To state a plausible claim under 18 U.S.C. § 1030, one must be guilty of gaining “unauthorized access” or “exceeding authorized access” to a protected computer system. But in this case, Defendants created a mockup of Koch’s website using information that Koch made “publicly available on the Internet, without requiring any login, password, or other individualized grant of access.” Cvent, Inc. v. Eventbrite, Inc., 739 F.Supp.2d 927, 2010 WL 3732183, at *3 (E.D.Va.2010). “By definition, therefore, [the defendants] could not have ‘exceeded’ [their] authority to access that data.” Id.
The Cvent court observed that the plaintiff’s claim was really a claim that a user with authorized access had used the information in an unwanted manner, not a claim of unauthorized access or of exceeding authorized access. Id. A majority of courts have concluded that such claims lie outside the scope of the CFAA. See id.; LVRC Holdings LLC v. Brekka, 581 F.3d 1127 (9th Cir.2009); Orbit One Communications, Inc. v. Numerex Corp., 692 F.Supp.2d 373, 383 (S.D.N.Y.2010); Lewis–Burke Assocs., LLC v. Widder, –––F.Supp.2d ––––, 2010 WL 2926161, at *5–6 (D.D.C.2010).
Similarly, in this case, Defendants were given unimpeded access to the information on Koch’s public website. Koch’s complaint is not that Defendants obtained the information without authorization, but rather that they ultimately used the information in an unwanted manner. The CFAA addresses only the act of trespassing or breaking into a protected computer system; it does not purport to regulate the various uses to which information may be put.