Default judgment entered for Criagslist on the CFAA

Craigslist, Inc. v. Naturemarket, Inc., 2010 WL 807446, *12 (N.D. Ca., March 5, 2010) entered a default judgment in favor of Craigslist for, among other things, a violation of the Computer Fraud and Abuse Act.

The court held that the defendants’ access to the Craigslist Web site was unauthorized under the CFAA because the defendants violated the Web site’s Terms of Use (“TOU”). Specifically, the Craigslist TOU “expressly prohibits users from engaging in repeated postings of similar content, posting ads on behalf of others, gaining unauthorized access to Plaintiff’s computer systems, and using automated posting devices or computer programs that enable the submission of postings on craigslist.com without each posting being manually entered by the author thereof, including the use of any such automated posting device to submit postings in bulk for automatic submission of postings at regular intervals.” Id. at *3.

In violation of that TOU the “Defendants developed, advertised, and sold software to automate posting ads on craigslist.com, services to post ads for customers, programs to gather craigslist user email addresses from the craigslist website, and systems to circumvent Plaintiff’s security measures.” This software “allows users to post ads automatically to the craigslist website in whatever quantity, frequency, and location the user wishes, in direct violation of the TOUs.” Id. at *4.

The court granted Craigslist a permanent injunction enjoining the defendants from “manufacturing, developing, creating, adapting, modifying, exchanging, offering, distributing, selling, providing, importing, trafficking in” the software and $840,000 in liquidated damages under the Terms of Use Agreements.

The full opinion of the Magistrate Judge relating to the CFAA which was adopted by the federal district court judge is as follows:

Plaintiff’s third claim is for violation of the federal Computer Fraud and Abuse Act, 18 U.S.C. § 1030. [FN2] To state a claim under § 1030(a)(5)(B) and (C), Plaintiff must allege that Defendants intentionally accesses a protected computer without authorization, and as a result of such conduct, caused damage or recklessly caused damage or loss. [FN3]

FN2. Public Law 110-326, § 204(a)(1), § 1030(a)(5)(A)(ii) and (iii), which Plaintiff cites to in its First Amended Complaint and Proposed Findings of Fact and Conclusions of Law, was amended to eliminate the subsections as well ast the $5,000 damages requirement.

FN3. Under the CFAA, a computer used in interstate commerce is defined as a “protected computer.” 18 U.S.C. § 1030(e)(2)(B).

Here, Plaintiff adequately pled a claim for violation of the CFAA. First, Plaintiff established that its computers were used in interstate commerce, and therefore qualify as protected computers under the CFAA. (Compl. ¶ 144; FAC ¶ 145.) Second, Plaintiff alleged that Defendants accessed its computers in violation of the TOUs, and therefore without authorization, for the purpose of employing, implementing and updating their AutoPoster Professional software. (Compl. ¶¶ 143-50; FAC ¶¶ 144-51.) Finally, Plaintiff sufficiently pled that the Defendants’ actions caused it to incur losses and damages. (Compl. ¶¶ 114, 115, 148; FAC ¶¶ 115, 116, 149.) Thus, the undersigned finds Plaintiff has sufficiently established its claim under the CFAA.