Opinion
No. 05-1056-CV-W-DW.
April 24, 2006
ORDER
Before the Court is Defendants' motion to dismiss or to transfer for improper venue and to dismiss for lack of federal jurisdiction and failure to state a cause of action, or in the alternative, motion for a more definite statement (Doc. 12).See Fed.R.Civ.P. 12(b), (e). The motion is denied.
I. The Complaint
According to the complaint, "HR Block seeks a declaratory judgment, injunctive relief and damages . . . arising by reason of the defendants' unlawful and unauthorized access and use of its confidential customer information. HR Block also seeks an injunction to ensure that defendants do not continue any unlawful and unauthorized access of such confidential and proprietary information."
HR Block is a Kansas City, Missouri based business that provides income tax return preparation services. Defendant JM Securities, LLC is a collections company that "actively researches various sources to obtain information about debtors." Defendant Jay R. Burns, Jr. is its agent and attorney.
In January 2005, Defendants "began issuing bulk Execution/Garnishment Applications and Orders to HR Block's headquarters in Kansas City, identifying many former HR Block clients as debtors. . . . In all, at least 79 garnishment proceedings were filed seeking to have HR Block withhold money due to its clients." HR Block treats information about its clients as confidential, as required by federal law. See 26 U.S.C. §§ 6103, 7216. The complaint states:
12. Upon information and belief, defendants obtained detailed and near "real-time" information regarding HR Block and its clients' financial information for the 2005 tax season. Additionally, defendants have obtained detailed information about past Block clients' tax returns.
13. Upon information and belief, defendants could not possibly have gathered Block's clients' income tax information they have without improperly accessing and obtaining Block's confidential information either from Block directly or from a third party bank with which Block has a contractual relationship and may share certain of its client data with the client's consent. In either case, the client information is Block's confidential information and is protected by law as described above.
14. HR Block has not voluntarily provided defendants with any tax return information and HR Block has not been advised that any client gave the defendants authorization to obtain it.
Count 1 alleges violation of the Electronic Communications Privacy Act under 18 U.S.C. §§ 2701, 2707:
20. HR Block provides electronic communication services in connection with its tax preparation and related services.
21. Upon information and belief, defendants knowingly and intentionally, and without authorization, accessed HR Block's database facilities through which it provides electronic communication services in order to obtain confidential and proprietary information about HR Block's clients.
22. Defendants were not authorized or exceeded any authorization to access HR Block's database facilities containing confidential information about its clients.
23. Upon information and belief, defendants obtained unauthorized access to this electronic communication and data concerning HR Block's clients while it was in electronic storage in HR Block's system.
Count 2 alleges violation of the Computer Fraud and Abuse Act under 18 U.S.C. § 1030:
27. Upon information and belief, defendants knowingly and intentionally accessed HR Block's protected computer system without authorization.
28. As a result of defendants' unauthorized, intentional access of HR Block's protected computer system, HR Block has suffered damages and a loss of no less than $5,000.00, including but not limited to its costs to respond to this offense.
The complaint further asserts state law counts for violation of the Missouri Uniform Trade Secrets Act and for conversion, and requests injunctive relief.
II. Discussion
Defendants' basic arguments are: (1) this case should be dismissed for improper venue; (2) this case should be dismissed for lack of subject matter jurisdiction or failure to state federal claims upon which relief can be granted; (3) Plaintiff should make a more definite statement of its claims; and (4) this Court should abstain from hearing the case.
First, venue is proper here because a substantial part of the events or omissions giving rise to this lawsuit occurred in this District. See 28 U.S.C. 1391(b)(2). True, Defendants deny that the alleged events or omissions occurred at all. But — as pleaded — Plaintiff's principal place of business is in this District, and Defendants allegedly accessed information stored in this District, causing harm or loss. The Court finds that venue here is proper. See 28 U.S.C. § 1391(b)(2); see also Setco Enters. Corp. v. Robbins, 19 F.3d 1278, 1281 (8th Cir. 1994);Peridyne Tech. Solutions, LLC v. Matheson Fast Freight, Inc., 117 F. Supp. 2d 1366, 1373 (N.D. Ga. 2000) ("[T]he plaintiff alleges that the [defendants] illegally accessed the plaintiff's computer systems in Georgia. The fact that the defendants used computers and telephones to enter Georgia does not make venue in Georgia improper.").
Second, Defendants argue that Plaintiff's claims are not properly brought in federal court. This Court certainly has subject matter jurisdiction over claims brought under federal statutes, such as the computer privacy laws at issue in this case. See 28 U.S.C. § 1331. The real issue is whether Plaintiff adequately states its federal claims. See Fed.R.Civ.P. 12(b)(6).
"A complaint should not be dismissed for failure to state a claim unless it appears beyond doubt that the plaintiff can prove no set of facts in support of his claim which would entitle him to relief." Parnes v. Gateway 2000, Inc., 122 F.3d 539, 545-46 (8th Cir. 1997). As a practical matter, a motion to dismiss should be granted "only in the unusual case in which plaintiff includes allegations that show on the face of the complaint that there is some insuperable bar to relief." Frey v. City of Herculaneum, 44 F.3d 667, 671 (8th Cir. 1995). Under the Federal Rules, a complaint need not set out in detail every fact upon which claims are based. Instead, a "pleading which sets forth a claim for relief . . . shall contain . . . a short and plain statement of the claim showing that the pleader is entitled to relief. . . ." Fed.R.Civ.P. 8(a). The relevant inquiry is whether a complaint puts the defendant on notice as to the substance of the claims. See BJC Health Sys. v. Columbia Cas. Co., 348 F.3d 685, 688 (8th Cir. 2003).
Applying the above standards, the Court finds that Plaintiff states a claim under the Electronic Communications Privacy Act (ECPA). See 18 U.S.C. §§ 2701, 2707. Section 2707 creates a civil action by a person aggrieved by a violation of section 2701. The ECPA is violated when a person or entity "intentionally accesses without authorization a facility through which an electronic communication service is provided," or "intentionally exceeds an authorization to access that facility," and "thereby obtains . . . a wire or electronic communication while it is in storage in such system. . . ." 18 U.S.C. § 2701(a). Defendants first argue vigorously that Plaintiff cannot plead "access by inference." However, the complaint alleges "unlawful and unauthorized access and use of its confidential customer information," and "upon information and belief, defendants could not possibly have gathered Block's clients' income tax information they have without improperly accessing and obtaining Block's confidential information either from Block directly or from a third party bank with which Block has a contractual relationship and may share certain of its client data with the client's consent." Defendants are on notice that Plaintiff is alleging unauthorized access. See BJC Health Sys., 348 F.3d at 688. Finding the fact of "access" or "no access" is a task for discovery, summary judgment, and trial.
Defendants' best argument is that Plaintiff is not a provider of an "electronic communication service," and thus the ECPA does not regulate access to Plaintiff's facility. The statute defines "electronic communication service" as "any service which provides to users thereof the ability to send or receive wire or electronic communications." 18 U.S.C. § 2510(15). The persuasive authority strongly supports Defendants' position. See In re JetBlue Airways Corp. Privacy Litig., 379 F. Supp. 2d 299, 308 (E.D.N.Y. 2005) (in the context of section 2702 on disclosure of customer communications, following cases holding that "the term does not encompass companies that sell air travel over the Internet but are not in the business of selling Internet access itself"); In re DoubleClick Inc. Privacy Litig., 154 F. Supp. 2d 497, 507-13 (S.D.N.Y. 2001) (identifying "internet access" as the relevant "service which provides to users thereof the ability to send or receive wire or electronic communications," and stating that examples of providers include "America Online, Juno and UUNET, as well as, perhaps, the telecommunications companies whose cables and phone lines carry the traffic"); Crowley v. Cybersource Corp., 166 F. Supp. 2d 1263, 1270-72 (N.D. Cal. 2001) (holding that online merchant Amazon.com is not an electronic communication service provider despite the fact that it maintains a website and receives electronic communications containing personal information from customers in connection with the purchase of goods). In JetBlue, the court dismissed the case after finding as a matter of law that defendant JetBlue was not an electronic communication service provider. See JetBlue, 379 F. Supp. 2d at 309-10. However, in this case, the Court believes such a finding on the pleadings is premature. That finding would entail speculation about the nature of Plaintiff's role in electronic communication. On this motion, Plaintiff's allegation that "HR Block provides electronic communication services in connection with its tax preparation and related services" is sufficient to state a claim. After discovery, the Court will be inclined to apply the cited cases to the undisputed facts.
As for the claim under the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030, the Court has found that Plaintiff alleges unauthorized access to its computers. Defendants also contend that Plaintiff does not adequately plead "damage" or "loss" to state a civil cause of action. See 18 U.S.C. § 1030(g). The statute requires Defendants' conduct to have caused "loss to 1 or more persons during any 1-year period . . . aggregating at least $5,000 in value." 18 U.S.C. § 1030(a)(5)(B)(i). "Loss" is defined as "any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service." 18 U.S.C. § 1030(e)(11). In the complaint, Plaintiff alleges "unlawful and unauthorized access and use of its confidential customer information," and that, "[a]s a result of defendants' unauthorized, intentional access of HR Block's protected computer system, HR Block has suffered damages and a loss of no less than $5,000.00, including but not limited to its costs to respond to this offense." The Court finds that Plaintiff sufficiently alleges damage and loss, stating a claim under the CFAA. Cf. I.M.S. Inquiry Mgmt. Sys., Ltd. v. Berkshire Info. Sys., Inc., 307 F. Supp. 2d 521, 525-26 (S.D.N.Y. 2004). Persuasive authority narrowly construing compensable losses under the CFAA will be considered when the facts are developed.
Defendants' third argument is that the complaint should be clarified with a more definite statement. As discussed, Plaintiff has sufficiently stated its claims, such that Defendants are on notice of the nature of those claims. See BJC Health Sys., 348 F.3d at 688. No more is required under this Court's pleading standards. Therefore, the motion for a more definite statement will be denied.
Fourth, Defendants urge the Court to abstain from hearing this case. See, e.g., Colorado River Water Conservation Dist. v. United States, 424 U.S. 800, 813-20 (1976); cf. Vaqueria Tres Monjitas, Inc. v. Rivera Cubano, 341 F. Supp. 2d 69 (D.P.R. 2004) (transferring case and imposing sanctions for "judge-shopping" within a federal district court). They argue "improper forum shopping" because Plaintiff dismissed this case without prejudice in the midst of an early discovery dispute in state court. However, in light of this Court's "virtually unflagging obligation" to exercise its jurisdiction, Colorado River, 424 U.S. at 817, abstention is not warranted on the facts of this case. See, e.g., Mountain Pure, LLC v. Turner Holdings, LLC, 439 F.3d 920, 926 (8th Cir. 2006).
Finally, any other arguments raised in the motion will be denied.
III. Ruling
The Court hereby DENIES Defendants' motion (Doc. 12) in its entirety.
SO ORDERED.