Searching over 5,500,000 cases.


searching
Buy This Entire Record For $7.95

Official citation and/or docket number and footnotes (if any) for this case available with purchase.

Learn more about what you receive with purchase of this case.

Technology Sourcing, Inc. v. Curtis Griffin

UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF ILLINOIS EASTERN DIVISION


April 30, 2013

TECHNOLOGY SOURCING, INC. PLAINTIFF,
v.
CURTIS GRIFFIN
DEFENDANT.

The opinion of the court was delivered by: Magistrate Judge Arlander Keys United States District Court

Magistrate Judge Keys

MEMORANDUM OPINION AND ORDER

Plaintiff, Technology Sourcing, Inc. ("TSI" or "Plaintiff") has filed a Motion for Summary Judgment opining that there is no genuine issue of material fact that Defendant, Curtis Griffin ("Mr. Griffin"), violated the Computer Fraud and Abuse Act ("CFAA" or "Act") and breached the Employee Non-Disclosure and Non-Solicitation Agreement entered into with Plaintiff. Defendant has filed a cross motion for summary judgment, contending that Plaintiff fails to meet the threshold $5,000 amount of requisite damages, and that issues of fact exist as to whether TSI has proved any breach by Mr. Griffin. For the reasons set forth below, TSI's motion for summary judgment is denied, and Mr. Griffin's motion for summary judgment is granted, as it pertains to the federal claims.

Procedural Background

On August 8, 2010, TSI filed a four-count complaint against Mr. Griffin, the first two counts alleging violations of the CFAA, 18 U.S.C. §1030, regarding unauthorized access and theft of computer data. Counts III and IV are state law claims with pendent jurisdiction. Mr. Griffin's motion for summary judgment is directed to Counts I and II, which are TSI's basis for jurisdiction in this court. In Count I, Plaintiff alleges that Mr. Griffin, a former employee of the Plaintiff, "intentionally accessed a protected computer without authorization, and as a result of such conduct caused damages." Complaint, ¶18. In Count II, Plaintiff alleges that Mr. Griffin impermissibly manipulated the computer network system, causing the system to malfunction and not operate, and causing Plaintiff damages "substantially in excess of $5,000". Complaint, Ex. A.

On October 10, 2010, Mr. Griffin denied the allegations in his filed answer, and on February 24, 2011, he filed a motion to dismiss asserting that TSI failed to meet the requisite $5,000 threshold amount of damages under the CFAA. In August 2011, the Court denied Mr. Griffin's motion to dismiss, finding that TSI's propounded evidence, taken as true for the purposes of the motion, fell within the definition of loss under the CFAA and could plausibly meet or exceed the threshold amount of $5,000.

Thereafter, TSI issued written discovery and the parties conducted oral discovery. On November 28, 2012, the Court granted Mr. Griffin's motion to strike Louis Degradi's, the president and sole proprietor of TSI, affidavit in its entirety upon finding:

the transcript of that deposition reveals that Mr. Degradi did not know or was noncommital when repeatedly asked questions clearly designed to ascertain an estimate of his damages. Then, on 9/14/2012, six months after the close of discovery and the date on which Plaintiffs response to Defendant's motion for summary judgment was due, Mr. Degradi executed an affidavit in which he estimated that he had spent approximately 37.5 hours performing certain tasks such as contacting and working with approximately 25 unspecified clients in an effort to undo the damage caused by Defendant's alleged acts, for which $250.00 per hour is his standard rate and which amounts to $9,375.00. Based on Mr. Degradi's noncommital answers regarding this important issue in his deposition, the Court will not consider his affidavit, which is inconsistent with his depositional testimony, to create an issue of fact to defeat summary judgment. Minute Entry of November 28, 2012 Status Hearing [55] Now, before the Court are the parties' cross-motions for summary judgment.

Factual Background

TSI sued a former employee, Curtis Griffin, alleging violations of the Computer Fraud and Abuse Act, as well as state law claims for tortious interference and breach of contract. Mr. Griffin worked for TSI for about three years, providing IT consulting services as the primary technician to TSI's clients, including Deutsch Levy & Engel, a Chicago law firm. TSI fired Griffin on June 10, 2010. In its Complaint, TSI alleges that, on Friday, July 24, 2010 -- after he was fired -- Griffin accessed Deutsch Levy's computer network, using passcodes obtained by virtue of his former employment with TSI, and manipulated data, causing the network to crash. Complaint, ¶¶19, 21. On Monday, July 26, 2010, TSI was informed that Deutsch Levy's password protected Citrix server and network was inoperative and had been inoperative over the weekend, and all users were prevented from accessing the firm's network. That day, TSI dispatched a network engineer to investigate and resolve the issues related to the Citrix server.

TSI successfully rebooted the server, restoring the network and fixing the damage, at no cost to Deutsch Levy, using TSI's in-house technicians. However, in addition to rebooting the server and ensuring the corresponding devices were operational, TSI's network engineer also searched the server's event log files in an effort to understand the shutdown. Ex. E, ¶13. TSI alleges that the event log uncovered by the engineer on July 26, 2010, provided that the last session on the log was created by an unauthorized user with the printer name "Cogold1_HP Laser Jet 4 Plus/COG-Tosh1" who logged into the Citrix server two times on July 24, 2010, causing the event log service to stop, and effectively shutting down the Citrix sever. Ex. E., ¶25. TSI alleges that the printer name associated with the last unauthorized user belongs to Mr. Griffin. Ex. E., ¶¶30 and 31. Through this lawsuit, TSI seeks to recover from Mr. Griffin the costs it incurred through investigating, repairing, and missed opportunity costs by diverting its resources to the matter.

Legal Standard

A. Standard of Review for Motions for Summary Judgment

Summary judgment is proper when the "pleadings, depositions, answers to interrogatories, and admissions on file, together with the affidavits, if any, show that there is no genuine issues of material fact and that the moving party is entitled to judgment as a matter of law." Fed. R. civ. P. 56(c);Celotex Corp. v. Cartrett, 477 U.S. 317, 322-23, 106 S. Ct. 2584 (1986). The moving party bears the initial burden of demonstrating there is no genuine issue of material fact. Fed. R. Civ. P. 56(c). A genuine issue of material fact exists if the "evidence is such that a reasonable jury could return a verdict for the non-moving party." Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 248, 106 S. Ct. 2505 (1986).

Once the moving party has met the initial burden, the non-moving party "must offer more than a 'scintilla' of evidence to survive summary judgment." Roger Whitmore's Automotive Services v. Lake County, Illinois, 424 F.3d 659, 667 (7th Cir. 2005) quoting Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 252, 106 S. Ct. 2505 (1986). The non-moving party must produce specific facts showing there is a genuine issue of material fact, and the moving party is not entitled to judgment as a matter of law. Anderson v. Liberty Lobby, Inc., 477 U.S. at 252. Finally, all evidence and inferences must be viewed in the light most favorable to the non-moving party. Id. at 255. The Court is not, however, required to draw every conceivable inference from the record. Bell v. Duperrault, 367 F.3d 703, 707 (7th Cir. 2004) quoting McCoy v. Harrison, 341 F.3d 600, 604 (7th Cir. 2003).

B. Computer Fraud and Abuse Act

Section 1030(a)(5) of the CFAA provides for a civil cause of action when an individual (A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer; (B) intentionally accessed a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or (C) intentionally accessed a protected computer without authorization, and as a result of such conduct, causes damage and loss. 18 U.S.C. § 1030(a)(5)(B). In addition, to succeed on the merits of a CFAA claim brought under Section 1030(a)(5)(B), a plaintiff must prove the damage or loss resulted in losses to one or more persons during any one year period aggregating at least $5,000 in value. 18 USC § 1030(c)(4)(A)(i).

The CFAA provides specific definitions for "damage" and "loss". Del Monte Fresh Produce, N.A., Inc. v. Chiquita Brands International, Inc., 616 F. Supp.2d 805, 810, (N.D. Ill. 2009). The CFAA defines "damage" as any impairment to the integrity or availability of data, a program, a system, or information. 18 U.S.C. § 1030(e)(8). The CFAA defines "loss" as any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service. 18 USC. § 1030(e)(11).

Analysis

Plaintiff moves for summary judgment with its federal argument being that there is no genuine issue of material fact that Mr. Griffin violated the Computer Fraud and Abuse Act, which caused TSI in excess of $5,000 in damages through repairs and lost business. Defendant contends that TSI has failed to provide evidence in order to support the requisite amount of damages the Act demands. The Court agrees with Mr. Griffin, as the record fails to provide the Court with such evidence necessary to show that the guidelines CFAA makes clear have been met.

Despite the vast scope of definitions for "loss", many courts have held that, in order to state a claim based on loss, the loss must relate to the impairment or unavailability of data on the computer. See Del Monte Fresh Produce v. Chiquita Brands International, Inc., 616 F. Supp.2d at 811-13. (holding that the costs that an employer incurred in conducting a damage assessment did not constitute a loss under the CFAA, and dismissing employer's CFAA claim based on the former employer having e-mailed business data to a third party); Cassetica Software, Inc. v. Computer Sciences Corp., 2009 WL 1703015 at *4 (N.D. Ill. June 18, 2009)(stating that the "alleged loss must relate to the investigation or repair of a computer system following a violation that causes impairment or unavailability of data.").

Herein, Plaintiff has failed to provide the Court with any evidence that data was destroyed, erased, manipulated, sent to a third party, or essentially prove any kind of "damage" whatsoever. On the other hand, TSI has proved some "loss", as $150.00 worth of damages occurred when an employee of TSI was billed to reboot the computer after it was discovered that it had been temporarily shut down. Plaintiff argues that this $150 hourly rate should be multiplied by the number of client's passwords that had to be changed as a result of Mr. Griffin's unauthorized access. Even when utilizing this equation, TSI still does not come close to meeting, let alone exceeding, $5,000 in proven damages or loss.

Plaintiff's attempt to bolster its motion for summary judgment by employing the Court's denial of Defendant's motion to dismiss is unavailing. The Seventh Circuit has made clear that "summary judgment 'is the put up or shut up' moment in a lawsuit, when a party must show what evidence it has that would convince a trier of fact to accept its version of events." Johnson v. Cambridge Indust., Inc. 325 F.3d 892, 901 (7th Cir. 2003). With Mr. Degradi's affidavit stricken, along with his added $18,750 value in damages, TSI's only footing stands on its claim of damages totaling $6,225 - an amount that includes $3,112.50 in billable time, plus the same amount in missed opportunity costs. However, TSI's submitted evidence fails to aid this Court in understanding how it achieved such a number. Without admissible evidence at this juncture, the Court must deny Plaintiff's motion based on Counts I and II, as TSI cannot meet the requisite amount of damages necessary to file under the CFAA.

Plaintiff's final attempts at salvaging its federal case, without Mr. Degradi's affidavit and the necessary proof of threshold damages, are technical. TSI argues that Mr. Griffin filed his combined Response and Reply on January 7, 2013, several days after the Court's deadline for all summary judgment filings, and that Mr. Griffin failed to respond to Plaintiff's Local Rule

56 Statement of Uncontested Facts, nor its Statement of Additional Facts. As a result of Mr. Griffin's failure to respond, TSI argues that those facts are deemed admitted for purposes of TSI's summary judgment motion and Mr. Griffin's own motion. Undoubtedly, TSI is correct that when a responding party fails to dispute the facts set forth in the moving party's statement, those facts are deemed admitted. Raymond v. Ameritech Corp., 442 F.3d 600, 608 (7th Cir. 2006)(citing Wienco, Inc. v. Katahn Associates, Inc., 965 F.2d 565, 568 (7th Cir. 1992)).

However, the Court finds that, although Mr. Griffin failed to file a formal response in the manner dictated by local Rule 56.1, he did, in fact, respond to and effectively dispute the contested facts via his own Rule 56.1 Statement in support of his cross motion for summary judgment filed on September 18, 2012. Moreover, even if the Court were to treat Plaintiff's facts as if they were admitted, that does not mean that TSI automatically wins on its motion. Rather, TSI must still demonstrate that the undisputed facts entitle it to judgment as a matter of law. Id. (citing Reales v. Consolidated Rail Corp., 84 F.3d 993, 997 (7th Cir. 1996); Wienco, 965 F.2d at 568). The Court does not find that judgment as a matter of law is appropriate in this case.

The Court agrees with TSI that there is a substantial amount of evidence that could lead a trier of fact to believe that Mr. Griffin made unauthorized access to the Deutsch Levy Citrix server, as Mr. Griffin was terminated from TSI on June 10, 2010, and there is evidence that his unique initial and laptop signature, "COG-TOSH1", appeared on the log entry of access to the server on July 24, 2010 - almost two weeks after his termination. Nonetheless, the CFAA details a second crucial element, which is that a plaintiff must prove damages that aggregate to at least $5,000 in value. This pivotal provision of the Act has simply not been met. Therefore, Plaintiff's motion for summary judgment is denied, and the Court, instead, grants Defendant's motion for summary judgment on Counts I and II.

Conclusion

For the reasons set forth above, TSI's motion for summary judgment [43] is denied, and Defendant's cross motion for summary judgment as to Counts I and II of plaintiff's complaint [45] is granted. The Court elects to exercise its discretion in not ruling on Counts III and IV, which are state law claims with pendent jurisdiction. Thus, those claims are effectively dismissed. Finally, the Court finds that the actions surrounding the instant case do not warrant sanctions, thus, the Court denies Mr. Griffin's request for leave to file.

E N T E R E D:

20130430

© 1992-2013 VersusLaw Inc.



Buy This Entire Record For $7.95

Official citation and/or docket number and footnotes (if any) for this case available with purchase.

Learn more about what you receive with purchase of this case.