Opinion
19-15114
12-20-2021
DO NOT PUBLISH
Appeal from the United States District Court for the Northern District of Florida D.C. Docket No. 3:18-cv-00204-RV-HTC
Before JORDAN AND NEWSOM, Circuit Judges, and BURKE, [*] District Judge.
NEWSOM, Circuit Judge
This appeal requires us to determine whether the wife (Julie Schrodt) of a cheating husband (Jason Sartori) was "without au-thorization"-as that phrase is used in the Computer Fraud and Abuse Act, 18 U.S.C. § 1030 et seq., and the Stored Communications Act, 18 U.S.C. § 2701 et seq.-to access Skype and Gmail accounts on a shared family computer. The district court concluded that Schrodt's access to these accounts wasn't "without authorization" within the meaning of either statute, and that even if it was, Sartori's claims nevertheless failed because he didn't meet the minimum-loss requirement under the CFAA and because his emails weren't kept in "electronic storage" under the SCA.
For the reasons that follow, we affirm the district court's order granting summary judgment in favor of Schrodt.
I A
Sartori and Schrodt married in 2003. At the time of the events in question, Sartori was a Green Beret in the Army and Schrodt a stay-at-home mom to their three young children. The couple had a personal laptop that they kept in their marital home- usually in their shared bedroom or in a spare room. Although Sartori often took the laptop with him on deployments, he made a point to emphasize that he "absolutely" never used it for work (as he had a separate work computer) and that when he was home, there was an "understanding" that Schrodt could use it whenever needed-as in fact she did, for instance, to get directions, access bank information, etc.
One day shortly after Sartori had returned home from a three-month deployment, Schrodt opened the laptop-she was in their shared bedroom at the time-and logged into Skype using the credentials that she had created while Sartori was abroad on an earlier occasion. To her dismay, she discovered numerous sexually explicit photos and inappropriate messages between Sartori and several other women, some of whom served with him in the Army. The photos and messages made clear that Sartori was having multiple extra-marital affairs. Schrodt then opened Gmail.com-with-out having to enter a password, as Sartori was still logged in- where she discovered even more incriminating evidence.
Schrodt set up the Skype account with the same sign-on credentials and passwords used for other family accounts.
Schrodt hired a divorce attorney the next day and showed him printed transcripts of Sartori's Skype conversations. Soon thereafter, she confronted Sartori about the affairs and told him that she intended to file for divorce. A physical altercation ensued, and Sartori was arrested and eventually charged in Florida state court on several counts of domestic violence. (Those charges were ultimately dismissed, but as we will explain, later resurfaced in a different setting.)
Curiously, Sartori made no effort to change the logins or passwords for the Skype and Gmail accounts, and in fact, even testified that he deliberately left his credentials as they were-despite knowing that Schrodt had accessed the accounts-because at that point, as he said, "[t]he cat [wa]s already out of the bag." Accordingly, about a month after her initial discovery, Schrodt was once again able to open their shared laptop and go to Gmail.com-as Sartori was still logged in-where she found and printed the already-opened emails and photos.
In time, Schrodt and her divorce attorney were contacted by the Army regarding a military investigation into Sartori's affairs- specifically those involving his Army colleagues. Schrodt handed over copies of the emails, photos, and conversations that she had printed from Skype and Gmail. Sartori was eventually tried before a court martial on several domestic-violence charges involving assault and child endangerment. He was convicted, dishonorably discharged, and sentenced to 10 years in prison, where he remains incarcerated today.
B
From prison, Sartori sued Schrodt, alleging that she violated both the Computer Fraud and Abuse Act and the Stored Communications Act when she accessed the laptop and the Skype and Gmail accounts.
Specifically, the operative complaint alleges that Schrodt violated (1) the CFAA by using the laptop itself, (2) the CFAA by accessing the Gmail account on April 5, 2016, and May 6, 2016, (3) the CFAA by accessing the Skype account, (4) the SCA by accessing the Gmail account on April 5, 2016, and May 6, 2016, and (5) the SCA by accessing the Skype account. Sartori also brought claims under Florida state law; the district court dismissed them at the pleading stage, and Sartori doesn't challenge those dismissals on appeal.
The CFAA makes it unlawful to "intentionally access[] a computer without authorization" and "obtain[] . . . information" from that computer. 18 U.S.C. § 1030(a)(2)(C). In a civil suit brought under the CFAA, the plaintiff must show that she suffered a loss of at least $5,000 as a result of the violation. 18 U.S.C. § 1030(g), (c)(4)(A)(i)(I).
The SCA similarly makes it unlawful to "intentionally ac-cess[] without authorization a facility through which an electronic communication service is provided" and thereby obtain "access to a wire or electronic communication while it is in electronic storage." 18 U.S.C. § 2701(a). "Electronic Storage" is defined as "(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and (B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication." 18 U.S.C. § 2510(17).
18 U.S.C. § 2707 creates a private cause of action for someone who is the victim of a violation of 18 U.S.C. § 2701(a).
Following discovery, Schrodt filed a motion for summary judgment, which the district court granted. The district court concluded that Schrodt didn't violate either the CFAA or the SCA by accessing the laptop-which was jointly held marital property kept in common areas of the family home, and used by both spouses- or by accessing the Skype account-which Schrodt had created. The court addressed the Gmail-based claims in two parts. With respect to the second time that Schrodt accessed the account, the court reasoned that, at a minimum, she had implied authority under both the CFAA and the SCA, given Sartori's testimony that he knew about her access but nevertheless decided not to change his password. With respect to the first time that Schrodt accessed the account, the district court concluded that no CFAA violation had occurred because Sartori failed to bring forth any evidence that he satisfied the $5,000-loss requirement. And no SCA violation had occurred, the court reasoned, because the previously opened emails that Schrodt had accessed were not kept in "electronic storage" within the meaning of the SCA because they were neither held in temporary storage pending delivery nor stored for "purposes of backup protection."
Sartori timely appealed to this court.
II
On appeal, Sartori asserts that the district court erred (1) by concluding that because Schrodt created the Skype account, she didn't access that account "without authorization" under the CFAA and the SCA; (2) by determining that Sartori failed to meet the $5,000-loss requirement under the CFAA; and (3) by holding that opened emails were not kept in "electronic storage" within the meaning of the SCA.
In response, Schrodt argues that all of Sartori's CFAA and SCA claims necessarily fail because she was authorized to access everything-the laptop, the Skype account, and the Gmail account. Additionally, she contends, Sartori's CFAA claims independently fail because he didn't meet the $5,000-loss requirement, and his SCA claims likewise fail because Sartori's emails were not held in "electronic storage."
"We review the district court's grant of summary judgment de novo, viewing all evidence and any reasonable inferences that might be drawn therefrom in the light most favorable to the nonmoving party." Rine v. Imagitas, Inc., 590 F.3d 1215, 1222 (11th Cir. 2009). "The interpretation of a statute is a question of law subject to de novo review." Id.
Sartori's abandonment of key arguments has greatly simplified our task. As an initial matter, he does not challenge on appeal the district court's conclusion that Schrodt had "authorization" to access the laptop itself. Accordingly, as Sartori's lawyer acknowledged at oral argument, that argument is waived. See Oral Argument Recording at 1:04; Access Now, Inc. v. Sw. Airlines Co., 385 F.3d 1324, 1330 (11th Cir. 2004) ("[T]he law is by now well settled in this Circuit that a legal claim or argument that has not been briefed before the court is deemed abandoned and its merits will not be addressed.").
Sartori has similarly abandoned his Gmail-related CFAA and SCA claims by failing to argue on appeal that Schrodt accessed that account "without authorization" within the meaning of those statutes. See 18 U.S.C. §§ 1030(a)(2)(C), 2701(a). Rather, with respect to Gmail, he contends only-and narrowly-that "the lower court erred by finding opened emails were not kept in electronic storage and therefore not subject to the protections of the Stored Communications Act." Br. of Appellant at 8. Notably, when Schrodt pointed out in her response brief that Sartori had failed to make the "without authorization" argument regarding the Gmail account, he opted not to file a reply brief. The argument, we conclude, is not properly before us. See Sapuppo v. Allstate Floridian Ins. Co., 739 F.3d 678, 680 (11th Cir. 2014); Access Now, 385 F.3d at 1330.
That leaves only the Skype-based claims. Sartori asserts that, although Schrodt created and set up the Skype account, she didn't really use it and that, accordingly, she was "without authorization" to access it within the meaning of the CFAA and the SCA. We are unconvinced. One who is the creator and (as here) at least the co-owner of an online account is surely authorized to access it. Although neither the CFAA nor the SCA defines "authorization," Merriam-Webster explains that term to mean "the state of being authorized" and goes on to explain "authorize" to mean "to endorse, empower, justify, or permit by or as if by some recognized or proper authority." Authorize, Merriam-Webster's Unabridged Dictionary, https://unabridged.merriam-webster.com/una- bridged/authorize (last visited Dec. 2, 2021). Who but the creator and co-owner of the Skype account-here, Schrodt-could possibly be the "proper authority"? Schrodt didn't need "authorization" from anyone. End of story.
In sum, because Sartori waived his arguments that Schrodt was "without authorization" to access the laptop and the Gmail account, and because we conclude that Schrodt wasn't "without authorization" to access the Skype account, all of Sartori's CFAA and SCA claims necessarily fail. We therefore needn't consider whether Sartori met the $5,000-loss requirement under the CFAA or whether opened emails are kept in "electronic storage" under the SCA. Sartori's appeal ends here. Accordingly, the district court's judgment in Schrodt's favor is AFFIRMED.
[*] Honorable Liles C. Burke, United States District Judge for the Northern District of Alabama, sitting by designation.