eLaws | Code of Federal Regulations | United States Code |
 All Courts
 Federal Courts
 US Federal District Court Cases
 District Court, N.D. California
 2023-12

Victim One v. Doe ( 2023 )


Menu:
  • 1 2 3 4 UNITED STATES DISTRICT COURT 5 NORTHERN DISTRICT OF CALIFORNIA 6 7 A PSEUDONYM VICTIM ONE, Case No. 23-cv-04610-KAW 8 Plaintiff, ORDER RE EX PARTE MOTION FOR 9 v. EXPEDITED DISCOVERY 10 JOHN DOE, Re: Dkt. No. 7 11 Defendant. 12 13 On September 7, 2023, Plaintiff filed the instant case against Doe Defendant, asserting 14 violations of the Computer Fraud and Abuse Act (“CFAA”). (Compl. at 1, Dkt. No. 1.) Plaintiff 15 alleges that on July 16, 2023, he received a notification from Truist Bank of an unauthorized 16 transfer of $2,000 from his bank account via ZellePay to “Mike.” (Compl. ¶¶ 9-10.) When 17 investigating the unauthorized transfer, Plaintiff discovered that Doe Defendant unlawfully 18 accessed his @juno.com account to reset and modify the password to Plaintiff’s @yahoo.com 19 account, which Doe Defendant then used to unlawfully access and modify Plaintiff’s Truist Bank 20 account. (Compl. ¶ 11.) Plaintiff alleges that Doe Defendant also allegedly accessed and 21 compromised Plaintiff’s @outlook.com account using an unfamiliar computer from an unfamiliar 22 location, as well as Plaintiff’s @yahoo.com account using an unfamiliar computer with an 23 unfamiliar Internet Protocol address. (Compl. ¶¶ 15(d), (g).) Additionally, Doe Defendant 24 allegedly used information from the compromised @juno.com, @yahoo.com, and @outlook.com 25 e-mails to try to unlawfully access other accounts of Plaintiff, as well as to create new accounts 26 purporting to be Plaintiff’s. (Compl. ¶ 20.) 27 On October 19, 2023, Plaintiff filed the instant ex parte motion for expedited discovery, 1 Corporation, Early Warning Services, LLC (“Zelle”), United Online (“Juno”), and Microsoft 2 Corporation. (Pl.’s Mot. at 2, Dkt. No. 7.) The Court deemed this matter suitable for disposition 3 without a hearing pursuant to Civil Local Rule 7-1(b), and VACATED the December 7, 2023 4 hearing. 5 The Court finds Plaintiff has failed to demonstrate that he is entitled to early discovery. In 6 general, Federal Rule of Civil Procedure 26(d)(1) permits a court to authorize early discovery if 7 there is good cause. Further: 8 In determining whether there is good cause to allow expedited discovery to identify anonymous internet users named as doe 9 defendants, courts consider whether: (1) the plaintiff can identify the missing party with sufficient specificity such that the Court can 10 determine that defendant is a real person or entity who could be sued in federal court; (2) the plaintiff has identified all previous steps 11 taken to locate the elusive defendant; (3) the plaintiff's suit against defendant could withstand a motion to dismiss; and (4) the plaintiff 12 has demonstrated that there is a reasonable likelihood of being able to identify the defendant through discovery such that service of 13 process would be possible. 14 OpenMind Sols., Inc. v. Doe, No. C 11-3311 MEJ, 2011 U.S. Dist. LEXIS 116552, at *3 (N.D. 15 Cal. Oct. 7, 2011). 16 First, Plaintiff fails to identify Doe Defendant “with sufficient specificity, demonstrating 17 that each Defendant is a real person or entity who would be subject to jurisdiction in this Court.” 18 OpenMind Sols., Inc., 2011 U.S. Dist. LEXIS 116552, at *5. Specifically, Plaintiff has not 19 explained why Doe Defendant would be subject to the jurisdiction of this Court, as Doe 20 Defendant’s activities seem directed at Plaintiff, who does not appear to reside in California. (See 21 Pl.’s Mot. at 3 (stating that while “Plaintiff is an American citizen, Plaintiff’s current country of 22 residence, unfortunately, is subject to rampant violence”).) Plaintiff asserts that the Court would 23 have jurisdiction over Doe Defendant because Doe Defendant unlawfully accessed Plaintiff’s 24 @yahoo.com account using a gmail.com account, and that the @yahoo.com and @gmail.com 25 accounts are hosted and maintained in California. (Id. at 8.) Plaintiff cites no authority showing 26 that this is sufficient to create jurisdiction; indeed, this would suggest that any case involving the 27 use of a @yahoo.com or @gmail.com account would give rise to jurisdiction in the Northern 1 2017 U.S. Dist. LEXIS 8374, at *6-7 (N.D. Cal. Jan. 20, 2017) (rejecting argument that the use of 2 a @gmail.com account created personal jurisdiction in California, and noting that under such a 3 theory “every one of Gmail’s one billion users . . . would be subject to personal jurisdiction in 4 California based solely on their e-mail activity”); Kazakhstan v. Ketebaev, No. 17-CV-00246- 5 LHK, 2017 U.S. Dist. LEXIS 211198, at *19 (N.D. Cal. Dec. 21, 2017) (finding no personal 6 jurisdiction where the defendant was alleged to have hacked Gmail accounts). 7 Second, it is not clear to the Court that Plaintiff’s claim will withstand a motion to dismiss. 8 Plaintiff brings a single claim under the CFAA, alleging that Doe Defendant has either violated § 9 1030(a)(2)(C) (accessing a computer without authorization to obtain information from a protected 10 computer), § 1030(a)(4) (accessing a protected computer without authorization to commit fraud 11 and obtain anything of more than $5,000 value), or § 1030(a)(6)(A) (trafficking in passwords 12 through which a computer may be accessed without authorization if such trafficking affects 13 interstate or foreign commerce). 14 The Supreme Court has explained that the CFAA prohibits actual damage or impairment of 15 a protected computer, such as the corruption of files. Van Buren v. United States, 141 S. Ct. 1648, 16 1660 (2021) (“The statutory definitions of ‘damage’ and ‘loss’ thus focus on technological 17 harms—such as the corruption of files—of the type unauthorized users cause to computer systems 18 and data.”). Likewise, the Ninth Circuit has found that “the CFAA’s prohibition on accessing a 19 computer ‘without authorization’ is violated when a person circumvents a computer’s generally 20 applicable rules regarding access permissions, such as username and password requirements to 21 gain access to a computer.” hiQ Labs, Inc. v. LinkedIn Corp., 31 F.4th 1180, 1200 (9th Cir. 2022). 22 Here, the crux of Plaintiff’s claim is that Doe Defendant improperly accessed his various 23 accounts. (See Compl. ¶¶ 15-17.) While Plaintiff alleges that Doe Defendant obtained personal 24 and financial information from his computers, such allegations are conclusory; indeed, all of the 25 specific factual allegations make clear that Doe Defendant was hacking into and compromising 26 Plaintiff’s @juno.com account, @yahoo.com account, @outlook.com account, and Truist Bank 27 account,, resetting passwords and using “unfamiliar computers” to log in to the accounts. (See 1 Defendant accessed private data and personal identifying information from the Truist bank 2 || account and Plaintiffs cloud storage tied to his @outlook.com account, and that Doe Defendant 3 || continues to use “Plaintiffs identification information and data found within the compromised 4 @juno.com, @yahoo.com, and @outlook.com accounts to attempt to unlawfully access other 5 accounts of Plaintiff.” (Compl. {fj 15(k), 18, 20.) Thus, it is unclear that Doe Defendant has 6 || tmproperly accessed Plaintiff's computer, rather than accessing his accounts using unknown 7 || computers. Absent specific factual allegations of access to Plaintiff's computer or legal authority 8 that access to accounts is sufficient to constitute a violation of the CFAA, the Court cannot find 9 || that Plaintiffs claim could withstand a motion to dismiss. 10 Accordingly, the Court DENIES Plaintiff's motion without prejudice. 11 IT IS SO ORDERED. = 12 || Dated: December 20, 2023 . 14 United States Magistrate Judge 2 16 1g 19 20 21 22 23 24 25 26 27 28
Leave a Comment

Document Info

Docket Number: 4:23-cv-04610

Filed Date: 12/20/2023

Precedential Status: Precedential

Modified Date: 6/20/2024