Facebook, Inc. v. Power Ventures, Inc. - 844 F.3d 1058 (9th Cir. 2016)

Rule:

The Computer Fraud and Abuse Act (CFAA) prohibits acts of computer trespass by those who are not authorized users or who exceed authorized use. It creates criminal and civil liability for whoever intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer. 18 U.S.C.S. § 1030(a)(2)(C). The statute thus provides two ways of committing the crime of improperly accessing a protected computer: (1) obtaining access without authorization, and (2) obtaining access with authorization but then using that access improperly. The CFAA provides a private right of action for any person who suffers damage or loss by reason of a violation of the statute. 18 U.S.C.S. § 1030(g).

Facts:

Plaintiff, Facebook, Inc., has sued defendant, Power Ventures, Inc., over a promotional campaign. Defendant accessed plaintiff’s users' data and initiated form e-mails and other electronic messages promoting its website. Initially, defendant had implied permission from plaintiff networking company. But plaintiff sent defendant a cease and desist’ letter and blocked defendant’s IP address; nevertheless, defendant continued its campaign. Plaintiff alleged that defendant's actions violated the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM), the Computer Fraud and Abuse Act of 1986 (CFAA), and California Penal Code section 502.  The district court granted summary judgment to plaintiff on all three claims. Defendant filed a motion for reconsideration which the district court denied.

Issue:

Was the defendant guilty of alleged violation?

Answer:

Yes. The defendant was not found guilty on violating the CAN-SPAM Act but was found guilty for violating the CFAA and Cal Penal Code Sec 502.

Conclusion:

The court held that defendant did not violate the CAN-SPAM Act because the transmitted messages were not materially misleading as they stated the company's name and site, and the competitor's users identified as senders authorized them. But the court found that the company violated the CFAA and Cal. Penal Code § 502 because the competitor's cease and desist letter ended any permission to access the competitor's computers. Further, the company's CEO was personally liable because he guided in its violations. Therefore, the court affirmed in part, reversed in part.