Opinion
Civil Action No. 1:19-cv-1642
04-24-2020
CENTRE LAW AND CONSULTING, LLC, Plaintiff, v. AXIOM RESOURCE MANAGEMENT, INC. and Kevin Charles Riley, Defendants.
Richard W. Driscoll, Driscoll & Seltzer PLLC, Alexandria, VA, for Plaintiff. Stephen Joseph Obermeier, Krystal Brunner Swendsboe, Rebecca Lynn Saitta, Wiley Rein LLP, Washington, DC, for Defendant Axiom Resource Management, Inc. Eric Scott Waldman, Patrick James McDonald, Timothy J. McEvoy, Cameron McEvoy PLLC, Fairfax, VA, for Defendant Kevin Charles Riley.
Richard W. Driscoll, Driscoll & Seltzer PLLC, Alexandria, VA, for Plaintiff.
Stephen Joseph Obermeier, Krystal Brunner Swendsboe, Rebecca Lynn Saitta, Wiley Rein LLP, Washington, DC, for Defendant Axiom Resource Management, Inc.
Eric Scott Waldman, Patrick James McDonald, Timothy J. McEvoy, Cameron McEvoy PLLC, Fairfax, VA, for Defendant Kevin Charles Riley.
ORDER
T.S. Ellis, III, United States District Judge
This is a dispute between feuding marriage partners in the process of dissolving their marriage that also involves the estranged partners' employers. According to the complaint, the husband, with the help of his employer, intercepted his wife's business emails for over eleven years without authorization. Accordingly, plaintiff, the wife's employer, alleges that defendants are liable to plaintiff under (i) the Electronic Communications Privacy Act (ECPA), 18 U.S.C. § 2511, and (ii) three Virginia statutes ( Va. Code § 19.2-62(A), Va. Code § 18.2-152.4, and Va. Code § 18.2-152.5 ) that criminalize the unlawful interception of communications, computer trespass, and computer invasion of privacy. At issue are the defendants' motions to dismiss the complaint pursuant to Rule 12(b)(6), Fed. R. Civ. P.
The matter has been fully briefed and thus is ripe for disposition. For the reasons that follow, defendants' motions to dismiss are granted in part and denied in part. Defendants' motions are granted with respect to plaintiff's computer invasion of privacy claim (Count IV) and denied in all other respects.
I.
As required by Rule 12(b)(6), Fed. R. Civ. P., plaintiff's well-pleaded allegations are assumed to be true and all facts are viewed in the light most favorable to plaintiff. See Mylan Labs, Inc. v. Matkari , 7 F.3d 1130, 1134 (4th Cir. 1993). The complaint contains the following relevant factual allegations:
• Plaintiff, Centre Law and Consulting, LLC ("Centre Law"), is a Virginia limited liability company that provides its customers and clients with legal services, training, and federal contract consulting services. Barbara Kinosky is the managing member of Centre Law.
• Defendant Axiom Resource Management Inc. ("Axiom") is a Virginia corporation that provides project and acquisition management services, information technology, and compliance services to federal agencies and private clients.
• Defendant Kevin Charles Riley is a citizen of Virginia and a shareholder, director, officer, and agent of Axiom.
• At all times relevant to the complaint Riley was married to Kinosky.
• In 2002, Riley and IT personnel at Axiom assisted Centre Law in setting up Centre Law's electronic communications system with Egnyte, Inc. Thereafter, Axiom IT personnel assisted Centre Law with maintenance of Centre Law's email account.
• In 2006, the marriage between Riley and Kinosky began to deteriorate. On June 12, 2018, Kinosky commenced divorce proceedings against Riley in the Circuit Court for Manatee County, Florida, but the divorce is yet to be finalized.
• The complaint alleges that at some point in 2006, Riley and/or IT personnel from Axiom altered the Centre Law email account by installing an Exchange Transport Rule ("ETR") within the software which governed the transmission of electronic communications to or from Kinosky's Centre Law email account.
• According to the complaint, an ETR "automatically intercepts" electronic
The facts related to the ongoing divorce proceedings are not stated in the complaint, but judicial notice is taken of these facts because the facts are reflected in the Florida state court docket. See Rule 201, Fed. R. Evid. (governing judicial notice); Tellabs, Inc. v. Makor Issues & Rights, Ltd. , 551 U.S. 308, 127 S.Ct. 2499, 168 L.Ed.2d 179 (2007) (holding that courts may consider "matters of which a court may take judicial notice" when evaluating a Rule 12(b)(6) motion to dismiss).
Complaint, Dkt. 1, at ¶ 20.
communications to or from a designated user and disseminates a duplicate of the communications to a separate mailbox without disclosure of such interception or duplication to the designated user or any other addressee within the communication.
• The ETR remained functioning within the software for the Centre Law email account until the middle of 2017 at which time Centre Law moved its electronic communication system from Egnyte, Inc. to another host.
• In January 2018, Riley departed his residence with Kinosky, taking with him some computers and digital devices purchased with marital funds, but leaving other computers and digital devices behind.
• While using one of the computers that Riley left behind, Kinosky discovered some of her Centre Law emails in the "Deleted Items" folder for "Kevin Riley." The complaint alleges that these emails were unlawfully intercepted and duplicated.
• Centre Law subsequently incurred tens of thousands of dollars in the investigation and prevention of further unauthorized interception of its electronic communications.
II.
The well-settled motion to dismiss standard applicable here does not require extensive elaboration. As the Supreme Court has made clear, "[t]o survive a motion to dismiss, a complaint must contain sufficient factual matter, accepted as true, to ‘state a claim to relief that is plausible on its face.’ " Ashcroft v. Iqbal , 556 U.S. 662, 678, 129 S.Ct. 1937, 173 L.Ed.2d 868 (2009) (quoting Bell Atl. Corp. v. Twombly , 550 U.S. 544, 570, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007) ). Importantly, in making this determination the district court must "accept as true all well-pled facts in the complaint and construe them in the light most favorable to [the plaintiff]." United States v. Triple Canopy, Inc. , 775 F.3d 628, 632 n.1 (4th Cir. 2015). But the district court is not bound to "accept as true a legal conclusion couched as a factual allegation." Anand v. Ocwen Loan Servicing, LLC , 754 F.3d 195, 198 (4th Cir. 2014). Thus, "[t]hreadbare recitals of the elements of a cause of action, supported by mere conclusory statements, do not suffice." Iqbal , 556 U.S. at 678, 129 S.Ct. 1937. Instead, the complaint must allege facts that, if true, plausibly satisfy each element of the claims for which relief is sought. Accordingly, the motions to dismiss must be granted if the complaint does not allege a sufficient factual basis to create a plausible inference that plaintiff is entitled to relief.
III.
In Counts I and II, plaintiff alleges that defendants unlawfully "intercepted" Kinosky's business email communications, in violation of the interception provisions common to both the ECPA, 18 U.S.C. § 2511, and the Virginia Interception of Wire, Electronic or Oral Communications Act ("Virginia Wiretap Act"), Va. Code § 19.2-62(A). Axiom and Riley argue that plaintiff's allegations in Counts I and II fail as a matter of law because the complaint fails to allege that Axiom or Riley "intercepted" plaintiff's electronic communications during transmission, as required to state a claim for relief under either the ECPA or the Virginia Wiretap Act. The ECPA, in pertinent part, prohibits intentionally intercepting any electronic communication. 18 U.S.C. § 2511(1)(a). The Act further defines "intercept" to mean "the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device." 18 U.S.C. § 2510(4). Importantly, courts applying the ECPA have consistently held that a qualifying "intercept" occurs only where the acquisition of the communication happens contemporaneously with its transmission by its sender.
Riley makes several other arguments regarding Counts I and II, namely (i) that plaintiff cannot pursue ECPA or Virginia Wiretap Act claims for emails it received (as opposed to emails it sent), (ii) that plaintiff cannot state a claim that Riley used any of the intercepted material, and (iii) that plaintiff cannot allege a civil ECPA or Virginia Wiretap Act claim for endeavoring to intercept or endeavoring to use an electronic communication. No opinion is expressed here as to any of these arguments because even assuming, arguendo , that Riley is correct on these points, it would not result in dismissal of plaintiff's claims in Count I or Count II. This is so because the complaint alleges that defendants "intercepted" emails sent by Kinosky and that defendants actually "intercepted" Kinosky's Centre Law emails. A plausible allegation that a defendant actually "intercepted" emails sent by the plaintiff is sufficient to state a claim with respect to Counts I and II at the Rule 12(b)(6) stage.
Riley also argues that plaintiff's claim in Count I is time-barred. In this respect, 18 U.S.C. § 2520(e) provides that a civil action under the ECPA must be commenced within "two years after the date upon which the claimant first has a reasonable opportunity to discover the violation." The complaint alleges that plaintiff discovered the violation in January 2018. At the 12(b)(6) stage, the allegations in the complaint must be accepted as true. Accordingly, because this suit was filed on December 31, 2019, one day prior to two years after January 2018, it was filed within the statute of limitations set forth in § 2520. In the event discovery discloses facts showing that plaintiff discovered the alleged violation prior to January 2018, defendants may renew their statute of limitations argument.
The pertinent Virginia statute essentially parrots the federal statute. Compare Va. Code § 19.2–62(A) ("Any person who intentionally intercepts, endeavors to intercept or procures any other person to intercept or endeavor to intercept any wire, electronic, or oral communications ...") with 18 U.S.C. § 2511(1) ("Any person who intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication...."). Indeed, the Supreme Court of Virginia has acknowledged that Va. Code § 19.2–62 "is Virginia's version" of the ECPA. Wilks v. Commonwealth , 217 Va. 885, 886, 234 S.E.2d 250 (1977). And the Virginia Code defines "intercept" in terms virtually identical to the ECPA's definition. See Va. Code § 19.2–61 (defining "intercept" to mean "any aural or other means of acquisition of the contents of any wire, electronic or oral communication through the use of any electronic, mechanical, or other device"). Thus, the term "intercept" in Va. Code § 19.2–62 is appropriately construed and applied in precisely the same way as its federal counterpart.
See Boudreau v. Lussier , 901 F.3d 65, 77 (1st Cir. 2018) ("All of the circuit courts that have considered the issue" have concluded that, to constitute an "intercept" within the meaning of ECPA, "the acquisition of a communication must be contemporaneous with its transmission."); Luis v. Zang , 833 F.3d 619, 628 (6th Cir. 2016) ; United States v. Szymuszkiewicz , 622 F.3d 701, 706 (7th Cir. 2010), as amended (Nov. 29, 2010); Fraser v. Nationwide Mut. Ins. Co. , 352 F.3d 107, 113–14 (3d Cir. 2003) ; United States v. Steiger , 318 F.3d 1039, 1048–9 (11th Cir. 2003) ; Konop v. Hawaiian Airlines, Inc. , 302 F.3d 868, 878–79 (9th Cir. 2002) ; Steve Jackson Games, Inc. v. U.S. Secret Serv. , 36 F.3d 457, 464 (5th Cir. 1994).
Axiom argues that the complaint does not allege that Axiom acquired plaintiff's communications contemporaneously with its transmission. In support of this argument, Axiom relies on a prior decision of this Court, Global Policy Partners, LLC v. Yessin , 686 F. Supp. 2d 631 (E.D. Va. 2009). But defendant's reliance on Yessin is unwarranted as that case is clearly distinguishable from the factual allegations in the complaint here. In Yessin , the complaint alleged that the defendant was logging into his estranged wife's work email account using her password and that this activity was stymied once Mrs. Yessin changed her email account password. See id. at 634, 639. Accordingly, the plaintiff's ECPA and Virginia Wiretap Act claims in Yessin were dismissed for failure to state a claim because the complaint alleged that the defendant accessed the plaintiffs' email communications after those communications had been stored on their destination server. This access plainly did not qualify as an "intercept" of those electronic communications contemporaneously with their transmission.
The other cases cited by Axiom similarly dismiss ECPA claims in situations where a defendant has logged into, or hacked into, a plaintiff's email account without permission, and therefore these cases are also distinguishable from the facts alleged here, namely the automatic duplication of every email sent and received by the plaintiff as those emails are sent and received. See Fraser v. Nationwide Mut. Ins. Co. , 352 F.3d 107, 113-14 (3d. Cir. 2003) (determining at the summary judgment stage that insurance company did not violate the ECPA by accessing without permission its agent's email on the insurance company's central server after the initial transmission of the emails); Wachter, Inc. v. Cabling Innovations, LLC , 387 F. Supp. 3d 830, 840 (M.D. Tenn. 2019) (dismissing complaint where plaintiff alleged that defendant logged into his business email account and forwarded business emails to his personal email account); NovelPoster v. Javitch Canfield Grp. , 140 F. Supp. 3d 938 (N.D. Cal. 2014) (granting defendant's motion for judgment on the pleadings as to the ECPA claim where defendant allegedly wrongfully accessed email accounts and changed the passwords to them in order to review emails that had already been delivered to plaintiff's inbox).
In contrast to Yessin and the other cases plaintiff cites, the complaint in this case alleges that the ETR placed within plaintiff's email software "automatically intercepted" and duplicated plaintiff's emails at the point of transmission. This allegation is categorically different from the claim of logging into someone's email account without authorization and viewing their inbox, as was alleged in Yessin.
At this stage of this litigation, construing the facts alleged in the complaint in the light most favorable to plaintiff, this allegation states a plausible factual basis that defendants intercepted plaintiff's electronic communications contemporaneously with transmission, as required to state a claim under the ECPA and the Virginia Wiretap Act. Other courts that have considered the automatic duplication and forwarding of electronic communications have arrived at the same conclusion. Accordingly, defendants' motions to dismiss Counts I and II of plaintiff's complaint must be denied. At summary judgment or trial plaintiff must adduce facts to prove that defendants actually "intercepted" plaintiff's electronic communications contemporaneously with the transmission of those communications, but at this stage plaintiff has met its burden of alleging sufficient facts, which if true, state a plausible claim for relief on Counts I and II.
See, e.g., Luis v. Zang , 833 F.3d 619, 630 (6th Cir. 2016) (holding that complaint stated a plausible ECPA claim at the 12(b)(6) stage where it alleged that software "immediately and instantaneously" copied and sent electronic communications to a third party which allowed for "near real-time monitoring" of plaintiff's emails); United States v. Szymuszkiewicz , 622 F.3d 701, 703 (7th Cir. 2010), as amended (Nov. 29, 2010) (holding post-ECPA conviction that a rule which directed email system to forward other person's emails to defendant within a second of the emails' arrival to the person's inbox qualified as interception under the ECPA); Zaratzian v. Abadir , No. 10 CV 9049 VB, 2014 WL 4467919, at *6 (S.D.N.Y. Sept. 2, 2014), aff'd , 694 F. App'x 822 (2d Cir. 2017) (holding at the summary judgment stage that the auto-forwarding of emails from plaintiff's email account to defendant's email account satisfied the contemporaneous standard for liability under the narrow "interception" standard applied to the ECPA); United States v. Steiger , 318 F.3d 1039, 1050 (11th Cir. 2003) (citing with approval a law review article which states "unless some type of automatic routing software is used (for example, a duplicate of all of an employee's messages are automatically sent to the employee's boss), interception of E-mail within the prohibition of [the ECPA] is virtually impossible.") (quoting Jarrod J. White, E–Mail @Work.com: Employer Monitoring of Employee E–Mail , 48 Ala. L. Rev. 1079, 1083 (1997) ).
IV.
In Count IV, plaintiff alleges a violation of the Virginia Computer Crimes Act ("VCCA"), Va. Code § 18.2-152.5, which prohibits unauthorized use of a computer network to examine employment, salary, credit, or other financial or identifying information. Specifically, Count IV alleges that defendants, without authority in violation of Va. Code § 18.2-152.5, intentionally examined certain identifying information of personnel at Centre Law. Axiom and Riley argue that Count IV fails to state a claim as a matter of law because the complaint fails to allege that Axiom or Riley examined any of Centre Law's identifying information. Because the complaint merely alleges that defendants examined the identifying information of personnel at Centre Law and because plaintiff lacks standing to assert the rights of plaintiff's employees in a Va. Code § 18.2-152.5 claim, Count IV must be dismissed.
To state a valid claim pursuant to Va. Code § 18.2-152.5, plaintiff must allege facts creating a plausible inference that Axiom and Riley (i) used a computer or computer network (ii) without authority, (iii) with the intent to examine another's records, (iv) without authority, and (v) the records contained employment, salary, credit, or other financial or identifying information as defined in Va. Code § 18.2-186.3(C)(iii)-(xiii). See Glob. Policy Partners, LLC v. Yessin , 686 F. Supp. 2d 631, 640 (E.D. Va. 2009) (citing S.R. v. INOVA Healthcare Servs. , 49 Va. Cir. 119 (1999) ). In this respect, the complaint alleges defendants examined the identifying information of personnel at Centre Law, but not any identifying information of Centre Law itself.
Virginia Code § 18.2-186.3(C) lists the following identifying information: "(iii) social security number; (iv) driver's license number; (v) bank account numbers; (vi) credit or debit card numbers; (vii) personal identification numbers (PIN); (viii) electronic identification codes; (ix) automated or electronic signatures; (x) biometric data; (xi) fingerprints; (xii) passwords; or (xiii) any other numbers or information that can be used to access a person's financial resources, obtain identification, act as identification, or obtain money, credit, loans, goods, or services."
The parties agree that the other information that the complaint alleges defendants examined does not fall into any of the statute's enumerated categories and thus cannot state a claim for relief. See Yessin , 686 F. Supp. 2d at 640 (attorney-client communications do not fall within Va. Code § 18.2-152.5's enumerated categories).
The few courts that have stated the elements of Va. Code § 18.2-152.5 have made clear that the identifying information examined without authorization must be that of the "pleader." See S.R. v. Inova Healthcare Servs. , 49 Va. Cir. 119, 1999 WL 797192, at *8 (1999) ("the records so examined contain employment, financial or personal information of the pleader"); Hains v. Adams , No. 3:19-CV-504 (DJN), 2019 WL 5929259, at *10 (E.D. Va. Nov. 12, 2019) (same). This interpretation is consistent with the settled standard rule that a party may not assert the rights of another without statutory or other legal authorization. See Fed. R. Civ. P. 17(a) (stating, in general, "[a]n action must be prosecuted in the name of the real party in interest"). Count IV must be dismissed for failure to state a cognizable claim because Centre Law is not the real party in interest of the identifying information allegedly examined in this case and because Va. Code § 18.2-152.5 does not provide explicit authorization to bring a civil claim for the unauthorized examination of a person other than the pleader's identifying information.
V.
In Count III, plaintiff alleges a separate violation of the VCCA, Va. Code § 18.2-152.4, which prohibits computer trespass. Defendant Riley has moved to dismiss Counts III on the ground that plaintiff has failed to allege any recoverable damages under the VCCA. In this respect, the complaint alleges that plaintiff suffered damages from the costs of the investigation and prevention of defendants' violation of the computer trespass provision of the VCCA. The Fourth Circuit has made clear that consequential damages, such as expenses incurred for the investigation and prevention of VCCA violations, are actionable under the statute. See Hately v. Watts , 917 F.3d 770, 781-82 (4th Cir. 2019) (allegation of investigation and prevention expenses was sufficient to survive defendant's 12(b)(6) motion on VCCA claim); A.V. ex rel. Vanderhye v. iParadigms, LLC , 562 F.3d 630, 646–47 (4th Cir. 2009) (investigation expenses are recoverable consequential damages under the VCCA). Accordingly, Riley's argument with respect to Count III's lack of cognizable damages fails, and his motion to dismiss Count III on that basis must be denied.
Riley made the same argument with respect to Count IV, but Count IV has been dismissed from the complaint for the reasons set forth in Part IV, supra.
In addition, defendant Axiom has argued that plaintiff is not entitled to punitive damages with respect to Count III. In its opposition brief, plaintiff states that it is withdrawing its claim for punitive damages under the VCCA. Accordingly, plaintiff's claim for punitive damages on Count III is withdrawn.
Axiom made the same argument with respect to Count IV, but Count IV has been dismissed from the complaint for the reasons set forth in Part IV, supra.
--------
Accordingly,
It is hereby ORDERED that defendant Axiom's motion to dismiss (Dkt. 12) is GRANTED in part and DENIED in part . Axiom's motion is GRANTED with respect to Count IV, and Count IV is DISMISSED . Axiom's motion is DENIED in all other respects.
It is further ORDERED that defendant Riley's motion to dismiss (Dkt. 10) is GRANTED in part and DENIED in part . Riley's motion is GRANTED with respect to Count IV, and Count IV is DISMISSED . Riley's motion is DENIED in all other respects.
It is further ORDERED that plaintiff's request for punitive damages with respect to Count III is WITHDRAWN .