Impostor bids in online auction sufficient allegation of interrupted service under CFAA

Yoder v. Equipmentfacts, 2011 WL 2433504 (N.D.Ohio June 14, 2011)

[This is a post by Jackson Cooper. Jackson graduated from DePaul University College of Law in May 2011 with a certificate in intellectual property and information technology law. Jackson also recently passed the Kentucky bar exam and will begin practicing soon. You can find him online at jacksonccooper.com or follow him on Twitter at @jacksoncooper.]

The plaintiffs here were an auction company and a firm employed to assist them with running a private online auction.  They sued the defendant, a firm previously employed by the auction company to assist them with running online auctions.  The plaintiffs  alleged violations of the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030, stemming from the defendant’s unauthorized access to a private auction conducted by the plaintiffs after the defendant’s relationship with the auction company was terminated.  According to the plaintiffs, the defendant made unauthorized access to the auction system using an administrative user name and password to post negative comments, and later impersonated a customer in order to place fraudulent bids as that customer.  The plaintiffs further alleged that the defendant, posing as a customer, won auctions for over one million dollars of equipment and failed to pay on those winning bids.

The defendant asked the court to dismiss the CFAA claim, challenging the plaintiffs’ pleadings on the issue of “loss” as defined by the CFAA. The CFAA defines “loss” as “any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.” Plaintiffs alleged lost commission resulting from the defendant’s fraudulent bids and resulting failed auctions.  Defendant claimed that the small scale sabotage as at issue here did not satisfy the “interruption of service” requirement, and therefore could not support the claimed violation of the CFAA.

The court, noting the lack of a definition of “interruption of service” in the statute and the lack of case law dealing with disruptions of this type, treated the issue as one of first impression.  The court concluded that the disruption alleged here was sufficient to support the “interruption of service” requirement in the CFAA.

The court found that the defendant’s alleged “intentional disruption of even a portion of the online auction” constituted an interruption of the service of the site. Although the auction system was not taken offline by defendant’s alleged activities, the court found that thwarting individual transactions and the resulting denial of service to plaintiffs and their customers was an interruption as envisioned by the statute.