Wichansky v. Zowine et al
Filing
149
ORDER granting in part and denying in part 106 Motion for Partial Summary Judgment. Signed by Judge David G Campbell on 6/15/2015.(DGC, nvo)
<![CDATA[
1
WO
2
3
4
5
6
IN THE UNITED STATES DISTRICT COURT
7
FOR THE DISTRICT OF ARIZONA
8
9
Marc A. Wichansky,
Plaintiff,
10
11
ORDER
v.
12
No. CV-13-01208-PHX-DGC
David T. Zowine, et al.,
13
Defendants.
14
15
16
Defendants have brought a motion for partial summary judgment. Doc. 106. The
17
matter is fully briefed and neither party has requested oral argument. The Court will
18
grant the motion in part and deny it in part as explained below.
19
I.
Background.
20
The parties’ relationship in this case is long and contentious, and a more detailed
21
statement of facts is set forth in the Court’s order on Defendants’ motion to dismiss. See
22
Doc. 82 at 1-4. For several years, Plaintiff Marc Wichansky and Defendant David
23
Zowine co-owned Defendant Zoel Holding Company (“Zoel”). Doc. 107, ¶¶ 1, 2. In
24
2010, a heated dispute arose, and in January 2011, Zowine established an office on 24th
25
Street in Phoenix (the main office was located on 44th Street).
26
January 31, 2011, Zowine instructed several employees, who are named Defendants in
27
this action, to remove several desktop computers from the 44th Street office and move
28
them to the 24th Street office. Id., ¶ 6. On February 2, 2011, the same employees
Id., ¶¶ 3, 5.
On
1
unsuccessfully attempted to image Zoel’s servers at the 44th Street office and instead
2
physically removed them to the 24th Street office. Id., ¶ 7.
3
On February 4, 2011, Plaintiff filed a complaint seeking a temporary restraining
4
order in Maricopa County Superior Court against Zowine for return of the equipment,
5
alleging that the servers were a “core component” of Zoel’s operations and were
6
necessary for Zoel to “perform its essential functions.” Id., ¶ 8. That same day, the
7
parties entered into an agreement pursuant to Arizona Rule of Civil Procedure 80(d) that
8
each office would continue to operate and that all parties would have full access to all
9
company information at both locations. Id., ¶ 12. According to Plaintiff, Zowine refused
10
to allow access to the computers and servers for several months. Doc. 117, ¶¶ 20, 22.
11
Eventually, Plaintiff hired The Intelligence Group to image the servers, which occurred in
12
July 2011. Doc. 108, ¶¶ 27, 31.
13
On March 31, 2011, Plaintiff sought judicial dissolution of Zoel and applied for a
14
receiver to be appointed to manage the company’s assets. Doc. 107, ¶¶ 3, 24. Ted Burr
15
was appointed receiver in April 2011. Id., ¶ 25. On June 10, 2011, Zowine filed an
16
election to purchase Plaintiff’s shares in lieu of dissolution. Id., ¶ 33. The Superior
17
Court held a five-day valuation hearing in March 2012 to establish the terms of Zowine’s
18
purchase of the shares. Id. Shortly thereafter, Zowine made the initial payment and the
19
Superior Court granted him full control of Zoel’s property and assets. Id., ¶¶ 34, 35.
20
On June 14, 2013, Plaintiff filed suit against Zoel, MGA Home Healthcare, LLC,
21
Zowine, and several individuals. Doc. 1. Plaintiff filed a first amended complaint in
22
February 2014 alleging twenty causes of action. Doc. 54. Defendants now move for
23
summary judgment on counts two through five, which allege violations of the Computer
24
Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030. Doc. 106.
25
II.
Analysis.
26
“The CFAA prohibits a number of different computer crimes, the majority of
27
which involve accessing computers without authorization or in excess of authorization,
28
and then taking specified forbidden actions, ranging from obtaining information to
-2-
1
damaging a computer or computer data.” LVRC Holdings LLC v. Brekka, 581 F.3d 1127,
2
1131 (9th Cir. 2009). Plaintiff brings four claims: (1) violation of § 1030(a)(2)(C), which
3
prohibits “intentionally access[ing] a computer without authorization or exceed[ing]
4
authorized access, and thereby obtain[ing] information from any protected computer”;
5
(2) violation of § 1030(a)(4), which prohibits unauthorized access or exceeding
6
authorized access of a computer with intent to defraud; (3) violation of § 1030(a)(5)(C),
7
which prohibits “intentionally access[ing] a protected computer without authorization,
8
and as a result of such conduct, caus[ing] damage and loss”; and (4) violation of
9
§ 1030(b), which prohibits conspiracy to violate any of the above-referenced sections.
10
A.
11
The CFAA provides that “[n]o action may be brought under this subsection unless
12
such action is begun within 2 years of the date of the act complained of or the date of the
13
discovery of the damage.” 18 U.S.C. § 1030(g). “‘[D]amage’ means any impairment to
14
the integrity or availability of the data, a program, a system, or information[.]” Id.,
15
§ 1030(e)(8). Thus, there are two possible kinds of damage: damage resulting from
16
impairment to the integrity of the data, and damage resulting from impairment to the
17
availability of the data.
Statute of Limitations.
18
“[I]n general, the discovery rule applies to statutes of limitations in federal
19
litigation[.]” Mangum v. Action Collection Serv., Inc., 575 F.3d 935, 940 (9th Cir. 2009);
20
see also Aloe Vera of Am., Inc. v. United States, 699 F.3d 1153, 1159 (9th Cir. 2012)
21
(noting that the Ninth Circuit has “long applied this general rule in many different
22
statutory contexts”). Indeed, the discovery rule appears to be incorporated into § 1030(g)
23
of the CFAA (referring to “the date of discovery of the damage”). Therefore, the
24
“limitations period begins to run when the plaintiff knows or has reason to know of the
25
injury which is the basis of the action.” Aloe Vera of Am., 699 F.3d at 1159 (internal
26
quotation marks omitted); see also Ashcroft v. Randel, 391 F. Supp. 2d 1214, 1224 (N.D.
27
Ga. 2005) (applying discovery rule to CFAA claim).
28
“Ordinarily, we leave the question of whether a plaintiff knew or should have
-3-
1
become aware of a fraud to the jury.” Gen. Bedding Corp. v. Echevarria, 947 F.2d 1395,
2
1397 (9th Cir. 1991). But where the facts are undisputed as to when the statute of
3
limitations began to run, the court may decide the issue at the summary judgment stage.
4
See id. Summary judgment on a defense is appropriate “if the movant shows that there is
5
no genuine dispute as to any material fact and the movant is entitled to judgment as a
6
matter of law.” Fed. R. Civ. P. 56(a). Once the movant makes this showing, the burden
7
shifts to the opposing party to identify, with supporting evidence, “specific facts showing
8
there is a genuine issue for trial.” Celotex Corp. v. Catrett, 477 U.S. 317, 323 (1986).
9
Much of Plaintiff’s amended complaint focuses on Defendants’ seizure of
10
computers and servers in late January and early February of 2011.
11
Plaintiff’s CFAA claims are based on any lack of availability of data resulting from this
12
seizure, they clearly are time-barred. The seizure occurred more than two years before
13
the CFAA claims were asserted on June 14, 2013. Doc. 1. Moreover, to the extent
14
Plaintiff’s CFAA claims are based on a lack of availability between the seizure and June
15
14, 2011 – two years before the complaint was filed – they likewise are time-barred.
To the extent
16
As noted above, Plaintiff argues that Defendants exceeded their authorized access
17
of the computers and servers after June 14, 2011, but he provides no evidence in support
18
of this assertion – no precise dates and no evidence of specific instances of access.
19
Although Plaintiff’s failure to present such evidence would be fatal to his claim under
20
Celotex, if discovery was closed and Defendants had brought a Celotex motion, the Court
21
will not grant summary judgment on this basis without Plaintiff having been afforded a
22
full opportunity for discovery. See Celotex, 477 U.S. at 322 (“the plain language of Rule
23
56(c) mandates the entry of summary judgment, after adequate time for discovery and
24
upon motion, against a party who fails to make a showing sufficient to establish the
25
existence of an element essential to that party's case, and on which that party will bear the
26
burden of proof at trial”) (emphasis added).1
27
1
28
The Court found that Plaintiff had not presented a sufficient Rule 56(d) affidavit
to postpone this motion (Doc. 112), but that ruling was not based on Defendants having
filed a Celotex motion. Defendants do not mention Celotex in their motion. Doc. 106.
-4-
1
Plaintiff also claims that his primary form of damage in this case – medical billing
2
fraud – was not discovered until he gained access to the computers and servers in July of
3
2011. Doc. 116 at 5-6. Plaintiff’s own allegations belie his claim that he did not discover
4
evidence of billing fraud until July 2011. Plaintiff alleges in his amended complaint that
5
“by December 2010” his “investigation . . . threatened to expose the entirety of the false
6
or fraudulent billing scheme[.]” Doc. 54, ¶ 3. In March 2011, he “self-disclosed and
7
reported . . . billing improprieties that he had discovered and reported internally at the
8
Company in the course of his investigation.” Id., ¶ 8. And it is undisputed that Plaintiff
9
knew that the computers and servers had been removed by February 4, 2011 and that
10
Defendants had been accessing company information as of that date. Doc. 116 at 5.
11
Although he may not have known the full extent of the damage until he imaged
12
the computers in July 2011, Plaintiff had sufficient information to bring claims under the
13
CFAA by March 2011 when he reported the results of his fraud investigation. See
14
Maddalena v. Toole, 2013 WL 5491869, at *5 (C.D. Cal. Oct. 1, 2013) (finding that the
15
plaintiffs’ claims under the CFAA were time-barred because they waited “almost two-
16
and-a-half years to file their complaints” after they knew of the “immediate injury giving
17
rise to the federal claims”).
18
discovered in July 2011 or thereafter, whether such facts would be material to his CFAA
19
claims, or whether the information could not have been discovered through due diligence,
20
and he does not ask the Court to equitably toll the limitations period. Doc. 116 at 8. The
21
Court concludes that Plaintiff’s claims are time-barred as to any billing fraud that
22
occurred before June 14, 2011.
Plaintiff has not presented any evidence of what he
23
As to billing fraud that occurred after that date, the Court will not grant summary
24
judgment. Although Plaintiff has presented no evidence of such fraud, discovery is not
25
closed and Defendants have not brought a Celotex motion.
26
B.
27
An essential element of Plaintiff’s claims under the CFAA is that Defendants’
28
access of the information must be “unauthorized” or “exceed[] authorized access.” See
Scope of Authorization to Access Data.
-5-
1
18 U.S.C. §§ 1030(a)(2)(C), (a)(4), (a)(5)(C), (b). To “exceed[] authorized access”
2
means to “access a computer with authorization and to use such access to obtain or alter
3
information in the computer that the accuser is not entitled so to obtain or alter.” Id.
4
§ 1030(e)(6). If Defendants did not access the data without authorization, or if they did
5
not exceed the scope of their authorization, Plaintiff’s claims fail.
6
On February 4, 2011, the parties appeared before Judge John Rea in Maricopa
7
County Superior Court and entered into a Rule 80(d) Agreement (the “Agreement”) on
8
the record. Doc. 107-3 at 52. The parties agreed that with respect to the data contained
9
on the computers and servers, Wichansky and Zowine would have “full access to all
10
company information.” Id. at 61. The parties also agreed that “no information stored in
11
electronic format will be deleted” and that the Agreement did waive any claims by either
12
party. Id. at 39, 61.
13
Defendants argue that because they had authority to access the computers and
14
servers pursuant to the Agreement, Plaintiff’s CFAA claims fail. Plaintiff argues that the
15
parties agreed that the Agreement would not operate to waive any claims, and that even if
16
Defendants did have authorization, they exceeded the scope of their authorization by
17
deleting data.
18
Rule 80(d) agreements are binding, see Ariz. R. Civ. P. 80(d), and there is no
19
doubt the Agreement gave both parties full authorization to access the data contained on
20
the computers and servers as of February 4, 2011. Defendants do not argue, and the
21
Court does not find, that this constituted a waiver of any claim. But it did constitute
22
authorization for Defendants to access the computers and servers. Thus, Plaintiff cannot
23
bring a claim under § 1030(a)(5)(C), which requires unauthorized access, or any claims
24
under §§ 1030(a)(2)(C), (a)(4), or (b) based on unauthorized access, for events that
25
occurred after February 4, 2011, the date of full authorization.
26
The Agreement does not preclude claims alleging that Defendants “exceeded the
27
scope of their authority” under §§ 1030(a)(2)(C), (a)(4), or (b). Plaintiff asserts that
28
“Defendants continued to access the computers and servers to impair accessibility and
-6-
1
destroy data in excess of their authority after June 14, 2011[.]” Doc. 116 at 13. Not only
2
does Plaintiff appear to claim that Defendants’ actions after February 4, 2011 exceeded
3
the authorization granted in the Agreement, but the Agreement itself prohibited the
4
parties from deleting data contained on the computers and servers. Thus, claims based on
5
the post-Agreement deletion of data remain viable. Again, Plaintiff has failed to come
6
forward with any evidence of such events, but the Court will not grant summary
7
judgment on this basis given ongoing discovery and the lack of a Celotex motion.2
8
IT IS ORDERED that Defendants’ motion for partial summary judgment on
9
counts two through five (Doc. 106) is granted in part as follows: (1) on any CFAA
10
claims based on a lack of availability of data before June 14, 2011 resulting from
11
Defendants’ seizure of computers and servers; (2) on any CFAA claim based on billing
12
fraud that occurred before June 14, 2011; (3) on count four – violation of 18 U.S.C.
13
§ 1030(a)(5)(C); and (4) on counts two, three, and five to the extent they are based on
14
lack of authorization (as opposed to exceeding authorization). The motion is denied as to
15
any CFAA claim based on a lack of availability of data after June 14, 2011 or any billing
16
fraud that occurred after that date.
17
Dated this 15th day of June, 2015.
18
19
20
21
22
23
24
25
26
27
2
28
Defendants also argue that Burr gave them authority to access the computers and
servers. Doc. 106 at 6. But this does not alter the Court’s analysis. Defendants do not
claim that Burr authorized them to delete data.
-7-
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
