Damage to property in cyberspace

June 13, 2008

It’s fairly obvious when someone physically damages someone else’s belongings, but what counts as property damage in cyberspace?

Historically, the trespass to chattels doctrine has been used to prove liability when one individual causes physical harm to someone else’s personal property.

But now, the doctrine is being used for anything from stopping spam to protecting data that’s housed on web servers to blocking spyware from people’s computers.

“Trespass to chattels is a prime example of courts having to dust off ancient legal doctrines to grapple with a completely new context on the Internet,” said Eric Sinrod, a San Francisco lawyer who specializes in Internet-related intellectual property law. “Technology is changing at warp speed and parties are in dispute over data in cyberspace and access to servers and they need to come up with new theories.”

But the application of trespass to chattels can be unclear when it comes to the Internet because - in general - “the servers aren’t really taken and they’re usually not physically ‘damaged,’” Sinrod said.

“We know people have some right to protect computer property, but we are not sure what the limits are,” said Eric Goldman, a professor of cyberspace law at the Santa Clara University law school.

As a result, courts are in the process of sorting out when trespass to chattels should apply to Web site content and server use - and how much harm to computers or servers a plaintiff has to prove to win a case.

“Where is the line between denial of service - where the server shuts down - and some lesser use of the server that might impose some demand on the server, such as a single e-mail?” asked Goldman.

Illinois attorney David Fish, whose firm won the first case stopping a spyware company from installing its software on plaintiffs’ computers, said he expects more and more challenges to be brought.

“I think we’re going to see more of these cases percolating up” through the courts, agreed Sinrod.

Protecting data

The first examples of cases that succeeded involved suits against spammers who sent bulk e-mail messages through America Online’s servers.

Fish’s case opened the door to injunctions against companies that put unwanted software on people’s computers. (Sotelo v. DirectRevenue LLC, 384 F.Supp.2d 1219 (N.D. Ill. 2005).)

Another important round of cases, which is still developing, focuses on the question of when data on a Web site should be protected.

“In the online context, trespass to chattels can be used to protect data by housing it on servers with restricted access,” said Goldman.

For example, an auction site like eBay “might want to set up a fence around its servers because they have valuable data they want to protect, such as people’s user ratings.”

In one case, Bidder’s Edge, a site that compiles information from competing auction sites, sent a spider across the Internet to extract information about eBay’s auction listings.

eBay argued that this practice was taking up space on its servers and slowing them down, and a judge concluded that if multiple companies did this, it would cause eBay’s servers to grind to a halt. The court issued an injunction to stop Bidder’s Edge from taking information from eBay’s servers. (eBay Inc. v. Bidder’s Edge Inc., 100 F. Supp. 2d 1058 (N.D. Calif. 2000).)

“That case stands for the private store model of the Internet, where Web sites can determine under what circumstances people can use them,” said Sinrod.

Proving harm

What distinguishes trespass to chattels is that the plaintiff must prove harm in order to prevail. The question is: How much harm is required?

“The more harm you can show, the better,” said Sinrod. “A judge or jury will be more sympathetic if the practice is really adversely affecting your business.”

For example, Sinrod suggested that “if somebody is sending spiders and web crawlers into a mom-and-pop Web site using up all of the server capacity, one would think that’s a good showing of harm.”

Goldman noted that the clearest case would involve a computer or server that was overloaded to the point where it amounts to a “denial of service” to regular users.

On the other hand, said Sinrod, “if you have one of the largest online companies with oceans of capacity and one spider copies one morsel of data once … it’s likely a judge won’t be too interested in this.”

Fish, a senior associate at The Collins Law Firm, agreed.

A defendant might argue that “this is a drop in the bucket compared to your server capacity and if it’s available on the Internet, it’s available to everyone,” Fish said. Or a company might argue that there is no damage if you can easily remove the software that was covertly placed on your computer.

But most situations will lie in a gray area between these extremes. And there are many questions still unanswered.

What if “the computer slows down and [isn’t] as fast as it was before it was receiving this e-mail?” asked Goldman. “What’s the right speed for a computer?”

Or, what if an e-mail account has storage limits and “the spam is the last e-mail in and it causes two e-mails to bounce, is that harm?” he asked.

To quantify harm, Fish suggests that the plaintiff have an expert who can explain the extent of damage to servers and computers.

“Have someone who can show that X percentage of your hard drive was used and that your computer was slowed down this much.”

But it remains unclear how much it must slow down to constitute actionable harm.

A public domain

In some recent cases, courts have said that companies trying to protect their servers or data can’t meet the common law standard for trespass to chattels unless there is demonstrable physical harm to their computers or networks.

These rulings “lead us to believe there is a high bar,” said Goldman. “It makes the doctrine not very robust if you need to show actual harm to the computer.”

These cases espouse what Sinrod calls a “public library view of the Internet.”

The argument there is that “more fences run counter to the intrinsic norms of the Internet,” where information is freely available, said Goldman.

For example, Tickets.com was using web crawlers to make Ticketmaster tickets directly available on its Web site by bypassing advertising pages on Ticketmaster’s site.

Ticketmaster argued this was trespass to chattels, but a judge disagreed, finding that the doctrine wasn’t designed to address this type of activity. (Ticketmaster Corp. v. Tickets.com, No. CV997654HLHVBKX (C.D. Calif. 2003).).

In another important case, a former Intel employee sent eight different e-mails to thousands of current employees complaining about the company’s forced ranking system. But the California Supreme Court said there was no harm because the e-mails didn’t grind Intel’s servers to a halt. (Intel v. Hamidi, 30 Cal.4th 1342 (2003).)

In a recent spam case that also seems to require proof of harm to the plaintiff’s computers, the 4th U.S. Circuit Court of Appeals held that the spam didn’t constitute trespass to chattels because the defendant’s e-mails didn’t cause “more than nominal damages.” (Omega World Travel, Inc. v. Mummagraphics Inc., 469 F.3d 348 (2006).)

These cases leave open some important questions, according to Sinrod.

“How collateral can the harm be? If lost productivity of employees isn’t enough, can some consequential damages be sufficient?”
Other claims

Goldman says that a plaintiff bringing a trespass to chattels claim in the Internet context should also explore other claims - which might be more successful depending on the circumstances.

The federal Computer Fraud and Abuse Act, 18 U.S.C. Sect. 1030, allows a plaintiff to bring a civil suit for damages against someone who accesses his computer and causes harm. A plaintiff who can show $5,000 or more in damages has standing to sue.

The losses can include remediation costs or even a company computer department’s time spent trying to fix the problem, Goldman said.

In many situations, he contends a claim under this statute might be more successful than a common law trespass to chattels claim.

Goldman suggested that if Intel had brought a claim under this Act, “it would have had no problem winning.”

He said it also might be easier to win a claim under some state statutes. California law, for example, allows plaintiffs to bring a civil suit if someone uses their computer resources without their permission.

For spyware claims, Fish said that more and more states are passing laws prohibiting the installation of spyware without the user’s consent.

“Many states have a criminal code that prohibits computer tampering if you install software without someone’s consent,” he noted.

For spam, claims are also available under the federal CAN-SPAM Act and a number of state anti-spam statutes.

Written by Reni Gertner  |  Filed Under Intellectual Property 

Comments

Got something to say?