The opinion of the court was delivered by: WAYNE ANDERSEN, District Judge
MEMORANDUM, OPINION AND ORDER
This case is before the Court on defendant's motion for summary
judgment. For the following reasons, the motion is denied.
Plaintiff Cedar Hill Associates, Inc. ("CHA"), along with its
Chief Executive Officer Joel Jastromb, Chief Operating Officer
Alan Cole and Administrative Principal Dawn Keach, brought this
suit against former employee defendant David S. Paget ("Paget")
after he allegedly accessed 1,098 messages in his coworkers'
e-mail accounts without authorization. CHA, a wealth-management
company, invested in two hedge funds in the course of its
business. See Def. Motion at 2. The general partner of those
funds was a corporation called R Squared in which Jastromb owned
70 percent of R Squared's shares in a trust and Paget owned 30
percent. Id. Jastromb and Paget also owned a 70/30 split in a
limited-liability company called Jovid, which was hired by R
Squared to manage the hedge funds. Id. Paget and Jastromb's
relationship soured by late 2002 because, according to Paget,
Jastromb wanted to "roll Paget's equity interest in R Squared and
Jovid into CHA, under terms that Paget felt were unacceptable."
Id. at 3. Various business maneuverings not relevant to this decision took place
prior to June 10, 2003, when Paget ultimately was discharged from
his position at CHA. Id.
Plaintiffs allege that Paget began attempting to access
Jastromb's e-mail account in December 2001, but that he was
unsuccessful until December 2002. See Pl. Resp. at 3.
Additionally, from December 2001 through June 2003, Paget
accessed several other CHA e-mail accounts, including those of
Cole and Keach, using both his home and office computer. Id.
Paget would mark e-mails "unread" after he opened them so that
the account owner would not know that they had been accessed.
Id. In one instance, Paget e-mailed a confidential list of CHA
clients to his home computer. Id. at 4. Paget invoked his Fifth
Amendment privilege against self-incrimination when queried about
these activities during his deposition. See Pl. Local R.
56.1(b)(3)(B) Statement of Material Facts, Exh. M.
CHA's network administrator discovered the e-mail breaches on
June 9, 2003, and over the course of twelve hours, he created a
98-page log documenting Paget's activity by examining when
Internet Protocol addresses assigned to Paget's home and office
computers accessed accounts other than Paget's. See Pl.
Response at 4-5. Jastromb fired Paget the next day. Paget
subsequently filed an action in the Circuit Court of Cook County
on October 28, 2003, alleging that CHA and Jastromb had
wrongfully diverted corporate assets and had unjustly enriched
themselves at Paget's expense. See Def. Motion at 4. Cedar Hill
filed the suit in this Court on January 23, 2004. Id.
Four counts in plaintiffs' amended complaint (one each for the
corporate entity and the individual plaintiffs) are premised on
Title II of the Electronic Communications Privacy Act ("ECPA"), 18 U.S.C. § 2701 et. seq., and the remaining counts
are state statutory and common-law claims involving computer
tampering and invasion of privacy. This Court has jurisdiction
over the federal claims pursuant to 28 U.S.C. § 1331 and has
supplemental jurisdiction over the state claims pursuant to
28 U.S.C. § 1367.
Paget has filed a motion for summary judgment as to the federal
claims, in which he asserts that plaintiffs' amended complaint
should be dismissed because they have suffered no actual damages,
an element he believes is critical to their action. He further
requests that this Court, upon dismissing the federal claims,
transfer the remaining state-law claims to state court. Because
this Court does not read 18 U.S.C. § 2701 et. seq. as requiring
actual damages as a precursor to recovery, Paget's motion is
Summary judgment is proper when "the pleadings, depositions,
answers to interrogatories, and admissions on file, together with
the affidavits, if any, show that there is no genuine issue as to
any material fact and that the moving party is entitled to
judgment as a matter of law." Fed.R.Civ.P. 56(c)). A genuine
issue of material fact exists only if "the evidence is such that
a reasonable jury could return a verdict for the nonmoving
party." Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 248
(1986). The party seeking summary judgment has the burden of
establishing the lack of any genuine issue of material fact. See
Celotex v. Catrett, 477 U.S. 317, 323 (1986). A court considers
the evidence in a light most favorable to the non-moving party
and draws all inferences in its favor. See Anderson,
477 U.S. at 255.
The ECPA provides that whoever "(1) intentionally accesses
without authorization a facility through which an electronic
communication service is provided; or (2) intentionally exceeds
an authorization to that facility; and thereby obtains, alters,
or prevents authorized access to a wire or electronic communication while it is in electronic
storage in such system shall be punished as provided in
subsection (b) of this section." 18 U.S.C. § 2701(a) (2002).
Section (b) lists several criminal penalties, ranging from a fine
to imprisonment for up to ten years. Section 2707, at issue in
this case, expands the ECPA's reach to the civil arena, and
provides as follows:
(a) Cause of Action. . . . any provider of electronic
communication service, subscriber, or other person
aggrieved by any violation of this chapter in which
the conduct constituting the violation is engaged in
with a knowing or intentional state of mind may, in a
civil action, recover from the person or entity,
other than the United States, which engaged in that
violation such relief as may be appropriate.
(b) Relief. In a civil action under this section,
appropriate relief includes
(1) such preliminary and other equitable or
declaratory relief as may be appropriate;
(2) damages under subsection (c); and
(3) reasonable attorney's fee [sic] and other
litigation costs reasonably incurred.
(c) Damages. The court may assess as damages in a
civil action under this section the sum of the actual
damages suffered by the plaintiff and any profits
made by the violator as a result of the violation,
but in no case shall a person entitled to recover
receive less than the sum of $1,000. If the
violation is willful or intentional, the court may
assess punitive damages. In the case of a successful
action to enforce liability under this section, the
court may assess the costs of the action, together
with reasonable attorney fees determined by the
court. . . .
18 U.S.C. § 2707 (emphasis added).
The crux of Paget's summary judgment motion is that plaintiffs
have not shown any actual damages, and therefore, they are not
entitled to any relief under the ECPA. Plaintiffs have responded
that they have shown actual damages, but even if they have not,
they are not required to under a plain reading of the statute or
its statutory text.
The ECPA's civil action provision has been used surprisingly
sparingly, and as such, the necessity of actual damages has not
been previously decided. Yet from a plain reading of the statute, it appears clear that actual damages are not required to
recover under the ECPA, as long as a defendant "intentionally
accesses without authorization a facility through which an
electronic communication service is provided."
18 U.S.C. § 2701(a)(1). In this case, it seems clear that Paget intentionally
accessed his coworkers' e-mail accounts without authorization and
therefore violated the ECPA. Although plaintiffs may not have
suffered financial damages, the ECPA provides that plaintiffs
would be entitled to recover a minimum of $1,000, and if the
violation was willful or intentional, the Court may assess
Paget urges the Court to analogize the ECPA to the Privacy Act
of 1974. Recently, the United States Supreme Court held that in
order for a plaintiff to recover from the government for
violations of the Privacy Act, the plaintiff must suffer actual
damages. See Doe v. Chao, 540 U.S. 614, 627 (2004). The
language at issue in the Privacy Act is admittedly very similar
to the language in the ECPA. Specifically, the Privacy Act states
that when an agency action is "intentional or willful, the United
States shall be liable to the [claimant] in an amount equal to
the sum of (A) actual damages sustained by the individual as a
result of the refusal or failure, but in no case shall a person
entitled to recovery receive less than the sum of $1,000; and (B)
the costs of the action together with reasonable attorney fees as
determined by the court." 5 U.S.C. § 552a(g)(4). The Supreme
Court held that the "entitled to recovery" language referred to
the immediate preceding clause, i.e. a person entitled to
recovery was one who had sustained actual damages. Doe,
540 U.S. at 620. However, when Doe cited the ECPA as authorizing true
liquidated damages remedies, the Supreme Court refused to
analogize the ECPA's legislative history to that of the Privacy
Act. Id. at 626. Without disputing Doe's contention, the
Supreme Court stated that the "legislative histories of completely
separate statutes passed well after the Privacy Act" were not a
reliable source of statutory interpretation. Id. at 626-27.
In fact, the legislative history of the ECPA indicates that
actual damages were to be included in a damage award, but not the
exclusive award. See S. Rep. No. 99-541 at 43 (1986),
reprinted in 1986 U.S.C.C.A.N. 3555, 3597. The Senate Report
also states that, while a subscriber to a computer mail system
has authorization to access his portion of the facilities
storage, an individual who accesses the storage of other
subscribers without specific authorization would violate the
ECPA. See S. Rep. No. 99-541 at 36, reprinted in 1986
U.S.C.C.A.N. 3555, 3590. This reasonably distinguishes the ECPA
and the Privacy Act and ...