Exhibit A - The Am Law Daily · 2010. 12. 9. · January 12, 2009 until March 25, 2009 (recorded...

Exhibit A

Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 1 of 99

Exhibit B (Filed Under Seal)


Exhibit C


,

IN THE MATTER OF UNIVERSITY SPORTS PUBLICATIONS, CO., INC., PLAINTIFF, VS. PLAYMAKERS MEDIA CO.; TERRY COLUMBUS; SHANE PITTA; AND DARNELL GENTLES, DEFENDANTS.

REPORT OF FINDINGS Prepared at the Direction of:

Dewey & LeBoeuf LLP Submitted by: Jeffrey G. Bolas Date: December 3, 2010


REPORT OF FINDINGS

TABLE OF CONTENTS

I. INTRODUCTION ........................................................................................................................ 1

II. BACKGROUND AND CREDENTIALS ...................................................................................... 1

III. ANALYSIS OF PROVIDED LAPTOP ......................................................................................... 2

A. Data Analyzed and Overview of Findings ............................................................................ 2 B. Date of First Use of Laptop .................................................................................................. 3 C. Period of Laptop Inactivity ................................................................................................... 5 D. Evidence of Activity After Supposed Secure Storage of Laptop ........................................... 5 E. System Configuration and Usage Pattern ............................................................................ 6

IV. ANALYSIS REGARDING REMOVABLE USB JUMP DRIVE .................................................... 9

V. COMPARISON OF HISTORICAL SALES RECORDS ............................................................. 11

A. The Playmakers Spreadsheet ........................................................................................... 12 B. The Area Retailers Spreadsheet ....................................................................................... 13 C. The USP Sales Management System ............................................................................... 14 D. Review of Sales Records .................................................................................................. 15 E. Findings Regarding Sales Records Analysis ..................................................................... 17

VI. FORENSIC ARTIFACTS RELATED TO NETWORK ACCESS ............................................... 18

VII. CONCLUSION ......................................................................................................................... 20

EXHIBIT A ..................................................................................................................................... 23�


REPORT OF FINDINGS

1

I. INTRODUCTION

1. Stroz Friedberg, LLC (“Stroz Friedberg”) was retained by Dewey & LeBoeuf LLP (“Dewey &

LeBoeuf”) on behalf of its client, University Sports Publications Co., Inc., (“USP”), to provide forensic data

preservation, technical consulting, and analysis in the matter of University Sports Publications, Co., Inc., vs.

Playmakers Media Co., et al., case number 09-CV-8206.

2. Specifically, Stroz Friedberg was asked to perform three tasks: (1) to preserve and analyze a

laptop computer provided by the defendant Shane Pitta; (2) to compare sales records in two spreadsheets

produced by Playmakers Media Co. (“Playmakers”) to electronically stored information in a USP sales

management system, and then to determine the extent to which the sales records in the Playmakers

spreadsheets matched data in the USP database; and (3) to describe generally some of the methods for finding

evidence on a computer’s hard drive that can establish whether that computer was used to access a computer

network remotely.

3. As set forth below, Stroz Friedberg found that: (1) forensic evidence on the laptop computer

directly contradicts sworn testimony by two of the defendants regarding the laptop and how it was used; (2)

forensic analysis of a provided USB jump drive finds evidence that apparent USP sales information was deleted

from the device months after Mr. Pitta received a preservation notice, contradicting his sworn testimony; and (3)

sales records produced by Playmakers are sufficiently similar to data from USP’s sales database to conclude that

the Playmakers data originated from the USP database, which further contradicts sworn testimony by Shane

Pitta. In addition, based on past experience, Stroz Friedberg is aware of numerous methods to identify forensic

artifacts on a hard drive that help establish whether a computer was used to access a network remotely.

II. BACKGROUND AND CREDENTIALS

4. Stroz Friedberg is a technical services and consulting firm that assists its clients, including major

law firms and companies, in, among other things, the areas of digital forensics, cyber-crime response, and

electronic discovery. Stroz Friedberg is managed by former federal prosecutors and former federal special

agents with both government and private sector experience in traditional and cyber-based investigations, digital

forensics, data preservation and analysis, and infrastructure protection. Our staff of digital forensic examiners,


REPORT OF FINDINGS

2

electronic security professionals, and private investigators joined Stroz Friedberg following careers in law

enforcement, the intelligence community, consulting, and academia.

5. Stroz Friedberg is remunerated on a time and materials basis, and remuneration is not dependent

upon the outcome of this litigation. The forensic examiner who performed or oversaw all analysis discussed in

this report is Jeffrey G. Bolas.

6. Jeffrey Bolas is an Assistant Director of Digital Forensics in Stroz Friedberg’s New York office.

His responsibilities include conducting data acquisitions and digital forensic analyses of personal computers,

servers, and mobile devices. He also supervises and coordinates the work performed by other digital forensic

examiners in the New York laboratory. He has provided testimony, expert reports, and declaratory evidence in

state and federal civil proceedings. Prior to joining Stroz Friedberg, Mr. Bolas worked as a Records Examiner in

the United States Attorney’s Office for the Eastern District of New York. He holds a Bachelor of Arts degree in

computer science from Williams College and a Master of Fine Arts degree from Columbia University. He is an

EnCase Certified Examiner (EnCE) in the area of digital forensics. His curriculum vitae is attached to this Report

as Exhibit A.

7. The issues and findings in this report are based in part upon the same facts discussed in two

affidavits previously submitted in this matter, namely: the Affidavit of Jeffrey G. Bolas, dated May 10, 2010; and

the Second Affidavit of Jeffrey G. Bolas, dated June 18, 2010.

III. ANALYSIS OF PROVIDED LAPTOP

A. DATA ANALYZED AND OVERVIEW OF FINDINGS

8. On March 19, 2010, Stroz Friedberg received one laptop computer, sent by courier from counsel

for Playmakers at Boies Schiller & Flexner LLP. The laptop was a Hewlett-Packard Pavilion, model dv5-1235dx,

bearing serial number CNF8471LZ2 (“the Laptop”). It contained a 320 GB Fujitsu brand hard drive, bearing

model number MHZ2320BH and serial number K618T8A2TNEH. A forensic examiner for Stroz Friedberg

photographed the Laptop and its hard drive and created a complete and verified image of the Laptop hard drive.

The original Laptop was returned to counsel for Playmakers on June 2, 2010.


REPORT OF FINDINGS

3

9. Additionally, Stroz Friedberg received transcripts of sworn testimony regarding the Laptop given

in depositions by two employees of Playmakers, Terry Columbus and Shane Pitta.

10.

Specifically, the forensic evidence shows:

a. the Laptop was not used before January 2009;

b. there is no evidence that the Laptop was used at all between March 25, 2009 and

July 31, 2009 at 11:03 p.m.;

c. a user with knowledge of Shane Pitta’s email passwords used the Laptop in early

August 2009, during the period immediately following its supposed surrender and secure storage

on July 31, 2009; and

d. the Laptop’s configuration, its documents, and its pattern of usage are inconsistent

with that of a work-issued computer used with any regularity for Playmakers business

B. DATE OF FIRST USE OF LAPTOP

11. The Laptop was found to have a system clock that was incorrectly set ahead by exactly one day,

plus or minus one minute, at the time Stroz Friedberg received the Laptop in March of 2010. The BIOS, or Basic

Input Output System, of the Laptop maintains the system clock, which is the clock used to record all timestamps

written to the file system. If a clock is incorrect, then the recorded dates and times on the computer are off by an

equivalent amount. Evidence exists in the Laptop’s System event log, in the form of multiple clock

REDACTED

REDACTED

REDACTED


REPORT OF FINDINGS

4

synchronization errors, to confirm that the clock had been set ahead by one day since at least January 29, 2009.

For purposes of this report, the dates and times noted are accurate; that is, we have adjusted the erroneous times

recorded by the computer’s clock to account for the 24-hour difference between the system clock and the correct

time.

12. The Laptop that Stroz Friedberg received was configured to run the Home Premium edition of the

Windows Vista operating system (“OS”), which was pre-installed on this Laptop by the manufacturer. The

Windows Vista OS bears an installation date of November 27, 2008. No evidence was found indicating that an

earlier OS had been installed on the Laptop prior to that date, or that the computer was used before that date.

Additionally, the Laptop’s hard drive bears a manufacture date of October 31, 2008, further supporting the finding

that this Laptop and hard drive were not used by any user before that date.

13. The Laptop had only one user account active on it. That user account’s name is “Alison,” and it

was created and first used on January 12, 2009. For another reference point, Stroz Friedberg looked up the

publicly-available Hewlett-Packard warranty data for the Laptop using its serial number and found that its warranty

period lasted from January 12, 2009 through January 11, 2010.

14.

15. However, based on the installation date of the factory-installed OS, the hard drive manufacture

date of October 31, 2008, the commencement of the warranty period on January 12, 2009, and the creation of the

sole user profile “Alison” on that same date, it is Stroz Friedberg’s opinion that the Laptop computer was not

turned on, set up, and registered until January 2009.

REDACTED

REDACTED


REPORT OF FINDINGS

5

C. PERIOD OF LAPTOP INACTIVITY

16. Stroz Friedberg reviewed the Laptop’s event logs and the timestamps associated with files on the

Laptop in order to establish a general timeline of its use. The earliest recorded user activity is on January 12,

2009, which is when the account “Alison” was created. The user Alison used the Laptop intermittently from

January 12, 2009 until March 25, 2009 (recorded erroneously as March 26). Event logs record no activity for this

computer between the time it was turned off on March 25, 2009 and the next time it was turned back on again, on

July 31, 2009. On that date, at 11:03 p.m., a user turned on the Laptop and logged in as “Alison.”

17. The Laptop was then used intermittently between July 31, 2009 at 11:03 p.m. and August 4,

2009. The last recorded user activity is on August 4, 2009, which is recorded erroneously as August 5. The

Laptop appears to have been placed into hibernation mode on that date, after which, over the course of the next

several days, it automatically activated itself periodically to attempt automated Windows system updates. No

evidence was found of files created or modified as a result of user action or any other user-related activity after

August 4, 2009 at 9:05 a.m. The last recorded automated change to any file on the Laptop is on August 15, 2009.

There is no evidence that the laptop was ever turned on again after that date.

18. The overall pattern of activity suggests that this Laptop was used only during the first three

months of 2009, after which it was not powered on again until July 31, 2009 at 11:03 p.m., which is late on the

day on which Playmakers received the preservation hold notice from USP’s attorneys.

19.

However, Stroz Friedberg did not find any evidence of user activity on July 31, 2009 until

11:03 p.m.,

D. EVIDENCE OF ACTIVITY AFTER SUPPOSED SECURE STORAGE OF LAPTOP

20.

REDACTED

REDACTED

REDACTED


REPORT OF FINDINGS

6

21.

22. Stroz Friedberg examined the Laptop’s hard drive for evidence to corroborate the timeline

established by the above statements. The Laptop contains evidence, found in the history of the Internet Explorer

web browser, that Mr. Pitta, or someone using his login credentials, accessed the mailbox of user SPitta on

Playmakers’ secure webmail site on August 2, 2009 and August 4, 2009. Specifically, on August 4, 2009 at

approximately 8:43 a.m., a user of the Laptop browsed to http://mail.playmakersmedia.com, logged into the

secure webmail site, and viewed the Inbox for user SPitta. At approximately 8:45 a.m. on the same morning, the

user of the Laptop logged into the Gmail account [email protected]. The user then downloaded a single Excel

workbook, entitled updated_anadirectory.xlsx. Multiple copies of this spreadsheet were created in the web

browser cache and in the Downloads and Desktop directories for the user Alison. This is the sole Microsoft Office

document on the Laptop, as described more fully below.

23.

E. SYSTEM CONFIGURATION AND USAGE PATTERN

24. Computers running Windows operating systems must have a computer name assigned to them

for the purposes of identification. Computer names are typically assigned by the IT administrator of a business or,

REDACTED

REDACTED

REDACTED


REPORT OF FINDINGS

7

in the case of a personal computer, the first user of that computer. The computer name assigned to this Laptop is

“ALISON-PC.” Moreover, the Registered Owner for the Laptop is listed as “Alison” and, as noted above, the sole

user account on the Laptop also is named “Alison.” The “Alison” account has a property called “FullName” that

can be set by a user; the FullName field for the Alison account currently is set to “Shane.” No other evidence was

found to indicate that an account containing the name “Shane” or “Pitta” ever existed on this machine.

Whoever

configured the Laptop in January 2009 did so in a way that clearly attributed ownership and control to Ms. Lozito,

not Mr. Pitta.

25. Stroz Friedberg reviewed the files and Internet browsing history on the Laptop in order to gain

more specific knowledge about how it had been used. The user of the Laptop used Microsoft’s Internet Explorer

for web browsing, and records remain on the Laptop that provide information about the history of websites visited

between January and March 25, 2009, and then again from July 31, 2009 through August 4, 2009. As noted

previously, there is no evidence of any user activity between March 25, 2009 and when the computer was turned

on again at 11:03 p.m. on July 31, 2009.

26. The primary use of the computer appears to have been for web browsing, and the greatest

number of observed artifacts from browsing relate to the website Facebook. The name of the Facebook account

that the user logged into is a combination of two proper names: “Alison Lozito Shane Pitta.”

27. As discussed above, there are references in the Internet Explorer history evidencing access to

Mr. Pitta’s Playmakers email account on August 2 and August 4, 2009. There are also references in the Internet

Explorer history indicating that a user logged into Playmakers’ secure webmail site on February 8, 2009. Other

than these mail logins, there are notably few references to Playmakers or to Mr. Pitta anywhere on the Laptop

hard drive, apart from the occurrence of his name in Ms. Lozito’s Facebook account.

28.

REDACTED

REDACTED

REDACTED


REPORT OF FINDINGS

8

29.

The version

of the Office suite installed on this Laptop is an edition named “Microsoft Office Home and Student 2007,” which

came pre-installed as a trial version on this Laptop by the manufacturer. The Home and Student edition of

Microsoft Office is licensed only for personal, non-commercial use by households. However, it appears that the

trial version of "Microsoft Office Home and Student 2007" on the provided Laptop was activated in August of

2009, after the computer was supposedly secured by Ms. Columbus. A Laptop user visited the website

trymicrosoftoffice.com on August 2, 2009 at 7:52pm, and a hexadecimal key was written to the computer in a file

named “Office2007TrialActivationKey.txt” seconds later. It is unknown if the software had ever been activated

before this time, but Stroz Friedberg found no evidence that any user-created Microsoft Word document had ever

been opened or saved on the Laptop.

30. Furthermore, the Laptop contained almost no user-created files of the most common types

created in work environments, such as email, documents, or spreadsheets. Not counting document templates

and default documents included with program installations, the Laptop contained zero Microsoft Word documents,

PowerPoint presentations, and Outlook email archives. It contained four identical copies of the single Excel

workbook referenced above, created on this Laptop four days after the preservation notice. No email or user-

created documents from any of the other major productivity software suites, such as Lotus or WordPerfect, was

REDACTED

REDACTED

REDACTED


REPORT OF FINDINGS

9

found. Additionally, a review of the deleted, recoverable files on the Laptop found no recoverable remnants of

user-created document types or email.

31.

32.

The pattern of usage, along with the system configuration in the name “Alison,” is

more consistent with a laptop originally intended for personal use by Alison Lozito.

IV. ANALYSIS REGARDING REMOVABLE USB JUMP DRIVE

33.

34. Several months after the preservation and analysis of the Laptop, on October 18, 2010, Stroz

Friedberg received one removable USB flash drive, or “jump drive,” from counsel for Playmakers at Boies Schiller

& Flexner LLP. The jump drive was an 8 GB SanDisk Cruzer drive, internal serial number 35146102EE93459D

REDACTED

REDACTED

REDACTED


REPORT OF FINDINGS

10

(the “Jump Drive”). It is our understanding that the provided Jump Drive is the device discussed in Mr. Pitta’s

deposition testimony. Stroz Friedberg created a complete and verified forensic image of the Jump Drive.

35. Unlike the provided Laptop, which showed almost no evidence of ever having been used for

work, the Jump Drive contained hundreds of user-created files, including Excel spreadsheets and documents in

Word and PDF format. The creation and modification timestamps associated with these files indicate that they

were stored and accessed on the Jump Drive between July 31, 2009, the first observed date of Jump Drive

usage, and March 23, 2010, the last observed date of usage. The Jump Drive contains active files and deleted,

recoverable files, as well as many dozens of references to files that have been deleted and overwritten during that

time period.

36. However, forensic analysis of the provided Jump Drive

demonstrates that it was never used during the time period of interest, and further that evidence apparently

relating to USP sales records was deleted months after the preservation notice was issued.

37. First, the Jump Drive shows no evidence of ever having been used before 10:55pm on the

evening of July 31, 2009, shortly after Mr. Pitta received the preservation notice. Based upon a review of creation

dates associated with the files and folders on the Jump Drive, Stroz Friedberg found that the first files and folders

on the Jump Drive were created at that time, when the Jump Drive was inserted into a computer and accessed.

38. Second, the first user-created files (e.g., spreadsheets and documents) were copied to the Jump

Drive on Saturday, August 1, 2009 at approximately 5:09pm. At that time, dozens of files were copied from an

unknown computer to the Jump Drive. No copies of or references to the files copied to the Jump Drive on the

evening of August 1, 2009 were found on the Laptop; therefore, the files were most likely copied to the Jump

Drive from another computer.

39.

When removable USB devices are first connected to a

REDACTED

REDACTED

REDACTED


REPORT OF FINDINGS

11

Windows Vista machine via a USB port, records are created on disk and in the computer’s registry that record the

date of first connection, and in some instances, the serial number of the connected removable device. However,

in the review of the provided Laptop, Stroz Friedberg found no such records to confirm that any “jump drive” or

similar external USB storage device was ever directly connected to the Laptop.

40. Fourth, the Jump Drive contains references to dozens of deleted files, most of which are

unrecoverable. However, one file of particular note, an Excel workbook named “area retailers 2009.xls,” (the

“Area Retailers Spreadsheet”) is deleted but recoverable. This file was copied to the Jump Drive on the evening

of August 1, 2009, at approximately 5:09pm, from some other source, the day after Mr. Pitta received the

preservation notice. The file was last accessed on February 17, 2010. In order for a file to be accessed, it must

still exist on the Jump Drive. Therefore, the Area Retailers Spreadsheet still existed on the Jump Drive as an

active file on February 17, 2010 and was deleted at some point subsequently, at least six months after the data

preservation notice.

41. Finally, the deleted Area Retailers Spreadsheet contains advertising sales records that appear to

relate to historical sales by Mr. Pitta’s prior employer, USP. The analysis of these records is discussed below.

42. Stroz Friedberg also found a fragment of an Excel workbook in the unallocated space (or “free

space”) of the Jump Drive that appeared to contain additional records pertaining to USP sales. Stroz Friedberg’s

assessment that the deleted fragment relates to USP sales is based on the observation that it contained the

names of multiple New York professional sports teams and phrases that occur in USP’s database, as discussed

more fully below. However, the deleted fragment could not be reconstituted into a legible document, and it was

consequently excluded from the following analysis.

V. COMPARISON OF HISTORICAL SALES RECORDS

43. Stroz Friedberg was additionally asked to compare advertisement sales records in two

spreadsheets – one produced by Playmakers and the Area Retailers Spreadsheet found on the Jump Drive – with

REDACTED


REPORT OF FINDINGS

12

electronically stored information in a USP sales management system, and then to determine the extent to which

any information in the spreadsheets’ records of sale matched the data in USP’s system.

44. As set forth below, Stroz Friedberg found that the information in the two Playmakers

spreadsheets is identical to the historical information in USP’s sales management system with respect to the

specific advertisement price charged to each particular customer for each particular publication, and it is nearly

identical with respect to customer contact information. Moreover, the USP and Playmakers sales records share

certain specific traits and irregularities in their punctuation, typographical errors, and data values that indicate that

they share a common origin.

45. Stroz Friedberg confirmed that the historical sales records at issue have existed in the USP sales

management system since at least February 2006 and further confirmed that the two Playmakers spreadsheets

were created on June 13, 2008 and February 13, 2009, respectively. The fact that USP’s copy of the sales

records pre-dates the same data produced by Playmakers strongly suggests that the Playmakers data was

copied from the USP database.

A. THE PLAYMAKERS SPREADSHEET

46. On April 29, 2010, counsel from Dewey & LeBoeuf provided Stroz Friedberg with a copy of two

documents produced by Playmakers,

The latter document is the Excel spreadsheet attached to the email,

originally named “Book1.xlsx” (“the Playmakers Spreadsheet”).

47. The Playmakers Spreadsheet,

contains 43 rows of information that appear on their face to be advertisement sales records. Each record

consists of fourteen data fields, including an individual’s first and last names, several fields containing that

person’s business address and phone number, and fields regarding the details of a particular advertisement sale,

including the price charged, the size of the advertisement, the name of the publication in which it was to appear,

REDACTED

REDACTED


REPORT OF FINDINGS

13

and the year of publication. Based upon the years listed in the advertisement sales records, each record appears

to relate to an advertisement purchased for 2005, except for one purchased for 2003.

48. Excel spreadsheets can contain embedded metadata that provide a document’s creation date

and author. The Playmakers Spreadsheet lists “Shane Pitta” as its author, and it records an original creation date

of February 13, 2009 at 9:04 a.m. (EST).

49.

B. THE AREA RETAILERS SPREADSHEET

50. Stroz Friedberg also reviewed sales records in the Area Retailers Spreadsheet, a deleted Excel

workbook that was recovered on the Jump Drive as discussed above. The first spreadsheet in this workbook,

named “Sheet1,” contains 675 rows of information that appear on their face to be advertisement sales records.

The Area Retailers Spreadsheet contains exactly the same data fields as the Playmakers Spreadsheet and in the

same order, including an individual’s first and last names, several fields containing that person’s business address

and phone number, and fields regarding the details of a particular advertisement sale, including the price charged,

the size of the advertisement, the name of the publication in which it was to appear, and the year of publication.

The Area Retailers Spreadsheet also contains a fifteenth data field for each sales record that contains the type of

publication. Based upon the years listed in the advertisement sales records, each record appears to relate to an

REDACTED

REDACTED


REPORT OF FINDINGS

14

advertisement purchased for 2005. The Area Retailers Spreadsheet lists Shane Pitta as the author and it records

an original creation date of June 13, 2008, at approximately 12:32 p.m (EST).

51. It is Stroz Friedberg’s understanding that the records in the Playmakers Spreadsheet and the

Area Retailers Spreadsheet (collectively, the “Playmakers Data”), which pertain to historical advertisement sales

for multiple New York professional sports teams, are sales that pre-date the formation of Playmakers in 2007,

Columbus Tr. at 80.

52. A third spreadsheet was found to contain advertisement sales records in the same format as

those records in the Playmakers Data. That file, was also found on the Jump Drive. The

sales records that it contains are a subset of the records found in the Playmakers Spreadsheet. Accordingly, no

separate analysis of the file was conducted.

C. THE USP SALES MANAGEMENT SYSTEM

53. On April 30, 2010, May 3, 2010, and November 16, 2010, a Stroz Friedberg forensic examiner

travelled to USP’s offices in Manhattan and met with Howard Goldfeder, the president of Databasaurus, a

technical consulting company that provides computer infrastructure and technical support to USP. The purpose

of the meetings was to learn how USP’s sales-related data is stored and then to obtain relevant sales records

from USP’s sales management system to compare to the data in the two spreadsheets in question. During those

meetings, Stroz Friedberg made copies of certain screenshots and query results from USP’s sales management

system on CD-ROMs, in order to compare their contents to the Playmakers Spreadsheet.

54. USP maintains a custom-built sales management system which is used for, among other things,

tracking calls by sales representatives to potential customers and documenting advertisement sales. The system

stores many kinds of data, including contact information for individuals at client businesses who authorize the

purchase of advertisements in USP’s various sports publications. The system is built upon a Microsoft SQL

Server database, which serves as the main data storage mechanism. The name of the database that stores USP

sales-related data is “uspdb.” It is Stroz Friedberg’s understanding that the sales management application at

USP, and its associated database named uspdb, have been in place at USP since at least 2003.

REDACTED

REDACTED


REPORT OF FINDINGS

15

55. With Mr. Goldfeder’s assistance, Stroz Friedberg examined the tables within the uspdb database

that contain information regarding historical advertisement sales in USP’s sports publications. The tables were

identified that appeared to contain data fields corresponding to those data fields present in the Playmakers

spreadsheet, such as the names of contacts at client businesses, business addresses, and advertisement

descriptions. Working with Mr. Goldfeder, Stroz Friedberg constructed queries, or database search commands,

to identify any records in the USP database that might correspond to the records in the Playmakers spreadsheet.

56. In order to verify that the relevant records in the USP database system had not recently been

modified, Stroz Friedberg requested and obtained access to a restored copy of the uspdb database from an old

backup, dated February 8, 2006. According to the timestamps associated with the database backup file, the

database backup was created and last modified on February 8, 2006.

57. Running the queries against the 2006 backup of USP’s database returned records that matched

all the records in the Playmakers Data. For all advertisement sales records in both spreadsheets, the USP

system contained a matching record of an advertisement sale containing the same specific client contact, ad

price, ad size, and publication information.

58. Sales records in the USP database have additional properties beyond those listed in the

Playmakers Data. Among the additional properties that USP sales records have is the creation date of the record

in the database. Each of the matching records found within the USP database includes a creation date field

documenting the date that the sale was first entered into the USP database. All of the matching records bore

creation timestamps between 2003 and February 1, 2006.

59. It is Stroz Friedberg’s opinion that all sales records identified in USP’s database found to

correspond to the records in the Playmakers Data have existed in USP’s system since sometime before February

8, 2006.

D. REVIEW OF SALES RECORDS

60. Based on a line-by-line comparison of the 43 records in the Playmakers Spreadsheet and the 675

records in the Area Retailers Spreadsheet against the corresponding USP sales records, Stroz Friedberg found


REPORT OF FINDINGS

16

that all records have identical entries with respect to the details of the advertisement sales; that is, the two

spreadsheets contain exactly the same information as the USP database records regarding the price paid by a

particular business contact for a particular advertisement in a particular publication in a particular year.

Discrepancies exist between the two data sets in 241 of the 675 records in the Area Retailers Spreadsheet as

well as in 14 of the 43 sales records in the Playmakers Spreadsheet. These discrepancies were limited to the

data fields containing company names, address fields, and telephone numbers, which are the fields most likely to

change over time, as well as the honorific used to address the contact. Notably, even when the name or address

of a company differed between the USP and Playmakers records, the name for the original contact individual

involved in the particular advertisement sale remained identical.

61. Several similarities exist between the structure and formatting of the data in the USP database

and the Playmakers Data. First, the convention used to describe a purchased advertisement is identical,

including capitalization, punctuation, and the fact that numbers are spelled out. For example, “Full Page, Four

Color” is one example of how an advertisement is described in both the USP and Playmakers data for the same

sale. Similarly, telephone numbers are formatted without dashes, parentheses, or periods in both the USP and

Playmakers data sets.

62. There are also several typos and formatting irregularities that recur precisely in the same manner

in corresponding records in the Playmakers and USP data. Specifically:

a. The Playmakers Spreadsheet lists a business address at

The business address data in the corresponding USP sales record

matches exactly, including its capitalization This identical spelling

in both data sets is particularly significant because it is a misspelling;

b. Similarly, the relevant USP database sales records include several incorrectly

spelled city names, such as

Identical misspellings occur in the corresponding sales records in the Area Retailers

spreadsheet.

REDACTED

REDACTED REDACTED

REDACTED

REDACTED


REPORT OF FINDINGS

17

c. The Playmakers spreadsheet and Area Retailers spreadsheet list numerous

advertisement sales in 2005 at the rate of $0. These records presumably represent either an

error or free advertisement sales. The corresponding USP records also reflect ad rates of “0.”

d. The Playmakers Data includes a small number of business addresses,

that spell out the street number instead of representing it with numerals.

Identical addresses exist in the corresponding sales records in the USP database records.

e. A total of fourteen sales records in the USP data contain irregularities in the two-

letter state abbreviations, including the presence of extraneous punctuation

or the use of an irregular abbreviation

The corresponding records in the

Playmakers data exhibit the exact same irregularities.

f. One advertisement sale records the company purchasing an ad but uses the

placeholder string “xxxxx” in the address, city, and contact name fields. The placeholder occurs

in both the USP and Playmakers record for this sale.

g. Both data sets include records where the city is listed as or

including the comma. These are the only recorded city name entries followed by a

comma, and the anomaly occurs in both data sets within corresponding records.

h. Numerous other small commonalities occur, including the occasional use of the

honorific “Mr” without a period, as well as records with sales prices down to the cent.

E. FINDINGS REGARDING SALES RECORDS ANALYSIS

63. The information in the Playmakers Data is nearly identical to certain of the historical sales records

in the USP sales management database. In particular, the data fields relating to specific historical sales pricing

data and individual contact names are identical. The discrepancies that do exist are limited to individuals’

addressing and contact information. Given that both data sets contain nearly identical information, it is Stroz

Friedberg’s opinion that the USP and Playmakers data share a common origin.

64. The sales records in the USP database corresponding to the records in the Playmakers Data

were created on various dates between 2003 and 2005. Given that the same sales data in the USP database

REDACTED

REDACTED

REDACTED

REDACTED REDACTED


REPORT OF FINDINGS

18

pre-dates the creation of the two Playmakers spreadsheets, and that identical formatting conventions and

typographical irregularities are common between specific records in both spreadsheets and the USP database,

Stroz Friedberg concludes that the sales information in the Playmakers Data was, at some point in time, copied

directly from USP’s sales database application.

65.

VI. FORENSIC ARTIFACTS RELATED TO NETWORK ACCESS

66. Stroz Friedberg was further tasked by Dewey & LeBoeuf to describe generally some of the

methods for finding evidence on a computer’s hard drive that can establish whether that computer was used to

access a computer network remotely. Remote access refers to a temporary connection to a private network, such

as one operated by a company, by a computer at some physical distance from the network and using the Internet

to mediate the connection. The following discussion assumes that the remote computer has been configured to

run one of the Microsoft Windows operating systems.

67. Numerous technologies and software applications exist that permit a remote user to access data

resources on a network. Generally, any such access requires that the network include a connection point

configured to accept remote connections. A remote computer then must be provided with specific configuration

details necessary to establish a connection to the network, which may include the IP address of the connection

point on the network, the name of the computer or service on the network to which it wishes to connect, and a

specific port number on that computer that is used to mediate traffic to remote computers. The remote user must

also provide authentication credentials, generally including a username and password at a minimum, in order to

be permitted access to protected network resources.

68. One common method for connecting to a network remotely is through the use of a Virtual Private

Network, or VPN. A VPN creates an encrypted “tunnel,” or protected connection, between the remote computer

REDACTED


REPORT OF FINDINGS

19

and the corporate network, which in turn permits users to check email, access files, or perform other tasks

possible when physically connected to the network in the office. There are many software packages available

that can be used to create VPNs.

69. A second common method for connecting to a private network’s resources is through the use of

remote desktop software, which permits a remote user to view and interact with the desktop of a target computer

on the network. Once remote desktop access has been established, the remote user can access files or

information resources on the network as if he or she were physically present at the target computer’s console.

There are many software packages that permit remote desktop connections.

70. While VPNs and remote desktop sessions are among the most common methods for establishing

remote connections to a network, many other methods exist to access protected resources on a network,

including web-based access to email and internal web pages (using tools such as Outlook Web Access or

WebAuth and an Internet browser), file transfer programs, and other programs that accept connections from

computers outside the network.

71. Accordingly, if provided a computer hard drive and asked to review it for evidence of such remote

access, Stroz Friedberg would search for evidence of, including but not limited to, the following:

a. virtual private network, remote desktop, and similar applications currently or previously

installed on the remote computer;

b. configuration details, application logs, and digital certificates for such applications;

c. Windows registry entries relating to such applications;

d. references to the network, including IP addresses, computer names, and domain names;

e. specific user credentials necessary to gain access to the network;

f. evidence that an Internet browser was used to access resources on the network; and

g. forensic artifacts recovered in whole or in part from unallocated space on the hard drive

that pertain to any of the above types of evidence.


REPORT OF FINDINGS

20

72. The computer’s hard drive also may contain remnants of specific files or other data accessed on

the network. If a computer were used to access a network remotely and copy data from it, the copied data may

still exist, in whole or in part, on the hard drive of the remote computer. The data may be available in the form of

whole and complete active files, or it may recovered by searching the free (or “unallocated”) space on the hard

drive. It is also possible that references to file names or file paths that are specific to the network exist on the

remote computer. For example, Windows computers frequently record references to recently accessed files in

the form of “link files” and registry entries. Accordingly, in addition to searching for forensic artifacts related to the

means of network access, Stroz Friedberg also would perform analyses including, but not limited to: searching for

data or remnants of data alleged to have been accessed remotely on the network; identifying any references to

file names and file paths specific to the network; and reviewing all available versions of the Windows registry for

references to such data.

73. The extent to which digital evidence exists and is recoverable from a hard drive is highly

dependent not only on the specific software applications of interest but also on the amount of time elapsed and

activity conducted between when the computer was used to access a remote network and the forensic

examination. Intervening activity on the computer may change the state of the hard drive in ways that render

some or all of the evidence of remote network connections unrecoverable.

VII. CONCLUSION

74. Regarding the provided Laptop, based on the foregoing facts and analysis, Stroz Friedberg

concludes that:

a. The usage pattern observed on the Laptop is consistent with a computer

configured for the first time on or about January 12, 2009 with an account for Alison Lozito,

REDACTED


REPORT OF FINDINGS

21

b. The Laptop was used between January 12, 2009 and March 25, 2009. After

March 25, 2009, it was not used again until July 31, 2009 at 11:03 p.m., late in the day on which

Playmakers received a preservation notice from USP’s attorneys.

c. During the periods of usage from January 12, 2009 to March 25, 2009, the

computer appears to have been used for personal home use and, in particular, for web browsing.

d. The Laptop was turned on again on July 31, 2009 at 11:03 p.m. and used

intermittently over the next four days. The actions taken between July 31, 2009 at 11:03 p.m. and

August 4, 2009 include logins into Mr. Pitta's Playmakers email account and his personal Gmail

account, establishing that Mr. Pitta, or someone with knowledge of his email passwords, used the

computer during the period when the Laptop was supposedly being securely stored in Ms.

Columbus’s locked desk drawer.

e. The Laptop contains no user-created Microsoft Office documents other than the

one unique Excel spreadsheet downloaded to it via web-based email on August 4, 2009.

f. Stroz Friedberg found no evidence of a removable USB device having ever been

connected to the Laptop.

75. Regarding the provided Jump Drive, Stroz Friedberg concludes as follows:

a. the Jump Drive shows no evidence of having been

used before July 31, 2009, at 10:55pm;

b. the Laptop shows no evidence of having ever had the Jump Drive connected to it;

c. the files on the Jump Drive were copied to the device from some other source starting on

Saturday, August 1, 2009;

REDACTED

REDACTED


REDACTED


REPORT OF FINDINGS

23

EXHIBIT A

Curriculum Vitae for Jeffrey G. Bolas


A S S I S T A N T D I R E C T O R , D I G I T A L F O R E N S I C S

JEFFREY G. BOLAS

Tel: 212.981.6542 � Fax: 212.981.6545 � [email protected] � www.strozfriedberg.com

32 Avenue of the Americas, 4th Floor, New York, NY 1001

PROFESSIONAL EXPERIENCE STROZ FRIEDBERG Assistant Director, Digital Forensics, January 2009 to Present Digital Forensic Examiner, January 2006 to January 2009 New York, NY Conduct digital forensic acquisitions and analyses of laptops, desktops, servers, and cellular phones in civil litigations, criminal matters, internal investigations, and computer incident response efforts. Consult with clients in matters involving spoliation claims, network intrusions, destruction of data, theft of trade secrets, source code review, electronic discovery remediation, and cybercrime response. Develop customized programming utilities for use in the processing and analysis of electronic data. Conduct large-scale electronic discovery involving the preservation, processing, and production of electronic data. Supervise forensic examiners in New York laboratory. Significant casework includes:

• Authored two expert reports and testified in federal court in the matter Gutman et al v. Klein et al. Established that a pattern of system alterations and obfuscations had occurred on laptop computer. Report and testimony formed underpinnings of judge’s default judgment for spoliation of electronic evidence, the first judgment of its kind in the Federal Second Circuit.

• Led team of source code reviewers in analysis and expert reporting of C++ source code relating to geolocation of Wi-Fi access points.

• Assisted with rapid implementation of supplemental transaction monitoring system to detect indicia of money laundering at a global bank.

• Conducted audit, data analysis, and remediation effort onsite at the

offices of an electronic discovery vendor in the United Kingdom following botched data restoration efforts. Identified process steps lacking control measures and specified new process to improve data quality.

• Led team of forensic examiners in multi-terabyte electronic discovery

matter of more than 120 custodians’ data in high-stakes litigation. Coordinated processing and load file production under urgent deadlines.

• Analyzed proprietary high frequency trading source code and performed timeline analytics on source code version control system in support of theft of intellectual property case.

• Authored additional multiple expert reports, declarations, and affidavits

regarding forensic inspections of computer hard drives, webmail access, and fax machine memory.

• Designed and programmed customized scripts to significantly improve

speed of email deduplication for productions in high-profile SEC investigation, resulting in significant time and cost savings for the client.



JEFFREY G. BOLAS



• Preserved and harvested terabytes of electronic data in Mexico from a

server and scores of laptops, desktops, and removable storage devices in a high-stakes civil litigation. Conducted on-site processing to facilitate attorney review and to protect confidential and sensitive client data.

UNITED STATES ATTORNEY’S OFFICE, E.D.N.Y. Records Examiner Brooklyn, NY 2004 to 2006

• Contracted by Computer Sciences Corporation (CSC) to the US Attorney’s Office, Eastern District of New York. Provided document management and technical support for Computer Associates prosecution, then the largest securities fraud case in the history of the District.

• Created and maintained mission-critical searchable document databases for prosecutors on the Computer Associates case. Led the conversion of all case documents to digital format.

• Supervised and managed the pre-trial discovery process for the

Computer Associates prosecution, producing millions of documents in electronic format.

KALLER’S AMERICA GALLERY Historical Writer/Project Manager New York, NY 2001 to 2004

• Researched, wrote, and edited several hundred historical backgrounds for donated manuscripts of the Gilder Lehrman Collection at the New York Historical Society.

• Acted as systems administrator. Created the office's first network and

backup systems. Developed corporate website and database. KENAN SYSTEMS CORPORATION Software Engineer Cambridge, MA 1997 to 1999

• Developed a customer demographics analysis module and designed user interface using Visual Basic with API calls.

• Led QA testing efforts on customer usage analysis and marketing tool.



JEFFREY G. BOLAS



EXPERT TESTIMONY June 2010: Testified regarding data wiping utility in United States District Court for the Southern District of New York. Gucci America v. Frontline Processing, Inc., et al. (case number 09-cv-6925). January 2010: Testified in state civil couty in Harris County, Texas, in employment dispute involving source code found on the personal media of former employee. July 2008: Testified as court-appointed independent expert on matters of spoliation in United States District Court for the Eastern District of New York. Gutman et al. v. Klein et al. (case number 03-cv-1570). EDUCATION

COLUMBIA UNIVERSITY M.F.A. Film, 2004. WILLIAMS COLLEGE B.A. magna cum laude, Computer Science, 1997.

CERTIFICATIONS

Encase Certified Forensic Examiner (EnCE), 2008 Guidance Software

PUBLICATIONS

“The IM Dilemma.” Inside Supply Management, June 2007.

TRAINING � STROZ FRIEDBERG Internal Training Program

Attend weekly in-house training presentations on digital forensics, cybercrime response, computer security, desktop and network forensics tools, and relevant legal topics. Lead training on numerous topics including dtSearch techniques, scripting in Python, forensic event timelining, and Mac forensics.

� Network Forensics, SANS Institute, June 2010. � What Works In Forensics and Incident Response Summit, SANS Institute, July

2009. � Advanced Malware Analysis, SANS Institute, December 2008. � Advanced Computer Forensics, Guidance, December 2007. � EnCase Intermediate Analysis and Reporting, February 2006.

12/10


Exhibit D


Wallace, Kevin C.

From: Wallace, Kevin C.Sent: Friday, July 31, 2009 1:33 PMTo: '[email protected]'Cc: Clark, Christopher J.Subject: Document Preservation NoticeAttachments: Scan001.PDF

12/2/2010

Mr. Columbus:

Please see the enclosed letter from Chris Clark.

KCW

------------------------------------------------------------Kevin WallaceDewey & LeBoeuf LLP1301 Avenue of the AmericasNew York, NY 10019Tel: 212 259 8537Fax: 212 259 [email protected]


Exhibit E


Christopher Duffy

From: Christopher DuffySent: Friday, August 07, 2009 7:00 PMTo: [email protected]: University Sports Publications

Page 1 of 1

5/7/2010

Christopher,

I represent the New York Yankees. I have your 7/31/09 letter to Lonn Trost regarding your client’s allegations against Shane Pitta, who your letter asserts is an employee of Playmakers Media Corporation. Your client’s purported understanding that the Yankees own or control Playmakers Media Corporation is incorrect, and your letter is therefore misdirected. The Yankees do not possess any proprietary information belonging to your client. As to your threat to file litigation against the Yankees, any such litigation would be frivolous, and would expose your client to liability for fees incurred by the Yankees in responding to it.

Christopher E. DuffyBoies, Schiller & Flexner LLP575 Lexington AvenueNew York, New York 10022212-446-2366 (phone)212-446-2350 (fax)[email protected]

Case 1:09-cv-08206-RJH-DCF Document 48-6 Filed 05/07/2010 Page 1 of 1Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 42 of 99

Exhibit F (Filed Under Seal)


Exhibit G (Filed Under Seal)


Exhibit H (Filed Under Seal)


Exhibit I (Filed Under Seal)


Exhibit J


Case 1:09-cv-08206-RJH-DCF Document 59 Filed 06/08/2010 Page 1 of 22Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 48 of 99

REDACTED PURSUANT TO PROTECTIVE ORDER


Exhibit K


UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF NEW YORK ----------------------------------------------------------------------X

UNIVERSITY SPORTS PUBLICATIONS CO., INC.,

Plaintiff,

-against-

PLAYMAKERS MEDIA CO., TERRY COLUMBUS, SHANE PITTA and DARNELL GENTLES,

Defendants.

::::::::::::

09-CV-8206 (RJH)

ORAL ARGUMENT REQUESTED

----------------------------------------------------------------------X

DEFENDANTS’ MEMORANDUM OF LAW IN SUPPORT OF MOTION TO DISMISS AMENDED COMPLAINT

January 11, 2010

BOIES, SCHILLER & FLEXNER LLP 575 Lexington AvenueNew York , New York 10022Telephone: (212) 446-2300

Attorneys for Defendants Playmakers Media Corp., Terry Columbus, Darnell Gentles and Shane Pitta

Case 1:09-cv-08206-RJH Document 20 Filed 01/11/2010 Page 1 of 23Case 1:09-cv-08206-DCF Document 83-2 Filed 12/06/10 Page 71 of 99

TABLE OF CONTENTS

STATEMENT OF FACTS ..............................................................................................................1

LEGAL STANDARD......................................................................................................................3

ARGUMENT...................................................................................................................................4

I. THE CFAA CLAIMS, WHICH ARE THE SOLE PURPORTED PREDICATE FOR FEDERAL JURISDICTION, FAIL TO STATE A REMEDIABLE CLAIM. ..........4

A. The Amended Complaint Fails to Allege that Gentles or Pitta Accessed a Protected Computer Without Authorization.................................4

B. The Amended Complaint Fails to Allege that USP Suffered a Loss of Data or an Interruption in Service to a Computer. ...................................7

C. The Court Should Decline to Exercise Supplemental Jurisdiction over USP’s State Law Claims. ......................................9

II. THE DOCTRINE OF COLLATERAL ESTOPPEL BARS THE STATE LAW CLAIMS. ...........................................................10

III. EVEN ABSENT COLLATERAL ESTOPPEL, THE STATE LAW CAUSES OF ACTION EACH FAIL TO STATE A REMEDIABLE CLAIM................13

A. USP Has Failed to Properly Plead a Claim for Trade Secret Misappropriation. .............................................................14

B. USP Fails to Properly Plead a Claim for Unfair Competition. ..............................16

C. USP Fails to Properly Plead a Claim for Breach of Fiduciary Duty. ....................17

D. USP Fails to Properly Plead a Claim for Tortious Interference with Contract. ................................................................18

CONCLUSION..............................................................................................................................19


Defendants Playmakers Media Corp. (“Playmakers”), Terry Columbus, Darnell Gentles,

and Shane Pitta (collectively, “Defendants”) respectfully submit this memorandum in support of

their joint motion to dismiss the Amended Complaint (abbreviated herein as “AC”) of plaintiff

University Sports Publications Co., Inc. (“USP”). Defendants move this Court to dismiss the

Complaint for lack of subject matter jurisdiction pursuant to Fed. R. Civ. P. 12(b)(1) and 18

U.S.C. §§ 1030(c)(4)(A)(i)(I) and 1030(g), and for failure to state a claim upon which relief may

be granted pursuant to Fed. R. Civ. P. 12(b)(6).

STATEMENT OF FACTS1

USP sells advertising space in sports souvenir magazines and yearbooks, as well as

publications relating to professional sports events. AC ¶ 13. USP purports to have an “extensive

computer database of customer leads and historical sales data.” AC ¶ 15. The “database” is a

list of names and addresses with information on past advertising purchases by customers and

potential customers. AC ¶¶ 15. USP makes the database available to its employees. AC ¶ 19.

The database is alleged to be maintained by a company called Databasaurus L.L.C.

(“Databasaurus”). AC ¶ 17.

USP alleges that defendants Columbus and Pitta were “aware” of the database, and that

Pitta “used the database” while he was employed by USP as a salesperson through 2006. AC

¶¶ 25-27. USP alleges that Gentles was “authorized to use and access” the database during the

relevant period because he was an employee “in USP’s information technology department.”

AC ¶ 30. USP alleges that while employed by USP, Gentles “helped to grant Pitta access to

USP’s computerized database, thereby providing him with information concerning USP’s

1 In accordance with the standards governing motions under Rule 12(b)(6), Defendants presume the truth of the Complaint’s well-pleaded factual allegations for purposes of making this motion (but only for purposes of making this motion).


2

historical sales data from 1999 through 2007.” AC ¶ 31. Columbus, who is Pitta’s supervisor at

Playmakers, was allegedly aware that Pitta had access to information in USP’s database, and that

he purportedly provided some of that information to other Playmakers employees to utilize in

their own advertising sales. AC ¶ 36.

USP claims that it discovered that “the safety and security of its electronic data and

computer system was breached,” but does not allege when or how it made this purported

discovery. AC ¶ 38. It claims to have undertaken a “full technical audit by an outside vendor of

its information technology security systems to determine whether any damage had occurred,”

which purportedly cost “in excess of $1,500.” AC ¶ 39. USP does not identify the purported

“outside vendor.” AC ¶ 39.

Persons who are alleged to be “Databasaurus employees,” working on “behalf of USP,”

conducted an investigation of the computer systems utilized by USP in order to “determine

whether they had been damaged, ensure that they were in the same operating condition as they

were prior to the breach, determine how the unauthorized access could have occurred, and

evaluate potential remedial security measures to prevent further unauthorized access.” AC ¶ 40.

The alleged work of Databasaurus in this regard allegedly has resulted in a “cost to date” of

$4,500. AC ¶ 40. USP alleges vaguely that this cost “will be borne entirely by USP,” but does

not allege that USP has made any payments for the work. AC ¶ 40.

USP also purports to be “in the process of implementing remedial security measures in

response to the security audit and computer systems investigation.” AC ¶ 41. USP does not

allege that it has made any payments in connection with this purported work, offering nothing

more than “approximate” projections of the “total cost of these remedial measures.” AC ¶ 41-46.


3

LEGAL STANDARD

Where a complaint contains no more than “naked assertions devoid of further factual

enhancement,” or the allegations demonstrate only an “unadorned, the-defendant-unlawfully-

harmed-me accusation,” then it fails to state a claim under Fed. R. Civ. P. 8. Ashcroft v. Iqbal,

129 S. Ct. 1937, 1949 (2009) (internal alterations omitted). “Threadbare recitals of the elements

of a cause of action, supported by mere conclusory statements, do not suffice.” Id. at 1949 (citing

Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555 (2007)). Likewise, “where the well-pleaded facts

do not permit the court to infer more than the mere possibility of misconduct, the complaint has

alleged – but it has not ‘show[n]’ – ‘that the pleader is entitled to relief.’” Id. at 1950 (citing Fed.

R. Civ. P. 8(a)(2)). “To survive a motion to dismiss, a complaint must contain sufficient factual

matter, accepted as true, to ‘state a claim to relief that is plausible on its face.’” Id. at 1949

(citing Twombly, 550 U.S. at 570). In other words, in its complaint, “a plaintiff must provide the

grounds upon which his claim rests through factual allegations sufficient ‘to raise a right to relief

above the speculative level.’” ATSI Commc’ns, Inc. v. Shaar Fund, Ltd., 493 F.3d 87, 98 (2d Cir.

2007) (citing Twombly, 550 U.S. at 544).

In evaluating a motion to dismiss, courts draw on their “judicial experience and common

sense” to determine whether a complaint’s factual allegations nudge the claims “across the line

from conceivable to plausible.” Iqbal, 129 S. Ct. at 1950, 1951. Allegations that are “merely

consistent with” a defendant’s liability, or that raise a “sheer possibility” that a defendant has

acted unlawfully, are not sufficient to state a claim. Id. at 1949.


4

ARGUMENT

I. THE CFAA CLAIMS, WHICH ARE THE SOLE PURPORTED PREDICATE FOR FEDERAL JURISDICTION, FAIL TO STATE A REMEDIABLE CLAIM.

A. The Amended Complaint Fails to Allege that Gentles or Pitta Accessed a Protected Computer Without Authorization.

The CFAA gives rise to liability only in situations where a defendant has accessed a

“computer” in a manner that is “without authorization or exceeds authorized access.” 18 U.S.C.

§ 1030(a)(2). The Act defines “computer” as “an electronic, magnetic, optical, electrochemical,

or other high speed data processing device performing logical, arithmetic, or storage functions,

and includes any data storage facility or communications facility directly related to or operating

in conjunction with such device.” 18 U.S.C. § 1030(e)(1) (emphasis added).

USP’s Amended Complaint fails to make any unambiguous statement that Gentles or

Pitta actually accessed a computer as defined by the CFAA – that is, a “data processing device” –

without authorization. Instead, USP offers roundabout allegations that Pitta accessed a

“database,” a “computerized database,” and “information” concerning USP’s historical sales.

AC ¶¶ 29-32. None of these descriptors, however, meets the definition of a “computer” under

the CFAA. E.g., Cenveo, Inc. v. Rao, No. 08-CV-1831, 2009 U.S. Dist. LEXIS 90798 (D. Conn.

Sep. 30, 2009); GWR Med., Inc. v. Baez, No. 07-1103, 2008 U.S. Dist. LEXIS 19629, at *12

(E.D. Pa. Mar. 13, 2008) (granting motion to dismiss CFAA claim because CD-ROM does not

meet statutory definition of “computer”). This interpretation is particularly apt here, in light of

the fact that the CFAA “is primarily a criminal statute” and thus must be “construed narrowly.”

Jet One Group, Inc. v. Halcyon Jet Holdings, Inc., 2009 U.S. Dist. LEXIS 72579, at *20-21

(E.D.N.Y. Aug. 14, 2009); see also, e.g., Lockheed Martin Corp. v. Speed, 2006 U.S. Dist.

LEXIS 53108, at *23 (M.D. Fla. Aug. 1, 2006) (explaining that, to the extent the CFAA contains


5

ambiguous terms, “the rule of lenity, a rule of statutory construction for criminal statutes,

requires a restrained, narrow interpretation”).

The Amended Complaint is deliberately vague and circumspect about precisely what

Pitta did, and through what particular mechanism, that purportedly violated the CFAA. The only

reference to Pitta accessing a “computer” is an allegation that “Pitta accessed the information

through an icon located on the desktop screen of his laptop computer.” AC ¶ 31. See also id. at

¶ 32 (“The laptop computer Pitta used to access USP’s computerized database was his personal

laptop.”) (emphasis added). Use of one’s own computer, of course, cannot qualify as

unauthorized access.

By contrast, USP never alleges that Pitta logged onto or otherwise accessed a USP-owned

computer, or the USP computer network – because he did not. Notably, the Amended Complaint

does make reference to the “several centralized computer servers” that contain copies of the

database “in electronic form,” AC ¶ 17, but never once does it allege that Pitta accessed any of

these computer servers, or any other computer maintained by, or for, USP.2 Had Pitta done so,

then USP would offer a clear allegation of the circumstances of that access (i.e., the date and

time of the particular occasions). Absent such allegations of access to a USP computer, as

defined by the CFAA, no cause of action exists against Pitta.

Likewise, the Amended Complaint fails to allege that Gentles accessed a computer as

defined under the Act. It alleges that Gentles “provided information to Pitta,” and “helped to

grant Pitta access to USP’s computerized database, thereby providing him with information

concerning USP’s historical sales,” see AC ¶¶ 30, 31, but does not allege that he accessed a

2 USP’s assertion that its so-called “computerized database” is a “‘protected computer’ under the CFAA” is a bare legal conclusion entitled to no deference on a motion to dismiss. AC ¶ 56.


6

computer as defined under the Act.3 Even if allegations regarding Gentles accessing a

“computerized database” could be deemed to constitute a proper allegation of “access[ing] a

computer” under the Act, the Amended Complaint would still fail to state a claim because it

expressly concedes that “Gentles was authorized to use and access USP’s computerized database

in the course of his employment.” AC ¶ 30. As many courts have held, the CFAA does not

apply to situations where an employee accessed his employer’s computer with authorization,

even if the employee misused or misappropriated information obtained from the computer. E.g.,

Jet One Group, Inc. v. Halcyon Jet Holdings, Inc., No. 08-CV-3980 (JS) (ETB), 2009 U.S. Dist.

LEXIS 72579, at *19 (E.D.N.Y. Aug. 14, 2009) (dismissing employer’s CFAA claim against

former employee, and noting that “limited Congressional intent in passing the CFAA” was to

“prohibit[] people from ‘hacking’ into someone else’s computer system.”). Situations where an

authorized user is “misusing and misappropriating information that he was freely given access

to” do not constitute “access without authorization” or “exceed[ing] authorized access” as

required to state a CFAA claim. Id. at *16-17 (emphasis in original); see also, e.g., Shamrock

Foods Co. v. Gast, 535 F. Supp. 2d 962 (D. Ariz. 2008) (granting motion to dismiss and rejecting

argument that CFAA provides civil action for employee’s authorized access of computer with

improper purpose, because such interpretation “would greatly expand federal jurisdiction by

conferring a federal cause of action whenever an employee accesses ‘the company computer

with “adverse interests” and such access causes a statutorily recognized injury.’”) (quoting

Lockheed Martin Corp. v. Speed, No. 05-cv-1580-Orl-31KRS, 81 U.S.P.Q.2D (BNA) 1669,

3 The Amended Complaint’s bare allegation that “Gentles intentionally accessed USP’s computer database without authority or in excess of his authority” is nothing more than an effort to parrot the elements of a civil CFAA claim. It is unsupported by any well-pled factual allegation, and for the reasons discussed above, does not constitute an allegation that Gentles accessed a “computer” as that term is used in the Act, i.e., a “data processing device.”


7

2006 U.S. Dist. LEXIS 53108, at *22 (M.D. Fla. Aug. 1, 2006). For this reason as well, the

Amended Complaint cannot be deemed to state a claim against Gentles under the CFAA.

B. The Amended Complaint Fails to Allege that USP Suffered a Loss of Data or an Interruption in Service to a Computer.

The CFAA is primarily a criminal statute, and provides a civil right of action only to a

“person who suffers damage or loss by reason of a violation of” the Act. 18 U.S.C. § 1030(g).

The Act defines “damage” as “any impairment to the integrity or availability of data, a program,

a system, or information.” 18 U.S.C. § 1030(e)(8). Here, the Amended Complaint does not

allege that USP ever lost the ability to access any data. Thus, USP cannot premise a private right

of action on the proposition that it suffered “damage” as defined in the Act.4

The CFAA defines “loss” as “any reasonable cost to any victim, including the cost of

responding to an offense, conducting a damage assessment, and restoring the data, program,

system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or

other consequential damages incurred because of interruption of service.” 18 U.S.C.

§ 1030(e)(11).5 “Courts have consistently interpreted ‘loss’ to mean a cost of investigating or

4 The absence of an allegation of “damage” means that USP’s assertion of liability pursuant to 18 U.S.C. § 1030(a)(5)(C) – which applies solely to conduct that “causes damage and loss” (emphasis added) – fails on its face. AC ¶ 54 (asserting liability under 18 U.S.C. § 1030(a)(5)(C)). USP’s assertions of liability under 18 U.S.C. §§ 1030(a)(2)(C) (at AC ¶¶ 50, 52) and 1030(a)(4) (at AC ¶ 51) fail because, among other reasons discussed herein, they are unmoored from an allegation of “loss” to USP that is related to an impairment in USP’s ability to access its computers or data contained thereon. 5 USP alleges that its purported “loss” consists of “a full technical audit by an outside vendor of its information technology security systems” with a cost “in excess of $1,500.” AC ¶ 39. It further alleges that employees of a purported third party, Databasaurus, conducted an “investigation of the computer systems utilized by USP” with a “cost to date”of $4,500.” AC ¶ 40. There is no allegation, however, that USP, as distinct from some other party not present in this litigation, has actually incurred these costs. Absent an allegation that these purported costs, as well as the “approximate” costs set forth at paragraphs 41-47, had actually been paid by USP as of the date that this action was filed, they are irrelevant to any effort by USP to satisfy the jurisdictional threshold of $5,000.


8

remedying damage to a computer, or a cost incurred because the computer’s service was

interrupted.” Lasco Foods, Inc. v. Hall & Shaw Sales, Mktg., & Consulting, LLC, 600 F. Supp.

2d 1045, 1052 (E.D. Mo. Jan. 22, 2009) (internal alteration omitted). Thus, the focus of the Act

is on the continuity of access to data that is stored on a protected computer, and the continuity of

use of the protected computer itself. As one court has stated, “an interruption of service is

necessary if the victim is claiming a loss from revenue lost, costs incurred, or other consequential

damages.” Klein & Heuchan, Inc. v. Costar Realty Info., Inc., No. 08-cv-1227-T-30EAJ, 2009

U.S. Dist. LEXIS 35025, at *9 (M.D. Fla. Apr. 8, 2009) (granting motion to dismiss CFAA

claim); see also id. at *10 (“Since CoStar never alleges an interruption of service, CoStar cannot

maintain a claim that it suffered a loss from lost revenue, costs incurred, or other consequential

damages.”); but see id. at *8-9 (citing and declining to follow decisions that have interpreted

“loss” under CFAA to encompass matters other than interruption in service).

The Amended Complaint does not allege facts that trigger issues related to impairment of

data or interruption of service, and thus fails to allege that USP suffered a loss. E.g., Jet One

Group, Inc. v. Halcyon Jet Holdings, Inc., No. 08-CV-3980 (JS) (ETB), 2009 U.S. Dist. LEXIS

72579, at *22 (E.D.N.Y. Aug. 14, 2009) (granting motion to dismiss because complaint did not

connect allegations of alleged data theft “to any ‘impairment’ to its computer system, ‘damage

assessment,’ data restoration expense, or ‘interruption of service.’”); see also id. at *19-20

(explaining that Act’s “narrow definitions [of “damage” and “loss”] are wholly consistent with a

limited Congressional intent in passing the CFAA – prohibiting people from ‘hacking’ into

someone else’s computer system, an act which can corrupt ‘the integrity or availability of data, a

program, a system, or information’ or lead to ‘interruption of service.’”); Garelli Wong &

Assocs. v. Nichols, 551 F. Supp. 2d 704, 710 (N.D. Ill. 2008) (holding that “civil violation of the


9

CFAA requires ‘impairment to the integrity or availability of data, a program, a system, or

information’ and ‘interruption in service.’”).

C. The Court Should Decline to Exercise Supplemental Jurisdiction over USP’s State Law Claims.

In light of USP’s failure to plead a cause of action under the CFAA, its claim for

conspiracy to violate the Act also fails as a matter of law. E.g., In re Orthopedic Bone Screw

Prods. Liab. Litig., 193 F.3d 781, 789 (3d Cir. 1999) (“The established rule is that a cause of

action for civil conspiracy requires a separate underlying tort as a predicate for liability.”). The

CFAA was the Amended Complaint’s sole purported basis for federal jurisdiction. AC ¶ 10

(stating under “Jurisdiction and Venue” heading that “suit is predicated on a violation of the

Computer Fraud and Abuse Act.”). If the Court deems the CFAA claims deficient, Second

Circuit precedent dictates that it should decline to exercise supplemental jurisdiction over the

remaining state law claims. As one court recently explained in dismissing state law claims along

with a CFAA claim, “the Second Circuit has held, as a general proposition, that if all federal

claims are dismissed before trial, the state claims should be dismissed as well.” Cenveo, Inc. v.

Rao, No. 08cv1831(JBA), 2009 U.S. Dist. LEXIS 90798, at *12 (D. Conn. Sep. 30, 2009)

(alterations and internal quotation marks omitted). This approach is all the more appropriate

here, where the New York County Supreme Court has already presided over a similar case

involving USP and Pitta, as discussed at P

Exhibit A - The Am Law Daily · 2010. 12. 9. · January 12, 2009 until March 25, 2009 (recorded...

Documents

Transcript of Exhibit A - The Am Law Daily · 2010. 12. 9. · January 12, 2009 until March 25, 2009 (recorded...