Appeal from the United States District Court for the District of New Jersey. (D.C. Civil No. 04-cv-04554). District Judge: Honorable Joseph A. Greenaway, Jr.
The opinion of the court was delivered by: Rendell, Circuit Judge
Before: ROTH, RENDELL, and BARRY, Circuit Judges.
Plaintiffs P.C. of Yonkers, Inc., and eighteen related "Party City" affiliates (the "PC plaintiffs") appeal the District Court 's order denying injunctive relief sought pursuant to the provisions of the federal Computer Fraud and Abuse Act ("CFAA"), and under New Jersey state law. We will affirm because we agree with the District Court 's analysis regarding the lack of evidentiary basis for the injunction, but we will take this opportunity to clarify the scope of relief available under CFAA's provisions.
The seventeen Party City retail store plaintiffs are all franchisees of Party City Corporation ("PCC"). Each operates a retail store selling discount party goods and related products (the "PC Stores"). Plaintiff Party City Management Co., Inc. ("PC Management"), manages the operations of the franchised locations. Defendant Andrew Hack ("Hack") worked for PCC in various positions from March 1991 until his termination in August 2003. He continued to act as a consultant to PC Management from September 11, 2003 to November 25, 2003. Defendant Andrew Bailen ("Bailen"), also a longtime PCC employee, served as the company's executive vice president for merchandise and marketing from August 2000 until he left its employ on July 14, 2003.
In 2004, Bailen and Hack formed Celebrations! The Party and Seasonal Superstore, L.L.C. ("Celebrations"), also a defendant in this case, and opened two of its own retail party goods stores in the vicinity of two existing PC Stores, one in Greenburgh, New York, and a second in Clifton, New Jersey, in late July and August of 2004, respectively. The PC plaintiffs averred that the Celebrations stores opened "just in time to compete with plaintiff PC stores during the biggest selling season -- the weeks leading up to Halloween," and that "sales during this time of year are critical to a successful business year." (Compl. ¶ 36.)
The PC plaintiffs' primary claim under CFAA was that defendant Hack, "without authorization and on behalf of defendant Celebrations and defendant Bailen," accessed PCC's Tomax computer system from his home 125 times over seven days during October and November of 2003. Eight of the alleged incursions occurred after Hack ceased working as a consultant to PC Management.*fn1 Additionally, plaintiffs claim that unauthorized access purportedly was gained again in December 2003 and a final time in April 2004, when Hack was no longer associated with any of the PC plaintiffs.
The access in December 2003 lasted a total of 19.4 minutes. Hack testified that he had a home office during his years with PCC and had been authorized to use his computer from home; as proof, he offered e-mails demonstrating that he did so. He could not recall making this particular access but stated that he imagined it would have been for PC Management business as he never accessed the Tomax system for anything but PC Management related work. The PC plaintiffs contested Hack'sasserted authorization in their submissions. The April access was for a total of 5 minutes and 49 seconds, and Hack testified that it appears to have been an automatic redial of the last call he had made to the PC Lancaster store in December. There is a paucity of information as to precisely what could have been obtained from the system in these incursions, although the PC plaintiffs' computer consultant, Joseph Savin, stated that "reports" could be ordered in a matter of seconds and then "later, with a few keystrokes," downloaded and sent to a remote location. (Savini Certification ¶ 6, Oct. 8, 2004.)
The PC plaintiffs averred that the defendants used the information obtained from this access to decide where to locate their stores, where to focus marketing efforts and budgets, and to obtain valuable information as to sales during the Halloween season. They urge that by using this valuable information, defendants purportedly obtained an unfair competitive advantage. The PC plaintiffs specifically averred that defendants' unauthorized access resulted in damage or loss to the PC plaintiffs of not less than $5,000 within the meaning of CFAA, 18 U.S.C. § 1030.
The PC plaintiffs sought an injunction prohibiting Celebrations from operating the Celebrations stores and from using the PC plaintiffs' trade secrets and confidential and proprietary information, and ordering the return of such information. They also averred that defendants' conduct violated New Jersey statutory and common law, entitling the PC plaintiffs to damages.
After limited discovery, the District Court heard oral argument on the motion and expressed doubt that 18 U.S.C. § 1030, which is primarily a criminal statute, provided for any civil relief. However, the District Court reasoned that even if the statute were read to provide a civil remedy, the PC plaintiffs had failed to frame their claim as a claim under subsection (a)(5) of § 1030, and thus were not entitled to injunctive relief under CFAA. Further, the District Court held that, even ifa claim could properly be brought under subsection (a)(4) of § 1030, the PC plaintiffs had failed to demonstrate a likelihood of success on the merits of such a claim, because they had not shown what, "if anything, was actually taken from the Tomax system [by defendants], nor for that matter, confirm with certainty that the incursions were inappropriate or outside the scope of a legitimate work purpose."*fn2 (Trans. of Op. at 34.)
The Court also ruled that the PC plaintiffs had not demonstrated that they would succeed under the related New Jersey statute prohibiting certain computer incursions, or on the merits of their common law trade secret misappropriation claim. This latter finding was based on the PC plaintiffs' failure to prove that the information in the Tomax system was indeed entitled to protection as a "trade secret" and ...