Tuesday, July 29, 2014
Ad Astra Attorney Anne Smiddy Co-Authors "2014 ABC Desk Guide" Published By The State Bar Of California
The Insolvency Law Standing Committee of the Business Law Section of the State Bar of California recently published the “2014 ABC Desk Guide,” coauthored by Anne Smiddy of Ad Astra Law Group LLP. Ms. Smiddy co-authored the Desk Guide with Patrick Costello, Esq. of Vectis Law Group, Diana Donabedian Herman, Esq. of McKenna, Long, Aldridge LLP, and Justin E. Rawlins, Esq. of Winston & Strawn LLP, with Peter C. Califano, Esq. of Cooper, White & Cooper as editor. The Desk Guide provides a convenient compilation and outline of the relevant state and federal statutes and cases affecting the operation of assignments for the benefit of creditors under California law. The practice guide is available for purchase from the State Bar of California.
Friday, July 25, 2014
Opinion Roundup: California District Courts and the Computer Fraud and Abuse Act - January 2014 through June 2014 - Part Three
Written by Keenan W. Ng
This is the third part of three part-series on federal district court opinions in California regarding the CFAA. The first part of this series can be found here. The second part of this series can be found here.
Overall, California district courts have regularly followed the holdings in Nosal and Brekka regarding “use” versus “access.” In summary, courts in the Ninth Circuit have generally held that the CFAA does not prohibit misusing information, such as in a trade secrets misappropriation violation: if you are allowed to access information, what you do with that information is not a violation of the CFAA, even if it is contrary to the interests of your employer. On the other hand, if were not allowed to access information – say you quit or were fired – then a CFAA claim could likely withstand Ninth Circuit scrutiny.
It will be interesting to see how the courts make their decisions, especially as the divide between employment-based CFAA claims (“inside hacker” claims) and non-employment-based (external “hacker” claims) become more prevalent. Of course, you can always come back to Scripta Ad Astra to read about the latest CFAA, computer crimes, and cyber security developments.
NetApp, Inc. v. Nimble Storage, 2014 U.S. Dist. LEXIS 65818 (N.D. Cal. May 12, 2014)
Judge: Lucy H. Koh, United States District Judge.
Plaintiff NetApp, Inc. filed suit against Defendants Nimble Storage, Inc. (“Nimble”), a competitor of NetApp, some former NetApp employees, and Michael Reynolds, who used to work at Thomas Duryea Consulting (“TDC”). NetApp alleges that when it contracted with TDC, it provided Reynolds with access to NetApp’s computer systems and other information. In April 2013, Reynolds left TDC, but continued to access NetApp’s databases from June 2013 through August 2013, where he used confidential, proprietary information to solicit business for Nimble.
Allegations Against Reynolds
With respect to the CFAA, defendant Reynolds argued that NetApp did not plead any facts supporting that he was acting “without authorization” or had “exceeded authorized access” because his access to NetApp’s system was never revoked, even after he stopped working for TDC, and thus did not breach any “technological barriers.”
NetApp argued that “CFAA liability does not require circumvention of any technological barriers, and that Reynolds lost his permission to access NetApp's systems (and knew that he lost that permission) as soon as he left TDC and no longer performed services for NetApp.”
Relying on LVRC Holdings LLC v. Brekka, 581 F.3d 1127 (9th Cir. 2009), United States v. Nosal, 676 F.3d 854 (9th Cir. 2012), and Weingand v. Harland Financial Solutions, Inc., 2012 U.S. Dist. LEXIS 84844 (N.D. Cal. June 19, 2012), among other cases, the court held that to state a claim under the CFAA it was not necessary to plead circumvention of a technological barrier, especially when such access to the information was performed after termination of contract or employment.
The NetApp court next considered whether the CFAA needed to be pled with particularity as consistent with the fraud pleading standards of Fed. R. Civ. P. 9(b). The court concluded that the CFAA does not need to meet the same pleading standards required under Rule 9(b) as (1) Sections 1030(a)(2) and (a)(5) do not reference “fraud”; (2) most CFAA cases in the Northern District have not applied the Rule 9(b) pleading standard; and (3) even under Section 1030(a)(4), which does mention “fraud,” the heightened pleading standard is only applicable when the claim itself is grounded in patterns of fraudulent conduct.
Reynolds lastly argued that NetApp failed to plead any “damage” under the CFAA with respect to Section 1030(a)(5) (but not Sections 1030(a)(2) and (a)(4), which requires "damage" to a plaintiff's computer systems. The court held that "damage" means harm to computers or networks, not economic harm due to the commercial value of the data itself. As NetApp only alleged that Reynolds accessed its databases without permission, not that he damaged any systems or destroyed any data, it did not properly plead the damages element under the CFAA with respect to its Section 1030(a)(5) claim.
Allegations Against Nimble
NetApp alleges that Nimble violated the CFAA under two theories: (1) Nimble is vicariously liable for Reynolds's acts, and (2) Nimble conspired with Reynolds. The court denied both of these claims.
With respect to the first theory, while the court acknowledged that courts have held that an employer can be vicariously liable for an employee's violations of the CFAA if those transgressions occur in the scope of employment or the employer directs the employee's conduct, the court found no allegation that Nimble AUS was Nimble's alter ego, or that Nimble directed Reynolds's unauthorized access, and that even if Reynolds “used” stolen information “on behalf of Nimble,” it would not establish that Reynolds violated the CFAA at Nimble’s behest.
With respect to conspiracy, the court stated that other courts have required specific allegations of an agreement and common activities to state a conspiracy claim. The court found that NetApp did not allege specific enough facts to indicate conspiracy other than bare facts, and thus dismissed the allegation with leave to amend.
Opperman v. Path, Inc., 2014 U.S. Dist. LEXIS 67225 (N.D. Cal. May 14, 2014)
Judge: Jon S. Tigar, United States District Judge.
Plaintiffs are a class action of consumers. With the exception of Apple, defendants are app developers (“App Defendants”). In short, plaintiffs allege that the App Defendants' apps have been surreptitiously stealing and disseminating the contact information stored by customers on Apple devices. Plaintiffs bring their CFAA claims against the App Defendants only.
With respect to the CFAA, the court affirmed that they key issue is whether defendants accessed plaintiffs’ computers “without authorization.” Because the plaintiffs had voluntarily downloaded the software applications in question, defendants had not operated “without authorization” in violation of the CFAA. See, e.g., iPhone I, 2011 U.S. Dist. LEXIS 106865, ("Where the software that allegedly harmed the phone was voluntarily downloaded by the user, other courts in this District and elsewhere have reasoned that users would have serious difficulty pleading a CFAA violation.").
Flextronics Int'l, Ltd. v. Parametric Tech. Corp., 2014 U.S. Dist. LEXIS 73354 (N.D. Cal. May 28, 2014)
Judge: Paul S. Grewal, United States Magistrate Judge.
Plaintiff Flexatronics International, Ltd. (“Flexatronics”) and Defendant Parametric Technology Corporation (“PTC”), executed an "Enterprise Agreement," which granted Flextronics a license to use PTC's software on its computers. PTC brought to Flexatronics attention that Flexatronics was using unauthorized copies of PTC’s software on its systems. In response, Flexatronics began an investigation and discovered that PTC had "concealed certain embedded technology in the PTC software" that it was using to access, obtain and transmit information in, from and about Flextronics' system back to PTC.
PTC challenges Flextronics' CFAA claim on two grounds: (1) the complaint does not show that Flextronics suffered a "loss" of at least $5,000, and (2) Flextronics fails to allege facts indicating that PTC accessed its system "without authorization" or "in a manner that exceeds authorized access."
With respect to the “loss” requirement, the court found that Flexatronics had all alleged that its investigation and response to PTC’s actions imposed costs and expenses to Flexatronics in excess of $5,000 in a single year, thus meeting the CFAA’s loss requirement.
Regarding the second issue, the court noted that in its amended complaint, plaintiff provided specific allegations that “‘[w]ithout notice to or authorization from Flextronics, PTC has concealed certain embedded technology in the PTC software provided to Flextronics [and] used that hidden technology to access, obtain, and transmit information in Flextronics' computers that PTC is not entitled to access, obtain, or transmit,’ followed by almost five pages of details about how it does so.”
While PTC argued that it could not be held liable under the CFAA because Flexatronics voluntarily installed PTC’s software, the court noted that while this argument may suffice as a defense to a “without authorization” claim, it does not necessarily have the same impact on a “exceeds authorized access” argument. The court then noted that Flexatronics listed the types of information to which PTC gained access, and specifically stated in its amended complaint that “PTC is not entitled to access, obtain, alter, or transmit" that information, and thus had stated sufficient information state claims under Rule 12(b)(6).
New Show Studios LLC v. Needle, 2014 U.S. Dist. LEXIS 90656 (C.D. Cal. June 30, 2014)
Judge: Christina A. Snyder, United States District Judge
Plaintiffs New Show Studios LLC, Anthony Valkanas, and Davison Design & Development, Inc. filed suit against defendants James Needle and Greg Howe. Plaintiffs allege that Needle agreed to supply Howe with New Show’s confidential client data and propriety information for the purposes of persuading New Show’s clients to breach their contracts with New Show and provide their business to one of New Show’s competitors, Television Writer’s Vault.
The court found that the plaintiffs failed to state a claim under the CFAA for two reasons. First, plaintiffs did not allege that defendants accessed a computer. Reminding the parties that the CFAA is not simply a misappropriation statute (citing Nosal), the court pointed out that while plaintiffs allege that their information was taken – information that may have been stored on a computer at one point – plaintiffs did not allege that defendants accessed a computer in order to obtain this information.
Secondly, the court noted that plaintiffs failed to allege that they suffered any “loss” as defined by the CFAA, which the court noted “must be the result of ‘damage to the computer system that was accessed without authorization.” Plaintiffs, in contrast, only pled that they lost “competitive benefit” to their competitor. The court noted that simply alleging that defendants “obtained a thing of value” was insufficient to support a claim of “loss.”
This is the third part of three part-series on federal district court opinions in California regarding the CFAA. The first part of this series can be found here. The second part of this series can be found here.
Overall, California district courts have regularly followed the holdings in Nosal and Brekka regarding “use” versus “access.” In summary, courts in the Ninth Circuit have generally held that the CFAA does not prohibit misusing information, such as in a trade secrets misappropriation violation: if you are allowed to access information, what you do with that information is not a violation of the CFAA, even if it is contrary to the interests of your employer. On the other hand, if were not allowed to access information – say you quit or were fired – then a CFAA claim could likely withstand Ninth Circuit scrutiny.
It will be interesting to see how the courts make their decisions, especially as the divide between employment-based CFAA claims (“inside hacker” claims) and non-employment-based (external “hacker” claims) become more prevalent. Of course, you can always come back to Scripta Ad Astra to read about the latest CFAA, computer crimes, and cyber security developments.
NetApp, Inc. v. Nimble Storage, 2014 U.S. Dist. LEXIS 65818 (N.D. Cal. May 12, 2014)
Judge: Lucy H. Koh, United States District Judge.
Plaintiff NetApp, Inc. filed suit against Defendants Nimble Storage, Inc. (“Nimble”), a competitor of NetApp, some former NetApp employees, and Michael Reynolds, who used to work at Thomas Duryea Consulting (“TDC”). NetApp alleges that when it contracted with TDC, it provided Reynolds with access to NetApp’s computer systems and other information. In April 2013, Reynolds left TDC, but continued to access NetApp’s databases from June 2013 through August 2013, where he used confidential, proprietary information to solicit business for Nimble.
Allegations Against Reynolds
With respect to the CFAA, defendant Reynolds argued that NetApp did not plead any facts supporting that he was acting “without authorization” or had “exceeded authorized access” because his access to NetApp’s system was never revoked, even after he stopped working for TDC, and thus did not breach any “technological barriers.”
NetApp argued that “CFAA liability does not require circumvention of any technological barriers, and that Reynolds lost his permission to access NetApp's systems (and knew that he lost that permission) as soon as he left TDC and no longer performed services for NetApp.”
Relying on LVRC Holdings LLC v. Brekka, 581 F.3d 1127 (9th Cir. 2009), United States v. Nosal, 676 F.3d 854 (9th Cir. 2012), and Weingand v. Harland Financial Solutions, Inc., 2012 U.S. Dist. LEXIS 84844 (N.D. Cal. June 19, 2012), among other cases, the court held that to state a claim under the CFAA it was not necessary to plead circumvention of a technological barrier, especially when such access to the information was performed after termination of contract or employment.
The NetApp court next considered whether the CFAA needed to be pled with particularity as consistent with the fraud pleading standards of Fed. R. Civ. P. 9(b). The court concluded that the CFAA does not need to meet the same pleading standards required under Rule 9(b) as (1) Sections 1030(a)(2) and (a)(5) do not reference “fraud”; (2) most CFAA cases in the Northern District have not applied the Rule 9(b) pleading standard; and (3) even under Section 1030(a)(4), which does mention “fraud,” the heightened pleading standard is only applicable when the claim itself is grounded in patterns of fraudulent conduct.
Reynolds lastly argued that NetApp failed to plead any “damage” under the CFAA with respect to Section 1030(a)(5) (but not Sections 1030(a)(2) and (a)(4), which requires "damage" to a plaintiff's computer systems. The court held that "damage" means harm to computers or networks, not economic harm due to the commercial value of the data itself. As NetApp only alleged that Reynolds accessed its databases without permission, not that he damaged any systems or destroyed any data, it did not properly plead the damages element under the CFAA with respect to its Section 1030(a)(5) claim.
Allegations Against Nimble
NetApp alleges that Nimble violated the CFAA under two theories: (1) Nimble is vicariously liable for Reynolds's acts, and (2) Nimble conspired with Reynolds. The court denied both of these claims.
With respect to the first theory, while the court acknowledged that courts have held that an employer can be vicariously liable for an employee's violations of the CFAA if those transgressions occur in the scope of employment or the employer directs the employee's conduct, the court found no allegation that Nimble AUS was Nimble's alter ego, or that Nimble directed Reynolds's unauthorized access, and that even if Reynolds “used” stolen information “on behalf of Nimble,” it would not establish that Reynolds violated the CFAA at Nimble’s behest.
With respect to conspiracy, the court stated that other courts have required specific allegations of an agreement and common activities to state a conspiracy claim. The court found that NetApp did not allege specific enough facts to indicate conspiracy other than bare facts, and thus dismissed the allegation with leave to amend.
Opperman v. Path, Inc., 2014 U.S. Dist. LEXIS 67225 (N.D. Cal. May 14, 2014)
Judge: Jon S. Tigar, United States District Judge.
Plaintiffs are a class action of consumers. With the exception of Apple, defendants are app developers (“App Defendants”). In short, plaintiffs allege that the App Defendants' apps have been surreptitiously stealing and disseminating the contact information stored by customers on Apple devices. Plaintiffs bring their CFAA claims against the App Defendants only.
With respect to the CFAA, the court affirmed that they key issue is whether defendants accessed plaintiffs’ computers “without authorization.” Because the plaintiffs had voluntarily downloaded the software applications in question, defendants had not operated “without authorization” in violation of the CFAA. See, e.g., iPhone I, 2011 U.S. Dist. LEXIS 106865, ("Where the software that allegedly harmed the phone was voluntarily downloaded by the user, other courts in this District and elsewhere have reasoned that users would have serious difficulty pleading a CFAA violation.").
Flextronics Int'l, Ltd. v. Parametric Tech. Corp., 2014 U.S. Dist. LEXIS 73354 (N.D. Cal. May 28, 2014)
Judge: Paul S. Grewal, United States Magistrate Judge.
Plaintiff Flexatronics International, Ltd. (“Flexatronics”) and Defendant Parametric Technology Corporation (“PTC”), executed an "Enterprise Agreement," which granted Flextronics a license to use PTC's software on its computers. PTC brought to Flexatronics attention that Flexatronics was using unauthorized copies of PTC’s software on its systems. In response, Flexatronics began an investigation and discovered that PTC had "concealed certain embedded technology in the PTC software" that it was using to access, obtain and transmit information in, from and about Flextronics' system back to PTC.
PTC challenges Flextronics' CFAA claim on two grounds: (1) the complaint does not show that Flextronics suffered a "loss" of at least $5,000, and (2) Flextronics fails to allege facts indicating that PTC accessed its system "without authorization" or "in a manner that exceeds authorized access."
With respect to the “loss” requirement, the court found that Flexatronics had all alleged that its investigation and response to PTC’s actions imposed costs and expenses to Flexatronics in excess of $5,000 in a single year, thus meeting the CFAA’s loss requirement.
Regarding the second issue, the court noted that in its amended complaint, plaintiff provided specific allegations that “‘[w]ithout notice to or authorization from Flextronics, PTC has concealed certain embedded technology in the PTC software provided to Flextronics [and] used that hidden technology to access, obtain, and transmit information in Flextronics' computers that PTC is not entitled to access, obtain, or transmit,’ followed by almost five pages of details about how it does so.”
While PTC argued that it could not be held liable under the CFAA because Flexatronics voluntarily installed PTC’s software, the court noted that while this argument may suffice as a defense to a “without authorization” claim, it does not necessarily have the same impact on a “exceeds authorized access” argument. The court then noted that Flexatronics listed the types of information to which PTC gained access, and specifically stated in its amended complaint that “PTC is not entitled to access, obtain, alter, or transmit" that information, and thus had stated sufficient information state claims under Rule 12(b)(6).
New Show Studios LLC v. Needle, 2014 U.S. Dist. LEXIS 90656 (C.D. Cal. June 30, 2014)
Judge: Christina A. Snyder, United States District Judge
Plaintiffs New Show Studios LLC, Anthony Valkanas, and Davison Design & Development, Inc. filed suit against defendants James Needle and Greg Howe. Plaintiffs allege that Needle agreed to supply Howe with New Show’s confidential client data and propriety information for the purposes of persuading New Show’s clients to breach their contracts with New Show and provide their business to one of New Show’s competitors, Television Writer’s Vault.
The court found that the plaintiffs failed to state a claim under the CFAA for two reasons. First, plaintiffs did not allege that defendants accessed a computer. Reminding the parties that the CFAA is not simply a misappropriation statute (citing Nosal), the court pointed out that while plaintiffs allege that their information was taken – information that may have been stored on a computer at one point – plaintiffs did not allege that defendants accessed a computer in order to obtain this information.
Secondly, the court noted that plaintiffs failed to allege that they suffered any “loss” as defined by the CFAA, which the court noted “must be the result of ‘damage to the computer system that was accessed without authorization.” Plaintiffs, in contrast, only pled that they lost “competitive benefit” to their competitor. The court noted that simply alleging that defendants “obtained a thing of value” was insufficient to support a claim of “loss.”
That concludes our roundup of CFAA opinions. We hope you enjoyed our series and look forward to doing more of these posts in the future. Please check back in regularly. In the meantime, if you have any comments or questions about this series on the CFAA, feel free to email the author at kng@astralegal.com.
Wednesday, July 23, 2014
Opinion Roundup: California District Courts and the Computer Fraud and Abuse Act - January 2014 through June 2014 - Part Two
Written by Keenan W. Ng
This is part two of a three-part series on federal district court opinions in California related to the CFAA. The first part can be found here. The third part will be posted on Friday, July 25, 2014. Stay tuned and check it out.
Enki Corp. v. Freedman, 2014 U.S. Dist. LEXIS 9169 (N.D. Cal. Jan. 23, 2014)
Judge: Paul S. Grewal, United States Magistrate Judge.
The issue in Enki is whether defendant Keith Freedman, a former employee of plaintiff Enki Corp., and his current employer, co-defendant Zuora, Inc. can be held liable for violations of the CFAA for using a customer’s working log-in credentials to access Enki’s scripts.
Enki’s facts are rather convoluted: Freedman, a former 12% stakeholder of Enki, left the firm in 2011. Shortly after, Enki hired Zuora to provide cloud computing and IT consulting services. As part of this arrangement, Enki installed Nimsoft on Zuora’s network. Nimsoft is a "software based system monitor" used to monitor computer resources and performance. Scripts are typically programs written for a particular runtime environment, such as Unix.
Enki then hired Freedman, and his company, Freeform, to provide services for Zuora. Freedman then began to spread negative stories about Enki to Zuora, which led to his termination by Enki. Freedman was, however, then hired by Zuora directly.
In February 2013, Zuora terminated its contract with Enki “for convenience.” Before the termination, however, Freedman and Zuora accessed the Nimsoft servers on Zuora’s network without authorization and copied Enki’s proprietary software, including Enki's Nimsoft scripts, in order to terminate the contract and receive the benefits of Enki's enterprise and technology without continuing to pay for Enki's services.
The first issue was whether Enki’s costs in investigating the breach and remedying it qualify as a “loss.” Looking at the statutory definition, which specifically lists the "the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense," (court’s emphasis) the court determined that Enki’s investigation costs were considered “loss” as they were costs required to restore their systems back to their original state.
Secondly, the court looked at whether defendant’s access of Nimsoft servers and copying of Enki’s proprietary software was “without authorization” or in “excess of [their] authorization.” The court found they were not as the complaint did not ever allege that Defendants were not ever unauthorized to access the information in questions – thus an abuse of use, as opposed to an abuse of access, which Nosal has stated does not qualify as an excess of authorization under the CFAA. See United States v. Nosal, 676 F.3d 854, 863 (9th Cir. 2012). The CFAA claim dismissed without prejudice and granted leave to amend.
PQ Labs, Inc. v. Qi, 2014 U.S. Dist. LEXIS 11769 (N.D. Cal. Jan. 29, 2014)
Judge: Claudia Wilken, United States District Judge.
Plaintiff, PQ Labs, Inc., manufactures and develops hardware and software for computer touch-screen product. PQ Labs alleged that between January 2011 and December 2011, defendants, Yang Qi, Jinpeng Li, and ZaagTech sent several "phishing" e-mails to PQ Labs in violation of the CFAA. These e-mails allegedly contained viruses which infected PQ Labs' computer system.
In its opinion, the court reviewed the issue of whether there was sufficient evidence of economic loss to meet summary judgment. The issue in PQ Labs was more a legal issue of whether a declaration submitted by the company’s CEO and co-founder, Frank Lu, after his deposition, was admissible because it conflicted with his prior deposition testimony.
In his declaration, Lu stated that PQ Labs had received five emails containing malicious codes in 2011, and that the company had to expend $36,000 in costs to mitigate the damages to the hardware and network, and $42,000 in consulting fees and service costs. At his deposition, however, Lu was a little less certain, admitting to some uncertainty about the cause of the network damage.
The court found that the testimony and the declaration did not “clearly and unambiguously” contradict each other. As such, the court held the declaration admissible, and that it contained sufficient evidence to support an inference that defendants violated the CFAA and were not entitled to summary judgment.
Quad Knopf, Inc. v. South Valley Biology Consulting, LLC, 2014 U.S. Dist. LEXIS 46985 (E.D. Cal. Apr. 3, 2014)
Judge: Anthony W. Ishi, Senior United States District Judge.
Plaintiff Quad Knopf, Inc. a consulting firm that provides professional services in the areas of, among other things, biology consulting services, are suing defendants, South Valley Biology Consulting (“SVBC”), and former staff biologists of Quad Knopf who were recruited to SVBC, for violations of the CFAA when defendants allegedly transmitted information from plaintiff's computers while employed by plaintiff without plaintiff's consent, and that information was then used by defendants to compete with plaintiff and caused plaintiff to suffer loss.
Citing, United States v. Nosal, 676 F.3d 854, 860 (9th Cir. 2012), the court reminded the parties that the CFAA is a prohibition of abuse of access of information, not an abuse of information. Plaintiff argued that defendants’ authorization to access the information in question ended when they began acting against the interests of Quad Knopf, and instead in the interests of defendants’ competing company.
The court rejected this argument affirming that duty of loyalty arguments and computer use restriction arguments are not accepted under Nosal and the Ninth Circuit. The court noted that defendants were employed with plaintiff and did not exceed their access at the time of the taking. While defendants then took the information that they were entitled to access as employees, they had permission to access the information and used it in an inappropriate manner contrary to plaintiff's interest, so it did not constitute “without authorization” under Nosal because it was merely a violation of a use restriction.
This is part two of a three-part series on federal district court opinions in California related to the CFAA. The first part can be found here. The third part will be posted on Friday, July 25, 2014. Stay tuned and check it out.
Enki Corp. v. Freedman, 2014 U.S. Dist. LEXIS 9169 (N.D. Cal. Jan. 23, 2014)
Judge: Paul S. Grewal, United States Magistrate Judge.
The issue in Enki is whether defendant Keith Freedman, a former employee of plaintiff Enki Corp., and his current employer, co-defendant Zuora, Inc. can be held liable for violations of the CFAA for using a customer’s working log-in credentials to access Enki’s scripts.
Enki’s facts are rather convoluted: Freedman, a former 12% stakeholder of Enki, left the firm in 2011. Shortly after, Enki hired Zuora to provide cloud computing and IT consulting services. As part of this arrangement, Enki installed Nimsoft on Zuora’s network. Nimsoft is a "software based system monitor" used to monitor computer resources and performance. Scripts are typically programs written for a particular runtime environment, such as Unix.
Enki then hired Freedman, and his company, Freeform, to provide services for Zuora. Freedman then began to spread negative stories about Enki to Zuora, which led to his termination by Enki. Freedman was, however, then hired by Zuora directly.
In February 2013, Zuora terminated its contract with Enki “for convenience.” Before the termination, however, Freedman and Zuora accessed the Nimsoft servers on Zuora’s network without authorization and copied Enki’s proprietary software, including Enki's Nimsoft scripts, in order to terminate the contract and receive the benefits of Enki's enterprise and technology without continuing to pay for Enki's services.
The first issue was whether Enki’s costs in investigating the breach and remedying it qualify as a “loss.” Looking at the statutory definition, which specifically lists the "the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense," (court’s emphasis) the court determined that Enki’s investigation costs were considered “loss” as they were costs required to restore their systems back to their original state.
Secondly, the court looked at whether defendant’s access of Nimsoft servers and copying of Enki’s proprietary software was “without authorization” or in “excess of [their] authorization.” The court found they were not as the complaint did not ever allege that Defendants were not ever unauthorized to access the information in questions – thus an abuse of use, as opposed to an abuse of access, which Nosal has stated does not qualify as an excess of authorization under the CFAA. See United States v. Nosal, 676 F.3d 854, 863 (9th Cir. 2012). The CFAA claim dismissed without prejudice and granted leave to amend.
PQ Labs, Inc. v. Qi, 2014 U.S. Dist. LEXIS 11769 (N.D. Cal. Jan. 29, 2014)
Judge: Claudia Wilken, United States District Judge.
Plaintiff, PQ Labs, Inc., manufactures and develops hardware and software for computer touch-screen product. PQ Labs alleged that between January 2011 and December 2011, defendants, Yang Qi, Jinpeng Li, and ZaagTech sent several "phishing" e-mails to PQ Labs in violation of the CFAA. These e-mails allegedly contained viruses which infected PQ Labs' computer system.
In its opinion, the court reviewed the issue of whether there was sufficient evidence of economic loss to meet summary judgment. The issue in PQ Labs was more a legal issue of whether a declaration submitted by the company’s CEO and co-founder, Frank Lu, after his deposition, was admissible because it conflicted with his prior deposition testimony.
In his declaration, Lu stated that PQ Labs had received five emails containing malicious codes in 2011, and that the company had to expend $36,000 in costs to mitigate the damages to the hardware and network, and $42,000 in consulting fees and service costs. At his deposition, however, Lu was a little less certain, admitting to some uncertainty about the cause of the network damage.
The court found that the testimony and the declaration did not “clearly and unambiguously” contradict each other. As such, the court held the declaration admissible, and that it contained sufficient evidence to support an inference that defendants violated the CFAA and were not entitled to summary judgment.
Quad Knopf, Inc. v. South Valley Biology Consulting, LLC, 2014 U.S. Dist. LEXIS 46985 (E.D. Cal. Apr. 3, 2014)
Judge: Anthony W. Ishi, Senior United States District Judge.
Plaintiff Quad Knopf, Inc. a consulting firm that provides professional services in the areas of, among other things, biology consulting services, are suing defendants, South Valley Biology Consulting (“SVBC”), and former staff biologists of Quad Knopf who were recruited to SVBC, for violations of the CFAA when defendants allegedly transmitted information from plaintiff's computers while employed by plaintiff without plaintiff's consent, and that information was then used by defendants to compete with plaintiff and caused plaintiff to suffer loss.
Citing, United States v. Nosal, 676 F.3d 854, 860 (9th Cir. 2012), the court reminded the parties that the CFAA is a prohibition of abuse of access of information, not an abuse of information. Plaintiff argued that defendants’ authorization to access the information in question ended when they began acting against the interests of Quad Knopf, and instead in the interests of defendants’ competing company.
The court rejected this argument affirming that duty of loyalty arguments and computer use restriction arguments are not accepted under Nosal and the Ninth Circuit. The court noted that defendants were employed with plaintiff and did not exceed their access at the time of the taking. While defendants then took the information that they were entitled to access as employees, they had permission to access the information and used it in an inappropriate manner contrary to plaintiff's interest, so it did not constitute “without authorization” under Nosal because it was merely a violation of a use restriction.
Tuesday, July 22, 2014
Back to School Special on Estate Plans
Written by Katy M. Young
As summer comes to an end and we all go back to school in one form or another, it is time to revisit the good old to-do list. Is an estate plan on your to-do list? If you are a business owner, an estate plan that addresses business succession is critically important. If you own a home, the only way to avoid probate is by creating a trust. If you have children, an estate plan is the only way to ensure your control over who becomes your child’s guardian should anything happen to you. Ad Astra Law Group, LLP is offering a back to school special on estate plans completed in August and September 2014.
What is an estate plan? Ad Astra Law Group, LLP offers a comprehensive estate plan package that will protect you, your loved ones, and your assets should tragedy strike. We’ll prepare a trust and a will to address what happens when you pass away. We also create advance health care directives and powers of attorney to protect you in case you become incapacitated. Our lawyers will educate you about the process, guide you through tough decisions, and perform a signing ceremony with a notary to complete the estate plan package. The whole process takes about a month from start to finish.
The attorney fees for probate cases are set by law and are quite high, plus the probate process can take as long as a year or more. For most people, we can create a comprehensive estate plan for about 1/3 of the minimum probate attorney fee and save you the hassle of dealing with probate while grieving. For estate plans completed in August and September 2014, we are offering a 20% discount. Creating your estate plan will bring you peace of mind and it is a great investment in your family’s future. Contact us today to discuss your estate planning needs!
As summer comes to an end and we all go back to school in one form or another, it is time to revisit the good old to-do list. Is an estate plan on your to-do list? If you are a business owner, an estate plan that addresses business succession is critically important. If you own a home, the only way to avoid probate is by creating a trust. If you have children, an estate plan is the only way to ensure your control over who becomes your child’s guardian should anything happen to you. Ad Astra Law Group, LLP is offering a back to school special on estate plans completed in August and September 2014.
What is an estate plan? Ad Astra Law Group, LLP offers a comprehensive estate plan package that will protect you, your loved ones, and your assets should tragedy strike. We’ll prepare a trust and a will to address what happens when you pass away. We also create advance health care directives and powers of attorney to protect you in case you become incapacitated. Our lawyers will educate you about the process, guide you through tough decisions, and perform a signing ceremony with a notary to complete the estate plan package. The whole process takes about a month from start to finish.
The attorney fees for probate cases are set by law and are quite high, plus the probate process can take as long as a year or more. For most people, we can create a comprehensive estate plan for about 1/3 of the minimum probate attorney fee and save you the hassle of dealing with probate while grieving. For estate plans completed in August and September 2014, we are offering a 20% discount. Creating your estate plan will bring you peace of mind and it is a great investment in your family’s future. Contact us today to discuss your estate planning needs!
Monday, July 21, 2014
Opinion Roundup: California District Courts and the Computer Fraud and Abuse Act - January 2014 through June 2014 - Part One
Written by Keenan W. Ng
This week, we will have a three-part series on all of the substantive district court opinions in California regarding the Computer Fraud and Abuse Act (“CFAA”) (18 § U.S.C. 1030) for the first part of 2014 – January through June. We are concentrating on California because that is where most of the Ninth Circuit opinions are generated – not surprising given that Silicon Valley and many technology firms are located in California and within the Ninth Circuit’s jurisdiction.
The CFAA is important to businesses small and large because it provides them the opportunity to seek recourse for unauthorized access to data and information they store and protect on their internal servers or on the cloud. CFAA violations address outside computer “hackers” as they are commonly perceived in the media, but also “inside” hackers: former employees or business partners that have found ways to access information from their former business associates which they are no longer supposed to view. The CFAA does not address how information is used once it is acquired, but only covers the initial access of information that one has no authority to view or exceeded his or her authority in so viewing.
Over the next week – Monday, Wednesday, and Friday – we will provide a roundup of the first six months of published California federal opinions regarding the CFAA.
Oracle Am., Inc. v. TERiX Computer Co., 2014 U.S. Dist. LEXIS 561 (N.D. Cal. Jan. 3, 2014)
Judge: Paul S. Grewal, United States Magistrate Judge
Plaintiff Oracle, a leading supplier of enterprise hardware and software systems, as well as technical and consulting services for those systems, is suing defendants, TERiX Computer Co. and Maintech, Inc., who offer support services related to Oracle’s Solaris-based software system. Oracle alleges that TERiX and Maintech duped Oracle's customers into providing them with access to updates to Oracle's Solaris operating system -- access to which Oracle says TERiX and Maintech had no right.
The court provided opinions with respect to three aspects of the CFAA. First, it held that the heightened pleading standard of Rule 9(b) for fraud was inapplicable to Oracle because Oracle allegations do not rely on first-party reliance, but, rather, third-party (customer) reliance.
Second, the court considered whether Oracle had met the pleading standards for Sections 1030(a)(6), (a)(2), and (a)(4). Citing State Analysis, Inc. v. Am. Fin. Servs. Assoc., 621 F. Supp. 2d 309, 317 (E.D. Va. 2009), the court found that Oracle had not met the proper pleading standard for a Section 1030(a)(6) violation because it had only pled that defendants are alleged only to have received the login credentials from their customer and used the credentials themselves and did not amount to “trafficking” under the CFAA.
With respect to Sections 1030(a)(2) and (a)(4), the key issue revolved around whether the defendants acted “without authorization” or “exceeded” their “authorized access” when accessing Oracle’s support websites. Relying on United States v. Nosal, 676 F.3d 854 (9th Cir. 2012), and Oracle Am., Inc. v. Service Key, LLC, 2012 U.S. Dist. LEXIS 171406 (N.D. Cal. Nov. 30, 2012), defendants argued that because they received valid access credentials from Oracle’s customers, their use of the credentials was merely a violation of “use” restrictions, and therefore is not a violation of the CFAA.
The court dismissed defendants’ theory, stating that contrary to the factual scenario in Nosal and Service Key, defendants in the instant matter were alleged to have no access rights whatsoever and proceeded to login to Oracle’s secure website anyways. As a result, the court refused to dismiss the Section 1030(a)(2) and (a)(4) claims.
Sprint Nextel Corp. v. Welch, 2014 U.S. Dist. LEXIS 2119 (E.D. Cal. Jan. 8, 2014)
Judge: Stanley A. Boone, United States Magistrate Judge
In Welch, the court considered whether plaintiff’s CFAA allegations in its complaint were sufficient enough for an entry of default judgment. On July 26, 2013, plaintiff Sprint Nextel Corp. filed a complaint seeking damages and injunctive relief against Defendant Aaron Simon Welch d/b/a The Cell Cycle for an alleged “Bulk handset Trafficking Scheme” - Defendant and other co-conspirators acquired subsidized phones from Sprint and resold them to others. On October 20, 2013, Plaintiff filed a motion for default judgment.
With respect to the CFAA allegations – violations of Sections 1030(a)(4) and (a)(5), the court stated that “Plaintiff alleges that Defendant violated the Computer Fraud and Abuse Act by acquiring phones through fraud and gained unauthorized access by 1) unlocking the phones and 2) turning on the phones and thereby accessing Sprint's wireless service network and billing network. Plaintiff further alleges that Defendant traffics in using the proprietary codes stored on the phones which access Sprint's network and selling those codes along with the phones.” These pleadings were sufficient for plaintiff to have stated a cognizable claim under the CFAA, thus weighing in favor of entry of default judgment.
United States v. Nosal, 2014 U.S. Dist. LEXIS 4021 (N.D. Cal. Jan. 13, 2014)
Judge: Edward M. Chen, United States District Judge
On April 24, 2013, a jury convicted Defendant David Nosal of computer fraud crimes, including three counts of computer fraud in violation Section 1030(a)(4) of the CFAA. The main dispute between the parties is what constituted “loss” with respect to 18 U.S.S.G. §2B1.1. As the court noted, criminal sentencing under the CFAA is governed by United States Sentencing Guidelines Manual § 2B1.1. See U.S.S.G. app. A. Under § 2B1.1, courts are instructed to increase the base offense level based on the amount of "loss." U.S.S.G. § 2B1.1(b). "Loss" is defined as the "greater of actual loss or intended loss." Id. § 2B1.1 cmt. n. 3. "Actual loss," which is involved in this case, means the "reasonably foreseeable pecuniary harm that resulted from the offense." Id. at § 2B1.1 cmt. n.3(A)(i). Harm is reasonably foreseeable if the "defendant knew or, under the circumstances, reasonably should have known, [that the harm] was a potential result of the offense." Id. § 2B1.1, cmt. n.3(A)(iv).
While the court considered a number of issues outside of the CFAA, with respect to the CFAA, the court held, for two reasons, that under ß 2B1.1 and Note 3(A)(v)(III) "actual loss" includes those costs incurred as part of an internal investigation reasonably necessary to respond to the offense, for example by identifying the perpetrator or the method by which the offender accessed the protected information. First, the plain language of Note 3(A)(v)(III) and ß 1030 itself both include in the definition of loss the cost of generally "responding to an offense."
“Second, in situations where the CFAA violation constitutes covert, unauthorized access into a computer system, taking corrective actions or otherwise "responding to an offense" will often be difficult (if not impossible) until the victim knows (1) who perpetrated the offense; (2) how the offense was perpetrated, and (3) the scope of any resulting damage or the degree to which the integrity of its data has been compromised.”
The court also differentiated between costs incurred in directly responding to an offense, and costs preparing for litigation. The court held that “[c]osts incurred for the purpose of building or supporting the victim's civil case should not be considered ‘loss’for purposes of the Guidelines calculation.”
In reviewing a declaration by aggrieved party Korn Ferry’s General Counsel, Peter Dunn, the court noted that first, he failed to differentiate between direct investigation costs – “the who, what, and how behind Defendant's offenses” – and costs in preparation of litigation.
Second, Mr. Dunn did not distinguish between his time aiding a government investigation and his time spent aiding Korn Ferry’s internal investigation of Nosal’s access. The court noted this importance, as costs incurred by a victim with the primary purpose of aiding the government's investigation are not included under §2B1.1.
This week, we will have a three-part series on all of the substantive district court opinions in California regarding the Computer Fraud and Abuse Act (“CFAA”) (18 § U.S.C. 1030) for the first part of 2014 – January through June. We are concentrating on California because that is where most of the Ninth Circuit opinions are generated – not surprising given that Silicon Valley and many technology firms are located in California and within the Ninth Circuit’s jurisdiction.
The CFAA is important to businesses small and large because it provides them the opportunity to seek recourse for unauthorized access to data and information they store and protect on their internal servers or on the cloud. CFAA violations address outside computer “hackers” as they are commonly perceived in the media, but also “inside” hackers: former employees or business partners that have found ways to access information from their former business associates which they are no longer supposed to view. The CFAA does not address how information is used once it is acquired, but only covers the initial access of information that one has no authority to view or exceeded his or her authority in so viewing.
Over the next week – Monday, Wednesday, and Friday – we will provide a roundup of the first six months of published California federal opinions regarding the CFAA.
Oracle Am., Inc. v. TERiX Computer Co., 2014 U.S. Dist. LEXIS 561 (N.D. Cal. Jan. 3, 2014)
Judge: Paul S. Grewal, United States Magistrate Judge
Plaintiff Oracle, a leading supplier of enterprise hardware and software systems, as well as technical and consulting services for those systems, is suing defendants, TERiX Computer Co. and Maintech, Inc., who offer support services related to Oracle’s Solaris-based software system. Oracle alleges that TERiX and Maintech duped Oracle's customers into providing them with access to updates to Oracle's Solaris operating system -- access to which Oracle says TERiX and Maintech had no right.
The court provided opinions with respect to three aspects of the CFAA. First, it held that the heightened pleading standard of Rule 9(b) for fraud was inapplicable to Oracle because Oracle allegations do not rely on first-party reliance, but, rather, third-party (customer) reliance.
Second, the court considered whether Oracle had met the pleading standards for Sections 1030(a)(6), (a)(2), and (a)(4). Citing State Analysis, Inc. v. Am. Fin. Servs. Assoc., 621 F. Supp. 2d 309, 317 (E.D. Va. 2009), the court found that Oracle had not met the proper pleading standard for a Section 1030(a)(6) violation because it had only pled that defendants are alleged only to have received the login credentials from their customer and used the credentials themselves and did not amount to “trafficking” under the CFAA.
With respect to Sections 1030(a)(2) and (a)(4), the key issue revolved around whether the defendants acted “without authorization” or “exceeded” their “authorized access” when accessing Oracle’s support websites. Relying on United States v. Nosal, 676 F.3d 854 (9th Cir. 2012), and Oracle Am., Inc. v. Service Key, LLC, 2012 U.S. Dist. LEXIS 171406 (N.D. Cal. Nov. 30, 2012), defendants argued that because they received valid access credentials from Oracle’s customers, their use of the credentials was merely a violation of “use” restrictions, and therefore is not a violation of the CFAA.
The court dismissed defendants’ theory, stating that contrary to the factual scenario in Nosal and Service Key, defendants in the instant matter were alleged to have no access rights whatsoever and proceeded to login to Oracle’s secure website anyways. As a result, the court refused to dismiss the Section 1030(a)(2) and (a)(4) claims.
Sprint Nextel Corp. v. Welch, 2014 U.S. Dist. LEXIS 2119 (E.D. Cal. Jan. 8, 2014)
Judge: Stanley A. Boone, United States Magistrate Judge
In Welch, the court considered whether plaintiff’s CFAA allegations in its complaint were sufficient enough for an entry of default judgment. On July 26, 2013, plaintiff Sprint Nextel Corp. filed a complaint seeking damages and injunctive relief against Defendant Aaron Simon Welch d/b/a The Cell Cycle for an alleged “Bulk handset Trafficking Scheme” - Defendant and other co-conspirators acquired subsidized phones from Sprint and resold them to others. On October 20, 2013, Plaintiff filed a motion for default judgment.
With respect to the CFAA allegations – violations of Sections 1030(a)(4) and (a)(5), the court stated that “Plaintiff alleges that Defendant violated the Computer Fraud and Abuse Act by acquiring phones through fraud and gained unauthorized access by 1) unlocking the phones and 2) turning on the phones and thereby accessing Sprint's wireless service network and billing network. Plaintiff further alleges that Defendant traffics in using the proprietary codes stored on the phones which access Sprint's network and selling those codes along with the phones.” These pleadings were sufficient for plaintiff to have stated a cognizable claim under the CFAA, thus weighing in favor of entry of default judgment.
United States v. Nosal, 2014 U.S. Dist. LEXIS 4021 (N.D. Cal. Jan. 13, 2014)
Judge: Edward M. Chen, United States District Judge
On April 24, 2013, a jury convicted Defendant David Nosal of computer fraud crimes, including three counts of computer fraud in violation Section 1030(a)(4) of the CFAA. The main dispute between the parties is what constituted “loss” with respect to 18 U.S.S.G. §2B1.1. As the court noted, criminal sentencing under the CFAA is governed by United States Sentencing Guidelines Manual § 2B1.1. See U.S.S.G. app. A. Under § 2B1.1, courts are instructed to increase the base offense level based on the amount of "loss." U.S.S.G. § 2B1.1(b). "Loss" is defined as the "greater of actual loss or intended loss." Id. § 2B1.1 cmt. n. 3. "Actual loss," which is involved in this case, means the "reasonably foreseeable pecuniary harm that resulted from the offense." Id. at § 2B1.1 cmt. n.3(A)(i). Harm is reasonably foreseeable if the "defendant knew or, under the circumstances, reasonably should have known, [that the harm] was a potential result of the offense." Id. § 2B1.1, cmt. n.3(A)(iv).
While the court considered a number of issues outside of the CFAA, with respect to the CFAA, the court held, for two reasons, that under ß 2B1.1 and Note 3(A)(v)(III) "actual loss" includes those costs incurred as part of an internal investigation reasonably necessary to respond to the offense, for example by identifying the perpetrator or the method by which the offender accessed the protected information. First, the plain language of Note 3(A)(v)(III) and ß 1030 itself both include in the definition of loss the cost of generally "responding to an offense."
“Second, in situations where the CFAA violation constitutes covert, unauthorized access into a computer system, taking corrective actions or otherwise "responding to an offense" will often be difficult (if not impossible) until the victim knows (1) who perpetrated the offense; (2) how the offense was perpetrated, and (3) the scope of any resulting damage or the degree to which the integrity of its data has been compromised.”
The court also differentiated between costs incurred in directly responding to an offense, and costs preparing for litigation. The court held that “[c]osts incurred for the purpose of building or supporting the victim's civil case should not be considered ‘loss’for purposes of the Guidelines calculation.”
In reviewing a declaration by aggrieved party Korn Ferry’s General Counsel, Peter Dunn, the court noted that first, he failed to differentiate between direct investigation costs – “the who, what, and how behind Defendant's offenses” – and costs in preparation of litigation.
Second, Mr. Dunn did not distinguish between his time aiding a government investigation and his time spent aiding Korn Ferry’s internal investigation of Nosal’s access. The court noted this importance, as costs incurred by a victim with the primary purpose of aiding the government's investigation are not included under §2B1.1.
That's all for Part One of our series. Be sure to come back on Wednesday, July 23, for Part Two of our California District Courts' CFAA Opinion Roundup.
Friday, July 18, 2014
Demurrers to Answers: Changing the Practice of Drafting Defenses
Written by Anne E. Smiddy
Usually, when answering an unverified complaint in California Superior Court, counsel for the defendant will file a general denial, along with a laundry list of “boilerplate” affirmative defenses that might apply to the plaintiff’s claims. More often than not, the defendant’s answer will fail to include any specific facts supporting those defenses.
At first blush, this common practice may appear to be the result of sloppy or lazy work. However, vagueness in the defendant’s answer is often a result of the fact that most defendants do not have the ability to prove their defenses at the initial answering phase, usually well-before conducting any discovery. In addition, the defendant has significant incentive to be over-inclusive when it comes to affirmative defenses, as a party waives un-pled defenses. An argument can be made that requiring specific facts at the preliminary answering phase of the proceeding may result in significant prejudice and a miscarriage of justice to the defendant who is unable to specifically plead all of its potential affirmative defenses.
On the other hand, the defendant’s inclusion of copious amounts of affirmative defenses that are not likely to ever be used in the case may be so excessive it borders on abuse. More and more plaintiffs’ attorneys are bringing demurrers to the affirmative defenses in answers. These demurrers are based upon the respective defendant’s failure to state facts sufficient to constitute a defense pursuant to the requirements of California Code of Civil Procedure Section 430.20.
Many practitioners on both sides do not realize that the affirmative defenses stated in the answer must aver facts as carefully and with as much detail as the facts which constitute the cause of action alleged in the complaint: the defendant is required to plead ultimate facts, rather than evidentiary matters or legal conclusions. See Doe v. City of Los Angeles, (2007) 42 Cal. 4th 531, 550, and FPI Development Inc. v. Nakashima (1991) 231 Cal.App.3d 367, 384. However, even where a defense is defectively pled, it may be allowed if the defendant’s pleading gives sufficient notice to enable the plaintiff to prepare to meet the defense, in part because un-pled defenses are waived. See Harris v. City of Santa Monica (2013) 56 Cal. 4th 203, 240.
When the defendant has filed a factually unsupported answer, there is a strong probability that a judge will sustain the plaintiffs’ demurrer to the answer, but will simultaneously grant the defendant leave to amend. Therefore, it is best practice to determine whether the demurrer is necessary. The plaintiff’s attorney should ask whether the motion will ultimately save costs on discovery by eliminating meritless affirmative defenses at the outset, or whether it is going to burn attorney’s fees with little benefit to the client. In cases with a “burning limits” insurance policy or with a defendant with limited funds, creating more work for your opponent ultimately reduces the funds available for settlement. Expedient trial scheduling may also be adversely affected by a demurer to the answer. Many courts have a considerable backlog for dates to hear demurrers, and, as result, the demurrer may still be pending at the time of the initial case management conference. When that happens, because the case is not at issue, the likelihood of obtaining the earliest-possible trial date is slim to none. The defendant’s attorney faced with a demurrer to the answer must determine whether it is cost-effective to oppose a motion that will likely be granted, or to offer to amend the answer. Although unlikely, a court could potentially sustain the demurrer as to some or all of the affirmative defenses without leave to amend.
The answering defendant is in the position of avoiding the situation altogether by being more careful in drafting affirmative defenses. However, if there is a dispute as to the factual sufficiency of affirmative defenses in an answer, the most expedient solution is to simply attempt to informally resolve the dispute by meeting and conferring with opposing counsel to discuss the defenses. If possible, the parties should agree to amend the answer to remove unnecessary affirmative defenses and include some facts within the defendant’s knowledge to give notice of the bases for the meritorious defenses.
If the parties can be reasonable and informally resolve their dispute, they will: (1) avoid unnecessary attorneys’ fees (which the clients will appreciate), (2) advance the case beyond the pleading phase (which the attorneys should appreciate), and (3) prevent excessive motion practice in the already-over-burdened courts (which the judge will appreciate).
Usually, when answering an unverified complaint in California Superior Court, counsel for the defendant will file a general denial, along with a laundry list of “boilerplate” affirmative defenses that might apply to the plaintiff’s claims. More often than not, the defendant’s answer will fail to include any specific facts supporting those defenses.
At first blush, this common practice may appear to be the result of sloppy or lazy work. However, vagueness in the defendant’s answer is often a result of the fact that most defendants do not have the ability to prove their defenses at the initial answering phase, usually well-before conducting any discovery. In addition, the defendant has significant incentive to be over-inclusive when it comes to affirmative defenses, as a party waives un-pled defenses. An argument can be made that requiring specific facts at the preliminary answering phase of the proceeding may result in significant prejudice and a miscarriage of justice to the defendant who is unable to specifically plead all of its potential affirmative defenses.
On the other hand, the defendant’s inclusion of copious amounts of affirmative defenses that are not likely to ever be used in the case may be so excessive it borders on abuse. More and more plaintiffs’ attorneys are bringing demurrers to the affirmative defenses in answers. These demurrers are based upon the respective defendant’s failure to state facts sufficient to constitute a defense pursuant to the requirements of California Code of Civil Procedure Section 430.20.
Many practitioners on both sides do not realize that the affirmative defenses stated in the answer must aver facts as carefully and with as much detail as the facts which constitute the cause of action alleged in the complaint: the defendant is required to plead ultimate facts, rather than evidentiary matters or legal conclusions. See Doe v. City of Los Angeles, (2007) 42 Cal. 4th 531, 550, and FPI Development Inc. v. Nakashima (1991) 231 Cal.App.3d 367, 384. However, even where a defense is defectively pled, it may be allowed if the defendant’s pleading gives sufficient notice to enable the plaintiff to prepare to meet the defense, in part because un-pled defenses are waived. See Harris v. City of Santa Monica (2013) 56 Cal. 4th 203, 240.
When the defendant has filed a factually unsupported answer, there is a strong probability that a judge will sustain the plaintiffs’ demurrer to the answer, but will simultaneously grant the defendant leave to amend. Therefore, it is best practice to determine whether the demurrer is necessary. The plaintiff’s attorney should ask whether the motion will ultimately save costs on discovery by eliminating meritless affirmative defenses at the outset, or whether it is going to burn attorney’s fees with little benefit to the client. In cases with a “burning limits” insurance policy or with a defendant with limited funds, creating more work for your opponent ultimately reduces the funds available for settlement. Expedient trial scheduling may also be adversely affected by a demurer to the answer. Many courts have a considerable backlog for dates to hear demurrers, and, as result, the demurrer may still be pending at the time of the initial case management conference. When that happens, because the case is not at issue, the likelihood of obtaining the earliest-possible trial date is slim to none. The defendant’s attorney faced with a demurrer to the answer must determine whether it is cost-effective to oppose a motion that will likely be granted, or to offer to amend the answer. Although unlikely, a court could potentially sustain the demurrer as to some or all of the affirmative defenses without leave to amend.
The answering defendant is in the position of avoiding the situation altogether by being more careful in drafting affirmative defenses. However, if there is a dispute as to the factual sufficiency of affirmative defenses in an answer, the most expedient solution is to simply attempt to informally resolve the dispute by meeting and conferring with opposing counsel to discuss the defenses. If possible, the parties should agree to amend the answer to remove unnecessary affirmative defenses and include some facts within the defendant’s knowledge to give notice of the bases for the meritorious defenses.
If the parties can be reasonable and informally resolve their dispute, they will: (1) avoid unnecessary attorneys’ fees (which the clients will appreciate), (2) advance the case beyond the pleading phase (which the attorneys should appreciate), and (3) prevent excessive motion practice in the already-over-burdened courts (which the judge will appreciate).
Thursday, July 17, 2014
Federal Judge Holds California’s Death Penalty Unconstitutional
By Wendy L. Hillger
The Honorable Cormac J. Carney ruled on July 16, 2014 that the death penalty system in California is unconstitutional. In a 29-page opinion, Judge Carney noted the system in California serves no penological purpose because of the extended period of time it takes to enforce it. Most Death Row inmates die of natural causes rather than at the hands of the state. There are nearly 750 inmates currently on Death Row, including San Quentin’s Ernest Dewayne Jones, the petitioner in this case. Given the problems with lethal injections, executions have been halted in California since January 2006.
The case at present only gives a reprieve to inmate Jones, but an appeal to the Ninth Circuit Court of Appeals by the Attorney General Kamala Harris is under review. A statewide order could come from the Ninth Circuit, and then the case could make its way to the United States Supreme Court. The death penalty was ruled unconstitutional in 1972 by the U.S. Supreme Court, but the Court later reinstated capital punishment nationwide four years later. Thereafter, the voters of California have instituted capital punishment three times.
If affirmed, Judge Carney’s ruling could end capital punishment in the state (temporarily if not permanently). Inmates on California’s Death Row, including Polly Klaas' and Laci Peterson's killers as well as other notorious serial killers, could see their penalties commuted to life in prison sentences.
We do not take a position on capital punishment. However, we do note that appeals in civil lawsuits take over 12 months to adjudicate. All appeals in death penalty cases are automatically presented to the California Supreme Court. The Supreme Court, like other courts, are struggling to keep up with the pace of cases filed. It is axiomatic that removing the need to review prisoner death penalty appeals would speed up all other appeals.
The United States District Court for the Central District of California opinion can be found here.
The Honorable Cormac J. Carney ruled on July 16, 2014 that the death penalty system in California is unconstitutional. In a 29-page opinion, Judge Carney noted the system in California serves no penological purpose because of the extended period of time it takes to enforce it. Most Death Row inmates die of natural causes rather than at the hands of the state. There are nearly 750 inmates currently on Death Row, including San Quentin’s Ernest Dewayne Jones, the petitioner in this case. Given the problems with lethal injections, executions have been halted in California since January 2006.
The case at present only gives a reprieve to inmate Jones, but an appeal to the Ninth Circuit Court of Appeals by the Attorney General Kamala Harris is under review. A statewide order could come from the Ninth Circuit, and then the case could make its way to the United States Supreme Court. The death penalty was ruled unconstitutional in 1972 by the U.S. Supreme Court, but the Court later reinstated capital punishment nationwide four years later. Thereafter, the voters of California have instituted capital punishment three times.
If affirmed, Judge Carney’s ruling could end capital punishment in the state (temporarily if not permanently). Inmates on California’s Death Row, including Polly Klaas' and Laci Peterson's killers as well as other notorious serial killers, could see their penalties commuted to life in prison sentences.
We do not take a position on capital punishment. However, we do note that appeals in civil lawsuits take over 12 months to adjudicate. All appeals in death penalty cases are automatically presented to the California Supreme Court. The Supreme Court, like other courts, are struggling to keep up with the pace of cases filed. It is axiomatic that removing the need to review prisoner death penalty appeals would speed up all other appeals.
The United States District Court for the Central District of California opinion can be found here.
Welcome to the Ad Astra Law Group, LLP Blog!
Welcome to Scripta Ad Astra, the blog of the Ad Astra LawGroup, LLP. If you have not already
checked out our website, we invite you to do so.
Our firm specializes in business, employment, and real estate litigation. This blog will provide insight
and updates on these practice areas, updates on the firm, and general musings
from the firm’s attorneys. We hope you
come back to visit us. Also, please feel
free to reach out to us by email! Per
aspera, ad astra!
Subscribe to:
Posts (Atom)