America Online, Inc. v. National Health Care Discount, Inc.

Raj PagariyaCase Summary

Treating violation of Terms of Service for sending unsolicited bulk emails (UBE) as "exceeding authorised access" under CFAA

America Online, Inc. v. National Health Care Discount, Inc.
174 F.Supp.2d 890
In the United States District Court for the Northern District of Iowa
Case Number C98-4111-PAZ
Before Magistrate Judge Paul A. Zoss
Decided on August 20, 2001

Relevancy of the Case: Treating violation of Terms of Service for sending unsolicited bulk emails (UBE) as “exceeding authorised access” under CFAA

Statutes and Provisions Involved

  • The Computer Fraud and Abuse Act, 18 U.S.C. § 1030
  • Virginia Computer Crimes Act, § 18.2-152.1
  • Iowa Computer Crimes Act, Iowa Code Chapter 716A

Relevant Facts of the Case

  • The plaintiff, America Online (AOL), is an internet service provider providing various computer-related services, such as email. The defendant, National Health Care Discount (NHCD), sells discount optical and dental service plans.
  • Individuals acting on the defendant’s behalf sent a large number of unsolicited email messages to internet users. The plaintiff undertook extensive efforts to block such messages, and a significant percentage of messages were eventually delivered.
  • The plaintiff approached the court with a seven-count complaint and prayed for compensatory and statutory damages, punitive damages, and preliminary and permanent injunctive relief.
  • The defendant, in response, denied liability on all counts and asserted nine affirmative defences. Moreover, it filed a counterclaim along with its answer.
  • Between 1997 and 1999, NHDC hired the services of over 20 emailers to generate leads. While some worked directly with the defendant, others worked through Dayton. Dayton was initially contacted by a vice president of the defendant company to explore whether commercial email could generate leads for NHCD.
  • In July 1998, AOL, through its attorney, sent a letter to the defendant. This cease and desist letter sought to prohibit the defendant from using the AOL service to send unsolicited bulk emails (UBE). It noted that the service provider has received numerous complaints, followed by various fraudulent practices.
  • NHCD replied to this letter, stating that it bought leads from independent contractors. While it could not restrict their procured leads, it would share this letter with its contractors.
  • On August 13, 1998, the plaintiff wrote another letter to the defendant to identify the parties involved in UBE and share a copy of the defendant’s policy on spam. The defendant did not respond to this notice.
  • On April 16, 1999, the parties consented to jurisdiction over this case by a US Magistrate Judge.

Prominent Arguments by the Counsels

  • The plaintiff argues that the total number of UBEs sent on the defendant’s behalf can be calculated from the number of leads generated or the number of complaints received by AOL. There is sufficient evidence in this case to establish the defendant’s liability under Section 1030 (a)(5) and 1030 (a)(2)(C) of CFAA.
  • The plaintiff’s counsel contended that the court should calculate damages at the rate an advertiser would be charged for a banner ad displayed on AOL email boxes.

Opinion of the Bench

  • The defendant’s executive was well aware of anti-spam efforts by ISPs. Yet, he pressured Dayton and other emailers to increase their production of email generated leads.
  • Approximately NHCD’s emailers sent 135 million pieces of UBEs to AOL users during the relevant period.
  • Emails acted on behalf of NHCD as its agents. Hence, NHCD will be liable to AOL for any damages awarded due to the acts of emailers.
  • There is no dispute that NHCD’s emails intentionally accessed AOL’s computers and intentionally caused the transmission of information. For the purpose of CFAA, AOL’s computers were protected computers. The defendant’s emailers exceeded authorised access by violating the Terms of Service.
  • The plaintiff’s civil conspiracy claim would fail as the court found the emailers to be NHCD’s agents.
  • If the court were to calculate damages based on the actual cost incurred by AOL, it would come out to be 78¢ per thousand emails. If the court prefers the plaintiff’s method, it would be $8.56 per thousand emails. Considering the circumstances, the court finds a rate of $2.50 per thousand emails appropriate.

Final Decision

  • The court awarded AOL actual damages of $319,500 and punitive damages of $100,000.
  • Further, the court passed a permanent injunction against the defendant, prohibiting it from using AOL services for emails and lead generation.