California computer data access and fraud act attorney fee petition mechanics: FBI IC3 internet crime complaint center report number as primary Welch anchor under Pen. Code § 502, unauthorized access elements and forensics advisory, and attorney fee petition advisory

IC3 report review and § 502(c) criminal violation elements and § 502(e) civil action theory advisory: calls on the FBI IC3 reporting and investigation calendar

The FBI IC3 Complaint Report Number — assigned at ic3.gov when the victim submits an Internet Crime Complaint Center report — is the primary Welch temporal anchor for Pen. Code § 502 CDAFA attorney fee billing documentation. California CDAFA practice is the ONLY practice area in the fee-petition-mechanics series where the primary Welch anchor is in an FBI IC3 INTERNET CRIME COMPLAINT CENTER REPORT — a federal law enforcement report created by the FBI when a victim reports internet crime through the federal ic3.gov portal. IC3 reports cover: ransomware attacks; business email compromise (BEC — fraudulent email impersonating executives or vendors to divert wire transfers); unauthorized employee access to employer's computer systems; corporate espionage; data theft; account takeover; phishing and credential theft. Victims typically file the IC3 report immediately after discovering the unauthorized computer access — before retaining civil counsel — making the IC3 report date the first documented federal government record of the § 502(c) violation and the Hensley lodestar start date. The IC3 report is distinct from a California local police report (which creates a California Law Enforcement Agency Incident Report, tier_zz) — both may be filed by the same victim for the same computer crime, but they are separate reports to separate agencies and create separate government records with separate reference numbers.

Three IC3 report and § 502(c) elements advisory call types generate untracked billing: (1) IC3 report review and § 502(c) criminal violation elements and § 502(e)(2) fee eligibility threshold analysis advisory — arrives when victim retains civil counsel after IC3 report is filed (requiring IC3 complaint number as primary Welch anchor; § 502(c) criminal violation elements required for § 502(e)(2) fee recovery: (i) 'knowingly' accessed the computer/computer system/computer network; (ii) 'without permission' or in excess of authorization; (iii) the access resulted in: alteration, damage, deletion, or destruction of data; or disruption of computer services; or introduction of ransomware or other malicious software; or fraudulent acquisition of money, property, or services; § 502(c)(7): using a computer system without authorization to make false or fraudulent representations — covers BEC-enabled wire transfer fraud where the attacker uses the victim's email system to impersonate the victim to third parties; 'without permission' California standard: CDAFA 'without permission' has been interpreted broadly — access by a former employee using still-active credentials after termination = 'without permission'; access by current employee to confidential data outside the scope of their job duties = may constitute 'without permission' under CDAFA; § 502(e)(2) fee trigger: 'if the facts are found to constitute a violation of any provision of subdivision (c)' — the civil plaintiff must prove § 502(c) criminal violation elements in the civil case to obtain fees — 42–48 min per call); (2) insider threat analysis and 'without permission' authorization scope and CDAFA vs. CFAA coverage advisory — arrives when unauthorized access was by employee or former employee (requiring insider threat scenarios: (A) former employee who copies company data before resignation — accesses data 'without permission' after termination letter date even if login credentials not yet revoked; (B) current employee who copies trade secrets outside job authorization scope — 'without permission' for data outside job duties under CDAFA (California standard, potentially broader than CFAA); (C) contractor who exceeds scope of contractual computer access authorization — 'without permission' analysis requires review of contractor agreement scope vs. actual access; LVRC Holdings LLC v. Brekka (9th Cir. 2009) narrow CFAA interpretation: federal CFAA 'exceeds authorized access' limited to accessing data the employee is not permitted to access, not using authorized access for unauthorized purpose — California CDAFA may reach broader insider conduct; concurrent California trade secret claim (Civ. Code §§ 3426 et seq.) — CDAFA + trade secret misappropriation concurrent claims; concurrent Computer Fraud and Abuse Act (18 U.S.C. § 1030) federal claim — 42–48 min); (3) ransomware attack or BEC incident response and § 502(c)(8) malicious software advisory — arrives when access involved ransomware or email compromise (requiring § 502(c)(8): 'introduce' a computer contaminant (ransomware, malware, virus) into computer system; 'introduce without permission' — distinct from mere unauthorized access: introducing malicious software requires affirmative malicious act; BEC (Business Email Compromise): attacker gains unauthorized access to victim's email system and uses it to impersonate victim to third parties (bank, vendor, employee) — fraudulent wire transfer diversion; IC3 complaint for BEC: IC3's Recovery Asset Team (RAT) can freeze wire transfers within hours of IC3 report — IC3 report date is critical for rapid asset recovery in BEC cases; § 502(c)(7) computer fraud: using computer access to make fraudulent representations to obtain money or property — covers the BEC diversion of wire transfers — 42–48 min). At 55% untracked: 7 clients × 2 calls × 42 min × 55% = 323.4 min / 60 = 5.39 hours = $1,617–$2,695/year at $300–$500/hr.

Computer forensics investigation and § 502(e)(2) qualifying expenditures and FBI criminal investigation coordination advisory: calls on the forensics and federal law enforcement calendar

The computer forensics investigation calendar — set by the forensic investigator's schedule, system availability, and the scope of the data breach — is entirely outside the civil plaintiff attorney's scheduling control. The FBI criminal investigation calendar — set by the FBI field office's case prioritization, grand jury scheduling, and federal investigative timelines — is similarly outside civil counsel's control. Advisory calls during the forensics and FBI investigation phases are systematically underlogged because they arrive on the forensic investigator's and FBI's calendars. Ketchum v. Moses 24 Cal.4th 1122 (2001). PLCM Group Inc. v. Drexler 22 Cal.4th 1084 (2000). Hensley v. Eckerhart 461 U.S. 424 (1983) lodestar from IC3 report date. Missouri v. Jenkins 491 U.S. 274 (1989) fees-on-fees.

Three computer forensics and FBI coordination advisory call types generate untracked billing: (1) computer forensics scope and § 502(e)(2) qualifying expenditures documentation advisory — arrives as victim engages forensic investigators (requiring § 502(e)(2) compensatory damages: expressly include 'any expenditure reasonably and necessarily incurred by the owner or lessee to verify that a computer system, computer network, computer program, or data was or was not altered, damaged, or deleted by the access' — forensics costs are statutory compensatory damages; forensic investigator engagement: identify scope of unauthorized access: (a) which systems were accessed; (b) what data was accessed, copied, modified, or deleted; (c) how the attacker gained access; (d) timeline of access from first entry to detection; forensic report as civil evidence: digital forensics expert witness for trial on § 502(c) elements; concurrent business losses: system downtime during forensic investigation; data restoration costs; security improvements required post-breach; customer notification costs if personal data was compromised — damages beyond § 502(e)(2) expressly mentioned; IC3 report date as lodestar anchor: all forensics advisory calls from IC3 report date forward are compensable in § 502(e)(2) fee petition — 44–50 min); (2) FBI criminal investigation monitoring and Fifth Amendment civil discovery coordination advisory — arrives as FBI investigates the same computer crime (requiring FBI IC3 referral process: IC3 triages complaints and refers to appropriate FBI field office for criminal investigation under 18 U.S.C. § 1030 (CFAA) criminal prosecution; FBI grand jury subpoena: FBI may subpoena records from ISPs, cloud providers, financial institutions — civil plaintiff's counsel monitors FBI PACER case filings for public information; if defendant asserts Fifth Amendment in civil depositions: adverse inference instruction to jury (California CACI 203); criminal conviction collateral estoppel: if defendant is convicted under 18 U.S.C. § 1030 (federal CFAA), the criminal conviction establishes § 1030 elements — and concurrent California § 502(c) analysis: California CDAFA and federal CFAA have substantially similar criminal elements, so federal CFAA conviction may be used as collateral estoppel in California § 502(e) civil case for overlapping elements; civil discovery stay pending criminal investigation: if FBI is actively investigating, civil counsel must assess whether to proceed with civil discovery immediately or delay to avoid prejudicing the FBI investigation or triggering defendant's Fifth Amendment invocation — 44–50 min); (3) defendant identification and jurisdiction analysis and § 502 civil action venue advisory — arrives when attacker must be identified for civil suit (requiring attacker identification: IP address geolocation, subpoena to ISP for subscriber information, email header analysis, cryptocurrency transaction tracing for ransomware payments; jurisdiction: California CDAFA (Pen. Code § 502) applies to conduct that 'disrupts or causes disruption to computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network in California' — California Superior Court jurisdiction exists even if attacker is located outside California; if attacker is located abroad: international service of process via Hague Convention or letters rogatory; default judgment strategy: if attacker is foreign and cannot be served, default judgment still preserves claim for asset attachment if attacker ever has California assets; concurrent FBI investigation may identify attacker location through international law enforcement cooperation (MLATs) — 44–50 min). At 55% untracked: 6 clients × 3 calls × 44 min × 55% = 435.6 min / 60 = 7.26 hours = $2,178–$3,630/year at $300–$500/hr.

§ 502(e)(2) attorney fee petition and California CDAFA vs. federal CFAA lodestar segregation advisory: calls on the post-judgment calendar

Pen. Code § 502(e)(2): 'If the facts are found to constitute a violation of any provision of subdivision (c), the injured party may... recover reasonable attorney's fees and costs of litigation.' The attorney fee award under § 502(e)(2) is conditioned on proving the § 502(c) criminal violation elements in the civil case — once proven, fees are recoverable as a matter of right. The § 502(e)(2) fee petition requires a Hensley lodestar from the IC3 report date (primary Welch anchor) through all phases of the § 502(e) civil litigation. Where California CDAFA § 502 claims are pursued concurrently with federal CFAA § 1030 claims, lodestar segregation is required: California § 502(e)(2) fees are eligible for Ketchum positive multiplier; federal CFAA § 1030(g) fees are not (City of Burlington v. Dague 505 U.S. 557 (1992) prohibits multipliers in federal fee-shifting statutes). Ketchum v. Moses 24 Cal.4th 1122 (2001). PLCM Group Inc. v. Drexler 22 Cal.4th 1084 (2000). Missouri v. Jenkins 491 U.S. 274 (1989) fees-on-fees.

Two § 502(e)(2) post-judgment advisory call types generate untracked billing: (1) § 502(e)(2) attorney fee petition and California CDAFA vs. federal CFAA lodestar segregation and Ketchum multiplier advisory — arrives when plaintiff prevails (requiring § 502(e)(2) fee petition: Hensley lodestar from IC3 report date (primary Welch anchor) through § 502(c) criminal elements analysis through computer forensics engagement through civil complaint through trial/settlement through judgment; § 502(e)(2) fee eligibility condition: court must find the facts constitute a § 502(c) violation — civil complaint must allege specific § 502(c) subsections and evidence must establish those elements; if concurrent CFAA § 1030(g) federal claim: California CDAFA hours — Ketchum multiplier eligible; federal CFAA § 1030(g) hours — no Ketchum multiplier; task-level contemporaneous documentation from IC3 report date distinguishing California CDAFA-specific from federal CFAA-specific legal work; 'inextricably intertwined' hours: same witnesses, same forensic evidence, same criminal violation elements often advance both California § 502(c) and federal CFAA elements simultaneously — allocate on relative benefit; Ketchum positive multiplier: § 502 cases frequently involve contested 'without permission' authorization scope (especially in insider threat cases) — Ketchum enhancement for contingent risk of proving 'without permission' when defendant argues authorization existed; PLCM Group California prevailing market rate; Missouri v. Jenkins fees-on-fees for fee petition preparation — 44–50 min); (2) § 502(e)(1) injunctive relief and computer security remediation advisory — arrives when injunction is sought concurrent with or after damages judgment (requiring § 502(e)(1) injunctive relief: available concurrent with compensatory damages under § 502(e)(1); emergency TRO: if attacker is actively continuing to access plaintiff's computer systems — emergency TRO application in California Superior Court; scope of injunction: prohibit defendant from accessing plaintiff's computer systems; require defendant to destroy copies of data obtained through unauthorized access; court-supervised destruction of improperly obtained data; post-judgment monitoring: how does plaintiff verify defendant has complied with injunction — computer forensics post-injunction monitoring; fee petition for injunctive relief phase: § 502(e)(2) attorney fees for obtaining and enforcing the § 502(e)(1) injunction are also recoverable if § 502(c) violation is established — 44–50 min). At 55% untracked: 5 clients × 2 calls × 44 min × 55% = 242 min / 60 = 4.03 hours = $1,210–$2,017/year at $300–$500/hr.

How ClaimHour fits California CDAFA § 502 practice

California CDAFA solos billing hourly on Pen. Code § 502(e)(2) available attorney fees — with IC3 report advisory calls arriving when victims file federal FBI internet crime reports before retaining civil counsel on an IC3 calendar that is a federal law enforcement agency calendar entirely outside civil attorney scheduling, computer forensics investigation and FBI criminal investigation coordination advisory calls arriving as forensic investigators conduct breach analysis and the FBI investigates on schedules the civil attorney cannot control, and § 502(e)(2) attorney fee petition and California CDAFA vs. federal CFAA lodestar segregation advisory calls arriving on the post-judgment calendar — and if your § 502 lodestar documentation must satisfy the Hensley contemporaneous-record standard from the IC3 report date (the ONLY FBI IC3 Internet Crime Complaint Center primary Welch anchor in the fee-petition-mechanics series — a federal FBI law enforcement report distinct from California law enforcement incident reports (tier_zz), FTC Identity Theft Reports (tier_aaa), California state administrative agency records, PACER federal court filings, and all private commercial documents; § 502(e)(2) fee recovery on proof of § 502(c) criminal violation including ransomware, BEC, unauthorized data access, and insider data theft), through the § 502(c) unauthorized access elements analysis and computer forensics investigation, through the California Superior Court civil complaint, through the § 502(e)(2) attorney fee petition, ClaimHour was built for that gap.

Get early access

Related questions