Facebook, Inc. v. Fisher, 2011 WL 250395, at *1 (N.D. Cal. Jan. 26, 2011).
Factual Background Edit
Facebook owns and operates an extremely popular social networking site that requires users to register and accept its Statement of Rights and Responsibilities (SRR) before gaining access. Defendant Phillip Perembski allegedly created PP Web Services, LLC for the purposes of obtaining Facebook login information from other users using phishing schemes and sending spam messages through the Facebook site. The Facebook SRR prohibits, among other things, spam or any other form of unsolicited advertising, as well as any activity that would impair the operation of Facebook’s website.
Trial Court Proceedings Edit
Facebook’s complaint alleges that Defendant Perembski is a registered Facebook user who is bound by the SRR. Facebook also alleges that Defendants obtained login information for at least 116,000 Facebook accounts without authorization, and that they sent more than 7.2 million spam messages to Facebook users.
On December 21, 2009, the Court issued a Temporary Restraining Order against the Defendants, enjoining the alleged phishing and spamming activities, and on January 7, 2010, the Court issued a preliminary injunction enjoining the alleged misconduct. Facebook subsequently obtained an entry of default against the Defendants and filed this action for a permanent injunction and statutory damages.
Following an entry of default, the well-pleaded allegations in a complaint are deemed true and sufficient to establish a defendant’s liability. While Facebook sought the maximum penalty available under the CAN-SPAM Act ($100 for each of Defendants’ 7.2 million violations), the Court reasoned that an award of $2,160,000,000 was not proportionate to the conduct of the Defendants. While a court may have wide discretion in awarding statutory damages, such an award may violate the due process rights of a defendant “where the penalty prescribed is so severe and oppressive as to be wholly disproportioned to the offense and obviously unreasonable.” Instead, for violations of the CAN-SPAM Act, the Computer Fraud and Abuse Act, California Penal Code §502, as well as the California Business and Professions Code §502, Defendants were ordered to pay Facebook statutory damages in the amount of $360,500,00 and were permanently enjoined from accessing and abusing Facebook services.