Skip Page Banner  
E-COMMERCE AND TECH LAW
BLOG

 

Wednesday, May 12, 2010

Goldman Sachs Defending ''Hot News'' Claim in New York Court

by Thomas O'Toole

RSS

 From DarkReading.com, a story about a federal lawsuit against Goldman Sachs and several unknown Goldman Sachs employees who allegedly logged into, and stole thousands of records from, the plaintiff's database of investor contact information. The database was protected by a restrictive license and by passwords.

The lawsuit has several aspects that make it worth watching. First, the plaintiffs claim that Goldman Sachs should be liable for its employees' violations of the Computer Fraud and Abuse Act. Few cases discuss the circumstances under which an employer can be held liable for an employee's CFAA violations. Cases like Butera & Andrews v. IBM Inc., No. 1:06-CV-647 (D.D.C. Oct. 18, 2006), create a high hurdle for plaintiffs, stating that intentional conduct on the part of the company must be proven to create CFAA liability.

Another interesting issue raised by the plaintiffs' CFAA allegations is the extent to which password-sharing can create an unauthorized access forbidden by the CFAA. No easy answer arises from the cases I've read. The complaint alleges that Goldman employees "used user identification information and passwords that did not belong to them and for which they were not authorized to use in order to access the Database." One recent decision, AtPac Inc. v. Aptitude Solutions Inc., E.D. Cal., No. 10-294, 4/29/10), collects some of the cases in this area and discusses the circumstances under which password misuse can be actionable under the CFAA. It matters whether the passwords were stolen, shared, or shared in violation of a license agreement. The complaint isn't clear on these facts, though the plaintiffs alleged repeatedly in the complaint that Goldman Sachs admitted that the accesses to the plaintiffs' database were unauthorized.

Obviously, access to a database in violation of a license can make the access unauthorized under the CFAA, Register.com Inc. v. Verio Inc., No. 00 Civ. 5747 (S.D.N.Y. Dec. 8, 2000). Unfortunately, the plaintiffs here neglected to attach the license agreement to its complaint, so it is not possible to say much more about this issue.

The second, and perhaps most, interesting aspect of the lawsuit is the plaintiffs' allegation that Goldman Sachs and its employees committed common law "hot news" misappropriation of the proprietary information in its database. This allegation seems inspired by the Southern District's recent dusting off and embrace of the "hot news" doctrine in Barclays Capital Inc. v. Theflyonthewall.com, No. 06-4908 (S.D.N.Y. March 18, 2010). I wonder how the plaintiffs will fare on this allegation. Goldman Sachs and the plaintiffs (Ipreo Holdings and Bigdough.com) do not seem to be competitors in the financial information business and the information involved is not "news" in any sense. From my reading of the complaint, the database at issue contains contact information on large investors. The complaint alleges that this information is rather dynamic, however, requiring constant updating. So there is enough there for the lawyers to argue about. It will be interesting to see if Barclays announced a narrow, fact-specific rule involving the unique facts of that case (as the court said) or it if created an entirely new form of intellectual property protection for databases.

Finally, it's ironic to see Goldman Sachs on the defense side of a "hot news" misappropriation claim. Leaving this particular litigation aside, Goldman Sachs, as a business, probably has a lot to gain from an expansive interpretation of the "hot news" doctrine.

The case is Ipreo Holdings v. Goldman Sachs & Co., No. 10-3702 (S.D.N.Y. complaint filed May 5, 2010).
Subscription RequiredAll BNA publications are subscription-based and require an account. If you are a subscriber to the BNA publication and signed-in, you will automatically have access to the story. If you are not a subscriber, you will need to sign-up for a trial subscription.

You must Sign In or Register to post a comment.

Comments (0)