Searching over 5,500,000 cases.

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

Colorado Republican Committee v. Doe

United States District Court, D. Colorado

July 21, 2016

JOHN DOE, Defendant.


          Marcia S. Krieger Chief United States District Judge.

         THIS MATTER comes before the Court sua sponte, upon the Court's May 24, 2016 Order to Show Cause Why Case Should Not Be Dismissed (# 7), the Plaintiff's ("CRC") response (# 8), and CRC's Amended Complaint (# 9).

         The Court assumes the reader's familiarity with the proceedings to date, particularly the recitation in the prior Order to Show Cause, and will not attempt to summarize those matters.

         CRC argues that its Amended Complaint cures the defects addressed in the Court's Order to Show Cause, specifically: (i) it identifies time spent by its staff investigating the unauthorized access as the "loss" that it suffered under 18 U.S.C. § 1030(e)(11), (g); and (ii) that the "threat to public health or safety" required by 18 U.S.C. § 1030(c)(4)(A)(i) and (g) is satisfied by allegations that it was reasonably foreseeable that the publication of the unauthorized message would induce third parties to respond with threats of harm to CRC officers. Although the Court accepts the first proposition, it finds the second to be deficient as a matter of law.

         In the Order to Show Cause, the Court previously addressed why 18 U.S.C. § 1030(g)'s "involves" language requires a plaintiff to allege that the unauthorized computer access itself poses a risk to public health or safety, and that the requirement is not satisfied by an allegation that the unauthorized access indirectly caused such a risk to emerge from another source. CRC's response cites to various cases that have used the term "caused" in discussing other provisions of the Act.

         The Court finds these cases to be off-point and unpersuasive. For example, Global Policy Partners, LLC v. Yessin, 686 F.Supp.2d 642, 646-47 (E.D.Va. 2010), discusses the use of a causal standard when considering the predicate act of a loss exceeding $5, 000 under §1030(c)(4)(A)(i)(I). Claims predicated on that section necessarily invoke the statutory definition of the term "loss" in § 1030(e)(11), which broadly encompasses a wide range of costs and "consequential damages" that flow proximately from an unauthorized access. This suggests that a proximate cause-type analysis is appropriate when assessing the components of such a claimed loss, but that same logic does not warrant a similar analysis to the more straightforward "threat to public health or safety" predicate harm in § 1030(c)(4)(A)(i)(IV). The other cases relied upon by CRC invoke the "$ 5, 000 loss" predicate, not the "public health and safety" predicate, and thus, they are all unpersuasive for the same reason.[1]

         The Court's own research has not yielded any caselaw in which a plaintiff invoked the "public health and safety" provision under § 1030(g) where there was exploration of what conduct falls within the provision. As a matter of first impression, this Court concludes, for the reasons previously stated, that an act of unauthorized access "involves" the factor of "a threat to public health or safety" when the access itself creates that threat, but not when a third-party's foreseeable[2] reaction to the unauthorized access creates that threat.

         As discussed previously, the threat requirement might be met if the unauthorized access disables computers or deletes data essential to providing medical treatment, public utilities, or emergency response services, but not where the unauthorized access has a benign primary effect but induces others to harmful acts. For example, a user who hacks into the social media account of a classmate and encourages him or her to commit suicide might be liable for engaging in conduct posing a risk to health and safety, but a user who hacks into the same classmate's account and merely taunts the classmate for being unattractive cannot be said to have engaged in conduct threatening public health and safety even if the now-despondent classmate reacts to the taunting by committing suicide. Such example entails the user specifically employing the unauthorized access to bring about the risk to public health, and in such circumstances, the use of a predominantly criminal statute to afford civil relief might be proper. The latter example draws upon the complex, wide-ranging, and sometimes attenuated principles of tort causation, importing that sprawling and imprecise inquiry into a statute that was clearly intended to have a narrow, focused reach.

         Consistent with this the limited jurisdiction of the federal courts and general rules of statutory construction, the Court finds that a constrained interpretation of § 1030(g) is the appropriate, and thus finds that the CRC's allegations that Doe's unauthorized access induced third parties to make threats to public health and safety fails to state a claim under § 1030(c)(4)(A)(i)(IV) and (g).

         Accordingly, the Court finds that the CRC's Amended Complaint fails to state a claim under 18 U.S.C. § 1030(g). The Amended Complaint is DISMISSED and the Clerk of the Court shall close this case.



[1] CRC's Amended Complaint does not attempt to allege that its losses attributable to Doe's unauthorized access exceed the $ 5, 000 requirement. At most, it quantifies two particular expenses: the value of Kyle Kohli's salary for time he spent responding to press inquiries about the unauthorized message, which CRC estimates to be $ 1, 187.50; and the value of one day's salaries for four CRC office staffers whose time was lost when CRC was forced to close its office for one day in response to the threats, a value that CRC fixes at $ 852. CRC identifies other losses it also suffered, but does not attempt to quantify them, nor does it assert that these losses exceed $ 5, 000 under § 1030(c)(4)(A)(i)(I).

[2] The Court need not reach the question of whether the CRC's Amended Complaint's allegations are sufficient to plead that it was foreseeable that Doe's "We Did It! #NeverTrump" message would induce others into making threats. Notably, although the CRC's response to the Order to Show Cause contains some argument and evidence as to why such threats would be a foreseeable result of the message being posted, those allegations are not ...

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.