Cybercrime Review will now be posting, on an ongoing basis, new complaints alleging CFAA violations. This serves two purposes: (1) to make our readers aware of new cases that may be worth following, and (2) to provide a survey of how CFAA litigation has evolved as courts have grappled with the scope and purpose of the statute.
August filings of note:
Clinton Rubin v. Pickens, No. 13-CV-04483 (E.D. P.A. Aug. 2, 2013) - relevant text:
91. Based on this initial research, Burns and Smith further investigated Defendants' actions prior to and following their resignations.
92. Burns and Smith quickly discovered additional emails on Clinton Rubin's computer systems and network evidencing Defendants' efforts to divert the Company's valuable confidential, proprietary, and trade secret information, including, but not limited to, Clinton Rubin's financial statements; schedules and related information; business plans and strategy documents; business documents; customer information; contact lists; marketing documents, qualification documents, and sales and marketing information; client planning documents, work products, deliverables and other client information; resumes; affiliation, joint venture and alliance information and contracts; association and membership information; contracts including, but not limited to, client Non-Disclosure Agreements and Confidentiality Agreements, Master Services Agreements, Statements of Work, Subcontractor Agreements and other contractual documents made on behalf of Clinton Rubin; Clinton Rubin account information and passwords; and other Clinton Rubin confidential information, intellectual property, and client owned information.
93. For example, in an email to Defendant Solak and Sandow, Defendant Pickens wrote the following: “Same with this. Stealing other people's stuff was effective in kindergarten and is effective now!”
...
129. Defendants, prior to withdrawing, regularly accessed Clinton Rubin's computers, computer network, computer systems, computer files, electronic files and/or email accounts without authorization and/or in a manner that exceeded their authorization.
130. Defendants also utilized Clinton Rubin's computers, computer network, computer files, computer systems, electronic files and/or email accounts to give instructions to a third-party to obtain Clinton Rubin's information for an improper purpose.
131. Clinton Rubin's computers, computer network, computer systems, computer files, electronic files and/or email accounts that were used and/or accessed by Defendants prior to and following their withdrawal qualify as “protected computers” under the CFAA, 18 U.S.C. § 1030(e), because they are used in or affecting interstate or foreign commerce or communication.
132. Without authorization and/or in a manner that exceeded their authorization, Defendants knowingly accessed, or caused another person to knowingly access on their behalf, Clinton Rubin's computers, computer network, computer systems, computer files, electronic files and/or email accounts with the intent to defraud and/or misappropriate Clinton Rubin's valuable confidential, proprietary, and trade secret information, including, but not limited to, Clinton Rubin's intellectual property, customer lists, financial data, marketing data, and client owned data, by forwarding, or causing another person to forward, such information to their personal email accounts in violation of the CFAA, corporate policy and their fiduciary duties as Members of Clinton Rubin.
133. As a result of Defendants' actions and/or the actions Defendants caused to occur, Defendants furthered their intended fraud and/or misappropriation and obtained Clinton Rubin's valuable confidential, proprietary, and trade secret information and/or caused an impairment to the integrity and/or availability of Clinton Rubin data, programs, systems, or information, including, but not limited to, Clinton Rubin's intellectual property, customer lists, financial data, marketing data, and client owned data which carry a value in excess of $5,000.
134. Defendants' conduct and/or the conduct Defendants cause to be conducted involved interstate or foreign commerce or communication.
135. Defendants' conduct and/or the conduct Defendants cause to be conducted constituted a serious breach of loyalty owed to Clinton Rubin as former Members by accessing and misappropriating Clinton Rubin's valuable and protected information for their own personal gain and against the interest of Plaintiff.
136. In an attempt to disguise their fraud and/or misappropriation, Defendants, with full knowledge and motive to do so, attempted to and did in fact delete relevant emails reflecting their misappropriation of Clinton Rubin's valuable trade secret information and diversion of business opportunities from Clinton Rubin to their newly founded competing venture.
137. Through Defendants' unlawful access, copying, and alteration of Plaintiffs valuable confidential, proprietary, and trade secret information, Defendants furthered their intended fraud and/or misappropriation of Clinton Rubin's valuable trade secret information.
138. Defendants' actions violate the CFAA and have caused Clinton Rubin damage.
139. Plaintiff has no adequate remedy at law and will continue to suffer substantial and immediate irreparable harm unless Defendants are immediately enjoined pursuant to 8 U.S.C. § 1030(g) (“Any person who suffers damage or loss by reason of a violation of this section may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief.”).
Quad Knopf, Inc. v. South Valley Biology Consulting, LLC, No. 13-CV-01262 (E.D. C.A. Aug. 9, 2013) - relevant text:
15. Following the formation of SOUTH VALLEY BIOLOGY CONSULTING, LLC, its owners and members embarked on a scheme to recruit and hire Plaintiffs staff biologists, and to illegally acquire Plaintiffs confidential work product and intellectual property in order to gain a competitive advantage over Plaintiff. As a result, Defendants NINA E. HOSTMARK, MICHAEL V. PHILLIPS, and PAUL ROSEBUSH left the employ of Plaintiff and joined SOUTH VALLEY BIOLOGY CONSULTING, LLC.
16. Following the departure of NINA E. HOSTMARK, MICHAEL V. PHILLIPS, and PAUL ROSEBUSH, Plaintiffs managers discovered that its work product and intellectual property, in the form of original copies of its biological reconnaissance data and reports, were missing from the company's files, and that electronic copies of such data and reports had been removed and/or copied from the company's computers.
17. Soon thereafter, several of Plaintiff's clients advised that existing contracts with Plaintiff were being terminated and given to SOUTH VALLEY BIOLOGY CONSULTING, LLC, and that future work involving biology reconnaissance and reporting would be performed by SOUTH VALLEY BIOLOGY CONSULTING, LLC. These clients include, but are not necessarily limited to Berry Petroleum, Aera Energy, Macpherson Oil, Co., Plains Pipeline, and Occidental.
18. Around the same time, it was also discovered by Plaintiff that significant portions of Plaintiff's confidential work product and intellectual property relating to biological studies and reports completed by Plaintiff were being utilized by Defendants and incorporated into the reports of SOUTH VALLEY BIOLOGY CONSULTING, LLC, all without the permission of Plaintiff. Data, analysis and report narratives published by SOUTH VALLEY BIOLOGY CONSULTING, LLC, including typographical errors, were identical to the data, analysis and report narratives prepared by Plaintiff.
19. Plaintiff has also learned that, during 2012 and 2013, the web site and promotional materials for SOUTH VALLEY BIOLOGY CONSULTING, LLC contained copies of confidential work product created by Plaintiff; and that Plaintiffs former employees named in this complaint, now owners, members or employees of SOUTH VALLEY BIOLOGY CONSULTING, LLC were claiming responsibility for, and ownership of, such confidential work product and intellectual property generated by Plaintiff.
...
21. Plaintiff alleges that Defendants NINA E. HOSTMARK, MICHAEL V. PHILLIPS and PAUL ROSEBUSH within the last two years preceding the filing of this complaint each intentionally, illegally, and without authorization, removed Plaintiffs confidential work product and intellectual property from Plaintiffs computers prior to their leaving Plaintiffs employ.
22. Plaintiff alleges that Defendants NINA E. HOSTMARK, MICHAEL V. PHILLIPS and PAUL ROSEBUSH each intentionally, illegally, and without authorization, transmitted the confidential work product and intellectual property to SOUTH VALLEY BIOLOGY CONSULTING, LLC and to Defendants JAMES W. JONES, JR. and JASON H. KANG in person or by e-mail transmission.
23. Plaintiff alleges that Defendants NINA E. HOSTMARK, MICHAEL V. PHILLIPS and PAUL ROSEBUSH, while they were still employed by Plaintiff, intentionally, illegally, and without authorization, communicated by e-mail with existing clients of Plaintiff for the purpose of soliciting such clients and for the purpose of diverting the work covered by Plaintiffs contracts with the existing clients to the benefit of SOUTH VALLEY BIOLOGY CONSULTING, LLC.
24. At all times, the removal, copying and transmission of confidential work product and intellectual property, and the e-mail communications with competitors, were performed without the knowledge, authorization or consent of Plaintiff.
25. As a direct and proximate result of the illegal and unauthorized use of Plaintiff's computers by Defendants NINA E. HOSTMARK, MICHAEL V. PHILLIPS and PAUL ROSEBUSH, Plaintiff has sustained economic damages exceeding $5,000.00 over the last one-year period in the form of lost current and future income, has required Plaintiff to expend resources to investigate the adequacy of its computer security systems, and required Plaintiff to expend resources to replace the work product and intellectual property illegally removed from Plaintiffs computers.
1. Pearson is a former Area Manager and Branch Manager for XTRA. This action arises largely out of Pearson's misappropriation of XTRA's confidential, competitively-valuable and trade secret information in connection with his recent resignation from XTRA on July 3, 2013, and his subsequent employment with XTRA's direct competitor, Premier Trailer Leasing, Inc. (“Premier”).
2. By mid-June 2013, and while Pearson was in active discussions with Premier's President and Vice President to join Premier, Pearson (a) improperly downloaded and copied onto an unapproved HP v125w USB portable electronic device (the “HP Device”) and/or (b) improperly e-mailed to his personal e-mail address, confidential, competitively-valuable and trade secret information pertaining to XTRA's business. Pearson's misconduct continued after he received his June 28, 2013 offer letter from Premier, and further continued after he signed and dated Premier's offer letter on July 1, 2013. Pearson, however, did not tell XTRA he was resigning until July 3, 2013, and his improper copying and downloading of XTRA's confidential and competitively-valuable information onto the HP Device continued until July 3, 2013 - which was his last day of employment at XTRA.
3. As Branch Manager for XTRA's Allentown, Pennsylvania office, Pearson had no legitimate reason to e-mail to his personal e-mail address or to download and transfer XTRA's confidential information onto the portable HP Device in connection with his departure or possible departure from XTRA and his plan to join Premier. On July 3, 2013, for example, Pearson improperly copied onto his HP Device detailed confidential and trade secret information pertaining to XTRA's business in Chicago, Louisville and Memphis, even though he was Branch Manager only for Allentown. In short, Pearson on information and belief was improperly accessing, downloading, copying onto the HP Device and/or e-mailing to his personal e-mail address significant confidential, competitively valuable and trade secret information of XTRA in order to help him and Premier.
...
121. Pearson's conduct described above violates the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030. Pearson's conduct, at a minimum, violates 18 U.S.C. § 1030(a)(2)(C).
122. XTRA's XTRALink, databases and servers, as well as Pearson's XTRA company laptop, are “computers” and “protected computers” under 18 U.S.C. § 1030(e)(1) and (2).
123. Pearson was not authorized to access XTRA's XTRALink, databases or servers or his XTRA laptop computer in order to review, download or copy XTRA's confidential, proprietary, competitively valuable or trade secret information to help Premier and/or to help him compete after he joined Premier. Pearson also was not authorized to access XTRA's XTRALink, databases or servers or Pearson's XTRA laptop computer in order to e-mail any such information to his personal e-mail address for such purposes.
124. Pearson acted without authorization and/or in excess of his authorization in accessing XTRA's XTRALink, databases and servers, and/or Pearson's XTRA laptop computer, in order to review, download or copy and/or e-mail to his personal e-mail address, XTRA's confidential, proprietary, competitively valuable or trade secret information to help Premier and/or to help him compete after he joined Premier.
125. Pearson's conduct described above has caused XTRA damage and loss. XTRA's damage and loss include, but are not limited to, (a) expenses, fees and costs incurred to uncover and determine the extent of Pearson's computer-related misconduct; and (b) damages and/or losses in an amount not yet determined resulting from the impairment of the integrity of the data and/or information pertaining to Pearson's computer-related misconduct. Such damages and/or losses are already well in excess of $5,000.
0 comments:
Post a Comment