Loss for QVC on Internet Crawling Case

In an opinion that has defined a section of the Computer Fraud and Abuse Act (CFAA), a law that has been clouded by decades of amendments, a federal judge in Philadelphia has ruled in favor of an Internet startup company and against retail giant QVC. QVC v. Resultly, 2:14-cv-06714 (E.D. Pa March 13, 2015).

U.S. District Judge Wendy Beetlestone of the Eastern District of Pennsylvania, who joined the bench at the end of 2014, rejected QVC's motion for a preliminary injunction that would have barred the startup called Resultly from selling its intellectual property before the case is over. Resultly is a four-year-old company that uses open source code to crawl retail websites in order to help users find and purchase merchandise, according to Beetlestone's opinion.

QVC filed suit last year after Resultly's method of crawling QVC's website caused the site to slow down and become inaccessible to some customers, which led to a loss of sales.

Resultly stopped crawling the QVC site after it was alerted to the problem, but QVC argued to the court that Resultly is in a 'precarious' financial situation and if it sells its Web-crawling code to another company, that company could cause the same problem to QVC's server again, according to the opinion.

QVC filed suit under a section of the CFAA that says that a person who ”knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer' has committed a federal offense,' Beetlestone said in her opinion, quoting from the statute and adding emphasis to the portions implicating scienter, which were contested by the parties and unclear in the statute.

'Because 'intentionally' is not defined by the statute, the issue the court must decide is what level of intent is required to satisfy the mens rea portion' of that subsection, Beetlestone said.

She then launched into a nearly 20-page analysis of the legislative history of the law, including a review of the amendments to it over its 31-year life, and the U.S. Court of Appeals for the Third Circuit's related case law.

'The court finds that the plain language of the statute clearly requires that a Section 1030(a)(5)(A) defendant both knowingly transmit a code and intend to cause damage to the plaintiff's computer. This reading is consistent with the statute's legislative history and Third Circuit law. The court further finds that while circumstantial evidence may be used to show intent, that evidence must show that it was the [defendant's] conscious objective to cause an 'impairment to the integrity or availability of data, a program, a system, or information.' Reckless or negligent behavior premised on the defendant's sophistication is insufficient,' Beetlestone said.

The statute clearly has a dual standard of scienter, the judge said, pointing to the 'knowingly' and 'intentionally' language in the law.

Looking to Third Circuit case law, Beetlestone said the appeals court has defined 'intentionally,' in the criminal context, as committing an act ”deliberately and not by accident.” She quoted from the Third Circuit's 2006 opinion in United States v. Carlson, No. 05-3562, which involved a man who sent thousands of e-mails to members of the Philadelphia Phillies, flooding their inboxes with e-mails.

Putting that definition in the context of Section 1030(a)(5)(A) of the CFAA, the Third Circuit in Carlson held that 'a violation occurs if it was 'the defendant's conscious objective' to cause harm to a protected computer,' Beetlestone said.

Referring to a 2014 case from the Middle District of Pennsylvania, United States v. Prugar, Crim. No. 1:12-CR-267 (MD Pa. 2014), Beetlestone said: 'The court agrees that Carlson and Prugar support QVC's contention that a Section 1030(a)(5)(A) plaintiff may use circumstantial evidence to infer intent to cause damage. ' However, it is still unclear what specifically the circumstantial evidence would need to show.'

QVC didn't convince the judge that Resultly had intended to impair its servers or cause 'even 'some modicum' of harm,' Beetlestone said.

Andrew Grosso of Andrew Grosso & Associates in Washington, DC, represented Resultly and said this is an 'important decision in that it provides a framework for this case and future cases for what is and is not a violation of the act.'

To have a detailed analysis about how this part of the law should be applied and how scienter should be evaluated is a 'valuable roadmap for lawyers' who practice in this area, Grosso said.

Chad Rutkowski of Baker & Hostetler in Philadelphia represented QVC and couldn't be reached for comment.

Saranac Hale Spencer writes for'The Legal Intelligencer, an ALM sibling of'Internet Law & Strategy, in which this article originally appeared. She can be reached at'[email protected]. Follow her on Twitter'@SSpencerTLI.

In an opinion that has defined a section of the Computer Fraud and Abuse Act (CFAA), a law that has been clouded by decades of amendments, a federal judge in Philadelphia has ruled in favor of an Internet startup company and against retail giant QVC. QVC v. Resultly, 2:14-cv-06714 (E.D. Pa March 13, 2015).

U.S. District Judge Wendy Beetlestone of the Eastern District of Pennsylvania, who joined the bench at the end of 2014, rejected QVC's motion for a preliminary injunction that would have barred the startup called Resultly from selling its intellectual property before the case is over. Resultly is a four-year-old company that uses open source code to crawl retail websites in order to help users find and purchase merchandise, according to Beetlestone's opinion.

QVC filed suit last year after Resultly's method of crawling QVC's website caused the site to slow down and become inaccessible to some customers, which led to a loss of sales.

Resultly stopped crawling the QVC site after it was alerted to the problem, but QVC argued to the court that Resultly is in a 'precarious' financial situation and if it sells its Web-crawling code to another company, that company could cause the same problem to QVC's server again, according to the opinion.

QVC filed suit under a section of the CFAA that says that a person who ”knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer' has committed a federal offense,' Beetlestone said in her opinion, quoting from the statute and adding emphasis to the portions implicating scienter, which were contested by the parties and unclear in the statute.

'Because 'intentionally' is not defined by the statute, the issue the court must decide is what level of intent is required to satisfy the mens rea portion' of that subsection, Beetlestone said.

She then launched into a nearly 20-page analysis of the legislative history of the law, including a review of the amendments to it over its 31-year life, and the U.S. Court of Appeals for the Third Circuit's related case law.

'The court finds that the plain language of the statute clearly requires that a Section 1030(a)(5)(A) defendant both knowingly transmit a code and intend to cause damage to the plaintiff's computer. This reading is consistent with the statute's legislative history and Third Circuit law. The court further finds that while circumstantial evidence may be used to show intent, that evidence must show that it was the [defendant's] conscious objective to cause an 'impairment to the integrity or availability of data, a program, a system, or information.' Reckless or negligent behavior premised on the defendant's sophistication is insufficient,' Beetlestone said.

The statute clearly has a dual standard of scienter, the judge said, pointing to the 'knowingly' and 'intentionally' language in the law.

Looking to Third Circuit case law, Beetlestone said the appeals court has defined 'intentionally,' in the criminal context, as committing an act ”deliberately and not by accident.” She quoted from the Third Circuit's 2006 opinion in United States v. Carlson, No. 05-3562, which involved a man who sent thousands of e-mails to members of the Philadelphia Phillies, flooding their inboxes with e-mails.

Putting that definition in the context of Section 1030(a)(5)(A) of the CFAA, the Third Circuit in Carlson held that 'a violation occurs if it was 'the defendant's conscious objective' to cause harm to a protected computer,' Beetlestone said.

Referring to a 2014 case from the Middle District of Pennsylvania, United States v. Prugar, Crim. No. 1:12-CR-267 (MD Pa. 2014), Beetlestone said: 'The court agrees that Carlson and Prugar support QVC's contention that a Section 1030(a)(5)(A) plaintiff may use circumstantial evidence to infer intent to cause damage. ' However, it is still unclear what specifically the circumstantial evidence would need to show.'

QVC didn't convince the judge that Resultly had intended to impair its servers or cause 'even 'some modicum' of harm,' Beetlestone said.

Andrew Grosso of Andrew Grosso & Associates in Washington, DC, represented Resultly and said this is an 'important decision in that it provides a framework for this case and future cases for what is and is not a violation of the act.'

To have a detailed analysis about how this part of the law should be applied and how scienter should be evaluated is a 'valuable roadmap for lawyers' who practice in this area, Grosso said.

Chad Rutkowski of Baker & Hostetler in Philadelphia represented QVC and couldn't be reached for comment.

Saranac Hale Spencer writes for'The Legal Intelligencer, an ALM sibling of'Internet Law & Strategy, in which this article originally appeared. She can be reached at'[email protected]. Follow her on Twitter'@SSpencerTLI.