United States District Court, D. Massachusetts
NATIONAL NETWORK OF ABORTION FUNDS, EASTERN MASSACHUSETTS ABORTION FUND, GATEWAY WOMEN’S ACCESS FUND, KENTUCKY HEALTH JUSTICE NETWORK, NORTHWEST ABORTION ACCESS FUND, and PRETERM ACCESS FUND, Plaintiffs,
MATTHEW JAMES DAVID and JOHN DOES #1–15, Defendants.
OPINION AND ORDER
A. O’TOOLE, JR. SENIOR UNITED STATES DISTRICT JUDGE
National Network of Abortion Funds (“NNAF”) and
its co-plaintiffs are non-profit organizations that provide
advocacy, outreach, and financial assistance to people
seeking abortion services. They hold an annual on-line
fundraiser, dubbed the National Abortion Access Bowl-a-Thon.
According to their Amended Complaint, the 2016 Bowl-a-Thon
“was attacked by a malicious actor or actors who hacked
into the fundraising site to deliberately interrupt, block,
harass, and burden the Funds’ work in providing access
to abortions.” (First Am. Compl. ¶ 1 (dkt. no.
6).) “The attack shut down the Bowl-a-Thon fundraiser,
costing NNAF and its member funds hundreds of thousands of
dollars in lost donations, substantial fees, time, and
resources to address the attack and the loss of goodwill from
its donors and member organizations.” (Id.
¶ 2.) The complaint alleges that “Defendant
Matthew James Davis (‘Davis’) is the person
believed to be primarily responsible” for the attack
and disruption of the fundraising site. (Id. ¶
11.) “Defendants John Doe Nos. 1-15 are persons who, on
information and belief, may have participated in or assisted
Davis in carrying out” the attack. (Id. ¶
12.) The complaint asserts causes of action under the
Computer Fraud and Abuse Act, 18 U.S.C. § 1030, and the
Freedom of Access to Clinical Entrances Act, 18 U.S.C. §
who apparently resides outside this judicial district, has
moved under Federal Rule of Civil Procedure 12(b)(2) to
dismiss the claims as to him for want of personal
jurisdiction. He has also moved for dismissal of the claims
against him under Rule 12(b)(6) on the ground that the
factual allegations concerning his participation in the
relevant events are insufficient to state plausible claims
for relief under the now-familiar Twombly-Iqbal
standard. See Ashcroft v. Iqbal, 556 U.S. 662
(2009); Bell Atl. Corp. v. Twombly, 550 U.S. 544
plaintiffs’ central factual allegations are as follows:
2016 fundraiser was obstructed by a person or persons who
hacked into the Bowl-a-Thon website and disabled it through a
distributed denial of service (“DDoS”) attack.
The hacker or hackers impersonated the plaintiffs to send
donors emails falsely purporting to be from the plaintiffs,
and also gained access to donors’ financial and
personal identifying information.
attack began on April 7, 2016, when the hackers began
searching for vulnerabilities on the plaintiffs’ online
fundraising application, Blue Sky Business Application, a
hackers inserted a malicious code which was later activated.
On April 8, NNAF employees began noticing actions on the site
which seemed suspicious, such as an anonymous account posting
“strange” comments on registrant
pages. (First Am. Compl. ¶ 23.) NNAF asked
Blue Sky to investigate. A few days later, on April 11, the
hackers registered several accounts under names such as
“qwerty, ” “qwerty2, ” “adolph
hitler, ” and “hitler.” (Id.
next day, April 12, the website began to display the receipt
of “absurdly large” donations from registered
accounts, including one from the user “qwerty”
for $999, 999, 999. (Id.¶ 25.) “Minutes
later, ” NNAF’s twitter.com account
(“@abortionfunds”) received three consecutive
tweets from a Twitter account called
“@matthewjames.” The tweets congratulated NNAF on
“passing the $830 trillion mark” and added,
“you’re gunna [sic] make little boys and girls a
complete thing of the past!” (Id. ¶ 27.)
@matthewjames Twitter account itself indicated that it
belonged to “Matthew James Davis.” (Id.
¶ 28.) A website, located at www.davismj.me,
connected Matthew James Davis with another website,
www.Aurelia.io. That site is described as providing
desktop that leverages simple conventions to power
creativity.” (Id. ¶ 28.)
same day, the Bowl-a-Thon website appeared to receive $66
billion in fraudulent donations through a DDoS attack which
then caused the website to crash. Many of those donations
were made in the name of “Adolph Hitler.”
(Id. ¶ 35.) The donations were visible to all
registrants for several hours. Registrants also began
receiving emails alerting them to the donations.
April 14, the hackers gained administrative access to the
attack and stole personal identifying information of 2705
participants and 14, 333 donors. The intruders also stole 435
credit card numbers and infected 1054 profile pages.
(Id. ¶ 42–43.)
case, the inquiry into whether Davis is subject to this
Court’s exercise of personal jurisdiction over him
collapses into the inquiry into whether the complaint
plausibly alleges his involvement in the attack on the
Bowl-a-Thon fundraising site. If he did what the plaintiffs
suspect he did, then both the statutory and constitutional
bases for personal jurisdiction would be satisfied.
Contrariwise, if the complaint does not adequately allege his
participation in the destructive acts as described in the
complaint, then neither test would be satisfied.
Plausible Allegation of Liability
survive a motion to dismiss under Rule 12(b)(6), a plaintiff
must provide “enough facts to state a claim to relief
that is plausible on its face.” Iqbal, 556
U.S. at 697 (quoting Twombly, 550 U.S. at 570). A
complaint’s factual allegations may be “short and
plain, ” but they must “show that the pleader
is entitled to relief.” Fed.R.Civ.P. 8(a)(2).
“[W]here the well-pleaded facts do not permit the court
to infer more than the mere possibility of misconduct, the
complaint has alleged-but it has not
‘show[n]’-‘that the pleader is entitled to
relief.’” Iqbal, 556 U.S. at 679
(quoting Fed.R.Civ.P. 8(a)(2)). There is a difference between
facts that are “consistent with” the
plaintiffs’ claims and those allegations of fact ...