Facebook, Inc. v. Fisher et al

Filing 77

Brief re 76 Order FOR ADDITIONAL BRIEFING filed byFacebook, Inc.. (Related document(s) 76 ) (Cutler, Joseph) (Filed on 11/1/2010)

Download PDF
Facebook, Inc. v. Fisher et al Doc. 77 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Brian Hennessy State Bar No. 226721 bhennessy@perkinscoie.com PERKINS COIE LLP 101 Jefferson Drive Menlo Park, California 94025 Telephone: 650.838.4300 Facsimile: 650.838.4350 James McCullagh, pro hac vice jmccullagh@perkinscoie.com Joseph Cutler, pro hac vice jcutler@perkinscoie.com PERKINS COIE LLP 1201 Third Avenue, Suite 4800 Seattle, Washington 98101 Telephone: 206.359.8000 Facsimile: 206.359.9000 Attorneys for Plaintiff FACEBOOK, INC. UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA SAN JOSE DIVISION FACEBOOK, INC., a Delaware corporation, Plaintiff, v. JEREMI FISHER; PHILIP POREMBSKI; RYAN SHIMEALL; and JOHN DOES 125, individuals; and CHOKO SYSTEMS LLC; HARM, INC.; PP WEB SERVICES LLC, iMEDIA ONLINE SERVICES LLC, and JOHN DOES 26-50, corporations, Defendants. Case No. C 09-05842 JF PLAINTIFF FACEBOOOK, INC.'S RESPONSE TO REQUEST FOR ADDITIONAL BRIEFING LEGAL19508232.1 RESPONSE TO ORDER REQUESTING BRIEFING Case No. C 09-05842 JF Dockets.Justia.com 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Plaintiff Facebook, Inc. hereby submits its response to the Court's order requesting Facebook to clarify whether its allegations include conduct that occurred under the prior version of the CFAA. (Dkt. 76). Amendments to the CFAA became effective on September 26, 2008. Facebook does not allege that Defendant's conduct occurred prior to September 26, 2008. All allegations in the Complaint and Motion for Default Judgment should have referenced the current version of the CFAA. Counsel apologizes for the oversight, but after reviewing the citations included in its Motion for Default Judgment against Defendant Philip Porembski believes that the 2008 amendments have no substantive effect on the relief requested. Unless noted below, the citations in the Plaintiff's Complaint and subsequent briefing refer correctly to the current version of the CFAA. The following three sections of the CFAA that appear in Plaintiff's Complaint and subsequent briefing were cited incorrectly, and should be changed. 18 U.S.C. 1030(a)(5)(A)(ii) should have been cited as 18 U.S.C. 1030(a)(5)(B). There is no difference between the language in the two versions. 18 U.S.C. 1030(a)(5)(A)(iii) should have been cited as 18 U.S.C. 1030(a)(5)(C). The new version is slightly different, adding two words (bolded and underlined): "intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss." 18 U.S.C. 1030(a)(5)(A)(ii) should have been cited as 18 U.S.C. 1030(a)(5)(B). There is no difference between the language in the two versions. Plaintiff's Application for Default Judgment (Dkt. 75), now pending before the Court, contains a section requesting injunctive relief based on Defendant Philip Porembski's violations of the CFAA. For the convenience of the Court, a corrected version of section III(E)(2) appearing on pages 17-19 of Facebook's Motion for Default Judgment is provided below, with the corrected citations and additional language appearing in bold underline. LEGAL19508232.1 RESPONSE TO ORDER REQUESTING BRIEFING Case No. C 09-05842 JF 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 1. Defendants' Violations of the Computer Fraud and Abuse Act Support Entry of a Permanent Injunction In addition to Defendants' violation of the CAN-SPAM Act, the undisputed facts set forth above, Facebook's Complaint and its Motion for Temporary Restraining Order demonstrate Defendants' liability under the Computer Fraud and Abuse Act ("CFAA"). 18 U.S.C. 1030(a)(2) (intentional access and information theft), 1030(a)(4) (knowing access with intent to defraud), 1030(a)(5)(B) (intentional access that recklessly causes damage), 18 U.S.C. 1030(a)(5)(C) (intentional access that causes damage and loss). These violations arise from Defendants' unauthorized use of Facebook user login information to gain access to other users' accounts and to thereafter access Facebook's services and obtain information from Facebook without authorization. The CFAA provides a private right of action for the knowing and unauthorized access of a computer used in interstate commerce that causes loss or damage in excess of $5,000. The CFAA also allows claims based upon attempted violations. 18 U.S.C. 1030(b). Throughout their cycle of spamming, phishing, unauthorized access, and monetary profit, Defendants accessed Facebook's computers and network without authorization or in excess of authorization by using accounts belonging to others and by knowingly accessing Facebook for unauthorized purposes.1 Complaint 38, 50, 61, 66-68; Facebook Decl. 8-11, 18, 20. Defendants purposefully circumvented Facebook's security measures and performed tests to ensure that their spam could infiltrate user accounts. Facebook Decl. 17-18, 20; Facebook Decl. ISO Default 5-6. Facebook has expended resources far in excess of $5,000 to investigate, remediate, and prevent Defendants' unauthorized access and activities and make hardware and software upgrades and repairs to better combat their illegal and unauthorized activities. Complaint 91-92; Facebook Decl. 18-20. All of the unauthorized activity at issue in this case occurred after Defendants received Facebook's cease and desist letter which clearly and unambiguously stated that Facebook had gathered evidence that Defendants were responsible for the spam messages, that spamming was against Facebook's Terms, and that it was also illegal under federal law. Cutler Decl. ISO Default, 8, Exhibit C. In addition, Defendants took intentional steps to circumvent the technical measures established by Facebook to stop them from accessing Facebook. Facebook Decl. 18. Therefore, there can be no doubt Defendants' continued access to Facebook's website and services constitutes unauthorized access. Complaint 38, 50, 61, 66-68; Facebook Decl. 8-11, 18, 20. LEGAL19508232.1 1 -2- RESPONSE TO ORDER REQUESTING BRIEFING Case No. C-09-05842-JF 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 18 U.S.C. 1030(a)(2) prohibits the intentional accessing of protected computers without authorization or exceeding one's authorized access and causing losses of more than $5,000. Defendants repeatedly violated this statute by purposefully exceeding their authorized access to the Facebook service by using other Facebook users' accounts without authorization to obtain information and send spam messages in violation of Facebook's SRR. Complaint 39-42, 88; Facebook Decl. 9-11, 17. 18 U.S.C. 1030(a)(4) prohibits knowingly and with the intent to defraud, accessing protected computers without authorization or exceeding authorized access, to further the intended fraud and obtain more than $5,000 in value. 18 U.S.C. 1030(a)(4). As explained above in Section III(B), Defendants repeatedly accessed Facebook's protected computers cloaked as legitimate Facebook users. They misappropriated the accounts and identities of innocent Facebook users and used them to fraudulently represent that the messages were sent by the users of the misappropriated accounts. Defendants also defrauded Facebook users by falsely representing the true purpose of their messages. Complaint 43-56, 59-60; Facebook Decl. 15-17. 18 U.S.C. 1030(a)(5)(B)prohibits intentionally accessing protected computers (a) without authorization, and recklessly causing an aggregate loss of $5,000 or more, or (b) without authorization and causing aggregate damage or loss of $5,000 or more. Defendants violated 18 U.S.C. 1030(a)(5)(B) by repeatedly accessing Facebook's computers without authorization and recklessly causing harm to Facebook. Complaint 39-42, 61-62; Facebook Decl. 9-11, 17. Even if Defendants' actions are not determined to be reckless, they violate 18 U.S.C. 1030(a)(5)(C), because they caused over $5,000 of aggregated damage and loss to Facebook through their actions. Complaint 65; Facebook Decl. 18. Facebook's request for injunctive relief under the CFAA was not substantively altered by the amendment of the statute. See 18 U.S.C. 1030(g). If anything, the addition of the phrase "and loss" to 18 U.S.C. 1030(a)(5)(C) reinforces Plaintiff's contention that its losses, in addition to whatever damage Defendant's conduct caused, also serve as grounds for Plaintiff's request for liability and relief under the CFAA. LEGAL19508232.1 -3- RESPONSE TO ORDER REQUESTING BRIEFING Case No. C-09-05842-JF 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 LEGAL19508232.1 DATED: November 1, 2010 PERKINS COIE LLP By: /s/ Joseph P. Cutler Attorneys for Plaintiff Facebook, Inc. -4- RESPONSE TO ORDER REQUESTING BRIEFING Case No. C-09-05842-JF

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.


Why Is My Information Online?