Spammers must pay Facebook more than $360 million in statutory damages

After granting its Motion for Default Judgment, the District Court for the Northern District of California awarded Facebook statutory damages in the amount of $360,500,000 against a group of Defendants who illegally obtained login information from Facebook users and sent more than 7.2 million spam messages to those users in violation of Facebook's Statement of Rights and Responsibilities ("SRR"). Facebook, Inc. v. Fisher, 2011 WL 250395 (N.D. Cal. Jan. 26, 2011). The Court also permanently enjoined the Defendants from accessing or using the social networking site.

Facebook initially brought suit against the Defendants for violations of the Controlling the Assault of Non-Solicited Pornography and Marketing Act ("CAN-SPAM Act"), the Computer Fraud and Abuse Act ("CFAA"), Cal. Penal Code § 502, and Cal. Bus. & Prof. Code § 22948. The Complaint alleged that Defendants "obtained login credentials for at least 116,000 Facebook accounts without authorization" and "sent more than 7.2 million spam messages to Facebook users." Because Facebook's SRR explicitly prohibits users from employing "data mining 'bots' to gain access to users' login information" and distributing "unsolicited advertising on the website or . . . via e-mail," Facebook also sued Defendants for breach of contract pursuant to the SRR.

Facebook filed suit on December 14, 2009 and obtained a preliminary injunction. After the Defendants failed to file a responsive pleading, default judgment was entered in favor of Facebook. In its Complaint, Facebook sought the maximum penalty under the CAN-SPAM Act in the amount of $100 per violation, in addition to aggravated damages and treble damages under the California civil statute. The court acknowledged that while entry of default judgment operates to deem all well-pleaded allegations in the Complaint sufficient to establish liability, plaintiff's request for damages set forth in the Complaint are "not controlling." Thus, the Court was left to determine the proper penalty for the Defendants' misconduct.

Noting that it would be a violation of the Defendants' due process rights to impose damages "so severe and oppressive as to be wholly disproportioned to the offense," the court declined to award the over $2 billion sought by Facebook, although expressly declining to rule as to whether such an award would violate due process. Instead, the Court ordered statutory damages in the amount of $50 per violation, in addition to $500,000 under Cal. Bus. & Prof. Code § 22948.2, but declined to impose treble damages available under the Code section.

Furthermore, recognizing the Defendants' willingness to continue their "spam campaign" as evidenced by their complete disregard for Facebook's cease-and-desist letter, the Court granted Facebook's request for a permanent injunction prohibiting Defendants "from accessing and abusing Facebook services." In doing so, the Court noted that as a result of the Defendants' willful statutory violations, "Facebook has received more than 8,000 user complaints, and more than 4,500 Facebook users have deactivated their accounts."

(Published by E-Commerce Law - February 02, 2011)