Sunday, February 21, 2016

The Software, County Land Records and the Computer Fraud and Abuse Act

This post examines an opinion the U.S. Court of Appeals for the 7th Circuit issued recently in a civil case:  Fidlar Technologies v. LPS Real Estate Data Solutions, Inc., 2016 WL 258632 (2016).  The Court of Appeals begins the opinion by explaining that
Fidlar Technologies (`Fidlar’) brings this action against LPS Real Estate Data Solutions, Inc. (`LPS’) for violations of the Computer Fraud and Abuse Act (`CFAA’) and the Illinois Computer CrimePrevention Law (`CCPL’). Fidlar claims LPS improperly downloaded county land records provided through Fidlar's services. The district court granted summary judgment in favor of LPS. It held that Fidlar failed to show that LPS acted with intent to defraud under CFAA § 1030(a)(4) or that LPS caused `damage’ under § 1030(a)(5)(A). The court also rejected Fidlar's argument that LPS knew or had reason to know that it might cause loss as required by the CCPL. For the following reasons, we affirm.
Fidlar Technologies v. LPS Real Estate Data Solutions, Inc., supra.
As courts usually do, the Court of Appeals began the substantive part of its opinion by explaining how, and why, the lawsuit arose:
Fidlar is a technology company that develops software for county offices to manage public land records. Fidlar's software allows counties to digitize and index land records. Fidlar licenses its software to the counties, and the individual counties contract with users who want access to these land records.

One of Fidlar's software products, Laredo, provides users with remote internet access to county records. The `Laredo system,’ as Fidlar describes it, consists of three components: the county databases, the `Laredo client’ (or just `the client’), and the `middle tier.’ The county databases store county land records and index data. The `Laredo client’ is a user-interface that allows users to remotely access these land records and related data. Finally, the `middle tier’ facilitates the communication between the Laredo client and a specific county database. Fidlar offers its county customers the option of whether to host the county database and middle tier components on the county's own servers or on Fidlar's servers. The client is stored on the user's own computer.

In order to use the client, a user must accept Fidlar's End–User License Agreement (`EULA’). In relevant part, the EULA provides that a user may `use . . . any portion of the software for any purpose,’ but it also provides that a user may `not . . . copy the software covered by this Agreement in any manner.’ Importantly, the EULA specifies that it does not grant access to any county information. The authority to grant access to records remains with the relevant county.

When a user inputs a record search into the Laredo client, the client sends a request to the middle tier via the internet. The middle tier then retrieves the appropriate record from the county database and `streams’ this record to the user through the Laredo client. In other words, the user can view an image of the record in the client, but cannot download or save it for later viewing. However, the client gives the user an option to `print’ an image of the record, either on paper or to a PDF file.

The client communicates with the middle tier through a technology called Simple Object Access Protocol (`SOAP calls’). The Laredo client sends SOAP calls unencrypted over the internet. In order to access a particular record, the client generates the appropriate SOAP call and sends it to the middle tier. After analyzing the SOAP call, the middle tier retrieves the matching record and sends it back to the client for viewing. Each Laredo user has a unique username and password for each county with which it has an agreement. Accordingly, each SOAP call is coded with a corresponding unique identifier.
Fidlar Technologies v. LPS Real Estate Data Solutions, Inc., supra.
The opinion followed the general information outlined above with a recitation of the facts and events that led to the litigation:
Fidlar tracks access to county records in order to facilitate billing by the individual counties. Each county develops its own subscription plan for access to its records. All the subscription plans charge a monthly fee set by the county based on time spent accessing records. Some—but not all—counties also charge a separate `print fee’ (or `copy fee’) for each record a user prints using the client. Fidlar also uses SOAP calls to track access and printing. For example, if a user prints a record from the client, the client generates and sends a SOAP call of the print request to the middle tier where it is logged for billing purposes.

LPS is a real estate data analytics company that used Laredo to gather real property data. LPS's business requires a continuous acquisition of land records and data. It currently has agreements for access to public land records with approximately 2,600 counties nationwide. However, LPS is not interested in the land records themselves, but rather the data in these records.

To further its data collection efforts, in 2010, LPS contracted with 82 of Fidlar's county customers to gain access to their land records. For each of these 82 counties, LPS agreed to pay the monthly fee for unlimited access to the county's records. For those counties that charged separate print fees, LPS's unlimited subscription did not include printing—if LPS printed a record from the client, it was still charged the applicable print fee. Fidlar was not a party to any of the contracts between LPS and the individual counties.

In 2011, LPS designed a `web-harvester,’ a computer program to download county records en masse. To create the web-harvester, LPS ran a number of standard record searches and used a `traffic analyzer’ to view the SOAP calls sent from the client to the middle tier. LPS then identified the SOAP calls necessary to retrieve records and developed its own client, the web-harvester, to emulate those SOAP calls and send them to the middle tier. LPS's web-harvester only sent the SOAP calls necessary to retrieve records; it did not send other SOAP calls, such as those that track a user's activity. But every SOAP call did include LPS's unique identifier assigned by each county.

Like the Laredo client, the web-harvester allowed LPS to search for and retrieve any record from the county databases it subscribed to. However, LPS's web-harvester had three major differences from Fidlar's Laredo client. First, the web-harvester allowed LPS to acquire records en masse rather than viewing or printing them one at a time. Second, the web-harvester allowed LPS to download or save records, an option not available in the Laredo client. Third, LPS's web-harvester did not send any tracking data at all and did not register any print fees, even if LPS downloaded or saved a record.

LPS used its web-harvester to obtain a large number of records from the 82 county databases it subscribed to over approximately two years. It downloaded the records in bulk onto its computers and then sent the records to India. There, select data from the records were `keyed,’ or entered, into LPS's database. Throughout this period, LPS continued to pay for unlimited subscriptions in all 82 counties but did not incur (or pay) print fees for all of the records it acquired through its web-harvester. Indeed, essentially none of LPS's activities were tracked during this period. Nonetheless, LPS's web-harvester did not disrupt Fidlar's services to other users or alter any content in the middle tier or county databases.

In 2012, Fidlar received a message from one of its county customers noting that LPS was paying subscription fees but was not logging any time used. In early 2013, Fidlar decided to investigate LPS. Based on server logs, Fidlar concluded that LPS was using a web-harvester instead of the Laredo client to obtain records.
Fidlar Technologies v. LPS Real Estate Data Solutions, Inc., supra.
And that brings us to the suit:
On March 11, 2013, Fidlar filed this action in the Central District of Illinois alleging violations of the Computer Fraud and Abuse Act [CFAA] and the Illinois Computer Crime Prevention Law, as well as trespass to chattels. LPS moved to dismiss, filed a counterclaim, and requested a TRO and preliminary injunction to prevent Fidlar from reporting LPS's activities to the counties and from upgrading Laredo to prevent web-harvesting. The district court denied LPS's motion to dismiss and its requests for injunctive relief. On December 1, 2014, LPS moved for summary judgment on all of Fidlar's claims. On March 5, 2015, the district court granted LPS's motion for summary judgment and dismissed LPS's counterclaim as moot. Fidlar appeals.
Fidlar Technologies v. LPS Real Estate Data Solutions, Inc., supra.
The Court of Appeals went on to explain that
[w]e review a district court's grant of summary judgment de novoBunn v. Khoury Enters., Inc., 753 F.3d 676 (U.S. Court of Appeals for the 7th Circuit 2014). Summary judgment is appropriate if there is no genuine dispute of material fact and the nonmoving party is entitled to judgment as a matter of law. Id. A `material fact’ is one that affects the outcome of the suit. Id. A `genuine issue’ exists as to any material fact when `the evidence is such that a reasonable jury could return a verdict for the nonmoving party.’  Bunn v. Khoury Enters., Inc., supra. In determining whether a genuine dispute of material fact exists, we view the record in the light most favorable to the nonmoving party, drawing reasonable inferences in the nonmovant's favor. Bunn v. Khoury Enters., Inc., supra.
Fidlar Technologies v. LPS Real Estate Data Solutions, Inc., supra.
The Court of Appeals began its analysis of LPS’ motion for summary judgment by explaining that
The CFAA, 18 U.S. Code § 1030, is primarily a criminal anti-hacking statute. However, § 1030(g) provides a civil remedy for any person who suffers damage or loss due to a violation of § 1030. § 1030(g). The district court held that Fidlar failed to demonstrate a violation of § 1030. On appeal, Fidlar argues that LPS violated § 1030(a)(4) and § 1030(a)(5)(A). We review each of these arguments in turn.
Fidlar Technologies v. LPS Real Estate Data Solutions, Inc., supra.
The Court of Appeals began its analysis with the issue of intent, noting that
18 U.S. Code § 1030(a)(4) punishes anyone who:
`[K]nowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value. . . .’
Fidlar Technologies v. LPS Real Estate Data Solutions, Inc., supra (emphasis in the original).
The Court of Appeals went on to explain that the District Court held that
no reasonable jury could find that LPS acted with intent to defraud. Fidlar maintains that LPS's use of its web-harvester constituted an intentional scheme to avoid paying print fees, thus defrauding the counties.

Although this Court has not previously examined this element of § 1030, we have explained that in similar statutes `intent to defraud means that the defendant acted willfully and with specific intent to deceive or cheat, usually for the purpose of getting financial gain for himself or causing financial loss to another.’ United States v. Pust, 798 F.3d 597 (7th Cir.2015) (quoting United States v. Paneras, 222 F.3d 406 (7th Circuit 2000)). . . . Because direct evidence of intent is often unavailable, intent to defraud `may be established by circumstantial evidence and by inferences drawn from examining the scheme itself which demonstrate that the scheme was reasonably calculated to deceive persons of ordinary prudence and comprehension.’ United States v. Pust, supra.

Additionally, the legislative history of § 1030(a)(4) indicates that Congress intended for this provision to reach cases of computer theft. S.Rep. No. 99–432, at 9, reprintedin 1986 U.S.C.C.A.N. 2479, 2486–87 (`The new subsection 1030(a)(4) to be created by this bill is designed to penalize thefts of property via computer that occur as part of a scheme to defraud’). The intent to defraud element is meant to distinguish computer theft from mere trespass. Id. at 10 (`[T]here must be a clear distinction between computer theft, punishable as a felony, and computer trespass, punishable in the first instance as a misdemeanor. The element in the new paragraph (a)(4), requiring a showing of an intent to defraud, is meant to preserve that distinction. . . .’).
Fidlar Technologies v. LPS Real Estate Data Solutions, Inc., supra.
The Court of Appeals then began its analysis of the intent issue, noting, initially, that
this is not a case of theft. It is undisputed that LPS had authority to access the county records as a general matter, the question is whether the way in which it did so violated the statute.

Nonetheless, appealing to the broad nature of § 1030(a)(4)'s language, Fidlar argues that LPS's conduct supports an inference of an intent to defraud. By using its web-harvester, LPS obtained county records at no additional cost. Moreover, LPS knew that printing records through the client resulted in an additional fee in some counties. And LPS received invoices that did not reflect any downloads it made using its web-harvester, suggesting that LPS was aware that Fidlar and the counties were not tracking its activities. Assuming that LPS otherwise would have paid a print fee for the records it downloaded, LPS's web-harvester allowed it to avoid paying these fees. Therefore, Fidlar contends that LPS's `scheme’ appears consistent with an intent to defraud.

By contrast, LPS argues that its conduct is consistent with a legitimate, non-fraudulent intent. By using its web-harvester, LPS rapidly acquired records en masse, something it could not do with the Laredo client, even if it paid print fees. In other words, LPS could have been driven by a need to access documents more quickly, and not by an intent to defraud the counties by avoiding print fees. Indeed, if LPS just wanted to avoid print fees, it could have done so through simpler means such as copying the salient data by hand, taking pictures of the records on its computer screens with a digital camera, or simply keying the data directly from the Laredo client. Hence, LPS contends that its intent was to engage in efficient and legitimate business practices, not to `deceive or cheat’ the counties. United States v. Pust, supra.

Examining the `scheme’ itself, we conclude that no reasonable juror could infer that LPS had an intent to defraud. In other words, LPS's conduct was not `reasonably calculated to deceive persons of ordinary prudence and comprehension.’ United States v. Pust, supra.  First, LPS used its web-harvester even in those counties that did not charge a print fee. If LPS's intent was to evade print fees, it would have only used its web-harvester in counties that did charge print fees. The fact that LPS used its web-harvester in all counties suggests that its goal was to accelerate its data acquisition efforts. Second, LPS continued to pay for unlimited subscriptions in all 82 counties, even though it was not logging any time by using its web-harvester. If LPS intended to defraud the counties, it could have selected a limited subscription for less money. Third, LPS did not conceal its use of a web-harvester.  In fact, each of LPS's SOAP requests contained its unique identifier. As a result, no reasonable jury could conclude that LPS had the requisite intent to defraud based only on the scheme itself.

Moreover, Fidlar failed to present sufficient circumstantial evidence from which a reasonable jury could conclude that LPS intended to commit fraud, or even that LPS knew its actions were fraudulent. LPS maintains that it honestly believed that its conduct was permissible under the county agreements. Fidlar cannot demonstrate that LPS intended to commit fraud without evidence that LPS knew that its conduct was fraudulent. See United States v. Pust, supra (considering whether the defendant knew `the fraudulent nature of the scheme’ in assessing intent to defraud).

None of the circumstantial evidence, including the testimony of LPS employees, the agreements governing LPS's access to county records, and the Laredo technology itself, undermines LPS's claim that it believed it could permissibly download records through its web-harvester without paying print fees. First, LPS presented testimony from its employees indicating that they believed that although printing a record resulted in a fee, downloading a record did not. For example, LPS's former Senior Vice President Erick Marroquin stated that he believed that LPS was `entitled to download images from the Laredo program without incurring a print charge.’ LPS also offered evidence that it did not use a web-harvester to avoid print fees. The employee who oversaw development of the web-harvester, John McCabe, testified that in designing the web-harvester, `no part of [the process] was to avoid a print fee’ and that the purpose was `[e]fficiency, speed.’
Fidlar's own conduct, moreover, bolsters LPS's testimony on this point. LPS presented evidence that Fidlar knew that at least two of LPS's competitors used third party programs to acquire record data via Laredo. In particular, CoreLogic used a `screen-scraper’ to collect data from county records. Similarly, the First American Title Company used its own web-harvester to acquire records. Fidlar was aware of this conduct yet did not do anything to stop it. Indeed, in an internal e-mail, a Fidlar employee stated that Fidlar could make screen-scraping or web-harvesting illegal with a `simple disclaimer that states the information can't be scraped from the image.’ Taken together, this evidence suggests that even Fidlar itself did not believe that web-harvesting was impermissible.
Fidlar Technologies v. LPS Real Estate Data Solutions, Inc., supra (emphasis in the original).
The court went on to explain that, 
[s]econd, the agreements between LPS and the counties did not prohibit LPS from using a web-harvester or require LPS to access the records through the Laredo client. Cf. EF Cultural Travel BV v. Zefer Corp., 318 F.3d 58 (U.S. Court of Appeals for the1st Circuit 2003) (`[T]he public website provider can easily spell out explicitly what is forbidden. . . . If [the plaintiff] wants to ban [certain conduct], let it say so on the webpage or a link clearly marked as containing restrictions’). These agreements also did not prohibit LPS from downloading records or require LPS to pay a print fee for any records it downloaded. Yet, LPS derived its authority to access records entirely from these agreements. The agreement between LPS and Fidlar, the Laredo client EULA, stated that it does not grant access to any county information. So the EULA, by its own terms, did not limit—or even affect—LPS's access to county records.

Third, the Laredo client's technological limitations do not support an inference that LPS knew it could not download records. Fidlar contends that because the client was designed to prevent downloading records, LPS should have known that it was not authorized to do so. But the client's technological limitations only show that LPS knew that it could not download records through the Laredo client. We see no reason why LPS should have inferred that it could not download records through a completely different program that it designed. LPS's access to records was tied to the individual agreements with each county—agreements that did not require LPS to use the Laredo client and that Fidlar was not even party to. Further, the EULA, which was the only agreement between Fidlar and LPS, expressly provided that it did not grant access to records and that access could only be granted by the relevant county. In other words, if LPS believed that the county agreements granted it the authority to access records through its own software, the limitations on the Laredo client would seem to have no bearing on the permissible uses of that software.

Additionally, other characteristics of Fidlar's services suggested that downloading records through another program, like a web-harvester, was permissible. The middle tier did not impose any limitations on LPS's use of a web-harvester. Fidlar did not encrypt SOAP calls between the middle tier and the Laredo client. And the middle tier was accessible by means other than the Laredo client, including other Fidlar software products, such as Fidlar's Tapestry platform, as well as third-party applications. So while the option to download records was limited on the front-end by the client user-interface, it was completely open on the back-end by the middle tier's use of unsecured SOAP calls.
Fidlar Technologies v. LPS Real Estate Data Solutions, Inc., supra (emphasis in the original).
The Court of Appeals then took up another, related issue, explaining that Fidlar
attempts to cast doubt on LPS's claim that it did not intend to defraud the counties. First, Fidlar argues that the county invoices, which did not indicate any of LPS's web-harvester activity, support an inference that LPS intended to defraud the counties. Even assuming that LPS knew its activities were not being tracked as a result of these invoices, the invoices do not undermine LPS's contention that it believed its conduct was permissible. LPS's access was governed by the county agreements and the invoices did not give LPS cause to change its understanding of these agreements. The fact that LPS was not being billed for downloading records would only reinforce LPS's belief that its conduct was permissible under its unlimited subscriptions. Similarly, the fact that the counties continued to accept LPS's unlimited subscription fees (and that Fidlar continued to provide LPS access) without any inquiry into the company's minimal activity might have further reinforced LPS's understanding of its arrangement. As a result, the invoices do not make an intent to defraud any more likely.

Second, Fidlar cites the testimony of Lynda Taylor. Taylor was a Senior Vice President at LPS until June 2010, prior to LPS's creation and use of its web-harvester. Taylor explained that during her tenure at LPS, her plan was to `pay selectively,’ `on an as-needed basis . . . because Laredo charged for time to be on the system and to look at the document images online, and then you paid extra if you wanted to actually get a copy of an image.’ She also stated that Laredo did not allow a user to `take control of the digital image’ of a record. Fidlar argues that this testimony shows that LPS knew it could either view a record in the client or pay to print a record from the client, but could not download or `take control’ of a record.
Fidlar Technologies v. LPS Real Estate Data Solutions, Inc., supra.
The court, though, found that 
Fidlar misreads Taylor's testimony. Taylor was only referring to the limitations of the Laredo client. She did not testify that LPS was prohibited from downloading records using a web-harvester or through other means. In fact, Taylor's tenure predates LPS's creation and use of the web-harvester. And individuals employed at LPS at that time consistently testified that they believed LPS's conduct to be permissible.

Third, Fidlar points to testimony from Michael Hall, LPS's Director of Data Acquisition, who stated that a hypothetical fee of $0.50 or more per page to print a record would have been `cost prohibitive' for LPS. This hypothetical fee is the same as the actual print fee charged by some of the 82 counties. Accordingly, Fidlar argues that Hall's testimony supports an inference that LPS was defrauding the counties of this fee.

But Fidlar's argument largely misses the mark. Undoubtedly, Hall's testimony shows that LPS had much to gain if it wanted to avoid print fees. But this is obvious; LPS does not dispute that acquiring records via a web-harvester was far less expensive than printing them via the Laredo client. The problem with Fidlar's argument is the fact that printing records via the client was more expensive, or even economically infeasible for LPS, does not demonstrate that LPS intentionally avoided this expense. Hall's testimony is entirely consistent with LPS's narrative that it was not trying to avoid print fees. Rather, the fees were simply inconsequential to LPS's data acquisition efforts. Hence, Hall's testimony does not support an inference of an intent to defraud.

In sum, Fidlar attempts to convert its failure to prohibit LPS's action by contract into an allegation of criminal conduct. Despite its extensive efforts to paint LPS's conduct as fraudulent in nature, Fidlar has not pointed to any evidence that would allow a reasonable jury to find that LPS believed its conduct was fraudulent. Hence, we agree with the district court that no reasonable jury could conclude—based on this evidence alone—that LPS acted with an intent to defraud.
Fidlar Technologies v. LPS Real Estate Data Solutions, Inc., supra.
The Court of Appeals then took up Fidlar’s argument that
LPS violated § 1030(a)(5)(A), which punishes anyone who:

`[K]nowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer. . . .’

The district court held that LPS did not violate this provision because it found that LPS did not cause any damage under the statute.

Under the CFAA, `damage’ is defined as `any impairment to the integrity or availability of data, a program, a system, or information. . . .’  § 1030(e)(8). Hence, `causes damage’ encompasses clearly destructive behavior such as using a virus or worm or deleting data. See, e.g., Int'l Airport Ctrs., L.L.C. v. Citrin, 440 F.3d 418 (U.S. Court of Appeals for the 7th Circuit 2006). But it may also include less obviously invasive conduct, such as flooding an email account. See, e.g., Pulte Homes, Inc. v. Laborers' Int'l Union, 648 F.3d 295  (U.S.Court of Appeals for the 6th Circuit 2011).

Fidlar claims LPS caused damage to a protected computer—the middle tier servers—by `stopp[ing] the flow of information, causing a diminution in the completeness or availability of data.’ However, Fidlar admits LPS did not alter any data or disrupt Fidlar's services in any way. LPS just avoided Fidlar's method of tracking user activity by not sending the necessary SOAP calls.

This interruption is not `damage’ as defined by the statute. LPS's web-harvester did not impair the integrity or availability of Fidlar's data or systems; it simply downloaded the data requested without leaving a trace. Put another way, the middle tier servers, including the logs, were unaltered after LPS used its web-harvester.
Fidlar Technologies v. LPS Real Estate Data Solutions, Inc., supra. (For the CFAA's definition of "damage", see 18 U.S. Code 1030(e)(8).)
The opinion then goes on to explain that
Fidlar attempts to liken this case to United States v. Mitra, 405 F.3d 492 (U.S. Court of Appeals for the 7th Circuit 2005), but the two are readily distinguishable. In Mitra, this Court held that a defendant caused damage by blocking emergency radio communications. United States v. Mitra, supra. Unlike in this case, the defendant in Mitra actually impaired the availability and integrity of a protected computer. His conduct prevented others from communicating through the public communication system. See United States v. Mitra, supra (noting that the defendant's conduct `prevented the computer from receiving, on the control channel, data essential to parcel traffic among the other 19 channels’ and that `[w]hen disturbances erupted, public safety departments were unable to coordinate their activities because the radio system was down’). By contrast, LPS did not prevent anyone from using the middle tier and county database servers nor did it alter any of the content on the servers.

Fidlar tries to sidestep this distinction by arguing that LPS caused damage to the entire `Laredo system’ because it prevented the tracking component from functioning as Fidlar intended. But the statute only protects against damage `to a protected computer,’ including to systems on such a computer. §§ 1030(a)(5)(A); 1030(e)(8). The Laredo system is not a `computer,’ but rather a description of Fidlar's multi-tier architecture. See § 1030(e)(1)(defining `computer’ as `an electronic, magnetic, optical, electrochemical, or other high speed data processing device’). Hence, LPS cannot be liable for damaging the entire `Laredo system’ under this statute.

In reality, Fidlar's claim is trespassory in nature. LPS accessed the middle tier servers without following Fidlar's `rules’ (i.e., logging its activity or using the Laredo client). But by using the word `damage,’ and in light of the statutory definition, Congress intended this provision reach actual disruptions in service, not mere access, even if trespassory. See International Airport Centers, L.L.C. v. Citrin, 440 F.3d 418 (U.S. Court of Appeals for the 7th Circuit 2006) (`Congress was concerned with both . . .  attacks by virus and worm writers, . . .  and attacks by disgruntled programmers who decide to trash the employer's data system on the way out. . . .’); cf.§ 1030(a)(2) (prohibiting unauthorized access to obtain information from a protected computer without requiring damage). Therefore, the district court was correct that no reasonable jury could conclude that LPS caused any damage within the meaning of the statute.
Fidlar Technologies v. LPS Real Estate Data Solutions, Inc., supra (emphasis in the original).

The Court of Appeals then took up, and dismissed, Fidlar’s claim that LPS violated the Illinois Computer Crime Prevention Law:

Like the CFAA, the Illinois CCPL is a criminal statute with a civil suit provision. Section720 ILCS § 5/17–51(c) provides that `[w]hoever suffers loss by reason of a violation of subdivision (a)(4) of this Section may, in a civil action against the violator, obtain appropriate relief.’ Fidlar claims that LPS violated subdivision (a)(4)(C), which provides that:
(a)  A person commits computer tampering when he or she knowingly and without the authorization of a computer's owner or in excess of the authority granted to him or her: ... (4) Inserts or attempts to insert a program into a computer or computer program knowing or having reason to know that such program contains information or commands that will or may:... (C) cause loss to the users of that computer or the users of a computer which accesses or which is accessed by such program....
Fidlar Technologies v. LPS Real Estate Data Solutions, Inc., supra (emphasis in the original).
The Court of Appeals went on to explain that the District Court Judge held that LPS
had no reason to know that its use of a web-harvester would or might cause loss under the statute. The court reasoned that LPS never believed that the counties were entitled to print fees for its use of a web-harvester, and thus there was no loss to the counties that LPS knew or should have known it was causing.

In support of its position that LPS violated the CCPL, Fidlar incorporates the same argument it made under CFAA § 1030(a)(4): LPS intentionally defrauded, and consequently intended to cause loss to, the counties. Indeed, under Illinois law, Fidlar can establish knowledge by demonstrating that LPS acted intentionally. See 720 ILCS § 5/4–5 (`When the law provides that acting knowingly suffices to establish an element of an offense, that element also is established if a person acts intentionally’).

But as discussed above, Fidlar cannot show that LPS intended to defraud the counties. LPS demonstrated that its intent was to efficiently acquire records in a way it believed to be permissible under the governing agreements. Its intent was not to avoid print fees. Accordingly, LPS did not intend to cause loss to the counties.

For the same reason, Fidlar cannot show LPS knew or had reason to know that it might cause loss to the counties. LPS was aware that some counties imposed print fees and that the counties obtained revenue from these fees. But given that LPS believed that it was entitled to download records without incurring a fee, it follows that LPS did not know or have reason to know that it was causing a loss. The fact that LPS could have paid print fees but chose not to does not establish a loss to the counties because LPS was not printing records.

At a minimum, Fidlar must demonstrate that LPS had reason to know that the counties were entitled to the print fees they allegedly lost. However, from LPS's perspective, the counties were not entitled to anything beyond the unlimited subscription fees LPS was already paying. Therefore, we agree with the district court that no reasonable jury could conclude that LPS knew or had reason to know that it would or might cause a loss.
Fidlar Technologies v. LPS Real Estate Data Solutions, Inc., supra.
The Court of Appeals therefore affirmed the judgment of the District Court Judge. Fidlar Technologies v. LPS Real Estate Data Solutions, Inc., supra.

 Fidlar Fid

 Fidlar Fid

No comments: