Wichansky v. Zowine et al

Filing 149

ORDER granting in part and denying in part 106 Motion for Partial Summary Judgment. Signed by Judge David G Campbell on 6/15/2015.(DGC, nvo)

Download PDF
1 WO 2 3 4 5 6 IN THE UNITED STATES DISTRICT COURT 7 FOR THE DISTRICT OF ARIZONA 8 9 Marc A. Wichansky, Plaintiff, 10 11 ORDER v. 12 No. CV-13-01208-PHX-DGC David T. Zowine, et al., 13 Defendants. 14 15 16 Defendants have brought a motion for partial summary judgment. Doc. 106. The 17 matter is fully briefed and neither party has requested oral argument. The Court will 18 grant the motion in part and deny it in part as explained below. 19 I. Background. 20 The parties’ relationship in this case is long and contentious, and a more detailed 21 statement of facts is set forth in the Court’s order on Defendants’ motion to dismiss. See 22 Doc. 82 at 1-4. For several years, Plaintiff Marc Wichansky and Defendant David 23 Zowine co-owned Defendant Zoel Holding Company (“Zoel”). Doc. 107, ¶¶ 1, 2. In 24 2010, a heated dispute arose, and in January 2011, Zowine established an office on 24th 25 Street in Phoenix (the main office was located on 44th Street). 26 January 31, 2011, Zowine instructed several employees, who are named Defendants in 27 this action, to remove several desktop computers from the 44th Street office and move 28 them to the 24th Street office. Id., ¶ 6. On February 2, 2011, the same employees Id., ¶¶ 3, 5. On 1 unsuccessfully attempted to image Zoel’s servers at the 44th Street office and instead 2 physically removed them to the 24th Street office. Id., ¶ 7. 3 On February 4, 2011, Plaintiff filed a complaint seeking a temporary restraining 4 order in Maricopa County Superior Court against Zowine for return of the equipment, 5 alleging that the servers were a “core component” of Zoel’s operations and were 6 necessary for Zoel to “perform its essential functions.” Id., ¶ 8. That same day, the 7 parties entered into an agreement pursuant to Arizona Rule of Civil Procedure 80(d) that 8 each office would continue to operate and that all parties would have full access to all 9 company information at both locations. Id., ¶ 12. According to Plaintiff, Zowine refused 10 to allow access to the computers and servers for several months. Doc. 117, ¶¶ 20, 22. 11 Eventually, Plaintiff hired The Intelligence Group to image the servers, which occurred in 12 July 2011. Doc. 108, ¶¶ 27, 31. 13 On March 31, 2011, Plaintiff sought judicial dissolution of Zoel and applied for a 14 receiver to be appointed to manage the company’s assets. Doc. 107, ¶¶ 3, 24. Ted Burr 15 was appointed receiver in April 2011. Id., ¶ 25. On June 10, 2011, Zowine filed an 16 election to purchase Plaintiff’s shares in lieu of dissolution. Id., ¶ 33. The Superior 17 Court held a five-day valuation hearing in March 2012 to establish the terms of Zowine’s 18 purchase of the shares. Id. Shortly thereafter, Zowine made the initial payment and the 19 Superior Court granted him full control of Zoel’s property and assets. Id., ¶¶ 34, 35. 20 On June 14, 2013, Plaintiff filed suit against Zoel, MGA Home Healthcare, LLC, 21 Zowine, and several individuals. Doc. 1. Plaintiff filed a first amended complaint in 22 February 2014 alleging twenty causes of action. Doc. 54. Defendants now move for 23 summary judgment on counts two through five, which allege violations of the Computer 24 Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030. Doc. 106. 25 II. Analysis. 26 “The CFAA prohibits a number of different computer crimes, the majority of 27 which involve accessing computers without authorization or in excess of authorization, 28 and then taking specified forbidden actions, ranging from obtaining information to -2- 1 damaging a computer or computer data.” LVRC Holdings LLC v. Brekka, 581 F.3d 1127, 2 1131 (9th Cir. 2009). Plaintiff brings four claims: (1) violation of § 1030(a)(2)(C), which 3 prohibits “intentionally access[ing] a computer without authorization or exceed[ing] 4 authorized access, and thereby obtain[ing] information from any protected computer”; 5 (2) violation of § 1030(a)(4), which prohibits unauthorized access or exceeding 6 authorized access of a computer with intent to defraud; (3) violation of § 1030(a)(5)(C), 7 which prohibits “intentionally access[ing] a protected computer without authorization, 8 and as a result of such conduct, caus[ing] damage and loss”; and (4) violation of 9 § 1030(b), which prohibits conspiracy to violate any of the above-referenced sections. 10 A. 11 The CFAA provides that “[n]o action may be brought under this subsection unless 12 such action is begun within 2 years of the date of the act complained of or the date of the 13 discovery of the damage.” 18 U.S.C. § 1030(g). “‘[D]amage’ means any impairment to 14 the integrity or availability of the data, a program, a system, or information[.]” Id., 15 § 1030(e)(8). Thus, there are two possible kinds of damage: damage resulting from 16 impairment to the integrity of the data, and damage resulting from impairment to the 17 availability of the data. Statute of Limitations. 18 “[I]n general, the discovery rule applies to statutes of limitations in federal 19 litigation[.]” Mangum v. Action Collection Serv., Inc., 575 F.3d 935, 940 (9th Cir. 2009); 20 see also Aloe Vera of Am., Inc. v. United States, 699 F.3d 1153, 1159 (9th Cir. 2012) 21 (noting that the Ninth Circuit has “long applied this general rule in many different 22 statutory contexts”). Indeed, the discovery rule appears to be incorporated into § 1030(g) 23 of the CFAA (referring to “the date of discovery of the damage”). Therefore, the 24 “limitations period begins to run when the plaintiff knows or has reason to know of the 25 injury which is the basis of the action.” Aloe Vera of Am., 699 F.3d at 1159 (internal 26 quotation marks omitted); see also Ashcroft v. Randel, 391 F. Supp. 2d 1214, 1224 (N.D. 27 Ga. 2005) (applying discovery rule to CFAA claim). 28 “Ordinarily, we leave the question of whether a plaintiff knew or should have -3- 1 become aware of a fraud to the jury.” Gen. Bedding Corp. v. Echevarria, 947 F.2d 1395, 2 1397 (9th Cir. 1991). But where the facts are undisputed as to when the statute of 3 limitations began to run, the court may decide the issue at the summary judgment stage. 4 See id. Summary judgment on a defense is appropriate “if the movant shows that there is 5 no genuine dispute as to any material fact and the movant is entitled to judgment as a 6 matter of law.” Fed. R. Civ. P. 56(a). Once the movant makes this showing, the burden 7 shifts to the opposing party to identify, with supporting evidence, “specific facts showing 8 there is a genuine issue for trial.” Celotex Corp. v. Catrett, 477 U.S. 317, 323 (1986). 9 Much of Plaintiff’s amended complaint focuses on Defendants’ seizure of 10 computers and servers in late January and early February of 2011. 11 Plaintiff’s CFAA claims are based on any lack of availability of data resulting from this 12 seizure, they clearly are time-barred. The seizure occurred more than two years before 13 the CFAA claims were asserted on June 14, 2013. Doc. 1. Moreover, to the extent 14 Plaintiff’s CFAA claims are based on a lack of availability between the seizure and June 15 14, 2011 – two years before the complaint was filed – they likewise are time-barred. To the extent 16 As noted above, Plaintiff argues that Defendants exceeded their authorized access 17 of the computers and servers after June 14, 2011, but he provides no evidence in support 18 of this assertion – no precise dates and no evidence of specific instances of access. 19 Although Plaintiff’s failure to present such evidence would be fatal to his claim under 20 Celotex, if discovery was closed and Defendants had brought a Celotex motion, the Court 21 will not grant summary judgment on this basis without Plaintiff having been afforded a 22 full opportunity for discovery. See Celotex, 477 U.S. at 322 (“the plain language of Rule 23 56(c) mandates the entry of summary judgment, after adequate time for discovery and 24 upon motion, against a party who fails to make a showing sufficient to establish the 25 existence of an element essential to that party's case, and on which that party will bear the 26 burden of proof at trial”) (emphasis added).1 27 1 28 The Court found that Plaintiff had not presented a sufficient Rule 56(d) affidavit to postpone this motion (Doc. 112), but that ruling was not based on Defendants having filed a Celotex motion. Defendants do not mention Celotex in their motion. Doc. 106. -4- 1 Plaintiff also claims that his primary form of damage in this case – medical billing 2 fraud – was not discovered until he gained access to the computers and servers in July of 3 2011. Doc. 116 at 5-6. Plaintiff’s own allegations belie his claim that he did not discover 4 evidence of billing fraud until July 2011. Plaintiff alleges in his amended complaint that 5 “by December 2010” his “investigation . . . threatened to expose the entirety of the false 6 or fraudulent billing scheme[.]” Doc. 54, ¶ 3. In March 2011, he “self-disclosed and 7 reported . . . billing improprieties that he had discovered and reported internally at the 8 Company in the course of his investigation.” Id., ¶ 8. And it is undisputed that Plaintiff 9 knew that the computers and servers had been removed by February 4, 2011 and that 10 Defendants had been accessing company information as of that date. Doc. 116 at 5. 11 Although he may not have known the full extent of the damage until he imaged 12 the computers in July 2011, Plaintiff had sufficient information to bring claims under the 13 CFAA by March 2011 when he reported the results of his fraud investigation. See 14 Maddalena v. Toole, 2013 WL 5491869, at *5 (C.D. Cal. Oct. 1, 2013) (finding that the 15 plaintiffs’ claims under the CFAA were time-barred because they waited “almost two- 16 and-a-half years to file their complaints” after they knew of the “immediate injury giving 17 rise to the federal claims”). 18 discovered in July 2011 or thereafter, whether such facts would be material to his CFAA 19 claims, or whether the information could not have been discovered through due diligence, 20 and he does not ask the Court to equitably toll the limitations period. Doc. 116 at 8. The 21 Court concludes that Plaintiff’s claims are time-barred as to any billing fraud that 22 occurred before June 14, 2011. Plaintiff has not presented any evidence of what he 23 As to billing fraud that occurred after that date, the Court will not grant summary 24 judgment. Although Plaintiff has presented no evidence of such fraud, discovery is not 25 closed and Defendants have not brought a Celotex motion. 26 B. 27 An essential element of Plaintiff’s claims under the CFAA is that Defendants’ 28 access of the information must be “unauthorized” or “exceed[] authorized access.” See Scope of Authorization to Access Data. -5- 1 18 U.S.C. §§ 1030(a)(2)(C), (a)(4), (a)(5)(C), (b). To “exceed[] authorized access” 2 means to “access a computer with authorization and to use such access to obtain or alter 3 information in the computer that the accuser is not entitled so to obtain or alter.” Id. 4 § 1030(e)(6). If Defendants did not access the data without authorization, or if they did 5 not exceed the scope of their authorization, Plaintiff’s claims fail. 6 On February 4, 2011, the parties appeared before Judge John Rea in Maricopa 7 County Superior Court and entered into a Rule 80(d) Agreement (the “Agreement”) on 8 the record. Doc. 107-3 at 52. The parties agreed that with respect to the data contained 9 on the computers and servers, Wichansky and Zowine would have “full access to all 10 company information.” Id. at 61. The parties also agreed that “no information stored in 11 electronic format will be deleted” and that the Agreement did waive any claims by either 12 party. Id. at 39, 61. 13 Defendants argue that because they had authority to access the computers and 14 servers pursuant to the Agreement, Plaintiff’s CFAA claims fail. Plaintiff argues that the 15 parties agreed that the Agreement would not operate to waive any claims, and that even if 16 Defendants did have authorization, they exceeded the scope of their authorization by 17 deleting data. 18 Rule 80(d) agreements are binding, see Ariz. R. Civ. P. 80(d), and there is no 19 doubt the Agreement gave both parties full authorization to access the data contained on 20 the computers and servers as of February 4, 2011. Defendants do not argue, and the 21 Court does not find, that this constituted a waiver of any claim. But it did constitute 22 authorization for Defendants to access the computers and servers. Thus, Plaintiff cannot 23 bring a claim under § 1030(a)(5)(C), which requires unauthorized access, or any claims 24 under §§ 1030(a)(2)(C), (a)(4), or (b) based on unauthorized access, for events that 25 occurred after February 4, 2011, the date of full authorization. 26 The Agreement does not preclude claims alleging that Defendants “exceeded the 27 scope of their authority” under §§ 1030(a)(2)(C), (a)(4), or (b). Plaintiff asserts that 28 “Defendants continued to access the computers and servers to impair accessibility and -6- 1 destroy data in excess of their authority after June 14, 2011[.]” Doc. 116 at 13. Not only 2 does Plaintiff appear to claim that Defendants’ actions after February 4, 2011 exceeded 3 the authorization granted in the Agreement, but the Agreement itself prohibited the 4 parties from deleting data contained on the computers and servers. Thus, claims based on 5 the post-Agreement deletion of data remain viable. Again, Plaintiff has failed to come 6 forward with any evidence of such events, but the Court will not grant summary 7 judgment on this basis given ongoing discovery and the lack of a Celotex motion.2 8 IT IS ORDERED that Defendants’ motion for partial summary judgment on 9 counts two through five (Doc. 106) is granted in part as follows: (1) on any CFAA 10 claims based on a lack of availability of data before June 14, 2011 resulting from 11 Defendants’ seizure of computers and servers; (2) on any CFAA claim based on billing 12 fraud that occurred before June 14, 2011; (3) on count four – violation of 18 U.S.C. 13 § 1030(a)(5)(C); and (4) on counts two, three, and five to the extent they are based on 14 lack of authorization (as opposed to exceeding authorization). The motion is denied as to 15 any CFAA claim based on a lack of availability of data after June 14, 2011 or any billing 16 fraud that occurred after that date. 17 Dated this 15th day of June, 2015. 18 19 20 21 22 23 24 25 26 27 2 28 Defendants also argue that Burr gave them authority to access the computers and servers. Doc. 106 at 6. But this does not alter the Court’s analysis. Defendants do not claim that Burr authorized them to delete data. -7-

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.

Why Is My Information Online?