Printer Friendly

Restraining's Orwellian potential: the Computer Fraud and Abuse Act as consumer rights legislation.

      A.  The Amazon Kindle
      B.  The Gawronski Complaint and Settlement
      C.  Historical Background: Expansion and Restriction of
          the CFAA
      A.  Analysis of Gawronski's CFAA Claim on the Merits
      B.  Comparison of the CFAA Claim and Other Remedies
          1.  Breach of Contract and State Law
          2.  Trespass to Chattels

I. INTRODUCTION revealed a capacity for irony when it remotely deleted certain copies of George Orwell's 1984 and Animal Farm from its Kindle e-book readers in 2009. (1) In response, two users filed a class action lawsuit against (2) Among several causes of action, the plaintiffs claimed that had violated the Computer Fraud and Abuse Act of 1986 (CFAA) by causing harm to their Kindles without authorization. (3) The lawsuit is one example of the ways that the CFAA has grown since it was enacted. (4) The Gawronski lawsuit is a useful case study that shows why the expansion of the CFAA is a good thing for consumers, and why recent restrictions on the Act should not prevent lawsuits like the one Justin Gawronski brought against

In recent years, the CFAA has been criticized as too expansive. (5) What started as a law to prevent hackers from harming federal computer systems has grown to encompass behavior that is not typically considered hacking. For example, the CFAA is now commonly used in private civil claims of employers against employees who use work computers for unauthorized purposes. (6) The CFAA has strayed far from its original purpose, causing a rise in federal litigation that would not otherwise exist. (7) Recent cases that curtailed employers' remedies for disloyal employees, along with one that declined to extend criminal penalties to a breach of a website's terms of service, mark the beginning of a move toward reining in the scope of the CFAA. (8) In many areas, the new judicial restraint may be justified. (9) But the civil causes of action arising under the CFAA deter some behavior that should be curtailed, like's unauthorized deletion of e-books.

A powerful CFAA can protect consumers from one-sided licensing deals like the purchase of e-books. One of the CFAA's unique benefits over alternative causes of action, like trespass to chattels, is that it creates uniform treatment for Internet-based contracts because the federal system has greater potential for uniformity than state law. The CFAA also has the conceptual advantage of conceiving of e-book ownership as a bargained-for set of rights in a file, not as personal property in the same way that physical books are property. (10) This concept more accurately reflects the reality of the e-book market than do alternative causes of action. Instead of categorically restricting the CFAA to cover only hacking, the CFAA should continue to apply to devices like the Kindle. Any future judicial or statutory restraints on the statute should not constrain e-book purchasers' ability to use the statute to protect themselves from the licensors of e-book files. In addition, a revision of the CFAA expressly creating a cause of action for tethered e-book readers should be added.


A. The Amazon Kindle

The Amazon Kindle is a handheld wireless device that displays electronic books that have been purchased from's online Kindle Store. (11) Amazon's Whispemet, the network that tethers the e-reader to and allows downloading of e-books, is accessible from any Kindle without extra fees. (12) also created a free software download for PC that displays Kindle e-books for those who want to read e-books on a traditional computer screen. (13)

The Amazon Kindle has become one of the most popular devices in consumer electronics. (14) announced that the Kindle was its most popular gift item during the 2009 holiday season and that sales of e-books surpassed sales of traditional paper books for the first time in the few days following December 25, 2009. (15) Kindle e-book files prevent users from sharing or transferring the files in ways that violate the Amazon Kindle User Agreement. (16) The Kindle's popularity has caused several competitors to release their own e-readers, most notably the Sony Reader and the Barnes & Noble NOOK. (17) Competing models and stores operate in essentially the same way as the Kindle.

B. The Gawronski Complaint and Settlement

In July 2009, Kindle owners booted up their e-readers only to see that their copies of George Orwell's 1984 and Animal Farm had been remotely deleted from their systems. (18) Certain works of Ayn Rand went missing as well. (19) Other than providing a refund for the missing books, refused to explain the deletions, but later admitted that it had removed the e-books because of copyright problems. (20) According to a statement later made by, the particular e-books had come from Canada, where copyright protection lasts for the life of the author plus fifty years. (21) Orwell's books are public domain in Canada; however, they were still under copyright in the United States, where copyright protection lasts 95 years after the publication date for works published before 1978. (22) If the copyright owner had brought suit against, the company could have faced anywhere between $750 and $150,000 in statutory damages for each infringing work. (23) Once realized its mistake, it immediately stopped selling the e-books in its Kindle Store and retrieved the copies it had already sold. (24) employees remotely accessed the Kindles of each person who had bought the offending e-books and deleted the files, immediately reimbursing the purchase price of the book. (25)

In response, two plaintiffs, Justin Gawronski and Antoine Bruguier, brought a class action lawsuit against in the United States District Court in the Western District of Washington on July 30, 2009. (26) The plaintiffs claimed that harmed them by taking away their property--the e-book files--and also claimed that they had lost valuable electronic marginal notes (such as "remember this paragraph for your thesis"), which were useless without the corresponding files. (27) The complaint alleged that had breached its own terms of service by deleting the files. (28) The complaint also claimed trespass to chattels and a violation of the Computer Fraud and Abuse Act. (29) The plaintiffs identified three classes in the lawsuit: the Kindle Class, which includes all owners of the Kindle, Kindle 2, or Kindle DX; the Big Brother Class, which includes all individuals who had an e-book deleted by; and the Big Brother Work-Product Subclass, which includes anyone who had made marginal notes on an e-book that had deleted. (30)

A few weeks before the settlement on September 3, 2009, had announced that affected users could either replace the book with an identical copy that did not violate the Copyright Act or receive thirty dollars from (31) reached a settlement with the plaintiffs on September 25, 2009. (32) The settlement was with the two named plaintiffs only, Gawronski and Bruguier, not the entire affected class--the remaining class members therefore still have standing to sue on related grounds. (33) In the settlement, agreed to restore marginal notes for all affected users who had made notes on their previous copies of the deleted books. (34) also agreed that, for all books purchased under the original Terms of Use, which granted
   the Kindle purchaser the "non-exclusive right to keep a permanent
   copy" of each purchased Work and to "view, use and display [such
   Works] an unlimited number of times, solely on the [Devices] ...
   and solely for [the purchasers'] personal, non-commercial use," it
   will not remotely delete or modify these books from Kindle devices
   purchased or being used in the U.S. (35)

   There were, however, some exceptions to the settlement: Under the
   settlement, Amazon retains the right to continue to unilaterally
   delete books from Kindle devices if: (a) the user consents, (b) the
   user requests a refund or fails to pay for the book, (c) a judicial
   or regulatory order requires deletion, or (d) deletion or
   modification is necessary to protect the user, the Kindle device or
   Amazon's network. In addition, Amazon agreed to pay a $150,000 fee
   to the plaintiffs' counsel, which in turn agreed to "donate a
   portion of that fee to a charitable organization that promotes
   literacy, children's issues, secondary or post-secondary education,
   health or job placement." (36)

Faced with the risk of paying damages to a large class of its customers, also suffered a media backlash. (37) Blogs and news articles (and the complaint itself) pointed to the Big Brother-like deletion. (38) The invasiveness of the deletion seemed to irk Kindle users more than a simple breach of contract would have, especially since had already refunded the purchase price of the books by the time the story had attracted much attention. (39) The realization that Kindle e-books were unlike traditional paper books seemed to be sinking in; the Kindle is not a private bookshelf unreachable by the seller, but is in fact a device constantly tethered to an online seller. (40) A tethered device allows the seller much greater access to its goods than that to which many people are accustomed. Devices like the Kindle, assuming their popularity will continue as their prices drop and their availability rises, raise new legal issues for book buyers and are changing not only the way people read books, but also the way people own books. Applying the CFAA to unauthorized use of tethered devices could help regulate behavior and protect people's rights as book owners.

C. Historical Background: Expansion and Restriction of the CFAA

The Computer Fraud and Abuse Act of 1986 (41) was originally designed to impose criminal penalties on computer hackers who caused harm to federally owned computers, but the statute has been amended multiple times since 1986. (42) Today, the CFAA prohibits unauthorized access to "protected computers," which includes any computer connected to the Internet or any computer that has moved in interstate commerce. (43) Perhaps the most significant amendment to the CFAA inserted a provision that created a private cause of action in addition to the already-existing criminal penalties. (44) This private cause of action is the one used in the Gawronski suit.

A cause of action brought under the CFAA requires a showing of damage and loss. (45) Damage is "any impairment to the integrity or availability of data, a program, a system, or information," while loss includes any reasonable cost to the plaintiff, "including the cost of responding to an offense, conducting a damage assessment, and restoring" the damaged system to its prior condition. (46) Loss also can include "any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service." (47) This broad definition of loss is significant because anyone bringing a civil action may obtain damages only if he or she can show one of the following: loss of at least $5,000 per year, medical harm, physical injury, threat to public health or safety, or damage to a government computer. (48) Since the calculation of loss can include damage assessments, which are easy to incur after the fact for the sole purpose of bringing suit, this requirement is easy to meet.

The civil provisions of the CFAA have been used primarily by employers attempting to block employees and former employees from using company data to start competing companies or sell company data to competitors. (49) Many of these suits could have been handled under traditional contract law in state court, but the plaintiffs have used the CFAA as a way to move into federal court. (50) Recently, however, courts have tried to reduce the scope of the CFAA. For example, in LVRC Holdings LLC v. Brekka, the Ninth Circuit declined to hold that a former employee was acting "without authorization" when he e-mailed his employer's financial statements to his home computer and later used those statements to start a competing company. (51) According to the court, because the employee was using his own password and credentials to log in to the company computer, he was acting with authorization and could not be held liable under the CFAA. (52)

The CFAA's criminal cause of action has also been restricted as part of the general trend. The defendant in the highly publicized cyberbullying case United States v. Drew, also known as the "MySpace Mom" case, was acquitted in 2009 via a judgment notwithstanding the verdict. (53) The prosecution in Drew argued that an intentional breach of a website's user agreement, which prohibited the creation of a false profile, amounted to a criminal violation of the CFAA. (54) The court refused to extend criminal penalties to a violation of a website's terms of service, reasoning that the prosecution's theory of the case far surpassed the original purpose of the CFAA--namely, to prevent hackers from damaging computer systems. (55)

Like the prosecutors in the Drew case, the Gawronski plaintiffs were also asking a court to apply the CFAA to a defendant who is not a typical hacker. However, as a defendant caused damage that was more like the anticipated harm from a hacker than the harm Drew caused. While the CFAA has been rightly restricted in some contexts, like cyber-bullying, the restrictions need not extend to any activity that was not strictly contemplated by the original drafters of the statute. In fact, the CFAA gives some plaintiffs benefits that other causes of action do not.


The plaintiffs in Gawronski listed several causes of action in addition to the CFAA, including breach of contract, violation of a Washington consumer protection law, and trespass to chattels. (56) Critics of the modem CFAA have said that it is being used to cover too many situations, and that it amounts to an abuse of federal jurisdiction when plaintiffs use it as an excuse to get out of state court and into federal court. (57) As this Note will show, the CFAA is a useful cause of action in cases like Gawronski, more so than the other remedies available to plaintiffs.

A. Analysis of Gawronski's CFAA Claim on the Merits

First, it is important to show as a threshold matter that the plaintiffs would have been likely to succeed on their CFAA claim. In essence, would have likely lost on the merits of the CFAA cause of action because the plaintiffs could have proved that acted without authorization when it deleted the e-books. The Terms of Use guaranteeing a permanent copy would be proof of the bounds of's authorization to access users' Kindles.58 Although the plaintiffs would have had to prove that they had incurred a loss of $5,000, they (and future potential plaintiffs) could meet this requirement because the CFAA has such a broad definition for "loss." In particular, the complaint alleges the following:
   Amazon violated 18 U.S.C. [section] 1030(a)(5)(A)(i) by knowingly
   causing the transmission of a command to delete content to
   Plaintiffs' Kindles, which are protected computers as defined in 18
   U.S.C. [section] 1030(e)(2)(B) because they are used in interstate
   commerce and/or communication. By deleting content from Plaintiffs'
   Kindles by way of remote deletion, Amazon intentionally caused
   damage without authorization to Plaintiffs' Kindles.... Amazon
   violated 18 U.S.C. [section] 1030(a)(5)(A)(iii) by intentionally
   accessing Plaintiffs' Kindles, protected computers, without
   authorization, and as a result, caused damage to Plaintiffs'
   Kindles by remotely deleting content stored on them. (59) has publicly admitted to removing particular e-books from users' devices, as asserted by the plaintiffs, so the plaintiffs would have been able to prove at least that much of a CFAA claim. (60) One potential sticking point for the court may have been whether a Kindle was in fact a computer as defined in 18 U.S.C. [section] 1030(e)(1), which defines a computer as "an electronic ... device performing logical, arithmetic, or storage functions ... but such term does not include an automated typewriter or typesetter, a portable hand held calculator, or other similar device." (61) may have been able to argue, therefore, that Kindle is more like a calculator than a computer, given that it does not have a full computer's functions, but that argument likely would not have succeeded. Because Kindles are sophisticated enough to have a web browser, limited word processing functions for marginal notes, and the ability to download and store files, the Kindle is more like a computer than a calculator.

For the damages requirement, the CFAA requires plaintiffs to prove a loss of at least $5,000 to recover under the Act. (62) The plaintiffs' argument is split here between the two specific plaintiffs and two different classes of plaintiffs:
   Plaintiffs and Big Brother Class members suffered damages even
   though Amazon refunded the cost of the purchased content to
   Plaintiff and Big Brother Class members because: 1) they now have
   to replace the deleted content at a higher cost; and, 2) their
   Kindles were reduced in value by way of the deletion in that an
   electronic reading device that enables Amazon to remotely delete
   content is less valuable than one not subject to unconsented remote
   deletions of content.

      Plaintiff Gawronski and the Big Brother Work-Product Subclass
   suffered damages because they created content on their Kindles
   within the purchased content that Amazon deleted. The remote
   deletions rendered their work-product useless and worthless because
   their work-product necessarily was linked to the deleted purchased
   content. As a result, Plaintiff Gawronski and the Big Brother
   Work-Product Subclass must expend further resources and effort in
   order to recreate their now useless work-product.

      As a result of these takings, Amazon's conduct has caused a loss
   to one or more persons during any one-year period aggregating at
   least $5,000 in value in real economic damages. (63)

Loss is defined in the statute as,
   any reasonable cost to any victim, including the cost of responding
   to an offense, conducting a damage assessment, and restoring the
   data ... or information to its condition prior to the offense, and
   any revenue lost, cost incurred, or other consequential damages
   incurred because of interruption of service.... (64)

The plaintiffs and the Big Brother Class claimed damages because they had to replace the deleted content at a higher cost because, presumably, the refund is less than the purchase price they would pay at an American-owned e-store where the copyright on Orwell's work is still valid. This difference in price fits clearly within the CFAA's definition of loss, as it represents the cost incurred by restoring the data to its prior state, but the loss in value of their devices is harder to evaluate. The difference in value between a Kindle that ensures permanent copies and one that does not make that guarantee is a subjective value, or is at least difficult to determine. Recalling that only aggregate loss matters under the statute, the $5,000 threshold seems within reach for a lawsuit with such a large class. The aggregate value of the e-books would likely succeed $5,000 in purchase price alone. The marginal notes would likewise have value, even though it would be subjective and difficult to measure, but even a nominal amount spread across a class would likely reach $5,000. The Gawronski plaintiffs would have, in all likelihood, been able to make a solid prima facie case for a CFAA violation.

B. Comparison of the CFAA Claim and Other Remedies

The CFAA has several advantages over other available remedies. First, because the federal system has greater potential for uniformity than state law does, the CFAA allows for more uniform treatment of Internet-based contracts. Compared to trespass to chattels, the CFAA more accurately reflects the reality of the e-book market--the CFAA has the conceptual advantage of conceiving of e-book ownership as a bargained-for set of rights in a file, not as personal property in the form of physical books. A too-broad limitation on the CFAA would deprive plaintiffs of the remedies the CFAA affords them. A revision of the CFAA expressly creating a cause of action for Internet-based contracts, like the one has with its Kindle, should be added. Such a revision would be a suitable middle-ground that would allow for restrictions to the CFAA in areas like employment law but would preserve the protections for circumstances like those in the Gawronski complaint.

1. Breach of Contract and State Law

The Terms of Use is a contract that governs the user's rights in his or her e-books. (65) The Gawronski complaint alleged breach of contract because in the Kindle's Terms of Use, had granted Kindle users a permanent copy of their e-books. (66) Such a contract claim, without the accompanying CFAA cause of action, would have been tried in a Washington court. The breach of contract claim, whether in state or federal court, would likely have had the same result. Because the language in the Terms of Use did not provide a right to delete purchased books from the devices,'s conduct amounted to a breach of contract. Both federal and state courts would have come to the same conclusion.

Expecting users to resolve their disputes regarding Internet contracts for e-books in state court creates the problem of lack of predictability. Uniformity is one advantage that the CFAA lends to lawsuits related to e-book readers. Because the CFAA allows plaintiffs who have a dispute involving unauthorized access to their computers to move into federal court, the CFAA makes it easier for both users and companies who sell tethered devices to understand the rules of their dealings. Specifically, the CFAA could provide a clear, uniform rule that no unauthorized access would be permitted to any tethered device. Such a federal law would prevent the company from taking advantage of any specialized state rules that may be difficult for an individual user to discover--for example, a state rule that inferred authorization so long as the users were compensated for a deleted file. That type of state rule, if given time to develop in a particular jurisdiction, could add a hidden term into an otherwise transparent contract. The problem would be complicated if there were many different e-book stores online, so that a user could potentially be agreeing to contracts governed by several different state contract laws. While such a system would still be workable, having a strong federal rule governing Internet transactions makes it easier for an Internet user to understand exactly what laws apply to a transaction. Admittedly, circuit splits could cause unpredictability, but not to as great an extent as with state law. In any event, plaintiffs could move into federal court anyway using diversity jurisdiction, since most users would not live in the same states as the companies. For Internet contracts especially, then, federal laws may be the best way to regulate companies' behavior.

The same reasoning applies to the cause of action for violation of Washington state law.67 The Gawronski complaint alleges a violation of the Washington Consumer Protection Act (CPA), which provides that " [u]nfair methods of competition and unfair or deceptive acts or practices in the conduct of any trade or commerce are.., unlawful."68 The existence of such a law is not guaranteed in all jurisdictions, and a company might draft its contract so as to be governed by the laws of a less consumer-friendly state. The availability of a federal cause of action ensures that an Internet user has a better idea of what remedies are available to him or her. The user will be able to draw upon various state remedies, but no matter what, the federal law will still apply and be available as well.

Of course, the CFAA is effective in preventing abuse by e-book companies and other companies that offer tethered devices only to the extent that accessing and deleting files on the tethered devices is unauthorized by the contract. In the Gawronski case,'s Terms of Use unambiguously offered a permanent copy. But there is nothing that prevents or other tethered-device companies from contracting around the problem in the future. Although has since announced that it will not delete e-books in the same manner again, it has reserved the right to delete e-books if it deems the deletion necessary to protect its network. (69)

Essentially,'s promise not to delete e-books from users' Kindles applies only to circumstances similar to those in the Gawronski case. In its settlement, reserved its right to delete e-books if it deems the deletion necessary. (70) Furthermore, can change its Terms of Use in the future to allow deletion of e-books that have copyright problems, as could other competing companies like Barnes & Noble. As a result, the CFAA's main weakness in the e-book reader scenario is that companies can easily draft contracts around the problem by writing express authorization into the contracts. To the consumer, purchasing an e-book seems to be largely the same experience as purchasing a physical book; the final product--certain words on a page or screen--is the same regardless of how it is displayed. But purchasing e-books in an online store is different from buying physical books at a store. In a physical bookstore, there is no written contract, only an oral agreement at the point of sale. Consumer rights in that book are governed by the UCC and federal copyright law. (71) Most stores allow returns, and the likelihood of litigation is very low. Furthermore, owners of physical books are able to resell their books in a secondary market under the "first sale" doctrine. (72) In contrast, Kindle customers are not owners of books at all, but licensees bound by the Kindle Terms of Use. (73) Most Internet users do not read the full terms of use in online contracts, even though those agreements are, for the most part, binding. Because the user is less likely to read and understand the contract, it is easy for companies to draft the contracts in ways unduly favorable to them. Many companies, when drafting the contracts, have the ability to select and designate a venue or governing state rules that the user is not in any position to bargain for or against.

This Note proposes that the CFAA should be expanded in part, especially if it is curtailed in other areas, like employer-employee disputes. For example, Congress could add a definition for tethered devices so that it includes devices like the Kindle and the NOOK. The amendment could simultaneously create a separate cause of action for deleting files contained on the device without express consent. The CFAA could require renewed consent for each file and ban a blanket authorization by contract.

Such an amendment to the statute would have certain advantages. Most important, it would protect users' property rights in their e-books. Cementing property rights in an electronic medium is especially important because most electronic media are dispensed over the Internet by large companies like A typical Internet user has almost no bargaining power compared to or Barnes & Noble. It would be all too easy for large, web-based companies to create a "Big Brother" custom where books can be deleted at the whim of the sellers, so long as such a blanket provision was in their terms of service. Preempting the dangers of new technology is in the spirit of the original CFAA, which was created because of fears related to computer hackers. Today, people might more likely be afraid of the abuses of powerful companies.

This dystopian possibility is real enough in consumers' eyes, hence the media backlash from's actions. If had accidentally sold a different, less dystopian book--say, a Harlequin romance--without the proper copyright permission and then deleted it, there is a significant chance that the deletion would not have made news at all. had compensated the users, after all, and the most loss any person experienced was missing marginal notes. The unlucky coincidence that it was George Orwell's work that was deleted touched on a raw nerve that elevated the problem from economics to a matter of principle.

2. Trespass to Chattels

The increasing use of computers in the 1990s led to an expansion of the common law doctrine of trespass to chattels to create civil liability for causing harm through unauthorized use of computers. (74) Originally, trespass to chattels (commonly known as "conversion's little brother") was an infrequently used doctrine that provided a remedy for interference with chattels that caused harm, but not enough harm to constitute conversion. (75) Unlike trespass to real property, a prima facie case for trespass to chattels requires actual harm to the chattel; unlike conversion, a person liable for trespass to chattels owes only actual damages, not the full value of the chattel. (76)

To prove a trespass to chattels case, the plaintiff must show that the defendant intentionally dispossessed another person of the chattel, or used or intermeddled with a chattel in another's possession. (77) "Intermeddling" means intentionally causing physical contact. (78) The plaintiff must prove that he or she suffered damage because of one of the following: the plaintiff was dispossessed of the chattel; the chattel's condition, quality, or value was impaired; the plaintiff was deprived of the use of the chattel for a substantial time period; or the plaintiff suffered bodily harm or harm to some person or thing in which the plaintiff has a legally protected interest. (79) Finally, the intermeddling must be more than nominal. (80)

The elements of a trespass to chattels claim as applied to computers began to change with the case eBay, Inc. v. Bidder's Edge, Inc., in which the court considered the risk of future potential harm when analyzing the severity of the intermeddling. (81) Defendant Bidder's Edge was using a software robot to continuously search eBay to populate an auction aggregation site. (82) eBay asked Bidder's Edge to stop the continuous searching, and eBay also attempted to block the robots, but Bidder's Edge used proxy servers to bypass the IP address blocks, (83) Bidder's Edge is significant for two reasons: first, the court found that although websites are open to the public, Bidder's Edge acted without authorization because eBay's physical servers were private property---chattels--with which Bidder's Edge had interfered; and second, the court found that Bidder's Edge had proximately damaged eBay's chattels by using some of the server's resources as bandwidth, (84) The court admitted that Bidder's Edge did not harm or noticeably slow eBay's system, but more than nominal damage would have occurred if other companies had decided to join Bidder's Edge in continually crawling eBay's website. (85) This holding expanded the common law trespass to chattels doctrine because now nominal damage was sufficient, so long as the plaintiff could invoke the fear of encouraging others to copy the defendant,s6 Because the court considered possible future harm, the threshold for damage in trespass to chattels cases was, by that time, almost nonexistent.

This low threshold for damage allowed the Gawronski plaintiffs to add trespass to chattels as one of their causes of action. Even if they could not prove later on that they had suffered $5,000 worth of damage--as required to recover under the CFAA--they could at least advance a trespass theory. Furthermore, there is a possibility that trespass to chattels as redefined in Bidder's Edge could include more than just the value of the single missing e-book and the loss of the marginal notes. The future potential harm calculation from Bidder's Edge could give plaintiffs more than actual damages; it could include the value of loss from future potential deletions. However, this extra benefit is unlikely because the Gawronski facts are based on a loss of a particular file, not from use of system resources.

The tort case for the Gawronski plaintiffs would likely succeed. The plaintiffs could easily prove that intentionally dispossessed the plaintiffs of the chattel (the e-book). Under that theory, though, the status of the marginal notes is not as certain as it would be under a breach of contract or a CFAA claim. The value of the marginal notes could be either a user modification to the e-book that increased the chattel's value, or it could be a separate chattel all on its own as a separate user file. Under the latter theory, the marginal notes would have been "intermeddled with" rather than dispossessed, because the notes remained on the Kindle but were useless without context. Either way, the plaintiffs likely could establish a prima facie case for trespass to chattels.

Trespass to chattels as a remedy for unauthorized deletions from a tethered device is susceptible to the same problems as state-based contract claims. The common law nature of tort remedies means that different jurisdictions may treat trespass to chattels differently. One court may decide that the common law requirement of actual damage to a device should apply to tethered devices. How much damage must be done to a device, and what exactly constitutes damage, are also variables subject to reinterpretation by state courts. For example, one court could reasonably hold that deletion of a single file with immediate, reasonable compensation is merely nominal damage, while another could reasonably conclude that the same action is actual damage to a chattel. The distinction could turn on what exactly the court determines to be the chattel. If the chattel is the device, then a compensated deletion could seem minor, but if the chattel is determined to be the e-book file itself, then the damage seems more significant. There could be uncertainties in a single jurisdiction where the issue has not been decided, and also uncertainties between jurisdictions when an Internet user does not have the resources or bargaining power to predict or control the eventual venue of a dispute.

As discussed above, a further amendment to the CFAA that expands the statute to explicitly cover tethered devices like e-readers would bring the statute more in line with current technology. The CFAA was not designed with Kindles or other tethered devices in mind, but fixing an outdated statute by amending it to cover new technology seems a better solution than stripping the CFAA of its current uses and focusing solely on hacking. While hacking remains a concern, new technology has emerged such that consumer rights are now a matter pressing on the public's consciousness. An expanded statute would be able to better protect consumers who face technologies that offer limited rights in media.

Similarly, trespass to chattels was designed to cover personal property before computer files existed, so its underlying rationale does not necessarily apply to virtual property. Courts' reinterpretation of the old doctrine, as in Bidder's Edge, shows that new technology has changed the meaning of chattel. Or, more accurately, courts have changed the doctrine to remedy inequities for which there was no appropriate modern relief. Rather than twisting an almost-forgotten tort to protect consumers of a new device, amending the CFAA is a better, more thoughtful response because drafting legislation gives Congress more control over how the law will be applied. Allowing new doctrines to develop in the common law could lead to different results in different jurisdictions. A differing jurisdictional approach has little to do with the average Internet user's expectations that the law will apply similarly to contracts with and with Barnes & Noble.

Significantly, the CFAA has a conceptual advantage over trespass to chattels, because it better mirrors how the market currently treats e-books. This is because trespass to chattels does not quite conceptually fit what is happening when someone accesses a computer without authorization and deletes a file. Trespass to chattels, as mentioned, requires the chattel itself to be harmed, and it is not even clear whether a file will be considered a chattel--as a physical book would be. Intel Corporation v. Hamidi made it clear that harm to a particular chattel is required for the tort. (87) In Hamidi, the harm a former employee did to a company was harm to the company, not to the physical computers.88 In the context of e-books, the only thing that is inarguably a chattel is the device itself, not the file. Deleting a file does not necessarily physically damage a computer.

The problem with what did to its Kindle users was that it accessed the Kindles and changed content without the users' consent. The concept behind the CFAA is that two parties assign each other a set of permissions, and the parties must abide by those permissions. Any unauthorized access that does enough harm may give rise to a civil cause of action. The key is that the CFAA treats e-books as a nexus of different rights: the company reserves the right to remove the e-book if it is not paid for, and the user retains the right to a permanent copy so long as it is paid for. Users may think of the books as their "personal property" in the same way that they may think of books on their shelves as personal property, thus subject to the doctrine of trespass to chattels. But tethered devices are sui generis because they operate by giving users permission to view a file, not by actually allowing a user to physically possess the product.

The "permissions" treatment of e-books under the CFAA is more in line with the legal landscape of e-books. This parallel makes the CFAA a useful remedy because it conceptually fits the problem. While the Gawronski plaintiffs certainly had a strong chance of succeeding on a trespass to chattels claim, the CFAA more accurately reflects the legal status of e-books. Any revision of the CFAA should explicitly account for e-books as something valuable to protect.


Although the dispute quickly settled, the Gawronski lawsuit remains a useful case study that shows why applying the CFAA to situations involving e-books is important to protect consumers. It is enlightening to examine this case because the CFAA has been criticized as too expansive. The original intent of the CFAA was to prevent hackers from harming federal computer systems, but now it is applied to many different situations, including employment suits. Recently, courts have begun to restrict the CFAA to return the statute to its original purpose--but courts should be careful not to go too far. If the CFAA were appropriately amended, it could not only avoid such restrictive intrepretations by courts, but it also has the potential to protect consumers from one-sided licensing deals like those found in the current e-books market.

As it currently exists, the CFAA provides several advantages to consumers that other causes of action do not. First, the CFAA provides a way for consumers to access federal courts, which can ensure a more uniform treatment of Internet-based contracts than does state law. The CFAA also has the conceptual advantage of conceiving of e-book ownership as a bargained-for set of rights in a file, not personal property in the same way that physical books are property. This concept more accurately reflects the reality of the e-book market than common law approaches.

To take further advantage of these benefits, a revision of the CFAA expressly creating a cause of action for tethered e-book readers should be added. Such an amendment would prevent companies from attempting to contract around the CFAA. Furthermore, allowing plaintiffs to use the CFAA in e-book suits would ensure that the interpretation of contracts governing e-book purchases would not unreasonably favor the rights of the seller over those of the e-book purchaser.

Technology is always changing, and the law must stay ahead of the curve, or, at the very least, try to keep up. The Gawronski complaint and other cases show that the CFAA, much more recently developed than trespass to chattels, is much more useful to consumers of modern technology. However, even the CFAA significantly predates the advent of tethered devices such as e-book readers, and could therefore use some amending to better apply to instances like's Orwellian deletions and similar problems that may arise in the near future.

(1.) The Kindle Content Deletion Flap: Predictions on How Will Respond to the Newly-Filed Class Action, JUSTIA.COM (Aug. 3, 2009, 3:43 PM), flap[hereinafter Content Deletion Flap].

(2.) Id.; Complaint, Gawronski v. Amazon.tom, Inc., No. C09-1084-JCC (W.D. Wash. July 30, 2009), available at washington/wawdce/2:2009cv01084/161529/1/.

(3.) Complaint, supra note 2, at paras. 50-57.

(4.) See generally Sarah Boyer, Computer Fraud and Abuse Act: Abusing Federal Jurisdiction?, 6 RUTGERS. J.L. & PUB. POL'Y 661 (2009).

(5.) See, e.g., id. at 662.

(6.) Id. at 670.

(7.) See id at 662-63.

(8.) Jacqui Cheng, Disloyal Employees Are Not Hackers, Says Court, ARS TECHNICA (Sept. 18, 2009, 1:19 PM), hackers-says-court.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss; United States v. Drew, 259 F.R.D. 449 (C.D. Cal. 2009).

(9.) See, e.g., Cheng, supra note 8.

(10.) Cf. Michael Seringhaus, E-Book Transactions: Amazon "Kindles" the Copy Ownership Debate, 12 YALE J.L. & TECH. 147 (2009) (conceiving of the issue as a dichotomy between e-books as sales or e-books as licenses, preferring, in the end, sales).

(11.) Kindle Wireless Reading Device, AMAZON.COM, Generation/dp/B002Y27P3M/ref=sa_menu_kdp3w3 (last visited Feb. 22, 2011); Kindle Store, AMAZON.COM, blogs/b/ref=topnav_storetab_kinh?ie=UTF8&node=133141011 (last visited Feb. 22, 2011).

(12.) See Kindle (Latest Generation) License Agreement and Terms of Use, AMAZON.COM, (last visited Feb. 22, 2011).

(13.) Kindle Wireless Reading Device, supra note 11.

(14.) Katie Allen, Amazon e-Book Sales Overtake Print for First Time, GUARDIAN.CO.UK (Dec. 28, 2009, 7:29 PM), sales-surge.

(15.) Id.

(16.) Amazon Kindle: License Agreement and Terms of Use, AMAZON.COM, (last visited Feb. 22, 2011) [hereinafter Terms of Use].

(17.) See NOOK, BARNES & NOBLE, (last visited Feb. 22, 2011); see also Reader, SONY, (last visited Feb. 22, 2011).

(18.) Complaint, supra note 2, at paras. 1-2.

(19.) Id. at para. 17.

(20.) Michael D. Scott, Here Today, Gone Tomorrow ... Thanks to DRM, CYBERSPACE LAW, Sept. 2009.

(21.) Id.

(22.) See 17 U.S.C. [section] 304(a).

(23.) 17 U.S.C. [section] 504(c)(1-2).

(24.) Scott, supra note 20.

(25.) Id.

(26.) Complaint, supra note 2, at para. 84.

(27.) David Johnson, Kindle Class Action Settlement: Gawronski v. Amazon Suit Regarding's Removal of Orwell Works from Kindle Devices Settles, but Leaves Many Questions, DIGITAL MEDIA LAWYER BLOG (Sept. 29, 2009), gawronski_v_amazoncom_the_clas_1.html [hereinafter Johnson, Class Action Settlement]; see also Complaint, supra note 2, at para. 54; Scott, supra note 20, at para. 8.

(28.) Complaint, supra note 2, at para. 49.

(29.) Id. at paras. 50-57.

(30.) Id. at paras. 53-54.

(31.) Johnson, Class Action Settlement, supra note 27.

(32.) Id.

(33.) Id.

(34.) Id.

(35.) Id. (quoting Terms of Use, supra note 16).

(36.) Id. (quoting Terms of Use, supra note 16).

(37.) See, e.g., Content Deletion Flap, supra note 1.

(38.) See, e.g., id.; Complaint, supra note 2, at para. 3.

(39.) See Johnson, Class Action Settlement, supra note 27.

(40.) Scott, supra note 20.

(41.) 18 U.S.C. [section] 1030 (2006).

(42.) Boyer, supra note 4, at 665-66.

(43.) 18 U.S.C. [section] 1030(e)(2).

(44.) Id. at [section] 1030(g).

(45.) Id.

(46.) Id. at [section] 1030(e)(8), (11).

(47.) Id. at [section] 1030(e)(11).

(48.) Id. at [section] 1030(c)(4)(A)(i); [section] 1030(g).

(49.) Boyer, supra note 4, at 670.

(50.) See id.

(51.) LVRC Holdings LLC v. Brekka, 581 F.3d 1127, 1129 (9th Cir. 2009); Cheng, supra note 8.

(52.) LVRC Holdings, 581 F.3d at 1133, 1135; Cheng, supra note 8.

(53.) United States v. Drew, 259 F.R.D. 449 (C.D. Cal. 2009). Lori Drew created a false profile on the social networking website Id. at 452. Pretending to be a teenage boy, Drew communicated with her daughter's classmate, Megan Meier, who had not been getting along with Drew's daughter. Id. Drew made Meier believe that the fictitious boy liked her, and then made her believe that the boy had lost interest in her by saying "the world would be a better place without her...." Id. (internal quotations omitted). Meier committed suicide shortly afterward. Id. Technically, Drew had not committed a crime other than possibly a violation of the CFAA. Id. at 451.

(54.) Id. at 451,467.

(55.) Id. at 461,465.

(56.) Complaint, supra note 2, at paras. 50-83.

(57.) See, e.g., Boyer, supra note 4, at 670-71.

(58.) Terms of Use, supra note 16.

(59.) Complaint, supra note 2, at paras. 51-52.

(60.) Johnson, Class Action Settlement, supra note 27.

(61.) 18 U.S.C. [section] 1030(e)(1) (2006).

(62.) Id. at [section] 1030(a)(5)(B)(i).

(63.) Complaint, supra note 2, at paras. 53-55.

(64.) 18 U.S.C. [section] 1030(e)(11).

(65.) Terms of Use, supra note 16.

(66.) Complaint, supra note 2, at paras. 46-49.

(67.) Id. at paras. 77-83.

(68.) WASH. REV. CODE [section] 19.86.020 (West 1961).

(69.) Peter Kafka, Amazon: We Won "t Delete Your Kindle Books Unless We Need to Delete Your Books, ALL THINGS DIGITAL (Oct. 1, 2009, 8:10 AM), booksunless-we-need-to-delete-your-books/?mod=ATD_sphere.

(70.) Johnson, Class Action Settlement, supra note 27 (citing Terms of Use, supra note 16).

(71.) Seringhaus, supra note 10, at 150.

(72.) Id. at 160.

(73.) Id. at 149-51. Seringhaus argues that e-book transactions, though stylized as licenses, should be reinterpreted by courts as sales. Id. This issue has not gone before courts. would certainly prefer to keep the transactions categorized as licenses because that categorization preserves its ability to delete e-books or block users from purchased content as it deems necessary. Either way, the CFAA would still apply to Kindle transactions because the CFAA prohibits unauthorized access to the Kindle device, rather than the e-books stored on the devices.

(74.) See Shyamkrishna Balganesh, Common Law Property Metaphors on the Internet." The Real Problem with the Doctrine of Cybertrespass, 12 MICH. TELECOMM. & TECH. L. REV. 265,266-69 (2006).

(75.) Id. at 279.

(76.) Id. at 279-80.

(77.) RESTATEMENT (SECOND) OF TORTS [section] 217.

(78.) Id. at cmt. e.

(79.) Id. at [section] 218.

(80.) Id. at cmt. e.

(81.) eBay, Inc. v. Bidder's Edge, Inc., 100 F. Supp. 2d 1058 (N.D. Cal. 2000).

(82.) Id. at 1060-62.

(83.) Id. at 1062-63.

(84.) Id. at 1071-72.

(85.) Id.

(86.) See id.

(87.) Intel Corp. v. Hamidi, 71 P.3d 296, 300 (Cal. 2003).

(88.) Id.

Alicia C. Sanders, J.D., Indiana University Maurer School of Law, December 2010; B.A. in Latin and Classical Studies, Purdue University, 2008. The Author would like to thank the members of the Federal Communications Law Journal who helped prepare this Note for publication.
COPYRIGHT 2011 Federal Communications Law Journal
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2011 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Rough Consensus and Running Code: Integrating Engineering Principles into the Internet Policy Debates
Author:Sanders, Alicia C.
Publication:Federal Communications Law Journal
Date:Mar 1, 2011
Previous Article:Access to media all A-Twitter: revisiting Gertz and the access to media test in the age of social networking.
Next Article:Television for all: increasing television accessibility for the visually impaired through the FCC's ability to regulate video description technology.

Terms of use | Privacy policy | Copyright © 2018 Farlex, Inc. | Feedback | For webmasters