DPA also failed to adequately plead that the losses described above were incurred within a 1-year period, as required by the statute. See § 1030(c)(4)(A)(i)(I). The Amended Complaint was filed on October 26, 2016, almost three years after the alleged damage occurred.

Oracle has not Sufficiently Pled “Damage” or “Loss” Under the CFAA To bring a civil claim under the CFAA, a “damage” or “loss” must be alleged: Any person who suffers damage or loss by reason of a violation of this section may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief. 18 U.S.C. §1030 (g). Oracle has failed to articulate any facts regarding the requisite damage or loss.

18 U.S.C. § 1957(c) (2008). Goddard does not have to show that Google knew that the fraudulent mobile content providers’ payments were specifically derived from violations of 18 U.S.C. § 1030, only that they were “criminally derived.” 18 U.S.C. § 1957(a) (2008).

would make the tail of the statute (the jurisdictional “loss” requirement) wag the dog. After all, Section 1030(a)(4) makes it unlawful to: knowingly and with intent to defraud, access[] a protected computer without authorization, or exceed[] authorized access, and by means of such conduct further[] the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period. This language – which explains exactly what the unlawful conduct giving rise to a claim is – is predicated on unauthorized access to a protected computer (i.e., one used in interstate commerce,

See Computer Fraud and Abuse Act of 1986, Pub. L. No. 99–474, § 2(b)(1), 100 Stat 1213, 1213 (codified as amended at 18 U.S.C. § 1030(a)(3)) (emphasis added). Under this language, a janitor employed by the IRS arguably was free to hack into the national tax return database and download Case 1:12-cr-00847-PGG Document 179 Filed 06/17/13 Page 17 of 20 -13- Congress made clear in the committee report that its reason for amending the statute was precisely to prevent prosecutions like this one.

2. The Tracking Defendants accessed Plaintiffs’ iDevices “without authorization” or “exceeded authorized access” to those devices The CFAA defines “exceeds authorized access” as “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.” 18 U.S.C. § 1030(e)(6). Even when narrowly interpreted, “an ‘exceeds authorized access’ violation occurs when initial access to a protected computer is permitted but the access of certain information is not permitted.” Shamrock Foods, 535 F. Supp. 2d at 962.

Damage means “any impairment to the integrity or availability of data, a program, a system, or information.” 18 U.S.C. §1030(e)(8) (emphasis supplied). The facts show at least 14 The CFAA evidence described in Sections IV.A.

Civil claims under the CFAA must be brought within two years of “the date of the act complained of or the date of the discovery of the damage.” 18 U.S.C.A. § 1030(g), (e)(8). The conduct giving rise to Reis’ CFAA claims is Defendants’ alleged unauthorized use of the Lederman Account.

Like the CFAA, Section 502 was enacted to prevent the knowing unauthorized access of computer systems and theft or alteration of computer data and has no applicability here. See People v. Gentry, 234 Cal. App. 3d 131, 141 n.8 (1991). Section 502 permits civil suit if, and only if, a computer system is accessed “without permission” by an outsider who thereby causes the victim some “damage or loss.” Cal. Penal Code § 502(e); see also Cal. Penal Code §§ 502(c) & (b)(10). 5 Additionally, to the extent that Plaintiffs attempt to rely on subsection (a)(5)(A) of the CFAA, Plaintiffs have failed to allege that Defendants “caus[ed] damage” to their iOS Devices, much less that they did so “intentionally.” 18 U.S.C. § 1030(a)(5)(A). Case5:10-cv-05878-LHK Document145 Filed06/20/11 Page27 of 36 MOBILE INDUSTRY DEFENDANTS’ MOTION TO DISMISS Case No. 10-CV-05878 LHK (PSG) Gibson, Dunn & Crutcher LLP 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 21 Plaintiffs’ § 502 claim fails for the same reasons their CFAA claim does.

18 U.S.C. § 1957(c) (2008). Goddard does not have to show that Google knew that the fraudulent mobile content providers’ payments were specifically derived from violations of 18 U.S.C. § 1030, only that they were “criminally derived.” 18 U.S.C. § 1957(a) (2008).