A federal court in the Northern District of California dismissed Computer Fraud and Abuse Act (“CFAA”), California Penal Code Section 502, and trespass to chattel claims against Apple Computer, Inc. arising out of its transmission of a software update that caused iPhones, which had been unlocked so they could be used with other service providers, to become unusable. In re Apple & ATTM Antitrust Litig. No. 07-05152 (N.D. Cal. July 8, 2010). This complete disabling of the iPhone has been termed “bricking.”
While Apple scored a victory in getting these three claims dismissed, the Plaintiffs scored a larger victory as the court granted class certification for the remaining claims as to “[a]ll persons who purchased or acquired an iPhone in the United States and entered into a two-year agreement with Defendant AT&T Mobility, LLC for iPhone voice and data service any time from June 29, 2007, to the present." The newly certified class action will address Plaintiffs’ claims arising out of the “bricking” allegations that Apple and AT&T Mobility secretly agreed to technologically restrict voice and data service to iPhones in the aftermarket for five years (three years beyond the two-year service agreement with AT&T Mobility), and that Apple monopolized the aftermarket for third-party software applications for the iPhone.
The court addressed the CFAA, California Penal Code (“CPC”) § 502, and trespass to chattels claims together because Apple asserted that no Plaintiff was damaged by the “bricking” that resulted when upgraded software (1.1.1 Software) was installed on unlocked iPhones. In so doing the court first summarized the applicable law as to each cause of action and then addressed the elements of damages, intentional acts, and authorization, finding that Plaintiffs failed to establish each of those required elements.
Trespass to Chattels:
In California, a trespass to chattels claim requires “actual harm” and “lies where an intentional interference with the possession of personal property has proximately caused injury.” Intel Corp. v. Hamidi, 30 Cal. 4th 1342, 1350-51 (2003) (emphasis omitted) (internal quotation marks and citation omitted).
Computer Fraud and Abuse Act:
The CFAA creates liability for “knowingly caus[ing] the transmission of a program, information, code, or command, and as a result of such conduct, intentionally caus[ing] damage without authorization, to a protected computer.” 18 U.S.C. § 1030(a)(5)(A).
The term “damage” means “any impairment to the integrity or availability of data, a program, a system, or information.” Id. § 1030(e)(8). A plaintiff must also demonstrate that the defendant’s action caused over $5,000 in damage over a one-year period. Id. § 1030(a)(4). Plaintiffs may aggregate individual damages over the putative class to meet the damages threshold. In re Toys R Us, Inc., Privacy Litig., No. 00-cv-2746, 2001 WL 34517252 at *11 (N.D. Cal. Oct. 9, 2001).
California Penal Code § 502:
CPC § 502 permits an action against an individual who “[k]nowingly accesses and without permission adds, alters, damages, deletes, or destroys any data, computer software, or computer programs which reside or exist internal or external to a computer.” CPC § 502(c)(4). Additionally, the CPC allows an action against an individual who “[k]nowingly introduces any computer contaminant into any computer, computer system, or computer network.” Id. § 502(c)(8). Under the CPC, a “computer contaminant” is defined as “computer instructions that are designed to . . . damage [a computer] . . . without the intent or permission of the owner.” Id. § 502(b)(10).
The court then found three separate reasons for dismissing the three causes of action.
Damages: A temporary loss of personal use does not constitute damage, and while destruction of third-party applications was a viable theory of damages, Plaintiffs failed to provide evidence of actual damage.
Apple conceded that there were allegations that third-party applications were erased when the iPhone’s were bricked, and that these allegations were sufficient to put Apple on notice that destruction of third-party applications could provide a theory of injury. The court then looked to the evidence of injury that was actually plead by Plaintiffs and adduced during discovery. It found that Plaintiffs had not produced sufficient evidence of injury because they had admitted that they weren’t injured, and that they had received free replacement phones within a few days after installing the 1.1.1. Software. The court found that the temporary loss of use of a personal phone is not a “substantial” or “measurable” amount as required in Hamidi. It also disregarded the temporary loss of use as sufficient for showing harm in the context of the CFAA or CPC.
When considering whether the deletion of third-party applications caused injury, the court noted that there was no evidence that any of the three named plaintiffs had suffered an actual injury. For one of the Plaintiffs, there was no evidence that he had paid for any third-party applications. Another plaintiff had kept a backup copy on his computer. And the third had deleted many of his third-party applications prior to downloading the 1.1.1 Software.
Intentional Acts: Apple did not intend to damage Plaintiffs’ iPhones.
Even if Plaintiffs could establish standing by showing damage, the court found that Plaintiffs had not produced sufficient evidence to show that Apple intended to damage Plaintiffs’ iPhones because there was no evidence that Apple had designed the 1.1.1 Software to “brick” iPhones.
Unauthorized Access: Voluntary installation of a software update was not unauthorized access.
Finally, the court noted that installing the 1.1.1 Software was voluntary, that the voluntary installation ran counter to the notion of a trespass and that the download did not qualify as unauthorized access under the CFAA or as without permission under the CPC.