Summary
holding that damages under the federal computer crimes law are limited to those solely caused by the impairment
Summary of this case from Oracle USA, Inc. v. Rimini St., Inc.Opinion
No. 2:13-cv-00784-MCE-DAD
07-23-2013
FARMERS INSURANCE EXCHANGE, et al., Plaintiffs, v. STEELE INSURANCE AGENCY, INC., et al., Defendants.
MEMORANDUM AND ORDER
Through this action, Plaintiffs Farmers Insurance Exchange ("Farmers"), Truck Insurance Exchange, Fire Insurance Exchange, Mid-Century Insurance Company and Farmers New World Life Insurance Company (collectively "Farmers" or "Plaintiffs") seek relief from Defendants Steele Insurance Agency, Inc. ("Steele Insurance Agency"), Troy Steele ("Steele"), Ted Blalock ("Blalock"), Larry McCarren ("McCarren"), Bill Henton ("Henton"), Cindy Jo Perkins ("Perkins") and Does 1 through 50 (collectively "Defendants") for alleged misappropriation of Plaintiffs' trade secrets, as well as other violations of state and federal law pertaining to the operation of Plaintiffs' and Defendants' respective insurance companies.
Presently before the Court is Defendants' motion to dismiss pursuant to Federal Rule of Civil Procedure 12(b)(6) for failure to state a claim, filed on May 6, 2013.(Defs.' Mot. Dismiss, May 6, 2013, ECF No. 12.) Plaintiffs filed a timely opposition on June 13, 2013. (Pls.' Opp'n to Defs.' Mot. to Dismiss, June 13, 2013, ECF No. 30.) For the reasons set forth below, Defendants' motion to dismiss is GRANTED IN PART and DENIED IN PART.
All further references to "Rule" or "Rules" are to the Federal Rules of Civil Procedure unless otherwise noted.
Because oral argument will not be of material assistance, the Court orders this matter submitted on the briefs. E.D. Cal. Local R. 230(g).
BACKGROUND
The following factual background is taken, sometimes verbatim, from Plaintiffs' Complaint. (Pls.' Compl. Contained in Defs.' Notice of Removal, Apr. 5, 2013, ECF No. 1 at 9-15.)
Farmers sells insurance policies, including automobile, homeowner, commercial, and life insurance, to customers through independent contractor agents. Farmers' most valuable assets are its customers (policyholders) and the policyholder information that Farmers maintains about each customer. Farmers agents are exclusive agents for Farmers' insurance products. The agents may not promote or sell insurance policies issued by other insurers. Each Farmers agent must agree to use Farmers' trade secret customer information only in the course of the agent's relationship with Farmers. Each agent must further promise not to divulge Farmers' trade secret customer information to third parties or to use it in any way detrimental to Farmers. This information is not shared with Farmers' competitors.
Farmers maintains databases, which include the Electronic Customer Marketing System ("eCMS"). Farmers also operates a secure website for its agents, known as the "Agency Dashboard." The Agency Dashboard is a password-protected Internet portal to designated computer servers that allows Farmers insurance agents, District Managers and employees to track information and provide services to its policyholders. eCMS is an important tool on the Farmers' "Agency Dashboard," accessed and used by Farmers' authorized insurance agents. eCMS enables authorized users to access "Confidential Policyholder Information" about the policyholders they service, and allows agents to create policyholder reports, contact lists, mailing labels, etc. eCMS contains information about prospective, current, and former policyholders, including names, addresses, telephone numbers, social security numbers, driver's license numbers, policy expiration dates, insured properties, claims histories, discount eligibilities and other information. Farmers invests significant time, labor and capital in developing this information. The Confidential Policyholder Information is not generally available in this aggregated form in the industry or to Farmers' competitors. If this information were available to Farmers' competitors, those competitors could more easily solicit Farmers' policyholders to change insurance providers.
Use of eCMS is subject to certain confidentiality restrictions and security protections. Farmers maintains its Confidential Policyholder Information, including policy expirations, on a password and user-ID protected system. When an agent's Agency Appointment Agreement is terminated, Farmers turns off the agent's access, and their staffs' access, to eCMS and the Agency Dashboard, and the terminated agent's user ID/password combination is no longer valid. Farmers also issues company policies regarding access to and preservation of Confidential Policyholder Information by maintaining copies of those policies on the Agency Dashboard. Periodically, Farmers reminds its insurance agents of Farmers' confidentiality policies through bulletins, yearly compliance memoranda and other communications. Finally, each time an agent accesses Farmers' proprietary system through the Agency Dashboard, that agent must agree to be bound by the terms of a separate "Legal Disclaimer." The Legal Disclaimer provides that the information the agent is accessing is Farmers' proprietary, confidential and trade secret information.
Defendants Troy Steele and Steele Insurance Agency
Defendant Steele was appointed a District Manager with Farmers in 2001, pursuant to a District Manager Appointment Agreement. Pursuant to the terms of this Agreement, Farmers terminated Defendant Steele's Agreement in January 2010. Thereafter, Defendant Steele began his own independent insurance agency—the Steele Insurance Agency. Defendant Steele and the Steele Insurance Agency were not appointed or allowed to sell Farmers' insurance products. Plaintiffs allege that Defendant Steele is using improper means to obtain access to Farmers' policyholder information. Plaintiffs further contend that Defendant Steele is directing current and former Farmers agents, or their staff members, to use Plaintiffs' customer lists and other trade secret information to solicit Farmers' customers to switch to the Steele Insurance Agency. According to Plaintiffs, Farmers has lost numerous customers (previously serviced by Defendant McCarren, Charlie Finister and Bill Henton) to the Steele Insurance Agency as a result of Defendant Steele's trade secret misappropriation.
Defendant Larry McCarren
Defendant McCarren was appointed as a Farmers agent in January 1992, pursuant to an Agency Appointment Agreement. Defendant McCarren worked in the district of District Manager Defendant Blalock until January 2012. Defendant Blalock's District Manager Appointment Agreement was terminated in January 2012. Defendant Blalock then went to work for the Steele Insurance Agency.
According to Plaintiffs, while Defendant McCarren was still a Farmers agent, he was writing policies for other insurers, in violation of his Agency Appointment Agreement. In August 2012, Defendant McCarren exercised his option under his Agency Appointment Agreement to terminate his Agreement with Farmers, after giving three months' written notice. Thus, Defendant McCarren's termination became effective November 3, 2012. Defendant McCarren is now appointed with and working as an insurance agent for Steele Insurance Agency.
Following Defendant McCarren's resignation, Farmers received customer complaints that Defendant McCarren had contacted them in an attempt to switch their insurance business to other carriers. Farmers also alleges that prior to leaving Farmers, Defendant McCarren accessed Farmers' computer system to download information regarding Farmers' policyholders, including his entire customer list, for the purpose of using this information after termination of his Agency Appointment Agreement. Downloading this information was in violation of Defendant McCarren's Agency Appointment Agreement. Plaintiffs allege that Defendant McCarren is working at the direction of Defendants Steele and Blalock in attempting to transfer Farmers' policyholders from Farmers to other insurers for the benefit of Defendant Steele Insurance Agency.
Defendant Cindy Jo Perkins
Defendant Perkins was Defendant McCarren's longtime employee. In the spring of 2012, Defendant Perkins went to work for another Farmers agent, Charlie Finister. Throughout the year of 2012, Mr. Finister was gravely ill with diabetes. Mr. Finister resigned and went into hospice in early November 2012. After Mr. Finister resigned, Defendant Perkins did not have permission to sell Farmers' insurance products or to access Farmers' computer systems. However, Defendant Perkins admitted that she had used Mr. Finister's user ID and password combination to gain access to information from Farmers' computer system while she worked in Mr. Finister's office, although she did not have permission to do so. Defendant Perkins was appointed with Steele Insurance Agency and was so appointed when she was accessing Farmers' computer system. Defendant Perkins remains appointed with Steele Insurance Agency and, according to Plaintiffs, is working together with Defendants Steele and Blalock to transfer Farmers' policyholders to other insurers for the benefit of Defendant Steele Insurance Agency.
Defendant Bill Henton
Bill Henton ("Mr. Henton"), Defendant Henton's father, was a Farmers agent from 1968 to 2012. In 2012, Mr. Henton's District Manager, Rudy Cedre, believed that Mr. Henton had developed severe memory problems. Defendant Henton worked in Mr. Henton's office, but Defendant Henton was not appointed as an agent with Farmers.
In November 2012, Mr. Henton resigned as a Farmers agent. Farmers has since learned that prior to Mr. Henton's resignation from Farmers, Defendant Henton allowed his wife and daughter to access the Farmers computer system for the purpose of accessing Farmers' policyholder information. Defendant Henton is also in the process of becoming a part of Steele Insurance Agency. Defendant Henton remains in control of the physical files relating to over 1,600 Farmers policies and will not allow Farmers to access these files. Defendant Henton also arranged for his father's mail, including Farmers' business mail, to be forwarded to Defendant Henton's new business address. Defendant Henton is working together with Defendants Steele and Blaclock to transfer Farmers' policyholders from Farmers to other insurers for the benefit of Defendant Steele Insurance Agency.
Thus, the gravamen of Plaintiffs' complaint is that Defendants obtained Plaintiffs' trade secret information and used that information to switch Farmers customers to the Steele Insurance Agency.
STANDARD
On a motion to dismiss for failure to state a claim under Federal Rule of Civil Procedure 12(b)(6), all allegations of material fact must be accepted as true and construed in the light most favorable to the nonmoving party. Cahill v. Liberty Mut. Ins. Co., 80 F.3d 336, 337-38 (9th Cir. 1996). Rule 8(a)(2) requires only "a short and plain statement of the claim showing that the pleader is entitled to relief" in order to "give the defendant fair notice of what the . . . claim is and the grounds upon which it rests." Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555 (2007) (quoting Conley v. Gibson, 355 U.S. 41, 47 (1957)). A complaint attacked by a Rule 12(b)(6) motion to dismiss does not require detailed factual allegations. However, "a plaintiff's obligation to provide the grounds of his entitlement to relief requires more than labels and conclusions, and a formulaic recitation of the elements of a cause of action will not do." Id. (internal citations and quotations omitted). A court is not required to accept as true a "legal conclusion couched as a factual allegation." Ashcroft v. Iqbal, 129 S. Ct. 1937, 1950 (2009) (quoting Twombly, 550 U.S. at 555). "Factual allegations must be enough to raise a right to relief above the speculative level." Twombly, 550 U.S. at 555 (citing 5 Charles Alan Wright & Arthur R. Miller, Federal Practice and Procedure § 1216 (3d ed. 2004) (stating that the pleading must contain something more than "a statement of facts that merely creates a suspicion [of] a legally cognizable right of action.")).
Furthermore, "Rule 8(a)(2) . . . requires a showing, rather than a blanket assertion, of entitlement to relief." Twombly, 550 U.S. at 556 n.3 (internal citations and quotations omitted). Thus, "[w]ithout some factual allegation in the complaint, it is hard to see how a claimant could satisfy the requirements of providing not only 'fair notice' of the nature of the claim, but also 'grounds' on which the claim rests." Id. (citing 5 Charles Alan Wright & Arthur R. Miller, supra, at § 1202). A pleading must contain "only enough facts to state a claim to relief that is plausible on its face." Id. at 570. If the "plaintiffs . . . have not nudged their claims across the line from conceivable to plausible, their complaint must be dismissed." Id. However, "[a] well-pleaded complaint may proceed even if it strikes a savvy judge that actual proof of those facts is improbable, and 'that a recovery is very remote and unlikely.'" Id. at 556 (quoting Scheuer v. Rhodes, 416 U.S. 232, 236 (1974)).
A court granting a motion to dismiss a complaint must then decide whether to grant leave to amend. Leave to amend should be "freely given" where there is no "undue delay, bad faith or dilatory motive on the part of the movant, . . . undue prejudice to the opposing party by virtue of allowance of the amendment, [or] futility of the amendment . . . ." Foman v. Davis, 371 U.S. 178, 182 (1962); Eminence Capital, LLC v. Aspeon, Inc., 316 F.3d 1048, 1052 (9th Cir. 2003) (listing the Foman factors as those to be considered when deciding whether to grant leave to amend). Not all of these factors merit equal weight. Rather, "the consideration of prejudice to the opposing party . . . carries the greatest weight." Id. (citing DCD Programs, Ltd. v. Leighton, 833 F.2d 183, 185 (9th Cir. 1987). Dismissal without leave to amend is proper only if it is clear that "the complaint could not be saved by any amendment." Intri-Plex Techs. v. Crest Group, Inc., 499 F.3d 1048, 1056 (9th Cir. 2007) (citing In re Daou Sys., Inc., 411 F.3d 1006, 1013 (9th Cir. 2005); Ascon Props., Inc. v. Mobil Oil Co., 866 F.2d 1149, 1160 (9th Cir. 1989) ("Leave need not be granted where the amendment of the complaint . . . constitutes an exercise in futility . . . .")).
ANALYSIS
Plaintiffs assert nine causes of action under state and federal law. Specifically, Plaintiffs allege that Defendants are liable under California state law for breach of contract, misappropriation of trade secrets, intentional interference with contractual relations, intentional interference with prospective economic advantage, unfair competition, breach of fiduciary duty and civil conspiracy. Plaintiffs also allege that Defendants are liable under federal law for violations of the Computer Fraud and Abuse Act ("CFAA"), 18 U.S.C. §§ 1030(a)(2)(c), (a)(4). Defendants first argue that California's Uniform Trade Secrets Act preempts each of Plaintiffs' causes of action, save for Plaintiffs' claim for misappropriation of trade secrets. Defendants also argue that each of the nine causes of actions asserted in the complaint fails to state a claim upon which relief can be granted. The Court will address each issue in turn.
A. Civil Conspiracy
As a threshold matter, the Court must address Plaintiffs' ninth cause of action for civil conspiracy against all Defendants. (ECF No. 1 at 23.) Plaintiffs allege that Defendants "formed and operated a conspiracy to illegally misappropriate and use . . . Farmers trade secret protected policyholder information for the purpose of soliciting Farmers customers away from Farmers and towards the Steele Insurance Agency." (ECF No. 1 at 23.) Plaintiffs contend that "in furtherance of the conspiracy," Defendants misappropriated and used Farmers' trade secret policyholder information by accessing and using Farmers' proprietary computer system without authorization. (Id.)
Civil conspiracy "is not a cause of action but a legal doctrine that imposes liability on persons who, although not actually committing a tort themselves, share with the immediate tortfeasors a common plan or design in its perpetration." Applied Equipment Corp. v. Litton Saudi Arabia Ltd., 7 Cal.4th 503, 510 (1994) (citing Wyatt v. Union Mortgage Co., 24 Cal.3d 773, 784 (1979)); see also Entm't Research Grp. Inc. v. Genesis Creative Grp., Inc., 122 F.3d 1211, 1228 (9th Cir. 1997). "Standing alone, a conspiracy does no harm and engenders no tort liability. It must be activated by the commission of an actual tort." Applied Equipment Corp., 7 Cal. 4th at 511.
The elements of a civil conspiracy are: (1) the formation and operation of a conspiracy; (2) wrongful conduct in furtherance of the conspiracy; and (3) damages arising from the wrongful conduct. Applied Equip., 7 Cal. 4th at 511; see also Doctors' Co. v. Super. Ct., 49 Cal. 3d 39, 44 (1989). Each member of the alleged conspiracy must be legally capable of committing the underlying tort -- that is, each member must owe a duty to the plaintiff that is recognized by law and must be potentially subject to liability for breach of that duty -- and must intend the success of the purpose of the conspiracy. Applied Equip., 7 Cal.4th at 511. In addition, all elements of the underlying tort must be satisfied. See Id. If the plaintiff fails to adequately plead the underlying claim, the corresponding conspiracy claim must also fail. Id.
A plaintiff generally need not plead a claim for civil conspiracy with particularity. See Mintel Learning Tech., Inc. v. Beijing Kaidi Educ., No. C 06-7541 PJH, 2007 WL 2288329 (N.D. Cal. Aug. 9, 2007) (citing Wasco Prods., Inc. v. Southwall Techs., Inc., 435 F.3d 989, 990-91 (9th Cir. 2006). However, when a plaintiff alleges that the object of the agreement is fraudulent, the plaintiff must plead a claim for civil conspiracy with the particularity required by Rule 9(b). Wasco Prods., Inc., 435 F.3d at 990-91; see also Kearns v. Ford Motor Co., 567 F.3d 1120, 1124 (9th Cir. 2009) ("Rule 9(b) requires that, when fraud is alleged, 'a party must state with particularity the circumstances constituting fraud . . . .'"). "Where fraud is not an essential element of a claim, only those allegations of a complaint which aver fraud are subject to Rule 9(b)'s heightened pleading standard." Kearns, 567 F.3d at 1124. Rule 9(b) requires that the circumstances constituting the alleged fraud "be 'specific enough to give defendants notice of the particular misconduct . . . so that they can defend against the charge and not just deny that they have done anything wrong.'" Bly-Magee v. California, 236 F.3d 1014, 1019 (9th Cir. 2001) (quoting Neubronner v. Milken, 6 F.3d 666, 671 (9th Cir. 1993)). Accordingly, "[a]verments of fraud must be accompanied by 'the who, what, when, where, and how' of the misconduct charged." Vess v. Ciba-Geigy Corp. USA, 317 F.3d 1097, 1106 (9th Cir. 2003) (quoting Cooper v. Pickett, 137 F.3d 616, 627 (9th Cir. 1997)).
Here, Plaintiffs allege that "in perpetrating the above stated acts [of conspiracy], Defendants acted willfully, maliciously, and fraudulently . . . ." (ECF No. 1 at 24 (emphasis added).) Thus, Plaintiffs' allegations regarding the alleged conspiracy must meet the heightened pleading standard of Rule 9(b). Plaintiffs fail to do so, as Plaintiffs make only generalized allegations regarding Defendants' actions in carrying out the alleged conspiracy. For example, Plaintiffs allege that Defendants "formed and operated a conspiracy" and "engaged in wrongful conduct in furtherance of the conspiracy, including but not limited to misappropriation and use of electronic and paper copies of Farmers' trade secret protective policyholder information and through the unauthorized use and access [of] Farmers' proprietary computer system." (ECF No. 1 at 23.) However, these allegations do not come close to alleging "the who, what, when, where, and how" of the alleged conspiracy. See Vess, 317 F.3d at 1106.
In short, Plaintiffs' allegations as to this cause of action amount to little more than vague claims that Defendants fraudulently conspired to steal Plaintiffs' trade secrets. Such allegations do not meet the heightened pleading standard of Rule 9(b). Accordingly, Defendants' motion to dismiss this claim is granted.
B. Preemption
"Only if the legislature enacts a statute intending to 'cover the entire subject or . . . to occupy the field' does a statute supersede the common law." AccuImage Diagnostics Corp v. Terarecon, Inc., 260 F. Supp. 2d 941, 953 (N.D. Cal. 2003) (quoting I.E. Assocs.v. Safeco Title Ins. Co., 39 Cal. 3d 281, 285 (1985)). The California Uniform Trade Secrets Act ("CUTSA") is codified in sections 3426 through 3426.11 of the Civil Code. "CUTSA has been characterized as having a 'comprehensive structure and breadth . . . .'" K.C. Multimedia, Inc. v. Bank of Am. Tech. & Operations, Inc., 171 Cal. App. 4th 939, 954 (2009) (quoting AccuImage Diagnostics Corp, 260 F. Supp. 2d at 953). The CUTSA clearly sets forth:
the definition of 'misappropriation' and 'trade secret,' injunctive relief for actual or threatened misappropriation, damages, attorney fees, methods for preserving the secrecy of trade secrets, the limitations period, the effect of the title on other statutes or remedies, statutory construction, severability, the application of title to acts occurring prior to the statutory date, and the application of official proceedings privilege to disclosure of trade secret information.Id. (quoting Acculmage Diagnostics Corp., 260 F. Supp. 2d at 953). "That breadth suggests a legislative intent to preempt the common law." kl Accordingly, "[a]t least as to common law trade secret misappropriation claims, '[C]UTSA occupies the field in California.'" Id. (quoting Acculmage Diagnostics Corp., 260 F. Supp. 2d at 954).
Moreover, CUTSA specifically addresses preemption. Section 3426.7 of the CUTSA reads in relevant part:
(a) Except as otherwise expressly provided, this title does not supersede any statute relating to misappropriation of a trade secret, or any statute otherwise regulating trade secrets.Cal. Civ. Code §§ 3426.7(a)-(b). Thus, while section 3426.7 "expressly allows contractual and criminal remedies, whether or not based on trade secret misappropriation," it also "implicitly preempts alternative civil remedies based on trade secret misappropriation." K.C. Multimedia, Inc., 171 Cal. App. 4th at 954.
(b) This title does not affect (1) contractual remedies, whether or not based upon misappropriation of a trade secret, (2) other civil remedies that are not based upon misappropriation of a trade secret, or (3) criminal remedies, whether or not based upon misappropriation of a trade secret.
Courts applying California law have found that claims "based entirely on the same factual allegations that form the basis of [the] trade secrets claim" are preempted. Callaway Golf Co. v. Dunlop Slazenger Grp. Ams., Inc., 318 F. Supp. 2d 216, 220 (D. Del. 2004) (applying California law); see also Gabriel Techs. Corp. v. Qualcomm Inc., No. 08cv1992-MMA(POR), 2009 WL 3326631, *11 (S.D. Cal. Sept. 3, 2009) ("California courts have adopted a broad view of preemption in this area and have held that common law claims that are based on the same nucleus of facts as a misappropriation claim are preempted."). "Preemption is not triggered where the facts in an independent claim are similar to, but distinct from, those underlying the misappropriation claim." Gabriel Techs. Corp., 2009 WL 3326631 at Thus, "the preemption inquiry for those causes of action not specifically exempted by [section] 3426.7(b) focuses on whether other claims are no more than a restatement of the same operative facts supporting trade secret misappropriation. If there is no material distinction between the wrongdoing alleged in a [C]UTSA claim and that alleged in a different claim, the [C]UTSA preempts the other claim." ]d\ (quoting Convolve, Inc. v. Compaq Computer Corp., No. 00 CV 5141(GBD), 2006 WL 839022, at *6 (S.D.N.Y. Mar. 31, 2006) (applying California law)).
Thus, in the present case, the Court's inquiry must focus on whether the wrongdoing alleged in Plaintiffs' claims for breach of contract, intentional interference with contractual relations, intentional interference with prospective economic advantage, unfair competition, breach of fiduciary duty, civil conspiracy and violations of the Computer Fraud and Abuse Act can be materially distinguished from the wrongdoing alleged in Plaintiffs' trade secret misappropriation claim. See supra.
1. Breach of Contract
Plaintiffs' first cause of action is for breach of contract against Defendant McCarren only. Plaintiffs allege that Defendant McCarren's Agency Appointment Agreement constituted a contract between Farmers and Defendant McCarren. (ECF No. 1 at 15.) Plaintiffs assert that Defendant McCarren materially breached, and continues to breach, his contractual obligations by soliciting business from Farmers' present and former policyholders and by switching or rewriting business from Farmers to other insurance carriers and servicing such insurance coverage after it was switched away from Farmers. (Id. at 15-16.) Plaintiffs also allege that Defendant McCarren breached his contract with Farmers by using Farmers' confidential business information, acquired while serving as a Farmers agent, to the detriment of Farmers. (Id. at 16.) Finally, Plaintiffs allege that Defendant McCarren is liable for breach of contract for using Farmers' confidential business information which Defendant McCarren "acquired and/or retained." (Id.)
California Civil Code section 3426.7(b)(1) specifically states that contractual remedies are not affected by the CUTSA. Cal. Civ. Code § 3426.7(b)(1); see also K.C. Multimedia, Inc., 171 Cal. App. 4th at 954 (stating that section 3426.7 "expressly allows contractual . . . remedies, whether or not based on trade secret misappropriation."). Accordingly, Plaintiffs' claim for misappropriation of trade secrets does not preempt Plaintiffs' breach of contract claim against Defendant McCarren. As such, Defendants' motion to dismiss Plaintiffs' breach of contract claim on preemption grounds is denied.
2. Intentional Interference with Contractual Relations
Plaintiffs' third cause of action is for intentional interference with contractual relations, alleged against all Defendants. In support of this claim, Plaintiffs allege that Farmers had contractual relationships with Farmers agents and with Farmers policyholders. According to Plaintiffs, Defendants Steele and Blalock interfered with Farmers' contractual relations with its former agent, Defendant McCarren, by intentionally inducing Defendant McCarren to breach his contract with Farmers by requesting, encouraging, or helping Defendant McCarren to misappropriate Farmers' proprietary information, use Farmers' proprietary information in a manner detrimental to Farmers, or improperly retain Farmers' proprietary information after McCarren's Agency Appointment Agreement was terminated. (ECF No. 1 at 18.) Plaintiffs also allege that "all Defendants" interfered with Farmers' contractual relations with its policyholders by "intentionally inducing policyholders to change their insurance coverage . . . to that provided through the Steele Insurance Agency." (Id.)
As stated above, "[t]he preemption inquiry for those causes of action not specifically exempted by [section] 3426.7(b) focuses on whether other claims are not more than a restatement of the same operative facts supporting trade secret misappropriation. If there is no material distinction between the wrongdoing alleged in a [C]UTSA claim and that alleged in a different claim, the [C]UTSA claim preempts the other claim." Bryant v. Mattel, Inc., CV 04-9049 DOC RNBX, 2010 WL 3705668, at *20 (C.D. Cal. Aug. 2, 2010) (quoting Convolve, Inc., 2006 WL 839022 at *6). Here, Plaintiffs' allegations regarding intentional interference with contractual relations do little more than restate Plaintiffs' claim for trade secret misappropriation. That is, Plaintiffs' allegations that Defendants Steele and Blalock intentionally induced Defendant McCarren to breach his contract with Farmers by stealing Plaintiffs' trade secret information merely restates Plaintiffs' allegations that Defendants McCarren, Steele and Blalock "misappropriated Farmers' trade secrets by . . . retaining or utilizing Farmers' Proprietary Information for the purpose of soliciting, directing, or advising Farmers' policyholders to switch their coverage away from Farmers and to Steele's competing business." (ECF No. 1 at 17.)
As such, Plaintiffs' claim for intentional interference with contractual relations is preempted by Plaintiffs' claim for misappropriation of trade secrets. Defendants' motion to dismiss this claim is therefore granted.
3. Intentional Interference with Prospective Economic Advantage
Plaintiffs' fourth cause of action is for intentional interference with prospective economic advantage alleged against all Defendants. To support this claim, Plaintiffs allege that at all relevant times, an economic relationship existed between Farmers and its policyholders, and this economic relationship contained a probable future economic benefit for Farmers in the form of premiums that the policyholders would pay on currently held policies and policies that would be purchased by those policyholders in the future. (ECF No. 1 at 18.) Defendants knew that these economic relationships existed. ((Id. at 19.) Defendants interfered with Farmers' prospective economic advantages by intentionally inducing policyholders to change their coverage to that provided through Defendant Steele Insurance Agency. (Id.) Defendants' acts disrupted Farmers' relationships with Farmers' policyholders, and these acts were intentionally designed to interfere with, and disrupt, those relationships. (Id.) Specifically, Plaintiffs allege that Defendants "sought to benefit themselves . . . and Steele's insurance agency . . . by persuading [Farmers'] policyholders to purchase policies offered by" insurance companies other than Farmers. (Id.) Finally, Plaintiffs allege that Defendants' acts were "improper [and] illegal . . . in that the scheme for interference involved . . . the misappropriation and use of Farmers' trade secret protective policyholder information, and . . . the unauthorized use and access [of] Farmers' computer system." (Id.)
Similar to Plaintiffs' claim for intentional interference with contractual relations, Plaintiffs' claim for intentional interference with prospective economic advantage simply restates the claim for trade secret misappropriation. The gravamen of this cause of action is that Defendants misappropriated Plaintiffs' trade secrets, which interfered with Plaintiffs' prospective economic advantage. Accordingly, there "is no material distinction between the wrongdoing alleged in" Plaintiffs' CUTSA claim and that alleged in Plaintiffs' claims for intentional interference with prospective economic advantage. See Bryant, 2010 WL 3705668 at *20. The CUTSA claim therefore "preempts the other claim." Id. As such, Plaintiffs' claim for intentional interference with economic advantage is preempted, and Defendants' motion to dismiss this claim is granted.
4. Unfair Competition
Plaintiffs' fifth cause of action is for unfair competition pursuant to California Business and Professions Code section 17200, against all Defendants. (ECF No. 1 at 19.) "A claim for common law or even statutory unfair competition may be preempted under [section] 3426.7 if it relies on the same facts as the misappropriation claim." Gabriel Techs. Corp., 2009 WL 3326631 at *13 (quoting AccuImage Diagnostics Corp., 260 F. Supp. 2d at 955). Here, Plaintiffs allege that Defendants "will commit or attempt to commit...acts of unfair and illegal competition ...with regard to the sale of insurance policies" by using Plaintiffs' proprietary information, including confidential information and trade secrets pertaining to Farmers' policyholders, to solicit Farmers' policyholders to change their business to other insurers, and by inducing Farmers' policyholders to cancel or not renew their Farmers insurance policies. (ECF No. 1 at 20.)
Plaintiffs' claim for unfair competition therefore alleges the same conduct that gives rise to Plaintiffs' claim for trade secret misappropriation. See Gabriel Techs. Corp., 2009 WL 3326631 at *13 (finding unfair competition claim preempted when claim "rests squarely on the factual allegations of trade secret misappropriation"). Accordingly, Plaintiffs' claim for unfair competition is preempted, and Defendants' motion to dismiss this claim is granted.
5. Breach of Fiduciary Duty
Plaintiffs' sixth cause of action asserts that Defendant McCarren breached his fiduciary duties to Farmers. Plaintiffs allege that Defendant McCarren "owed fiduciary duties to Farmers as a result of his agent relationship with Farmers. The fiduciary duties McCarren owed to Farmers include, but are not limited to, the duty not to misappropriate trade secrets and unfairly compete with Farmers." (ECF No. 1 at 21.) Plaintiffs allege that Defendant "McCarren breached his fiduciary duties owed to Farmers by, among other things, misappropriating trade secrets and competing unfairly with Farmers." (Id.)
Plaintiffs' claim for breach of fiduciary duty therefore rests on the same facts as Plaintiffs' claim for trade secret misappropriation. Indeed, the claim simply asserts that in misappropriating Farmers' trade secrets, Defendant McCarren also breached his fiduciary duties to Farmers. Plaintiffs' claim for breach of fiduciary duty is therefore preempted by the CUTSA, and Defendants' motion to dismiss this claim is granted.
6. Computer Fraud and Abuse Act
Plaintiffs' seventh and eighth causes of action allege violations of the Computer Fraud and Abuse Act ("CFAA"). (ECF No. 1 at 21-23.) The CFAA is a federal statute "enacted in 1984 to enhance the government's ability to prosecute computer crimes. The act was originally designed to target hackers who accessed computers to steal information or to disrupt or destroy computer functionality, as well as criminals who possessed the capacity to access and control high technology processes vital to our everyday lives." LVRC Holdings LLC v. Brekka, 581 F.3d 1127, 1130-31 (9th Cir. 2009) (internal quotation omitted). The majority of the crimes prohibited by the CFAA "involve accessing computers without authorization or in excess of authorization, and then taking specified forbidden actions, ranging from obtaining information to damaging a computer or computer data." ki More specifically, "[t]he CFAA . . . imposes liability on anyone who "intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains . . . information from any protected computer." Mintz v. Mark Bartelstein & Assocs. Inc., 906 F. Supp. 2d 1017, 1029 (C.D. Cal. 2012) (citing 18 U.S.C. § 1030(a)(2)). The CFAA also imposes liability on whoever "knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value." ki (quoting 18 U.S.C. § 1030(a)(4)). A person who "suffers damage or loss" as a result of a CFAA violation may bring a civil action against the violator under five enumerated circumstances. 18 U.S.C. §§ 1030(g), (c)(4)(A)(i)(I)-(V).
The Ninth Circuit has stated that "the plain language of the CFAA targets the unauthorized procurement or alteration of information, not its misuse or misappropriation." United States v. Nosal, 676 F.3d 854, 860 (9th Cir. 2012) (quoting Shamrock Foods Co. v. Gast, 535 F. Supp. 2d 962, 965 (D. Ariz. 2008)) (citing Orbit One Commc'ns, Inc. v. Numerex Corp., 692 F. Supp. 2d 373, 385 (S.D.N.Y. 2010) ("The plain language of the CFAA support a narrow reading. The CFAA expressly prohibits improper 'access' of computer information. It does not prohibit misuse or misappropriation."); Diamond Power Int'l, Inc. v. Davidson, 540 F. Supp. 2d 1322, 1343 (N.D. Ga. 2007) ("[A] violation for exceeding authorized access occurs where initial access is permitted by the access of certain information is not permitted."); Int'l Ass'n of Machinists & Aerospace Workers v. Werver-Masuda, 390 F. Supp. 2d 479, 499 (D. Md. 2005) ("[T]he CFAA, however, do[es] not prohibit the unauthorized disclosure or use of information, but rather unauthorized access.")). "In short, the CFAA is an "anti-hacking" statute and not a misappropriation statute." Hat World, Inc. v. Kelley, 2:12-CV-001591-LKK, 2012 WL 3283486, at *5 (E.D. Cal. Aug. 10, 2012) (citing Nosal, 676 F.3d at 860). Thus, in the Ninth Circuit, claims alleging violation of the CFAA are not preempted by the CUTSA. Accordingly, Defendants' motion to dismiss Plaintiffs' CFAA claims on preemption grounds is denied.
Whether Plaintiffs successfully stated CFAA claims is a separate matter, discussed infra.
C. Remaining Claims
Only Plaintiffs' claims for breach of contract, trade secret misappropriation, and violations of the CFAA survive the preemption analysis. See supra. Thus, the Court must examine whether Plaintiffs have successfully stated a claim for each of these causes of action. As set forth above, the Court's inquiry focuses on whether Plaintiffs have pled facts sufficient to "state a claim to relief that is plausible on its face." See Twombly, 550 U.S. at 570.
1. Breach of Contract
Plaintiffs allege that Defendant McCarren breached his Agency Appointment Agreement, and continues to breach his "continuing contractual obligations," by engaging in the following conduct: (a) soliciting business from Farmers' present and former policyholders; (b) switching or rewriting business from Farmers to other insurance carriers and servicing such insurance coverage after it was switched away from Farmers; (c) using Farmers' confidential business information that he acquired while serving as a Farmers agent to the detriment of Farmers; and (d) using Farmers' confidential business information that he acquired and/or retained. Defendants contend that while the Agency Appointment Agreement states in paragraph H that "for a period of one year . . . the Agent will neither directly or indirectly solicit, accept, or service the insurance business of any policyholder of record in the agencies of this district as of the date of payment or tender of payment," this provision is invalid because it violates California Business and Professions Code section 16600. Thus, Defendants contend Plaintiffs have not pled facts showing that McCarren's alleged actions of "soliciting business from Farmers' present and former policyholders" and "switching or rewriting business from Farmers to other insurance carriers and serving such insurance coverage after it was switched away from Farmers" violates a portion of the contract is valid and enforceable.
Defendants do not take issue with Plaintiffs allegations that Defendant McCarren is liable for breach of contract for using Farmers' confidential business information he acquired while serving as a Farmers agent to the detriment of Farmers, or for using Farmers' confidential business information that Defendant McCarren acquired and/or retained.
California Business & Professions Code section 16600 provides: "Except as provided in this chapter, every contract by which anyone is restrained from engaging in a lawful profession, trade, or business of any kind is to that extent void." Cal. Bus. & Prof. Code § 16600. "In its recent decision in Edwards v. Arthur Andersen LLP, 44 Cal.4th 937 (2008), the California Supreme Court confirmed the continued viability and breadth of section 16600. The Court explained that by enacting section 16600, the California legislature rejected the 'rule of reasonableness' applied to non-compete agreements at common law." Richmond Techs., Inc. v. Aumtech Bus. Solutions, 11-CV-02460-LHK, 2011 WL 2607158 (N.D. Cal. July 1, 2011). "As a result, '[t]oday in California, covenants not to compete are void, subject to several exceptions,' and the California Supreme Court 'generally condemns noncompetition agreements.'" Id. (quoting Edwards, 44 Cal. 4th at 945-46).
But the applicability of section 16600 does not automatically undermine Plaintiff's claim. As the Northern District of California explained, "[a]lthough California courts have consistently 'condemn[ed]' agreements that place restraints on the pursuit of a business or profession," Richmond Techs., Inc., 2011 WL 2607158, *18 (quoting Edwards, 44 Cal.4th at 946), "[a]n equally lengthy line of cases has consistently held former employees may not misappropriate the former employer's trade secrets to unfairly compete with the former employer," Id. (quoting Retirement Grp. v. Galante, 176 Cal. App. 4th 1226, 1237 (2009)). Accordingly, "courts have repeatedly held a former employee may be barred from soliciting existing customers to redirect their business away from the former employer and to the employee's new business if the employee is utilizing trade secret information to solicit those customers." Id. (quoting Retirement Group, 176 Cal. App. 4th at 1237) (emphasis in original).
"At times, courts have applied this principle to create a 'trade secret exception' to section 16600, pursuant to which a non-compete or non-solicitation clause may be valid under section 16600 if it is necessary to protect a trade secret." Id. (citing Asset Marketing Sys., Inc. v. Gagnon, 542 F.3d 748, 758 (9th Cir. 2008) ("Under California law, non-competition agreements are unenforceable unless necessary to protect an employer's trade secret."); Edwards, 44 Cal.4th at 946 n.4 (noting but declining to address the "so-called trade secret exception to section 16600"); Barney v. Burrow, 558 F. Supp. 2d 1066 (E.D. Cal. 2008)). However, "[o]ther cases suggest that case law protecting trade secrets does not actually create an exception to Section 16600, but instead enables courts to enjoin the misuse of trade secrets as an independent wrong, either as a tort or a violation of the Unfair Competition Law." Id. (citing Retirement Grp.,176 Cal. App. 4th at 1238; Dowell v. Biosense Webster, Inc., 179 Cal. App. 4th 564, 577 (2009)).
When the trade secret exception applies, a plaintiff may succeed on a breach of contract claim that alleges that defendants breached the non-solicitation provisions of the agreement. See Bank of Am., N.A. v. Lee, CV 08-5546 CAS(JWJX), 2008 WL 4351348, at *6 (C.D. Cal. Sept. 22, 2008) (holding plaintiffs likely to succeed on breach of contract claim when trade secret exception applied to non-solicitation provision of contract).
Here, Plaintiffs have pled facts adequate to establish a claim for misappropriation of trade secrets. See infra. Thus, for purposes of the instant motion to dismiss, Plaintiffs have pled facts sufficient to establish that the non-solicitation clause in the Agency Appointment Agreement can be enforced against Defendants for the purpose of protecting Plaintiffs' alleged trade secrets. Thus, Defendants' motion to dismiss Plaintiffs' breach of contract claim is denied.
2. Trade Secret Misappropriation
Plaintiffs argue that Farmers' customer lists, policyholder records, and proprietary information constitute protectable trade secrets," and that Defendants' actions constitute misappropriation of those trade secrets. (ECF No. 1 at 16).
California has adopted the Uniform Trade Secrets Act ("CUTSA"). MAI Sys. Corp. v. Peak Computer, Inc., 991 F.2d 511, 520 (9th Cir. 1993), cert. denied, 510 U.S. 1033 (1993). To prevail on their trade secret misappropriation claim, Plaintiffs must satisfy the CUTSA's "two primary elements": "(1) the existence of a trade secret, and (2) misappropriation of the trade secret." AccuImage Diagnostics Corp. v. Terarecon, Inc., 260 F. Supp. 2d 941, 950 (N.D. Cal. 2003) (citing Cal. Civ. Code § 3426.1(b)).
Existence of a Trade Secret
The CUTSA defines a "trade secret" as "information, including a formula, pattern, compilation, program, device, method, technique, or process, that . . . [d]erives independent economic value, actual or potential, from not being generally known to the public or to other persons who can obtain economic value from its disclosure or use; and . . . is the subject of efforts that are reasonable under the circumstances to maintain its secrecy." Cal. Civ. Code § 3426.1(d).
"It is well-established that a customer list may constitute a protectable trade secret." Wyndham Resort Dev. Corp. v. Bingham, No. 2:10-cv-01556-GEB-KJM, 2010 WL 2720920, at *5 (E.D. Cal. July 8, 2010) (quoting Gable-Leigh, Inc. v. N. Am. Miss, No. CV 01-01019 MMM (SHX), 2001 WL 521695, at *15 (C.D. Cal. Apr. 13, 2001)); see also Robert Half Int'l, Inc. v. Murray, No. CV F 07-0799 LJO SMS, 2008 WL 2625857, at *4 (E.D. Cal. June 25, 2008) ("A customer list acquired by lengthy and expensive efforts deserves protection as a trade secret") (citing MAI Sys., 991 F.2d at 521; Courtesy Temp. Serv., Inc. v. Camacho, 222 Cal. App. 3d 1278, 1288 (1990)). In Morlife, Inc. v. Perry, the California Court of Appeal gave a detailed explanation of the circumstances in which a customer list is entitled to trade secret protection under California law and the CUTSA:
[C]ourts are reluctant to protect customer lists to the extent they embody information which is "readily available" through public sources, such as business directories. On the other hand, where the employer has expended time and effort identifying customers with particular needs or characteristics, courts will prohibit former employees from using this information to capture a share of the market.56 Cal. App. 4th 1514, 1521-22 (1997).
Such lists are to be distinguished from mere identities and locations of customers where anyone could easily identify the entities as potential customers. As a general principle, the more difficult the information is to obtain, and the more time and resources expended by an employer in gathering it, the more likely a court will find such information constitutes a trade secret.
Here, Plaintiffs' customer lists do not consist solely of the customers' names, birthdates, and driver's license numbers, which information would be "readily available" to the public. Rather, the customer lists contain information including names, addresses, and telephone numbers, as well as "information relating to . . . customers' insurance needs, such as the type of insurance that the customer needs, the type of cars owned, the details of their homes and other insured properties, their eligibility for discounts, and the date their insurance policies expire." (ECF No. 1 at 10.) The information also includes "social security numbers and other private information about customers, such as their employment and financial condition." (ECF No. 1 at 10.) Plaintiffs also contend that compiling their information about the customers' particular characteristics involved the expenditure of considerable amount of time and resources. Thus, the Court finds that Plaintiffs have adequately alleged that the customer lists at issue contain information that is difficult to obtain, and that Plaintiffs devoted time and effort to gathering this information.
As to the CUTSA requirement that the material have "economic value," the California Court of Appeal stated:
The requirement that a customer list must have economic value to qualify as a trade secret has been interpreted to mean that the secrecy of this information provides a business with a substantial business advantage. In this respect, a customer list can be found to have economic value because its disclosures would allow a competitor to direct its sales efforts to those customers who have already shown a willingness to use a unique type of service or product as opposed to a list of people who only might be interested. Its use enables the former employee to solicit both more selectively and more effectively.56 Cal. App. 4th at 1522 (internal citations and quotations omitted).
In the present case, Plaintiffs allege that the information contained in their customers lists and on the eCMS database has substantial economic value to Farmers, and would have economic value if available to Farmers' competitors because "[a] business priority is securing the annual or semi-annual policy renewals from, along with any new policies needed by, the roster of Farmers' current insureds. A high retention rate is essential to Farmers' long-term financial health and growth. Farmers make[s] every effort to renew policies and a very high percentage of its policyholders renew their policies with Farmers each year." (ECF No. 1 at 10.) The information that Farmers retains about their policyholders allows Farmers agents and District Managers "to track information about and provide services to its policyholders better than those of its competitors." (ECF No. 1 at 10-11.) Plaintiffs allege that "[c]ompetitors can far more easily solicit Farmers' insureds to change insurance providers when those competitors can unfairly access Farmers' trade secret information without having made the investment of time, labor, and capital that Farmers . . . made to compile and update the information." (ECF No. 1 at 11.)
Furthermore, Plaintiffs have pled facts showing that they took reasonable measures under the circumstances to maintain the secrecy of their customer lists. Plaintiffs allege that "Farmers maintains its customer information, including policy expirations, on a password and user-ID protected system." (ECF No. 1 at 12.) Furthermore, Plaintiffs allege that "Farmers protects its trade secret customer information by requiring each employee or agent or District Manager who will access the data to agree to use Farmers' trade secret customer information only in the course of their relationship with Farmers, and promise not to divulge Farmers' trade secret customer information to third parties or to use it in any way detrimental to Farmers." (Id.) "Farmers also protects its customer information by issuing company policies regarding access to and preservation of" this information, and maintains "copies of those policies on the Agency Dashboard." (Id.) When Farmers agents access "Farmers' proprietary system through the Agency Dashboard, [the agents] agree to abide by an additional and separate 'Legal Disclaimer.'" (Id.) This 'Legal Disclaimer' informs the agents that the information they are accessing is "Farmers' proprietary, confidential[,] and trade secret information." (Id.) Finally, Plaintiffs allege that "Farmers also periodically remind[s] agents of [Farmers'] confidentiality policies via bulletins and other communications." (Id.)
These allegations are adequate to show that the relevant trade secrets are "subject of efforts that are reasonable under the circumstances to maintain [their] secrecy," as required by the CUTSA. See Cal. Civ. Code § 3426.1(d).
Plaintiffs have adequately plead facts showing that the Confidential Policyholder Information is "information" that "[d]erives independent economic value, actual or potential, from not being generally known to the public or to other persons who can obtain economic value from its disclosure or use; and . . . is the subject of efforts that are reasonable under the circumstances to maintain its secrecy." Cal. Civ. Code § 3426.1(d). As such, Plaintiffs' have sufficiently established, for purposes of the instant motion to dismiss, that their customer lists constitute a protectable trade secret under the CUTSA.
The next issue is whether Plaintiffs have adequately pled the "misappropriation" prong of the CUTSA's test. The CUTSA defines "misappropriation" as:
(1) Acquisition of a trade secret of another by a person who knows or has reason to know that the trade secret was acquired by improper means; orCal. Civ. Code § 3426.1(b). Here, Plaintiffs allege that Defendants misappropriated Plaintiffs' trade secrets by "retaining or utilizing Farmers' Proprietary Information for the purpose of soliciting, directing, or advising Farmers' policyholders to switch their coverage away from Farmers and to Steele's competing business." (ECF No. 1 at 17.) Accordingly, Plaintiffs have adequately pled that Defendants misappropriated Farmers' trade secrets.
(2) Disclosure or use of a trade secret of another without express or implied consent by a person who:
(A) Used improper means to acquire knowledge of the trade secret; or
(B) At the time of disclosure or use, knew or had reason to know that his or her knowledge of the trade secret was:
(i) Derived from or through a person who had utilized improper means to acquire it;
(ii) Acquired under circumstances giving rise to a duty to maintain its secrecy or limit its use; or
(iii) Derived from or through a person who owed a duty to the person seeking relief to maintain its secrecy or limit its use;
. . . .
Defendants argue that Plaintiffs fail to allege that Plaintiffs actually own the trade secrets at issue, and therefore Plaintiffs fail to state a claim for trade secret misappropriation. (ECF No. 12 at 23 (citing Cytodyn, Inc. v. Amerimmune Pharmaceuticals, Inc., 160 Cal. App. 4th 288, 296 (2008)). However, as Defendants point out, Plaintiffs repeatedly allege that the trade secrets were compiled by Farmers, protected by Farmers, used by Farmers, subject to Farmers' best efforts to keep them secret, and are valuable to Farmers. (ECF No. 1 at 10-12.) The trade secrets are referred to in the complaint as "Farmers' trade secrets." (ECF No. 1 at 11 ("Farmers engages in reasonable measures to preserve its trade secret Confidential Policyholder Information . . . ."), 12 ("Farmers protects its trade secret customer information . . . .").) These allegations are sufficient to plead that Farmers owns the trade secrets at issue.
Plaintiffs offer to amend the Complaint to include the specific allegation that Farmers owns the trade secrets at issue. While such an allegation is not necessary, as Plaintiffs' allegations are sufficient to show Farmers' ownership of the alleged trade secrets, Plaintiffs are nonetheless free to amend their Complaint to include such an allegation.
--------
Accordingly, Plaintiffs have adequately pled their claim for trade secret misappropriation under the CUTSA and Defendants' motion to dismiss this claim is denied.
3. CFAA
Plaintiffs allege that Defendants violated two sections of the CFAA. First, Plaintiffs allege Defendants violated 18 USC § 1030(a)(2)(C), "which provides for criminal penalties to be imposed on a person who: intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains . . . information from any protected computer . . . ." Brekka, 581 F.3d at 1131 (quoting 18 U.S.C. § 1030(a)(2)(C)). Plaintiffs also allege Defendants violated 18 U.S.C. § 1030(a)(4). Section 1030(a)(4) provides for criminal penalties to be imposed on a person who "knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period." 18 U.S.C. § 1030(a)(4).
Plaintiffs brought suit under subsection (g) of the CFAA, which provides a private right of action for individuals injured by such crimes. See 18 U.S.C. § 1030(g). Specifically, § 1030(g) provides that:
Any person who suffers damage or loss by reason of a violation of this section may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief. A civil action for a violation of this section may be brought only if the conduct involves 1 of the factors set forth in clause (I), (ii), (iii), (iv), or (v) of subsection (a)(5)(B).Id. "Thus, a private plaintiff must prove that the defendant violated one of the provisions of § 1030(a)(1)-(7), and that the violation involved one of the factors listed in § 1030(a)(5)(B)." Brekka, 581 F.3d at 1131. In the present case, Plaintiffs allege that Defendants' conduct involved the factor described in subsection (a)(5)(B)(i), which proscribes conduct that causes "loss to 1 or more persons during any 1-year period . . . aggregating at least $5,000 in value." 18 U.S.C. § 1030(a)(5)(B)(i).
Therefore, to successfully bring an action under § 1030(g) based on a violation of § 1030(a)(4), Plaintiffs must show that Defendants: (1) accessed a "protected computer," (2) without authorization or exceeding such authorization that was granted, (3) "knowingly" and with "intent to defraud," and thereby (4) "further[ed] the intended fraud and obtain[ed] anything of value," causing (5) a loss to one or more persons during any one-year period aggregating at least $5,000 in value. Brekka, 581 F.3d 1127, 1132 (9th Cir. 2009) (quoting 18 U.S.C. § 1030(a)) (citing P.C. Yonkers, Inc. v. Celebrations the Party and Seasonal Superstore, LLC, 428 F.3d 504, 508 (3d. Cir. 2005); Theofel v. Farey-Jones, 359 F.3d 1066, 1078 (9th Cir. 2004)). To successfully bring an action under § 1030(g) for a violation of § 1030(a)(2)(C), Plaintiffs must allege facts sufficient to show that Defendants: "(1) intentionally accessed a computer, (2) without authorization or exceeding authorized access, and . . . (3) thereby obtained information (4) from any protected computer . . . , and that (5) there was loss to one or more persons during any one-year period aggregating at least $5,000 in value." Brekka, 581 F.3d at 1132.
Defendants move to dismiss these causes of action on two grounds. First, Defendants argue that Plaintiffs allege neither the requisite lack of authority to access the computer(s) at issue, nor do Plaintiffs allege the requisite unauthorized access. (ECF No. 12 at 18.) Second, Defendants contend that Plaintiffs do not allege the damages or loss required to state a claim pursuant to the CFAA. (ECF No. 12 at 20.)
Access Without Authorization/ Exceeding Authorized Access
The second prong of both §§ 1030(a)(2)(C) and (a)(4) requires that the defendant either "intentionally accesses a computer without authorization," or that the defendant "exceeds [his or her] authorized access." 18 U.S.C. §§ 1030(a)(2)(C), (a)(4). In Brekka, the Ninth Circuit stated that "an individual who is authorized to use a computer for certain purposes but goes beyond those limitations is considered by the CFAA as someone who has 'exceed[ed] authorized access.'" 581 F.3d at 1133. By contrast, "a person who uses a computer 'without authorization' has no rights, limited or otherwise, to access the computer in question." Id. Thus, in Brekka, the Ninth Circuit found that "when an employer authorizes an employee to use a company computer subject to certain limitations, the employee remains authorized to use the computer even if the employee violates those limitations. It is the employer's decision to allow or to terminate an employee's authorization to access a computer that determines whether the employee is with or 'without authorization.'" Id.
In United States v. Nosal, a case decided three years after Brekka, the Ninth Circuit clarified the scope of the CFAA and the meaning of the term "exceeds authorized access." 676 F.3d 854. The facts of Nosal are remarkably similar to those alleged in the present case. Defendant David Nosal worked for an executive search firm. 676 F.3d at 856. "Shortly after [Nosal] left the company, he convinced some of his former colleagues who were still working [there] to help him start a competing business." Id. Just as Plaintiffs allege here, "[t]he employees used their log-in credentials to download source lists, names and contact information from a confidential database on the company's computer, and then transferred the information to Nosal." Id. "The employees were authorized to access the database, but [the company] had a policy that forbade disclosing confidential information." Id. The government brought charges under the CFAA against Nosal for "aiding and abetting the [company's] employees in 'exceeding their authorized access' with intent to defraud." ki
The Ninth Circuit rejected the government's argument that the CFAA's phrase "exceeds authorized access" "could refer to someone who has unrestricted physical access to a computer, but is limited in the use to which he can put the information." ki at 867. The Ninth Circuit found that the "government's interpretation would transform the CFAA from an anti-hacking statute into an expansive misappropriation statute." Id. Instead, the court "recognize[d] that the plain language of the CFAA 'targets the unauthorized procurement or alteration of information, not its misuse or misappropriation.'" Id. at 863 (quoting Shamrock Foods Co. v. Gast, 535 F. Supp. 2d 962, 965 (D. Ariz. 2008)) (internal alterations omitted) (citing Orbit One Commc'ns, Inc. v. Numerex Corp., 692 F. Supp. 2d 373, 385 (S.D.N.Y. 2010); Diamond Power Int'l, Inc. v. Davidson, 540 F. Supp. 2d 1322, 1343 (N.D. Ga. 2007); Int'l Ass'n of Machinists & Aerospace Workers v. Werner-Masuda, 390 F. Supp. 2d 479, 499 (D. Md. 2005)). The Ninth Circuit thus held that the phrase "'exceeds authorized access' in the CFAA is limited to violations of restrictions on access to information, and not restrictions on its use." Id. at 863-64 (emphasis in original). "Because Nosal's accomplices had permission to access the company database and obtain the information contained within," the court found that "the government's charges fail[ed] to meet the element of 'without authorization, or exceeds authorized access' under 18 U.S.C. § 1030(a)(4)." Id. at 864.
Plaintiffs allege that Defendants accessed Plaintiffs' computers "without authorization." (ECF No. 1 at 21, 22.) Plaintiffs also make the blanket allegation that "Defendants were not authorized to access the Agency Dashboard and eCMS." (ECF No. 1 at 21.) The Court must address these allegations as to each Defendant.
First, as to Defendant McCarren, Plaintiffs also specifically allege that he was a Farmers agent (ECF No. 1 at 12) and that the Agency Dashboard and eCMS are tools for Farmers agents (ECF No. 1 at 10-12). Thus, Defendant McCarren the Court cannot properly characterize Defendant McCarren as "a person who . . . has no rights, limited or otherwise, to access the computer in question." See Brekka, 581 F.3d at 1133. Accordingly, the facts as pled do not show that Defendant McCarren accessed Plaintiffs' computers "without authorization." Furthermore, because Plaintiffs' allegations reveal that Defendant McCarren, as an agent, had permission to access Farmers' confidential proprietary information through eCMS and the Agency Dashboard, Defendant McCarren did not "exceed authorized access" by accessing such information, although he may have used such information for an improper purpose. See Nosal, 676 F.3d at 863-64. Accordingly, Plaintiffs have failed to state facts sufficient to allege the second prong of either § 1030(a)(2)(C) or § 1030(a)(4) against Defendant McCarren. Plaintiffs' seventh and eighth causes of action against Defendant McCarren are therefore dismissed.
As to Defendants Steele and Blalock, Plaintiffs allege that each was a District Manager for Farmers. (ECF No. 1 at 12.) Plaintiffs allege that the "Agency Dashboard . . . allows Farmers insurance agents, District Managers, and employees to track information about and provide services to its policyholders," and that "eCMS is a tool used by authorized insurance agents and District Managers to Farmers Policyholders." (ECF No. 1 at 10-11.) Thus, Plaintiffs' allegations reveal that Defendants Steele and Blalock were authorized to access the Agency Dashboard and eCMS while these Defendants were District Managers. However, Plaintiffs contradict this allegation by later stating that "Defendants were not authorized to access the Agency Dashboard and eCMS" and that "Defendants have intentionally and without authorization accessed, caused others to access, and/or have utilized others' user ID and password combination to access the Agency Dashboard or eCMS . . . ." (ECF No. 1 at 21.) Thus, as with Defendant McCarren, Plaintiffs' specific factual pleadings as to Defendants Blalock and Steele show that these Defendants were indeed authorized by Farmers to access Plaintiffs' computers. As such, Plaintiffs fail to plead facts sufficient to show that Defendants Steele and Blalock were "without authorization" to access those computers. Furthermore, Plaintiffs' allegations make clear that Defendants Steele and Blalock had the authority to access eCMS and the Agency Dashboard on the computers at issue, and therefore did not "exceed [their] authorized access" under the CFAA. Accordingly, Plaintiffs fail to state a claim against Defendants Steele and Blalock for violations of the CFAA, and Defendants' motion to dismiss these claims is granted.
Next, as to Defendant Perkins, Plaintiffs clearly allege that she "did not have permission to . . . access Farmers' computer systems." (ECF No. 1 at 14.) This allegation is sufficient to meet the second prong of the CFAA analysis, as it sufficiently states that Defendant Perkins was "a person who . . . [had] no rights, limited or otherwise, to access the computer in question." See Brekka, 581 F.3d at 1133.
As to Defendant Henton, the first question is whether he accessed the computer(s) at issue "without authorization." Plaintiffs allege that Defendant Henton "worked in his father's office," but was not a Farmers agent, and that Defendant Henton gave his "wife and daughter unauthorized access to Farmers' computer system apparently for the purpose of accessing information regarding Farmers' policyholders." (ECF No. 1 at 14). Plaintiffs also allege that "[a]t all times relevant to this Complaint, Defendants were not authorized to access the Agency Dashboard and eCMS." (ECF No. 1 at 21.) However, nowhere do Plaintiffs allege that Defendant Henton was not authorized to access the physical computer(s) in question. Thus, Plaintiffs fail to plead facts sufficient to show that Defendant Henton was a person "without authorization" under the CFAA. See Brekka, 581 F.3d at 1133. Thus, the next question is whether Defendant Henton "exceeded [his] authorized access" under the CFAA. Plaintiffs allege that "Defendants have intentionally and without authorization accessed . . . , and/or have utilized others' user ID and password combination to access the Agency Dashboard or eCMS . . . ." (ECF No. 1 at 21.) As the term is used in the Complaint, "Defendants" includes Defendant Henton and thus this allegation applies to Defendant Henton. As such, Plaintiffs allege that Defendant Henton intentionally and without authorization accessed Farmers' Agency Dashboard and eCMS. Viewed in the light most favorable to Plaintiffs, these allegations reveal that Defendant Henton "violat[ed] . . . restrictions on access to information," seeNosal, 676 F.3d at 863-64, and therefore "exceeded his authorized access." Plaintiffs' allegations as to Defendant Henton therefore meet the second prong of the analysis for §§ 1030(a)(2)(C) and (a)(4).
Damages/ Loss
Defendants contend that Plaintiffs have not alleged any facts to support the "loss" element of the CFAA claims. Pursuant to §§ 1030(a)(2)(C) and (a)(4), Plaintiffs must allege facts showing that Defendants caused "a loss to one or more persons during any one-year period aggregating at least $5,000 in value." Brekka, 581 F.3d at 1132. The CFAA defines "loss" as "any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service . . . ." 18 U.S.C. § 1030(e)(11). "'Loss,' therefore, means two things: 'any reasonable cost to the victim,' and lost revenue or other damages incurred as a result of an interruption of service." AtPac, Inc. v. Aptitude Solutions, 730 F. Supp. 2d 1174, 1184 (E.D. Cal. 2010). The CFAA defines "damage" as "any impairment to the integrity or availability of data, a program, a system, or information . . . ." Id. § 1030(e)(8).
To allege a loss under the CFAA, "plaintiffs must identify impairment of or damage to the computer system that was accessed without authorization." AtPac, Inc., 730 F. Supp. 2d at 1184 (quoting Doyle v. Taylor, No. 09-158, 2010 WL 2163521, at *2 (E.D. Wash. May 24, 2010) (holding that where plaintiff alleged defendant accessed plaintiff's USB thumb drive and retrieved a sealed document, "[p]laintiff would have to show that the thumb drive itself was somehow damaged or impaired by Defendant's act of accessing the drive.")). "Cognizable costs also include the costs associated with assessing a hacked system for damage [and] upgrading a system's defenses to prevent future unauthorized access." Id. (citing Doyle, 2010 WL 2163521 at *3); see also SuccessFactors, Inc. v. Softscape, Inc., 544 F. Supp. 2d 975 (N.D. Cal. 2008) ("[W]here the offense involves unauthorized access and the use of protected information . . . the cost of discovering the identity of the offender or the method by which the offender accessed the protected information [is] part of the loss for purposes of the CFAA.").
Indeed, a number of courts have noted that "costs not related to computer impairment or computer damages are not compensable under the CFAA." SKF USA, Inc. v. Bjerkness, 636 F. Supp. 2d 696, 721 (N.D. Ill. 2009) (citing Civic Ctr. Motors, Ltd. v. Mason St. Imp. Cars, Ltd., 387 F. Supp. 2d 378, 382 (S.D.N.Y. 2005)); see also Nexans Wires S.A. v. Sark-USA, Inc., 166 F. App'x 559, 562-63 (2d Cir. 2006); Del Monte Fresh Produce, N.A., Inc. v. Chiquita Brands Int'l Inc., No. 07 C 5902, 2009 WL 743215, at *4 (N.D. Ill. Mar.19, 2009); Modis, Inc. v. Bardelli, 531 F. Supp. 2d 314, 320 (D. Conn. 2008)). In SKF USA, Inc., the plaintiff "only alleged that its business was harmed by [the] [d]efendants' alleged violations of the [CFAA]." 636 F. Supp. 2d at 721. The court observed that "[s]uch economic losses are better addressed . . . under state contract and trade secrets law," and held that because the plaintiff "did not plead that it suffered any costs related to its computers in responding to [the] [d]efendants' actions nor that it suffered any service interruptions, [the plaintiff] . . . failed to show any loss redressable under the CFAA." Id. at 721-22.
Here, the Court agrees that "[c]osts not related to computer impairment or computer damages are not compensable under the CFAA." Id. at 721. As such, Plaintiffs have failed to allege losses that satisfy the CFAA's definition of "loss." Rather, Plaintiffs allege that they have suffered "substantial damage and harm in the form of lost present and future business revenue." (ECF No. 1 at 22, 23.) These allegations are not sufficient to allege a "loss" under the CFAA. Accordingly, Defendants' motion to dismiss Plaintiffs' seventh and eighth causes of action is granted as to all defendants.
CONCLUSION
For the reasons set forth above, it is hereby ordered that:
1. Defendants' Motion to Dismiss Plaintiffs' first and second claims is DENIED. (ECF No. 12.)
2. Defendants' Motion to Dismiss Plaintiffs' third, fourth, fifth, sixth, seventh, eighth and ninth claims is GRANTED. (ECF No. 12.) These causes of action are DISMISSED WITHOUT PREJUDICE as to all Defendants.
3. Not later than twenty (20) days following the date of this Memorandum and Order is electronically filed, Plaintiffs may file an amended complaint. If no amended complaint is filed within said twenty (20) day period, without further notice to the parties, the causes of action dismissed by virtue of this Memorandum and Order will be dismissed with prejudice.
IT IS SO ORDERED.
___________________________________
MORRISON C. ENGLAND, JR, CHIEF JUDGE