Court allows class action plaintiffs to set up social media accounts to draw in other plaintiffs

Some former interns sued Gawker media under the Fair Labor Standards Act. The court ordered the parties to meet and confer about the content and dissemination of the proposed notice to other potential class members. Plaintiffs suggested, among other things, that they establish social media accounts (Facebook, Twitter, LinkedIn) titled “Gawker Intern Lawsuit” or “Gawker Class Action”. Gawker objected.

The court permitted the establishment of the social media accounts. It rejected Gawker’s argument that the lack of evidence that any former intern used social media would make the notice ineffective. The court found it “unrealistic” that the former interns did not maintain social media accounts.

Gawker also argued that social media to give notice would take control of the dissemination out of the court’s hands. Since users could comment on the posted content, Gawker argued, the court would be “deprived” of its ability to oversee the message. The court likewise rejected this argument, holding that its “role [was] to ensure the fairness and accuracy of the parties’ communications with potential plaintiffs – not to be the arbiter of all discussions not involving the parties that may take place thereafter.”

Mark v. Gawker Media LLC, No. 13-4347, 2014 WL 5557489 (S.D.N.Y. November 3, 2014)

Using new employer’s credentials to copy former employer’s technology did not violate Computer Fraud and Abuse Act

This case arose from some rather complex but interesting facts:

8e19fbd8a556c7b63610c1cfd7782f10Defendant resigned from his job with an IT consulting firm. One of the firm’s customers hired defendant as an employee. Before the customer/new employer terminated the agreement with the IT consulting firm/former employer, defendant used the customer/new employer’s credentials to access and copy some scripts from the system. (Having the new employee and the scripts eliminated the need to have the consulting firm retained.) The firm/former employer sued under the Computer Fraud and Abuse Act. Defendants (the customer and its new employee) moved to dismiss for failure to state a claim. The court granted the motion.

It held that the complaint failed to allege “unauthorized access” within the Ninth Circuit’s interpretation of the CFAA.

The court looked to the Ninth Circuit’s holding in LVRC Holdings LLC v. Brekka, 581 F.3d 1127 (9th Cir. 2009), which provides that to access a protected computer “without authorization” is to do so “without any permission at all,” and that to “exceed authorized access” is to “access information on the computer that the person is not entitled to access.” And it looked to the more recent case of U.S. v. Nosal, 676 F.3d 854, 863 (9th Cir. 2012), which teaches that an individual does not “exceed authorized access” simply by misusing information that he or she was entitled to view for some other purpose. Under Nosal, the CFAA regulates access to data, not its use by those entitled to access it.

In this case, the court found that the complaint did not allege that defendants were unauthorized to access the scripts in question. In fact, the Statement of Work that the court reviewed specifically granted defendant’s employer and its representatives (including defendant) “sudo access” to “non-shell root commands” that included the scripts at issue.

Plaintiff argued that the access was unauthorized because it had repeatedly refused to grant defendant or his employer the authority to write or edit those scripts. But the court found that argument to address the misuse of the scripts, not unauthorized access. Under Nosal this conduct did not run afoul of the CFAA. So because the complaint failed to allege that defendant and his new employer had no access rights to the scripts, and because the documents upon which plaintiff relied revealed that defendants had certain access rights, the court dismissed the CFAA claim.

Enki Corporation v. Freedman, 2014 WL 261798 (N.D.Cal. January 23, 2014)

Facebook activity did not support claim that employee solicited former employer’s clients

Invidia, LLC v. DiFonzo, 2012 WL 5576406 (Mass.Super. October 22, 2012)

Defendant hairstylist signed an employment agreement with plaintiff that restricted her from soliciting any of plaintiff’s clients or customers for 2 years. Four days after she quit plaintiff’s salon, her new employer announced on Facebook that defendant had come on board as a stylist. One of defendant’s former clients left a comment to that post about looking forward to an upcoming appointment.


Either before or after she left plaintiff’s employ (the opinion is not clear about this), defendant had become Facebook friends with at least 8 of the customers she served while working for plaintiff.

Plaintiff sued for breach of contract and sought a preliminary injunction. The court denied the motion, in part because plaintiff failed to show evidence that defendant had violated the nonsolicitation provision.

The court found that it did not constitute solicitation of plaintiff’s customers to post a notice on Facebook that defendant was beginning work at a new salon. The court said it would have viewed it differently had plaintiff contacted a client to tell her that she was moving to a new salon, but there was no evidence of any such contact.

As for having clients as Facebook friends, the court noted that:

[O]ne can be Facebook friends with others without soliciting those friends to change hair salons, and [plaintiff] has presented no evidence of any communications, through Facebook or otherwise, in which [defendant] has suggested to these Facebook friends that they should take their business to her chair at [her new employer].

See also, TEKsystems, Inc. v. Hammernick.

Photo courtesy Flickr user planetc1 under this Creative Commons license

No Computer Fraud and Abuse Act violation for taking over former employee’s LinkedIn account

Eagle v. Morgan, 2012 WL 4739436 (E.D.Pa. October 4, 2012)

After plaintiff was fired as an executive, her former employer (using the password known by another employee) took over plaintiff’s LinkedIn account. It kept all of plaintiff’s contacts and recommendations but switched out plaintiff’s name and photo with those of the new CEO.

LinkedIn identity writ large

Plaintiff sued in federal court under the Computer Fraud and Abuse Act, the Lanham Act, and a slew of state law claims including identity theft, conversion and tortious interference. The former employer moved for summary judgment on the CFAA and Lanham Act claims. The court granted the motion, but continued to exercise supplemental jurisdiction over the state law claims.

On the CFAA claim, the court found that plaintiff failed to show how the taking over over her account gave rise to a cognizable loss under the CFAA. The kinds of losses she tried to prove, e.g., lost future business opportunities and professional reputation, did not pertain to any impairment or damage to a computer or computer system. Moreover, the court found, plaintiff failed to specify or quantify the damages she alleged.

As for the Lanham Act claim, the court found that there was no likelihood of confusion. It noted that “anyone who navigated to [plaintiff’s] LinkedIn account would be met with [the new CEO’s] name, photograph and new position.” Accordingly, there was no effort to “pass off” the new CEO as plaintiff or to otherwise suggest an endorsement or affiliation.

Though it dismissed all the federal claims, the court kept the pending state law claims. The matter had been before the court for over a year, the judge was familiar with the facts and the parties, and dismissing it so soon before trial would not have been fair.

Other coverage by Venkat.

Photo credit: Flickr user smi23le under this Creative Commons license.

1 2 3 4 5 6 7