Butera & Andrews v. International Business MacHines Corp.

456 F. Supp. 2d 104, 2006 U.S. Dist. LEXIS 75570, 2006 WL 2971107
CourtDistrict Court, District of Columbia
DecidedOctober 18, 2006
DocketCivil Action 1:06-CV-647 (RBW)
StatusPublished
Cited by11 cases

This text of 456 F. Supp. 2d 104 (Butera & Andrews v. International Business MacHines Corp.) is published on Counsel Stack Legal Research, covering District Court, District of Columbia primary law. Counsel Stack provides free access to over 12 million legal documents including statutes, case law, regulations, and constitutions.

Bluebook
Butera & Andrews v. International Business MacHines Corp., 456 F. Supp. 2d 104, 2006 U.S. Dist. LEXIS 75570, 2006 WL 2971107 (D.D.C. 2006).

Opinion

MEMORANDUM OPINION

WALTON, District Judge.

Butera & Andrews (“the plaintiff’) brings this action against International Business Machines Corporation (“IBM”) and an unidentified John Doe defendant, seeking monetary damages and injunctive relief for alleged interference with the plaintiffs computer records in violation of the Computer Fraud and Abuse Act (“Computer Fraud Act”), 18 U.S.C. §§ 1030(a)(2), (a)(5) (2000), the Stored Wire and Electronic Communications Act (“Stored Wire Act”), 18 U.S.C. §§ 2701(a), 2707(a) (2000), and the Federal Wiretap Act, 18 U.S.C.A. §§ 2511(l)(a)-(b) (2002). Complaint (“Compl.”) ¶¶ 15-20. The plaintiff contends that the alleged viola *106 tions were committed “with IBM owned or operated equipment and were directed by IBM employees or agents.” Id. ¶¶ 16, 18, 20. The plaintiff asks that “all information illicitly obtained from [the] plaintiff be returned,” id. at 9-10, and that the defendants pay the plaintiff for its damages, “including damages for items illicitly taken, the costs of investigation, the cost of additional security measures, statutory damages and attorney’s fees for this action,” id. at 10. Currently before the Court is IBM’s motion to dismiss for failure to state a claim (“Defs Mot.”). 1 For the reasons set forth below, the Court grants IBM’s motion.

I. Background

The plaintiff, a law firm located in the District of Columbia, alleges the following facts in support of its claims. Compl. ¶ 1. As part of its business activities, the plaintiff “makes extensive use of electronic mail [‘e-mail’] to communicate with clients and others on behalf of clients.” Id. ¶ 6. Sometime in October or November of 2005, the plaintiff became aware of certain facts suggesting that its e-mail server “had been compromised by unauthorized parties.” Id. ¶ 7. To look into the matter, the plaintiff retained a private investigative firm specializing in computer forensics and security. Id. ¶ 8. A security review conducted by this firm revealed that “unauthorized personnel” had penetrated the plaintiffs e-mail server and left a series of instructions “which permitted [computer hackers] to enter the system surreptitiously” and download documents from the server. Id. ¶ 9.

On November 8, 2005, the firm monitored an attempt by an unauthorized party to obtain access to the plaintiffs e-mail server. 2 Id. ¶ 11. While the attempt was unsuccessful, the firm was able to determine that it originated from a specific Internet Protocol (“IP”) address. Id. An IP address is a “unique identifying number for a particular computer” that “serve[s] as locational information for the receipt and transmission of information over the [I]ntemet.” Id. ¶ 10. According to the plaintiff, the IP address involved in the alleged November 8th attack on its server was “registered to the [defendant IBM and ... located at the IBM facility on Cornwallis Road in Durham, North Carolina.” Id. ¶ 11.

The security firm allegedly found evidence of other attacks as well. From November 12, 2005, to November 25, 2005, a computer maintained by the firm’s investigators was allegedly subjected to multiple “denial of service” attacks, all “originating] from IP addresses which are registered to the [Durham] IBM facility.” Id. ¶ 12. The plaintiff also alleges that the firm’s “review of computer logs for a client of [the plaintiff] revealed over 42,000 attempts by 80 different IP addresses registered to the IBM Durham controlled machines to penetrate the [client’s] internal computer server during the twelve-month *107 period beginning on January 1, 2005.” 3 Id. ¶ 13. The plaintiff does not contend that its servers, or those of its clients or the security firm, have been the subject of any attacks since January 1, 2006.

On April 7, 2006, the plaintiff initiated this action against IBM and the John Doe defendant, identified as “a person who is employed by Defendant IBM at its Durham, North Carolina facility,” id. ¶ 3, alleging violations of the Computer Fraud Act, the Stored Wire Act, and the Federal Wiretap Act resulting from the above-mentioned attacks, id. ¶¶ 15-20. Significantly, the plaintiff does not allege that defendant IBM orchestrated, authorized, or was otherwise aware of these attacks. See id. ¶ 16 (alleging that the violations were committed by “a person or persons whose identity is unknown at this time”). Rather, the plaintiff claims “upon information and belief’ that “[djefendant John Doe, in his capacity as IBM employee or agent, initiated, directed and managed” all attacks from January 2005 onward “from the Durham, North Carolina [IBM] facility,” id. ¶¶ 11,12, 13, and contends that the attacks “were made with IBM owned or operated equipment and were directed by IBM employees or agents,” id. ¶¶ 16, 18. 4 The plaintiff seeks monetary damages, including the $60,000 it has allegedly “expended ... in the investigation, surveillance, and repair of its e-mail systems,” id. at 9, as well as injunctive relief (1) “ordering-... IBM and any of its officers, agents, servants, employees and other persons in active concert or participation with any of them to cease violations of statutory and common law”; (2) “requiring the return of all information illicitly obtained from [the] plaintiff that resides in any of the computer equipment ... owned or maintained by ... IBM”; and (3) “directing the disclosure of information under [IBM’s] control which may reflect on who may have caused the placement of unauthorized code, unauthorized entries, denial of service attacks and theft of electronic information,” id. at 9-10.

IBM now moves to dismiss the complaint, arguing that “[the] plaintiffs legal theory against [it] is fatally flawed as a matter of law.” Def.’s Mot. at 2. Specifically, IBM contends, inter alia, that “[the][p]laintiff fails to allege that IBM acted ‘intentionally’ as that term is intended under the operable statutes, and in fact makes allegations that are entirely inconsistent with intentional conduct on the part of IBM.” Id. In response, the plaintiff argues (1) that IBM’s motion is properly *108 resolved as a matter of summary judgment rather than pursuant to a motion to dismiss under Federal Rule of Civil Procedure 12(b)(6); (2) that it has alleged sufficient facts to support its statutory causes of action against IBM; and (3) that limited, expedited discovery is necessary to resolve the issues raised by IBM. Pl.’s Opp. at 1.

Free access — add to your briefcase to read the full text and ask questions with AI

Related

Veksler v. Wipro, LLC
Second Circuit, 2025
Stultz v. Hp Enterprise Services, LLC
270 F. Supp. 3d 10 (District of Columbia, 2017)
Attkisson v. Holder
113 F. Supp. 3d 156 (District of Columbia, 2015)
Murphy v. Spring
58 F. Supp. 3d 1241 (N.D. Oklahoma, 2014)
Borchers v. PROVINCE OF SACRED HEART, INC.
962 N.E.2d 29 (Appellate Court of Illinois, 2012)
Acosta Orellana v. CROPLIFE INTERN.
711 F. Supp. 2d 81 (District of Columbia, 2010)
Hecht v. Components International, Inc.
22 Misc. 3d 360 (New York Supreme Court, 2008)
Bailey v. United States Marshal Service
584 F. Supp. 2d 128 (District of Columbia, 2008)
Cardinal Health 414, Inc. v. Adams
582 F. Supp. 2d 967 (M.D. Tennessee, 2008)

Cite This Page — Counsel Stack

Bluebook (online)
456 F. Supp. 2d 104, 2006 U.S. Dist. LEXIS 75570, 2006 WL 2971107, Counsel Stack Legal Research, https://law.counselstack.com/opinion/butera-andrews-v-international-business-machines-corp-dcd-2006.