Subject Matter Index All Decisions About Us Statutes Articles Online Resources Help


Martin Samson, author of the Internet Library of Law and Court Decisions

Recent Addition

Designer Skin LLC v. S & L Vitamins, Inc., et al.
Unauthorized internet reseller of plaintiff’s products is not guilty of trademark infringement, and does not cause actionable initial interest confusion, by using plaintiff’s trademarks in meta tags of website at which plaintiff’s and its competitors’ products are sold, and in...

Employees - Internet Library of Law and Court Decisions - Updated November 27, 2008

496 F.Supp.2d 653 (E.D. Va., July 12, 2007)

Court denied motion to dismiss complaint charging the defendant Union and two of its organizers with violating the CAN-SPAM Act by sending email solicitations promoting union membership to Verizon employees which purported to come from Verizon managers who did not authorize their transmission.  The Virginia District Court held that it could exercise personal jurisdiction over the non-resident Union organizers because both the corporate servers used to transmit these emails, as well as some of the employees who received them, were located in Virginia. 

The Court further held that plaintiff Verizon had stated valid CAN-SPAM claims against the defendants.  In reaching this result, the Court rejected defendants’ contentions that their solicitations constituted non-commercial speech promoting union membership exempt from the strictures of CAN-SPAM.  Because the Union rendered a service – representation of employees – for a fee – union dues – the emails constituted commercial speech.  As such, held the Court, the failure of these emails to accurately describe their source, or to appropriately advise that they were, in fact, advertisements, as well as their failure to provide mandated opt-out instructions, rendered their senders potentially liable for violations of CAN-SPAM.

322 B.R. 247 (Bankr. S.D.N.Y., March 21, 2005)

Court holds that the use of a company's e-mail system by an employee to send personal e-mails to the employee's personal counsel does not, without more, waive any attorney client privilege in such communications.  Whether a waiver had occurred must instead be resolved by examining the employee's subjective and objective expectations that the communications would be confidential.  In analyzing this question, Courts should look for guidance to cases that address an employee's privacy rights in e-mail sent over company e-mail systems, which hinge on the resolution of a similar question -- the reasonableness of an employee's expectation of privacy in such e-mails.  Issues of fact as to the existence and application of company computer usage policies, and whether employees were warned that the Company could inspect e-mails sent over the company's system, prevented the Court from resolving the issue at this time.

The Court further held that any privileges attendant to certain additional e-mails between company employees and their personal counsel had been waived by their voluntary transmission of such e-mails both to counsel representing the company, and to a consultant rendering services to the company.

California Court of Appeals, Second Appellate District, Case No. B068705 (July 26, 1993)

Employer's review of e-mail of a personal and sexual nature sent by employee over company system did not constitute invasion of employee's right of privacy under either the California Constituion or common law where employee signed a form agreeing to restrict use of e-mail to company purposes, and had been notified by other employees that e-mail was reviewed by people other than the intended recipient.

2006 U.S. Dist. LEXIS 36680 (N.D. Ohio June 7, 2006)

Court denies defendant employer's motion for summary judgment, holding issues of fact preclude dismissal of plaintiff employee's invasion of privacy claim.  Plaintiff's claim arises out of the manner in which his employer obtained information about plaintiff's activities on eBay, which information supported employer's conclusion that the employee had stolen its property, which in turn led to the employee's termination.  Issues of fact existed as to whether defendant obtained this information by accessing plaintiff's password-protected eBay account, which, in the absence of an appropriate computer usage policy, could give rise to an invasion of privacy claim.  Notably, however, the Court held that if the employer had a computer usage policy that "advised its employees that their computer activities on the office system were monitored" plaintiff employee would lack a reasonable expectation of privacy in any eBay records he accessed from defendant's computer system and server.

06 Civ. 4228 (MBM) (S.D.N.Y., August 11, 2006)

Affirming the decision of the Bankruptcy Court below, the Southern District of New York holds that defendant Marie Nixon (“Nixon”) misappropriated plaintiff’s trade secrets, converted its property, and was unjustly enriched, by taking possession of plaintiff’s customer list, and attempting to auction it over the Internet.  As a result, the Court affirms an award to plaintiff Cross Media Marketing of $236,000 in actual damages, representing the cost of developing plaintiff’s customer list, and an additional $50,000 in punitive damages.  Notably, such an award was rendered despite the fact that defendant Nixon did not actually sell the customer list via auction.  It should be noted that defendant Nixon did not appear at the trial of this matter, and was not represented by counsel on appeal.  On appeal, her motion for a new trial was denied.

2006 U.S.Dist. Lexis 29387, 03cv6327 (DRH)(MLO)(E.D.N.Y. May 15, 2006)

Affirming the decision of the Magistrate Judge, the District Court holds that an employee did not waive any attorney client or work product privileges that may exist in various email communications with her personal counsel transmitted to and from the employee's personal AOL email account by using a company laptop to send them from her home.  Plaintiff's employer had obtained these emails by "restoring" deleted files stored on the hard drives of these company laptops.  The Court reached this result notwithstanding the fact that the Company had a computer usage policy, of which the employee was aware, that warned employees that they had no right of privacy in Company computer equipment, the contents of which could be inspected by the Company.

52 Cal.Rptr. 3d 376 (Cal. Crt. App., December 14, 2006)

A California intermediate appellate court holds that the Communications Decency Act ("CDA"), 47 U.S.C. Section 230(c), immunizes an employer from claims arising out of the transmission by a then employee of threatening emails to, and posts about, plaintiffs from his office computer.  As a result, the Court of Appeals affirmed the dismissal of intentional infliction of emotional distress claims advanced by plaintiffs against Agilent Technologies.  Plaintiffs had sought to hold Agilent Technologies responsible for its employee's threatening conduct on theories of respondeat superior, negligent supervision/retention, and ratification. 

The Court further held defendant entitled to summary judgment dismissing such claims on the facts before it.  The respondeat superior claim failed because the evidence established that the employee was acting outside the scope of his employment when he transmitted the threatening emails in question.  The negligent supervision/retention claim similarly failed because there was no evidence that Agilent Technologies was aware of its employee's activities when he was transmitting the emails at issue from his office computer.  Agilent only learned of this misconduct after the fact, at which time it terminated the employee.  Finally, there was no evidence that the defendant employer ratified its employee's misconduct.

1997 WL 731413 (N.Y. Sup. Crt., Nov. 7, 1997)

Former employees of Internet Advertising Agency enjoined for six months from rendering advice on Internet advertising matters to competitors of their former employer, in light of the fact, itallies, that (a) they had misappropriated confidential company information, such as rates charged customers and traffic generated by advertisements, which they had and planned in the future to utilize in competition with their former employer and (b) had taken steps to set up a competing business while in plaintiff's employ, including solicitation on behalf of their new concern of one of plaintiff's potential clients.

71 F.Supp.2d 299, 99 Civ. 10035 (WHP), 1999 WL 980165 (S.D.N.Y., Oct. 27, 1999) remanded for clarification 205 F.3d 1322 (2d Cir. 2000) aff'd 2000 WL 1093320 (2d Cir. June 12, 2000)

Plaintiff EarthWeb, Inc. moved for a preliminary injunction enjoining a former vice president from either working for, or disclosing trade secrets to, a competitor. Such relief was mandated, claimed plaintiff, by a one-year restrictive covenant in the defendant's employment agreement. The court held that this restrictive covenant was unenforceable because, given the nature of the Internet today, it interfered with defendant's employment for an unreasonably long period of time. The court further held that defendant was unlikely to disclose the limited confidential information of which he was aware to his new employer. As a result, the court refused to issue the requested injunctive relief.

Civil Act. No. 05-1979 (W.D. La., August 6, 2007)

Court holds that under the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. section 1030, the costs incurred by the owner of a computer system in retaining consultants to conduct forensic investigations of the use by defendants of the computer system, and the harm such use may have caused, constitute a “loss” within the meaning of the statute, which can be used to meet the CFAA’s $5000 jurisdictional threshold. 

The Court further held that, under the CFAA, once the Act’s jurisdictional threshold has been met, the plaintiff can recover “compensatory damages” caused by the defendant’s violation of the Act.  Such “compensatory damages” include lost profits and revenue caused by the defendants’ use of data improperly obtained in violation of the CFAA.  Importantly, the court held that such lost profits can be recovered even in the absence of an interruption in service caused by defendants’ conduct.

382 N.J.Super. 122 (Appellate Division N.J., December 27, 2005)

Reversing the court below, a New Jersey intermediate appellate court holds that an employer has a duty to take "prompt and effective action" to prevent an employee that it had notice was viewing child pornography in the workplace from continuing such criminal activity.  This obligation to act requires the employer to investigate the employee's activities.  It also requires the employer to report the employee's activities to the appropriate governmental authorities and to take effective action to prevent it, which may require the employee's termination.  As a result of this determination, the Court allowed the ex-wife of a former company employee, individually and as guardian for her minor daughter, to proceed with a lawsuit against the employer arising out of the employee's transmission via e-mail from his office computer of three pornographic images of his minor stepdaughter to a child porn site.

2002 U.S. Dist. Lexis 9408 (E.D. Pa., May 29, 2002)

Court dismisses invasion of privacy claims advanced by plaintiff Linda Kelleher, City Clerk of Reading Pennsylvania, arising out of defendants' alleged dissemination to the Press of emails plaintiff sent and/or received from a City of Reading computer.  Kelleher had no reasonable expectation of privacy in the subject emails because the City's computer usage policy expressly advised that the City could access and disclose emails sent from its computer network.

Plaintiff asserted this claim in a lawsuit in which she also claimed that various governmental officials and/or entities harassed her in retaliation for her exercise of her First Amendment right of Free Speech.  This harassment allegedly included providing the Press with information that would discredit her, including an ethics complaint lodged against plaintiff, and a job related one week disciplinary suspension.   Kelleher claimed that such conduct violated her rights under 42 U.S.C. § 1983.  The Court granted defendants' motions for summary judgment and dismissed the complaint, finding, inter alia, that plaintiff had failed to establish either that she had, in fact, engaged in speech which could give rise to such claims, or that the defendants' conduct was motivated by their desire to retaliate against her as a result of the activities she claimed to have engaged in.  It is beyond the scope of the Internet Library to address plaintiff's 1983 claims.  As such, the balance of this article will focus solely on the invasion of privacy claims plaintiff asserted.

266 F. 3d 64 (2d Cir., September 26, 2001)

The Second Circuit holds that a government employee has a reasonable expectation of privacy in an office computer located in his private office in light of the absence of both a computer usage policy advising him to the contrary, and a regular practice by his employer of searching the same.  The Court nonetheless holds that the government's search of its employee's computer for evidence of suspected work - related misconduct did not violate the employee's rights under the Fourth Amendment.  Such searches are permitted if the search is both justified at its inception and of appropriate scope.  Such was the case here, because the government had received notice of alleged job-related misconduct by the plaintiff employee and had conducted an appropriately circumspect inspection of his office computer to ascertain the validity of these allegations.

The Second Circuit also affirmed the dismissal of plaintiff's claims that both the government's failure to give him a pay raise, as well as its decision to demote him, violated his Due Process rights.  Such claims failed because plaintiff lacked the requisite property interest in either his job or raise to sustain a Due Process violation.

2006 WL 2998671 (S.D.N.Y., October 19, 2006)

Court holds that employees waived both the attorney client and work products privileges by using a company computer system to transmit otherwise privileged communications to their counsel.  These communications were sent from private password protected email accounts, and not from the company's own email system.   Importantly, however, copies of these emails were retained by the company's system in "temporary internet files."  As the company could and did obtain these emails by reviewing its own system, the court held that plaintiffs had waived applicable privileges by failing to maintain the confidentiality of these communications in light of the company's electronic communications policy.  That policy advised the employees not to use the company system for personal purposes, and warned them that they had no right of privacy in any materials sent over the system.  The court reached this result notwithstanding its determination that the employees had no knowledge that copies of their email communications were so retained in the company's computer system.

No. 99-55106, 236 F.3d 1035 (9th Cir., January 8, 2001), withdrawn, 262 F.3d 972 (9th Cir., August 28, 2001)

Ninth Circuit holds that the unauthorized access and review of the contents of a password protected web site can constitute violations of both the Wiretap Act, 18 USC §§ 2510-2520, and the Stored Communications Act, 18 USC §§ 2701-2710. The court further holds that an employer's accessing without authorization of such a web site created by one of its employees, which site is critical of officers of the employer and urges company employees to consider alternative union representation, can constitute impermissible surveillance of union organizing activities in violation of the Railway Labor Act, 45 USC § 152. The Ninth Circuit accordingly reversed the decision of the District Court below, denied defendant's motion for summary judgment, and reinstated plaintiff's claims.

17 Misc. 3d 934 (Sup. Crt. NY Co., October 17, 2007)

Court holds that communications between plaintiff and his counsel, sent from and to  plaintiff over his employer’s email system, were not protected from disclosure by the attorney client privilege because these communications were not made in confidence.  In reaching this result, the Court relied, in large part, on the email policy that governed the use of this company email system.  This policy advised all employees that the company email system should not be used for personal purposes, and that employees had no personal privacy right in email sent over the company email system, which the employer could access and disclose at any time. 

Notably, the Court reached this result notwithstanding the fact that New York’s Civil Practice Law and Rules (“CPLR”) section 4548 provides that “no communication privileged under this article shall lose its privileged character for the sole reason that it is communicated by electronic means, or because persons necessary for the delivery or facilitation of such electronic communication may have access to the content of the communication.”  (Emphasis added).  The Court held that it is the presence of the employer’s computer use policy, and not the fact that the material was transmitted over the company’s email system, that rendered the communication non-privileged.

The Court further held that plaintiff waived any work product privilege attendant to his communications with counsel by transmitting them over a company email system, as they were subject to the email policy recited above, which permitted the company to examine and disclose such communications at any time.  By such actions, the court held that plaintiff was so careless with these materials that he waived any work product privilege attendant thereto and could not claim their disclosure was inadvertent.

As a result, the Court denied plaintiff’s motion for a protective order, which sought to compel his employer to return these communications with counsel to plaintiff.

Case No. C06-1412RSM (W.D. Wash., September 20, 2007)

The Court granted in part and denied in part an employer’s motion to compel production and inspection of the hard drive of a laptop the company furnished to an employee.  The Court held that the company could inspect the contents of the laptop, and any emails sent by the employee over the company email system, because the company had in place a policy that advised its employees that they had no expectations of privacy therein.  However, the Court held that the attorney client and marital communications privilege protected from disclosure “any web-based generated emails, or materials created by Sims[,] to communicate with his counsel or his wife.”  Said the Court:

[T]o the extent that the laptop contains web-based emails sent and received by plaintiff Sims and any other material prepared by plaintiff Sims to communicate with his counsel, the Court agrees with plaintiff that such information is protected under the attorney-client privilege and the marital communications privilege.  Notwithstanding defendant Lakeside’s policy in its employee manual, public policy dictates that such communications shall be protected to preserve the sanctity of communications made in confidence.

Case No. 1D06-5798 (Crt. App., Fla., December 26, 2007)

Court grants defendant’s motion to suppress both evidence of defendant’s computer usage obtained via a warrantless search of his office computer, as well as subsequent incriminating statements concerning such usage made in his interrogation by law enforcement officials.  The evidence at issue indicated defendant, a pastor, was engaged in viewing child pornography.  The Court held that the government’s search violated defendant’s rights under the Fourth Amendment.

In reaching this result, the Court held that Young had a reasonable expectation of privacy in his office computer.  The court rested this determination on the fact that:
(i) the church did not have a computer usage policy, and did not regularly monitor the use of the computer,
(ii) the Pastor was the only regular user of the computer at issue, which, owned by his employer, was located in defendant’s private, locked office, to which only he and a church administrator had a key,
(iii) no one was allowed to enter the pastor’s office or use the pastor’s computer without his consent, and
(iv) the Pastor’s computer was not networked to other computers. 

Notably, the court held that the pastor had such a reasonable expectation of privacy despite the fact that he understood the computer could be accessed by the Church Administrator to perform maintenance work.

The Court further held that law enforcement’s search of the computer was not authorized by either an individual having actual or apparent authority to do so.   Law enforcement officials were authorized to search the Pastor’s computer by a church official, who, in turn, had been authorized to grant such permission by the Pastor’s supervisor.  The Court held that these individuals did not have actual authority to grant such a search, given the absence of a computer usage policy, and the fact that they themselves did not regularly use the machine.  For the same reason – the fact that they did not regularly use or access the computer at issue – the court held they lacked apparent authority to authorize the search.  As such, the Court affirmed the lower’s court decision to suppress the evidence of defendant’s computer usage obtained via the search of his computer.

As evidence from this search was used during the subsequent interrogation of defendant, the Court held that incriminating admissions made by the Pastor during this interrogation were also suppressed under the Fourth Amendment, under the ‘fruit of the poisonous tree’ doctrine.

2004 U.S. Dist. Lexis 18863 (D. Or. , Sept. 15, 2004)

The Magistrate Judge recommended the dismissal of plaintiff employee's invasion of privacy claims, which arose out of his employer's review of both e-mails he had received and stored in a personal, non-password protected, folder on a company computer, as well as a list of websites the employee visited from his office computer.  The Court held that employee had no reasonable expectation of privacy in the materials searched because the Company had explicit policies advising its employees that Company computer equipment could be monitored for any legitimate business purpose, including ascertaining whether the Company computer had been improperly used for personal reasons or to send offensive emails, as was allegedly the case here.

This claim arose in the context of a lawsuit arising out of the employee's termination for cause for "spending an inordinate amount of time on the internet during work hours" and downloading and storing on his office computer "sexually inappropriate material," which evidently consisted of nude pictures and sexually explicit jokes.  The employee claimed that his termination for cause was motivated by a desire to deny him severance benefits in violation of 29 U.S.C. §1140 of ERISA.  The Court held that issues of fact precluded an award of summary judgment dismissing this claim.  The Court did not dismiss claims plaintiff asserted arising out of the Company's alleged wrongful denial of benefits, and failure to notify him of how to apply for such severance benefits.  Such claims were dismissed, respectively, because of the employee's failure to appropriately exhaust available administrative remedies, and his failure to file a claim for such benefits in the proper manner.  As these later claims are beyond the scope of the Internet Library they will not be addressed below.  Instead, our analysis will focus solely on the dismissal of plaintiff's invasion of privacy claim.

474 F.3d 1184 (9th Cir., January 30, 2007)

Ninth Circuit holds that an employee has a reasonable expectation of privacy in his private office, because it is locked and not shared with others.  This reasonable expectation of privacy extends to the contents of his office, including the employee’s company computer, located therein.

As a result, the Court holds that the Fourth Amendment protects both the office and computer from warrantless searches by the Government unless it obtains valid consent from either the defendant himself or one with common authority over the items searched, or proceeds on the authorization of one with apparent authority to give such valid consent.

Here, the Ninth Circuit holds that the Government obtained valid consent from one with common authority over the items searched, when it received such consent from the employee’s employer.  The employer had common authority over the employee’s office computer because it had a policy of, and regularly did, monitor employees’ computer usage of company machines, a policy of which its employees were made aware.

The Court accordingly denied defendant’s motion to suppress evidence found by the Government during its warrantless search of defendant’s office computer.  As a result, pursuant to a plea agreement, defendant was convicted of the receipt of obscene material based, in part, on evidence obtained during this search.  The evidence obtained during this search, and by the company earlier, showed that defendant had viewed and had possession of child pornography.

216 F.3d 401 (4th Cir., Feb. 10, 1999), cert. denied 2001 U.S. Dist. Lexis 134 (2001)

The Fourth Circuit, reversing the District Court, held that a statute that imposed restrictions on the ability of State employees to access the Internet, Va. Code. Ann. §2.1-804 et seq. (the "Act"), did not run afoul of the First Amendment. The Act prohibits state employees from using state-owned computers to access "sexually explicit content" on the Internet unless they obtain written approval from their agency head that such use is required for an approved governmental purpose. The Fourth Circuit determined that because the Act only restricts the conduct of State employees in the performance of their duties for the State, and not their acts as private citizens, the Act constitutes a permissible restriction the State, as employer, can impose on its employees that does not violate the First Amendment.

Quick Hits

Tammy S. Blakey v. Continental Airlines, Inc., et al.,
164 N.J. 38, 751 A.2d 538 (Sup. Ct. N.J., June 1, 2000).

Reversing the courts below, the New Jersey Supreme Court holds that employers have a duty to take effective measures to stop sexual harassment that occurs in an online work-related chat room or bulletin board of which they have notice.  Said the Court:  “[W]e find that if the employer had notice that co-employees were engaged on … a work related forum in a pattern of retaliatory harassment directed at a co-employee, the employer would have a duty to remedy that harassment. … To repeat, employers do not have a duty to monitor private communications of their employees; employers do have a duty to take effective measures to stop co-employee harassment when the employer knows or has reason to know that such harassment is part of a pattern of harassment that is taking place in the workplace and in settings that are related to the workplace.” 

The Supreme Court further held that out-of-state employees who posted allegedly defamatory and harassing messages on an online bulletin board about a non-resident co-employee may be subject to jurisdiction in New Jersey if such posts were intended to dissuade that co-employee from pursing a New Jersey action seeking redress under the New Jersey Law Against Discrimination.

Issues of fact precluded the court from resolving either question in the case at bar, and the Supreme Court accordingly remanded the case to the trial court for further consideration.

This action arose out of various posts made by plaintiff’s co-employees on an online forum made available to such employees for discussion of issues of concern to them.  This forum was provided as an added benefit by Compuserve, which was engaged by Continental to provide its employees access to a company computer system on which work related information, such as employee flight schedules and assignments, were available. 

After plaintiff brought a sex discrimination lawsuit against Continental in Washington, her state of residence, various company employees made posts to this forum critical of plaintiff’s work performance, and her decision and motivation for bringing her lawsuit.  Plaintiff gave notice to Continental of these posts, and her objections to them.  Plaintiff commenced this suit in New Jersey against both the posters and Continental, asserting, inter alia, claims of defamation and sexual harassment/hostile work environment.

The Supreme Court reversed the decisions of the lower courts, which had dismissed the action.  On the record before it, the Court could not determine whether the forum in which the comments were made was “sufficiently integrated with the workplace to require” Continental to police harassing activities that occur therein of which it has notice.  The resolution of this question turned on “whether the Crew Members Forum was sufficiently integrated with Continental’s operations so as to provide a benefit to it.”  It should be noted that the reach of the court’s ruling extended beyond the Continental workplace proper, to “settings that are related to the workplace.” 

Similarly, the Supreme Court held that issues of fact as to the out-of-state employees’ knowledge as to whether plaintiff had commenced a suit in New Jersey precluded a determination as to whether the court could exercise personal jurisdiction.  As stated above, for New Jersey to exercise such jurisdiction, the effects of these employees’ conduct must be felt in New Jersey.  Plaintiff was a Washington resident who had commenced a discrimination suit against Continental in Washington.  If the defendant co-employees sought to dissuade her from prosecuting a New Jersey discrimination suit with their comments, they would be subject to jurisdiction in New Jersey.  However, it was unclear from the record if the defendants knew plaintiff had commenced suit in New Jersey, as opposed to Washington, and accordingly the case was remanded for further consideration.

Download PDF of Court Decision

Shyron Bynog v. SL Green Realty Corp., et al.
05 Civ. 0305 (WHP) (S.D.N.Y., December 22, 2005)

Court denies defendants’ motion for a preliminary injunction, seeking to enjoin a former employee from publishing allegedly defamatory statements about defendants in a web site, in a blog, in emails sent to defendants’ employees, customers and other business contacts, and in flyers distributed at buildings managed by defendant SL Green Realty Corp.  (“SL Green”).  Plaintiff had commenced the instant action against the defendants, accusing them, inter alia, of discriminatory and retaliatory conduct.  The Court held that defamatory speech can only be enjoined in the Second Circuit if “extraordinary circumstances” exist, which were absent here.  That such statements may injure the plaintiff in his business or property alone do not, held the Court, constitute sufficient grounds for the issuance of an injunction.  The injuries caused by defamatory speech can ordinarily be remedied by an award of monetary damages.  Here, the absence of any viable evidence of injury to defendants, combined with the potential to recover such damages from the plaintiff, led the Court to deny injunctive relief.

Download PDF of Court Decision

Heath Cohen v. Gulfstream Training Academy, Inc. and Gulfstream International Airlines, Inc.
Case No. 07-60331-Civ-Cohn/Seltzer (S.D. Fla., April 9, 2008)

Court grants so much of plaintiff employee’s motion for summary judgment which sought dismissal of claims brought by his former employer under the Computer Fraud and Abuse Act (“CFAA”) arising out of plaintiff’s alleged use of company information, copied from a company computer, to solicit company customers and compete with his former employer.  The Court held that the lost profits defendant allegedly sustained as a result of such competition were not recoverable under the CFAA.  Rather, the CFAA only permits recovery of losses caused by an interruption of service, or damage sustained by ‘any impairment to the integrity or availability of data, a program, a system or information.’  Because defendant Gulfstream Training Academy did not establish that the information plaintiff copied and deleted from its laptop were unavailable to it, it could not pursue a claim for lost profits resulting from plaintiff’s use of this data in competition with defendant, as such lost profits did not constitute either a ‘loss’ or ‘damage’ recoverable under the CFAA.  Said the Court:

Upon a review of the statutory language and the competing case law, the Court concludes that while the issue is a close one, the more appropriate reading of the statutory language is that any ‘loss’ must be related to interruption of service.  In this case, the fact that Plaintiff copied files and allegedly stole clients from GTA did not cause an interruption of service as contemplated by the CFAA.  Rather, the CFAA statutory language evidences an intent to allow recovery for reasonable costs caused by interruptions in service or damage to a computer.  GTA would need to prove that the customer files were unavailable to GTA due to Plaintiff’s actions in exceeding his authority to access the computer.  There is no evidence to support such a theory.  Simply copying the files and then contacting customers in those files to take their business is not causing a loss because of interruption of service.  Similarly, GTA has not shown that Plaintiff’s deletion of any information, which could be construed as ‘damage’ under the CFAA, resulted in at least $5000 worth of damage.  Rather, it appears that the only allegations of damages are the lost business profits.

The Court recognized that other courts had reached differing conclusions on this issue, including Resdev LLC v. Lot Builders Ass’n, Inc., 2005 WL 1924743 (M.D. Fla. 2005), Nexans Wire S.A. v. Sark-USA Inc., 319 F.Supp.2d 468 (S.D.N.Y.) aff’d 166 Fed Appx. 559 (2d Cir. 2006) and Cenveo Corp v Celum Solutions Software, 504 F. Supp. 2d 574 (D. Minn. 2007) which reached conclusions similar to those reached by the Court, and Frees Inc. v. McMillian, 2007 WL 2264457 (W.D. La. 2007) which held that, once a plaintiff had met the jurisdictional damage thresholds imposed by the CFAA, it provisions permitted recovery of any compensatory damages sustained by the Act’s violation, limited only by the requirement that they be ‘economic damages.’

Download PDF of Court Decision

Creative Computing d/b/a Internet v. LLC, et al.
386 F.3d 930 (9th Cir., 2004)

Ninth Circuit holds that plaintiff can recover damages for loss business and business goodwill arising out of defendant’s misuse of proprietary source code and customer lists improperly obtained in violation of the Computer Fraud and Abuse Act.  Such damages were held recoverable notwithstanding the absence of an interruption of service caused by defendant’s misconduct.  Said the Court:

Both the old and new versions of the statute limit damages for loss aggregating at least $5000 in a year to ‘economic damages.’  Getloaded objects to paying damages for loss of business and business goodwill.  The objection is without force, because those are economic damages.

As a result, the Ninth Circuit affirmed the lower court’s determination, after trial, which awarded plaintiff $150,000 for each of three violations by defendant of the Computer Fraud and Abuse Act. 

In affirming the District Court’s decision, the Ninth Circuit further held that the $5000 damage threshold of the CFAA does not require the plaintiff to prove it sustained $5000 in damages as a result of a single act of unauthorized access.  Rather, held the Court:  “neither version of the statute supports a construction that would require proof of $5000 of damage or loss from a single unauthorized access.  The syntax makes it clear that in both versions [of the CFAA], the $5000 floor applies to how much damage or loss there is to the victim over a one-year period, not from a particular intrusion.  …  The damage floor in the Computer Fraud and Abuse Act contains no single act requirement.”  

This action arose out of a competitior’s use of source code improperly obtained by accessing plaintiff’s site through another password, and ‘hacking’ into the site and its code.  The competitor also hired a former employee of plaintiff, who improperly supplied it with plaintiff’s customer lists.  The parties’ respective websites are used by truckers to ascertain loads available for transport in a given area, so as to permit the trucker to prevent ‘dead heading’ and allow them, instead, to travel both to and from a location fully loaded with cargo.  In addition to an award of $450,000 under the CFAA, the Court also awarded plaintiff $60,000 for violation of the Idaho Trade Secrets Act, $342,787,35 in attorneys fees and expenses, and $120,000 in exemplary damages as a result of defendants’ improper acts, including its violation of injunctions designed to prevent the destruction of evidence.

Download PDF of Court Decision

General Board of Global Ministers of the United Methodist Church v. Cablevision Lightpath, Inc.
CV 06-3669 (DRH)(ETB) (E.D.N.Y. November 30, 2006).

Court grants Church’s petition pursuant to Fed. R. Civ. P. Rule 27, and directs respondent Cablevision Lightpath Inc. (“Cablevision”) to disclose the identity of the subscriber to whom a particular IP address was assigned.  Petitioner alleged that the IP address in question was used to access without authorization email accounts the Church supplied to seven employees.  Petitioner also alleged that this IP address was used to improperly send an email from one of those accounts, in the name of the account holder, that advised other company employees that they had been terminated for poor job performance.  Petitioner alleged that this conduct violated the Stored Communications Act, 18 U.S.C. Section 2701.

Petitioner sought the requested discovery to “preserve testimony,” as it had been advised by respondent Cablevision that in the ordinary course of business, it would delete the requested information within 90 days of the email transactions in question.

The Court found that petitioner had made the requisite showing for relief under Fed. R. Civ. P. Rule 27 and directed Cablevision to disclose the requested information.  In reaching this result, the Court held that petitioner’s need for disclosure outweighed any First Amendment right of the speaker in question to maintain anonymity.  In so holding the Court analyzed five factors: “(1) a concrete showing of a prima facie claim of actionable harm; (2) specificity of the discovery request; (3) the absence of alternative means to obtain the subpoenaed information; (4) a central need for the subpoenaed information to advance the claim, and (5) the party’s expectation of privacy.”  The Court found each of these factors favored the requested disclosure.  Petitioner had made out a prima facie case that the individual in question violated the Stored Communications Act by improperly accessing employee email accounts without authorization.  Because of the nature of the challenged conduct – such improper access, and the use thereof to impersonate one of the account holders – the court further held that the individual in question had a low expectation of privacy in maintaining the anonymity of her actions.  Petitioner’s request was narrowly tailored to seek only the identity of the speaker from Cablevision, the only known source of such information.  Finally, the court held that the requested information – the identity of the speaker in question -- was needed to permit petitioner to bring a claim seeking redress for the wrongs at issue.  The Court accordingly directed disclosure.

Download PDF of Court Decision

Haybeck v. Prodigy Services Co.
944 F.Supp. 326 (S.D.N.Y., 1996)

Court holds that Prodigy is not liable for injuries caused to plaintiff as a result of non-protected consensual sexual relations plaintiff had with a Prodigy employee who had, but failed to disclose to plaintiff that he had, AIDS.  Plaintiff first met this employee, defendant Jacob Jacks, in a Prodigy sex chat room, where the two had numerous conversations.  Plaintiff alleged that Jacks used the access to Prodigy granted him as an employee to frequent this chat room, and further, that he gave Plaintiff free access to Prodigy, and this chat room, as well. 

The Court held that Prodigy could not be found liable on a theory of respondeat superior for Jack’s failure to disclose his medical condition to plaintiff, because such was an act beyond the scope of his employment.  The Court further held that Prodigy could not be held liable on theories of negligent hiring or retention, because it had no notice that Jacks was engaging in the challenged misconduct – having unprotected sexual relations without disclosing to his partner that he had AIDS.  As a result, the Court granted Prodigy’s motion to dismiss the complaint against it.

Nexans Wires S.A. and Lacroix & Kress GMBH v. Sark-USA Inc., et al.
No. 05-3820-cv (2d. Cir., February 13, 2006)

Court holds that lost profits caused by alleged misuse of proprietary data improperly obtained in violation of the Computer Fraud and Abuse Act are not recoverable as damages in claims asserted thereunder in the absence of an interruption in service caused by defendants’ alleged misconduct.  As a result, the Second Circuit affirmed the District Court’s grant of summary judgment to the defendants, dismissing plaintiff’s Computer Fraud and Abuse Act claim.  These claims alleged that defendants improperly obtained plaintiff’s proprietary data, which they used in aid of a competitor to plaintiff’s injury.  “As the district court correctly recognized, the plain language of the statute treats lost revenue as a different concept from incurred costs, and permits recovery of the former only where connected to an ‘interruption in service.’  …  Because it is undisputed that no interruption of service occurred in this case, L & K’s asserted loss of $10 million is not a cognizable loss under the CFAA.”

Download PDF of Court Decision

TBG Ins. Services Corp. v. Robert Zieminski
96 Cal. App. 4th 443 (Cal. Ct. App. 2002)

A computer usage policy that warns the employee of the company’s right to inspect computers provided to him for business use, has been held sufficient to entitle the company to inspect the contents of a company computer used by the employee in his home over the employee’s objections.  Said the Court: 

[Company’s] advance notice to [Employee] (the company’s policy statement) gave [employee] the opportunity to consent to or reject the very thing that he now complains about, and that notice, combined with his written consent to the policy, defeats [the] claim that he had a reasonable expectation of privacy.

Pursuant to this policy, employee “consented to have his computer “use monitored by authorized company personnel” on an ‘as needed’ basis and agreed that communications transmitted by computer were not private.”) id. at 446

Download PDF of Court Decision

Louis E. Thyroff v. Nationwide Mutual Insurance Company, et al.
USCOA2 No. 41, (N.Y. Crt. App., March 22, 2007)

The New York Court of Appeals extends New York’s common law tort of conversion to “intangible electronic records.”  Prior to the High Court’s decision, in the state of New York, the common law tort of conversion was limited to the conversion  of tangible personal property, or intangible personal property that had ‘merged’ into a tangible object, such as a stock certificate.  Finding that it was time for the tort of conversion to evolve to “keep pace with contemporary realities of widespread computer use,” the Court held that it extended to intangible electronic records stored on a company computer system.  Said the Court:

Computers and digital information are ubiquitous and pervade all aspects of business, financial and personal communication activities.  … We cannot conceive of any reason in law or logic why this process of virtual creation should be treated any differently form production by pen on paper or quill on parchment.  A document stored on a computer hard drive has the same value as a paper document kept in a file cabinet. … “It would be a curious jurisprudence that turned on the existence of a paper document rather than an electronic one.  Torching a company’s file room would then be conversion while hacking into its mainframe and deleting its data would not.” … It generally is not the physical nature of a document that determines its worth, it is the information memorialized in the document that has intrinsic value. … In the absence of a significant difference in the value of information, the protections of the law should apply equally to both forms – physical and virtual.

In light of these considerations, we believe that the tort of conversion must keep pace with the contemporary realities of widespread computer use.  We therefore answer the certified question in the affirmative and hold that the type of data that Nationwide allegedly took possession of – electronic records that were stored on a computer and were indistinguishable from printed documents – are subject to a claim of conversion in New York.

As a result of this decision, the plaintiff, formerly an insurance agent for defendant Nationwide Mutual Insurance, was allowed to pursue a conversion claim arising from defendant’s decision to deny plaintiff access to electronic personal and business records he stored on the company’s computer system.  Plaintiff used Nationwide’s computer system throughout the course of his business relationship with Nationwide.   

Download PDF of Court Decision

Disclaimer  |  Attorney Advertising
© Copyright 1997-2024 Martin H. Samson All Rights Reserved
Printer Friendly