Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

Transmission Claims Under the Computer Fraud and Abuse Act

By Richard Raysman
January 31, 2013

The Computer Fraud and Abuse Act (“CFAA”) prohibits a number of different computer crimes, the majority of which involve accessing computers “without authorization” or in excess of authorization, and then taking specified forbidden actions, ranging from obtaining information to destroying computer data. See 18 U.S.C. ' 1030(a)(1)-(7). Although principally a criminal statute, the CFAA provides for a private civil right of action, allowing for awards of damages and injunctive relief in favor of any person who suffers a loss due to a violation of the Act. See 18 U.S.C. ' 1030(g). Given the allure of robust remedies in federal court, companies routinely plead CFAA unauthorized access claims ' in addition to state law causes of action for misappropriation and breach of contract ' against former employees who seek a competitive edge through the use of information misappropriated from their former employer's computer network.

Beyond CFAA “authorization” claims, parties have also sought to use the CFAA in cases involving unauthorized “transmissions” of information that cause damage. To state a transmission claim, a plaintiff must allege that the defendant “knowingly cause[d] the transmission of a program, information, code, or command, and as a result of such conduct, intentionally cause[d] damage without authorization, to a protected computer.” 18 U.S.C. ' 1030(a)(5)(A). Unlike other subsections of the statute which prohibit unauthorized access, a CFAA transmission claim is predicated on the defendant intentionally causing unauthorized damage. The CFAA defines the term “damage” as “any impairment to the integrity or availability of data, a program, a system, or information.” 18 U.S.C. ' 1030(e)(8).

Disagreement Among the Courts

There is disagreement among courts on whether the mere unauthorized copying, downloading, or e-mailing of proprietary information is sufficient to allege impairment of the integrity of data or a network. Some courts construe the term narrowly, and limit “damage” to those circumstances where there is “some diminution in the completeness or usability of data or information on a computer system.” See e.g., Garelli Wong & Assocs, Inc. v. Nichols, 551 F. Supp. 2d 704 (N.D. Ill. 2008) (CFAA liability does not arise merely by copying data). Courts advocating a broader interpretation have held that copying or sending confidential information constitutes damage because it causes irreparable harm to the integrity of the computer system or database. See e.g., Shurgard Storage Ctrs., Inc. v. Safeguard Self Storage, Inc., 119 F. Supp. 2d 1121 (W.D. Wash. 2000) (allegations of infiltrating a computer network and gathering and disseminating confidential information impaired the integrity of data even though no data were physically changed or erased).

The Success of a Claim

The success of a CFAA transmission claim turns on whether a plaintiff adequately states allegations of damage and intent. Computers, networks, and even smartphones and other modern wireless devices have finite resources in terms of internal memory, bandwidth and storage capacity to handle a certain amount of incoming data. For example, courts have found that when a large volume of unsolicited spam causes slowdowns or diminishes the capacity of an ISP or computer network to serve users, an “impairment” has occurred. However, courts typically require proof of more than simply an incremental impact to a computer network or device from a few unwanted transmissions. Rather, courts generally require an unwanted intrusion that, in the aggregate, overwhelms a device's or network's capacity and results in a delay or interruption of service. Beyond the requirement of damage, a plaintiff must also show that the defendant's culpable conduct was intended to cause the impairment of service, alleging facts that plausibly support a theory that the defendant knew that its unwanted transmissions would cause damage to the plaintiff's systems or devices by pushing them past their operational limits and disrupting service.

In determining the sufficiency of the pleadings, some courts have rejected transmission claims as vague and fanciful. For example, in Czech v. Wall Street on Demand, Inc., 674 F. Supp. 2d 1102 (D. Minn. 2009), the plaintiff commenced a putative action against the defendant alleging that unwanted text messages from the defendant consumed limited resources on her mobile phone, thereby constituting “damage” under the CFAA. The court ruled that the damage allegations were conclusory and dismissed the complaint. It found that absent an allegation of interruption of telephone or messaging services, the receipt of an unwanted text message, even if such a transmission were to consume limited electronic resources, did not constitute damage under the CFAA. The court commented that such a theory would necessarily extend “damage” to include the receipt of even wanted messages (which conceivably consume the same amount of a phone's capacity). According to the court, damage under the CFAA does not occur simply by “any use or consumption of a device's limited resources,” but rather damage must arise from an impairment of performance “that occurs when the cumulative impact of all calls or messages at any given time exceeds the device's finite capacity so as to result in a slowdown, if not an outright 'shutdown,' of service.” Id. at 1117.

In another case, the court also found a plaintiff's CFAA transmission claim deficient. In Condux Int'l, Inc. v. Haugum, 2008 WL 5244818 (D. Minn. Dec. 15, 2008), the defendant allegedly misappropriated customer lists and other confidential business information for a competing venture and the plaintiff-former employer brought, among other causes of action, a CFAA transmission claim, based upon the defendant's attempt to delete evidence of his download of proprietary information from the plaintiff's computer system. The court dismissed the plaintiff's transmission claims, because the misappropriation of trade secrets from a database, by itself, is insufficient to allege impairment to the integrity or availability of data or a system, as required under the statute. The court found no diminishment in the “completeness or useability” of the plaintiff's data, and while the defendant's alleged activities may well have compromised the secrecy of the proprietary information, “the plain language of the statute requires some alteration of or diminution to the integrity, stability, or accessibility of the computer data itself.” Id. at *8. Notably, the court stated, in dicta, that an allegation that the defendant deleted computer data would “perhaps be sufficient” to constitute damage under the CFAA, but the plaintiff-employer advanced no claims of actual deletion of data.

However, courts have permitted CFAA transmission claims to go forward in the civil and criminal context when the plaintiff has made an adequate showing of damage or impairment to a computer network. Examining allegations of a network “slowdown,” the Sixth Circuit allowed a CFAA transmission claim to go forward related to impairment to a communication network. In Pulte Homes Inc. v. Laborers Int'l Union of North America, 648 F.3d 295 (6th Cir. 2011), a company suffered impairment to business operations due to the defendant's campaign to bombard the company with thousands of e-mails and voicemails. The appeals court reversed the lower court's dismissal of the plaintiff's CFAA transmission claim, finding that the e-mail campaign may have caused “damage” under the statute and that the defendant acted with a conscious purpose to impair the plaintiff's computer systems. The court pointed to the allegations in the complaint, which claimed that the barrage of transmissions to the plaintiff's network diminished its ability to use its systems and data and prevented the plaintiff from receiving calls and accessing or sending some e-mails. See also Becker v. Toca, 2008 WL 4443050, at *5 (E.D. La. Sept. 26, 2008) (“Error messages and slow processing constitute impairments to the integrity or availability of data.”). Moreover, the court found the complaint sufficiently alleged that the defendant acted with a conscious purpose of causing damage to the plaintiff's computer system, given the defendant's rhetoric of “fighting back” against the plaintiff's labor practices, which hinted that a slowdown of the plaintiff's systems was at least one of its objectives.

Similarly, a New Jersey district court, in Kalow & Springnut, LLP v. Commence Corp., 2009 WL 44748 (D.N.J. Jan. 6, 2009) (unpublished), allowed a plaintiff to proceed with CFAA transmission claims against a software maker that allegedly distributed billing and calendaring software with malicious code containing a “time bomb” that caused the software to cease functioning after a certain time. The court found that the plaintiff had sufficiently pled its claim that the defendant intended to transmit defective software code capable of causing damage to a computer system. The court looked to allegations that since the plaintiff had not altered its computer systems, the defendant's software, which does not “wear out or fail like a mechanical device,” would not have stopped operating but for an intentional use of a “time-bomb.” See also United States v. Carlson, 209 Fed.Appx. 181 (3d Cir. 2006) (CFAA transmission conviction upheld where the defendant admitted to engineering a mass e-mailing method that flooded an inbox with unwanted e-mails and impaired the user's ability to access “good” e-mails; as to intent, the court pointed to the defendant's level of technical savvy, combined with his actions, to conclude that the defendant intended the consequences of his actions).


Richard Raysman, a member of this newsletter's Board of Editors, is a partner at Holland & Knight LLP. He is a co-author of “Computer Law: Drafting and Negotiating Forms and Agreements” (Law Journal Press).

The Computer Fraud and Abuse Act (“CFAA”) prohibits a number of different computer crimes, the majority of which involve accessing computers “without authorization” or in excess of authorization, and then taking specified forbidden actions, ranging from obtaining information to destroying computer data. See 18 U.S.C. ' 1030(a)(1)-(7). Although principally a criminal statute, the CFAA provides for a private civil right of action, allowing for awards of damages and injunctive relief in favor of any person who suffers a loss due to a violation of the Act. See 18 U.S.C. ' 1030(g). Given the allure of robust remedies in federal court, companies routinely plead CFAA unauthorized access claims ' in addition to state law causes of action for misappropriation and breach of contract ' against former employees who seek a competitive edge through the use of information misappropriated from their former employer's computer network.

Beyond CFAA “authorization” claims, parties have also sought to use the CFAA in cases involving unauthorized “transmissions” of information that cause damage. To state a transmission claim, a plaintiff must allege that the defendant “knowingly cause[d] the transmission of a program, information, code, or command, and as a result of such conduct, intentionally cause[d] damage without authorization, to a protected computer.” 18 U.S.C. ' 1030(a)(5)(A). Unlike other subsections of the statute which prohibit unauthorized access, a CFAA transmission claim is predicated on the defendant intentionally causing unauthorized damage. The CFAA defines the term “damage” as “any impairment to the integrity or availability of data, a program, a system, or information.” 18 U.S.C. ' 1030(e)(8).

Disagreement Among the Courts

There is disagreement among courts on whether the mere unauthorized copying, downloading, or e-mailing of proprietary information is sufficient to allege impairment of the integrity of data or a network. Some courts construe the term narrowly, and limit “damage” to those circumstances where there is “some diminution in the completeness or usability of data or information on a computer system.” See e.g., Garelli Wong & Assocs, Inc. v. Nichols , 551 F. Supp. 2d 704 (N.D. Ill. 2008) (CFAA liability does not arise merely by copying data). Courts advocating a broader interpretation have held that copying or sending confidential information constitutes damage because it causes irreparable harm to the integrity of the computer system or database. See e.g., Shurgard Storage Ctrs., Inc. v. Safeguard Self Storage, Inc. , 119 F. Supp. 2d 1121 (W.D. Wash. 2000) (allegations of infiltrating a computer network and gathering and disseminating confidential information impaired the integrity of data even though no data were physically changed or erased).

The Success of a Claim

The success of a CFAA transmission claim turns on whether a plaintiff adequately states allegations of damage and intent. Computers, networks, and even smartphones and other modern wireless devices have finite resources in terms of internal memory, bandwidth and storage capacity to handle a certain amount of incoming data. For example, courts have found that when a large volume of unsolicited spam causes slowdowns or diminishes the capacity of an ISP or computer network to serve users, an “impairment” has occurred. However, courts typically require proof of more than simply an incremental impact to a computer network or device from a few unwanted transmissions. Rather, courts generally require an unwanted intrusion that, in the aggregate, overwhelms a device's or network's capacity and results in a delay or interruption of service. Beyond the requirement of damage, a plaintiff must also show that the defendant's culpable conduct was intended to cause the impairment of service, alleging facts that plausibly support a theory that the defendant knew that its unwanted transmissions would cause damage to the plaintiff's systems or devices by pushing them past their operational limits and disrupting service.

In determining the sufficiency of the pleadings, some courts have rejected transmission claims as vague and fanciful. For example, in Czech v. Wall Street on Demand, Inc. , 674 F. Supp. 2d 1102 (D. Minn. 2009), the plaintiff commenced a putative action against the defendant alleging that unwanted text messages from the defendant consumed limited resources on her mobile phone, thereby constituting “damage” under the CFAA. The court ruled that the damage allegations were conclusory and dismissed the complaint. It found that absent an allegation of interruption of telephone or messaging services, the receipt of an unwanted text message, even if such a transmission were to consume limited electronic resources, did not constitute damage under the CFAA. The court commented that such a theory would necessarily extend “damage” to include the receipt of even wanted messages (which conceivably consume the same amount of a phone's capacity). According to the court, damage under the CFAA does not occur simply by “any use or consumption of a device's limited resources,” but rather damage must arise from an impairment of performance “that occurs when the cumulative impact of all calls or messages at any given time exceeds the device's finite capacity so as to result in a slowdown, if not an outright 'shutdown,' of service.” Id. at 1117.

In another case, the court also found a plaintiff's CFAA transmission claim deficient. In Condux Int'l, Inc. v. Haugum, 2008 WL 5244818 (D. Minn. Dec. 15, 2008), the defendant allegedly misappropriated customer lists and other confidential business information for a competing venture and the plaintiff-former employer brought, among other causes of action, a CFAA transmission claim, based upon the defendant's attempt to delete evidence of his download of proprietary information from the plaintiff's computer system. The court dismissed the plaintiff's transmission claims, because the misappropriation of trade secrets from a database, by itself, is insufficient to allege impairment to the integrity or availability of data or a system, as required under the statute. The court found no diminishment in the “completeness or useability” of the plaintiff's data, and while the defendant's alleged activities may well have compromised the secrecy of the proprietary information, “the plain language of the statute requires some alteration of or diminution to the integrity, stability, or accessibility of the computer data itself.” Id. at *8. Notably, the court stated, in dicta, that an allegation that the defendant deleted computer data would “perhaps be sufficient” to constitute damage under the CFAA, but the plaintiff-employer advanced no claims of actual deletion of data.

However, courts have permitted CFAA transmission claims to go forward in the civil and criminal context when the plaintiff has made an adequate showing of damage or impairment to a computer network. Examining allegations of a network “slowdown,” the Sixth Circuit allowed a CFAA transmission claim to go forward related to impairment to a communication network. In Pulte Homes Inc. v. Laborers Int'l Union of North America , 648 F.3d 295 (6th Cir. 2011), a company suffered impairment to business operations due to the defendant's campaign to bombard the company with thousands of e-mails and voicemails. The appeals court reversed the lower court's dismissal of the plaintiff's CFAA transmission claim, finding that the e-mail campaign may have caused “damage” under the statute and that the defendant acted with a conscious purpose to impair the plaintiff's computer systems. The court pointed to the allegations in the complaint, which claimed that the barrage of transmissions to the plaintiff's network diminished its ability to use its systems and data and prevented the plaintiff from receiving calls and accessing or sending some e-mails. See also Becker v. Toca, 2008 WL 4443050, at *5 (E.D. La. Sept. 26, 2008) (“Error messages and slow processing constitute impairments to the integrity or availability of data.”). Moreover, the court found the complaint sufficiently alleged that the defendant acted with a conscious purpose of causing damage to the plaintiff's computer system, given the defendant's rhetoric of “fighting back” against the plaintiff's labor practices, which hinted that a slowdown of the plaintiff's systems was at least one of its objectives.

Similarly, a New Jersey district court, in Kalow & Springnut, LLP v. Commence Corp., 2009 WL 44748 (D.N.J. Jan. 6, 2009) (unpublished), allowed a plaintiff to proceed with CFAA transmission claims against a software maker that allegedly distributed billing and calendaring software with malicious code containing a “time bomb” that caused the software to cease functioning after a certain time. The court found that the plaintiff had sufficiently pled its claim that the defendant intended to transmit defective software code capable of causing damage to a computer system. The court looked to allegations that since the plaintiff had not altered its computer systems, the defendant's software, which does not “wear out or fail like a mechanical device,” would not have stopped operating but for an intentional use of a “time-bomb.” See also United States v. Carlson , 209 Fed.Appx. 181 (3d Cir. 2006) (CFAA transmission conviction upheld where the defendant admitted to engineering a mass e-mailing method that flooded an inbox with unwanted e-mails and impaired the user's ability to access “good” e-mails; as to intent, the court pointed to the defendant's level of technical savvy, combined with his actions, to conclude that the defendant intended the consequences of his actions).


Richard Raysman, a member of this newsletter's Board of Editors, is a partner at Holland & Knight LLP. He is a co-author of “Computer Law: Drafting and Negotiating Forms and Agreements” (Law Journal Press).

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
COVID-19 and Lease Negotiations: Early Termination Provisions Image

During the COVID-19 pandemic, some tenants were able to negotiate termination agreements with their landlords. But even though a landlord may agree to terminate a lease to regain control of a defaulting tenant's space without costly and lengthy litigation, typically a defaulting tenant that otherwise has no contractual right to terminate its lease will be in a much weaker bargaining position with respect to the conditions for termination.

How Secure Is the AI System Your Law Firm Is Using? Image

What Law Firms Need to Know Before Trusting AI Systems with Confidential Information In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.

Pleading Importation: ITC Decisions Highlight Need for Adequate Evidentiary Support Image

The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.

Authentic Communications Today Increase Success for Value-Driven Clients Image

As the relationship between in-house and outside counsel continues to evolve, lawyers must continue to foster a client-first mindset, offer business-focused solutions, and embrace technology that helps deliver work faster and more efficiently.

The Power of Your Inner Circle: Turning Friends and Social Contacts Into Business Allies Image

Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.