v.
HARVEY EISENBERG M.D. et al.,
Defendants.
ORDER FINDING FEDERAL QUESTION JURISDICTION; GRANTING IN PART AND DENYING IN PART DEFENDANTS' MOTION TO DISMISS; GRANTING IN PART PLAINTIFF'S MOTION FOR PRELIMINARY INJUNCTION
INTRODUCTION
In 1994, Congress amended the Computer Fraud and Abuse Act, 18 U.S.C. Section 1030 ("Act" or "CFAA"), the application of which in this case will confer jurisdiction on the district court for some or all of plaintiff's claims. Plaintiff, a medical diagnostics company, seeks to assert the revised provisions of the Act as private rights of action against defendant software providers. Resolving ambiguities in the legislation in plaintiff's favor, the Court by this Order concludes that plaintiff has stated a claim under federal question jurisdiction and pled two claims under the revised Act. The jurisdictional issue is examined first, followed by a discussion of defendants' motion to dismiss plaintiff's First Amended Complaint ("FAC") and plaintiff's motion for preliminary injunction.
II.
PROCEDURAL HISTORY
Plaintiff filed this lawsuit on January 23, 1996, alleging only diversity jurisdiction. On March 11, 1996, plaintiff filed the First Amended Complaint ("FAC"), alleging federal question jurisdiction on the basis of the Computer Fraud and Abuse Act.
On April 9, 1996, plaintiff filed a motion for preliminary injunction. Defendants filed opposition on April 18, 1996; plaintiff filed a reply on April 25, 1996. Oral argument occurred on May 1, 1996, at which time the Court took the matter under submission and ordered the parties to file supplemental briefs on jurisdictional issues. Plaintiff filed supplemental papers on May 10, 1996 and May 24, 1996; defendant filed supplemental papers on May 21, 1996.
On April 15, 1996, defendants filed a motion to dismiss the complaint for failure to state a claim. On April 29, 1996, plaintiff filed opposition. On May 1, 1996, the Court heard oral argument on the motion and took the matter under submission. Defendants filed their reply on June 3, 1996. III.
SUMMARY OF FIRST AMENDED COMPLAINT
Plaintiff North Texas Preventive Imaging L.L.C. ("NTPI") is a Dallas-based provider of medical diagnostic imaging (i.e., CAT scans), a method of diagnosing coronary artery disease, cancer, osteoporosis, and other medical conditions. To assist with its diagnostic imaging, plaintiff purchased a computer system (the "Scribe system") from defendant Medical Diagnostic Imaging, Inc. ("MDI"). The Scribe system performs computer enhancement of medical images.
Defendant MDI is a California corporation which allegedly owns and controls the Scribe system software at issue. FAC paragraph 5. Defendants Eisenberg and Pura Labs, Inc. do business as MDI. FAC paragraphs 4-6. Defendant Health Technologies & Wellness, Inc. ("HTW") is a Delaware corporation which, prior to December 27, 1995, owned a majority interest in plaintiff NTPI. FAC paragraph 7. HTW also held itself out as the owner of the Scribe system software. Defendant Harvey Eisenberg is the owner and operator of all the aforementioned business entities. FAC paragraph 8. Defendant Roberta Eisenberg is Harvey Eisenberg's wife. FAC paragraph 3. Non-party DVI Financial Services, Inc. ("DVIF") is a financing company which helped plaintiff finance the purchase of the Scribe system software by buying it from defendants and leasing it to plaintiff. FAC paragraph 11. DVIF purchased the Scribe system according to the terms of price quotation 950103 on January 22, 1995. FAC paragraph 12. DVIF leased the software under the terms of lease #8 on February 27, 1995.
In May 1995, the Scribe system was installed in plaintiff's facility. FAC paragraph 15. Plaintiff has allegedly paid 90% of the sales price for the Scribe system software. FAC paragraph 13. The core of the dispute is the parties' disagreement over the licensing rights conferred by defendant's sale of the Scribe system. The parties have no formal licensing contract; their arrangement is reflected in a price quotation which contains the following provision:
Software License Agreements: Software products provided by Multi-Dimensional Imaging are copyrighted, and all rights are reserved by Multi-Dimensional Imaging. The distribution and sale of Multi-Dimensional Imaging software products are intended for the use of the original purchaser only and for use only on the computer system(s) specified. Lawful users of this product are licensed to use the software as loaded on computers and/or provided on floppy disk for copying to computers. Users are also allowed to make back-up copies for safety. Any other copying, duplicating, selling, or otherwise distributing these products is a violation of the law.Plaintiffs were dissatisfied with the operation of the Scribe system and on December 27, 1995, sent a letter to MDI "cancelling" the purchase of the Scribe system and demanding return of $161,721 which had been "overpaid." FAC paragraph 15. Defendants responded with a letter asking plaintiff to enter into a new licensing arrangement and noting that the software would be disabled on January 31, 1996, if the new license were not executed. FAC paragraph 16.
FAC paragraph 13; Friede Decl. Ex. 7 at 7 (full text of price quotation number 950103).
When the software was installed in March 1995, it contained no time restrictions or other disabling codes. Defendants apparently sent plaintiffs "update disks" periodically to update the Scribe system. In late 1995, defendants sent an "update" floppy computer disk to plaintiff which, unbeknownst to plaintiff, contained disabling codes. Disabling codes, or "time bombs," are computer software codes which render a software program inoperable at a pre-set time and date. FAC paragraph 14. The software which plaintiffs loaded onto their computer in late 1995 contained a time bomb set to go off on January 31, 1996. The software was prepared on MDI's computers in California. FAC paragraph 16.
Plaintiff learned of the existence of the time bomb and complained to defendant about its insertion in the Scribe system. A few days before the time bomb was scheduled to go off, MDI sent another set of computer codes which reset the time bomb for May 1, 1996. FAC paragraph 16.
The FAC alleges six causes of action. First, plaintiff alleges that defendants breached the DVIF-MDI purchase contract and that plaintiff, as third party beneficiary of the contract and assignee of DVIF's rights, may enforce the contract. Plaintiff asserts that it received invoices for $511,500, but received goods worth only $278,730. FAC paragraph 19. MDI has been paid $460,350 for goods supplied, and plaintiff alleges the right to the amount it overpaid for the goods -- $181,620. FAC paragraph 19.
Second, plaintiff alleges that defendants breached the express and implied warranties for defect-free performance of the software and hardware. FAC paragraph 24. Plaintiff alleges that it has been damaged in the amount of $10,000, representing the cost of labor and measures taken to keep the Scribe system running. FAC paragraph 27; see also p. 24.
Third, plaintiff alleges that defendants' conduct in secreting the time bomb in its Scribe system constitutes a violation of CFAA sections 1030(a)(5)(A) and (B). In particular, plaintiff claims that defendant, using its computers located in California, clandestinely caused the time bomb to be inserted in the Scribe system at plaintiff's facility in Texas. FAC paragraph 29. The time bomb potentially impairs the medical examination, diagnosis, and treatment of NTPI's patients. FAC paragraph 33.
Fourth, plaintiff alleges that defendants intentional insertion of the time bomb in the Scribe system constitutes conversion because it interferes with plaintiff's right to quiet possession and use of the Scribe system. FAC paragraphs 37-39. Plaintiff requests damages in the amount of $460,350, representing the amount paid for the Scribe system. FAC paragraph 38.
Fifth, plaintiff requests a declaratory judgment because it is impossible to determine who owns and controls the Scribe system software at issue in this lawsuit and that several defendants have used the name "MDI." Plaintiff requests a declaration as to which defendant owns and controls the software, and whether plaintiff holds a "non-exclusive license to use the software without cloud on title to such right." FAC paragraph 43.
Sixth, plaintiff alleges that defendants HTW and Harvey Eisenberg committed "fraudulent misrepresentation and constructive fraud." Claim 6, while captioned as a fraud claim, substantively appears to allege a claim for breach of fiduciary duty. In particular, claim 6 alleges that HT&W, as majority owner of plaintiff, and Eisenberg, as manager of NTPI, owed a fiduciary duty to disclose relevant information regarding the insertion of the time bomb in the Scribe system. Plaintiff alleges that both defendants breached their fiduciary duties to NTPI by knowingly failing to disclose this information. FAC paragraphs 45-46. Plaintiff requests compensatory damages in the amount of $460,350 plus various additional damages caused by defendants' breach. FAC at p. 26.
IV.
DISCUSSION
1. Federal Question Jurisdiction: Does the Computer Fraud and Abuse Act ("Act" or "CFAA") prohibit the conduct complained of in the complaint?
The CFAA proscribes the unauthorized access to certain computer systems for harmful purposes by means of a modem or direct keyboard entry.
Section 1030(a)(5)(A) of statute reads:
"[Whoever] through means of a computer used in interstate commerce or communications, knowingly causes the transmission of a program, information, code, or.command to a computer or computer system if -- (i) the person causing the transmission intends that such transmission will-- (I) damage, or cause damage to, a computer, computer system, network, information, data, or program; or (II) withhold or deny, or cause the withholding or denial, of the use of a computer, computer services system or network informstion, data or program, and (ii) the transmission of the harmful component of the program, information, code, or command-- (I) occurred without the authorization of the persons or entities who own or are responsible for the computer system receiving the program, information, code, or command; and (II)(aa) causes loss or damage to one or more other persons of value aggregating $1,000 or more during any 1-year period; or (bb) modifies or impairs, or potentially modifies of impairs, the medical examination, medical diagnosis, medical treatment, or medical care of one or more individuals... [shall be punished as provided in subsection (c) of this section]."
Section 1030(a)(5)(B) of the statute criminalizes the same conduct when done with "reckless disregard of a substantial and unjustifiable risk that the transmission will" cause harmful effects.
However, it is unclear whether the CFAA prohibits a person from sending a disk containing disabling codes to an authorized person who then unwittingly loads the codes onto a computer. The Court has found no cases on point, and indeed very few cases which construe Section (a)(5) at all.[1] The issue appears to be one of first impression. Although written as a criminal prohibition, the statute also creates a private right of action: Any person who suffers damage or loss by reason of a violation of the section, other than a violation of subsection (a)(5)(B), may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief. Damages for violations of any subsection other than subsection (a)(5)(A)(ii)(II)(bb) or (a)(5)(B)(ii)(II)(bb) are limited to economic damages....
18 U.S.C. Section (g).
A. Legislative History of the CFAA
The CFAA, enacted in 1984, was intended to prohibit the gaining of unauthorized access to "federal interest" computers. The original CFAA focussed on unauthorized "access" to computers causing harm and did not reach harms caused by methods other than unauthorized access. The 1984 CFAA therefore contained a loophole in cases where: (1) an authorized person caused harm to a protected computer system, or (2) an unauthorized person gave a floppy computer disk or computer codes to an authorized person who loads it onto the computer.
The CFAA was amended in 1986 and 1994. The 1994 amendment was intended to broaden the scope of criminalized activities to reflect the broader range of techniques being used in society to wreak havoc on computer systems. The sponsor of the 1994 amendment, Senator Leahy, stated that:
[T]hese amendments clarify the intent standards, the actions prohibited and the jurisdiction of the current Computer Fraud and Abuse Act.... Under the current statute, prosecution of computer abuse crimes must be predicated upon the violator's gaining unauthorized access to the affected Federal interest computers. However, computer abusers have developed an arsenal of new techniques which result in the replication and transmission of destructive programs or codes that inflict damage upon remote computers to which the violator never gained "access" in the commonly understood sense of that term.Thus while the pre-1994 CFAA was directed towards the unauthorized "access" of a computer system, presumably by modem or by direct keyboard entry, the post-1994 CFAA is directed towards a broader range of conduct by which a person knowingly "causes" the "transmission" of a program, information, code, or command to a computer. 18 U.S.C. Section 1030(a)(5). Senator Leahy stated that:
139 Cong. Rec. S16421-03, Nov. 19, 1993 (stmt. of Sen. Leahy) (reprinted at 1993 WL 490040).
The new subsection of the CFAA created by this bill places the focus on harmful intent and resultant harm, rather than on the technical concept of computer access.... The computer abuse amendments make it a felony intentionally to cause harm to a computer or the information stored in it by transmitting a computer program or code -- including destructive computer viruses -- without the knowledge and authorization of the person responsible for the computer attacked. This is broader than existing law, which prohibits intentionally accessing a federal interest computer without authorization, if that causes damage.The post-1994 CFAA undoubtedly is and was meant to be broader than previous law. The question, however, is whether the current law proscribes defendants' conduct in this lawsuit -- the act of sending a floppy computer disk containing a time bomb to a party who unknowingly loads it onto a computer.
139 Cong. Rec. S16421-03, Nov. 19, 1993 (stmt. of Sen. Leahy) (reprinted at 1993 WL 490040) (emphasis added).
During debates on the 1994 amendment, software manufacturers objected to the possibility that their practice of inserting "disabling codes" in software programs would be criminalized because disabling codes can be used as a legitimate security measure. On this issue, Senator Leahy stated that the new language would not criminalize the use of disabling codes "when their use is pursuant to a lawful licensing agreement that specifies the conditions for reentry or software disablement." Cong. Rec. vol. 140 no. 122, 103d Cong., 2d sess., 8/23/94 at S. 12313 (plaintiff's brief of 5/10/96 at 15-16). Although Senator Leahy did not state the converse proposition, i.e., that the bill did criminalize the use of disabling codes which are not specified in a lawful licensing agreement, this is certainly a reasonable implication of the statement. The Court has found nothing in the statute or legislative history to suggest that Congress intended a blanket exemption for the use of time bombs from the CFAA's prohibitions[2]. Rather, time bombs would appear to fall within the statute's proscription on the use of "codes, information, programs, or commands" to cause harm to protected computer systems. Whether the use of a time bomb is illegal appears to require a case-by-case analysis of the defendant's intent, the type of computer involved, and the resulting harm[3].
C. Conclusion
By casting the net broadly to include many different "transmission" techniques, the 1994 amendment shifted the CFAA's focus from the act of unauthorized access to the intent of the defendant. The transmission of a disabling code by floppy computer disk may fall within the new language, if accompanied by the intent to cause harm 18 U.S.C. Section 1030(a)(5). Accordingly, plaintiff has established federal question jurisdiction in claim 3 of the first amended complaint. The Court also chooses to exercise federal question jurisdiction over claim 5 (declaratory relief) and supplemental jurisdiction over remaining state law claims 1, 2, 4, and 6.
2. Defendants' Motion to Dismiss the First Amended Complaint
Defendants seek to dismiss all six claims in the FAC for failure to state a claim upon which relief can be granted or, alternatively, to require a more definite statement or to strike parts of the FAC. As noted, the FAC alleges causes of action for: (1) breach of contract, (2) breach of implied and express warranties, (3) violation of the CFAA, (4) conversion, (5) declaratory relief, (6) and fraud.
A. Claim 1 -- Breach of Contract
Defendants move to dismiss claim 1 on grounds the FAC does not adequately identify the contract which was allegedly breached. Claim 1 states that defendants "failed to supply goods specified on its written price quotatlon number 950103." FAC paragraph 19. Further, claim 1 alleges that defendants breached the software use license contained in the price quotation by "demanding that NTPI enter into a new written software license agreement on substantially different terms, without any additional consideration..." FAC paragraph 20.
Defendants allege that claim 1 fails to identify the contract being sued upon, the provisions of the contract allegedly breached, the breaching act, or the breaching party. Claim 1 identifies the contract as price quotation number 950103; however, it does not identify which provisions were allegedly breached. The claim states that defendants "substituted certain inferior, or lower priced goods, for items specified" in the contract, and that as a result plaintiff received goods worth only $278,730. FAC paragraph 19. However, claim 1 fails to identify which goods were substituted or how plaintiff calculated the value received at only $278,730. Accordingly, it is difficult to see how defendants can adequately respond to the allegations. Defendants' motion to dismiss claim 1 is granted.
B. Claim 2 -- Breach of Express and Implied Warranty
Defendants seek to dismiss claim 2 because it fails to identify: (1) the source of the express warranty, (2) the source of the implied warranty, (3) the breaching party, or (4) the breaching act.
However, the FAC identifies the source of the express warranty as price quotation number 950103, see FAC paragraph 24, and defendants quote the exact language of the express warranty in their moving papers. Mtn. at 7:2-3. The FAC also appears to allege that the same sale gave rise to the implied warranty of fitness for intended use. FAC paragraph 24. Further, the FAC identifies the breaching party as "all defendants," see FAC Count Two, or as "MDI." FAC paragraphs 24-26. Plaintiff identifies the breaching party sufficiently for defendants to prepare a response. FAC paragraph 4. Finally, plaintiff lists a number of ways in which the product delivered by defendants allegedly failed to perform according to the warranties and caused damages. FAC paragraphs 26-27. Accordingly, defendants' motion to dismiss claim 2 is denied.
C. Claim 3 -- Violation of the CFAA
Defendants argue for dismissal of claim 3 on grounds that: (1) claim 3 fails to identify any individual responsible for the acts alleged, (2) claim 3 fails to plead violations of subsections (B)(i) and (B)(ii) (I), as required to state a claim under 18 U.S.C. Section 1030 (a) (5)(B). First, claim 3 alleges that "MDI has knowingly developed computer program code which it sent to NTPI in Texas, containing instructions through which MDI has sought to disable the operation of NTPI's Scribe System..." FAC paragraph 33. Plaintiff has therefore identified the parties responsible, as well as identified the conduct which allegedly violates the CFAA.
Second, as discussed above, claim 3 alleges facts which state a claim for violation of Section 1030(a) (5) (A) and Section 1030(a) (5)(B). To state a claim for violation of Section 1030(a) (5) (A), a plaintiff must plead that the defendant: (1) knowingly caused the transmission of a program, information, code, or command to a computer system (2) with the intent to cause damage to a computer system or to withhold or deny the use of a computer system (3) without the authorization of the computer system's owners or operators (4) causing a loss of more than $1,000 or harm to medical examination, diagnosis, treatment, or care of individual(s).[4] Here, claim 3 alleges that defendants developed the time bomb on their California computers; that defendants transmitted the computer code to plaintiff for loading on its computers in Texas; that defendants did not disclose the existence of the time bomb to plaintiff (FAC paragraphs 33-34); that plaintiff's facility is involved in the medical examination, diagnosis, and treatment of patients (FAC paragraphs 33-34); that these acts were committed with knowledge or reckless disregard of a substantial risk of the resulting potential harm to the Scribe system (FAC paragraphs 33-34, respectively); and that the conduct has the potential to disrupt plaintiff's medical diagnosis and treatment (FAC paragraph 35). Accordingly, defendants' motion to dismiss claim 3 is denied.
D. Claim 4 -- Conversion
Defendants seek to dismiss claim 4 for failure to state a claim because: (1) claim 4 fails to allege defendants' claim of right hostile to that of plaintiff, and (2) claim 4 fails to state a right to operate the software at issue.
Conversion is "any act of dominion wrongfully exerted over another's personal property in denial of, or inconsistent with the owner's rights therein." Customer Co. v. City of Sacramento, 23 Cal. Rptr. 2d 154, 168 (3d App. Dist. 1993), citing Messerall v. Fulwider, 199 Cal. App. 3d 1324, 1329 (1988). To state a claim for conversion, plaintiff must plead: (1) plaintiff's ownership or right to possession of the property at the time of the conversion, (2) defendant's conversion by wrongful act, and (3) damages. It is not necessary that plaintiff plead a manual taking of the property; only that defendant wrongfully asserted dominion over the property. Oakdale Village Group v. Fong, 50 Cal. Rptr. 2d 810, 812 (3d App. Dist. 1996); see also Clayton X-Ray Co. v. Professional Sys. Corp., 812 S.W. 2d 565, 566-67 (Mo. Ct. App. 1991) (upholding jury verdict in favor of plaintiff on conversion claim stemming from software provider's use of disabling codes to "lock up" purchaser's files at pre-set time)
Here, plaintiff alleges that defendants' insertion of a time bomb in the Scribe system has interfered with plaintiff's right to quiet enjoyment of the Scribe system. FAC S 38. Plaintiff's right to use and enjoy the Scribe system is allegedly premised on the license to use the Scribe system contained in price quotation number 950103. See FAC paragraph 13, 38. Defendants do not contest plaintiff's rights as third-party beneficiary under the MDI-DVIF purchase agreement and under the DVIF-NTPI lease agreement. Further, defendants' alleged insertion of the time bomb in the Scribe system could deprive plaintiff of the "unrestricted use of the Scribe system for which it bargained." FAC S 38. However, plaintiff fails to allege facts supporting any actual deprivation of its use of the Scribe system stemming from the insertion of the time bomb. Claim 4 fails to allege the element of damages, and therefore defendants motion to dismiss claim 4 is granted.
E. Claim 5 -- Declaratory Relief
Claim 5 alleges that plaintiff cannot determine who owns and controls the Scribe system software at issue in this lawsuit and that several defendants have used the name "MDI." Further, claim 3 alleges that all relevant defendants are "mere alter egos of defendant Harvey Eisenberg." FAC paragraph 42. Plaintiff requests a declaration answering two questions: (1) which defendant owns and controls the software, and (2) whether plaintiff holds a "non-exclusive license to use the software without cloud on title to such right." FAC paragraph 43.
Defendants allege that claim 5 is improper because: (1) MDI holds a valid copyright to the software at issue, and (2) an unlimited license is not supported by the parties' licensing agreement (price quotation number 950103). Defendants' motion to dismiss, therefore, is premised on the view that the answer to plaintiff's first question is obvious and that plaintiff is not entitled to the declaration it requests on the second question. Defendants disagree, in other words, that the declaration requested by plaintiff is proper -- all of which suggests that there is a case or controversy before the Court. Accordingly the Court denies defendants' motion to dismiss claim 5.
F. Claim 6 -- Fraudulent Misrepresentation and Constructive Fraud
Claim 6 alleges that defendant HTW, as majority owner of NTPI, had a fiduciary duty to inform NTPI of the insertion of the time bomb in NTPI's computers in late 1995, and that HTW failed to do so. FAC paragraph 46. Claim 6 also alleges that Dr. Harvey Eisenberg, as a manager at NTPI, had a fiduciary duty to do the same and that he failed to do so. FAC paragraph 47.
Defendants seek to dismiss claim 6 for failure to comply with the pleading requirements of Fed. R. Civ. P. 9(b). Plaintiff asserts that claim 6 is not subject to the requirements of Rule 9(b) because claim 6 is in fact a claim for breach of fiduciary duty. Plaintiff's citation to Concha v. London, 62 F.3d 1493, 1503 (9th Cir. 1995) is inapposite, because that case dealt with whether Rule 9(b) applied to cases alleging breach of fiduciary duty by an ERISA administrator, where the complaint does not allege fraud or mistake. In such cases, Rule 9(b) does not apply.
Here, claim 6 is captioned "fraudulent misrepresentation and constructive fraud." However, the substance of claim 6 is breach of fiduciary duty, and the caption of the clain does not necessarily govern the type of claim asserted. Accordingly, because no fraud claim is presented, the provisions of Rule 9(b) do not apply. Id. at 1503. Nevertheless, plaintiff fails to plead the requisite element of damages resulting from the alleged breach of fiduciary duty, and defendants' motion to dismiss claim 6 is therefore granted.
3. Plaintiff's Motion for Preliminary Injunction
On April 9, 1996, plaintiff filed a motion for preliminary injunction, requesting that the Court order defendant to remove the disabling codes from the Scribe system. The Court held oral argument on May 1, 1996, the date upon which the time bomb was set to expire. At oral argument, defense counsel indicated that defendants had forwarded a floppy computer disk to plaintiff which would extend the time bomb until August 1, 1996. The urgency having been abated, the Court took the matter under submission and ordered supplemental briefing from the parties on jurisdictional issues. Plaintiff's motion for preliminary injunction, was premised on the danger that its Scribe system would be disabled by the time bomb which was set to go off on May 1, 1996. Since that time, no information has been provided to suggest that defendants have not continued to forward updated disks. Because plaintiff is likely to suffer irreparable harm absent an injunction and in order to maintain the status quo, the Court enjoins defendants from withholdinq updated disks from plaintiff during the pendency of this litigation.
V. CONCLUSION
For the foregoing reasons, the Court has federal question jurisdiction over claim 3 and chooses, in its discretion, to exercise jurisdiction over claim 5 and supplemental jurisdiction over the remaining state law claims (claims 1, 2, 4, and 6).
The Court grants defendants' motion to dismiss claims 1, 4, and 6 and denies defendants' motion to dismiss claims 2, 3 and 5. Plaintiff may serve and file a second amended complaint, if at all, no later than September 9, 1996.
The Court grants plaintiff's motion for preliminary injunction. The Court has this date modified, signed, and filed plaintiff's proposed findings of fact and conclusions of law (mis-captioned as "proposed statement of uncontroverted facts and conclusions of law").
IT IS SO ORDERED.
IT IS FURTHER ORDERED that the Clerk shall serve a copy of this Order on all counsel of record.
Dated: August , 1996.
ALICEMARIE H. STOTLER
UNITED STATES DISTRICT JUDGE
FOOTNOTES:
FN1 None of the cases deal with the current post-1994 version of section 1030(a)(5). United States v. Morris, 928 F.2d 504 (2d Cir. 1991) (discussing criminal liability for putting a "worm" on the Internet and causing many computer systems to crash); United States v. Morris, 728 F. Supp. 95, 96 (N.D.N.Y. 1990) (defining elements of crime under 1030(a)(5)); United States v. Fernandez, 1993 WL 88197 (S.D.N.Y.) (overruling vagueness objection to 1030(a)(5) and defining the term "federal interest computer").
FN2 Defendants' citation to Senator Leahy's 1990 and 1991 comments regarding the freezing up of Vermont's computer network do not establish a blanket exemption from the CFAA for time bombs. In 1989, Vermont's computer network accidentally froze up as a result of disabling codes inserted by the software manufacturer. Senator Leahy commented that the event was a nuisance, but under the circumstances it was "not criminal." Senator Leahy did not explain why the manufacturer's act was not illegal, but given the context of his comments it is probably because the act was not done with the requisite intent. There is no support for a blanket exemption for time bombs in the CFAA.
FN3 Defendants' cite to Deputy Assistant Attorney General Mark Richard's 1990 testimony (defendants' Opp. of 5/21/96 at 4) is informative, but not helpful here. Mr. Richard commented that the new amendment would apply to cases where "the actual use of the computer in the offense was in interstate commerce." Richard's statements help define the breadth of the 1994 amendment but do not provide much guidance with respect to the narrower issue before the Court.
FN4 It is unclear whether a civil action may be maintained at all under Section 1030(a) (5)(B). Congress' creation of a private right of action states that "[a]ny person who suffers damage or loss by reason of a violation of the section, other than a violation of subsection (a) (5)(B), may maintain a civil action..." 18 U.S.C. Section 1030(g). This sentence suggests that there is no civil right of action under (a) (5)(B). However, the next sentence states that "[d]amages for violations of any subsection other than subsection (a) (5) (A) (ii)(II)(bb) or (a) (5)(B)(ii) (II)(bb) are limited to economic damages." This sentence suggests that there is a civil right of action for violations of subsection (a) (5)(B). Having decided that plaintiff has stated a claim under subsection (a) (5) (A), and assuming that the damages available upon a finding of liability under each subsection would be coextensive in this case, the Court will permit plaintiff to go forward with its claim under subsection (a)(5)(B).