In Re Double Click - Computer Fraud and Abuse Act Claim

Computer Fraud and Abuse Act Claim

The Computer Fraud and Abuse Act, 18 U.S.C. § 1030, prohibits the intentional access of a protected computer to obtain information without authorization which causes at least $5,000 damage or loss resulting from a single unauthorized access. 18 U.S.C. § 1030(a)(5)(A) proscribes the intentional and unauthorized causing of damage to a protected computer resulting from knowingly causing the transmission of a program, information, code, or command.

The plaintiffs sought damages for the loss caused accruing from the unauthorized access of their computers and the misappropriation of information by DoubleClick. DoubleClick did not dispute that plaintiffs' computers were protected under the Computer Fraud and Abuse Act or that its access was unauthorized. The court stated that damages and losses under the Computer Fraud and Abuse Act may only be aggregated across victims and over time for a single act. Since each access of a cookie on users' computers constitutes a single and separate act of unauthorized access, damages and losses may only be aggregated for each cookie and cannot be aggregated across multiple computers. The court dismissed the plaintiffs' claim under the Computer Fraud and Abuse Act on the grounds that the damage caused by each cookie did not meet the statutory threshold of $5,000.

Plaintiffs' alleged emotional distress due to DoubleClick’s invasion of their privacy, trespass to their personal property, and misappropriation of confidential data was not actionable under the Computer Fraud and Abuse Act which only authorized the recovery of economic losses. The court denied the plaintiffs' claim that the alleged damage to the value of their individual demographic information, arising from DoubleClick's collection of user information, constitutes compensable economic loss. The court noted that while demographic information was valuable, its collection did not represent economic loss.