Dana B.
Taschner [SBN 135494]
LAW OFFICES OF
DANA B. TASCHNER
Telephone (949)
644-7718
Attorney for
Individual and Representative Plaintiff,
The Proposed
Class and General Public
SUPERIOR COURT
OF THE STATE OF
FOR THE
|
MARCY
LEVITAS HAMILTON, Individual and Representative for all others similarly
situated and the General Public, v. MICROSOFT
CORPORATION; and DOES 1 through 100, Defendants. ____________________________________ |
) )))))))))) ) ) ) ) |
CASE
NO. CLASS ACTION COMPLAINT JURY
TRIAL DEMANDED |
|
|
|
|
Individual
and Representative Plaintiff Marcy Levitas Hamilton on behalf of herself and
all others similarly situated, and on behalf of the General public, alleges:
NATURE OF THE CASE
Microsoft
Corporation (“Microsoft”) is the largest worldwide producer of software,
services and Internet technologies for personal and business computing. In this class action lawsuit, Plaintiffs and
the class seek a remedy against Microsoft for unfair business practices and
violations of
JURISDICTION AND VENUE
This
Court has jurisdiction over this action pursuant to Code of Civil Procedure
Section 410.10. No federal; claims or
right is alleged herein. Venue is proper in this court. Plaintiff resides in this County and the acts
of Microsoft occurred in this County.
THE PARTIES
Plaintiff
Marcy Levitas Hamilton, a resident of
Defendant
Microsoft is a
Does
1 through 100 are persons whose identities are unknown to plaintiff at this
time. Defendant Does 1 though 100 are
business entities controlled by, and/or agents of and/or employees and/or
affiliated with Defendant. Plaintiff is
ignorant of the true names and capacities of the Doe defendants sued herein
under fictitious names Does 1 through 1000, and they are sued pursuant to Code
of Civil Procedure 474. When Plaintiff
becomes aware of the true names and capacities of the Doe Defendants, Plaintiff
will amend this Complaint to state their true names and capacities.
/
/
FACTUAL ALLEGATIONS
A. Microsoft
Corporation
Microsoft Corporation is
the largest worldwide producer of software, services and Internet technologies
for personal and business computing.
In August 1989,
Microsoft introduced Office Suite. In
May 1990, Microsoft launched Windows 3.0.
In August 1995, Microsoft launched Windows 95. In June 1998, Microsoft launched Windows
98. In February 2000, Microsoft launched
Windows 2000. In June 2000, Microsoft
announced .NET software: next generation Internet services. In May 2001, Microsoft launched Office
XP. In October 2001, Microsoft launched
Windows XP. In February 2002, Microsoft
launched Visual Studio .NET. In November
2002, Microsoft and partners launched TabletPC.
In April 2003, Microsoft launched Windows Server 2003. Microsoft operates numerous
business units, including:
·
Windows Client, including the Microsoft
Windows XP desktop operating system, Windows 2000, and Windows Embedded
operating system.
·
Information Worker, including
Microsoft Office, Microsoft Publisher, Microsoft Visio, Microsoft Project, and
other stand-alone desktop applications.
·
Business Solutions, with business
process applications, and bCentral business services.
·
Server Platforms, including the Microsoft
Windows Server System integrated server software, software developer tools, and
MSDN.
·
Windows CE & Mobility, featuring mobile
devices including the Windows Pocket PC, the Mobile Explorer micro browser, and
the Windows phone software platform.
·
MSN, including the MSNnetwork, MSN
Internet Access, MSNTV, MSN Hotmail and other Web-based services.
(“hereinafter collectively referred to as
“Microsoft Operating Systems”)
Microsoft
has diversified business relationships with thousands of businesses and
organizations, Microsoft Certified Partners, Value Added Resellers, and System
Builders.
On May 18, 1998, the United States of
America and the Attorneys General for 20 states and the District of Columbia
filed related legal actions against Microsoft alleging, inter alia, that
(i) Microsoft violated Section 1 of the Sherman Act by allegedly tying its
"Internet browser software" to Microsoft’s Windows 95 and 98
operating systems; (ii) Microsoft
violated Section 1 of the Sherman Act by entering into purportedly
exclusionary agreements with Internet Service Providers, Internet Content
Providers and Online Services relating to the promotion and distribution of
Internet Explorer; (iii) Microsoft
violated Section 2 of the Sherman Act by unlawfully maintaining a
monopoly in a "market" restricted to personal computer operating
systems; and (iv) Microsoft violated Section 2 of the Sherman Act by attempting
to monopolize a "market" for Internet browsers.
At
all times relevant to this class action plaintiff and Class were direct
purchasers of the Microsoft operating systems.
B. Internet Cyber Attacks - Viruses,
Consumers and businesses have embraced the
Internet as means of communicating, sharing information, and transacting
business. Unfortunately, consumers and businesses are increasingly subjected to
security failures and various “cyber attacks” that can severely cripple
computer systems, compromise data stored on personal computers and computer
databases, and cause loss, damage and/or injury.
The vast majority of successful Internet attacks
are attributable to major vulnerabilities in Microsoft’s operating system
software, which is used by more than 90% of computer users. Microsoft’s
operating systems are closely integrated with numerous other Microsoft applications
creating a very complex computer code containing numerous security holes that
can be exploited. The popularity of the software and its complexity has made
Microsoft’s operating systems a prime target of online attacks.
Small malicious computer programs known as
viruses are easily spread throughout the Internet and computer network systems
causing a variety of damage. They can slow down or shut down websites, computer
systems, or computer network; erase or compromise data; or even give an unauthorized
party complete access and control over a computer system and all its data.
A computer virus is a piece
of program code that behaves much like a bilogical virus. The computer virus
makes copies of itself and spreads by attaching itself to another computer
programs (usually a computer operating system), often causing damage to the
infected computer system. Many viruses replicate themseleves rapidy, infecting
other computer programs. Computers that
share or use infected computer files also become carriers and help to further
spread the virus.
A computer “trojan” (named after the Trojan
Horse) is similar to virus except that it does not attach itself to another
program. Rather, a “trojan” is often disguised as a legitimate program claiming
to perform a useful function, but which actually contains damaging instructions
hidden inside their code. When someone installs or utilizes the trojan, the
trojan carries out it malicious instructions.
Many viruses are destructive. Some are designed to damage
or interefere with proper functioning
operating systems and other programs. More malicious viruses may be
programmed to erase files or even format hard disks (resulting in total loss of
data on that disk). Some viruses are programmed to to give unauthorized parties
complete access to computer.
A computer worm is another type of computer virus. Unlike
a virus, worm is a self-contained program that does not need to be part of
another program to replicate and propagate itself. Like a virus, a worm may be
designed to do any number of things, such as modify or delete files. Unlike
viruses, worms spread without human interaction. As such they are capable of
spreading very quickly. The September 2001 Nimda Worm infected over two million
systems in a three day period.
Such
attacks may be used to disrupt and harm
businesses or government entities. They may be used to steal or destroy
personal information from unsuspecting consumers. Theft of online data may
result in unauthorized use of personal, financial, or even medical information,
resulting in identity theft. Moreover, viruses can be used to clog computer
networks, negatively impacting entire industries worldwide. Online attacks
present a threat to the Genral Public, to commerce and to national security. Virulent new worms that exploit vulnerable Microsoft operating
systems and programs and may infect hundreds of thousands of computers in
seconds creating a serious threat for Internet users worldwide.
C. Number and Scope of Virus Attacks is Substantial and Growing
The number of devastating virus attacks has and continues
to rapidly grow, in large part due widespread consumer and business reliance on
Microsoft’s operating systems and products. A copy of the “Current Microsoft
Product Support Security Response Team Virus Alert” of September 30, 2003 is
attached hereto as Exhibit A and incorporated herein by reference. Industry estimates place the number of
attacks now occuring in North America in excess of eight million each week. Microsoft operating systems such as Windows,
which are used by more than 90% of the public, are highly susceptible to a
variety of “cyber attacks” in large part due the complexity and the popularity
of the operating system(s).
In June 2003, the SQL slammer worm attacked Microsoft SQL
Servers causing widespread problems on the Internet. In August 2003, two major
worms named the Sobig worm and the Blaster worm began to aggresively attack
several millions of Microsoft Windows computers, resulting in the largest
down-time and clean-up cost ever, prompting a widespread call for government
action to prevent further damages from Windows worms.
On information and belief new worms or virus are
propagating at this time in October 2003 at levels closely approximated at—or
exceeding—the “So Big” virus. Some hosting companies are reporting millions of
attempted penetrations, in numbers approximating the attacks experienced during
the “So Big” virus.
D. Microsoft’s Virtual
Monopoly Has Created a Global Security Risk
In the context of the security
threats outlined above, Microsoft’s eclipsing dominance in desktop software has
created a global security risk. As a result of Microsoft's concerted effort to
strengthen and expand its monopolies by tightly integrating applications with
its operating system, as well as its success in achieving near ubiquity in
personal computing, the world's computer networks are now susceptible to
massive, cascading failures.
E.
Microsoft Integration and
Complexity Promotes Vulnerability
Microsoft's
attempts to tightly integrate numerous computer applications with its operating
system have significantly contributed to excessive complexity and,
consequently, vulnerability.
Microsoft
is run on approximately 90 percent of all desktops, and very large numbers of
systems are vulnerable to attacks as the vast number of connections among
Microsoft-based computers enables the rapid spread of denial-of-service and
other attacks.
Microsoft's
operating systems are notable for their complexity. The near universal
deployment of Microsoft operating systems is highly conducive to cascade
failure, with such cascades already demonstrating an ability to disable
critical infrastructure and compromise business, personal and financial data.
The
volume of Windows-based systems and their variety of uses suggests security
breaches may occur in potentially every forum, organization, business, school,
hospital and household. Recent attacks have caused damaged or data compromise
at myriad points, from immigration computers to emergency 911 systems.
In
August 2002, Microsoft announced that serious security failures found in
Microsoft Office, including Windows 2000, Windows XP and Internet Explorer
could permit hackers to read, compromise and alter files. Plaintiffs allege on information and belief
that Microsoft is aware that their marketplace dominance and widespread
strategic positioning of their operating systems increases security risk.
Rapid
response by Microsoft to known or potential security risks is critical.
Plaintiff alleges on information and belief that Microsoft has failed to
provide adequate and effective notice of security risks created in part due to
Microsoft application integration and complexity. Plaintiff alleges on information and belief
in known instances of security breaches that Microsoft has failed to provide
adequate and effective notice of known attacks, causing substantial loss,
damage and injury.
Plaintiff
alleges that greater future loss, damage and injury may be expected, and is now
anticipated by many industry experts.
Significant action is required in the directing of Microsoft, requiring
improved notice and safeguarding of data and information, advanced and
effective disclosure of potential security breaches due to Microsoft
integration and complexity, and prompt and effective notice of compromised
personal, private, confidential, medical, financial or other sensitive
information.
The
recent “bug bear” worm and other harmful viruses have recently disabled online
security firewalls and anti-virus devices.
The worms prepared a port through which remote instructions of the
hacker could pass, allowing the hacker to access passwords, view and compromise
computer data and monitor mouse and keyboard stroke events. The bugbear worm exploited vulnerabilities
known in the Microsoft OS for many months.
Due
to the growing proliferation of computers and networks, the growing
interconnectedness of the Internet, the increasingly inexpensive and available
tools available for hacking, and the near universal use by computer users of
Microsoft operating systems, cyber-attacks are reasonably expected to increase
with a consequent and correlating increase in access and compromise of
personal, private, confidential, medical and financial information and data.
Plaintiff
and Proposed Class Representative experienced unauthorized access, use and
theft use of her personal data and social security number, experiencing damage
to financial and bank account data, information and financial holdings, which
plaintiff alleges was due to the failure of Microsoft to provide adequate
security, and the failure to provide plaintiff with adequate notice of the
vulnerability of online data and information transmitted through Microsoft
operating systems.
F. Microsoft Response to Security Vulnerability is Not Sufficient to Protect Important and Vital Information and Data
In
response to the growing number of cyber-attacks and their attempts or success
in penetrating Microsoft operating systems, Windows and Internet Explorer,
Microsoft has issued alerts, occasionally rising to the “critical” threshold,
along with providing a serial patch. A
copy of the Microsoft TechNet Security Page: Troubleshoot & Maintain of
During
the last year, Microsoft issued over 50 security warning of such technical
complexity that a normal member of the General Public could not reasonably
understand the security warning and/or could not implement the Microsoft
distributed security patches before the fast moving hackers could move to
exploit the Microsoft publicized weakness.
Thus, while Microsoft has issued strings of alerts, they cannot be
understood by the General Public and the method of delivery of the warning has
actually increased the probability of harm from hackers who are educated by the
information about the flaws and potential breach in the operating systems as
described by Microsoft.
/
G. Need
for Court Determination and Intervention is Great
It
is Plaintiff’s belief that Microsoft is aware of widespread and serious
security breaches with regard to the Microsoft operating systems. On
The
need for court intervention and judicial relief is great. The General Public is daily becoming more
reliant on computers, networks and technology to communicate, purchase and
transmit information and data. The
conduct of Microsoft is not sufficient under the law and is not enough to
protect plaintiff, the proposed Class or the General Public.
CLASS
ACTION ALLEGATIONS
1. Plaintiff
brings this action on her own behalf and on behalf of all others similarly
situated as members of the proposed Plaintiff Class. The proposed Plaintiff
Class that plaintiff represents is defined as follows: All natural persons,
businesses and organized entities nationwide who have purchased, licensed or
used Microsoft operating systems. Excluded from the class are Defendants, and
entities in which Defendant has a controlling interest, any employees,
officers, directors of Defendant, and any legal representative, assigns,
successors of Defendants, and any judge assigned to hear this case.
2. This
action is brought and may be properly maintained as a class action pursuant to
California Code of Civil Procedure Section 382 and Civil Code Section 1798.82,
as well as under Federal Rule of Civil Procedure 23(a)(1-4), 23 (b)(1)(2) or
(3), and case law thereunder, to which the California trial courts have been
directed for guidance by the California Supreme Court.
3. Members
of the class are so numerous, consisting of millions of individuals, that the
joinder of all such persons is impracticable and that the disposition of their
claims in a class action rather than in individual actions will benefit the
parties and the court. The numerosity of
the Class is clearly satisfied under California Code of Civil Procedure Section
382, Civil Code Section 1781(b)(1).
Federal Rule of Civil Procedure 23(a)(1).
4. There is a well-defined community of
interest in the questions of law and fact involved affecting the plaintiff
class satisfying California Code of Civil Procedure Section 382, Civil Code
1781(b)(2). Federal Rule of Civil
Procedure 23(a)(2). Common questions of
law and fact predominate over the questions affecting only individual class
members. The claims of the plaintiff are typical of those of the class and
plaintiff will fairly and adequately represent the interests of the case.
5. Plaintiffs claims are typical of those
of each class member as plaintiff, like other member of the Class, has been
exposed to the same violations and conduct, and is entitled to relief under the
same causes of actions as other members of the Class satisfying California
Civil Code Section 1781(b)(3). Federal
Rule of Civil Procedure 23(a)(3).
6. Plaintiff is an adequate representative
of the Class as her interests do not conflict with the interests of the members
of the Class, and she has retained counsel competent and experienced in complex
class action litigation, and they intend to vigorously prosecute this
action. The interest of members of the
Class will be fairly and adequately protected by Plaintiff and counsel.
7. There is no plain, speedy, or adequate
remedy other than by maintenance of this class action, making it economically
unfeasible to pursue remedies other than a class action. Consequently, there
would be a failure of justice but for the maintenance of the present class
action.
8. The class action is superior to other
available means for fair and efficient adjudication of claims. Individual prosecutions would prove
burdensome and expensive given the complex and extensive litigation
necessitated by the claims presented.
Additionally, it would be virtually impossible for the members of the
Class individually to seek redress for wrongs.
Even if individual class members could afford individual prosecution,
the judicial systems cannot. Individual
prosecution presents a potential for inconsistent or contradictory
judgments. Individual litigation of the
complex legal and factual issues presented increases delay and expense for all
parties and the courts. Conversely, class action treatment will result in
substantial benefits to the litigants, courts and public by permitting the
Court to address and resolve claims based upon a single set of proof in a case
where the individual costs of litigation these claims would make class action
litigation more economical and cost effective that individual litigation.
9. The prosecution of individual remedies
by members of the plaintiff class would tend to establish inconsistent
standards of conduct for the defendant and to result in the impairment of class
members’ rights and disposition of their interests through actions to which
they were not parties.
10. In the alternative, this action is
certifiable under the provisions of Rule 23(b)(1)(2) and/or (b)(2) of the
Federal Rule of Civil Procedure, which have been found applicable to the State
of California, as (a) the prosecution of separate actions by the individual
members of the Class would create a risk of inconsistent or varying
adjudications with respect to individuals Class members that would establish
incompatible standards for Defendant Microsoft; (b) the prosecution of separate
actions by individual class members would create a risk of adjudications with
respect to Microsoft that would be dispositive of the interests of other Class
members not party to the adjudication, or substantially impair or impede such
Class members ability to protect their interests; and/or (c) Microsoft has not
acted on grounds generally applicable to the Class, making appropriate final declaratory or injunctive
relief with respect to the Class as a whole.
FIRST CAUSE OF
ACTION
(Unfair Competition)
11. Plaintiff hereby incorporates the
preceding allegations as though set forth in full.
12. Pursuant to California Business and
Professions Code sections 17200 et seq., and the common law of unfair
competition, the business practices of defendants, described above, are, and
have been, unlawful, unfair and deceptive.
13. Plaintiff, on behalf of himself, and on
behalf of the general public, seeks all remedies and relief pursuant to the
provisions of Business and Professions Code sections 17200 et seq., including,
inter alia, injunctive relief, restitution and the disgorgement of money
acquired by means of the unlawful and unfair business practices alleged above.
14.
As a
result of defendants’ unlawful and unfair business practices, Plaintiff has
suffered damages in an amount that will be established during the trial. Plaintiffs will also suffer irreparable harm
if defendants’ conduct is not enjoined.
15.
Defendant’s
conduct is willful, deceptive, and oppressive, thereby entitling Plaintiff to
an award of punitive damages.
SECOND CAUSE OF
ACTION
(Violation of California’s Consumers’
Legal Remedies Act)
16. Plaintiff hereby incorporates the
preceding allegations as though set forth in full.
17. Pursuant to California Consumer’s Legal
Remedies Act, Civil Code sections 1750 et seq., to protect consumers against
unfair business practices, unfair competition, and false advertising.
18. In connection with the sale and license
of Microsoft operating systems to plaintiff and the Class, Defendant has
violated Civil Code Section 1770(a)(19) by inserting an unconscionable
provision in license agreements and or terms of use agreements. A true and
correct copy of the Microsoft Terms of Use Agreement is attached as Exhibit D
and incorporated herein by this reference.
19. As a direct and proximate result of the
above conduct, Plaintiff has suffered damages.
Plaintiffs have not complied with the notice requirements of Civil Code
Section 1782, and therefore do not at this time seek damages to this cause of action. Plaintiffs do intend to comply and thereafter
amend the Complaint as permitted under Civil Code Section 1782(d).
THIRD CAUSE OF
ACTION
(Violation of California Civil Code
Section 1798.82 Requiring Notification of Security Breaches Involving Personal
Information of California’s Consumers’ Legal Remedies Act)
20. Plaintiff
hereby incorporates the preceding allegations as though set forth in full.
21. Section
§ 1798.82 et seq. of the
California Civil Code (California Security Act or “CSA”), requires companies
doing business in California to provide notice to California residents of any
computer security breach that allowed an unauthorized person to acquire such
resident’s personal information. The Act
was designed to address the risk of identity theft stemming from the
ever-increasing stores of personal information maintained in computer
databases.
22. The CSA applies to any person or business
that conducts business in California and owns or licenses computerized data
that includes unencrypted personal information of California residents. CSA also applies to any business that
maintains data. Under CSA, companies are
required to notify the owners or licensees of data who are then required to
notify affected California residents of a security or data breach.
23. CSA’s disclosure requirements have been
triggered as there is a breach of the security of California resident computer
systems containing data, and Microsoft has discovered or received notification
of such breach, or Microsoft reasonably believes that data has been acquired by
an unauthorized person. The Microsoft
operating systems have been compromised as set forth above and incorporated
herein by this reference. Microsoft has
discovered or has knowledge and reasonable belief that unauthorized acquisition
of computerized data that compromises the security, confidentiality, or
integrity of personal information maintained by the person or business. 24. CSA requires that disclosure of a date by
breach be made in “the most expedient time possible and without unreasonable
delay.” CSA requires that Microsoft
provide notice by actual notice, in writing or electronically, or
by substituted notice via e-mail, web sites and statewide media.
25. CSA provides
for private actions for damages and injunctive relief, and plaintiffs seek both
compensatory damages and injunctive relief.
The remedies sought by plaintiff are both appropriate and necessary to
protect the public and to force Microsoft to place a higher priority on
informing the public and about their data security.
26. In connection
with the sale and license of Microsoft operating systems to plaintiff and the
Class, Defendant has violated Civil Code Section 1798.
27. As a direct
and proximate result of the above conduct, Plaintiff and the Proposed Class
have been injured and suffered damages and are entitled to injunctive relief in
order to avoid further injury and damage.
FOURTH CAUSE OF
ACTION
(Declaratory Relief)
28. Plaintiff hereby incorporates the
preceding allegations as though set forth in full.
29.
An
actual controversy exists between plaintiff and defendants concerning their
respective rights and duties.
Accordingly, Plaintiff and the Class request class-wide equitable relief
in the form or a court determination of the rights of Plaintiffs and the Class
and the corresponding rights of the Defendant.
30. Plaintiff is informed and believes and on
that basis alleges defendant disputes the contentions.
31. A judicial declaration is necessary and
appropriate to avoid a multiplicity of actions in the future.
PRAYER FOR RELIEF
WHEREFORE,
Individual and Representative Plaintiffs request of this Court the following
monetary and declaratory relief for themselves and all others similarly
situated.
1.
For
an order certifying the proposed Class herein under Code of Civil Procedure
section 382 and Civil Code section 1781 and appointing Plaintiffs and their
undersigned counsel of record to represent the Class;
2. Injunctive relief restraining defendants, their agents, servants, employees, successors and assigns, and all others in concert and privity with them, from violating state laws, and from engaging in unfair and deceptive trade practices;
3. For an order requiring Defendants to
provide adequate and effective notice of security threats and breaches pursuant
to California Civil Code section 1798;
4. For an order requiring Defendants to
restore any money or property that Defendants may have acquired as a result of
any act or practice constituting unfair competition under Business &
Professions Code section 17200;
5. For any additional orders necessary to
restore to the general public any money or property that Defendants may have
acquired as a result of any act or practice constituting unfair competition
under Business & Professions Code section 17200, including the appouintment
of a receiver pursuant to Business & Professions Code section 17203;
4.
For
distribution of any moneys recovered on behalf of the general public or the
class of similarly situated consumers via fluid recovery or cy pres
recovery or where necessary to prevent Defendant from retaining the benefits of its wrongful conduct as
provided in California v. Levi Strauss & Co. (1986) 41 Cal.3d 460
and People v. Thomas Shelton Powers, M.S. Inc. (19912) 2 Cal.App. 4th
330;
5.
For
permanent injunctive relief preventing each Defendant from engaging in any act
or practice constituting unfair competition under Business & Professions
Code section 17200, and requiring each Defendant to take appropriate acts
needed to prevent future deception;
6.
For
compensatory and consequential damages suffered by Plaintiff and the members of
the Class, except that no damages are currently sought on Plaintiffs’ Cause of
Action pursuant to the Consumers Legal Remedies Act;
7.
Exemplary
damages, except that no damages are currently sought on Plaintiffs’ Cause of Action
pursuant to the Consumers Legal Remedies Act;
8.
Restitution
and disgorgement of money received by defendants as a result of their wrongful
conduct;
9.
For
Plaintiffs’ Attorneys’ fees;
10.
For
Pre-judgment interest;
11.
For
costs of suit;
12.
For
trial by jury; and
13.
And
for such other and further legal and equitable relief in favor of Plaintiffs as
this Court may deem proper.
Dated:
September 30, 2003 LAW
OFFICES OF DANA B. TASHCNER
By: ____________________________________
DANA
B. TASCHNER
Attorney
for Plaintiff and Proposed Class