from the provisions under which the consumers bring their claim and created liability under 18 U.S.C. § 1030(a)(5) only when a person "intentionally causes damage without authorization" (§ 1030(a)(5)(A)) or when a person "intentionally accesses a protected computer without authorization" (§ 1030(a)(5)(B), (C)). AOL validly compares the silence of § 1030(a)(5) with Congress' affirmative use of "exceeds authorized access" in other provisions, such as § 1030(a)(1), which states, "having knowingly accessed a computer without authorization or exceeding authorized access.. ."; § 1030(a)(2), which states, "intentionally accesses a computer without authorization or exceeds authorized access . . ."; and § 1030(a)(4), which states, "knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access . . ." (emphasis added.) When Congress excluded the phrase "exceeds authorized access" from §§ 1030(a)(5)(A)-(C), it expressed its intent to exclude the situations covered by the term from the provision in question. See Gozlon-Peretz v. United States, 498 U.S. 395, 404, 111 S.Ct. 840, 846-47, 112 L.Ed.2d 919 (1991) ("[W]here Congress includes particular language in one section of a statute but omits it in another section of the same Act, it is generally presumed that Congress acts intentionally and purposely in the disparate inclusion or exclusion.") (quoting Russello v. United States, 464 U.S. 16, 23, 104 S.Ct. 296, 300, 78 L.Ed.2d 17 (1983)). However, this does not mean that the consumers' claims must be invalidated automatically. As discussed in the following subsection, there is other language in § 1030(a)(5)(A) that directly supports the consumers' claim.

d. Do §§ 1030(a)(5)(A)-(C) Support the Consumers' Claims?

If the factual scenarios that are included by the phrase "exceeds authorized access" are excluded from §§ 1030(a)(5)(A)-(C), the next question that arises is what circumstances are covered by the provisions at issue.

§§ 1030(a)(5)(B)-(C): As written, the term "without authorization" in §§ 1030(a)(5)(B) and (C) directly modifies "accesses." These provisions clearly contemplate a situation where an outsider, or someone without authorization, accesses a computer. Although the statutory language is not ambiguous, the court can look to the CFAA's legislative history to reinforce this conclusion. In discussing the current version of the CFAA, the Senate Report provides:

Subsection 1030(a)(5)(B) would penalize, with a fine and up to 5 years' imprisonment, anyone who intentionally accesses a protected computer without authorization and, as a result of that trespass, recklessly causes damage. This would cover outsiders hackers into a computer who recklessly cause damage. Finally, subsection 1030(a)(5)(C) would impose a misdemeanor penalty, of a fine and up to 1 year imprisonment, for intentionally accessing a protected computer without authorization and, as a result of that trespass, causing damage. This would cover outside hackers into a computer who negligently or accidentally cause damage. . . . [O]utside hackers who break into a computer could be punished for any intentional, reckless, or other damage they cause by their trespass.

S. Rep. 104-357, at 11. Aug. 27, 1996 (emphasis added). This reinforces the conclusion that §§ 1030(a)(5)(B) and (C) are intended to apply to outsiders who access a computer. This situation does not exist here, where AOL acted as an insider when it was allowed to access the consumers' computers when the consumers downloaded the 5.0 program. Accordingly, the consumers cannot state a claim under §§ 1030(a)(5)(B)-(C).

Borrowing from the common law definition of trespass, the consumers argue that AOL became liable under the CFAA because it exceeded any authority it may have had to access their computers when it knowingly transmitted the damaging components of 5.0. The consumers contend that, insofar as the CFAA is similar to the common law crime of trespass, the court must assume that Congress meant to include situations of exceeded access when it used the phrase "access without authorization." See Crowell v. Florida Power Corp., 438 So.2d 958, 959 (Fla. 2d DCA 1983) (stating that one who exceeds scope of implied consent can be liable for trespass); Boston Manuf. Mutual Ins. Co. v. Fornalksi, 234 So.2d 386, 387 (Fla. 4th DCA 1970) (stating that scope of implied consent is limited to what is reasonable). This argument is without merit because "[t]he canon of imputing common-law meaning applies only when Congress makes use of a statutory term with established meaning at common law. . . ." Carter v. United States, 530 U.S. 255, 264, 120 S.Ct. 2159, 2166, 147 L.Ed.2d 203 (2000) (holding that common law meaning of "robbery" and "larceny" could not be implied into statute that spelled out elements of similar crime). The statute at issue in this case, the CFAA, does not contain the common law term "trespass." Additionally, "exceeds authorized access" is specifically defined in the CFAA. Accordingly, the "cluster of ideas" associated with common law "trespass" cannot be imported into the CFAA. See Carter, 530 U.S. at 265, 120 S.Ct. at 2166.

§ 1030(a)(5)(A): Unlike §§ 1030(a)(5)(B) and (C), in which "accesses" is modified by "without authorization", "without authorization" is used in § 1030(a)(5)(A) to modify "causes damage." This difference indicates that Congress did not intend § 1030(a)(5)(A) to apply only to outsiders who lack authorization. Again, the legislative history reinforces this conclusion,

Specifically, as amended, subsection 1030(a)(5)(A) would penalize, with a fine and up to 5 years' imprisonment, anyone who knowingly causes the transmission of a program, information, code or command and intentionally causes damage to a protected computer. This would cover anyone who intentionally damages a computer, regardless of whether they were an outsider or an insider otherwise authorized to access the computer. . . . In sum, under [subsection 1030(a)(5)(A)], insiders, who are authorized to access a computer, face criminal liability only if they intend to cause damage to the computer, not for recklessly or negligently causing damage.

S. Rep. 104-357, at 11, Aug. 27, 1996 (emphasis added).

The allegations of the consumers' complaint do not fail to state a claim under § 1030(a)(5)(A) simply because "exceeds authorized access" is not included within the provision. A plain reading of the provision and its legislative history demonstrates that § 1030(a)(5)(A) applies to the facts of this case. As an insider, or a person authorized to access the consumers' computer via the installation process of AOL 5.0, AOL allegedly has transmitted damaging information through its 5.0 program. Other courts have upheld plaintiffs' claims under similar facts. See, e.g., Shaw v. Toshiba Am. Info. Sys., Inc., 91 F.Supp.2d 926 (E.D.Tex. 1999) (denying defendant's motion for summary judgment on § 1030(a)(5)(A) claim where defendants designed floppy disk controllers that would store corrupt data or destroy data); North Texas Preventive Imaging, L.L.C. v. Eisenberg, 1996 WL 1359212, No. SA CV 96-71AHS (C.D.Cal. Aug. 19, 1996) (finding that plaintiff had stated claim under § 1030(a)(5)(A) where disk manufacturer had provided plaintiff with defective disks that were programed to render software inoperable on a specific date). As long as the consumers can otherwise satisfy the CFAA's remaining pleading requirements, their claim under § 1030(a)(5)(A) will not be dismissed.

2. Amount of Damages

AOL also contends that its actions are outside the scope of 18 U.S.C. § 1030(a)(5) because the consumers cannot establish the requisite amount of statutory damages. According to AOL, the provisions under which the consumers have brought suit are limited to cases where damage causes at least $5,000 in losses to "a protected computer," not an aggregate of computers. Again, AOL relies, not on case law, but a narrow interpretation of 18 U.S.C. § 1030(a)(5), which provides:

(a) Whoever-

. . . .

(5)(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
(B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or
(C) intentionally accesses a protected computer without authorization, and, as a result of such conduct, causes damage;

. . . .

shall be punished as provided in subsection (c) of this section.
18 U.S.C. § 1030(a)(5) (emphasis added).

The consumers, on the other hand, rely on 18 U.S.C. § 1030(e)(8), the definition section of the CFAA, which explicitly provides for aggregation and defines "damage" as "any impairment to the integrity or availability of data, a program, a system, or information that-(A) causes loss aggregating at least $5,000 in value during any 1-year period to one or more individuals." (emphasis added).

The parties' dispute whether the $5,000 in damage must be to a single computer or whether the $5,000 can be established as a sum of the injuries to various individuals. The phrasing of § 1030(a)(5), particularly subsection (A), is susceptible to either AOL's or the consumers' interpretation of the statute. The source of confusion is the dangling participle "to a protected computer," which appears in § 1030(a)(5)(A). See Young v. Community Nutrition Inst., 476 U.S. 974, 980, 106 S.Ct. 2360, 2364, 90 L.Ed.2d 959 (1986) ("As enemies of the dangling participle well know, the English language does not always force a writer to specify which of two possible objects is the one to which a modifying phrase relates."). The grammatical position of the phrase creates uncertainty as to whether the offender must knowingly cause the transmission of a program, information, code, or command to a protected computer; whether the offender must intentionally cause damage to a protected computer; or whether there must be a lack of authorization to a protected computer. The meaning of "to a protected computer" is subject to even further scrutiny because the definition of the term "a" is not entirely clear. Resort to a dictionary shows that there are multiple meanings for the word "a", which can be used to mean "one" or "any". See The American Heritage Dictionary (1989) (defining "a" as: "1. One; I didn't say a word. 2. Any; A dog is a four-legged animal."); The American Heritage College Dictionary (3d ed.) (defining "a" as: "1. Used before nouns and noun phrases that denote a single but unspecified person or thing; a region. 2. Used before terms that denote number, amount, quantity or degree; only a few voters. . . ."). AOL's position is consistent with the definition of "a" as "one," and the consumers' position is consistent with "a" as "any" Because Congress' intent behind the use of the term "to a protected computer" is ambiguous, resort to legislative history is proper. See Young, 476 U.S. at 980, 106 S.Ct. at 2364 (finding that use of dangling participle within statutory provision rendered statute ambiguous).

At best, AOL's argument can be made only with regards to § 1030(a)(5)(A), which is the only provision from which it can be implied that "damage" must be to "a protected computer." Subsections 1030(a)(5)(B) and (C) do not state that "damage" must be to "a protected computer." Instead, they provide that "access" must be to "a protected computer," and they do not qualify the term "damage" with any limitations.

AOL does not take into account the uncertainty that arises from Congress' placement of the phrase "to a protected computer" within § 1030(a)(5). As a result, its argument proceeds from the premise that the statutory language is unambiguous. AOL cites to two cases in support of its argument that Congress' intent as to the damages threshold is clear. In Thurmond v. Compaq Comp. Corp., No. 1:99-CV-0711 (TH/WR) (E.D.Tex. Mar. 15, 2001), a Texas district court held that the $5,000 aggregated loss must be to no more than one computer. A district court in New York arrived at the same result in In re Doubleclick, Inc., Privacy Litig., 154 F.Supp.2d 497 (S.D.N.Y. 2001), where it found, without significant analysis, that the CFAA requires at least $5,000 in damage to a particular computer. The Thurmond court stated that damages could not be aggregated amongst individual plaintiffs because no class had yet been certified. It also relied on Attorney General Janet Reno's statement that "we may need to strengthen the Computer Fraud and Abuse Act by closing a loophole that allows computer hacker who have cause a large amount of damage to a network of computers to escape punishment if no individual computer sustained over $5,000 worth of damage." Thurmond, at 21.

The cases cited by AOL are unpersuasive for several reasons. It is important to note that neither Thurmond nor Doubleclick are binding precedent within this Circuit. Moreover, their precedent did not allow them to aggregate damages until the classes had been certified. In the Eleventh Circuit, the rule is opposite, for a case is treated as a class action until certification is denied. See Smith v. GTE Corp., 236 F.3d 1292, 1304 n. 12 (11th Cir. 2001) citing Morrison v. Allstate Indem. Co., 228 F.3d 1255, 1263 n. 7 (11th Cir. 2000). Most importantly, in Thurmond and Doubleclick, the courts found the statutory language to be clear, ignored the comma that precedes "to a protected computer," and overlooked the fact that the phrase was a dangling participle. Although Thurmond found the language to be unambiguous, it nevertheless cited to "legislative history" to support its finding. In truth, the court did not rely on legislative history. Instead, it looked to the Attorney General's statements, which are not a reliable indication of what both Houses of Congress intended when they adopted the statutory language in question.

The legislative history of the CFAA actually contravenes AOL's argument that Congress intended for damage to be measured by only one computer. In fact, the predecessor versions of the CFAA make it clear that damage is to be measured as it stems from one act, not a single computer, and thereby affects several individuals. The Senate Report to the 1986 amendments provides:

The Committee does not intend that every victim of acts proscribed under (a)(5) must individually suffer a loss of $1,000. Certain types of malicious mischief may cause smaller amounts of damage to numerous individuals, and thereby collectively create a loss of more than $1,000. By using "one or more others," the Committee intends to make clear that losses caused by the same act may be aggregated for purposes of meeting the $1,000 threshold.

The current version of the CFAA sets this amount at $5,000.

S. Rep. No. 99-474, 99th Cong. 2nd Sess., U.S. Code Cong. Admin.News 1986, at p. 2483, Oct. 6, 1986. Furthermore, the CFAA has been increasingly broadened by Congress. Consumers who use computers for residential purposes are among those the CFAA seeks to protect. A Senate Report states, "As computers continue to proliferate in businesses and homes, and new forms of computer crimes emerge, Congress must remain vigilant to ensure that the Computer Fraud and Abuse statute is up-to-date and provides law enforcement with the necessary framework to fight computer crime." S. Report, 104-357, at 5 (1996) (emphasis added). If the court were to interpret 18 U.S.C. § 1030 as requiring each home user to sustain more than $5,000 in damages, the home user never would be protected because $5,000 is far more than the average price of a home computer system.

Congress' intent to aggregate losses stemming from a single act eventually was codified in the definitions section of the CFAA. See 18 U.S.C. § 1030(c)(8)(A) (defining "damage" as "any impairment to the integrity or availability of data, a program, a system, or information that . . . causes loss aggregating at least $5,000 in value during any 1-year period to one or more individuals"). That the CFAA specifically defines damage in terms of aggregation lends further support to the consumers' position that their injuries can be aggregated to meet the $5,000 threshold. See Florida Dept. of Banking and Fin. v. Board of Gov. of the Fed. Reserve Sys., 800 F.2d 1534, 1536 (11th Cir. 1986) ("It is an elementary precept of statutory construction that the definitional section of a statute controls the construction of that term wherever it appears throughout the statute.").

AOL's interpretation of the dangling participle, "to a protected computer," would lead to the absurd result that a party who accesses one computer without authorization, and thereby causes $5,000 worth of damage to that one computer, would be guilty of violating the CFAA and, therefore, civilly liable. On the other band, a party who accesses millions of computers and causes only $100 worth of damage to each computer would not be guilty of violating the CFAA. The latter situation was avoided by the court in Shaw v. Toshiba America Information Systems, Inc., 91 F.Supp.2d 926 (E.D.Tex. 1999), when it denied software manufacturers' motions for summary judgment and allowed a class action by purchasers of defective laptop computers that were storing corrupt data. See also United States v. Morris, 928 F.2d 504, 506 (2d Cir. 1991) (affirming 18 U.S.C. § 1030(a)(5) conviction of defendant who caused damage to several computers, where estimated cost of dealing with damage ranged from $200 to $53,000 at each computer installation). Unlike the consumers, AOL has provided the court with no legislative history or case law that interprets 18 U.S.C. § 1030(a)(5) narrowly enough so as to allow claims for only one affected computer.

As discussed above, statements made by the Attorney General are not a persuasive indication of what Congress intended when it adopted the CFAA.

Notwithstanding the rejection of AOL's position, the court notes that the consumers' complaint fails to sufficiently allege that individuals have suffered aggregate harm in the amount of $5,000. The consumers have stated, "Such impairment has and will cause loss aggregating to at least $5,000 in value in any one year period to one or more individuals." Cons.Compl. at ¶ 102. This allegation is insufficient because it does not specify who has suffered the loss. Was it individuals inside the class, outside the class, or named representatives? Because the consumers have failed to plead this element under the CFAA, their complaint is dismissed without prejudice.

II. AOL's Motion to Dismiss Galaxy's Complaint

AOL has filed a motion to dismiss all six counts of Galaxy's complaint. In response to this motion. Galaxy voluntarily dismissed counts II and IV and narrowed the scope of count III. Galaxy, however, contests AOL's arguments as to counts I, III, V, VI, and VII.

A. Attempted Monopolization

Count I of Galaxy's complaint is for attempted monopolization in violation of the Sherman Act, 15 U.S.C. § 2. In order to establish the offense of attempted monopolization, a plaintiff must show that: (1) the defendant possessed the specific intent to achieve monopoly power by predatory or exclusionary conduct; (2) the defendant in fact committed such anticompetitive conduct; and (3) there existed a dangerous probability that the defendant might have succeeded in its attempt to achieve monopoly power. See U.S. Anchor Mfg., Inc. v. Rule Indus., Inc., 7 F.3d 986, 993 (11th Cir. 1993) (citing Spectrum Sports, Inc. v. McQuillan, 506 U.S. 447, 455, 113 S.Ct. 884, 890, 122 L.Ed.2d 247 (1993)). The attempted monopolization must occur in a "relevant market," which is defined by both product and geographic dimensions. See T. Harris Young Assoc., Inc. v. Marquette Elec., Inc., 931 F.2d 816, 823 (11th Cir. 1991). AOL seeks to dismiss Galaxy's complaint by arguing that Galaxy has failed to: (1) define the relevant market in its complaint and (2) allege that there exists a dangerous probability of actual monopolization of the relevant market by AOL.

This provision states:

Every person who shall monopolize, or attempt to monopolize, or combine or conspire with any other person or persons, to monopolize any part of the trade or commerce among the several States, or with foreign nations, shall be deemed guilty of a felony, and, on conviction thereof, shall be punished by fine not exceeding $10,000,000 if a corporation, or, if any other person, $350,000, or by imprisonment not exceeding three years, or by both said punishments, in the discretion of the court.
15 U.S.C. § 2.

1. Relevant Market

Although "the definition of the relevant market is essentially a factual question," Aventura Cable Corp. v. Rifkin/Narragansett South Florida CATV, 941 F.Supp. 1189, 1193 (S.D.Fla. 1996), dismissal of an attempted monopolization claim is proper under Federal Rule of Civil Procedure 12(b)(6) if the description of the relevant market is legally insufficient. See Queen City Pizza, Inc. v. Domino's Pizza, Inc., 124 F.3d 430, 436-37 (3d Cir. 1997) (dismissing complaint where plaintiff failed to adequately describe relevant market); see also Elliott v. United Center, 126 F.3d 1003, 1004 (7th Cir. 1997) (dismissing complaint where relevant market was not subject to § 2 strictures). In its complaint, Galaxy has defined the relevant market only as the "Internet Service Market" Gal. Compl. at ¶ 27. Although the complaint repeatedly refers to the Internet Service Market, nowhere is the term defined in terms of product or geographic scope. Galaxy has not specified which aspects of the Internet Service Market AOL is attempting to monopolize. In fact, the complaint describes different markets for ISPs, such as "dial-up access to the internet, email services and possibly other services, such as web hosting, domain name service and proprietary online services available only to subscribers." Gal. Compl. at ¶ 6. Additionally, Galaxy has not described the geographic scope of the relevant market. Because Galaxy is a Massachusetts corporation, its allegations may pertain only to the Massachusetts market, the states where Galaxy provides dial-up Internet services, or the entire United States. Galaxy's failure to allege either the product or geographic market in the complaint is fatal to its claims. See Aquatherm Indus., Inc. v. Florida Power Light Co., 971 F.Supp. 1419, 1426 (M.D.Fla. 1997) (dismissing attempted monopolization claim where plaintiff failed to adequately allege relevant market). As such, count I of Galaxy's complaint is dismissed without prejudice.

Although Galaxy does not allege this in its complaint, AOL contends that Galaxy provides dial-up Internet service to customers in Connecticut, Delaware, Georgia, Massachusetts, Maryland, New Hampshire, New Jersey, New York, Pennsylvania, Rhode Island, Virginia, and Washington, D.C. See AOL Mtn. to Dismiss at 3.

2. Dangerous Probability of Actual Monopolization

Even if Galaxy had defined the relevant market adequately, dismissal of its complaint still would be proper because Galaxy has failed to allege that there exists a dangerous probability of actual monopolization by AOL. It is not enough, as Galaxy contends, for a court to infer that there exists a dangerous probability of actual monopolization. This element must be alleged specifically in a plaintiff's complaint. See Aquatherm Indus., Inc., 971 F.Supp. at 1427 (stating that failure to allege element is fatal to attempted monopolization claim); Forum Publ., Inc. v. P.T. Publ., Inc., 700 F.Supp. 236, 243 (E.D.Pa. 1988) (dismissing attempted monopolization claim where plaintiff failed to allege that defendant's activities enjoyed "a dangerous probability of success"). Additionally, there must be some allegation from which a court could conclude that the defendant is likely to succeed in monopolizing the market. See Dial A Car, Inc. v. Transportation, Inc., 82 F.3d 484, 487 (D.C. Cir. 1996) (affirming dismissal of complaint where defendant failed to allege facts supporting claim that defendants probably would achieve monopoly power). In this case, this requirement would be satisfied, for example, by an allegation that AOL controls a significant percentage of the relevant market. See Aventura Cable Corp., 941 F.Supp. at 1194 (finding that allegation that defendant controlled 90% of relevant market satisfied requirement that plaintiff allege that defendant probably will achieve monopoly power); Colorado Interstate Gas Co. v. Natural Gas Pipeline Co., 885 F.2d 683, 694 n. 18 (10th Cir. 1989) (noting that courts generally require a minimum market share of between 70% and 80% to indicate that a defendant has monopoly power). Galaxy's complaint is devoid of such an allegation. It states only that AOL has 22 million subscribers and that there are 7,200 ISPs in the United States. See Gal. Compl. at ¶¶ 6, 8. The court cannot conclude from these statements that AOL is dangerously close to monopolizing the ISPs market. In fact, these allegations tend to negate the possibility that AOL will achieve a monopoly. Because Galaxy also has failed to satisfy this pleading requirement, Count I of its complaint is dismissed without prejudice.

B. Consumer Fraud and Abuse Act

Like the consumers, Galaxy has brought a claim under the CFAA, 18 U.S.C. § 1030. In its complaint, Galaxy asserted claims under 18 U.S.C. §§ 1030(a)(4) and 1030(a), (5)(A)-(C), but, in response to AOL's motion to dismiss, Galaxy has dismissed its claims under § 1030(a)(5)(A)-(B). Only the claims under §§ 1030(a)(4) and 1030(a)(5)(C) remain for consideration on AOL's motion to dismiss.

1. Standing

As an initial matter, AOL contends that Galaxy lacks standing to sue under the CFAA. According to AOL, Galaxy has asserted only damage to its subscribers' computers, and, because any resulting injury to Galaxy is indirect at best, Galaxy falls outside the scope of the CFAA. In response, Galaxy argues that its damages are distinct from those of its subscribers. While the consumers have alleged damage to their computers, Galaxy claims that its damages are based on AOL's interference with Galaxy's relationships with existing and prospective subscribers and the increased time spent by Galaxy technical support personnel in dealing with AOL 5.0 problems. See Gal. Compl. at ¶ 18.

As discussed in subsection I, A. 1 of this order, the CFAA, a primarily criminal statute, provides a private cause of action for "[a]ny person who suffers damage or loss by reason of a violation" of any section of the CFAA. 18 U.S.C. § 1030(g). Only one circuit has faced the issue of whether the CFAA encompasses injuries to business entities, and it has answered this question in the affirmative. In United States v. Middleton, 231 F.3d 1207 (9th Cir. 2000), the defendant contended that it could not be prosecuted under the CFAA because the damage he had caused was to an ISP, not a natural person. The court rejected this argument and held that the CFAA is broad enough to include computer crime that damages natural persons and corporations alike. Id. at 1211. The court stated, "It is highly unlikely, in view of Congress' purpose to stop damage to computers used in interstate and foreign commerce and communication, that Congress intended to criminalize damage to such computers only if the damage is to a natural person." Id. As in this case, the alleged damage to the ISP included the costs of the time spent by the ISP's technical support personnel in dealing with the problems caused by the defendant. See id. at 1213-14. The court reviewed the CFAA's legislative history and concluded that Congress' consideration of the time and resources a corporation's system administrator devotes to fixing a computer problem illustrates that Congress did not intend to limit the CFAA to damage to natural persons. Id. at 1212 (discussing 1996 Senate Report).

Other courts implicitly have recognized that corporations including ISPs, have standing to bring private causes of action under the CFAA. See, e.g., Register.com, Inc. v. Verio, Inc., 126 F.Supp.2d 238 (S.D.N.Y. 2000) (granting preliminary injunction where defendant solicited ISP's customers); Hotmail Corp. v. Van $Money Pie, Inc., 1998 WL 388389, No. C-98 JW PVT ENE (N.D.Cal. Apr. 16, 1998) (granting preliminary injunction where defendant inundated e-mail provider's customers with unsolicited e-mails, where those e-mails adversely affected provider's customers and resulted in significant time and costs to repair damage); Cyber Promotions, Inc. v. AOL, Inc., 948 F.Supp. 436 (E.D.Pa. 1996) (granting temporary restraining order where defendant sent unsolicited e-mail advertisements to ISP's subscribers).

Of these cases, Register.com is the most similar to the one at bar. In Register.com, the defendant utilized a search robot to access the plaintiff's database, collected customer names, and bombarded those customers with unsolicited advertisements. See Register.com, 126 F.Supp.2d at 243. The court recognized that the defendant's actions were a marketing ploy. Id. at 253. Although it was the plaintiff's customers who were receiving the e-mail and telephone solicitations, the court recognized that the plaintiff had a cause of action under the CFAA. Id. As in the instant case, where customers have been unable to access Galaxy or other ISPs because of AOL 5.0's problems, the defendant's actions in Register.com resulted in the plaintiff's diminished server capacity and potential system shutdowns. Id. at 251. The court recognized that these technical problems, as well as "lost good will based on adverse customer reactions," constituted damage under the CFAA. Id. In light of the cases that have allowed corporations to proceed under the CFAA for losses due to time and resources spent by technical support staff, loss of goodwill, and interference with customers, there simply is no basis from which to conclude that Galaxy lacks standing to bring its CFAA claim.

Interestingly, AOL itself has used the CFAA to assert claims against other corporations or individuals that have interfered with their customers. See, e.g., America Online, Inc. v. LCGM, Inc., 46 F.Supp.2d 444, 448 (E.D.Va. 1998) (finding that defendant's bulk solicitation of AOL customers through e-mail was actionable); Cyber Promotions, Inc. v. America Online, Inc., 948 F.Supp. 436, 437 (E.D.Pa. 1996) (granting temporary restraining order where defendant sent unsolicited e-mail advertisements to ISP's subscribers). AOL attempts to distinguish these cases from the one at bar by stating that its claims in other courts involved defendants' access to AOL's own computers, while, in this case, AOL has not accessed Galaxy's computers. AOL overlooks the fact that in the above-cited cases, its own systems were not the only ones affected AOL never would have brought those actions if their customers were not complaining about the interferences with their own systems. Moreover, Galaxy has alleged interference with its own systems. Galaxy contends that AOL "disrupted and interfered with existing and potential subscribers' ability to access the services provided by" Galaxy. Gal. Compl. at pp. 1-2. Galaxy also has stated that:

downloading 5.0 unnecessarily "changes" the host system's configuration and settings so as to interfere with any non-AOL communications software and services the customer might be using or might want to use in the future, including the software and services provided by Plaintiff and members of the Class. Thus, after installing AOL 5.0, users were no longer able to connect to other ISPs, including the Plaintiff and the Class, and were no longer able to run non-AOL e-mail programs, including those offered by the Plaintiff and the Class.

Gal. Compl. at ¶ 14. In effect, Galaxy has alleged that AOL 5.0 does not allow Galaxy or other ISPs to continue providing services to their customers. These allegations are similar to AOL's claims in the above-cited cases that the defendants' actions affected their ability to provide efficient service to their customers. Moreover, in these cases, AOL was not alleging damage only to its computers. It also claimed that the defendants' actions "injured AOL by . . . causing AOL to incur technical costs, impairing the functioning of AOL's e-mail system. . . . damaging AOL's goodwill with its members, and causing AOL to lose customers and revenue." America Online, Inc., 46 F.Supp.2d at 449.

AOL bases much of its standing argument on causation principles of tort law. It contends that Galaxy's injuries are outside the "zone of interests" sought to be protected by the CFAA. As already discussed, other courts have implicitly recognized the right of an ISP to sue under the CFAA for injuries of the type involved here. AOL's causation arguments are particularly inapplicable to this case because, as a criminal statute, the CFAA's scope is expansive. In Shaw v. Toshiba Am. Information Sys., Inc., 91 F.Supp.2d 926 (E.D.Tex. 1999), the court analyzed causation under the CFAA. Although Shaw was a civil case, the court observed that the CFAA was a criminal statute and that "[i]t is a general principle of causation in criminal law that an individual (with the necessary intent) may be held liable if he is a cause in fact of the criminal violation, even though the result which the law condemns is achieved through the actions of innocent intermediaries." Id. at 940 (citations omitted). The court added, "An intervening act, tortious or criminal, will insulate a defendant from liability only when the defendant could not have reasonably anticipated the subsequent act." Id. This discussion is significant because it means that AOL cannot successfully argue that Galaxy's injuries are too remote. AOL reasonably could have anticipated that its 5.0 program may have made it impossible for ISPs such as Galaxy to service their customers because 5.0 had a tendency to damage the software programs run by non-AOL ISPs. If these ISPs' programs were damaged, it also was foreseeable that the ISPs would lose goodwill and have to devote a considerable amount of resources to attempting to remedy the problems caused by AOL 5.0. Under these circumstances, the court finds that Galaxy has standing to bring its CFAA claims. Accordingly, AOL's motion to dismiss count III on these grounds is denied.

2. Authorization and Damages

AOL also seeks to dismiss Galaxy's claim under 18 U.S.C. § 1030(a)(5)(C) on the same grounds it asserted against the consumers' complaint. That is, AOL argues that it was authorized to access the customers' computers and that Galaxy cannot meet the requisite amount of statutory damages. For the reasons discussed in subsections I, A, 1 and 2 of this order, AOL's motion to dismiss on these grounds is granted. 3. 18 U.S.C. § 1030(a)(4)

The only viable CFAA claim asserted by the consumers is under 18 U.S.C. § 1030(a)(5)(A), but Galaxy has withdrawn its claim under this provision.

Galaxy also has asserted its CFAA claim pursuant to 18 U.S.C. § 1030(a)(4). Under this provision, anyone who "knowingly and with intent to defraud, accesses a protected computer without authorization or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value" can be held liable. 18 U.S.C. § 1030(a)(4) (emphasis added). According to AOL, Galaxy cannot bring a claim under this provision because it has not pled that AOL deprived it of "anything of value." In response, Galaxy claims that it was deprived of its subscribers' "custom and trade" and that this interest constitutes a thing "of value." Gal. Compl at ¶ 37.

The case primarily relied upon by AOL does not support its argument. In United States v. Czubinski, 106 F.3d 1069 (1st Cir. 1997), the court held that the defendant could not be convicted under § 1030(a)(4) because it had not obtained anything of value from his victim. The defendant in Czubinski had retrieved taxpayer return information, but the court found that the defendant did not intend to use this information for "anything more than to satisfy idle curiosity." Id. at 1078. The court added, "[T]he thing obtained may not merely be the unauthorized use. It is the showing of some additional end to which the unauthorized access is a means that is lacking here." Id. In contrast to the Czubinski defendant. AOL allegedly has been motivated by more than the mere satisfaction of its curiosity. AOL's alleged end is to obtain a monopoly, or at least to secure its stronghold, as an ISP. According to Galaxy's complaint, AOL has utilized its 5.0 program to forcibly alienate other ISPs' existing or potential customers and to damage their goodwill, and it is the customers and goodwill that Galaxy claims are its items of value.

Although the typical item of value in CFAA cases is usually data, in other areas of the law, customers have been found to be a thing of value. See Newark Morning Ledger Co. v. United States, 507 U.S. 546, 568-70, 113 S.Ct. 1670, 1681-82, 123 L.Ed.2d 288 (1993) (finding that paid subscribers to newspaper constituted depreciable asset). Particularly relevant to this case is the recognition that damage to an ISP's goodwill and reputation is actionable under the CFAA or cognizable as a property interest. See America Online, Inc. v. LCGM Inc., 46 F.Supp.2d 444, 450 (E.D.Va. 1998) (finding that loss of reputation and goodwill constituted damages under 18 U.S.C. § 1030(a)(5)); CompuServe, Inc. v. Cyber Promotions, Inc., 962 F.Supp. 1015, 1023 (S.D.Oh. 1997) (finding that damage to plaintiff's businesses reputation and goodwill affected property interest and constituted actionable injury for trespass to chattels claim). Because Galaxy has alleged that AOL's actions have interfered with its relationships with its existing customers and potential subscribers, it has alleged that AOL has obtained something of value within the meaning of 18 U.S.C. § 1030(a)(4). Accordingly, AOL's motion to dismiss is denied as to count III.

C. Unfair Methods of Competition

Count V of Galaxy's complaint is for unfair methods of competition and unfair or deceptive business practices in violation of Massachusetts General Law, chapter 93A § 11. AOL seeks to dismiss this claim by arguing that the statute by its terms, is limited to conduct that "occurred primarily and substantially" in Massachusetts. Section 11 of chapter 93A provides, in part:

No action shall be brought or maintained under this section unless the actions and transactions constituting the alleged unfair method of competition or the unfair or deceptive act or practice occurred primarily and substantially within the commonwealth. For the purposes of this paragraph, the burden of proof shall be upon the person claiming that such transactions and actions did not occur primarily and substantially within the commonwealth.

AOL correctly asserts that to maintain a claim under chapter 93A § 11, a plaintiff must allege that the unfair and deceptive acts occurred "primarily and substantially" in Massachusetts. See Harbourvest Int'l Private Equity Partners II-Direct Fund, L.P. v. Axent Tech., Inc., 2000 WL 1466096 *8, No. 99-2188 (Mass.Super.Aug. 31, 2000) (finding that plaintiff had satisfied requirement); cf Citicorp N. Am., Inc. v. Ogden Martin Sys. of Haverhill, Inc., 8 F.Supp.2d 72, 81 (D.Mass. 1998) (denying motion to dismiss where plaintiff stated sufficient allegations to show conduct occurred primarily in Massachusetts, while recognizing that burden of production remained on defendant). In its complaint, Galaxy has made no such allegation, yet it claims that count V cannot be dismissed because AOL has the burden of proof on this issue. While it is true that, by statute, the defendant must prove that the conduct occurred "primarily and substantially" in Massachusetts, this does not excuse Galaxy from satisfying the pleading requirements. See Kansallis Fin. Ltd. v. Fern, 40 F.3d 476, 481 (1st Cir. 1994) (stating that defendant bears burden of proving lack of primary and substantial involvement in Massachusetts); Harbourvest Int'l, at *8 (same). Accordingly count V of Galaxy's complaint is dismissed without prejudice.

D. Tortious Interference With Contractual Relationships

Count VI of Galaxy's complaint is for tortious interference with existing and prospective contractual relationships. According to AOL, this claim should be dismissed because Galaxy has failed to allege essential elements of the torts. For the reasons discussed below, the court agrees with AOL and finds that Count VI should be dismissed without prejudice.

1. Existing Contractual Relationships

In order to state a claim for tortious interference with existing contractual relationships, a plaintiff must allege: (1) it had a contract with a third party; (2) the defendant knowingly induced the third party to break the contract; (3) the defendant had an improper motive or means for doing so; and (4) it was harmed by such actions. See American Telephone Telegraph Co. v. IMR Cap. Corp., 888 F.Supp. 221, 256 (D.Mass. 1995) (listing elements); Abramian v. President Fellows of Harvard College, 432 Mass. 107, 731 N.E.2d 1075, 1088 (2000) (same). Galaxy's complaint fails to state a claim because it does not indicate how AOL's alleged conduct could have caused Galaxy's subscribers to breach their contract with Galaxy. While the complaint does state that AOL 5.0 made it virtually impossible for Galaxy subscribers to access Galaxy's Internet services, Gal. Compl. at ¶ 50, this allegation does not lead to the conclusion that those subscribers actually breached their agreements with Galaxy. At most, it indicates that AOL 5.0 caused Galaxy to breach its contracts with subscribers by preventing Galaxy from providing its services each time AOL 5.0 shut out other ISP services, but Galaxy must show that third parties breached their contracts with Galaxy, not that Galaxy was the breaching party. See American Telephone and Telegraph Co., 888 F.Supp. at 257 (dismissing claim for tortious interference with contractual relations where plaintiff's allegations indicated only that defendant's actions caused plaintiff to breach contracts with third parties, but gave no indication as to how those third parties were caused to breach their contracts with plaintiff), see also Delmonte v. Laidlaw Envt. Svcs., Inc., 46 F.Supp.2d 89, 97 (D.Mass. 1999) (dismissing claim for tortious interference with contractual relations where plaintiff did not allege that third party was induced to breach contract). This pleading deficiency compels dismissal of Galaxy's claim for tortious interference with contractual relations.

Because this court received Galaxy's case from the District of Massachusetts under a transfer order, it must apply the state law that would have been applied had there been no transfer. See Ferens v. John Deere Co., 494 U.S. 516, 525, 110 S.Ct. 1274, 1280, 108 L.Ed.2d 443 (1990). Both parties have argued the merits of the tortious interference claims under Massachusetts law, and there is no indication that the law of any other state would apply. Accordingly, the court will apply Massachusetts law.

2. Tortious Interference with Prospective Business Relationships

A claim for tortious interference with prospective business relationships requires a plaintiff to plead the following: (1) a business relationship or contemplated contract of economic benefit; (2) the defendant's knowledge of such a relationship; (3) the defendant's intentional and improper interference with it; and (4) the plaintiff's loss of advantage directly resulting from the defendant's conduct. See American Private Line Svcs., Inc. v. Eastern Microwave, Inc., 980 F.2d 33, 36 (1st Cir. 1992) (listing elements); Laser Labs. Inc. v. ETL Testing Labs., Inc., 29 F.Supp.2d 21, 23 (D.Mass. 1998) (same). Galaxy's conclusory statement that AOL "tortiously interfered with existing and prospective contractual relationships" is insufficient to satisfy the first pleading requirement. See Gal. Compl. at ¶ 50.

In order to show that it had a business relationship with third parties, Galaxy must have a "probable future business relationship anticipating a reasonable expectancy of financial benefit." See American Private Line Svcs., 980 F.2d at 36 (finding that plaintiff had satisfactorily shown that it had negotiated in anticipation of future agreement). Galaxy's complaint contains no allegation from which the court could conclude that it reasonably anticipated to enter into future contracts with new subscribers. In Laser Labs, 29 F.Supp.2d at 23, the plaintiff made allegations similar to Galaxy's when it alleged that it had established advantageous business relationships with "several customers." In support of this allegation, the plaintiff offered into evidence advertising flyers it had sent out in mass mailings and a statement that it had received numerous inquiries about its product. Laser Labs, at 23. The court concluded that the plaintiff could not satisfy the first requirement for the tort of interference with prospective relationships, and it stated:

It appears that the plaintiff's theory is that the existence of a potential market for a company's product is sufficient to create a prospective advantageous relationship with each potential customer in that market. Massachusetts does not interpret this tort to reach so far. The plaintiff has not identified any case in which a court applying Massachusetts law has allowed a claim for intentional interference with advantageous business relations where the business relationship said to have been interfered with was as inchoate as alleged here. General inquiries in response to a mass mailing do not create a "prospective business relationship" sufficient to satisfy the first element of this tort.
Laser Labs, at 23-24. Although the court in Laser Labs was reviewing a motion for summary judgment its reasoning is applicable here. Massachusetts requires that the plaintiff show more than the possibility that it had potential customers in the market, but Galaxy has alleged nothing more than this. As such, AOL's motion to dismiss count VI is granted on this issue as well.

Accordingly, it is

ORDERED AND ADJUDGED that:

1. AOL's motion to dismiss the consumers' complaint (DE # 95) is GRANTED IN PART and DENIED IN PART; that is, the consumers' claims under 18 U.S.C. §§ 1030(a)(5)(B)-(C) are dismissed with prejudice, and the claim under 18 U.S.C. § 1030(a)(5)(A) is dismissed without prejudice. The consumers are granted leave to amend their complaint to address the issues specified in subsection I. B of this order. The consumers have ten days from the date of this order to file an amended complaint.
2. AOL's motion to dismiss Galaxy's complaint (DE # 97) is GRANTED IN PART and DENIED IN PART: that is, Galaxy's claim under 18 U.S.C. § 1030(a)(5) is dismissed with prejudice; the claims under 15 U.S.C. § 2, unfair business practices, and tortious interference are dismissed without prejudice; and the claim under 18 U.S.C. § 1030(a)(4) remains. Galaxy has ten days from the date of this order to file an amended complaint.
3. Within ten days from the date of this order, AOL and the consumers shall file their discovery proposals as outlined in subsection I, A of this order.


Summaries of

In re America Online, Inc.

United States District Court, S.D. Florida
Apr 19, 2001
168 F. Supp. 2d 1359 (S.D. Fla. 2001)

concluding that the phrase "without authorization" in the CFAA "contemplate a situation where an outsider, or someone without authorization, accesses a computer"

Summary of this case from Diamond Power Intern., Inc. v. Davidson

denying motion to dismiss and finding that the loss of reputation and goodwill constituted damages under 18 U.S.C. § 1030

Summary of this case from Tracfone Wireless, Inc. v. Simply Wireless, Inc.

dismissing a CFAA claim even if damages can be aggregated across multiple computers because Plaintiff failed to specify individuals who suffered the loss, whether they were individuals within the class, outside the class or named representatives

Summary of this case from Bose v. Interclick, Inc.

looking to legislative history and finding that the phrase "without authorization" in the CFAA "contemplate a situation where an outsider, or someone without authorization, accesses a computer"

Summary of this case from Intern. Ass'n of Machinists v. Werner-Matsuda

dismissing complaint for failing to allege relevant geographic and product market, not for failing to allege interchangeability

Summary of this case from Spanish Broadcasting System, Inc. v. Clear Channel Comm.

observing that the typical item of value in CFAA cases is usually data, in other areas, customers and paid subscribers have been found to be a thing of value

Summary of this case from Ingenix v. Lagalante

setting forth analysis

Summary of this case from U.S. v. Pierre-Louis
Case details for

In re America Online, Inc.

Case Details

Full title:In re AMERICA ONLINE, INC. Version 5.0 Software Litigation

Court:United States District Court, S.D. Florida

Date published: Apr 19, 2001

Citations

168 F. Supp. 2d 1359 (S.D. Fla. 2001)

Citing Cases

Ingenix v. Lagalante

There are two schools of thought, however. This Court considers the rationale set forth in In Re America…

Bowen v. Porsche Cars, N.A., Inc.

In support of its argument that Bowen tacitly authorized the Update, Porsche cites to three clearly…