Int’l Airport Centers, L.L.C., et al., Plaintiff-Appellants v Jacob Citrin, Defendant-Appellee
United States Court of Appeals for the Seventh Circuit
Opinion by Judge Posner
440 F.3d 418 ((lex:440 F.3d 418)
Facts of the Case: Defendant, Citrin, was employed by the Plaintiffs (“IACâ€), a group of affiliated companies engaged in the real estate business. Citrin was given an IAC laptop and instructed to “identify properties that IAC might want to acquire, and to assist in any ensuing acquisition. (He was to record his findings on the laptop.) Deciding to become self-employed, Citrin quit IAC, in breach of his employment contract. In addition to breaching his contract, Citrin proceeded to delete all of the data from the laptop before returning it to IAC. This data included important information for which IAC lacked any back-up files. Because Citrin deleted the data with the help of a “secure-erasure program,†which wrote over the deleted files, IAC was unable to recover any of the data. IAC then initiated this suit against Citrin under the Computer Fraud and Abuse Act (CFAA).
Procedural Posture: Appeal from the United States District Court for the Northern District of Illinois, Eastern Division. Plaintiff appeals the dismissal of its complaint for failure to state a claim.
Issue: At issue in this case is the meaning/interpretation of the word “transmission†in the Computer Fraud and Abuse Act (“CFAAâ€), 18 U.S.C. § 1030. According to the pertinent part of that statute, 18 U.S.C. § 1030(a)(5)(A)(i), whoever “knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer,†violates the CFAA. (Here, Citrin alleges that “merely erasing a file from a computer is not a ‘transmission.’â€)
Holding: Judgment is reversed with instructions to reinstate the suit. Under the CFAA, the precise method of transmission does not have to be known or disclosed in order to survive a motion to dismiss for failure to state a claim. Rather, any evidence of a transmission, regardless of the precise type, is sufficient to withstand a motion to dismiss a CFAA, 18 U.S.C. § 1030, claim.
Important Dicta: “We don’t see what difference the precise mode of transmission can make. In either the Internet download or the disk insertion, a program intend to cause damage . . . is transmitted to the computer electronically.â€
Likely Future Importance or Unanswered Questions: Although the court determined that the precise mode of transmission was irrelevant to survive a motion to dismiss for failure to state a claim, it is possible that the mode of transmission may be important to a dispositive issue in the future. Furthermore, it is yet to be determined how much importance other courts will place on the precise mode of transmission and how “transmission†will be defined in the future.
Critical Analysis:
Transmission:
The specific transmission of the secure-erasure program to the laptop is unknown. The program may have been downloaded from the internet, or it may have been copied onto the computer from a disk. Whether or not the use of the program constituted a “transmission,†so as to fall under the CFAA, is at issue in this case. According to the Court, “we don’t see what difference the precise mode of transmission can make. In either the Internet download or the disk insertion, a program intended to cause damage . . . is transmitted to the computer electronically.†The only conceivable difference between the two modes of transmission, as stated by the Court, is the degree to which the perpetrator has physical access to the computer at issue under each method. “Transmission via disk requires that the malefactor have physical access to the computer,†whereas transmission by internet does not. Rather, transmission by internet can occur “afar by transmitting a virus.†The Court determined that the precise mode of transmission here was unimportant because Congress was concerned with both modes of attack, of transmission—both internet and disk—when it crafted the CFAA. In making this determination, the Seventh Circuit relied on a plain ready of Section 1030(a)(5)(A)(ii), which states whoever “intentionally accesses a protected computer, without authorization, and as a result of such conduct, recklessly causes damage†violates the Act. Thus, “it can’t make any difference that the destructive program comes on a physical medium, such as a floppy disk or CD,†as opposed to via the internet.
Authorization:
The Court determined that Citrin was without authorization to access the laptop at the time he permanently deleted the computer’s data, because he breached his duty of loyalty when he violated his employment agreement and decided to quit his job with IAC. Thus, without the employment/agency relationship, Citrin had no authority to access the laptop, as his authority to utilize the laptop was tied to his contractual employment duties.
United States Court of Appeals for the Seventh Circuit
Opinion by Judge Posner
440 F.3d 418 ((lex:440 F.3d 418)
Facts of the Case: Defendant, Citrin, was employed by the Plaintiffs (“IACâ€), a group of affiliated companies engaged in the real estate business. Citrin was given an IAC laptop and instructed to “identify properties that IAC might want to acquire, and to assist in any ensuing acquisition. (He was to record his findings on the laptop.) Deciding to become self-employed, Citrin quit IAC, in breach of his employment contract. In addition to breaching his contract, Citrin proceeded to delete all of the data from the laptop before returning it to IAC. This data included important information for which IAC lacked any back-up files. Because Citrin deleted the data with the help of a “secure-erasure program,†which wrote over the deleted files, IAC was unable to recover any of the data. IAC then initiated this suit against Citrin under the Computer Fraud and Abuse Act (CFAA).
Procedural Posture: Appeal from the United States District Court for the Northern District of Illinois, Eastern Division. Plaintiff appeals the dismissal of its complaint for failure to state a claim.
Issue: At issue in this case is the meaning/interpretation of the word “transmission†in the Computer Fraud and Abuse Act (“CFAAâ€), 18 U.S.C. § 1030. According to the pertinent part of that statute, 18 U.S.C. § 1030(a)(5)(A)(i), whoever “knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer,†violates the CFAA. (Here, Citrin alleges that “merely erasing a file from a computer is not a ‘transmission.’â€)
Holding: Judgment is reversed with instructions to reinstate the suit. Under the CFAA, the precise method of transmission does not have to be known or disclosed in order to survive a motion to dismiss for failure to state a claim. Rather, any evidence of a transmission, regardless of the precise type, is sufficient to withstand a motion to dismiss a CFAA, 18 U.S.C. § 1030, claim.
Important Dicta: “We don’t see what difference the precise mode of transmission can make. In either the Internet download or the disk insertion, a program intend to cause damage . . . is transmitted to the computer electronically.â€
Likely Future Importance or Unanswered Questions: Although the court determined that the precise mode of transmission was irrelevant to survive a motion to dismiss for failure to state a claim, it is possible that the mode of transmission may be important to a dispositive issue in the future. Furthermore, it is yet to be determined how much importance other courts will place on the precise mode of transmission and how “transmission†will be defined in the future.
Critical Analysis:
Transmission:
The specific transmission of the secure-erasure program to the laptop is unknown. The program may have been downloaded from the internet, or it may have been copied onto the computer from a disk. Whether or not the use of the program constituted a “transmission,†so as to fall under the CFAA, is at issue in this case. According to the Court, “we don’t see what difference the precise mode of transmission can make. In either the Internet download or the disk insertion, a program intended to cause damage . . . is transmitted to the computer electronically.†The only conceivable difference between the two modes of transmission, as stated by the Court, is the degree to which the perpetrator has physical access to the computer at issue under each method. “Transmission via disk requires that the malefactor have physical access to the computer,†whereas transmission by internet does not. Rather, transmission by internet can occur “afar by transmitting a virus.†The Court determined that the precise mode of transmission here was unimportant because Congress was concerned with both modes of attack, of transmission—both internet and disk—when it crafted the CFAA. In making this determination, the Seventh Circuit relied on a plain ready of Section 1030(a)(5)(A)(ii), which states whoever “intentionally accesses a protected computer, without authorization, and as a result of such conduct, recklessly causes damage†violates the Act. Thus, “it can’t make any difference that the destructive program comes on a physical medium, such as a floppy disk or CD,†as opposed to via the internet.
Authorization:
The Court determined that Citrin was without authorization to access the laptop at the time he permanently deleted the computer’s data, because he breached his duty of loyalty when he violated his employment agreement and decided to quit his job with IAC. Thus, without the employment/agency relationship, Citrin had no authority to access the laptop, as his authority to utilize the laptop was tied to his contractual employment duties.