Restraining Amazon.com's Orwellian potential: the Computer Fraud and Abuse Act as consumer rights legislation.
I. INTRODUCTION II. THE GA WRONSKI SETTLEMENT A. The Amazon Kindle B. The Gawronski Complaint and Settlement C. Historical Background: Expansion and Restriction of the CFAA III. THE ADVANTAGES OF THE CFAA OVER OTHER REMEDIES A. Analysis of Gawronski's CFAA Claim on the Merits B. Comparison of the CFAA Claim and Other Remedies 1. Breach of Contract and State Law 2. Trespass to Chattels IV. CONCLUSION
Amazon.com revealed a capacity for irony when it remotely deleted certain copies of George Orwell's 1984 and Animal Farm from its Kindle e-book readers in 2009. (1) In response, two users filed a class action lawsuit against Amazon.com. (2) Among several causes of action, the plaintiffs claimed that Amazon.com had violated the Computer Fraud and Abuse Act of 1986 (CFAA) by causing harm to their Kindles without authorization. (3) The lawsuit is one example of the ways that the CFAA has grown since it was enacted. (4) The Gawronski lawsuit is a useful case study that shows why the expansion of the CFAA is a good thing for consumers, and why recent restrictions on the Act should not prevent lawsuits like the one Justin Gawronski brought against Amazon.com.
In recent years, the CFAA has been criticized as too expansive. (5) What started as a law to prevent hackers from harming federal computer systems has grown to encompass behavior that is not typically considered hacking. For example, the CFAA is now commonly used in private civil claims of employers against employees who use work computers for unauthorized purposes. (6) The CFAA has strayed far from its original purpose, causing a rise in federal litigation that would not otherwise exist. (7) Recent cases that curtailed employers' remedies for disloyal employees, along with one that declined to extend criminal penalties to a breach of a website's terms of service, mark the beginning of a move toward reining in the scope of the CFAA. (8) In many areas, the new judicial restraint may be justified. (9) But the civil causes of action arising under the CFAA deter some behavior that should be curtailed, like Amazon.com's unauthorized deletion of e-books.
A powerful CFAA can protect consumers from one-sided licensing deals like the purchase of e-books. One of the CFAA's unique benefits over alternative causes of action, like trespass to chattels, is that it creates uniform treatment for Internet-based contracts because the federal system has greater potential for uniformity than state law. The CFAA also has the conceptual advantage of conceiving of e-book ownership as a bargained-for set of rights in a file, not as personal property in the same way that physical books are property. (10) This concept more accurately reflects the reality of the e-book market than do alternative causes of action. Instead of categorically restricting the CFAA to cover only hacking, the CFAA should continue to apply to devices like the Kindle. Any future judicial or statutory restraints on the statute should not constrain e-book purchasers' ability to use the statute to protect themselves from the licensors of e-book files. In addition, a revision of the CFAA expressly creating a cause of action for tethered e-book readers should be added.
II. THE GAWRONSKI SETTLEMENT
A. The Amazon Kindle
The Amazon Kindle is a handheld wireless device that displays electronic books that have been purchased from Amazon.com's online Kindle Store. (11) Amazon's Whispemet, the network that tethers the e-reader to Amazon.com and allows downloading of e-books, is accessible from any Kindle without extra fees. (12) Amazon.com also created a free software download for PC that displays Kindle e-books for those who want to read e-books on a traditional computer screen. (13)
The Amazon Kindle has become one of the most popular devices in consumer electronics. (14) Amazon.com announced that the Kindle was its most popular gift item during the 2009 holiday season and that sales of e-books surpassed sales of traditional paper books for the first time in the few days following December 25, 2009. (15) Kindle e-book files prevent users from sharing or transferring the files in ways that violate the Amazon Kindle User Agreement. (16) The Kindle's popularity has caused several competitors to release their own e-readers, most notably the Sony Reader and the Barnes & Noble NOOK. (17) Competing models and stores operate in essentially the same way as the Kindle.
B. The Gawronski Complaint and Settlement
In July 2009, Kindle owners booted up their e-readers only to see that their copies of George Orwell's 1984 and Animal Farm had been remotely deleted from their systems. (18) Certain works of Ayn Rand went missing as well. (19) Other than providing a refund for the missing books, Amazon.com refused to explain the deletions, but later admitted that it had removed the e-books because of copyright problems. (20) According to a statement later made by Amazon.com, the particular e-books had come from Canada, where copyright protection lasts for the life of the author plus fifty years. (21) Orwell's books are public domain in Canada; however, they were still under copyright in the United States, where copyright protection lasts 95 years after the publication date for works published before 1978. (22) If the copyright owner had brought suit against Amazon.com, the company could have faced anywhere between $750 and $150,000 in statutory damages for each infringing work. (23) Once Amazon.com realized its mistake, it immediately stopped selling the e-books in its Kindle Store and retrieved the copies it had already sold. (24) Amazon.com employees remotely accessed the Kindles of each person who had bought the offending e-books and deleted the files, immediately reimbursing the purchase price of the book. (25)
In response, two plaintiffs, Justin Gawronski and Antoine Bruguier, brought a class action lawsuit against Amazon.com in the United States District Court in the Western District of Washington on July 30, 2009. (26) The plaintiffs claimed that Amazon.com harmed them by taking away their property--the e-book files--and also claimed that they had lost valuable electronic marginal notes (such as "remember this paragraph for your thesis"), which were useless without the corresponding files. (27) The complaint alleged that Amazon.com had breached its own terms of service by deleting the files. (28) The complaint also claimed trespass to chattels and a violation of the Computer Fraud and Abuse Act. (29) The plaintiffs identified three classes in the lawsuit: the Kindle Class, which includes all owners of the Kindle, Kindle 2, or Kindle DX; the Big Brother Class, which includes all individuals who had an e-book deleted by Amazon.com; and the Big Brother Work-Product Subclass, which includes anyone who had made marginal notes on an e-book that Amazon.com had deleted. (30)
the Kindle purchaser the "non-exclusive right to keep a permanent copy" of each purchased Work and to "view, use and display [such Works] an unlimited number of times, solely on the [Devices] ... and solely for [the purchasers'] personal, non-commercial use," it will not remotely delete or modify these books from Kindle devices purchased or being used in the U.S. (35) There were, however, some exceptions to the settlement: Under the settlement, Amazon retains the right to continue to unilaterally delete books from Kindle devices if: (a) the user consents, (b) the user requests a refund or fails to pay for the book, (c) a judicial or regulatory order requires deletion, or (d) deletion or modification is necessary to protect the user, the Kindle device or Amazon's network. In addition, Amazon agreed to pay a $150,000 fee to the plaintiffs' counsel, which in turn agreed to "donate a portion of that fee to a charitable organization that promotes literacy, children's issues, secondary or post-secondary education, health or job placement." (36)
Faced with the risk of paying damages to a large class of its customers, Amazon.com also suffered a media backlash. (37) Blogs and news articles (and the complaint itself) pointed to the Big Brother-like deletion. (38) The invasiveness of the deletion seemed to irk Kindle users more than a simple breach of contract would have, especially since Amazon.com had already refunded the purchase price of the books by the time the story had attracted much attention. (39) The realization that Kindle e-books were unlike traditional paper books seemed to be sinking in; the Kindle is not a private bookshelf unreachable by the seller, but is in fact a device constantly tethered to an online seller. (40) A tethered device allows the seller much greater access to its goods than that to which many people are accustomed. Devices like the Kindle, assuming their popularity will continue as their prices drop and their availability rises, raise new legal issues for book buyers and are changing not only the way people read books, but also the way people own books. Applying the CFAA to unauthorized use of tethered devices could help regulate behavior and protect people's rights as book owners.
C. Historical Background: Expansion and Restriction of the CFAA
The Computer Fraud and Abuse Act of 1986 (41) was originally designed to impose criminal penalties on computer hackers who caused harm to federally owned computers, but the statute has been amended multiple times since 1986. (42) Today, the CFAA prohibits unauthorized access to "protected computers," which includes any computer connected to the Internet or any computer that has moved in interstate commerce. (43) Perhaps the most significant amendment to the CFAA inserted a provision that created a private cause of action in addition to the already-existing criminal penalties. (44) This private cause of action is the one used in the Gawronski suit.
A cause of action brought under the CFAA requires a showing of damage and loss. (45) Damage is "any impairment to the integrity or availability of data, a program, a system, or information," while loss includes any reasonable cost to the plaintiff, "including the cost of responding to an offense, conducting a damage assessment, and restoring" the damaged system to its prior condition. (46) Loss also can include "any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service." (47) This broad definition of loss is significant because anyone bringing a civil action may obtain damages only if he or she can show one of the following: loss of at least $5,000 per year, medical harm, physical injury, threat to public health or safety, or damage to a government computer. (48) Since the calculation of loss can include damage assessments, which are easy to incur after the fact for the sole purpose of bringing suit, this requirement is easy to meet.
The civil provisions of the CFAA have been used primarily by employers attempting to block employees and former employees from using company data to start competing companies or sell company data to competitors. (49) Many of these suits could have been handled under traditional contract law in state court, but the plaintiffs have used the CFAA as a way to move into federal court. (50) Recently, however, courts have tried to reduce the scope of the CFAA. For example, in LVRC Holdings LLC v. Brekka, the Ninth Circuit declined to hold that a former employee was acting "without authorization" when he e-mailed his employer's financial statements to his home computer and later used those statements to start a competing company. (51) According to the court, because the employee was using his own password and credentials to log in to the company computer, he was acting with authorization and could not be held liable under the CFAA. (52)
The CFAA's criminal cause of action has also been restricted as part of the general trend. The defendant in the highly publicized cyberbullying case United States v. Drew, also known as the "MySpace Mom" case, was acquitted in 2009 via a judgment notwithstanding the verdict. (53) The prosecution in Drew argued that an intentional breach of a website's user agreement, which prohibited the creation of a false profile, amounted to a criminal violation of the CFAA. (54) The court refused to extend criminal penalties to a violation of a website's terms of service, reasoning that the prosecution's theory of the case far surpassed the original purpose of the CFAA--namely, to prevent hackers from damaging computer systems. (55)
Like the prosecutors in the Drew case, the Gawronski plaintiffs were also asking a court to apply the CFAA to a defendant who is not a typical hacker. However, Amazon.com as a defendant caused damage that was more like the anticipated harm from a hacker than the harm Drew caused. While the CFAA has been rightly restricted in some contexts, like cyber-bullying, the restrictions need not extend to any activity that was not strictly contemplated by the original drafters of the statute. In fact, the CFAA gives some plaintiffs benefits that other causes of action do not.
III. THE ADVANTAGES OF THE CFAA OVER OTHER REMEDIES
The plaintiffs in Gawronski listed several causes of action in addition to the CFAA, including breach of contract, violation of a Washington consumer protection law, and trespass to chattels. (56) Critics of the modem CFAA have said that it is being used to cover too many situations, and that it amounts to an abuse of federal jurisdiction when plaintiffs use it as an excuse to get out of state court and into federal court. (57) As this Note will show, the CFAA is a useful cause of action in cases like Gawronski, more so than the other remedies available to plaintiffs.
A. Analysis of Gawronski's CFAA Claim on the Merits
Amazon violated 18 U.S.C. [section] 1030(a)(5)(A)(i) by knowingly causing the transmission of a command to delete content to Plaintiffs' Kindles, which are protected computers as defined in 18 U.S.C. [section] 1030(e)(2)(B) because they are used in interstate commerce and/or communication. By deleting content from Plaintiffs' Kindles by way of remote deletion, Amazon intentionally caused damage without authorization to Plaintiffs' Kindles.... Amazon violated 18 U.S.C. [section] 1030(a)(5)(A)(iii) by intentionally accessing Plaintiffs' Kindles, protected computers, without authorization, and as a result, caused damage to Plaintiffs' Kindles by remotely deleting content stored on them. (59)
Amazon.com has publicly admitted to removing particular e-books from users' devices, as asserted by the plaintiffs, so the plaintiffs would have been able to prove at least that much of a CFAA claim. (60) One potential sticking point for the court may have been whether a Kindle was in fact a computer as defined in 18 U.S.C. [section] 1030(e)(1), which defines a computer as "an electronic ... device performing logical, arithmetic, or storage functions ... but such term does not include an automated typewriter or typesetter, a portable hand held calculator, or other similar device." (61) Amazon.com may have been able to argue, therefore, that Kindle is more like a calculator than a computer, given that it does not have a full computer's functions, but that argument likely would not have succeeded. Because Kindles are sophisticated enough to have a web browser, limited word processing functions for marginal notes, and the ability to download and store files, the Kindle is more like a computer than a calculator.
For the damages requirement, the CFAA requires plaintiffs to prove a loss of at least $5,000 to recover under the Act. (62) The plaintiffs' argument is split here between the two specific plaintiffs and two different classes of plaintiffs:
Plaintiffs and Big Brother Class members suffered damages even though Amazon refunded the cost of the purchased content to Plaintiff and Big Brother Class members because: 1) they now have to replace the deleted content at a higher cost; and, 2) their Kindles were reduced in value by way of the deletion in that an electronic reading device that enables Amazon to remotely delete content is less valuable than one not subject to unconsented remote deletions of content. Plaintiff Gawronski and the Big Brother Work-Product Subclass suffered damages because they created content on their Kindles within the purchased content that Amazon deleted. The remote deletions rendered their work-product useless and worthless because their work-product necessarily was linked to the deleted purchased content. As a result, Plaintiff Gawronski and the Big Brother Work-Product Subclass must expend further resources and effort in order to recreate their now useless work-product. As a result of these takings, Amazon's conduct has caused a loss to one or more persons during any one-year period aggregating at least $5,000 in value in real economic damages. (63)
Loss is defined in the statute as,
any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data ... or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.... (64)
The plaintiffs and the Big Brother Class claimed damages because they had to replace the deleted content at a higher cost because, presumably, the refund is less than the purchase price they would pay at an American-owned e-store where the copyright on Orwell's work is still valid. This difference in price fits clearly within the CFAA's definition of loss, as it represents the cost incurred by restoring the data to its prior state, but the loss in value of their devices is harder to evaluate. The difference in value between a Kindle that ensures permanent copies and one that does not make that guarantee is a subjective value, or is at least difficult to determine. Recalling that only aggregate loss matters under the statute, the $5,000 threshold seems within reach for a lawsuit with such a large class. The aggregate value of the e-books would likely succeed $5,000 in purchase price alone. The marginal notes would likewise have value, even though it would be subjective and difficult to measure, but even a nominal amount spread across a class would likely reach $5,000. The Gawronski plaintiffs would have, in all likelihood, been able to make a solid prima facie case for a CFAA violation.
B. Comparison of the CFAA Claim and Other Remedies
The CFAA has several advantages over other available remedies. First, because the federal system has greater potential for uniformity than state law does, the CFAA allows for more uniform treatment of Internet-based contracts. Compared to trespass to chattels, the CFAA more accurately reflects the reality of the e-book market--the CFAA has the conceptual advantage of conceiving of e-book ownership as a bargained-for set of rights in a file, not as personal property in the form of physical books. A too-broad limitation on the CFAA would deprive plaintiffs of the remedies the CFAA affords them. A revision of the CFAA expressly creating a cause of action for Internet-based contracts, like the one Amazon.com has with its Kindle, should be added. Such a revision would be a suitable middle-ground that would allow for restrictions to the CFAA in areas like employment law but would preserve the protections for circumstances like those in the Gawronski complaint.
1. Breach of Contract and State Law
Expecting users to resolve their disputes regarding Internet contracts for e-books in state court creates the problem of lack of predictability. Uniformity is one advantage that the CFAA lends to lawsuits related to e-book readers. Because the CFAA allows plaintiffs who have a dispute involving unauthorized access to their computers to move into federal court, the CFAA makes it easier for both users and companies who sell tethered devices to understand the rules of their dealings. Specifically, the CFAA could provide a clear, uniform rule that no unauthorized access would be permitted to any tethered device. Such a federal law would prevent the company from taking advantage of any specialized state rules that may be difficult for an individual user to discover--for example, a state rule that inferred authorization so long as the users were compensated for a deleted file. That type of state rule, if given time to develop in a particular jurisdiction, could add a hidden term into an otherwise transparent contract. The problem would be complicated if there were many different e-book stores online, so that a user could potentially be agreeing to contracts governed by several different state contract laws. While such a system would still be workable, having a strong federal rule governing Internet transactions makes it easier for an Internet user to understand exactly what laws apply to a transaction. Admittedly, circuit splits could cause unpredictability, but not to as great an extent as with state law. In any event, plaintiffs could move into federal court anyway using diversity jurisdiction, since most users would not live in the same states as the companies. For Internet contracts especially, then, federal laws may be the best way to regulate companies' behavior.
The same reasoning applies to the cause of action for violation of Washington state law.67 The Gawronski complaint alleges a violation of the Washington Consumer Protection Act (CPA), which provides that " [u]nfair methods of competition and unfair or deceptive acts or practices in the conduct of any trade or commerce are.., unlawful."68 The existence of such a law is not guaranteed in all jurisdictions, and a company might draft its contract so as to be governed by the laws of a less consumer-friendly state. The availability of a federal cause of action ensures that an Internet user has a better idea of what remedies are available to him or her. The user will be able to draw upon various state remedies, but no matter what, the federal law will still apply and be available as well.
This Note proposes that the CFAA should be expanded in part, especially if it is curtailed in other areas, like employer-employee disputes. For example, Congress could add a definition for tethered devices so that it includes devices like the Kindle and the NOOK. The amendment could simultaneously create a separate cause of action for deleting files contained on the device without express consent. The CFAA could require renewed consent for each file and ban a blanket authorization by contract.
Such an amendment to the statute would have certain advantages. Most important, it would protect users' property rights in their e-books. Cementing property rights in an electronic medium is especially important because most electronic media are dispensed over the Internet by large companies like Amazon.com. A typical Internet user has almost no bargaining power compared to Amazon.com or Barnes & Noble. It would be all too easy for large, web-based companies to create a "Big Brother" custom where books can be deleted at the whim of the sellers, so long as such a blanket provision was in their terms of service. Preempting the dangers of new technology is in the spirit of the original CFAA, which was created because of fears related to computer hackers. Today, people might more likely be afraid of the abuses of powerful companies.
This dystopian possibility is real enough in consumers' eyes, hence the media backlash from Amazon.com's actions. If Amazon.com had accidentally sold a different, less dystopian book--say, a Harlequin romance--without the proper copyright permission and then deleted it, there is a significant chance that the deletion would not have made news at all. Amazon.com had compensated the users, after all, and the most loss any person experienced was missing marginal notes. The unlucky coincidence that it was George Orwell's work that was deleted touched on a raw nerve that elevated the problem from economics to a matter of principle.
2. Trespass to Chattels
The increasing use of computers in the 1990s led to an expansion of the common law doctrine of trespass to chattels to create civil liability for causing harm through unauthorized use of computers. (74) Originally, trespass to chattels (commonly known as "conversion's little brother") was an infrequently used doctrine that provided a remedy for interference with chattels that caused harm, but not enough harm to constitute conversion. (75) Unlike trespass to real property, a prima facie case for trespass to chattels requires actual harm to the chattel; unlike conversion, a person liable for trespass to chattels owes only actual damages, not the full value of the chattel. (76)
To prove a trespass to chattels case, the plaintiff must show that the defendant intentionally dispossessed another person of the chattel, or used or intermeddled with a chattel in another's possession. (77) "Intermeddling" means intentionally causing physical contact. (78) The plaintiff must prove that he or she suffered damage because of one of the following: the plaintiff was dispossessed of the chattel; the chattel's condition, quality, or value was impaired; the plaintiff was deprived of the use of the chattel for a substantial time period; or the plaintiff suffered bodily harm or harm to some person or thing in which the plaintiff has a legally protected interest. (79) Finally, the intermeddling must be more than nominal. (80)
The elements of a trespass to chattels claim as applied to computers began to change with the case eBay, Inc. v. Bidder's Edge, Inc., in which the court considered the risk of future potential harm when analyzing the severity of the intermeddling. (81) Defendant Bidder's Edge was using a software robot to continuously search eBay to populate an auction aggregation site. (82) eBay asked Bidder's Edge to stop the continuous searching, and eBay also attempted to block the robots, but Bidder's Edge used proxy servers to bypass the IP address blocks, (83) Bidder's Edge is significant for two reasons: first, the court found that although websites are open to the public, Bidder's Edge acted without authorization because eBay's physical servers were private property---chattels--with which Bidder's Edge had interfered; and second, the court found that Bidder's Edge had proximately damaged eBay's chattels by using some of the server's resources as bandwidth, (84) The court admitted that Bidder's Edge did not harm or noticeably slow eBay's system, but more than nominal damage would have occurred if other companies had decided to join Bidder's Edge in continually crawling eBay's website. (85) This holding expanded the common law trespass to chattels doctrine because now nominal damage was sufficient, so long as the plaintiff could invoke the fear of encouraging others to copy the defendant,s6 Because the court considered possible future harm, the threshold for damage in trespass to chattels cases was, by that time, almost nonexistent.
This low threshold for damage allowed the Gawronski plaintiffs to add trespass to chattels as one of their causes of action. Even if they could not prove later on that they had suffered $5,000 worth of damage--as required to recover under the CFAA--they could at least advance a trespass theory. Furthermore, there is a possibility that trespass to chattels as redefined in Bidder's Edge could include more than just the value of the single missing e-book and the loss of the marginal notes. The future potential harm calculation from Bidder's Edge could give plaintiffs more than actual damages; it could include the value of loss from future potential deletions. However, this extra benefit is unlikely because the Gawronski facts are based on a loss of a particular file, not from use of system resources.
The tort case for the Gawronski plaintiffs would likely succeed. The plaintiffs could easily prove that Amazon.com intentionally dispossessed the plaintiffs of the chattel (the e-book). Under that theory, though, the status of the marginal notes is not as certain as it would be under a breach of contract or a CFAA claim. The value of the marginal notes could be either a user modification to the e-book that increased the chattel's value, or it could be a separate chattel all on its own as a separate user file. Under the latter theory, the marginal notes would have been "intermeddled with" rather than dispossessed, because the notes remained on the Kindle but were useless without context. Either way, the plaintiffs likely could establish a prima facie case for trespass to chattels.
Trespass to chattels as a remedy for unauthorized deletions from a tethered device is susceptible to the same problems as state-based contract claims. The common law nature of tort remedies means that different jurisdictions may treat trespass to chattels differently. One court may decide that the common law requirement of actual damage to a device should apply to tethered devices. How much damage must be done to a device, and what exactly constitutes damage, are also variables subject to reinterpretation by state courts. For example, one court could reasonably hold that deletion of a single file with immediate, reasonable compensation is merely nominal damage, while another could reasonably conclude that the same action is actual damage to a chattel. The distinction could turn on what exactly the court determines to be the chattel. If the chattel is the device, then a compensated deletion could seem minor, but if the chattel is determined to be the e-book file itself, then the damage seems more significant. There could be uncertainties in a single jurisdiction where the issue has not been decided, and also uncertainties between jurisdictions when an Internet user does not have the resources or bargaining power to predict or control the eventual venue of a dispute.
As discussed above, a further amendment to the CFAA that expands the statute to explicitly cover tethered devices like e-readers would bring the statute more in line with current technology. The CFAA was not designed with Kindles or other tethered devices in mind, but fixing an outdated statute by amending it to cover new technology seems a better solution than stripping the CFAA of its current uses and focusing solely on hacking. While hacking remains a concern, new technology has emerged such that consumer rights are now a matter pressing on the public's consciousness. An expanded statute would be able to better protect consumers who face technologies that offer limited rights in media.
Similarly, trespass to chattels was designed to cover personal property before computer files existed, so its underlying rationale does not necessarily apply to virtual property. Courts' reinterpretation of the old doctrine, as in Bidder's Edge, shows that new technology has changed the meaning of chattel. Or, more accurately, courts have changed the doctrine to remedy inequities for which there was no appropriate modern relief. Rather than twisting an almost-forgotten tort to protect consumers of a new device, amending the CFAA is a better, more thoughtful response because drafting legislation gives Congress more control over how the law will be applied. Allowing new doctrines to develop in the common law could lead to different results in different jurisdictions. A differing jurisdictional approach has little to do with the average Internet user's expectations that the law will apply similarly to contracts with Amazon.com and with Barnes & Noble.
Significantly, the CFAA has a conceptual advantage over trespass to chattels, because it better mirrors how the market currently treats e-books. This is because trespass to chattels does not quite conceptually fit what is happening when someone accesses a computer without authorization and deletes a file. Trespass to chattels, as mentioned, requires the chattel itself to be harmed, and it is not even clear whether a file will be considered a chattel--as a physical book would be. Intel Corporation v. Hamidi made it clear that harm to a particular chattel is required for the tort. (87) In Hamidi, the harm a former employee did to a company was harm to the company, not to the physical computers.88 In the context of e-books, the only thing that is inarguably a chattel is the device itself, not the file. Deleting a file does not necessarily physically damage a computer.
The problem with what Amazon.com did to its Kindle users was that it accessed the Kindles and changed content without the users' consent. The concept behind the CFAA is that two parties assign each other a set of permissions, and the parties must abide by those permissions. Any unauthorized access that does enough harm may give rise to a civil cause of action. The key is that the CFAA treats e-books as a nexus of different rights: the company reserves the right to remove the e-book if it is not paid for, and the user retains the right to a permanent copy so long as it is paid for. Users may think of the books as their "personal property" in the same way that they may think of books on their shelves as personal property, thus subject to the doctrine of trespass to chattels. But tethered devices are sui generis because they operate by giving users permission to view a file, not by actually allowing a user to physically possess the product.
The "permissions" treatment of e-books under the CFAA is more in line with the legal landscape of e-books. This parallel makes the CFAA a useful remedy because it conceptually fits the problem. While the Gawronski plaintiffs certainly had a strong chance of succeeding on a trespass to chattels claim, the CFAA more accurately reflects the legal status of e-books. Any revision of the CFAA should explicitly account for e-books as something valuable to protect.
Although the dispute quickly settled, the Gawronski lawsuit remains a useful case study that shows why applying the CFAA to situations involving e-books is important to protect consumers. It is enlightening to examine this case because the CFAA has been criticized as too expansive. The original intent of the CFAA was to prevent hackers from harming federal computer systems, but now it is applied to many different situations, including employment suits. Recently, courts have begun to restrict the CFAA to return the statute to its original purpose--but courts should be careful not to go too far. If the CFAA were appropriately amended, it could not only avoid such restrictive intrepretations by courts, but it also has the potential to protect consumers from one-sided licensing deals like those found in the current e-books market.
As it currently exists, the CFAA provides several advantages to consumers that other causes of action do not. First, the CFAA provides a way for consumers to access federal courts, which can ensure a more uniform treatment of Internet-based contracts than does state law. The CFAA also has the conceptual advantage of conceiving of e-book ownership as a bargained-for set of rights in a file, not personal property in the same way that physical books are property. This concept more accurately reflects the reality of the e-book market than common law approaches.
To take further advantage of these benefits, a revision of the CFAA expressly creating a cause of action for tethered e-book readers should be added. Such an amendment would prevent companies from attempting to contract around the CFAA. Furthermore, allowing plaintiffs to use the CFAA in e-book suits would ensure that the interpretation of contracts governing e-book purchases would not unreasonably favor the rights of the seller over those of the e-book purchaser.
Technology is always changing, and the law must stay ahead of the curve, or, at the very least, try to keep up. The Gawronski complaint and other cases show that the CFAA, much more recently developed than trespass to chattels, is much more useful to consumers of modern technology. However, even the CFAA significantly predates the advent of tethered devices such as e-book readers, and could therefore use some amending to better apply to instances like Amazon.com's Orwellian deletions and similar problems that may arise in the near future.
(1.) The Kindle Content Deletion Flap: Predictions on How Amazon.com Will Respond to the Newly-Filed Class Action, JUSTIA.COM (Aug. 3, 2009, 3:43 PM), http://blawgsearch.justia.com/blawgpost/2009/08/03/kindle-content-deletion- flap[hereinafter Content Deletion Flap].
(2.) Id.; Complaint, Gawronski v. Amazon.tom, Inc., No. C09-1084-JCC (W.D. Wash. July 30, 2009), available at http://docs.justia.com/cases/federal/districtcourts/ washington/wawdce/2:2009cv01084/161529/1/.
(3.) Complaint, supra note 2, at paras. 50-57.
(4.) See generally Sarah Boyer, Computer Fraud and Abuse Act: Abusing Federal Jurisdiction?, 6 RUTGERS. J.L. & PUB. POL'Y 661 (2009).
(5.) See, e.g., id. at 662.
(6.) Id. at 670.
(7.) See id at 662-63.
(8.) Jacqui Cheng, Disloyal Employees Are Not Hackers, Says Court, ARS TECHNICA (Sept. 18, 2009, 1:19 PM), http://arstechnica.com/tech-policy/news/2009/09/disloyalemployees-are-not- hackers-says-court.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss; United States v. Drew, 259 F.R.D. 449 (C.D. Cal. 2009).
(9.) See, e.g., Cheng, supra note 8.
(10.) Cf. Michael Seringhaus, E-Book Transactions: Amazon "Kindles" the Copy Ownership Debate, 12 YALE J.L. & TECH. 147 (2009) (conceiving of the issue as a dichotomy between e-books as sales or e-books as licenses, preferring, in the end, sales).
(11.) Kindle Wireless Reading Device, AMAZON.COM, http://www.amazon.com/KindleWireless-Reading-Display- Generation/dp/B002Y27P3M/ref=sa_menu_kdp3w3 (last visited Feb. 22, 2011); Amazon.com: Kindle Store, AMAZON.COM, http://www.amazon.com/kindlestore-ebooks-newspapers- blogs/b/ref=topnav_storetab_kinh?ie=UTF8&node=133141011 (last visited Feb. 22, 2011).
(13.) Kindle Wireless Reading Device, supra note 11.
(14.) Katie Allen, Amazon e-Book Sales Overtake Print for First Time, GUARDIAN.CO.UK (Dec. 28, 2009, 7:29 PM), http://www.guardian.co.uk/business/2009/dee/28/amazon-ebook-kindle- sales-surge.
(17.) See NOOK, BARNES & NOBLE, http://www.barnesandnoble.com/nook/index.asp (last visited Feb. 22, 2011); see also Reader, SONY, http://ebookstore.sony.com/reader/ (last visited Feb. 22, 2011).
(18.) Complaint, supra note 2, at paras. 1-2.
(19.) Id. at para. 17.
(20.) Michael D. Scott, Here Today, Gone Tomorrow ... Thanks to DRM, CYBERSPACE LAW, Sept. 2009.
(22.) See 17 U.S.C. [section] 304(a).
(23.) 17 U.S.C. [section] 504(c)(1-2).
(24.) Scott, supra note 20.
(26.) Complaint, supra note 2, at para. 84.
(27.) David Johnson, Kindle Class Action Settlement: Gawronski v. Amazon Suit Regarding Amazon.com's Removal of Orwell Works from Kindle Devices Settles, but Leaves Many Questions, DIGITAL MEDIA LAWYER BLOG (Sept. 29, 2009), http://www.digitalmedialawyerblog.com/2009/09/ gawronski_v_amazoncom_the_clas_1.html [hereinafter Johnson, Class Action Settlement]; see also Complaint, supra note 2, at para. 54; Scott, supra note 20, at para. 8.
(28.) Complaint, supra note 2, at para. 49.
(29.) Id. at paras. 50-57.
(30.) Id. at paras. 53-54.
(31.) Johnson, Class Action Settlement, supra note 27.
(37.) See, e.g., Content Deletion Flap, supra note 1.
(38.) See, e.g., id.; Complaint, supra note 2, at para. 3.
(39.) See Johnson, Class Action Settlement, supra note 27.
(40.) Scott, supra note 20.
(41.) 18 U.S.C. [section] 1030 (2006).
(42.) Boyer, supra note 4, at 665-66.
(43.) 18 U.S.C. [section] 1030(e)(2).
(44.) Id. at [section] 1030(g).
(46.) Id. at [section] 1030(e)(8), (11).
(47.) Id. at [section] 1030(e)(11).
(48.) Id. at [section] 1030(c)(4)(A)(i); [section] 1030(g).
(49.) Boyer, supra note 4, at 670.
(50.) See id.
(51.) LVRC Holdings LLC v. Brekka, 581 F.3d 1127, 1129 (9th Cir. 2009); Cheng, supra note 8.
(52.) LVRC Holdings, 581 F.3d at 1133, 1135; Cheng, supra note 8.
(53.) United States v. Drew, 259 F.R.D. 449 (C.D. Cal. 2009). Lori Drew created a false profile on the social networking website MySpace.com. Id. at 452. Pretending to be a teenage boy, Drew communicated with her daughter's classmate, Megan Meier, who had not been getting along with Drew's daughter. Id. Drew made Meier believe that the fictitious boy liked her, and then made her believe that the boy had lost interest in her by saying "the world would be a better place without her...." Id. (internal quotations omitted). Meier committed suicide shortly afterward. Id. Technically, Drew had not committed a crime other than possibly a violation of the CFAA. Id. at 451.
(54.) Id. at 451,467.
(55.) Id. at 461,465.
(56.) Complaint, supra note 2, at paras. 50-83.
(57.) See, e.g., Boyer, supra note 4, at 670-71.
(59.) Complaint, supra note 2, at paras. 51-52.
(60.) Johnson, Class Action Settlement, supra note 27.
(61.) 18 U.S.C. [section] 1030(e)(1) (2006).
(62.) Id. at [section] 1030(a)(5)(B)(i).
(63.) Complaint, supra note 2, at paras. 53-55.
(64.) 18 U.S.C. [section] 1030(e)(11).
(66.) Complaint, supra note 2, at paras. 46-49.
(67.) Id. at paras. 77-83.
(68.) WASH. REV. CODE [section] 19.86.020 (West 1961).
(69.) Peter Kafka, Amazon: We Won "t Delete Your Kindle Books Unless We Need to Delete Your Books, ALL THINGS DIGITAL (Oct. 1, 2009, 8:10 AM), http://mediamemo.allthingsd.com/20091001/amazon-we-wont-delete-your-kindle- booksunless-we-need-to-delete-your-books/?mod=ATD_sphere.
(71.) Seringhaus, supra note 10, at 150.
(72.) Id. at 160.
(73.) Id. at 149-51. Seringhaus argues that e-book transactions, though stylized as licenses, should be reinterpreted by courts as sales. Id. This issue has not gone before courts. Amazon.com would certainly prefer to keep the transactions categorized as licenses because that categorization preserves its ability to delete e-books or block users from purchased content as it deems necessary. Either way, the CFAA would still apply to Kindle transactions because the CFAA prohibits unauthorized access to the Kindle device, rather than the e-books stored on the devices.
(74.) See Shyamkrishna Balganesh, Common Law Property Metaphors on the Internet." The Real Problem with the Doctrine of Cybertrespass, 12 MICH. TELECOMM. & TECH. L. REV. 265,266-69 (2006).
(75.) Id. at 279.
(76.) Id. at 279-80.
(77.) RESTATEMENT (SECOND) OF TORTS [section] 217.
(78.) Id. at cmt. e.
(79.) Id. at [section] 218.
(80.) Id. at cmt. e.
(81.) eBay, Inc. v. Bidder's Edge, Inc., 100 F. Supp. 2d 1058 (N.D. Cal. 2000).
(82.) Id. at 1060-62.
(83.) Id. at 1062-63.
(84.) Id. at 1071-72.
(86.) See id.
(87.) Intel Corp. v. Hamidi, 71 P.3d 296, 300 (Cal. 2003).
Alicia C. Sanders, J.D., Indiana University Maurer School of Law, December 2010; B.A. in Latin and Classical Studies, Purdue University, 2008. The Author would like to thank the members of the Federal Communications Law Journal who helped prepare this Note for publication.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Rough Consensus and Running Code: Integrating Engineering Principles into the Internet Policy Debates|
|Author:||Sanders, Alicia C.|
|Publication:||Federal Communications Law Journal|
|Date:||Mar 1, 2011|
|Previous Article:||Access to media all A-Twitter: revisiting Gertz and the access to media test in the age of social networking.|
|Next Article:||Television for all: increasing television accessibility for the visually impaired through the FCC's ability to regulate video description technology.|