Can an Internet service provider successfully sue a company for sending unsolicited bulk email through its computer systems, alleging violations of federal and state computer crime laws, as well as common law torts?

AOL, a Delaware corporation providing email and internet services, experienced a significant influx of unsolicited bulk email (UBE) targeting its members. The UBE originated from e-mailers contracted by NHCD, an Iowa corporation selling discount optical and dental service plans. Forrest Dayton, the primary e-mailer, along with others, harvested AOL member email addresses and sent millions of UBE messages through AOL's systems to generate sales leads for NHCD. This practice violated AOL's policies prohibiting members from sending UBE or harvesting email addresses.

The scale of the UBE campaign was substantial, with AOL receiving over 152,805 complaints related to NHCD's messages. AOL estimated that NHCD sent over 76 million UBE messages through its system, resulting in direct costs to AOL of at least $59,594. NHCD benefited from this campaign, receiving 393,260 leads for which it paid its e-mailers $612,577.75. NHCD maintained that it had no knowledge of the specific methods employed by the e-mailers to generate these leads.

AOL initiated the legal proceedings by filing a seven-count complaint against NHCD on December 18, 1998. NHCD responded with an answer and a counterclaim. Subsequently, AOL moved for partial summary judgment on several counts, including violations of the Computer Fraud and Abuse Act and the Virginia Computer Crimes Act, as well as claims of trespass to chattels, civil conspiracy, and unjust enrichment. NHCD opposed AOL's motion and filed its own cross-motion for summary judgment. The court denied NHCD's cross-motion. On April 17, 2000, the court heard oral arguments on the pending motions.

(Zoss, J.)

No. An Internet service provider cannot successfully sue a company for sending unsolicited bulk email through its computer systems based solely on allegations of federal and state computer crime law violations and common law torts. The legal standards for establishing liability in such cases are complex and fact-dependent. For claims under the Computer Fraud and Abuse Act (CFAA), unresolved issues of fact exist regarding whether access was "without authorization" and whether the requisite damage occurred. These factual disputes preclude summary judgment. Similarly, for state law claims like the Virginia Computer Crimes Act (VCCA), liability hinges on whether the e-mailers were acting as agents of the company, which remains a disputed factual issue. Trespass to chattels may be established for individual actors, but company liability again depends on unresolved agency questions. Civil conspiracy claims require a higher burden of proof that was not met in this case. Unjust enrichment claims face hurdles when other legal remedies are available. The critical unresolved factual issue across multiple claims is whether the e-mailers were acting as agents of the company. This agency relationship must be definitively established to impose liability on the company for the actions of individual e-mailers. Without clear evidence of such an agency relationship, the Internet service provider cannot prevail on summary judgment for its various claims. The complexity of these legal issues and the presence of material factual disputes necessitate a full trial to determine liability.