From Casetext: Smarter Legal Research

Morgan v. Preston

UNITED STATES DISTRICT COURT MIDDLE DISTRICT OF TENNESSEE NASHVILLE DIVISION
Nov 7, 2013
No. 3:13-00403 (M.D. Tenn. Nov. 7, 2013)

Summary

dismissing plaintiff's CFAA claim against defendant spouse who installed spyware on home computer on grounds that plaintiff had failed to sufficiently allege the requisite amount in damages, declining to address multiple additional arguments that the CFAA would not cover the alleged conduct

Summary of this case from Luis v. Zang

Opinion

No. 3:13-00403

11-07-2013

JAMES TAGNEY MORGAN, Plaintiff, v. VAN ASA PRESTON, Defendant.


Judge Brown


MEMORANDUM


I. INTRODUCTION

Plaintiff brought this action under 28 U.S.C. § 1331, alleging violations of 28 U.S.C. §§ 1030, et seq., the Computer Fraud and Abuse Act (CFAA), and 18 U.S.C. §§ 2701, et seq., the Stored Communications Act (SCA). (Doc. 1, ¶ 4, p. 1) Plaintiff also invokes the court's supplemental jurisdiction under 28 U.S.C. § 1367 over his claims under Tenn. Code Ann. §§ 39-14-601, et seq., the Tennessee Personal and Commercial Computer Act of 2003 (PCCA). (Doc. 1, ¶ 4, p. 4) The District Judge transferred this case to the Magistrate Judge on October 1, 2013 with the consent of the parties. (Doc. 33)

II. BACKGROUND

Plaintiff asserts that he and defendant were married on March 29, 2008. (Doc. 1, ¶ 7, p. 2) Plaintiff alleges that defendant "installed SPECTOR PRO commercial software . . . on his personal computer" without authorization on or about June 1, 2012. (Doc. 1, ¶ 8, p. 2) Plaintiff asserts that he and defendant separated "on or about July 6, 2012," following which defendant filed for divorce on July 20, 2012. (Doc. 1, ¶ 7, p. 2)

Plaintiff asserts that "SPECTOR PRO is "'monitoring' software . . . designed to capture all user activity . . . without a user's knowledge." (Doc. 1, ¶ 8, p. 2) Plaintiff further asserts that SPECTOR PRO "captures all passwords typed and all emails sent and received as well as all other activity," and that it "automatically upload[s] this information to a particular website or emailed to a particular address." (Doc. 1, ¶ 8, p. 2)

Plaintiff alleges that defendant's actions "violated 18 U.S.C. § 1030(a)(4) by knowingly and with intent to defraud, accessed a protected computer . . . to obtain information and materials to use against Plainitff's economic interests and in furtherance of the parties personal disputes." (Doc. 1, ¶ 23, p. 4) Plaintiff asserts that his personal computer was a "protected" computer as defined under §§ 1030(e)(1)-(2) of the CFAA. (Doc. 1, ¶¶ 19-26, pp. 4-5) Plaintiff argues further that defendant violated §§ 1030(a)(2)(c) and (a)(4), that those violations damaged him within the meaning of §§ 1030(e)(8) and (g), and that defendant's alleged actions caused him "loss during a one year period of at least Five Thousand Dollars ($5,000)" within the meaning of §§ 1030(c)(4)(A)(i)(I) and (e)(11). (Doc. 1, ¶¶ 22-25, pp. 4-5) Based on the foregoing, plaintiff asserts that he is entitled to damages, costs and attorney fees under the CFAA.

Plaintiff argues that his personal computer also is "facility through which electronic communication services [are] provided " within the meaning of the SCA. (Doc. 1, ¶¶ 27-31, p. 5) Plaintiff argues that defendants alleged actions violated § 2701(a) of the SCA because she "obtained, altered or prevented authorized access to wire or electronic communication while it was in authorized storage for the purpose of economic advantage, malicious destruction and damage." (Doc. 1, ¶ 30, p. 5) Plaintiff contends that defendant is liable for damages punitive damages, costs and attorney fees under the SCA. (Doc. 1, ¶ 31, p. 5)

Finally, plaintiff asserts that his computer is a "facility . . . through which an electronic communications service is provided" under Tennessee law, and that he is entitled to relief under Tenn. Code Ann. § 39-14-601(3). (Doc. 1, ¶ 33, p. 5) Plaintiff argues that defendant is liable for damages, punitive damages, costs, and attorney fees under the PCCA. (Doc. 1, ¶ 36, p. 6)

On May 29, 2013, defendant filed a motion to dismiss under Rule 12(b)(6), Fed. R. Civ. P., accompanied by a supporting memorandum of law and facts. (Doc. 9-10) Defendant asserts initially that the computer at issue was a "family computer located in the family home to which both parties had equal access." (Doc. 10, ¶ 1, p. 2) Defendant argues that the computer in question was not a "protected" computer within the meaning of the CFAA, and that plaintiff's claim that he "suffered damages 'of at least Five Thousand Dollars ($5,000)' is a mere legal and factual conclusion . . . not supported by any facts . . . ." (Doc. ¶ 10, 2.B, pp. 3-4) Defendant argues that plaintiff is not entitled to relief under the SCA, because a home computer is an end user computer, not a "facility" through which an electronic service was provided as required under the Act. (Doc. 10, ¶ 2.C, pp. 5-6) Finally, defendant argues PCCA is a criminal statute over which the State has exclusive jurisdiction, that the PCCA does not provided for a private right of action, and that plaintiff's claims to that end also are conclusory. (Doc. 10, ¶ 2.D, pp. 7-8)

Plaintiff filed a response to defendant's motion to dismiss on June 7, 2013. (Doc. 15) In it, plaintiff asserts that the computer in question is a "protected computer" within the meaning of § 1030(e)(1)(2). (Doc. 15, ¶ II, p. 5) Plaintiff also argues that, "[s]ince virtually any computer that sends email in the course of its function is used in interstate or foreign commerce, this fact, and the facts set forth in Paragraph 13 [of the complaint], squarely defines the computer in question as 'protected' within the meaning of . . . section 1030(e)(1(2)(B)." (Doc. 15, ¶ II, p. 5) Plaintiff repeats his claim that the CFAA provides for a private right of action, that he was damaged within the meaning of §§ 1030(e)(8) and (g), that defendants's alleged action "caused [him] loss during a one year period of at least Five Thousand Dollars ($5,000), within the meaning of . . . § 1030(c)(4)(A)(i)(I)," and that plaintiff is liable for damages, costs, and attorney's fees under the CFAA. (Doc. 15, ¶ I, p. 2)

Plaintiff does not dispute defendant's characterization of the computer at issue as a "family computer located in the family home."

Plaintiff argues in his response that his computer is a "facility" under the SCA, because the SCA uses "the same defined terms as the Federal Wiretap Act 18 U.S.C. ¶ 2510," that "[t]erms such as electronic communications, electronic communications systems and electronic communications services approximately define the terms used in the complaint," and that "the facts as set forth in [his] complaint are directly applied to the meaning and elements of . . . § 2701." (Doc. 15, ¶ II, pp. 5-6) Plaintiff repeats his claims that the SCA provides "a private cause of action for 'any person aggrieved by violation of section 2701," and that under the SCA the "district court may award equitable declaratory relief, reasonable attorney's fees and punitive damages." (Doc. 15, ¶ I, p. 2)

Finally, plaintiff argues in his response that the court has supplemental jurisdiction over his claim under the PCCA "since these claims are directly related to, and for[m] part of the same cases as the . . . . Federal statutes." (Doc. 15, ¶ II, p. 6) Plainitff repeats his claim that the PCCA provides a private right of action under the facts alleged, and that defendant is liable to him under the PCCA for damages, punitive damages, costs, and attorney's fees. (Doc. 15, ¶ II, p. 3)

Defendant filed a reply on June 18, 2013. (Doc. 18) Defendant argues that plaintiff has failed to establish the prerequisites for asserting a private cause of action under the CFAA, i.e., that he suffered damages, that the computer at issue was a "protected" as defined under the Act, or any facts in support of his claim to have suffered harm in excess of $5,000. (Doc. 18, ¶ 2, p. 2) Defendant also maintains that plaintiff's argument that the CFAA "covers all computers used or owned by any person" is too expansive and "not warranted by the clear wording of the statute." (Doc. 18, ¶ 2, p. 2) Defendant also argues again that plaintiff's claim of damages is conclusory and as such are subject to dismissal under Ashcroft v. Iqbal, 556 U.S. 662 (2009) and Bell Atl. Corp. v. Twombly, 550 U.S. 544 (2007). (Doc. 18, ¶ 2, p. 2) Citing case law, legislative history, and a learned treatise, defendant also argues in her reply that home computers, and emails stored on such computers, are not protected under the SCA, nor is a home computer a "facility" within the meaning of the Act. (Doc. 18, ¶ 18, pp. 3-4) Finally, defendant argues in her reply that plaintiff's claim under the PCCA is conclusory, that the PCCA is a criminal statute, and that plaintiff has "fail[ed] to cite any provision . . . which allows for a private right of action." (Doc. 18, ¶ 3, p. 4)

This matter is properly before the court.

III. STANDARD OF REVIEW

In assessing a motion to dismiss under Rule 12(b)(6), the court construes the complaint in the light most favorable to the plaintiff, accepts the plaintiff's factual allegations as true, and determines whether the complaint "contain[s] sufficient factual matter, accepted as true, to state a claim to relief that is plausible on its face." Ashcroft, 556 U.S. at 663 (internal quotation and citation omitted). "[A] plaintiff's obligation to provide the 'grounds' of his 'entitlement to relief' requires more than labels and conclusions, and a formulaic recitation of the elements of a cause of action will not do." Bell Atl. Corp., 550 U.S. at 555. Courts are not required to accept as true legal conclusions couched as factual allegations. Bell Atl. Corp., 550 U.S. at 555 (quoting Papasan v. Allain, 478 U.S. 265, 286 (1986)). "Factual allegations must be enough to raise a right to relief above the speculative level. . . ." Bell Atl. Corp., 550 U.S. at 555. "[O]nly a complaint that states a plausible claim for relief survives a motion to dismiss. . . . [W]here the well-pleaded facts do not permit the court to infer more than the mere possibility of misconduct, the complaint has alleged—but it has not 'show[n]'—'that the pleader is entitled to relief.'" Iqbal, 555 U.S. at 679 (quoting Fed.R.Civ.P. 8(a)(2))(internal citation omitted).

IV. ANALYSIS


A. Plaintiff's Claims Under the CFAA

The CFAA is a federal criminal statute that prohibits unauthorized access to a "protected computer" for purposes of obtaining information, causing damage, or perpetrating fraud. 28 U.S.C. §§ 1030(a)(1)-(5). Although the CFAA is a criminal statute, subsection (g) provides a private right of action under certain circumstances. 28 U.S.C. §§ 1030(g), (c)(4)(A)(i)(I)-(V). Plaintiff asserts that he has a private right of action under the CFAA. The parties' arguments pertaining to this issue are set forth at pp. 2-5.

As noted above, the CFAA provides for a private right of action. However, the private right of action under the CFAA is constrained as follows:

Any person who suffers damage or loss by reason of a violation of this section may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief. A civil action for a violation of this section may be brought only if the conducts involves 1 of the factors set forth in subclauses (I), (II), (III), (IV), or (V) of section (c)(4)(A)(I). . . .
28 U.S.C. §1030(g). The five factors to which § 1030(g) above refers that give rise to a private cause of action are listed below.
(I) loss to 1 or more persons during any 1-year period . . . aggregating at least $5,000 in value;
(II) the modification or impairment, or potential modification or impairment, of the medical examination, diagnosis, treatment, or care of 1 or more individuals;
(III) physical injury to any person;
(IV) a threat to public health or safety;
(V) damage affecting a computer used by or for an entity of the United States Government in furtherance of the
administration of justice, national defense, or national security
. . . .
28 U.S.C. § 1030(c)(4)(A)(i). If a claim does not fall within the ambit of one or more of the five factors above, then a private cause of action under the CFAA will not lie.

Plaintiff asserts in both his complaint and his response that defendant's alleged actions caused him a "loss during a one year period of at least Five Thousand Dollars ($5,000)." Plaintiff cites specifically to § 1030(c)(4)(A)(i)(I) as grounds for the relief sought which, as noted on the preceding page, requires "loss to 1 or more persons during any 1-year period . . . aggregating at least $5,000 in value . . . ."

Although § 1030(c)(4)(A)(i)(I) to which plaintiff refers is one of the five factors that give rise to a private cause of action, plaintiff has not provided any factual allegations in support of his claim that he lost at least $5,000, either in his complaint or later in his response when he had the chance to do so after defendant argued that this claim was conclusory. Plaintiff's claim is a mere formulaic recitation of the elements of a cause of action. As previously established, "a plaintiff's obligation to provide the 'grounds' of his 'entitlement to relief' requires more than labels and conclusions, and a formulaic recitation of the elements of a cause of action will not do." Bell Atl. Corp., 550 U.S. at 555. Because of the conclusory nature of his claim, plainitff has failed to establish that he has standing to bring private right of action under § 1030(c)(4)A)(i)(I).

Plaintiff also cited § 1030(e)(8) in the context of this claim. However, § 1030(e)(8) is a definition which defines "damage" as "any impairment of the integrity or availability of data, a program, a system or information . . . ." Section 1030(e)(8) does not provide independent grounds for relief. Nevertheless, the court considers out of an abundance of caution whether plaintiff's reference to § 1030(e)(8) was a not-well-pleaded attempt to assert damages in addition to the money damages addressed above.

The only factor listed in §§ 1030(c)(4)(A)(i)(I)-(V) that approximates damages of the sort defined by § 1030(e)(8) is factor (V), i.e., "damage affecting a computer used by or for an entity of the United States Government in furtherance of the administration of justice, national defense, or national security . . . ." Plaintiff does not allege that his computer was being "used by or for an entity of the United States Government in furtherance of the administration of justice, national defense, or national security . . . ," nor can such a claim be inferred from the pleadings.

Finally, plaintiff cites § 1030(e)(11) in the context of this claim. Section 1030(e)(11) is another definition which, once again, does not provide independent grounds for relief. Rather, § 1030(e)(11) defines "loss" as "any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service . . . ." "Loss" is defined in terms of "cost," i.e., dollars and cents, which brings plaintiff back to $5,000 money-related claim which already has been addressed.

For the reasons explained above, plaintiff has failed to establish that he has standing to bring a private right of action under the CFAA. Having determined that plaintiff does not have standing to bring a private right of action under the CFAA, it is not necessary for the court to address the remainder of plaintiff's arguments under the CFAA. Plaintiff's claim under the CFAA will be dismissed for failure to state a claim on which relief may be granted.

B. Plaintiff's Claims Under the SCA

The SCA is a federal criminal statute that prohibits "intentionally access[ing] without authorization a facility through which an electronic communication service is provided . . . or intentionally exceed[ing] an authorization to access that facility . . . thereby obtain[ing] . . . access to . . . [an] electronic communication while it is in electronic storage . . . ." 18 U.S.C. § 2701(a). The SCA provides for a private cause of action. 18 U.S.C. § 2707. The parties respective arguments on this issue are set forth at pp. 2-5.

The court has examined the case law pertaining to the SCA and its applicability to the facts in this case. The Sixth Circuit has not yet decided the several SCA-related issues presently before the court, and there are very few published cases in other circuits that have. There are, however, numerous on-point unpublished opinions entered in district courts from California to Massachusetts, and the many districts in between, dating back to 2001. As shown in n. 3 below, the overwhelming body of law supports the following conclusions: an individual's personal computer is not a "facility through which an electronic communication service is provided," an individual's personal computer does not provide "electronic storage" within the meaning of the SCA, and the SCA does not cover personal/family computers. The relevant portions of the legislative history pertaining to the SCA, quoted at n. 4 below, support these conclusions as well. As shown below, the discussion in Sen. Rep. No. 99-541 addresses only facilities operated by electronic communications services such as electronic bulletin boards and computer facilities, and the risk that communications temporarily stored in those facilities could be accessed by hackers. There is no discussion whatsoever of an individual's personal/home computer(s), nor can such a reading be inferred from the legislative history.

See Garcia v. City of Laredo, Tex., 702 F.3d 788, 793 (5th Cir. 2012)(a cell phone does not satisfy the SCA's "electronic communication service" and "electronic storage" requirements); U.S. v. Steiger, 318 F.3d 1039, 1049 (11th Cir. 2003)("hacking into a personal computer to retrieve information stored therein" is not covered by the SCA); In re Google Inc. Cookie Placement Consumer Privacy Litigation, 2013 WL 5582866 * 7 (D.Del. 2013)("[a]n individuals personal computing devise is not a 'facility through an electronic communication service is provided,' as required under the SCA"); In re iPhone Application Litigation, 844 F.Supp.2d 1040, 1057-58 (N.D. Cal. 2012)( IOS devices such as personal computers are not facilities through which an electronic communication service is provided); Brooks v. AM Resorts, 2013 WL 3343993 *4 (E.D. Pa.)("no one contests that emails downloaded and stored on a personal computer are not included in the [SCA's] definition of electronic storage); K.F. Jacobsen & Co., Inc. v. Gaylor, 2013 WL 2318853 * 5 (D. Or. 2013)(personal "computers are not facilities through which 'electronic communication services' are provided"); International Broth. Of Elec. Workers, Local 134 v. Cunningham, 2013 WL 1828932 *4 (N.D. Ill. 2013)("simply accessing a personal computer to obtain stored data would not run afoul of § 2701"); Freedom Banc Mortg. Services, Inc. v. O'Hara, 2012 WL 3862209 * 9 (S.D. Ohio)("Information that an individual stores to his or her hard drive, such as images, personal information, and emails that he or she has downloaded, is not electronic storage as defined by the [SCA]"); Council on American-Islamic Relations Action Network, Inc. v. Gaubatz, 793 F.Supp.2d 311, 337 (D.DC. 2011)(email messages downloaded and stored on, and subsequently accessed solely from a user's personal computer do not fall within the SCA's definition of electronic storage); Pure Power Boot Camp v. Warrior Fitness Boot Camp, 587 F.Supp.2d 548, 555 (S.D.N.Y. 2008)(noting that the "majority of courts which have addressed the issue" have determined that email stored on a personal computer is not subject to the SCA); Bailey v. Bailey, 2008 WL 324156 * 6 (E.D. Mich. 2008)(the SCA "does not extend to emails and massages stored only on Plaintiff's personal computer"); In re Pharmatrak, Inc. Privacy Litigation, 220 F.Supp.2d 4, *14 (D.Mass. 2002)(a "personal computer is not a 'facility through which an electronic communication service is provided' for the purposes of § 2701")(reversed on other grounds by Pharmatrak, Inc. Privacy Litigation, 329 F.3d 9 (1st Cir. 2003); Crowley v. CyberSource Corp, 166 F.3d 2d 1263, 1271 (N.D. Cal. 2001)(including a personal computing device within the definition of "facility" rendered other parts of the SCA illogical).

Relevant portions of the legislative history pertaining to the SCA in Sen. Rep. No. 99-541:

New section 2701—Unlawful access to stored communications
Subsection (a) of this new section creates a criminal offense for either intentionally accessing, without authorization, a facility through which an electronic communication service is provided, or for intentionally exceeding the authorization for accessing that facility. Subsection 2701, also provides that the offender must obtain, alter, or prevent authorized access to a wire or electronic communication while it is in electronic storage in such an electronic storage system in order to commit a violation under the subsection. The term 'electronic storage' is defined in section 2510(17) of title 18 and includes both temporary, intermediate storage of a wire or electronic communication incidental to the transmission of the message, and any storage of such a communication by the electronic communication service for purposes of backup protection of the communication.
This provision addresses the growing problem of unauthorized persons deliberately gaining access to, and sometimes tampering with, electronic or wire communications that are not intended to be available to the public.
This subsection does not prevent broad authorizations to the general public to access such a facility. The bill does not for example hinder the development or use of 'electronic bulletin boards' or other similar services where the availability of information about the service, and the readily accessible nature of the service are widely known and the service does not require any special access code or warning to indicate that the information is private. To access a communication in such a public system is not a violation of the Act, since the general public has been 'authorized' to do so by the facility provider.
However, the offense of intentionally exceeding an authorization to access a computer facility would apply both to public and private aspects of a system. For example, a computer mail facility authorizes a subscriber to access information in their portion of the facilities storage. Accessing the storage of other subscribers without specific authorization to do so would be a violation of this provision. Similarly, a member of the general public authorized to access the public portion of a computer facility would violate this section by intentionally exceeding that authorization and accessing the private portions of the facility. . . .


As reasoned above, plaintiff's personal computer is not covered by the SCA. Accordingly, this claim will be dismissed for failure to state a claim on which relief may be granted.

C. Plaintiff's Claim Under the PCCA

Having determined that plaintiff has failed to state a claim on which relief may be granted under the CFAA and SCA, the court declines to exercise its supplemental jurisdiction over plaintiff's claim under the PCCA. Plainitff's claim under the PCCA will be dismissed without prejudice to whatever relief he may have in state court.

V. CONCLUSION

For the reasons explained herein, defendant's motion to dismiss (DE 9) will be GRANTED, and this action will be DISMISSED with prejudice as to plaintiff's federal claims under the CFAA and SCA, but dismissed without prejudice to plaintiff's state law claim under the PCCA. An appropriate order will be entered. All other pending motions will be TERMINATED as moot.

_____________

Joe B. Brown

United States Magistrate Judge


Summaries of

Morgan v. Preston

UNITED STATES DISTRICT COURT MIDDLE DISTRICT OF TENNESSEE NASHVILLE DIVISION
Nov 7, 2013
No. 3:13-00403 (M.D. Tenn. Nov. 7, 2013)

dismissing plaintiff's CFAA claim against defendant spouse who installed spyware on home computer on grounds that plaintiff had failed to sufficiently allege the requisite amount in damages, declining to address multiple additional arguments that the CFAA would not cover the alleged conduct

Summary of this case from Luis v. Zang
Case details for

Morgan v. Preston

Case Details

Full title:JAMES TAGNEY MORGAN, Plaintiff, v. VAN ASA PRESTON, Defendant.

Court:UNITED STATES DISTRICT COURT MIDDLE DISTRICT OF TENNESSEE NASHVILLE DIVISION

Date published: Nov 7, 2013

Citations

No. 3:13-00403 (M.D. Tenn. Nov. 7, 2013)

Citing Cases

Luis v. Zang

The type of intentionality specified presupposes something other than the passive activities alleged by…

Stirling Int'l Realty, Inc. v. Soderstrom

It makes no mention of individual users' computers . . . ."Id. at 792-93 (citations and footnotes omitted)…