December 11, 2009
Court Rejects Computer Fraud & Abuse Act Claim Based on Unsolicited Text Messages--Czech v. Wall Street on Demand
[Post by Venkat]
Czech v. Wall Street on Demand, Inc., No. 09-180 (DWF/RLE) (Dec. 8, 2009).
A Minnesota district judge rejected claims brought under the Computer Fraud and Abuse Act based on the receipt of unsolicited text messages. There's not much to the facts, except that plaintiff received unwanted text messages from Wall Street on Demand, Inc. She did not have a prior business relationship with WSOD. She (vaguely) alleged that she incurred fees and charges related to her receipt of these messages. Based on her receipt of unwanted text messages, she filed a claim against WSOD alleging violations of the Computer Fraud and Abuse Act and state statutes.
The Court's Ruling: The court dismisses plaintiff's amended complaint in an order that helpfully provides a summary of the Computer Fraud and Abuse Act (and recent 2008 tweaks) as it's used in the civil context. Plaintiff brings three possible claims: (1) a claim for obtaining information from her phone; (2) a claim for transmitting information or code through her phone; and (3) a claim for "accessing" her phone.
Information Claim: The court rejects the information-based claim because there's no information that WSOD allegedly obtained through accessing the plaintiff's phone. Plaintiff analogizes to websites and argues that any time someone sends a message to a mobile phone, information is "obtained" in the same way that information is obtained any time someone accesses a website. The court rejects this analogy, finding that "there is a fundamental difference between viewing websites and communicating with wireless devices such as cell phones by sending text messages." Even if the transmission of an unwanted text message somehow resulted in the "obtaining of information," the court concludes that there's no loss as a result of defendant having obtained the information.
Transmission Claim: The transmission claim requires plaintiff to allege that WSOD caused the transmission of code or information and as a result "intentionally caused damage without authorization" to plaintiff's device. The complaint fails on both counts. There wasn't a credible allegation of damage (there was no allegation of impairment to the machine) or of WSOD's intent to cause the damage.
Access Claim: The court rejects the access claim since plaintiff does not adequately allege that the unauthorized access was intentional.
My Take: The Computer Fraud and Abuse Act is an often abused statute, and this seemed like another example of a situation where the statute is being stretched to fit the conduct/harm that was not intended to be covered by the statute. I was surprised that plaintiffs cited to the Lori Drew case [link], which many people view as a classic example of stretching the statute to its breaking point. In some ways this case is reminiscent of ISPs using the Computer Fraud and Abuse Act to attack spam. Some courts were open to this; other courts expressed reservations to the applicability of the Computer Fraud and Abuse Act to spam. See, e.g., America Online, Inc. v. National Health Care Discount, Inc., 121 F. Supp. 2d 1255, 1275 (N.D. Iowa 2000) ("A disturbing issue is whether subsection (a)(5)(c) is intended to address UBE at all.").
The case is also somewhat reminiscent of Abrams v. Facebook, a lawsuit based on the fact that Facebook sent SMS messages to cellphone numbers provided by its users and would keep sending those messages even if the cellphone number changed owners. In a lengthy article, Prof. Goldman discussed the weaknesses of using phone numbers as identity authenticators.
Advice to plaintiffs. If the court dismisses your complaint, come back with additional facts. Do not merely add what the court here calls "background discussion" about the issue you are complaining about. In five or six separate instances, the court mentions the fact that the amended complaint is just a bulkier, more "dressed up version" of the old complaint . . . with no new facts. At a broader level, the court's understandable skepticism towards the damage claims in this case illustrates how difficult it is to bring claims based on unsolicited marketing communications (whether received via your phone or your computer).
Advice to defendants. Transmitting unsolicited text messages is not free of risk. The Telephone Consumer Protection Act is one possible avenue for plaintiffs, and courts are not always deferential to broadly (and poorly) worded opt-ins. (See Eric's post on Satterfield v. Simon & Schuster here.)