Trespass and Spam

For further reading (optional):

Reading Notes

For every good thing, there are those who misuse it; the Internet is no exception. Put communications online and some will try to disrupt them or to vie for involuntary attention. In response, we see plaintiffs both reviving common law theories and pushing for new laws. As you look at claims of trespass and unwanted email, are these in fact areas where pre-Internet law, code, and markets fail? If so, does newer law address the failure or add to the confusion?

The Computer Fraud and Abuse Act (CFAA) is the major “anti-hacking” law. CFAA criminalizes “access[ing] a computer without authorization” or “exceeding authorized access” to a computer system or network. Over its history, the statute has been expanded from a narrow class of federal and financial institution computers to any computer used in interstate or foreign commerce. What is the difference between “accessing without authorization” and “exceeding authorized access”? Where is that distinction between outsiders and insiders relevant?

Consider how “authorization” for access is given or denied, especially in the context of a publicly accessible computer system. Many websites post “terms of service,” and many interactive systems show “banners” when a user logs in, e.g. “By logging onto this machine you agree to the TOS posted here: <http://www.speakeasy.net/content/internetservices/shelltos.html>.” Are these sufficient to make unwelcome use or access a crime? If it depends on the notice given to the system’s user, how might this notice compare with that sufficient to form a contract?

While junk mail is not new, it has expanded to new dimensions online. Businesses find email a cheap means of contacting targets, some of whom want some of the communications, many of whom do not. Unsolicited communications clog mailservers and inboxes. In response, service providers and end-users have turned to self-help: filters; blacklists (rejection based on keywords or IP addresses); whitelists (acceptance based trusted sender addresses or signatures such as DomainKeys); user verification (see, e.g., www.spamarrest.com); and blackhole lists.

Are trespass claims the best way to keep servers running? Do contracts help? Will state laws or federal CAN-SPAM do the trick? Can they work without limiting wanted communications or free speech rights?

Different people, of course, define "SPAM" differently. Skim MAPS, Introduction to the Realtime Blackhole List (RBL) servers, <http://www.mail-abuse.com/wp_introrbl.html> and look at e360 Insight's complaints against another blacklist, Spamhaus, claiming improper inclusion on a "spammers" list. Yahoo's DomainKeys, <http://antispam.yahoo.com/domainkeys> proposes a different mode of identification for mail senders.

Consider the transparency of various spam-blocking measures, especially when they operate at the ISP level. Do you know what spam-blocking, if any, is active on your email accounts?

The CAN-SPAM Act of 2003 was Congress’s response to increasing public complaint and to a patchwork of state laws. CAN-SPAM is often derided by its critics as the “You Can Spam” Act, many of whom complain that it preempted more powerful state laws. What does CAN-SPAM actually prevent? What are its enforcement mechanisms?

eBay, Inc. v. Bidder’s Edge, Inc.


100 F. Supp. 2d 1058 (N.D. Cal. 2000)

RONALD M. WHYTE

… eBay is an Internet-based, person-to-person trading site. eBay offers sellers the ability to list items for sale and prospective buyers the ability to search those listings and bid on items. The seller can set the terms and conditions of the auction. The item is sold to the highest bidder. The transaction is consummated directly between the buyer and seller without eBay's involvement. A potential purchaser looking for a particular item can access the eBay site and perform a key word search for relevant auctions and bidding status. eBay has also created category listings which identify items in over 2500 categories, such as antiques, computers, and dolls. Users may browse these category listing pages to identify items of interest.

Users of the eBay site must register and agree to the eBay User Agreement. Users agree to the seven page User Agreement by clicking on an "I Accept" button located at the end of the User Agreement. The current version of the User Agreement prohibits the use of “any robot, spider, other automatic device, or manual process to monitor or copy our web pages or the content contained herein without our prior expressed written permission.” It is not clear that the version of the User Agreement in effect at the time BE began searching the eBay site prohibited such activity, or that BE ever agreed to comply with the User Agreement.

…A software robot is a computer program which operates across the Internet to perform searching, copying and retrieving functions on the web sites of others. A software robot is capable of executing thousands of instructions per minute, far in excess of what a human can accomplish. Robots consume the processing and storage resources of a system, making that portion of the system's capacity unavailable to the system owner or other users. Consumption of sufficient system resources will slow the processing of the overall system and can overload the system such that it will malfunction or "crash." A severe malfunction can cause a loss of data and an interruption in services.

The eBay site employs "robot exclusion headers." A robot exclusion header is a message, sent to computers programmed to detect and respond to such headers, that eBay does not permit unauthorized robotic activity. Programmers who wish to comply with the Robot Exclusion Standard design their robots to read a particular data file, "robots.txt," and to comply with the control directives it contains…

BE is a company with 22 employees that was founded in 1997. … BE does not host auctions. BE is an auction aggregation site designed to offer on-line auction buyers the ability to search for items across numerous on-line auctions without having to search each host site individually. As of March 2000, the BE web site contained information on more that five million items being auctioned on more than one hundred auction sites. BE also provides its users with additional auction-related services and information. (Id. P 2.) The information available on the BE site is contained in a database of information that BE compiles through access to various auction sites such as eBay. When a user enters a search for a particular item at BE, BE searches its database and generates a list of every item in the database responsive to the search, organized by auction closing date and time. Rather than going to each host auction site one at a time, a user who goes to BE may conduct a single search to obtain information about that item on every auction site tracked by BE. It is important to include information regarding eBay auctions on the BE site because eBay is by far the biggest consumer to consumer on-line auction site. …

In early 1998, eBay gave BE permission to include information regarding eBay-hosted auctions for Beanie Babies and Furbies in the BE database…. On April 24, 1999, eBay verbally approved BE crawling the eBay web site for a period of 90 days. The parties contemplated that during this period they would reach a formal licensing agreement. They were unable to do so….

In late August or early September 1999, eBay requested by telephone that BE cease posting eBay auction listings on its site. BE agreed to do so. In October 1999, BE learned that other auction aggregations sites were including information regarding eBay auctions. On November 2, 1999, BE issued a press release indicating that it had resumed including eBay auction listings on its site. On November 9, 1999, eBay sent BE a letter reasserting that BE's activities were unauthorized, insisting that BE cease accessing the eBay site, alleging that BE's activities constituted a civil trespass and offering to license BE's activities. eBay and BE were again unable to agree on licensing terms. As a result, eBay attempted to block BE from accessing the eBay site; by the end of November, 1999, eBay had blocked a total of 169 IP addresses it believed BE was using to query eBay's system. BE elected to continue crawling eBay's site by using proxy servers to evade eBay's IP blocks.

Approximately 69% of the auction items contained in the BE database are from auctions hosted on eBay. BE estimates that it would lose one-third of its users if it ceased to cover the eBay auctions.

The parties agree that BE accessed the eBay site approximate 100,000 times a day. eBay alleges that BE activity constituted up to 1.53% of the number of requests received by eBay, and up to 1.10% of the total data transferred by eBay during certain periods in October and November of 1999. … eBay has not alleged any specific incremental damages due to BE activity. …

eBay now moves for preliminary injunctive relief preventing BE from accessing the eBay computer system based on nine causes of action: trespass, false advertising, federal and state trademark dilution, computer fraud and abuse, unfair competition, misappropriation, interference with prospective economic advantage and unjust enrichment. However, eBay does not move, either independently or alternatively, for injunctive relief that is limited to restricting how BE can use data taken from the eBay site.

II. LEGAL STANDARD

To obtain preliminary injunctive relief, a movant must demonstrate "either a likelihood of success on the merits and the possibility of irreparable injury, or that serious questions going to the merits were raised and the balance of hardships tips sharply in its favor." …

III. ANALYSIS
 

A. Balance of Harm

eBay asserts that it will suffer four types of irreparable harm if preliminary injunctive relief is not granted: (1) lost capacity of its computer systems resulting from to BE's use of automated agents; (2) damage to eBay's reputation and goodwill caused by BE's misleading postings; (3) dilution of the eBay mark; and (4) BE's unjust enrichment. The harm eBay alleges it will suffer can be divided into two categories. The first type of harm is harm that eBay alleges it will suffer as a result of BE's automated query programs burdening eBay's computer system ("system harm"). The second type of harm is harm that eBay alleges it will suffer as a result of BE's misrepresentations regarding the information that BE obtains through the use of these automated query programs ("reputational harm")….

eBay's allegations of harm are based, in part, on the argument that BE's activities should be thought of as equivalent to sending in an army of 100,000 robots a day to check the prices in a competitor's store. This analogy, while graphic, appears inappropriate. Although an admittedly formalistic distinction, unauthorized robot intruders into a "brick and mortar" store would be committing a trespass to real property. There does not appear to be any doubt that the appropriate remedy for an ongoing trespass to business premises would be a preliminary injunction. More importantly, for the analogy to be accurate, the robots would have to make up less than two out of every one-hundred customers in the store, the robots would not interfere with the customers' shopping experience, nor would the robots even be seen by the customers. Under such circumstances, there is a legitimate claim that the robots would not pose any threat of irreparable harm. However, eBay's right to injunctive relief is also based upon a much stronger argument.

If BE's activity is allowed to continue unchecked, it would encourage other auction aggregators to engage in similar recursive searching of the eBay system such that eBay would suffer irreparable harm from reduced system performance, system unavailability, or data losses. BE does not appear to seriously contest that reduced system performance, system unavailability or data loss would inflict irreparable harm on eBay consisting of lost profits and lost customer goodwill. Harm resulting from lost profits and lost customer goodwill is irreparable because it is neither easily calculable, nor easily compensable and is therefore an appropriate basis for injunctive relief. Where, as here, the denial of preliminary injunctive relief would encourage an increase in the complained of activity, and such an increase would present a strong likelihood of irreparable harm, the plaintiff has at least established a possibility of irreparable harm

In the patent infringement context, the Federal Circuit has held that a preliminary injunction may be based, at least in part, on the harm that would occur if a preliminary injunction were denied and infringers were thereby encouraged to infringe a patent during the course of the litigation. In the absence of preliminary injunctive relief, "infringers could become compulsory licensees for as long as the litigation lasts."…. Similarly fundamental to the concept of ownership of personal property is the right to exclude others. If preliminary injunctive relief against an ongoing trespass to chattels were unavailable, a trespasser could take a compulsory license to use another's personal property for as long as the trespasser could perpetuate the litigation.

BE correctly observes that there is a dearth of authority supporting a preliminary injunction based on an ongoing to trespass to chattels. In contrast, it is black letter law in California that an injunction is an appropriate remedy for a continuing trespass to real property. If eBay were a brick and mortar auction house with limited seating capacity, eBay would appear to be entitled to reserve those seats for potential bidders, to refuse entrance to individuals (or robots) with no intention of bidding on any of the items, and to seek preliminary injunctive relief against non-customer trespassers eBay was physically unable to exclude. The analytic difficulty is that a wrongdoer can commit an ongoing trespass of a computer system that is more akin to the traditional notion of a trespass to real property, than the traditional notion of a trespass to chattels, because even though it is ongoing, it will probably never amount to a conversion. The court concludes that under the circumstances present here, BE's ongoing violation of eBay's fundamental property right to exclude others from its computer system potentially causes sufficient irreparable harm to support a preliminary injunction.

BE argues that even if eBay is entitled to a presumption of irreparable harm, the presumption may be rebutted. … If eBay's irreparable harm claim were premised solely on the potential harm caused by BE's current crawling activities, evidence that eBay had licensed others to crawl the eBay site would suggest that BE's activity would not result in irreparable harm to eBay. However, the gravamen of the alleged irreparable harm is that if eBay is allowed to continue to crawl the eBay site, it may encourage frequent and unregulated crawling to the point that eBay's system will be irreparably harmed. There is no evidence that eBay has indiscriminately licensed all comers. Rather, it appears that eBay has carefully chosen to permit crawling by a limited number of aggregation sites that agree to abide by the terms of eBay's licensing agreement. "The existence of such a [limited] license, unlike a general license offered to all comers, does not demonstrate a decision to relinquish all control over the distribution of the product  in exchange for a readily computable fee." …

BE argues that even if eBay will be irreparably harmed if a preliminary injunction is not granted, BE will suffer greater irreparable harm if an injunction is granted. According to BE, lack of access to eBay's database will result in a two-thirds decrease in the items listed on BE, and a one-eighth reduction in the value of BE, from $ 80 million to $ 70 million. Although the potential harm to BE does not appear insignificant, BE does not appear to have suffered any irreparable harm during the period it voluntarily ceased crawling the eBay site. Barring BE from automatically querying eBay's site does not prevents BE from maintaining an aggregation site including information from eBay's site. Any potential economic harm is appropriately addressed through the posting of an adequate bond.

Moreover, it appears that any harm alleged to result from being forced to cease an ongoing trespass may not be legally cognizable. In the copyright infringement context, once a plaintiff has established a strong likelihood of success on the merits, any harm to the defendant that results from the defendant being preliminarily enjoined from continuing to infringe is legally irrelevant. See Triad Sys. Corp. v. Southeastern Exp. Co., 64 F.3d 1330, 1338 (9th Cir. 1995) (defendant "cannot complain of the harm that will befall it when properly forced to desist from its infringing activities.")…. The reasoning in these cases appears to be that a defendant who builds a business model based upon a clear violation of the property rights of the plaintiff cannot defeat a preliminary injunction by claiming the business will be harmed if the defendant is forced to respect those property rights. … Accordingly, the court concludes that eBay has demonstrated at least a possibility of suffering irreparable system harm and that BE has not established a balance of hardships weighing in its favor.
 

B. Likelihood of Success
…I. Trespass

Trespass to chattels "lies where an intentional interference with the possession of personal property has proximately cause injury." Thrifty-Tel v. Bezenek, 46 Cal. App. 4th 1559, 1566 (1996). Trespass to chattels "although seldom employed as a tort theory in California" was recently applied to cover the unauthorized use of long distance telephone lines. Id. Specifically, the court noted "the electronic signals generated by the [defendants'] activities were sufficiently tangible to support a trespass cause of action." Thus, it appears likely that the electronic signals sent by BE to retrieve information from eBay's computer system are also sufficiently tangible to support a trespass cause of action.

In order to prevail on a claim for trespass based on accessing a computer system, the plaintiff must establish: (1) defendant intentionally and without authorization interfered with plaintiff's possessory interest in the computer system; and (2) defendant's unauthorized use proximately resulted in damage to plaintiff. See Thrifty-Tel, 46 Cal. App. 4th at 1566. Here, eBay has presented evidence sufficient to establish a strong likelihood of proving both prongs and ultimately prevailing on the merits of its trespass claim.
 

a. BE's  Unauthorized Interference

eBay argues that BE's use was unauthorized and intentional. eBay is correct. BE does not dispute that it employed an automated computer program to connect with and search eBay's electronic database. BE admits that, because other auction aggregators were including eBay's auctions in their listing, it continued to "crawl" eBay's web site even after eBay demanded BE terminate such activity.

BE argues that it cannot trespass eBay's web site because the site is publicly accessible. BE's argument is unconvincing. eBay's servers are private property, conditional access to which eBay grants the public. eBay does not generally permit the type of automated access made by BE. In fact, eBay explicitly notifies automated visitors that their access is not permitted. "  In general, California does recognize a trespass claim where the defendant exceeds the scope of the consent." Baugh v. CBS, Inc., 828 F. Supp. 745, 756 (N.D. Cal. 1993).

Even if BE's web crawlers were authorized to make individual queries of eBay's system, BE's web crawlers exceeded the scope of any such consent when they began acting like robots by making repeated queries…. Moreover, eBay repeatedly and explicitly notified BE that its use of eBay's computer system was unauthorized. The entire reason BE directed its queries through proxy servers was to evade eBay's attempts to stop this unauthorized access. The court concludes that BE's activity is sufficiently outside of the scope of the use permitted by eBay that it is unauthorized for the purposes of establishing a trespass.

eBay argues that BE interfered with eBay's possessory interest in its computer system. Although eBay appears unlikely to be able to show a substantial interference at this time, such a showing is not required. Conduct that does not amount to a substantial interference with possession, but which consists of intermeddling with or use of another's personal property, is sufficient to establish a cause of action for trespass to chattel. See Thrifty-Tel, 46 Cal. App. 4th at 1567 (distinguishing the tort from conversion). Although the court admits some uncertainty as to the precise level of possessory interference required to constitute an intermeddling, there does not appear to be any dispute that eBay can show that BE's conduct amounts to use of eBay's computer systems. Accordingly, eBay has made a strong showing that it is likely to prevail on the merits of its assertion that BE's use of eBay's computer system was an unauthorized and intentional interference with eBay's possessory interest.
 

b. Damage to eBay's Computer System

A trespasser is liable when the trespass diminishes the condition, quality or value of personal property. See Compuserve, Inc. v. Cyber Promotions, 962 F. Supp. 1015 (S.D. Ohio 1997). The quality or value of personal property may be "diminished even though it is not physically damaged by defendant's conduct." Id. at 1022. The Restatement offers the following explanation for the harm requirement:

The interest of a possessor of a chattel in its inviolability, unlike the similar interest of a possessor of land, is not given legal protection by an action for nominal damages for harmless intermeddlings with the chattel. In order that an actor who interferes with another's chattel may be liable, his conduct must affect some other and more important interest of the possessor. Therefore, one who intentionally intermeddles with another's chattel is subject to liability only if his intermeddling is harmful to the possessor's materially valuable interest in the physical condition, quality, or value of the chattel, or if the possessor is deprived of the use of the chattel for a substantial time, or some other legally protected interest of the possessor is affected ... Sufficient legal protection of the possessor's interest in the mere inviolability of his chattel is afforded by his privilege to use reasonable force to protect his possession against even harmless interference.

 

Restatement (Second) of Torts § 218 cmt. e (1977).

eBay is likely to be able to demonstrate that BE's activities have diminished the quality or value of eBay's computer systems. BE's activities consume at least a portion of plaintiff's bandwidth and server capacity. Although there is some dispute as to the percentage of queries on eBay's site for which BE is responsible, BE admits that it sends some 80,000 to 100,000 requests to plaintiff's computer systems per day. Although eBay does not claim that this consumption has led to any physical damage to eBay's computer system, nor does eBay provide any evidence to support the claim that it may have lost revenues or customers based on this use, eBay's claim is that BE's use is appropriating eBay's personal property by using valuable bandwidth and capacity, and necessarily compromising eBay's ability to use that capacity for its own purposes. See CompuServe, 962 F. Supp. at 1022 ("any value [plaintiff] realizes from its computer equipment is wholly derived from the extent to which that equipment can serve its subscriber base.").

BE argues that its searches represent a negligible load on plaintiff's computer systems, and do not rise to the level of impairment to the condition or value of eBay's computer system required to constitute a trespass. However, it is undisputed that eBay's server and its capacity are personal property, and that BE's searches use a portion of this property. Even if, as BE argues, its searches use only a small amount of eBay's computer system capacity, BE has nonetheless deprived eBay of the ability to use that portion of its personal property for its own purposes. The law recognizes no such right to use another's personal property. Accordingly, BE's actions appear to have caused injury to eBay and appear likely to continue to cause injury to eBay. If the court were to hold otherwise, it would likely encourage other auction aggregators to crawl the eBay site, potentially to the point of denying effective access to eBay's customers. If preliminary injunctive relief were denied, and other aggregators began to crawl the eBay site, there appears to be little doubt that the load on eBay's computer system would qualify as a substantial impairment of condition or value. California law does not require eBay to wait for such a disaster before applying to this court for relief The court concludes that eBay has made a strong showing that it is likely to prevail on the merits of its trespass claim, and that there is at least a possibility that it will suffer irreparable harm if preliminary injunctive relief is not granted. eBay is therefore entitled to preliminary injunctive relief.
 

2. Copyright Preemption

BE argues that the trespass claim, along with eBay's other state law causes of action, "is similar to eBay's originally filed but now dismissed copyright infringement claim, and each is based on eBay's assertion that Bidder's Edge copies eBay's auction listings, a right within federal copyright law." BE is factually incorrect to the extent it argues that the trespass claim arises out of what BE does with the information it gathers by accessing eBay's computer system, rather than the mere fact that BE accesses and uses that system without authorization.

A state law cause of action is preempted by the Copyright Act if, (1) the rights asserted under state law are "equivalent" to those protected by the Copyright Act, and (2) the work involved falls within the "subject matter" of the Copyright Act as set forth in 17 U.S.C. §§ 102 and 103. Kodadek v. MTV Networks, Inc., 152 F.3d 1209, 1212 (9th Cir. 1998). "In order not to be equivalent, the right under state law must have an extra element that changes the nature of the action so that it is qualitatively different from a copyright infringement claim." Xerox Corp. v. Apple Computer, Inc., 734 F. Supp. 1542, 1550 (N.D. Cal. 1990). Here, eBay asserts a right not to have BE use its computer systems without authorization. The right to exclude others from using physical personal property is not equivalent to any rights protected by copyright and therefore constitutes an extra element that makes trespass qualitatively different from a copyright infringement claim. But see, Ticketmaster Corp. v. Tickets.com, Inc., 2000 U.S. Dist. LEXIS 4553, No. CV-99-7654 (C.D. Cal. minute order filed Mar. 27, 2000) (dismissing trespass claim based on unauthorized Internet information aggregation as preempted by copyright law).
 

3. Public Interest

The traditional equitable criteria for determining whether an injunction should issue include whether the public interest favors granting the injunction. American Motorcyclist Ass'n v. Watt, 714 F.2d 962, 965 (9th Cir. 1983). The parties submit a variety of declarations asserting that the Internet will cease to function if, according to eBay, personal and intellectual property rights are not respected, or, according to BE, if information published on the Internet cannot be universally accessed and used. Although the court suspects that the Internet will not only survive, but continue to grow and develop regardless of the outcome of this litigation, the court also recognizes that it is poorly suited to determine what balance between encouraging the exchange of information, and preserving economic incentives to create, will maximize the public good. Particularly on the limited record available at the preliminary injunction stage, the court is unable to determine whether the general public interest factors in favor of or against a preliminary injunction….

IV. ORDER

Bidder's Edge, its officers, agents, servants, employees, attorneys and those in active concert or participation with them who receive actual notice of this order by personal service or otherwise, are hereby enjoined pending the trial of this matter, from using any automated query program, robot, web crawler or other similar device, without written authorization, to access eBay's computer systems or networks, for the purpose of copying any part of eBay's auction database. As a condition of the preliminary injunction, eBay is ordered to post a bond in the amount of $ 2,000,000 to secure payment of any damages sustained by defendant if it is later found to have been wrongfully enjoined. This order shall take effect 10 days from the date on which it is filed.

Nothing in this order precludes BE from utilizing information obtained from eBay's site other than by automated query program, robot, web crawler or similar device. The court denies eBay's request for a preliminary injunction barring access to its site based upon BE's alleged trademark infringement, trademark dilution and other claims. This denial is without prejudice to an application for an injunction limiting or conditioning the use of any information obtained on the theory that BE's use violates some protected right of eBay.
 

Intel Corp. v. Hamidi, 30 Cal. 4th 1342; 71 P.3d 296; 1 Cal. Rptr. 3d 32 (Cal. 2003)

WERDEGAR, J. 

Intel Corporation (Intel) maintains an electronic mail system, connected to the Internet, through which messages between employees and those outside the company can be sent and received, and permits its employees to make reasonable nonbusiness use of this system. On six occasions over almost two years, Kourosh Kenneth Hamidi, a former Intel employee, sent e-mails criticizing Intel's employment practices to numerous current employees on Intel's electronic mail system. Hamidi breached no computer security barriers in order to communicate with Intel employees. He offered to, and did, remove from his mailing list any recipient who so wished. Hamidi's communications to individual Intel employees caused neither physical damage nor functional disruption to the company's computers, nor did they at any time deprive Intel of the use of its computers. The contents of the messages, however, caused discussion among employees and managers.

On these facts, Intel brought suit, claiming that by communicating with its employees over the company's e-mail system Hamidi committed the tort of trespass to chattels. The trial court granted Intel's motion for summary judgment and enjoined Hamidi from any further mailings. A divided Court of Appeal affirmed. …

After reviewing the decisions analyzing unauthorized electronic contact with computer systems as potential trespasses to chattels, we conclude that under California law the tort does not encompass, and should not be extended to encompass, an electronic communication that neither damages the recipient computer system nor impairs its functioning. Such an electronic communication does not constitute an actionable trespass to personal property, i.e., the computer system, because it does not interfere with the possessor's use or possession of, or any other legally protected interest in, the personal property itself. The consequential economic damage Intel claims to have suffered, i.e., loss of productivity caused by employees reading and reacting to Hamidi's messages and company efforts to block the messages, is not an injury to the company's interest in its computers--which worked as intended and were unharmed by the communications--any more than the personal distress caused by reading an unpleasant letter would be an injury to the recipient's mailbox, or the loss of privacy caused by an intrusive telephone call would be an injury to the recipient's telephone equipment.

Our conclusion does not rest on any special immunity for communications by electronic mail; we do not hold that messages transmitted through the Internet are exempt from the ordinary rules of tort liability. To the contrary, e-mail, like other forms of communication, may in some circumstances cause legally cognizable injury to the recipient or to third parties and may be actionable under various common law or statutory theories. Indeed, on facts somewhat similar to those here, a company or its employees might be able to plead causes of action for interference with prospective economic relations, interference with contract, or intentional infliction of emotional distress. And, of course, as with any other means of publication, third party subjects of e-mail communications may under appropriate facts make claims for defamation, publication of private facts, or other speech-based torts. Intel's claim fails not because e-mail transmitted through the Internet enjoys unique immunity, but because the trespass to chattels tort--unlike the causes of action just mentioned--may not, in California, be proved without evidence of an injury to the plaintiff's personal property or legal interest therein.

Nor does our holding affect the legal remedies of Internet service providers (ISP's) against senders of unsolicited commercial bulk e-mail (UCE), also known as "spam." A series of federal district court decisions, beginning with CompuServe, Inc. v. Cyber Promotions, Inc. (S.D.Ohio 1997) 962 F. Supp. 1015, has approved the use of trespass to chattels as a theory of spammers' liability to ISP's, based upon evidence that the vast quantities of mail sent by spammers both overburdened the ISP's own computers and made the entire computer system harder to use for recipients, the ISP's customers. In those cases, discussed in greater detail below, the underlying complaint was that the extraordinary quantity of UCE impaired the computer system's functioning. In the present case, the claimed injury is located in the disruption or distraction caused to recipients by the contents of the e-mail messages, an injury entirely separate from, and not directly affecting, the possession or value of personal property….

Hamidi, a former Intel engineer, together with others, formed an organization named Former and Current Employees of Intel (FACE-Intel) to disseminate information and views critical of Intel's employment and personnel policies and practices. FACE-Intel maintained a Web site (which identified Hamidi as Webmaster and as the organization's spokesperson) containing such material. In addition, over a 21-month period Hamidi, on  behalf of FACE-Intel, sent six mass e-mails to employee addresses on Intel's electronic mail system. The messages criticized Intel's employment practices, warned employees of the dangers those practices posed to their careers, suggested employees consider moving to other companies, solicited employees' participation in FACE-Intel, and urged employees to inform themselves further by visiting FACE-Intel's Web site. The messages stated that recipients could, by notifying the sender of their wishes, be removed from FACE-Intel's mailing list; Hamidi did not subsequently send messages to anyone who requested removal….

The summary judgment record contains no evidence Hamidi breached Intel's computer security in order to obtain the recipient addresses for his messages; indeed, internal Intel memoranda show the company's management concluded no security breach had occurred. Hamidi stated he created the recipient address list using an Intel directory on a floppy disk anonymously sent to him. Nor is there any evidence that the receipt or internal distribution of Hamidi's electronic messages damaged Intel's computer system or slowed or impaired its functioning. Intel did present uncontradicted evidence, however, that many employee recipients asked a company official to stop the messages and that staff time was consumed in attempts to block further messages from FACE-Intel. According to the FACE-Intel Web site, moreover, the messages had prompted discussions between "[e]xcited and nervous managers" and the company's human resources department.

DISCUSSION

I. Current California Tort Law

Dubbed by Prosser the "little brother of conversion," the tort of trespass to chattels allows recovery for interferences with possession of personal property "not sufficiently important to be classed as conversion, and so to compel the defendant to pay the full value of the thing with which he has interfered." (Prosser & Keeton, Torts (5th ed. 1984) § 14, pp. 85-86.)

Though not amounting to conversion, the defendant's interference must, to be actionable, have caused some injury to the chattel or to the plaintiff's rights in it. Under California law, trespass to chattels "lies where an intentional interference with the possession of personal property has proximately caused injury." ( Thrifty-Tel, Inc. v. Bezenek (1996) 46 Cal.App.4th 1559, 1566 [54 Cal. Rptr. 2d 468], italics added.) In cases of interference with possession of personal property not amounting to conversion, "the owner has a cause of action for trespass or case, and may recover only the actual damages suffered by reason of the impairment of the property or the loss of its use." ( Zaslow v. Kroenert, supra, 29 Cal.2d at p. 551) …

The Restatement, too, makes clear that some actual injury must have occurred in order for a trespass to chattels to be actionable…. "The interest of a possessor of a chattel in its inviolability, unlike the similar interest of a possessor of land, is not given legal protection by an action for nominal damages for harmless intermeddlings with the chattel. In order that an actor who interferes with another's chattel may be liable, his conduct must affect some other and more important interest of the possessor. Therefore, one who intentionally intermeddles with another's chattel is subject to liability only if his intermeddling is harmful to the possessor's materially valuable interest in the physical condition, quality, or value of the chattel, or if the possessor is deprived of the use of the chattel for a substantial time, or some other legally protected interest of the possessor is affected as stated in Clause (c). Sufficient legal protection of the possessor's interest in the mere inviolability of his chattel is afforded by his privilege to use reasonable force to protect his possession against even harmless interference." (Rest.2d Torts, § 218)

…The dispositive issue in this case, therefore, is whether the undisputed facts demonstrate Hamidi's actions caused or threatened to cause damage to Intel's computer system, or injury to its rights in that personal property, such as to entitle Intel to judgment as a matter of law. …[N]o evidence suggested that in sending messages through Intel's Internet connections and internal computer system Hamidi used the system in any manner in which it was not intended to function or impaired the system in any way. …

[T]he decisions finding electronic contact to be a trespass to computer systems have generally involved some actual or threatened interference with the computers' functioning. … [Thus] a series of federal district court decisions held that sending [unsolicited commercial email] through an ISP's equipment may constitute trespass to the ISP's computer system. The lead case, CompuServe, Inc. v. Cyber Promotions, Inc., supra, 962 F. Supp. 1015, 1021-1023 (CompuServe), was followed by Hotmail Corp. v. Van$ Money Pie, Inc. (N.D.Cal., Apr. 16, 1998, No. C 98-20064 JW) 1998 U.S. Dist. LEXIS 10729, page *7, America Online, Inc. v. IMS (E.D.Va. 1998) 24 F. Supp. 2d 548, 550-551, and America Online, Inc. v. LCGM, Inc. (E.D.Va. 1998) 46 F. Supp. 2d 444, 451-452.

In each of these spamming cases, the plaintiff showed, or was prepared to show, some interference with the efficient functioning of its computer system. In CompuServe, the plaintiff ISP's mail equipment monitor stated that mass UCE mailings, especially from nonexistent addresses such as those used by the defendant, placed "a tremendous burden" on the ISP's equipment, using "disk space and drain[ing] the processing power," making those resources unavailable to serve subscribers. ( CompuServe, supra, 962 F. Supp. at p. 1022.) Similarly, in Hotmail Corp. v. Van$ Money Pie, Inc., supra, 1998 U.S. Dist. LEXIS 10729 at page *7, the court found the evidence supported a finding that the defendant's mailings "fill[ed] up Hotmail's computer storage space and threaten[ed] to damage Hotmail's ability to service its legitimate customers."…

…These decisions do not persuade us to Intel's position here, for Intel has demonstrated neither any appreciable effect on the operation of its computer system from Hamidi's messages, nor any likelihood that Hamidi's actions will be replicated by others if found not to constitute a trespass.

That Intel does not claim the type of functional impact that spammers and robots have been alleged to cause is not surprising in light of the differences between Hamidi's activities and those of a commercial enterprise that uses sheer quantity of messages as its communications strategy. Though Hamidi sent thousands of copies of the same message on six occasions over 21 months, that number is minuscule compared to the amounts of mail sent by commercial operations. The individual advertisers sued in America Online, Inc. v. IMS, supra, 24 F. Supp. 2d at page 549, and America Online, Inc. v. LCGM, Inc., supra, 46 F. Supp. 2d at page 448, were alleged to have sent more than 60 million messages over 10 months and more than 92 million messages over seven months, respectively. Collectively, UCE has reportedly come to constitute about 45 percent of all e-mail. (Hansell, Internet Is Losing Ground in Battle Against Spam, N.Y. Times (Apr. 22, 2003) p. A1, col. 3.) The functional burden on Intel's computers, or the cost in time to individual recipients, of receiving Hamidi's occasional advocacy messages cannot be compared to the burdens and costs caused ISP's and their customers by the ever-rising deluge of commercial e-mail.

Intel relies on language in the eBay decision suggesting that unauthorized use of another's chattel is actionable even without any showing of injury: … But as the eBay court went on immediately to find that the defendant's conduct, if widely replicated, would likely impair the functioning of the plaintiff's system ( id. at pp. 1071-1072), we do not read the quoted remarks as expressing the court's complete view of the issue. In isolation, moreover, they would not be a correct statement of California or general American law on this point. While one may have no right temporarily to use another's personal property, such use is actionable as a trespass only if it "has proximately caused injury." ( Thrifty-Tel, supra, 46 Cal.App.4th at p. 1566.) "[I]n the absence of any actual damage the action will not lie." (Prosser & Keeton, Torts, supra, § 14, p. 87.) ….

Intel connected its e-mail system to the Internet and permitted its employees to make use of this connection both for business and, to a reasonable extent, for their own purposes. In doing so, the company necessarily contemplated the employees' receipt of unsolicited as well as solicited communications from other companies and individuals. That some communications would, because of their contents, be unwelcome to Intel management was virtually inevitable. Hamidi did nothing but use the e-mail system for its intended purpose--to communicate with employees. The system worked as designed, delivering the messages without any physical or functional harm or disruption. These occasional transmissions cannot reasonably be viewed as impairing the quality or value of Intel's computer system. We conclude, therefore, that Intel has not presented undisputed facts demonstrating an injury to its personal property, or to its legal interest in that property, that support, under California tort law, an action for trespass to chattels.

II. Proposed Extension of California Tort Law

We next consider whether California common law should be extended to cover, as a trespass to chattels, an otherwise harmless electronic communication whose contents are objectionable. We decline to so expand California law. Intel, of course, was not the recipient of Hamidi's messages, but rather the owner and possessor of computer servers used to relay the messages, and it bases this tort action on that ownership and possession. The property rule proposed is a rigid one, under which the sender of an electronic message would be strictly liable to the owner of equipment through which the communication passes--here, Intel--for any consequential injury flowing from the contents of the communication. The arguments of amici curiae and academic writers on this topic, discussed below, leave us highly doubtful whether creation of such a rigid property rule would be wise.

Writing on behalf of several industry groups appearing as amici curiae, Professor Richard A. Epstein of the University of Chicago urges us to excuse the required showing of injury to personal property in cases of unauthorized electronic contact between computers, "extending the rules of trespass to real property to all interactive Web sites and servers." The court is thus urged to recognize, for owners of a particular species of personal property, computer servers, the same interest in inviolability as is generally accorded a possessor of land. In effect, Professor Epstein suggests that a company's server should be its castle, upon which any unauthorized intrusion, however harmless, is a trespass….

[T]he metaphorical application of real property rules would not, by itself, transform a physically harmless electronic intrusion on a computer server into a trespass. That is because, under California law, intangible intrusions on land, including electromagnetic transmissions, are not actionable as trespasses (though they may be as nuisances) unless they cause physical damage to the real  property….

More substantively, Professor Epstein argues that a rule of computer server inviolability will, through the formation or extension of a market in computer-to-computer access, create "the right social result." In most circumstances, he predicts, companies with computers on the Internet will continue to authorize transmission of information through e-mail, Web site searching, and page linking because they benefit by that open access. When a Web site owner does deny access to a particular sending, searching, or linking computer, a system of "simple one-on-one negotiations" will arise to provide the necessary individual licenses.

Other scholars are less optimistic about such a complete propertization of the Internet. Professor Mark Lemley of the University of California, Berkeley, writing on behalf of an amici curiae group of professors of intellectual property and computer law, observes that under a property rule of server inviolability, "each of the hundreds of millions of [Internet] users must get permission in advance from anyone with whom they want to communicate and anyone who owns a server through which their message may travel." The consequence for e-mail could be a substantial reduction in the freedom of electronic communication, as the owner of each computer through which an electronic message passes could impose its own limitations on message content or source. As Professor Dan Hunter of the University of Pennsylvania asks rhetorically: "Does this mean that one must read the 'Terms of Acceptable Email Usage' of every email system that one emails in the course of an ordinary day? If the University of Pennsylvania had a policy  that sending a joke by email would be an unauthorized use of its system, then under the logic of [the lower court decision in this case], you would commit 'trespass' if you emailed me a . . . cartoon." (Hunter, Cyberspace as Place and the Tragedy of the Digital Anticommons (2003) 91 Cal. L.Rev. 439, 508-509.)

Web site linking, Professor Lemley further observes, "would exist at the sufferance of the linked-to party, because a Web user who followed a 'disapproved' link would be trespassing on the plaintiff's server, just as sending an e-mail is trespass under the [lower] court's theory." Another writer warns that "[c]yber-trespass theory will curtail the free flow of price and product information on the Internet by allowing website owners to tightly control who and what may enter and make use of the information housed on its Internet site." (Chang, Bidding on Trespass: eBay, Inc. v. Bidder's Edge, Inc. and the Abuse of Trespass Theory in Cyberspace Law (2001) 29 AIPLA Q.J. 445, 459.) A leading scholar of Internet law and policy, Professor Lawrence Lessig of Stanford University, has criticized Professor Epstein's theory of the computer server as quasi-real property, previously put forward in the eBay case ( eBay, supra, 100 F. Supp. 2d 1058), on the ground that it ignores the costs to society in the loss of network benefits: "eBay benefits greatly from a network that is open and where access is free. It is this general feature of the Net that makes the Net so valuable to users and a source of great innovation. And to the extent that individual sites begin to impose their own rules of exclusion, the value of the network as a network declines. If machines must negotiate before entering any individual site, then the costs of using the network climb." (Lessig, The Future of Ideas: The Fate of the Commons in a Connected World (2001) p. 171; see also Hunter, Cyberspace as Place and the Tragedy of the Digital Anticommons, supra, 91 Cal. L.Rev. at p. 512 ["If we continue to mark out anticommons claims in cyberspace, not only will we preclude better, more innovative uses of cyberspace resources, but we will lose sight of what might be possible"].)

We discuss this debate among the amici curiae and academic writers only to note its existence and contours, not to attempt its resolution. Creating an absolute property right to exclude undesired communications from one's e-mail and Web servers might help force spammers to internalize the costs they impose on ISP's and their customers. But such a property rule might also create substantial new costs, to e-mail and e-commerce users and to society generally, in lost ease and openness of communication and in lost network benefits. In light of the unresolved controversy, we would be acting rashly to adopt a rule treating computer servers as real property for purposes of trespass law.

The judgment of the Court of Appeal is reversed.

DISSENT: BROWN, J., Dissenting.

Candidate A finds the vehicles that candidate B has provided for his campaign workers, and A spray paints the water soluble message, "Fight corruption, vote for A" on the bumpers. The majority's reasoning would find that notwithstanding the time it takes the workers to remove the paint and the expense they incur in altering the bumpers to prevent further unwanted messages, candidate B does not deserve an injunction unless the paint is so heavy that it reduces the cars' gas mileage or otherwise depreciates the cars' market value. Furthermore, candidate B has an obligation to permit the paint's display, because the cars are driven by workers and not B personally, because B allows his workers to use the cars to pick up their lunch or retrieve their children from school, or because the bumpers display B's own slogans. I disagree.

Intel Corporation has invested millions of dollars to develop and maintain a computer system. It did this not to act as a public forum but to enhance the productivity of its employees. Kourosh Kenneth Hamidi sent as many as 200,000 e-mail messages to Intel employees. The time required to review and delete Hamidi's messages diverted employees from productive tasks and undermined the utility of the computer system. "There may . . . be situations in which the value to the owner of a particular type of chattel may be impaired by dealing with it in a manner that does not affect its physical condition." (Rest.2d Torts, § 218, com. h, p. 422.) This is such a case.

The majority repeatedly asserts that Intel objected to the hundreds of thousands of messages solely due to their content, and proposes that Intel seek relief by pleading content-based speech torts. This proposal misses the point that Intel's objection is directed not toward Hamidi's message but his use of Intel's property to display his message. Intel has not sought to prevent Hamidi from expressing his ideas on his Web site, through private mail (paper or electronic) to employees' homes, or through any other means like picketing or billboards. But as counsel for Intel explained during oral argument, the company objects to Hamidi's using Intel's property to advance his message.

Of course, Intel deserves an injunction even if its objections are based entirely on the e-mail's content. Intel is entitled, for example, to allow employees use of the Internet to check stock market tables or weather forecasts without incurring any concomitant obligation to allow access to pornographic Web sites. ( Loving v. Boren (W.D.Okla. 1997) 956 F. Supp. 953, 955.) A private property owner may choose to exclude unwanted mail for any reason, including its content. ( Rowan v. U.S. Post Office Dept. (1970) 397 U.S. 728, 738 [25 L. Ed. 2d 736, 90 S. Ct. 1484] (Rowan); Tillman v. Distribution Systems of America Inc. (App. Div. 1996) 224 A.D.2d 79 [648 N.Y.S.2d 630, 635] (Tillman).)

Register.com, Inc. v. Verio, Inc., 356 F.3d 393 (2d Cir. 2004)

LEVAL, Circuit Judge:

BACKGROUND

This plaintiff Register is one of over fifty companies serving as registrars for the issuance of domain names on the world wide web. As a registrar, Register issues domain names to persons and entities preparing to establish web sites on the Internet. Web sites are identified and accessed by reference to their domain names.

Register was appointed a registrar of domain names by the Internet Corporation for Assigned Names and Numbers, known by the acronym "ICANN." ICANN is a private, non-profit public benefit corporation which was established by agencies of the U.S. government to administer the Internet domain name system. To become a registrar of domain names, Register was required to enter into a standard form agreement with ICANN, designated as the ICANN Registrar Accreditation Agreement, November 1999 version (referred to herein as the "ICANN Agreement").

Applicants to register a domain name submit to the registrar contact information, including at a minimum, the applicant's name, postal address, telephone number, and electronic mail address. The ICANN Agreement, referring to this registrant contact information under the rubric "WHOIS information," requires the registrar, under terms discussed in greater detail below, to preserve it, update it daily, and provide for free public access to it through the Internet as well as through an independent access port, called port 43. See ICANN Agreement § II.F.1.


In compliance with § II.F.1 of the ICANN Agreement, Register updated the WHOIS information on a daily basis and established Internet and port 43 service, which allowed free public query of its WHOIS information. An entity making a WHOIS query through Register's Internet site or port 43 would receive a reply furnishing the requested WHOIS information, captioned by a legend devised by Register, which stated,
By submitting a WHOIS query, you agree that you will use this data only for lawful purposes and that under no circumstances will you use this data to . . . support the transmission of mass unsolicited, commercial advertising or solicitation via email.

 

The terms of that legend tracked § II.F.5 of the ICANN Agreement in specifying the restrictions Register imposed on the use of its WHOIS data. Subsequently, as explained below, Register amended the terms of this legend to impose more stringent restrictions on the use of the information gathered through such queries.

…The defendant Verio, against whom the preliminary injunction was issued, is engaged in the business of selling a variety of web site design, development and operation services. In the sale of such services, Verio competes with Register's web site development business. To facilitate its pursuit of customers, Verio undertook to obtain daily updates of the WHOIS information relating to newly registered domain names. To achieve this, Verio devised an automated software program, or robot, which each day would submit multiple successive WHOIS queries through the port 43 accesses of various registrars. Upon acquiring the WHOIS information of new registrants, Verio would send them marketing solicitations by email, telemarketing and direct mail. To the extent that Verio's solicitations were sent by email, the practice was inconsistent with the  terms of the restrictive legend Register attached to its responses to Verio's queries.

At first, Verio's solicitations addressed to Register's registrants made explicit reference to their recent registration through Register. This led some of the recipients of Verio's solicitations to believe the solicitation was initiated by Register (or an affiliate), and was sent in violation of the registrant's election not to receive solicitations from Register. Register began to receive complaints from registrants. Register in turn complained to Verio and demanded that Verio cease and desist from this form of marketing. Register asserted that Verio was harming Register's goodwill, and that by soliciting via email, was violating the terms to which it had agreed on submitting its queries for WHOIS information. Verio responded to the effect that it had stopped mentioning Register in its solicitation message.

In the meantime, Register changed the restrictive legend it attached to its responses to WHOIS queries. While previously the legend conformed to the terms of § II F.5, which authorized Register to prohibit use of the WHOIS information for mass solicitations "via email," its new legend undertook to bar mass solicitation "via direct mail, electronic mail, or by telephone." [Footnote: The new legend stated: By submitting a WHOIS query, you agree that . . . under no circumstances will you use this data to . . . support the transmission of mass unsolicited . . . advertising or solicitations via direct mail, electronic mail, or by telephone.]…

Register wrote to Verio demanding that it cease using WHOIS information derived from Register not only for email marketing, but also for marketing by direct mail and telephone. Verio ceased using the information in email marketing, but refused to stop marketing by direct mail and telephone.

Register brought this suit on August 3, 2000, and moved for a temporary restraining order and a preliminary injunction. Register asserted, among other claims, that Verio was (a) causing confusion among customers, who were led to believe Verio was affiliated with Register; (b) accessing Register's computers without authorization, a violation of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030; and, (c) trespassing on Register's chattels in a manner likely to harm Register's computer systems by the use of Verio's automated robot software programs. On December 8, 2000, the district court entered a preliminary injunction. The injunction barred Verio from the following activities:

1. Using or causing to be used the "Register.com" mark or the "first step on the web" mark or any other designation similar thereto, on or in connection with the advertising, marketing, or promotion of Verio and/or any of Verio's services;
 

2. Representing, or committing any act which is calculated to or is likely to cause third parties to believe that Verio and/or Verio's services are sponsored by, or have the endorsement or approval of Register.com;

3. Accessing Register.com's computers and computer networks in any manner, including, but not limited to, by software programs performing multiple, automated, successive queries, provided that nothing in this Order shall prohibit Verio from accessing Register.com's WHOIS database in accordance with the terms and conditions thereof; and
 

4. Using any data currently in Verio's possession, custody or control, that using its best efforts, Verio can identify as having been obtained from Register.com's computers and computer networks to enable the transmission of unsolicited commercial electronic mail, telephone calls, or direct mail to the individuals listed in said data, provided that nothing in this Order shall prohibit Verio from (i) communicating with any of its existing customers, (ii) responding to communications received from any Register.com customer initially contacted before August 4, 2000, or (iii) communicating with  any Register.com customer whose contact information is obtained by Verio from any source other than Register.com's computers and computer networks.

Verio appeals from that order.

DISCUSSION
 

Verio's assent to Register's contract terms

Verio's next contention assumes that Register was legally authorized to demand that takers of WHOIS data from its systems refrain from using it for mass solicitation by mail and telephone, as well as by email. Verio contends that it nonetheless never became contractually bound to the conditions imposed by Register's restrictive legend because, in the case of each query Verio made, the legend did not appear until after Verio had submitted the query and received the WHOIS data. Accordingly, Verio contends that in no instance did it receive legally enforceable notice of the conditions Register intended to impose. Verio therefore argues it should not be deemed to have taken WHOIS data from Register's systems subject to Register's conditions.

Verio's argument might well be persuasive if its queries addressed to Register's computers had been sporadic and infrequent. If Verio had submitted only one query, or even if it had submitted only a few sporadic queries, that would give considerable force to its contention that it obtained the WHOIS data without being conscious that Register intended to impose conditions, and without being deemed to have accepted Register's conditions. But Verio was daily submitting numerous queries, each of which resulted in its receiving notice of the terms Register exacted. Furthermore, Verio admits that it knew perfectly well what terms Register demanded. Verio's argument fails.

The situation might be compared to one in which plaintiff P maintains a roadside fruit stand displaying bins of apples. A visitor, defendant D, takes an apple and bites into it. As D turns to leave, D sees a sign, visible only as one turns to exit, which says "Apples - 50 cents apiece." D does not pay for the apple. D believes he has no obligation to pay because he had no notice when he bit into the apple that 50 cents was expected in return. D's view is that he never agreed to pay for the apple. Thereafter, each day, several times a day, D revisits the stand, takes an apple, and eats it. D never leaves money.

P sues D in contract for the price of the apples taken. D defends on the ground that on no occasion did he see P's price notice until after he had bitten into the apples. D may well prevail as to the first apple taken. D had no reason to understand upon taking it that P was demanding the payment. In our view, however, D cannot continue on a daily basis to take apples for free, knowing full well that P is offering them only in exchange for 50 cents in compensation, merely because the sign demanding payment is so placed that on each occasion D does not see it until he has bitten into the apple.

Verio's circumstance is effectively the same. Each day Verio repeatedly enters Register's computers and takes that day's new WHOIS data. Each day upon receiving the requested data, Verio receives Register's notice of the terms on which it makes the data available -- that the data not be used for mass solicitation via direct mail, email, or telephone. Verio acknowledges that it continued drawing the data from Register's computers with full knowledge that Register offered access subject to these restrictions. Verio is no more free to take Register's data without being bound by the terms on which Register offers it, than D was free, in the example, once he became aware of the terms of P's offer, to take P's apples without obligation to pay the 50 cent price at which P offered them.

Verio seeks support for its position from cases that have dealt with the formation of contracts on the Internet. An excellent example, although decided subsequent to the submission of this case, is Specht v. Netscape Communications Corp., 306 F.3d 17 (2d Cir. 2002). The dispute was whether users of Netscape's software, who downloaded it from Netscape's web site, were bound by an agreement to arbitrate disputes with Netscape, where Netscape had posted the terms of its offer of the software (including the obligation to arbitrate disputes) on the web site from which they downloaded the software. We ruled against Netscape and in favor of the users of its software because the users would not have seen the terms Netscape exacted without scrolling down their computer screens, and there was no reason for them to do so. The evidence did not demonstrate that one who had downloaded Netscape's software had necessarily seen the terms of its offer.

Verio, however, cannot avail itself of the reasoning of Specht. In Specht, the users in whose favor we decided visited Netscape's web site one time to download its software. Netscape's posting of its terms did not compel the conclusion that its downloaders took the software subject to those terms because there was no way to determine that any downloader had seen the terms of the offer. There was no basis for imputing to the downloaders of Netscape's software knowledge of the terms on which the software was offered. This case is crucially different. Verio visited Register's computers daily to access WHOIS data and each day saw the terms of Register's offer; Verio admitted that, in entering Register's computers to get the data, it was fully aware of the terms on which Register offered the access.

Verio's next argument is that it was not bound by Register's terms because it rejected them. Even assuming Register is entitled to demand compliance with its terms in exchange for Verio's entry into its systems to take WHOIS data, and even acknowledging that Verio was fully aware of Register's terms, Verio contends that it still is not bound by Register's terms because it did not agree to be bound. …

We recognize that contract offers on the Internet often require the offeree to click on an "I agree" icon. And no doubt, in many circumstances, such a statement of agreement by the offeree is essential to the formation of a contract. But not in all circumstances. While new commerce on the Internet has exposed courts to many new situations, it has not fundamentally changed the principles of contract. It is standard contract doctrine that when a benefit is offered subject to stated conditions, and the offeree makes a decision to take the benefit with knowledge of the terms of the offer, the taking constitutes an acceptance of the terms, which accordingly become binding on the offeree. See, e.g., Restatement (Second) of Contracts § 69 (1)(a) (1981) ("Silence and inaction operate as an acceptance . . . where an offeree takes the benefit of offered services with reasonable opportunity to reject them and reason to know that they were offered with the [**27]  expectation of compensation.")…

Returning to the apple stand, the visitor, who sees apples offered for 50 cents apiece and takes an apple, owes 50 cents, regardless whether he did or did not say, "I agree." The choice offered in such circumstances is to take the apple on the known terms of the offer or not to take the apple. As we see it, … Verio in this case had a similar choice. Each was offered access to information subject to terms of which they were well aware. Their choice was either to accept the offer of contract, taking the information subject to the terms of the offer, or, if the terms were not acceptable, to decline to take the benefits.

We find that the district court was within its discretion in concluding that Register showed likelihood of success on the merits of its contract claim. …
 

(d) Trespass to chattels

Verio also attacks the grant of the preliminary injunction against its accessing Register's computers by automated software programs performing multiple successive queries. This prong of the injunction was premised on Register's claim of trespass to chattels. Verio contends the ruling was in error because Register failed to establish that Verio's conduct resulted in harm to Register's servers and because Verio's robot access to the WHOIS database through Register was "not unauthorized." We believe the district court's findings were within the range of its permissible discretion.

“A trespass to a chattel may be committed by intentionally . . . using or intermeddling with a chattel in the possession of another," Restatement (Second) of Torts § 217(b) (1965), where "the chattel is impaired as to its condition, quality, or value," id. § 218(b).

The district court found that Verio's use of search robots, consisting of software programs performing multiple automated successive queries, consumed a significant portion of the capacity of Register's computer systems. While Verio's robots alone would not incapacitate Register's systems, the court found that if Verio were permitted to continue to access Register's computers through such robots, it was "highly probable" that other Internet service providers would devise similar programs to access Register's data, and that the system would be overtaxed and would crash. We cannot say these findings were unreasonable.

Nor is there merit to Verio's contention that it cannot be engaged in trespass when Register had never instructed it not to use its robot programs. As the district court noted, Register's complaint sufficiently advised Verio that its use of robots was not authorized and, according to Register's contentions, would cause harm to Register's systems....
 

(f) Other claims

The rulings outlined above justify the affirmance of the preliminary injunction, without need to discuss the other contentions raised.

EF Cultural Travel BV v. Zefer Corp., 318 F.3d 58 (1st Cir. 2003)


OPINION:   BOUDIN, Chief Judge.

Defendant Zefer Corporation ("Zefer") seeks review of a preliminary injunction prohibiting it from using a "scraper tool" to collect pricing information from the website of plaintiff EF Cultural Travel BV ("EF"). This court earlier upheld the injunction against co-defendant Explorica, Inc. ("Explorica"). EF Cultural Travel BV v. Explorica, Inc., 274 F.3d 577 (1st Cir. 2001) ("EF I"). The validity of the injunction as applied to Zefer was not addressed because Zefer's appeal was stayed when it filed for bankruptcy, but the stay has now been lifted.

EF and Explorica are competitors in the student travel business. Explorica was started in the spring of 2000 by several former EF employees who aimed to compete in part by copying EF's prices from EF's website and setting Explorica's own prices slightly lower. EF's website permits a visitor to the site to search its tour database and view the prices for tours meeting specified criteria such as gateway (e.g., departure) cities, destination cities, and tour duration. In June 2000, Explorica hired Zefer, which provides computer-related expertise, to build a scraper tool that could "scrape" the prices from EF's website and download them into an Excel spreadsheet.

A scraper, also called a "robot" or "bot," is nothing more than a computer program that accesses information contained in a succession of webpages stored on the accessed computer. Strictly speaking, the accessed information is not the graphical interface seen by the user but rather the HTML source code--available to anyone who views the site--that generates the graphical interface. This information is then downloaded to the user's computer. The scraper program used in this case was not designed to copy all of the information on the accessed pages (e.g., the descriptions of the tours), but rather only the price for each tour through each possible gateway city.

Zefer built a scraper tool that scraped two years of pricing data from EF's website. After receiving the pricing data from Zefer, Explorica set its own prices for the public, undercutting EF's prices an average of five percent. EF discovered Explorica's use of the scraper tool during discovery in an unrelated state-court action brought by Explorica's President against EF for back wages.

EF then sued Zefer, Explorica, and several of Explorica's employees in federal court. n1 Pertinently, EF sought a preliminary injunction on the ground that the copying violated the federal Copyright Act, 17 U.S.C. § 101 et seq. (2000), and various provisions of the Computer Fraud and Abuse Act ("CFAA"), 18 U.S.C. § 1030 (2000). The district court refused to grant EF summary judgment on its copyright claim, but it did issue a preliminary injunction against all defendants based on one provision of the CFAA, ruling that the use of the scraper tool went beyond the "reasonable expectations" of ordinary users. …

What appears to have happened is that Philip Gormley, Explorica's Chief Information Officer and EF's former Vice President of Information Strategy, e-mailed Zefer a description of how EF's website was structured and identified the information that Explorica wanted to have copied; this may have facilitated Zefer's development of the scraper tool, but there is no indication that the structural information was unavailable from perusal of the website or that Zefer would have known that it was information subject to a confidentiality agreement.

EF also claims that Gormley e-mailed Zefer the "codes" identifying in computer shorthand the names of EF's gateway and destination cities. These codes were used to direct the scraper tool to the specific pages on EF's website that contained EF's pricing information. But, again, it appears that the codes could be extracted more slowly by examining EF's webpages manually, so it is far from clear that Zefer would have had to know that they were confidential. The only information that Zefer received that was described as confidential (passwords for tour-leader access) apparently had no role in the scraper project.

- - - - - - - - - - - - - - Footnotes - - - - - - - - - - - - - - -
n2 As an example, the website address for an EF Tour to Paris and Geneva leaving from Boston is http://www.eftours.com/public/browse/browse_detail.asp?CTID=PTG%20V&GW=BOS Looking closely at the website address, one can determine that the destination code for the Paris and Geneva tour is PTG, while the gateway code for Boston is BOS.
 - - - - - - - - - - - - End Footnotes- - - - - - - - - - - - - - 

…The issue … is whether use of the scraper "exceeded authorized access." A lack of authorization could be established by an explicit statement on the website restricting access. (Whether public policy might in turn limit certain restrictions is a separate issue.) Many webpages contain lengthy limiting conditions, including limitations on the use of scrapers. However, at the time of Zefer's use of the scraper, EF had no such explicit prohibition in place, although it may well use one now.

The district court thought that a lack of authorization could also be inferred from the circumstances, using "reasonable expectations" as the test; and it said that three such circumstances comprised such a warning in this case: the copyright notice on EF's homepage with a link directing users to contact the company with questions; EF's provision to Zefer of confidential information obtained in breach of the employee confidentiality agreements; and the fact that the website was configured to allow ordinary visitors to the site to view only one page at a time.

We agree with the district court that lack of authorization may be implicit, rather than explicit. After all, password protection itself normally limits authorization by implication (and technology), even without express terms. But we think that in general a reasonable expectations test is not the proper gloss on subsection (a)(4) and we reject it. However useful a reasonable expectations test might be in other contexts where there may be a common understanding underpinning the notion, cf. Terry v. Ohio, 392 U.S. 1, 9, 20 L. Ed. 2d 889, 88 S. Ct. 1868 (1968) (Fourth Amendment), its use in this context is neither prescribed by the statute nor prudentially sound.

Our basis for this view is not, as some have urged, that there is a "presumption" of open access to Internet information. The CFAA, after all, is primarily a statute imposing limits on access and enhancing control by information providers. Instead, we think that the public website provider can easily spell out explicitly what is forbidden and, consonantly, that nothing justifies putting users at the mercy of a highly imprecise, litigation-spawning standard like "reasonable expectations." If EF wants to ban scrapers, let it say so on the webpage or a link clearly marked as containing restrictions.

This case itself illustrates the flaws in the "reasonable expectations" standard. Why should the copyright symbol, which arguably does not protect the substantive information anyway, Feist Publ'ns, Inc. v. Rural Tel. Serv. Co., 499 U.S. 340, 344-45, 113 L. Ed. 2d 358, 111 S. Ct. 1282 (1991), or the provision of page-by-page access for that matter, be taken to suggest that downloading information at higher speed is forbidden. EF could easily include--indeed, by now probably has included--a sentence on its home page or in its terms of use stating that "no scrapers may be used," giving fair warning and avoiding time-consuming litigation about its private, albeit "reasonable," intentions.

Needless to say, Zefer can have been in no doubt that EF would dislike the use of the scraper to construct a database for Explorica to undercut EF's prices; but EF would equally have disliked the compilation of such a database manually without the use of a scraper tool. EF did not purport to exclude competitors from looking at its website and any such limitation would raise serious public policy concerns. Cf. Food Lion, Inc. v. Capital Cities/ABC, Inc., 194 F.3d 505, 516-18 (4th Cir. 1999); Desnick v. Am. Broad. Cos., 44 F.3d 1345, 1351 (7th Cir. 1995).

[W]e conclude that the district court's rationale does not support an independent preliminary injunction against Zefer, [but] there is no apparent reason to vacate the present injunction "as against Zefer." Despite being a party to the case, Zefer is not named in the ordering language of the injunction; it is merely precluded, like anyone else with notice, from acting in concert with, on behalf of, or at the direction of Explorica to use the scraper to access EF's information.  

…[F]or future litigation among other litigants in this circuit [we] indicate that, with rare exceptions, public website providers ought to say just what non-password protected access they purport to forbid.

Computer Fraud and Abuse Act (CFAA), 18 USCS § 1030 (2005)


§ 1030.  Fraud and related activity in connection with computers

(a) Whoever--
   (1) having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph (y) of section 11 of the Atomic Energy Act of 1954 [42 USCS § 2014(y)], with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it;
   (2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains--
      (A) information contained in a financial record of a financial institution, or of a card issuer as defined in section 1602(n) of title 15, or contained in a file of a consumer reporting agency on a consumer, as such terms are defined in the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.);
      (B) information from any department or agency of the United States; or
      (C) information from any protected computer if the conduct involved an interstate or foreign communication;
   (3) intentionally, without authorization to access any nonpublic computer of a department or agency of the United States, accesses such a computer of that department or agency that is exclusively for the use of the Government of the United States or, in the case of a computer not exclusively for such use, is used by or for the Government of the United States and such conduct affects that use by or for the Government of the United States;
   (4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $ 5,000 in any 1-year period;
   (5) (A) (i) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
         (ii) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or
         (iii) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage; and
      (B) by conduct described in clause (i), (ii), or (iii) of subparagraph (A), caused (or, in the case of an attempted offense, would, if completed, have caused)--
         (i) loss to 1 or more persons during any 1-year period (and, for purposes of an investigation, prosecution, or other proceeding brought by the United States only, loss resulting from a related course of conduct affecting 1 or more other protected computers) aggregating at least $ 5,000 in value;
         (ii) the modification or impairment, or potential modification or impairment, of the medical examination, diagnosis, treatment, or care of 1 or more individuals;
         (iii) physical injury to any person;
         (iv) a threat to public health or safety; or
         (v) damage affecting a computer system used by or for a government entity in furtherance of the administration of justice, national defense, or national security;
   (6) knowingly and with intent to defraud traffics (as defined in section 1029) in any password or similar information through which a computer may be accessed without authorization, if--
      (A) such trafficking affects interstate or foreign commerce; or
      (B) such computer is used by or for the Government of the United States; [or]
   (7) with intent to extort from any person any money or other thing of value, transmits in interstate or foreign commerce any communication containing any threat to cause damage to a protected computer;
 

shall be punished as provided in subsection (c) of this section.
 

(b) Whoever attempts to commit an offense under subsection (a) of this section shall be punished as provided in subsection (c) of this section.
 

(c) The punishment for an offense under subsection (a) or (b) of this section is--
   (1) (A) a fine under this title or imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(1) of this section which does not occur after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; and
      (B) a fine under this title or imprisonment for not more than twenty years, or both, in the case of an offense under subsection (a)(1) of this section which occurs after a conviction for another offense under this section; or an attempt to commit an offense punishable under this subparagraph;
   (2) (A) except as provided in subparagraph (B), a fine under this title or imprisonment for not more than one year, or both, in the case of an offense under subsection (a)(2), (a)(3), (a)(5)(A)(iii), or (a)(6) of this section which does not occur after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph;
      (B) a fine under this title or imprisonment for not more than 5 years, or both, in the case of an offense under subsection (a)(2), or an attempt to commit an offense punishable under this subparagraph, if--
         (i) the offense was committed for purposes of commercial advantage or private financial gain;
         (ii) the offense was committed in furtherance of any criminal or tortious act in violation of the Constitution or laws of the United States or of any State; or
         (iii) the value of the information obtained exceeds $ 5,000; and
      (C) a fine under this title or imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(2), (a)(3) or (a)(6) of this section which occurs after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph;
   (3) (A) a fine under this title or imprisonment for not more than five years, or both, in the case of an offense under subsection (a)(4) or (a)(7) of this section which does not occur after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; and
      (B) a fine under this title or imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(4), (a)(5)(A)(iii), or (a)(7) of this section which occurs after a conviction for another offense under this section, or an attempt to commit an offense punishable under this section;
   (4) (A) except as provided in paragraph (5), a fine under this title, imprisonment for not more than 10 years, or both, in the case of an offense under subsection (a)(5)(A)(i), or an attempt to commit an offense punishable under that subsection;
      (B) a fine under this title, imprisonment for not more than 5 years, or both, in the case of an offense under subsection (a)(5)(A)(ii), or an attempt to commit an offense punishable under that subsection;
      (C) except as provided in paragraph (5), a fine under this title, imprisonment for not more than 20 years, or both, in the case of an offense under subsection (a)(5)(A)(i) or (a)(5)(A)(ii), or an attempt to commit an offense punishable under either subsection, that occurs after a conviction for another offense under this section; and
   (5) (A) if the offender knowingly or recklessly causes or attempts to cause serious bodily injury from conduct in violation of subsection (a)(5)(A)(i), a fine under this title or imprisonment for not more than 20 years, or both; and
      (B) if the offender knowingly or recklessly causes or attempts to cause death from conduct in violation of subsection (a)(5)(A)(i), a fine under this title or imprisonment for any term of years or for life, or both.
 

(d)
   (1) The United States Secret Service shall, in addition to any other agency having such authority, have the authority to investigate offenses under this section.
   (2) The Federal Bureau of Investigation shall have primary authority to investigate offenses under subsection (a)(1) for any cases involving espionage, foreign counterintelligence, information protected against unauthorized disclosure for reasons of national defense or foreign relations, or Restricted Data (as that term is defined in section 11y of the Atomic Energy Act of 1954 (42 U.S.C. 2014(y)), except for offenses affecting the duties of the United States Secret Service pursuant to section 3056(a) of this title [18 USCS § 3056(a)].
   (3) Such authority shall be exercised in accordance with an agreement which shall be entered into by the Secretary of the Treasury and the Attorney General.
 

(e) As used in this section--
   (1) the term "computer" means an electronic, magnetic, optical, electrochemical, or other high speed data processing device performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device, but such term does not include an automated typewriter or typesetter, a portable hand held calculator, or other similar device;
   (2) the term "protected computer" means a computer--
      (A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or
      (B) which is used in interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;
   (3) the term "State" includes the District of Columbia, the Commonwealth of Puerto Rico, and any other commonwealth, possession or territory of the United States;
   (4) the term "financial institution" means--
      (A) an institution, with deposits insured by the Federal Deposit Insurance Corporation;
      (B) the Federal Reserve or a member of the Federal Reserve including any Federal Reserve Bank;
      (C) a credit union with accounts insured by the National Credit Union Administration;
      (D) a member of the Federal home loan bank system and any home loan bank;
      (E) any institution of the Farm Credit System under the Farm Credit Act of 1971;
      (F) a broker-dealer registered with the Securities and Exchange Commission pursuant to section 15 of the Securities Exchange Act of 1934 [15 USCS § 78o];
      (G) the Securities Investor Protection Corporation;
      (H) a branch or agency of a foreign bank (as such terms are defined in paragraphs (1) and (3) of section 1(b) of the International Banking Act of 1978 [12 USCS § 3101(1) and (3)]); and
      (I) an organization operating under section 25 or section 25(a) of the Federal Reserve Act;
   (5) the term "financial record" means information derived from any record held by a financial institution pertaining to a customer's relationship with the financial institution;
   (6) the term "exceeds authorized access" means to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter;
   (7) the term "department of the United States" means the legislative or judicial branch of the Government or one of the executive department enumerated in section 101 of title 5;
   (8) the term "damage" means any impairment to the integrity or availability of data, a program, a system, or information;
   (9) the term "government entity" includes the Government of the United States, any State or political subdivision of the United States, any foreign country, and any state, province, municipality, or other political subdivision of a foreign country;
   (10) the term "conviction" shall include a conviction under the law of any State for a crime punishable by imprisonment for more than 1 year, an element of which is unauthorized access, or exceeding authorized access, to a computer;
   (11) the term "loss" means any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service; and
   (12) the term "person" means any individual, firm, corporation, educational institution, financial institution, governmental entity, or legal or other entity.
 

(f) This section does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States.
 

(g) Any person who suffers damage or loss by reason of a violation of this section may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief. A civil action for a violation of this section may be brought only if the conduct involves 1 of the factors set forth in clause (i), (ii), (iii), (iv), or (v) of subsection (a)(5)(B). Damages for a violation involving only conduct described in subsection (a)(5)(B)(i) are limited to economic damages. No action may be brought under this subsection unless such action is begun within 2 years of the date of the act complained of or the date of the discovery of the damage. No action may be brought under this subsection for the negligent design or manufacture of computer hardware, computer software, or firmware.
 

(h) The Attorney General and the Secretary of the Treasury shall report to the Congress annually, during the first 3 years following the date of the enactment of this subsection [enacted Sept. 13, 1994], concerning investigations and prosecutions under subsection (a)(5).

CAN-SPAM Act of 2003, S.877, 108th Congress

One Hundred Eighth Congress

of the

United States of America

AT THE FIRST SESSION

Begun and held at the City of Washington on Tuesday,

the seventh day of January, two thousand and three

An Act

To regulate interstate commerce by imposing limitations and penalties on the transmission of unsolicited commercial electronic mail via the Internet.

SECTION 1. SHORT TITLE.

SEC. 2. CONGRESSIONAL FINDINGS AND POLICY.

SEC. 3. DEFINITIONS.

SEC. 4. PROHIBITION AGAINST PREDATORY AND ABUSIVE COMMERCIAL E-MAIL.

`Sec. 1037. Fraud and related activity in connection with electronic mail

`Sec.

SEC. 5. OTHER PROTECTIONS FOR USERS OF COMMERCIAL ELECTRONIC MAIL.

SEC. 6. BUSINESSES KNOWINGLY PROMOTED BY ELECTRONIC MAIL WITH FALSE OR MISLEADING TRANSMISSION INFORMATION.

SEC. 7. ENFORCEMENT GENERALLY.

SEC. 8. EFFECT ON OTHER LAWS.

SEC. 9. DO-NOT-E-MAIL REGISTRY.

SEC. 10. STUDY OF EFFECTS OF COMMERCIAL ELECTRONIC MAIL.

SEC. 12. RESTRICTIONS ON OTHER TRANSMISSIONS.

SEC. 13. REGULATIONS.

SEC. 14. APPLICATION TO WIRELESS.

SEC. 15. SEPARABILITY.

SEC. 16. EFFECTIVE DATE.

Speaker of the House of Representatives.

Vice President of the United States and

President of the Senate.