Colorado Republican Committee v. Doe
Filing
11
OPINION AND ORDER DISMISING AMENDED COMPLAINT by Chief Judge Marcia S. Krieger on 7/21/16. (pglov)
IN THE UNITED STATES DISTRICT COURT
FOR THE DISTRICT OF COLORADO
Chief Judge Marcia S. Krieger
Civil Action No. 16-cv-01058-MSK-MJW
COLORADO REPUBLICAN COMMITTEE,
Plaintiff,
v.
JOHN DOE,
Defendant.
OPINION AND ORDER DISMISSING AMENDED COMPLAINT
THIS MATTER comes before the Court sua sponte, upon the Court’s May 24, 2016
Order to Show Cause Why Case Should Not Be Dismissed (# 7), the Plaintiff’s (“CRC”)
response (# 8), and CRC’s Amended Complaint (# 9).
The Court assumes the reader’s familiarity with the proceedings to date, particularly the
recitation in the prior Order to Show Cause, and will not attempt to summarize those matters.
CRC argues that its Amended Complaint cures the defects addressed in the Court’s
Order to Show Cause, specifically: (i) it identifies time spent by its staff investigating the
unauthorized access as the “loss” that it suffered under 18 U.S.C. § 1030(e)(11), (g); and (ii) that
the “threat to public health or safety” required by 18 U.S.C. § 1030(c)(4)(A)(i) and (g) is
satisfied by allegations that it was reasonably foreseeable that the publication of the unauthorized
message would induce third parties to respond with threats of harm to CRC officers. Although
the Court accepts the first proposition, it finds the second to be deficient as a matter of law.
1
In the Order to Show Cause, the Court previously addressed why 18 U.S.C. § 1030(g)’s
“involves” language requires a plaintiff to allege that the unauthorized computer access itself
poses a risk to public health or safety, and that the requirement is not satisfied by an allegation
that the unauthorized access indirectly caused such a risk to emerge from another source. CRC’s
response cites to various cases that have used the term “caused” in discussing other provisions of
the Act.
The Court finds these cases to be off-point and unpersuasive. For example, Global
Policy Partners, LLC v. Yessin, 686 F.Supp.2d 642, 646-47 (E.D.Va. 2010), discusses the use of
a causal standard when considering the predicate act of a loss exceeding $5,000 under
§1030(c)(4)(A)(i)(I). Claims predicated on that section necessarily invoke the statutory
definition of the term “loss” in § 1030(e)(11), which broadly encompasses a wide range of costs
and “consequential damages” that flow proximately from an unauthorized access. This suggests
that a proximate cause-type analysis is appropriate when assessing the components of such a
claimed loss, but that same logic does not warrant a similar analysis to the more straightforward
“threat to public health or safety” predicate harm in § 1030(c)(4)(A)(i)(IV). The other cases
relied upon by CRC invoke the “$ 5,000 loss” predicate, not the “public health and safety”
predicate, and thus, they are all unpersuasive for the same reason.1
1
CRC’s Amended Complaint does not attempt to allege that its losses attributable to Doe’s
unauthorized access exceed the $ 5,000 requirement. At most, it quantifies two particular
expenses: the value of Kyle Kohli’s salary for time he spent responding to press inquiries about
the unauthorized message, which CRC estimates to be $ 1,187.50; and the value of one day’s
salaries for four CRC office staffers whose time was lost when CRC was forced to close its
office for one day in response to the threats, a value that CRC fixes at $ 852. CRC identifies
other losses it also suffered, but does not attempt to quantify them, nor does it assert that these
losses exceed $ 5,000 under § 1030(c)(4)(A)(i)(I).
2
The Court’s own research has not yielded any caselaw in which a plaintiff invoked the
“public health and safety” provision under § 1030(g) where there was exploration of what
conduct falls within the provision. As a matter of first impression, this Court concludes, for the
reasons previously stated, that an act of unauthorized access “involves” the factor of “a threat to
public health or safety” when the access itself creates that threat, but not when a third-party’s
foreseeable2 reaction to the unauthorized access creates that threat.
As discussed previously, the threat requirement might be met if the unauthorized access
disables computers or deletes data essential to providing medical treatment, public utilities, or
emergency response services, but not where the unauthorized access has a benign primary effect
but induces others to harmful acts. For example, a user who hacks into the social media account
of a classmate and encourages him or her to commit suicide might be liable for engaging in
conduct posing a risk to health and safety, but a user who hacks into the same classmate’s
account and merely taunts the classmate for being unattractive cannot be said to have engaged in
conduct threatening public health and safety even if the now-despondent classmate reacts to the
taunting by committing suicide. Such example entails the user specifically employing the
unauthorized access to bring about the risk to public health, and in such circumstances, the use of
a predominantly criminal statute to afford civil relief might be proper. The latter example draws
upon the complex, wide-ranging, and sometimes attenuated principles of tort causation,
2
The Court need not reach the question of whether the CRC’s Amended Complaint’s
allegations are sufficient to plead that it was foreseeable that Doe’s “We Did It! #NeverTrump”
message would induce others into making threats. Notably, although the CRC’s response to the
Order to Show Cause contains some argument and evidence as to why such threats would be a
foreseeable result of the message being posted, those allegations are not found in the Amended
Complaint itself, nor are any other allegations bearing on foreseeability.
3
importing that sprawling and imprecise inquiry into a statute that was clearly intended to have a
narrow, focused reach.
Consistent with this the limited jurisdiction of the federal courts and general rules of
statutory construction, the Court finds that a constrained interpretation of § 1030(g) is the
appropriate, and thus finds that the CRC’s allegations that Doe’s unauthorized access induced
third parties to make threats to public health and safety fails to state a claim under §
1030(c)(4)(A)(i)(IV) and (g).
Accordingly, the Court finds that the CRC’s Amended Complaint fails to state a claim
under 18 U.S.C. § 1030(g). The Amended Complaint is DISMISSED and the Clerk of the Court
shall close this case.
Dated this 21st day of July, 2016.
BY THE COURT:
Marcia S. Krieger
Chief United States District Judge
4
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?