Fidlar Technologies
Filing
88
LPS's 77 Motion for Summary Judgment is GRANTED and summary judgment is granted as to all counts of 31 Fidlar's Amended Complaint. Because the motion is granted in its entirety, LPS's 79 Alternative Motion for Partial Summary Ju dgment on Certain of Fidlar's Claims for Damages is MOOT. Because other claims remain in this matter-namely, LPS's claims for equitable relief, tortious interference with contract, and tortious interference with business expectancy-entry of judgment is not appropriate at this time. (SC, ilcd)
E-FILED
Thursday, 05 March, 2015 05:34:48 PM
Clerk, U.S. District Court, ILCD
UNITED STATES DISTRICT COURT
CENTRAL DISTRICT OF ILLINOIS
ROCK ISLAND DIVISION
FIDLAR TECHNOLOGIES,
Plaintiff,
v.
LPS REAL ESTATE DATA SOLUTIONS,
INC.,
Defendant.
LPS REAL ESTATE DATA SOLUTIONS,
INC.,
Counter-Claimant,
v.
FIDLAR TECHNOLOGIES,
Counter-Defendant.
)
)
)
)
)
)
)
)
)
)
)
)
)
)
)
)
)
)
)
)
)
)
Case No. 4:13-cv-4021-SLD-JEH
ORDER
Fidlar Technologies (“Fidlar”) sued LPS Real Estate Data Solutions, Inc. (“LPS”) under
the civil-suit provision of the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030(g),
and under the civil-suit provision the Illinois Computer Crime Prevention Law (“CCPL”), 720
ILCS 5/17-51 (2011). Fidlar also alleged a common law trespass to chattels claim. Am. Compl.
11–14; ECF No. 31-1. LPS counter-claimed for various forms of tortious interference and
sought declaratory and injunctive relief. Am. Counterclaim 13–30; ECF No. 19. The dispute
between the parties rests on LPS’s method of accessing real estate information that Fidlar helps
counties digitize and make available online. Before the Court are LPS’s Motion for Summary
1
Judgment and Request for Oral Argument, ECF No. 77, and LPS’s Alternative Motion for Partial
Summary Judgment on Certain of Fidlar’s Claims for Damages and Request for Oral Argument,
ECF No. 79. For the following reasons, Fidlar’s Motion for Summary Judgment is GRANTED.
Because the Court grants this motion in its entirety, LPS’s motion for partial summary judgment
is MOOT.
BACKGROUND1
Fidlar is a technology company that creates and licenses software to the county offices
that maintain land records. Some of this software helps counties digitize their paper records by
scanning images of the documents and indexing these images. Some of the software allows
counties to make these records available over the internet. If counties wish to make the records
available online, they can either host them on their own servers, or contract with Fidlar to host
them on its servers. During the time period relevant to this case, the hosting of records using
either method was accomplished using a group of software components, collectively called
“Laredo,” created by Fidlar.2
Laredo consisted of a database which stored the index and image data gathered from
paper land records; a “middle tier”; and a user interface contained in a client.3 The middle tier
was an intermediary between database and client, responding to the client’s requests with images
and information from the database. These requests were generally transmitted to the middle tier
from a remote client, via the internet. They came in the form of “SOAP calls.” SOAP (Simple
1
Except where otherwise noted with a specific docket citation, the information in this section comes from the
parties’ statements of undisputed material facts.
2
The parties sometimes use the term “Laredo” to refer only to the user interface created by Fidlar, which may be a
reflection of how Fidlar referred to its products internally. See Noe 30(b)(6) Dep. 21–22, Mem. Supp. Mot. Summ.
J. Ex. 13; ECF No. 78-13. The parties agree that the term refers to the group of software components.
3
Fidlar has created and marketed several different pieces of client software over the years, some of which also have
distinct software elements associated with them in the middle tier. These pieces of software include such programs
as “Tapestry” and “Monarch.” While Tapestry existed during the time in question, it is undisputed that the conduct
for which Fidlar is suing involved Laredo. See Noe 30(b)(6) Dep. 22–24.
2
Object Access Protocol) is a protocol for exchanging information. A SOAP call consists of a
“header,” which contains information about the call, and a body, which contains the call itself.
While SOAP calls can be encrypted at different levels, the calls used by the client to query the
middle tier were not.
Fidlar made the client available on its website for people interested in accessing county
land records. By downloading the client, remote users could download and view on their own
computers land record information that counties had digitized. Regardless of whether Fidlar or
the counties hosted the land record information, that information remained the property of the
counties who granted users access to the information, often via written agreement and sometimes
for a fee. Fidlar was not a party to these agreements. The client did contain an End User License
Agreement (“EULA”), written by Fidlar, that was packaged with the client software and was
made available to users. In order to use the client, users had to accept the EULA’s terms and
conditions. See Fidlar Technologies Laredo End User License Agreement, Mem. Supp. Mot.
Summ. J. Ex. 15, ECF No. 78-15.
LPS is a real estate data analytics company that gathers and sells information about real
property.4 In pursuit of this mission, the company culls information from land records on a “vast
scale.” Resp. Mot. Summ. J. 2, ECF No. 82. LPS currently has agreements to access public land
title information with about 2,600 county recorders’ offices nationwide. Around 2010, LPS
undertook an expansion effort, forming agreements with more counties. Marroquin Dep. 21–22,
ECF No. 78-3. 82 of these were counties that made their land documents available online using
Fidlar’s services. LPS entered into arrangements with each of these counties to access their land
records. Some counties used written contracts; others had sign-up sheets or other less formal
4
LPS does not attempt to acquire the rights to or sell images of land title documents; rather, it sells the aggregated
data from these documents.
3
means of arranging for access. Where counties priced access differently based on the number of
minutes of time logged searching land records, LPS paid the counties the fee required for the
maximum amount of time possible, or “unlimited” time.5
LPS’s preferred method of getting access to land records digitally, in non-Fidlar counties,
was via file transfer protocol or some other means by which records could be grabbed en masse.
For reasons that the parties dispute, but at the very least, to speed up the process of accessing and
analyzing land records, LPS developed its own method of retrieving images through the middle
tier in each of the Fidlar counties.6 To do this, LPS downloaded Fidlar’s client, logged in using
the identifying information given to it by a particular county, and searched for a land record.
LPS then used a “traffic analyzer” to capture the SOAP calls that the Fidlar client sent to the
middle tier.7 While the parties disagree about whether the process that LPS used to analyze the
captured calls might be described as “trial and error,” it remains undisputed that by analyzing the
content of the intercepted SOAP calls, LPS was eventually able to figure out what kind of
information SOAP calls sent to the middle tier needed to contain so that the middle tier would
respond with a particular land record. LPS then created its own client to generate SOAP calls,
search the databases of the different counties, and download images of land documents. The
parties sometimes refer to this process as “web harvesting.”8
Whether by accident, design, or indifference, the LPS client’s SOAP calls lacked the data
necessary for the middle tier to track usage minutes on LPS’s account, or to determine whether
5
While Fidlar disputes LPS’s purported contention that “unlimited” access gave LPS privileges that extended
beyond time spent accessing the database, it does not dispute that the agreements with the counties permitted LPS to
spend unlimited time accessing the database. Resp. Mot. Summ. J. 17–18.
6
Fidlar disputes LPS’s statement of its reasons for developing its own technique. Resp. Mot. Summ. J. 22–23. This
dispute is addressed infra, pp. 10–15.
7
A traffic analyzer catches and makes viewable certain kinds of network traffic. This program is referred to in
briefing and deposition materials sometimes as an “http analyzer” or “web sniffer.” The terms are interchangeable
in this context.
8
This is technically inapposite to the practices employed by LPS, which did not occur via the World Wide Web.
4
LPS had used the functionality of the Laredo client that permitted users to print documents they
had downloaded. Thus, although LPS was generating many calls and downloading many land
records, Fidlar and the counties contracting with it saw LPS’s account as not logging any
minutes, and not having printed any land records. There is no evidence that this volume of
requests or their content hindered the operation of Fidlar or county servers.9
Eventually, Fidlar and the counties discovered LPS’s improvised method of accessing the
middle tier, and litigation followed. Fidlar filed suit on March 11, 2013. ECF No. 1. LPS
moved to dismiss, ECF Nos. 6, 35, filed a counterclaim, ECF No. 8, and moved for a temporary
restraining order and preliminary injunction, ECF No. 9, to stop Fidlar from communicating
negative things about LPS to certain counties. On November 8, 2013, the Court issued an order,
ECF No. 42, denying the motion to dismiss and the motion for temporary restraining order and
preliminary injunction. LPS moved for summary judgment on December 1, 2014. After the
close of discovery, there was some dispute between the parties about the admissibility of
evidence, particularly with respect to the report and testimony of one of Fidlar’s experts, Dr.
Ouri Wolfson, ECF No. 76-7, which LPS argued, ECF No. 75, had been untimely disclosed. On
December 14, Magistrate Judge Hawley ruled that Fidlar could use Dr. Wolfson solely as a
rebuttal expert against LPS’s expert. Dec. 17, 2014 Hr’g Tr. 19–25, ECF No. 86-1.
DISCUSSION
I.
Legal Standard on a Motion for Summary Judgment
Summary judgment is the “put up or shut up moment in a lawsuit, when a party must
show what evidence it has that would convince a trier of fact to accept its version of events.”
9
Fidlar argues that, because the SOAP calls that the LPS client generated did not permit the middle tier to track
usage minutes or prints, LPS’s statement that “Fidlar did not experience any service disruptions as a result of LPS’s
activity” is a disputed material fact. Resp. Mot. Summ. J. 32. However, Fidlar does not dispute that LPS’s activities
did not prevent the orderly mechanical operation of anyone’s servers—that is, no computer or network was slowed
or shut down by LPS’s actions.
5
Johnson v. Cambridge Indus., Inc., 325 F.3d 892, 901 (7th Cir. 2003) (internal quotation marks
omitted). A court should grant summary judgment “if the movant shows that there is no genuine
dispute as to any material fact and the movant is entitled to judgment as a matter of law.” Fed. R.
Civ. P. 56(a).
At the summary judgment stage the court’s function is not to weigh the evidence and
determine the truth of the matter but to determine whether there is a genuine issue for trial—that
is, whether there is sufficient evidence favoring the non-moving party for a jury to return a
verdict in its favor. Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 249 (1986); Patel v. Allstate
Ins. Co., 105 F.3d 365, 370 (7th Cir. 1997). The court must view the evidence in the light most
favorable to the non-moving party and draw all reasonable inferences in that party’s favor.
McCann v. Iroquois Mem’l Hosp., 622 F.3d 745, 752 (7th Cir. 2010) (citing Anderson, 477 U.S.
at 255).
The movant in a summary judgment motion bears the initial burden of production—
pointing the court to the materials in the record that “demonstrate the absence of a genuine issue
of material fact” for trial. Celotex Corp. v. Catrett, 477 U.S. 317, 323 (1986). Where the
nonmovant bears the ultimate burden of persuasion on a particular issue, however the
requirements on the movant are “not onerous,” and “may be discharged by showing—that is,
point[ing] out to the district court—that there is an absence of evidence to support the
nonmoving party’s case.” Modrowski v. Pigatto, 712 F.3d 1166, 1168 (7th Cir. 2013) (internal
quotation marks omitted). Once the movant discharges her burden, the burden shifts to the
nonmovant to “make a showing sufficient to establish the existence of an element essential to
that party’s case.” Celotex, 477 U.S. at 322. To satisfy this burden, a nonmovant must “go
beyond the pleadings . . . to demonstrate that there is evidence upon which a jury could properly
6
proceed to find a verdict in her favor.” Modrowski, 712 F.3d at 1169 (internal quotation marks
omitted). “A plaintiff may not defeat the defendant’s properly supported motion for summary
judgment without offering any significant probative evidence tending to support the complaint.”
Tri-Gen Inc. v. Int’l Union of Operating Engineers, Local 150, AFL-CIO, 433 F.3d 1024, 1038
(7th Cir. 2006) (internal quotation marks omitted).
II.
LPS’s Motion for Summary Judgment
LPS moves for summary judgment on all three counts of Fidlar’s Amended Complaint:
Fidlar’s CFAA claim, Am. Compl. 11–13, Mem. Supp. Mot. Summ. J. 27–40; Fidlar’s CCPL
claim, Am. Compl. 13–14, Mem. Supp. Mot. Summ. J. 40–44; and Fidlar’s trespass to chattels
claim, Am. Compl. 14, Mem. Supp. Mot. Summ. J. 44–45. The Court addresses each claim
individually below.
A. Fidlar’s Computer Fraud and Abuse Act Claim
1. Legal Framework
The CFAA, enacted in 1984, is “primarily a criminal statute designed to combat
hacking.” WEC Carolina Energy Solutions LLC v. Miller, 687 F.3d 199, 201 (4th Cir. 2012).
However, it grants the right to maintain a civil action to “[a]ny person who suffers damage or
loss by reason of a violation of this section.” 18 U.S.C. § 1030(g). Two provisions of the CFAA
are relevant here. The first, § 1030(a)(4), applies to anyone who
knowingly and with intent to defraud, accesses a protected computer without
authorization, or exceeds authorized access, and by means of such conduct
furthers the intended fraud and obtains anything of value, unless the object of the
fraud and the thing obtained consists only of the use of the computer and the
value of such use is not more than $5,000 in any 1-year period[.]
18 U.S.C. § 1030(a)(4). The second, § 1030(a)(5)(A) applies to anyone who “knowingly causes
the transmission of a program, information, code, or command, and as a result of such conduct,
7
intentionally causes damage without authorization, to a protected computer.” 18 U.S.C.
§ 1030(a)(5)(A).
Relevant to these subsections are several definitions the statute supplies. A “computer” is
“an electronic, magnetic, optical, electrochemical, or other high speed data processing device
performing logical, arithmetic, or storage functions.” 18 U.S.C. § 1030(e)(1). A “protected
computer” is any computer “which is used in or affecting interstate or foreign commerce or
communication.” Id. § 1030(e)(2)(B). “Exceeds authorized access” means “to access a
computer with authorization and to use such access to obtain or alter information in the computer
that the accesser is not entitled so to obtain or alter.” Id. § 1030(e)(6). “Damage” is “any
impairment to the integrity or availability of data, a program, a system, or information.” Id.
§ 1030(e)(8). “Loss” is “any reasonable cost to any victim, including the cost of responding to
an offense, conducting a damage assessment, and restoring the data, program, system, or
information to its condition prior to the offense, and any revenue lost, cost incurred, or other
consequential damages incurred because of interruption of service.” Id. § 1030(e)(11).
2. Analysis
As a preliminary matter, the parties dispute what sections of the CFAA Fidlar may seek
relief under at this phase of the proceedings.
In its Memorandum in Support of Motion for Summary Judgment, LPS states that Fidlar
“specifically bases its CFAA claim on Section 1030(a)(5)(A),” Mem. Supp. Mot. Summ. J. 27,
and cites to the Court’s remark, in its Order denying dismissal, that “the specific section [of the
statute] that Fidlar invokes (§ 1030(a)(5)(A)) requires damage to a protected computer,” Order
Mot. Dismiss 14. In a footnote, LPS states that Fidlar in fact did mention a claim under
§ 1030(a)(4) in its briefing on the motion to dismiss, but did so in a footnote “[p]resumably to
8
hedge its bets.” Mem. Supp. Mot. Summ. J. 27 n.20. LPS argues that there is, in any event,
insufficient evidence in the record to support a claim under § 1030(a)(4).
In its Response, Fidlar counters that it originally made and seeks now to maintain a claim
under § 1030(a)(4), because its Amended Complaint “broadly alleges a violation of 18 U.S.C.
§ 1030 without limiting its claim to a particular section of the CFAA,” Resp. Mot. Summ. J. 67.
Fidlar offers to “hereby [clarify] for this Court that it is claiming a violation of both (a)(4) and
(a)(5)(A) of the CFAA.” Id. Fidlar duly proceeds to argue that there is support in the record to
sustain claims under both subsections.
A review of the Amended Complaint shows that Fidlar did broadly plead a violation of
18 U.S.C. § 1030, without naming any subsection. Am. Compl. 11. Furthermore, Fidlar also
pleaded damages “in excess of $5,000 in the past calendar year,” id. at 12, as required to
maintain a private action under § 1030(g), and was obviously seeking to invoke the statute’s
civil-suit provision.10 Subsection (g) provides a right of action to “[a]ny person who suffers
damage or loss by reason of a violation of this section.” A violation of either § 1030(a)(4) or
§ 1030(a)(5)(A) would constitute “a violation of this section.” LPS has cited no authority that
would suggest that Fidlar ought to be limited to § 1030(a)(5)(A) simply because Fidlar did not
plead § 1030(a)(4) specifically, or raise it expressly at the motion to dismiss phase. The Court
agrees with the Northern District of Illinois and with the Ninth Circuit that a party does not
forfeit claims under various subsections of § 1030 simply by not pleading those subsections
explicitly. MPC Containment Sys., Ltd. v. Moreland, No. 05 C 6973, 2008 WL 2875007, at *14
(N.D. Ill. July 23, 2008); Theofel v. Farey-Jones, 359 F.3d 1066, 1078 n.5 (9th Cir. 2004).
10
Technically, the $5,000 requirement is not enumerated by § 1030(g). Subsection (g) stipulates that, in addition to
the criteria enumerated in any other section of the statute, in order for the private right of action to lie, the conduct in
question must have violated one of subclauses I-V of subsection (c)(4)(A)(i). Subclause I is “loss to 1 or more
persons during a 1-year period . . . aggregating at least $5,000 in value.”
9
Although the Court and LPS treated Fidlar’s claim as restricted to § 1030(a)(5)(A) at the
motion to dismiss phase, none of Fidlar’s possible claims were thereby foreclosed—the motion
to dismiss, apparently only as to claims under § 1030(a)(5)(A), was denied, and Fidlar’s other
claims under § 1030 have survived up to this point. Fidlar may argue, in opposition to the
Motion for Summary Judgment, as many viable theories of liability under § 1030 as it can
sustain, and it has clarified for the Court that in its view, there are two: one arising under §
1030(a)(4) and one under § 1030(a)(5)(A).
a. Fidlar’s 18 U.S.C. 1030 §(a)(4) Claim
In order to maintain a claim under 18 U.S.C. § 1030(a)(4), Fidlar must show that LPS
acted knowingly and with intent to defraud, accessed a protected computer without authorization
or exceeding authorized access, furthered the intended fraud by means of this conduct, and
obtained anything of value (unless that value was less than $5,000 in a one-year period). 18
U.S.C. § 1030(a)(4). The Court addresses only the intent to defraud here because, as explained
below, there is no evidence in the record upon which a jury could find for Fidlar on this element.
The Seventh Circuit has determined that to act with intent to defraud means to act
“willfully and with specific intent to deceive or cheat, usually for the purpose of getting financial
gain for one’s self or causing financial loss to another.” United States v. Henningsen, 387 F.3d
585, 590–91 (7th Cir. 2004) (quoting United States v. Moede, 48 F.3d 238, 241 (7th Cir.1995)).
The act of fraud allegedly intended here is the digital copying of land records belonging to the
counties in such a way as to evade logging detectable time during access, and to evade the print
fee some counties charged.11 Resp. Mot. Summ. J. 68
11
The Amended Complaint claims that LPS “had been accessing Fidlar’s software and electronically capturing
documents from its client counties without its knowledge.” It specifically alleges that LPS has “knowingly and with
intent to defraud obtained possession and control of document images in the amounts listed in the chart below.”
Am. Compl. 12. The “chart below” contains columns listing “fee per page” and “number of documents captured.”
10
As a moving party who will not bear the burden of proof at trial, LPS needs to show “that
there is an absence of evidence to support the nonmoving party’s case.” Modrowski, 712 F.3d at
1168. Here, this means an absence of evidence that LPS acted knowingly and with intent to
defraud by downloading land records without paying print fees it would otherwise incur. In
order to make this showing, LPS points out that its behavior—using its custom client in all Fidlar
counties, not just those where it might evade a print fee by doing so—is inconsistent with an
intent to use the client to avoid paying print fees. Mem. Supp. Mot. Summ. J. 27 n. 20. If the
aim of the client was to defraud counties that charged print fees, why use the client in counties
where doing so would save it no money because printing was already free? Further, LPS claims
that it never formed the intent to cheat or defraud the counties because it honestly believed its
method of accessing land record images was permitted by the terms of its contracts with the
counties, where in each case it paid for the maximum allowable number of minutes of access. Id.
LPS points to sufficient evidence in the record to support these contentions. It cites the
deposition of Erick Marroquin, a former Senior Vice President at LPS and Rule 30(b)(6) witness,
which reads in relevant part:
THE WITNESS: In my opinion, we paid, yes. We paid for access to the
information we received.
BY MR. WILLIAMS:
Q. Based on monthly minutes, correct?
A. We paid for unlimited access to information within the solution, yes.
Q. When you say “information,” do you mean data?
A. I mean images.
Q. You mean that you were entitled to download images from the Laredo
program without incurring a print charge; is that correct?
A. Yes.
Marroquin 30(b)(6) Dep. 185:6–17, ECF No. 78-3. LPS also points to the deposition of Scott
Moore, Fidlar’s Vice President of Sales and Marketing, who indicated that Fidlar did not share in
Id. Fidlar does not suggest other fraudulent acts LPS might have specifically intended in creating and using its own
client.
11
any of fees that counties might charge for printing documents, Moore 30(b)(6) Dep. 73:8–10,
ECF No. 78-2. While the latter record materials appear to bear only on Fidlar’s stake in print
fees, the former clearly indicates that, from LPS’s perspective, paying for unlimited minutes
entitled the company to download the images without printing them and thus without paying the
fee that Fidlar alleges was fraudulently evaded.
Illuminating Marroquin’s testimony is one of the paragraphs of LPS’s amended
counterclaim, the answer to which LPS cites in its motion for summary judgment as to Fidlar’s
§ 1030(a)(4) claim. The paragraph reads:
LPS has no interest in printing paper-based copies of the public records. Rather, it
seeks only to review the records and collect specific pieces of information and
data from each. Printing the records, however, is a source of revenue for the
Counties, and Laredo was marketed to the counties on this basis. Accordingly, the
Laredo software disables some standard functions on the user’s computers, such
as the “print screen” button. Laredo also blocks the “copy and paste,” functions,
and inhibits third party software that can save screen shots.
Fidlar’s Answer to LPS’s Am. Counterclaim ¶ 16. This paragraph explains the essential nature
of LPS’s intentions toward the land record files that it first downloaded and viewed in Fidlar’s
client, and then in its own.12 According to LPS, physical printing was never its goal. Rather,
LPS sought to copy and collect certain data from land records, which it could have done by using
Fidlar’s client, manually transcribing the information displayed from the downloaded images if
needed, or copying them via another piece of software. See May 17, 2013 Evid Hr’g Tr. 47;
ECF No. 82-21. However, Fidlar’s client was designed to make it difficult for users to copy or
12
There exists a great deal of confusion throughout the record about whether it was permissible for LPS to
“download” images from the county databases. Witnesses with technical knowledge of the software at issue seem
particularly puzzled by this line of questioning. See, e.g., May 17, 2013 Evid Hr’g Tr. 125, ECF No. 82-21. This is
understandable, given that the common meaning of “download”—“an act of moving or copying a file, program, etc.,
from a usually larger computer system to another computer or device”—encompasses any transfer of information
from server to client, whether conducted by Fidlar’s client or another program. “Download,” MerriamWebster.com, http://www.merriam-webster.com/dictionary/download (visited Feb. 11, 2015). Thus, any authorized
viewing of the images involved “downloading” them. The real issue seems to be whether LPS was authorized to
save downloaded land records to storage media in a readable and transferable format after the data had been
downloaded. These are technological nuances that neither party addresses in briefing.
12
extract data quickly from the land record images it displayed by blocking the computer’s normal
copying functionalities. See May 17, 2013 Evid Hr’g Tr 124. LPS’s witnesses testified that the
company developed its own client solely as a way of massively speeding its data-collecting
activities and circumventing the “features,” or hobbles, that Fidlar deliberately engineered into
its software to hinder copying and to encourage users to print documents physically, “a source of
revenue to the counties.” Fidlar’s Answer to LPS’s Am. Counterclaim ¶ 16. As Marroquin put
it, “No part of [LPS’s search practice] was to avoid a print fee.” Marroquin Dep. 122, ECF No.
82-14.
By pointing to evidence in the record supporting the inference that it had no fraudulent
intent, and by citing to depositions asserting its non-fraudulent intent, LPS has met its initial
burden of production, and preliminarily “demonstrate[d] the absence of a genuine issue of
material fact” for trial. Celotex, 477 U.S. at 323. It now lies with Fidlar to “demonstrate that
there is evidence upon which a jury could properly proceed to find a verdict in [its] favor” on the
element of intent to defraud. Modrowski, 712 F.3d at 1169 (internal quotation marks omitted).
In support of its position, Fidlar first tries to contend that “[w]hether LPS acted with an
intent to defraud by replacing the Laredo Client with its own client is a material fact under
section (a)(4) that remains in dispute.” Resp. Mot. Summ. J. 68. Fidlar is mistaken. The intent
to defraud is not a material fact, but rather an element of the offense upon which Fidlar bears the
ultimate burden of proof. Fidlar must now point to material facts to “make a showing sufficient
to establish the existence” of that element. Celotex, 477 U.S. at 322.
To make this showing, Fidlar first observes that there is evidence suggesting “LPS knew
that its web-harvester allowed it to search county databases and download images of documents
without its usage being tracked.” Resp. Mot. Summ. J. 68. There certainly is evidence to
13
support this contention; Fidlar cites to several invoices it generated on behalf of the counties and
sent to LPS showing extensive usage time and in some cases a few print fees, followed by a total
disappearance of usage time and print fees after a certain point in 2012.13 Miller, AR Invoices,
ECF No. 82-24; St. Joseph, IN invoices, ECF No. 82-25; Vandenburgh, IN Invoices, ECF No.
82-26; Delaware, IN Invoices, ECF No. 82-27; Eau Claire, WI Invoices, ECF No. 82-28; Rock,
WI Invoices, ECF No. 82-29. However, while these materials show that LPS was on notice that
its activities had caused it to stop logging minutes with Fidlar and the counties, they do nothing
to support the inference that LPS acted with intent to defraud. Indeed, the receipt of the invoices
would just as surely have shown LPS that the counties could tell it had suddenly stopped logging
minutes or incurring print fees, while still paying access fees. The fact that LPS took no steps to
resume apparent usage or assuage any concern the counties might have had further supports the
inference that it did not intend to gain unauthorized access to images and defraud the counties.
While Fidlar asserts that LPS failed to respond with clarity to certain counties’ inquiries, Fidlar’s
argument to this effect is marred by citations to the record that consist merely of the word
“[CITE].” Resp. Mot. Summ. J. 68. Fidlar has thus failed to point to facts in the record that
support that contention. And in any event, even if the contention was supported, it would do
nothing to make it more likely that LPS intended to defraud the counties, for the same reason that
continuing to pay access fees for apparent non-use is not probative of intent to defraud.
Fidlar next suggests that LPS’s payment for “unlimited” minutes in some counties is
irrelevant, because depositions of some county officials indicate that the counties’ interpretation
of the contracts with LPS differed from LPS’s on the question of what exactly LPS had bought
by paying for “unlimited minutes.” Resp. Mot. Summ. J. 69. Specifically, Fidlar suggests that
13
While some of these documents, like the Miller, AR invoices, do show the sudden disappearance of usage
minutes, others do not. See, e.g., Eau Claire, WI Invoices.
14
some counties thought their agreements with LPS required LPS to use Fidlar’s client. Id.
However, LPS’s payment for the maximum amount of time available in each county, coupled
with its statements that it believed this entitled it to access files in the way that it did, is relevant
in that it is probative of a lack of intent to defraud.
Fidlar points to no other material in the record suggesting that it could carry its burden of
proof at trial. While intent to defraud can be proven by circumstantial evidence, Moede, 48 F.3d
at 241, Fidlar has pointed to no evidence in the record, circumstantial or otherwise, that LPS had
the intent to defraud any of the counties or Fidlar itself. Summary judgment is proper against
Fidlar’s claim under 18 U.S.C. § 1030(a)(4) because Fidlar cannot present a sufficient showing
to establish the existence of fraudulent intent.
b. Fidlar’s 18 U.S.C. § 1030(a)(5)(A) Claim
In order to maintain a claim under § 1030(a)(5)(A), Fidlar must show that LPS
knowingly caused the transmission of a program, information, code, or command, and that as a
result of that conduct LPS intentionally caused damage to a protected computer without
authorization. 18 U.S.C. § 1030(a)(5)(A). The Court addresses only whether LPS intentionally
caused damage to a protected computer because there is no evidence in the record upon which a
jury could find for Fidlar on this element.
It is undisputed that the computers in question here are (1) the Fidlar servers running the
middle tier that LPS accessed, and (2) potentially any servers owned by the counties running the
middle tier. See Noe 30(b)(6) Dep. 25:15–19. Damage is broadly defined under the CFAA as
“any impairment to the integrity or availability of data, a program, a system, or information.”
§ 1030(e)(8). However, access to or disclosure of information on remote servers is generally not
understood in the Seventh Circuit as “damage” within the meaning of the statute. Landmark
15
Credit Union v. Doberstein, 746 F. Supp. 2d 990, 993 (E.D. Wis. 2010) (“[S]eemingly every
court in this circuit that has interpreted the meaning of the word ‘damage’ in the CFAA has held
that ‘damage’ does not encompass harm from the mere disclosure of information” (internal
quotation marks omitted) (collecting cases)). This reflects the aim of the CFAA’s drafters to
punish those who access computers with the intention of deleting, destroying, or otherwise
rendering unusable the information they find. See Int’l Airport Ctrs., L.L.C. v. Citrin, 440 F.3d
418, 420 (7th Cir. 2006) (explaining that statute was aimed at “attacks by disgruntled
programmers who decide to trash the employer’s data system on the way out”). As the Motorola
court picturesquely put it, “[t]he plain language of the statutory definition refers to situations in
which data is lost or impaired because it was erased or because (for example) a defendant
smashed a hard drive with a hammer.” Motorola, 609 F.Supp.2d at 769.
The damage alleged here is the use of LPS’s client in such a way as to avoid minutes
being logged or prints accounted for.14 Resp. Mot. Summ. J. 76. LPS argues that it did not
cause any damage, and points to the absence of any evidence in the record that data on servers
was altered, service was disrupted, viruses were transmitted, or computers crashed. Mem. Supp.
Summ. J. 39. Further, LPS argues there is no evidence that in generating its own deficient SOAP
calls, it deleted or destroyed any server data tracking its access; it merely generated SOAP calls
that did not contain information Fidlar’s servers needed to generate this information. Id. These
observations are sufficient to discharge LPS’s burden as a movant for summary judgment who
does not bear the ultimate burden of proof.
14
Fidlar suggests, too, that the very act of copying or transferring information from viewed images was damage.
“The SOAP calls omitted by LPS just happened to be the method by which Laredo would identify how much time
LPS spent using Laredo and what documents LPS was copying without being charged.” Resp. Mot. Summ. J. 76.
However, Fidlar nowhere suggests that LPS would have been “charged” for any form of non-print copying
(transcription, screen capturing, etc.). The claim in the above-cited portion of Fidlar’s motion seems more
suggestive of a wish than a fact about what users of its client were charged for doing. See pp. 22–23, infra.
16
In response, Fidlar does not point to any other information in the record supporting its
contention that LPS caused damage; rather, it argues that because LPS’s client did not log
minutes or provide print data, it “prevented Laredo from functioning as a revenue generation
mechanism for the counties.” Resp. Mot. Summ. J. 76. Thus, Fidlar does not argue that there
exist disputed issues of material fact or other record material supporting the claim that damage
was done to a protected computer, but rather attempts to assert that the behavior all parties agree
occurred, as a matter of law, qualifies as “damage” within the meaning of § 1030(a)(5)(A).
However, it does not.15
The harm that Fidlar alleges is far more akin to the theft of trade secrets than it is to the
disruption or destruction of information. The damage Fidlar points to, essentially, is that LPS
may have evaded some of the fees it might otherwise have been liable for (ignoring the fact that
LPS always paid the monthly access fees). This is not damage within the meaning of the statute;
it is not damage or loss to information or the means by which information is kept. It is a far cry
from a defendant “smash[ing] a hard drive with a hammer.” Motorola, 609 F.Supp.2d at 769.
And Fidlar’s claim that in accessing the middle tier with a client of its own devising, LPS
compromised the “completeness or usability” of the “Laredo system,” Resp. Mot. Summ. J. 76,
is almost metaphysical in its abstraction. To even make sense, the claim requires the Court to
construe database, middle tier, and client all as one “system” within the meaning of
§ 1030(e)(8), whose “integrity” could be compromised merely by another piece of software not
part of the “system” communicating with the software in the “system” in a way usually only
performed by another piece of “system” software. (It is perhaps with this construal in mind that
15
Matters might be different if Fidlar pointed to any evidence that LPS had printed land records after preventing the
tracking of any printing. However, Fidlar points to no such evidence.
17
Fidlar argues that the three elements are all part of the “Laredo system.” See Resp. Mot. Summ.
J. 13–14, 19–20, 34–35.)
Such an interpretation does not comport, however, with the way that courts have
consistently understood the term “system” in CFAA litigation, as a discrete program or database
running on a computer or group of computers owned and operated by a single entity. See Citrin,
440 F.3d at 420 (discussing different types of damage including “attacks by disgruntled
programmers who decide to trash the employer’s data system on the way out” (emphasis added));
Farmers Ins. Exch. v. Auto Club Grp., 823 F. Supp. 2d 847, 852 (N.D. Ill. 2011) (“[M]ere
copying of electronic information from a computer system is not enough to satisfy the CFAA’s
damage requirement.” (emphasis added)); George S. May Int’l Co. v. Hostetler, No. 04 C 1606,
2004 WL 1197395, at *4 (N.D. Ill. May 28, 2004) (“We see no principled reason . . . why
infringement of copyrighted material taken from a protected computer system would not qualify
as impairment of the integrity of the copyrighted information.” (emphasis added)). If followed,
Fidlar’s proposed understanding of “system” for purposes of CFAA damage would mean that
damage results and liability may follow anytime a software developer’s program, designed to
communicate with another of its programs, is communicated with by other software in a way
unexpected by the developer. This is an absurd result.
Neither the bare act of accessing the middle tier without using Fidlar’s client, nor the
generation of SOAP calls that failed to contain usage and print information, are “damage” under
§ 1030(a)(5)(A). LPS is entitled to judgment on the § 1030(a)(5)(A) claim as a matter of law.
B. Fidlar’s Illinois Computer Crime Prevention Law Claim
1. Legal Framework
18
The Computer Crime Prevention Law, like the CFAA, is primarily a criminal statute with
a civil-suit provision. Subsection (c) of the statute states, “Whoever suffers loss by reason of a
violation of subdivision (a)(4) of this Section may, in a civil action against the violator, obtain
appropriate relief.” Subdivision (a)(4) in turn provides, in relevant part:
(a) A person commits computer tampering when he or she knowingly and without the
authorization of a computer’s owner or in excess of the authority granted to him
or her:
....
(4) Inserts or attempts to insert a program into a computer or computer program
knowing or having reason to know that such program contains information or
commands that will or may:
(A) damage or destroy that computer, or any other computer subsequently
accessing or being accessed by that computer;
(B) alter, delete, or remove a computer program or data from that computer, or
any other computer program or data in a computer subsequently accessing
or being accessed by that computer; or
(C) cause loss to the users of that computer or the users of a computer which
accesses or which is accessed by such program[.]
720 ILCS 5/17-51(a)(4). Relevantly, the term “program” under the CCPL is to be very broadly
construed as “a series of coded instructions or statements in a form acceptable to a computer
which causes the computer to process data and supply the results of the data processing.” 720
ILCS 5/17-0.5.
2. Analysis
Because Fidlar cannot show that there is a genuine issue for trial as to (a)(4)—whether
LPS inserted a program knowing or having reason to know that the program would cause one of
the enumerated effects—the Court does not address the other required elements of computer
tampering.
19
LPS makes two arguments as to why it did not insert a computer program into Fidlar’s
servers knowing that it would cause enumerated damages. First, it claims that the SOAP calls
were not a “program” within the meaning of the statute. “Rather than inserting a program, LPS
simply used its own client to communicate with Fidlar’s servers.” Mem. Supp. Summ. J. 41. To
support this assertion, LPS points to the absence of record evidence that LPS “inserted” any
software between Fidlar’s client and its servers, performed an “SQL insertion,”16 inserted a virus
into any Fidlar computer, or created a program that was installed or executed on a Fidlar
computer. Id. at 42. Second, LPS claims that it did not know or have reason to know that its use
of its own client would be harmful within the meaning of section (a)(4). To support this
assertion, LPS points to the deposition of Bob Noe, a Fidlar employee who testified that because
of the way LPS reverse-engineered Fidlar’s product, LPS would have no idea how information
was processed in the database or middle tier. Noe 30(b)(6) Dep. 129:16–130:14, ECF No. 78-13.
LPS also highlights the deposition of its witness John McCabe, who indicated that LPS had no
belief or reason to believe that its client would harm Fidlar or its servers. McCabe 30(b)(6) Dep.
38:21, 60:11–61:6, 67:1–17, 68:18–24, 88:17–24, 121:18–21, ECF No. 78-18.
While it comports with common sense to contend that merely communicating with
Fidlar’s servers was not “inserting a program,” the meaning of “program” under the CCPL is so
broad that LPS has not met its burden of production with respect to the program-status of the
SOAP calls. That is, LPS has not pointed to record material suggesting that the SOAP calls were
not “a series of coded instructions or statements in a form acceptable to a computer,” 720 ILCS
5/17-0.5, or pointed to an absence of evidence in the record that they were. Nor has it pointed to
16
Neither party defines an “SQL insertion,” but each refers to it as the sort of thing that LPS’s client is not or does
not do. LPS’s expert witness describes an “SQL injection” as a procedure in which data entered by a user into a
response field maliciously tricks the program that reads the data into executing functions that the user was not
supposed to be able to elicit. Conway Report 11–12, ECF No. 76-3. In any case, such insertions or injections
appear not to be relevant to these proceedings.
20
an absence of evidence in the record that sending the calls to the middle tier and allowing them
to be processed there was “inserting” them. However, LPS has met its burden to identify
evidence in the record, in the form of witness testimony, that LPS did not know or have reason to
know that the SOAP calls it generated would: cause damage; alter, delete, or remove a computer
program or data; or cause loss within the meaning of the CCPL. Noe 30(b)(6) Dep. 129:16–
130:14; McCabe 30(b)(6) Dep. 38:21, 60:11–61:6, 67:1–17, 68:18–24, 88:17–24, 121:18–21.
Therefore, Fidlar must show that there is a genuine issue for trial on this point.
In support of its claim, Fidlar rests on subsection (a)(4)(C) and tries to show that, in
operating its own client, LPS knew that it was inserting a program that “contains information or
commands” that would “cause loss to the users of [the] computer [into which a program was
inserted] or the users of a computer which accesses or which is accessed by such program.” 720
ILCS 5/17-51(a)(4). To this end, Fidlar once more observes that LPS was on notice that its
client did not log minutes or return print statistics, and that thus, “LPS knew [the program] would
cause loss to the counties.” Resp. Mot. Summ. J. 77. Fidlar generally refers to its Response to
LPS’s Alternative Motion for Summary Judgment, ECF No. 83, in arguing that it lost customers,
subscription revenue, and business reputation and goodwill as a consequence of LPS’s use of its
client. Id. at 78.
However, in the same way that Fidlar’s purported evidence of intent to defraud under the
CFAA was inapposite, this information misses the mark and is not relevant to whether LPS knew
or had reason to know that its SOAP calls would cause loss to Fidlar or the counties. Whatever
interpretation of “loss” one applies to the word as used in the CCPA (a statute for which there is
not a wealth of judicial interpretation), Fidlar does nothing to show that LPS knew or should
21
have known that any loss—from lost printing revenues to cancellation of some of Fidlar’s
contracts—would result from the use of its client.
From the mere fact that the counties made money from Fidlar’s product—obvious to
LPS, presumably, since LPS paid the counties for access—it does not follow that LPS knew or
should have known that it was depriving the counties of money, or even that it did deprive them
of money. As described above, it was never LPS’s aim to print documents, the process which by
which Fidlar claims the counties were deprived of money; it was LPS’s aim to copy and
aggregate certain data from the land records it downloaded, which its client provided a means of
doing. See McCabe 30(b)(6) Dep. 40:16–41:16. LPS could have done this by slower means
than the one it eventually developed, including one that did not involve bypassing the
intentionally restrictive Fidlar client interface (copying by hand, for instance).
The contention that LPS deprived counties of money rests on the assumption, unstated
but everywhere present in Fidlar’s briefing, that any act of copying the digital land records
entitled the counties to a fee. Fidlar may wish this were so; indeed, Fidlar may have marketed its
products to counties by endorsing just this kind of sweeping commodification of public land
records. Be that as it may, Fidlar points to no information in the record that could give rise to the
inference the LPS knew or should have known that this was the case, or that it was the case with
respect to any individual contract. The evidence provided by Fidlar merely suggests that some
counties charged a print fee, and that LPS never made a practice of printing and incurring the fee
and never sought to. LPS’s use of its own client to aggregate data from the documents does not
suggest that it would have, or was contractually obligated to, print any of the associated
documents and pay the counties for that printing.
22
Fidlar points to no evidence in the record that LPS knew or should have known that its
use of its client caused the counties “loss” under the CFAA. Additionally, Fidlar has pointed to
no evidence that suggests LPS knew or should have known that Fidlar would suffer loss of
goodwill with counties, lost customers, or lost subscription revenue. Because Fidlar has not
shown that there is a genuine issue for trial under the CCPL, summary judgment for Fidlar on the
CCPL claim is appropriate.
C. Fidlar’s Trespass to Chattels Claim
Trespass to chattels is, as the Court explained in its order denying LPS’s Motion to
Dismiss, “an oft-forgotten common law tort usually familiar only to first-year law students,
[which] provides redress for unauthorized use of or intermeddling with another’s physical
property.” Order Mot. Dismiss 19. As the Court explained in that Order at length, and will not
repeat here, trespass to chattels is experiencing a strange afterlife as a cause of action for
unauthorized intermeddling with another’s computer or network. Id. at 20–21. However, the
requirement that the trespass involve an act of “direct physical interference” remains. Antonelli
v. Sherrow, No. 02 C 8714, 2005 WL 2338813, at *10 (N.D. Ill. Sept. 21, 2005) aff’d, 246 Fed.
App’x 381 (7th Cir. 2007). In allowing this claim to proceed past the motion to dismiss phase,
the Court found unpersuasive all of Fidlar’s arguments about data theft and interference with
computer programs. Order Mot. Dismiss 21. The trespass to chattels count remained because
Fidlar had plausibly alleged a “threat” to the continued operation of its servers caused by LPS’s
actions. Id. The claim proceeded on that possible threat alone.
The Court noted at the time that Fidlar’s allegations on this score were not “dripping with
detail,” id., and indeed, no details at all about such interference appear to have surfaced in
discovery. LPS observes that there is no evidence of any interference with the operation of
23
Fidlar’s servers at all. Mem. Supp. Mot. Summ. J. 44–45; Noe 30(b)(6) Dep. 109:20–22, 110:13,
110:16–21; Moore 30(b)(6) Dep. 206:13–16; Watkins 30(b)(6) Dep. 64:14–65:5. Given that the
operating condition of Fidlar’s servers was the only issue that remained, LPS has carried its
burden. In response, Fidlar only argues that LPS’s web harvester commands “physically touched
Fidlar’s computers,” Resp. Mot. Summ. J. 79, and that the SOAP calls sent by LPS “did cause a
substantial interference with Fidlar’s computer network,” id. But the only “substantial
interference” Fidlar identifies is, once again, the attenuated form of loss it maintains it has
suffered, which is not the same thing as a threat to the proper functioning of Fidlar’s servers.
Since Fidlar points to no information in the record beyond its conclusory assertion that its
computer network was interfered with and its computer physically “touched,” it has not shown
the existence of anything in the record that a jury could rely upon to find for it on the trespass to
chattels claim. Summary judgment against Fidlar is warranted on this count.
CONCLUSION
Accordingly, LPS’s Motion for Summary Judgment, ECF No. 77, is GRANTED and
summary judgment is granted as to all counts of Fidlar’s Amended Complaint, ECF No. 31-1.
Because the motion is granted in its entirety, LPS’s Alternative Motion for Partial Summary
Judgment on Certain of Fidlar’s Claims for Damages, ECF No. 79, is MOOT. Because other
claims remain in this matter—namely, LPS’s claims for equitable relief, tortious interference
with contract, and tortious interference with business expectancy—entry of judgment is not
appropriate at this time.
24
Entered this 5th day of March, 2015.
s/ Sara Darrow
SARA DARROW
UNITED STATES DISTRICT JUDGE
25
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?