Summary
declining to apply Rule 9(b) to a false advertising claim under the Lanham Act because "the Ninth Circuit itself has never held as such"
Summary of this case from A.H. Lundberg Assocs., Inc. v. Tsi, Inc.Opinion
Case No.: 5:13-cv-03385-PSG
01-03-2014
ORACLE AMERICA, INC., Plaintiff, v. TERIX COMPUTER COMPANY, INC. and MAINTECH INC., Defendants.
ORDER GRANTING-IN-PART
DEFENDANTS' MOTIONS TO
DISMISS
(Re: Docket Nos. 18 and 23)
Plaintiff Oracle America, Inc. sells big computer hardware and software - really big hardware and software - the kind that many of the largest companies in our economy use to run their businesses. But Oracle doesn't just make its money from the initial sale. Oracle also makes money from support and consulting services that its customers require long afterwards.
Not every Oracle customer buys its support and consulting from Oracle; customers may purchase these services from any number of third-party vendors. In this suit, Oracle seeks damages from, and an injunction against, two such suppliers: Defendants TERiX Computer Company, Inc. and Maintech Inc. While Oracle claims that Defendants are liable for infringement, fraud, abuse, and yet more, it does not allege that TeRIX and Maintech hacked its network or broke into its offices. Instead, Oracle alleges that TERiX and Maintech duped Oracle's customers into providing them with access to updates to Oracle's Solaris operating system - access to which Oracle says TERiX and Maintech had no right.
Before the court are TERiX and Maintech's motions to dismiss. While certain of Oracle's claims pass muster, others do not. Defendants' motions therefore are GRANTED, but only IN-PART, with leave to amend.
I. BACKGROUND
This case arises out of the parties' competition in the lucrative market for support and consulting services for computer systems running Oracle's Solaris operating system.
Docket No. 1 at ¶ 1. As required under Fed. R. Civ. P. 12, for the purposes of considering motions to dismiss, the court takes Oracle's allegations in its complaint as true. Consistent with this obligation, the court emphasizes that the merits of these allegations have yet to be determined.
A. Oracle's Business Model: Hardware/Software Plus Support
Oracle is the world's leading supplier of enterprise hardware and software systems, and related technical support and consulting services for those systems. Customers who own Oracle hardware have the option to purchase an annual contract for technical support services to be performed by Oracle for those hardware systems. As part of those support services, Oracle makes available to customers updates for the Solaris software that ships with and runs the hardware systems.
B. Customers "Unlock" Oracle's Support Services With a Unique "Customer Support Identification" Key
In most instances, Oracle delivers its technical support services for this software and firmware over the internet. Customers that purchase a technical support agreement from Oracle - either directly from Oracle or through a reseller authorized by Oracle to sell Oracle support renewal contracts - receive a "Customer Support Identification" number ("CSI number") linked to the products covered by the support contract. The CSI number allows customers to create login credentials to access Oracle's secure support website. Using those credentials, the licensed customer on active support may download Solaris updates for the hardware systems that are covered by the support agreement. The customer may not share or use its access credentials for the benefit of others or for the benefit of unsupported Oracle hardware - only customers who pay for and maintain a technical support agreement with Oracle for the hardware at issue may download Oracle's proprietary Solaris Updates, and only for their own internal business use on specified computers.
C. TeRIX and Maintech's Plot to Dupe Customers Into Handing Over Their Keys
TeRIX and Maintech offer support services related to Oracle's Solaris-based hardware systems. Each sometimes contracts directly with customers to provide this support, and at other times contracts indirectly as a subcontractor to another entity, such as its co-defendant. While a customer may choose to engage a third party instead of Oracle to provide support services on Oracle hardware, under such circumstances neither the third party nor the customer may access or use Oracle's support website. In particular, neither the third party nor the customer may use official, Oracle-authored Solaris updates to support the Oracle software running the hardware.
Neither TeRIX nor Maintech nor their customers that contracted with them directly or indirectly have any independent right to access, download, copy or distribute Solaris updates. TeRIX and Maintech nevertheless told their customers that (i) Defendants could lawfully provide that access and support (including in the case of TeRIX a false statement that it was an Oracle partner and authorized to provide this support) and/or (ii) customers were entitled to obtain Solaris Updates even without an active support contract with Oracle by virtue of their licenses to use the Solaris operating system in conjunction with their purchase of Oracle hardware. To provide their services, TeRIX and Maintech either obtained access credentials to Oracle's secure support website under false pretenses or directed others with access credentials to download Oracle's intellectual property unlawfully. With respect to at least one customer known to Oracle, TeRIX and Maintech also copied and distributed Oracle's copyrighted software, without authorization, as part of the services they provided to their customer.
To right these alleged wrongs, Oracle brings six claims: (1) copyright infringement; (2) violation of the Computer Fraud and Abuse Act ("CFAA") - 18 U.S.C. §§ 1030(a)(2)(C), (a)(4) & (a)(6)(A); (3) false advertising under the Lanham Act - 15 U.S.C. § 1125(a)(1)(B); (4) breach of contract; (5) intentional interference with prospective economic relations; and (6) unfair competition - Cal. Bus. & Prof. Code § 17200.
Id. at 46-94. At oral argument Defendants indicated their mutual intent to seek dismissal of all causes-of-action. Oracle, too, recognized that many of Defendants' arguments overlapped. To save the court duplicative briefing Oracle incorporated its arguments in opposition to Maintech's motion to dismiss by reference from its opposition to TERiX's motion to dismiss. Because of Defendants' intent to seek dismissal of all claims and the similar posture of the two Defendants, the court addresses Defendants' objections to Oracle's claims collectively in this order, with the exception of Maintech's objection to Oracle's Lanham Act claim.
II. LEGAL STANDARDS
A. Motion to Dismiss
A complaint must contain "a short and plain statement of the claim showing that the pleader is entitled to relief." When a plaintiff fails to proffer "enough facts to state a claim to relief that is plausible on its face," the complaint may be dismissed for failure to state a claim upon which relief may be granted. A claim is facially plausible "when the pleaded factual content allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged." Under Fed. R. Civ. P. 12(b)(6), "dismissal can be based on the lack of a cognizable legal theory or the absence of sufficient facts alleged under a cognizable legal theory." Dismissal without leave to amend is appropriate if it is clear that the complaint could not be saved by amendment.
Bell Atlantic Corp. v. Twombly, 550 U.S. 544, 570 (2007).
Ashcroft v. Iqbal, 556 U.S. 662, 663 (2009).
Balistreri v. Pacifica Police Dep't, 901 F.2d 696, 699 (9th Cir. 1990).
See Eminence Capital, LLC v. Asopeon, Inc., 316 F.3d 1048, 1052 (9th Cir. 2003).
B. Fed. R. Civ. P. 9(b)
"A party must state with particularity the circumstances constituting fraud or mistake," which requires "statements regarding the time, place, and nature of the alleged fraudulent activities" under Rule 9(b). "Mere conclusory allegations of fraud are insufficient." To satisfy the heightened standard under Rule 9(b), allegations must be "specific enough to give defendants notice of the particular misconduct which is alleged to constitute the fraud charged so that they can defend against the charge and not just deny that they have done anything wrong." This includes "the who, what, when, where, and how of the misconduct charged." "The plaintiff must set forth what is false or misleading about a statement, and why it is false." "A court may dismiss a claim grounded in fraud when its allegations fail to satisfy [Rule] 9(b)'s heightened pleading requirements."
In re GlenFed, Inc. Sec. Litig., 42 F.3d 1541, 1547-48 (9th Cir. 1994).
Id.
Semegen v. Weidner, 780 F.2d 727, 731 (9th Cir. 1985).
Vess v. Ciba-Geigy Corp. USA, 317 F.3d 1097, 1106 (9th Cir. 2003).
GlenFed, 42 F.3d at 1548.
Saldate v. Wilshire Credit Corp., 686 F. Supp. 2d 1051, 1064 (E.D. Cal. 2010).
III. ANALYSIS
A. Computer Fraud and Abuse Act
The CFAA was enacted "to enhance the government's ability to prosecute computer crimes," and is "designed to target hackers who accessed computers to steal information or to disrupt or destroy computer functionality, as well as criminals who possessed the capacity to access and control high technology processes vital to our everyday lives." The Act proscribes various computer crimes, "the majority of which involve accessing computers without authorization or in excess of authorization, and then taking specified forbidden actions, ranging from obtaining information to damaging a computer or computer data." The CFAA only reaches computer hacking that is intended to procure or alter information, not the misappropriation of such information.
LVRC Holdings LLC v. Brekka, 581 F.3d 1127, 1130 (9th Cir. 2009).
Id.
See United States v. Nosal, 676 F.3d 854, 862-63 (9th Cir. 2012).
While the CFAA is primarily a criminal statute, it also creates a private right of action for persons injured by conduct prohibited thereunder. To prevail on a civil claim under Section 1030(g), "a private plaintiff must prove that the defendant violated one of the provisions of [Section] 1030(a) (1)-(7), and that the violation involved one of the factors listed in [Section] 1030(a)(5)(B)." Those factors are as follows: (1) "loss to 1 or more persons during any 1-year period" aggregating "at least $5,000 in value"; (2) "the modification or impairment, or potential modification or impairment, of the medical examination, diagnosis, treatment, or care of 1 or more individuals"; (3) "physical injury to any person"; (4) "a threat to public health or safety"; and (5) "damage affecting a computer used by or for an entity of the United States Government in furtherance of the administration of justice, national defense, or national security."
See 18 U.S.C § 1030(g).
Brekka, 581 F.3d at 1131.
Defendants take issue with Oracle's CFAA claim on three grounds. First, Rule 9(b) applies and Oracle has not met the heightened pleading standard. Second, Oracle has not pleaded enough factual allegations to state a valid claim for password trafficking. Third, because the disputed login credentials were working, Oracle has not sufficiently alleged unauthorized access pursuant to Nosal. The court address each argument in turn.
1. Rule 9(b)
Defendants and Oracle initially disagree as to whether the heightened pleading standards from Rule 9(b) apply to Oracle's CFAA claim. Defendants lean heavily on Oracle Am., Inc. v. Serv. Key, LLC, another CFAA case brought by Oracle against a third-party Solaris service provider in this district, which held "that Oracle's claim under the CFAA" was "subject to the heightened pleading requirements of Rule 9(b)." The court noted that although the Ninth Circuit "has not yet addressed the question of whether a CFAA claim must be pled" with particularity, the Ninth Circuit has held "that even where fraud is not a necessary element of a claim, Rule 9(b) nonetheless applies where 'a unified course of fraudulent conduct'" is alleged that constitutes the basis of the claim. Such claims are "said to be 'grounded in fraud' or to 'sound in fraud,' and the pleading as a whole must satisfy the particularity requirement of Rule 9(b)." The court further explained that to "satisfy the heightened pleading requirements for fraud or fraud-based claims, the pleadings must allege 'the who, what, when, where, and how' of the alleged fraudulent conduct and 'set forth an explanation as to why [a] statement or omission complained of was false and misleading.'" The court then held that to "comply with Rule 9(b), Oracle must allege, with specificity, each incident of fraudulent conduct that comprises its CFAA claim" against the defendant. Because the claim was not pleaded with adequate specificity, the court dismissed it with leave to amend.
2012 WL 6019580, at *6.
Id. (quoting Kearns v. Ford Motor Co., 567 F.3d 1120, 1125 (9th Cir. 2009) (internal quotations and citations omitted)).
Id. (quoting Kearns, 567 F.3d at 1125 (internal quotations and citations omitted)).
Id. at *7 (quoting Cooper v. Pickett, 137 F.3d 616, 627 (9th Cir. 1997) and In re GlenFed, Inc. Sec. Litig., 42 F.3d 1541, 1548 (9th Cir. 1994) (en banc) (internal citations omitted)).
Id.
See id.
Oracle responds that the "Service Key opinion contradicts the balance of authority in this district and other jurisdictions, which holds that Rule 9(b) does not apply to CFAA claims." This is so because fraud is not a necessary element of CFAA claims. Oracle's allegations here are also substantively different from those in Service Key.
Docket No. 30 at 5. See, e.g., Facebook, Inc. v. MaxBounty, Inc., 274 F.R.D. 279, 284 (N.D. Cal. 2011) (holding Rule 9(b) does not apply to CFAA claims brought under CFAA Section 1030(a)(4)); eBay, Inc. v. Digital Point Solutions, Inc., 608 F. Supp. 2d 1156, 1164 (N.D. Cal. 2009) (Rule 9(b) does not apply to CFAA claim because fraud "under the CFAA only requires a showing of unlawful access; there is no need to plead the elements of common law fraud to state a claim"); Sprint Nextel Corp. v. Simple Cell, Inc., Case No.: 13-cv-617-CCB, 2013 WL 3776933, at *6 (D. Md. July 17, 2013) (rejecting defendants' argument that Rule 9(b) should apply to the intent to defraud and furthering the intended fraud elements of a CFAA claim: the "balance of authority" appears "to support the view that Rule 9(b) does not apply to § 1030(a)(4)"); Gridiron Mgmt. Grp. LLC v. Wranglers, Case No. 8:12-cv-3128, 2012 WL 5187839, at *10 n.7 (D. Neb. Oct. 18, 2012) (holding that Rule 9(b) does not apply to CFAA claims brought under section 1030(g)); Sealord Holdings, Inc. v. Radler, Case No.: 11-cv-6125, 2012 WL 707075, at *6-7 (E.D. Pa. Mar. 6, 2012) (holding that a plaintiff "need only aver the intent to defraud generally" and "satisfy the notice-pleading requirements of Rule 8(a)(2)" to maintain a CFAA claim under subsection 1030(a)(4)); SFK USA, Inc. v. Bjerkness, 636 F. Supp. 2d 696, 719 n.13 (N.D. Ill. 2009) ("The heightened pleading standards of Rule 9(b) do not apply to the Computer Fraud and Abuse Act."); Dental Health Prods., Inc. v. Ringo, Case No.: 08-cv-1039, 2009 WL 1076883, at *8 (E.D. Wis. Apr. 20, 2009) (holding that Rule 9(b) does not apply to a CFAA claim brought under section 1030(a)(4)).
As an initial matter, the court must note that Service Key acknowledged and distinguished the key precedent cited by Oracle. In eBay Inc. v. Digital Point Solutions, Inc. the court declined to apply Rule 9(b) to the plaintiff's claim under Section 1030(a)(4), reasoning that fraud "under the CFAA only requires a showing of unlawful access" and therefore "there is no need to plead the elements of common law fraud to state a claim under the Act." Service Key noted that eBay relied on Hanger Prosthetics & Orthotics, Inc. v. Capstone Orthopedic, Inc., which itself noted that the "term 'defraud' for purposes of § 1030(a)(4) simply means wrongdoing and does not require proof of common law fraud." Nonetheless, because "the motions at issue in Hanger Prosthetics were the defendant's summary judgment motions; the [eBay] court did not address the issue of whether claims under the CFAA must meet the heightened pleading requirements of Rule 9(b). Moreover, the eBay court failed to take into account the Ninth Circuit's decision in Kearns, which, as discussed, holds that Rule 9(b) applies not only to fraud claims, but also to claims that are "grounded in fraud" or "sound in fraud" because they rely entirely on a uniform course of fraudulent conduct.
608 F. Supp. 2d 1156, 1164 (N.D. Cal. 2009).
556 F. Supp. 2d 1122 (E.D. Cal. 2008) ("Hanger Prosthetics").
eBay, 608 F. Supp. 2d at 1164 (quoting Hanger Prosthetics, 556 F. Supp. at 1131).
Service Key, 2012 WL 6019580, at *7; see also Samet v. Procter & Gamble Co., Case No.: 5:12-cv-01891-PSG, 2013 WL 6491143, at *3 (N.D. Cal. Dec. 10, 2013). To assess the fraudulent nature of the conduct at issue, a plaintiff must consider the traditional elements of fraud under California law. See Vess, 317 F.3d at 1105-06. "The elements of a cause of action for fraud in California are: '(a) misrepresentation (false representation, concealment, or nondisclosure); (b) knowledge of falsity (or 'scienter'); (c) intent to defraud, i.e., to induce reliance; (d) justifiable reliance; and (e) resulting damage.'" See Kearns, 567 F.3d at 1126 (quoting Engalla v. Permanente Med. Group, Inc., 15 Cal. 4th 951, 974 (Cal. 1997)). If these elements are present in the allegations, the conduct may properly be construed as "sounding in fraud," even if the word "fraud" does not appear. See Kearns, 567 F.3d at 1126; see also In re Actimmune Mktg. Litig., Case No.: 3:08-cv-02376-MHP, 2009 WL 3740648, at *6 (N.D. Cal. Nov. 6, 2009).
Even accepting Service Key as persuasive authority, the court does not conclude that Rule 9(b) applies to Oracle's CFAA allegations in this case. The reason is that Oracle's allegations here cannot be said to rely entirely on a course of conduct that is fraudulent under California law. Although Oracle alleges that Defendants "knowingly and with the intent to defraud Oracle" improperly used its customers login credentials to access Oracle's computers without authorization, the nub of Oracle's complaint in this case is that Defendants duped at least one Oracle customer into purchasing its unauthorized service update by misrepresenting the customer's right to updates without a support contract with Oracle. It therefore was not Oracle, but Oracle's customers, that relied on the alleged misrepresentation. Because the disputed conduct involves third-party reliance and not the first-party reliance required to recover for an economic injury from fraud under California law, even if Rule 9(b) might apply to other CFAA claims, it does not apply here.
See Docket No. 1 at ¶ 60; see also Docket No. 1 at ¶ 5.
See City & Cnty. of San Francisco v. Philip Morris, Inc., 957 F. Supp. 1130, 1142 (N.D. Cal. 1997) ("Where plaintiffs' fraud and misrepresentation claims fail is in pleading intent to defraud and justifiable reliance. To state a cause of action for fraud based on misrepresentation, a plaintiff must plead that he or she actually relied on the misrepresentation.") (citing Mirkin v. Wasserman, 5 Cal. 4th 1082, 1088 (1993)).
With that issue resolved, the court turns to the next issue: do the CFAA claims as pleaded meet even the lower pleading standards of Rule 8? Unsurprisingly the parties have different takes. The court begins by examining Oracle's claim pursuant to Section 1030(a)(6).
18 U.S.C. 1030(a)(6) provides that whoever:
(6) knowingly and with intent to defraud traffics (as defined in section 1029) in any password or similar information through which a computer may be accessed without authorization, if—
(A) such trafficking affects interstate or foreign commerce; or
(B) such computer is used by or for the Government of the United States . . . shall be punished as provided in subsection (c) of this section.
Defendants argue that because Oracle has failed to provide any evidence supporting its trafficking allegation it cannot meet even Rule 8(a). In particular, the complaint does not allege that Defendants ever transferred any password or access credential to another as required by the statute. All that Oracle's allegation states is that Defendants "obtained a working MOS credential from its own customer, and used it to access MOS and download Solaris updates on the customer's behalf." Such a scenario does not support a CFAA Section 1030(a)(6) claim and should be dismissed.
Docket No. 18 at 11.
Oracle responds that through its "allegations about Defendants' symbiotic working relationship and common plan to provide illegal third-party support using Oracle's intellectual property, Oracle has alleged that Defendants exchanged passwords - i.e., transferred them to one another - as part of that process." Oracle obliquely cites Verigy US, Inc. v. Mayder for the proposition that by "participation in a civil conspiracy, a co-conspirator effectively adopts as his or her own the torts of other co-conspirators within the ambit of the conspiracy. In this way, the co-conspirator incurs tort liability equal with the immediate tortfeasors.'
Docket No. 30 at 13 (citing Docket No. 1 ¶¶ 1, 13).
Case No.: 5:07-cv-04330-RMW, 2008 WL 4820755, at *6 (N.D. Cal. Nov. 4, 2008).
Defendants' reply takes issue with the suggestion in Oracle's opposition that "its Complaint should be read to allege that TERiX transferred access credentials to Maintech" (or perhaps vice-versa), "thus meeting its formal pleading needs." "What Oracle actually alleges is that 'Defendants' (TERiX and Maintech) collectively 'persuaded a customer to provide Defendants with the customer's MOS access credentials." More plainly, "Oracle alleges that each Defendant received the access credentials from their joint customer." In Defendants' view, Defendants may not be held liable for merely trafficking by receiving credentials alone.
Docket No. 34 at 14.
Id. (quoting Docket No. 1 at ¶ 39).
Id.
On this score, the court agrees with Defendants. Even if a conspiracy case were properly considered when assessing a Section 1030(a)(6) claim, Verigy at least involved accused co-conspirators. Here, Oracle has carefully avoided any such accusation, choosing instead to characterize Defendants relationship as one of mere symbiosis. A case from the Eastern District of Virginia is far more instructive. In State Analysis, Inc. v. Am. Fin. Servs. Assoc., the court found that a plaintiff failed to state a claim under Section 1030(a)(6) where the complaint only alleged that the defendant received passwords from a former client and used them without authorization, because that conduct did not amount to a transfer necessary to meet the definition of "trafficking" under the CFAA. Oracle has not alleged that Defendants transferred or otherwise disposed of its customer's login credentials. Instead, Defendants are alleged only to have received the login credentials from their customer and used the credentials themselves. Especially in view of the bias towards lenity required of statutes like the CFAA, Oracle has not sufficiently pleaded its trafficking claim and dismissal is warranted.
621 F. Supp. 2d 309, 317 (E.D. Va. 2009) ("18 U.S.C. § 1029 defines 'traffic' as 'transfer, or otherwise dispose of, to another, or obtain control of with intent to transfer or dispose of.' The Complaint does not allege that" once co-defendant "transferred, or otherwise disposed of," another co-defendant's passwords; rather, it alleges that the co-defendant received them from the other co-defendant "and used them without authorization. Such conduct does not constitute 'trafficking' under § 1029.").
See United States v. Carr, 513 F.3d 1164, 1168 (9th Cir. 2008) (quoting Rewis v. United States, 401 U.S. 808, 812 (1971) ("It is well established that 'ambiguity concerning the ambit of criminal statutes should be resolved in favor of lenity.'").
3. Subsections 1030(a)(2) and (a)(4)
The court turns next to Oracle's remaining CFAA claims. 18 U.S.C. § 1030(a)(2) provides that whoever:
(2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains—
(A) information contained in a financial record of a financial institution, or of a card issuer as defined in section 1602(n) of title 15, or contained in a file of a consumer reporting agency on a consumer, as such terms are defined in the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.);. . . shall be punished as provided in subsection (c) of this section.
(B) information from any department or agency of the United States; or
(C) information from any protected computer;
18 U.S.C. 1030(a)(4) provides that whoever:
(4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period;
. . . shall be punished as provided in subsection (c) of this section.
The sufficiency of Oracle's claims under sections 1030(a)(2) and (a)(4) rests on the Ninth Circuit's 2012 en banc decision in United States v. Nosal. In Nosal the court held that "the plain language of the CFAA 'target[s] the unauthorized procurement or alteration of information, not its misuse or misappropriation.'" Both sides agree that under Nosal the CFAA requires Oracle to allege that Defendants accessed its support websites "without authorization" or "exceeded" their "authorized access." But that is about all the parties agree on regarding Nosal.
Nosal, 676 F.3d at 863 (quoting Shamrock Foods Co. v. Gast, 535 F. Supp. 2d 962, 965 (D. Ariz. 2008) (internal quotation marks omitted)).
Docket No. 18 at 9.
Defendants argue that Oracle's pleadings shows that Defendants are "alleged only to have accessed MOS" using their "own customer's working MOS access" credentials. The proper question therefore is whether Oracle alleged improper use of its customer's login credentials falls within the bucket of dilatory everyday activities that the Ninth Circuit sought to avoid by rejecting a broad reading of "exceeds authorized access" in the CFAA. Defendants interpret Nosal to hold "that the phrase 'exceeds authorized access,' wherever it is used in the CFAA 'does not extend to violations of use restrictions.'" As explained in Service Key, "using legitimate access credentials to access websites and then distributing information obtained from such access to third parties who have no right to receive such information—is precisely the type of conduct that Nosal held was beyond the scope" of the CFAA.
Id. at 10.
Docket No. 23 (quoting Nosal, 676 F.3d at 863 (holding "that the phrase 'exceeds authorized access' in the CFAA does not extend to violations of use restrictions" and noting that if "Congress wants to incorporate misappropriation liability into the CFAA, it must speak" more clearly)).
2012 WL 6019580, at *5.
Oracle responds that Defendants overreach by suggesting that unauthorized access of Oracle's site using a third party's "working" credentials is "not actionable under the CFAA." In Nosal, the employees who obtained information from Nosal's former employer and gave it to Nosal "had permission to access the company database and obtain the information contained within." Here - Oracle continues - "Defendants were neither Oracle partners nor licensed Oracle customers."
Id.
Docket No. 30 at 11; see Docket No. 1 at ¶¶ 4, 38.
At least to the extent that it challenges access by Defendants themselves, Oracle is correct that the posture in this case is different from both Nosal and Service Key. In Nosal and Service Key, the accused parties were accessing systems they were authorized to access. Here, Maintech and TeRIX are alleged to have no access rights whatsoever and yet proceeded to login to Oracle's secure support website anyway. While Defendants are right to the extent they challenge Oracle's allegations regarding access by customers who had rights, however limited in scope, the same cannot be said of the allegations of access by Maintech and TeRIX themselves. Dismissal of the claims pursuant to Sections 1030(a)(2) and (a)(4) is not warranted.
B. Breach of Contract
Defendants next challenge Oracle's claim that Defendants violated Oracle's "Terms of Use" on Oracle's website by sharing MOS with unauthorized third parties. Defendants believe dismissal is warranted because Oracle's only factual allegation is that Defendants downloaded Solaris on behalf of their customer, whom they believe does not constitute an unauthorized third party. Defendants also dispute that they ever assented to the terms of use merely by browsing Oracle's website.
Oracle responds that the unauthorized third parties are "Oracle's hardware customers and former support customers that allowed their Oracle support contracts to elapse and thereby lost their entitlement to Solaris Updates and their authorization to log into MOS and Oracle.com."
Docket No. 30 at 15.
Although the court cannot say whether Oracle's breach of contract claim will be successful, Oracle has sufficiently pleaded its claim. At paragraph 34 of its complaint, Oracle alleges that in "the course of providing support to at least one of their customers, Defendants accessed MOS and agreed to the MOS and Oracle.com Terms of Use." Accepting Oracle's allegations as true, any third party who allowed their support contract to lapse clearly was not authorized to access MOS under the website's terms of use. As for Defendants' assent to the terms of use, Defendants themselves acknowledge the enforceability of website terms of use has long been litigated and courts have long accepted allegations of assent at the pleading stage where, as here, the complaint specifically alleges that the user must affirmatively indicate assent to terms of which he has notice in order to gain access to the site.
Docket No. 1 at ¶ 34.
See Molnar v. 1-800-Flowers.com, Inc., Case No.: 08-cv-0542-CAS-JCX, 2008 WL 4772125, at *7 (C.D. Cal. Sept. 29, 2008) (noting that courts "have held that a party's use of a website may be sufficient to give rise to an inference of assent to the Terms of Use contained therein (so called "browsewrap contracts")); see, e.g., Ticketmaster L.L.C. v. RMB, 507 F. Supp. 2d 1096, 1107 (C.D. Cal. 2007) ("Having determined that Plaintiff is highly likely to succeed in showing that Defendants viewed and navigated through ticketmaster.com, the Court further concludes that Plaintiff is highly likely to succeed in showing that Defendant received notice of the Terms of Use and assented to them by actually using the website."); Pollstar v. Gigmania, Ltd., 170 F. Supp. 2d 974, 981-82 (E.D. Cal. 2000) (finding dismissal of breach of contract claim inappropriate, even though visitors to plaintiff's website were presumably "not aware that the license agreement is linked to the homepage" and "the user is not immediately confronted with the notice of the license agreement"); cf. Be In, Inc. v. Google Inc., Case No.: 5: 12-cv-03373-LHK, 2013 WL 5568706, at *9 (N.D. Cal. Oct. 9, 2013) ("Although courts do enforce browsewrap agreements, Be In points to no case in which a court has enforced such an agreement without some showing of notice to the user.").
Dismissal of the breach of contract claim is not warranted.
C. Copyright Infringement
Oracle alleges Defendants infringed its copyright to the Solaris operating system. To "establish infringement, two elements must be proven: (1) ownership of a valid copyright, and (2) copying of constituent elements of the work that are original." 17 U.S.C. § 411(a) provides that "no civil action for infringement of the copyright in any United States work shall be instituted until preregistration or registration of the copyright claim has been made in accordance with this title." At issue in this case are the "software patches, updates and bug fixes" that modify versions 8 and 10 of the Solaris operating system.
Rice v. Fox Broad. Co., 330 F.3d 1170, 1174 (9th Cir. 2003) (quoting Feist Publ'ns, Inc. v. Rural Tel. Serv. Co., 499 U.S. 340, 361 (1991)).
Docket No. 1 at ¶ 1.
Defendants argue that through its opposition to a motion to dismiss in Service Key, "Oracle has conceded" that these software updates are derivative works within the meaning of Section 101 of the Copyright Act. New content within a derivative work is not protected by the original copyright registration and a copyright owner may only sue for infringement of material covered by the original registration of the underlying work. Although Oracle has alleged Defendants infringed two copyrights from 2000 on Solaris 8 and one copyright form 2005 on Solaris 10, it claims infringement based only on Defendants' providing or facilitating the provision of unauthorized Solaris updates. Because the Solaris updates are not the copyrighted works, but derivative works based on the underlying Solaris operating systems, Oracle may not bring an infringement suit on new code within the Solaris updates. Moreover, because Defendants' customers possessed underlying license for the underling Solaris operating system that is properly copyrighted, Oracle's claim for copyright infringement cannot survive.
See Docket No. 23 at 8 (citing Docket No. 20-1 at 6-7).
Oracle counters by citing Russell v. Price, in apparent agreement with Defendants that "unauthorized copying or other infringing use of the underlying work or any part of that work contained in the derivative product" is unlawful "so long as the underlying work itself remains copyrighted." Because both parties agree that the only material properly considered in this litigation is the content shared between the registered and derivative works, Oracle's infringement claim turns on whether Defendants have infringed the shared content. Oracle points out that because Defendants' license defense is an affirmative one that is not apparent from the face of the complaint, dismissal of Oracle's copyright is not warranted. Defendants further are not Oracle's customers and therefore are not entitled to benefit from the terms of the license agreement.
Id. at 1128; see also 2 Melvile B. Nimmer & David Nimmer, Nimmer on Copyright, § 7.16[B][5][b] (2013 ed.) ("Given that a derivative work by definition consists of matter that would be infringing if it had been derived from the pre-existing work without the copyright proprietor's consent, it follows analytically that the owner of a registered underlying work, in that capacity alone, should be able to maintain such a suit. So long as the infringement relates to material common to both the underlying and derivative work, the copyright owner can simply allege violation of the former.").
Rex v. Chase Home Fin. LLC, 905 F. Supp. 2d 1111, 1123 (C.D. Cal. 2012) (A "motion to dismiss may be granted based upon an affirmative defense where the complaint's allegations, with all inferences drawn in Plaintiff's favor, nonetheless show that the affirmative defense "is apparent on the face of the complaint." (citing Von Saher v. Norton Simon Museum of Art at Pasadena, 592 F.3d 954, 969 (9th Cir. 2010)).
The court agrees that Oracle may bring suit based upon the underlying copyrighted works, but will be limited to an infringement action over "material common to both the underlying and derivative work." When "a plaintiff registers one work, creates a derivative of that work, and then claims that a third work created by another person infringes on the derivative, the requirement of registration as a prerequisite to suit may not be satisfied." "In such a situation, an infringement action will succeed only if the third work copied from the unregistered derivative elements that were also present in the registered original. In such a case, the plaintiff effectively brings a claim for infringement of the original." Because the dispute over whether Defendants are entitled to rely on such a license in this case is not apparent on the fact of the complaint, Defendants' license defense does not warrant dismissal of Oracle's copyright claim.
See supra note 54.
Carmichael Lodge No. 2103 v. Leonard, Case No.: S-07-cv-2665-LKK-GG, 2009 WL 2985476, at *6 (E.D. Cal. Sept. 16, 2009).
Id.
D. False Advertising Under the Lanham Act
Oracle also seeks relief for false advertising pursuant to Section 1125(a)(1)(B) of the Lanham Act. 15 U.S.C. § 1125(a)(1)(B) provides:
(1) Any person who, on or in connection with any goods or services, or any container for goods, uses in commerce any word, term, name, symbol, or device, or any combination thereof, or any false designation of origin, false or misleading description of fact, or false or misleading representation of fact, which--
(B) in commercial advertising or promotion, misrepresents the nature, characteristics, qualities, or geographic origin of his or her or another person's goods, services, or commercial activities, shall be liable in a civil action by any person who believes that he or she is or is likely to be damaged by such act.
According to Oracle, "Defendants falsely represented on their public websites and to actual and potential customers that Defendants could provide legal copies of Solaris Updates for their Oracle computer products if those customers or potential customers canceled their support contracts with Oracle. Defendants also falsely represented on their public websites and to actual and potential customers that the customers could legally obtain Solaris Updates for their Oracle computer products without a support agreement with Oracle. For example, the statements on Defendants' websites about their ability to provide 'patch management' for Solaris as part of operating system support, and their statements that they can provide operating system support as an agent of the customer's under a claimed 'right to use' that is actually beyond the scope of any rights the customer has, are misrepresentations."
Docket No. 1 at ¶ 68.
"In order to make out a false advertising claim under § 1125(a)(1)(B), Plaintiff must prove the following five basic elements: (1) in its . . . advertisements, defendant made false statements of fact about its product or the product of another; (2) those advertisements actually deceived or have the tendency to deceive a substantial segment of their audience; (3) the deception is material, in that it is likely to influence the purchasing decision; (4) defendant caused its falsely advertised goods to enter interstate commerce; and (5) plaintiff has been or is likely to be injured as the result of the foregoing either by direct diversion of sales from itself to defendant, or by lessening of the good will which its products enjoy with the buying public."
Summit Tech., Inc. v. High-Line Med. Instruments, Co., 933 F. Supp. 918, 929 (C.D. Cal. 1996) (citing Cook, Perkiss & Liehe v. Northern California Collection Service, Inc., 911 F.2d 242, 244 (9th Cir. 1990).
Maintech argues that "Oracle is attempting to impose liability on Maintech for statements which, on their face, are opinions regarding legal rights to engage in future conduct which have not yet been adjudicated by this or any tribunal. This is simply not actionable false advertising" under the Lanham Act. In place of the false statements required by the statute, "Oracle twists generic references to UNIX platforms, patch management and software distribution into purportedly 'false' claims" concerning Oracle's intellectual property that are neither supported by language quoted from Defendants' websites supported nor do they make specific reference to Oracle, Solaris or Solaris Updates." At bottom, there "is simply no false advertising to which Oracle can point."
Docket No. 23 at 18.
Id. at 19.
Id.
Oracle counters by claiming that Maintech's website statements are deceptive even if they are not literally false. What's more - the Lanham Act does not require that actionable statements be false on their face, but a statement that "was literally true but likely to mislead or confuse" consumers is enough under the Act. Equally flawed is Maintech's argument that "Oracle must first litigate its infringement and computer fraud claims to conclusion - turning the 'opinion' of illegality into a 'fact' -before it can bring a related Lanham Act claim." Oracle points out that while the Ninth Circuit has yet to weigh in specifically as to whether Rule 9(b) applies to Lanham Act claims - and district courts in California have split on the issue. Oracle argues it meets either standard. "Oracle has identified, and quoted, specific statements," by Maintech, located on Maintech's public website, and explained in detail why the implication that Maintech can legitimately provide its Oracle/Sun services is misleading. As a final point, Oracle claims that Defendants, as co-conspirators are liable for each other's false statements under the Lanham Act.
Southland Sod Farms v. Stover Seed Co., 108 F.3d 1134, 1139 (9th Cir. 1997) (citing Castrol Inc. v. Pennzoil Co., 987 F.2d 939, 943, 946 (3d Cir. 1993)) ("To demonstrate falsity within the meaning of the Lanham Act, a plaintiff may show that the statement was literally false, either on its face or by necessary implication, or that the statement was literally true but likely to mislead or confuse consumers.").
Docket No. 31 at 17.
Cf. Autodesk, Inc. v. Dassault Systemes SolidWorks Corp., Case No.: 3:08-cv-04397-WHA 2008 WL 6742224, at *4 (N.D. Cal. Dec. 18, 2008) (declining to apply Rule 9(b)'s heightened pleading standard to a false advertising claim under the Lanham Act); Architectural Mailboxes, LLC v. Epoch Design, LLC, Case No.: 10-cv-974-DMS-CAB, 2011 WL 1630809, at *5 (S.D. Cal. Apr. 28, 2011) ("The Ninth Circuit has yet to decide whether Federal Rule of Civil Procedure 9(b) applies to false advertising claims under the Lanham Act. However, it has applied Rule 9(b) to other types of false advertising claims. District courts have, in turn, extended that rule to false advertising claims under the Lanham Act.") (internal citations omitted).
Docket No. 31 at 19 (citing Docket No. 1 at ¶¶ 5-6, 37-38, 68-74).
In the absence of binding precedent supporting such an extension, the court does not see a reason to first require Oracle to litigate its underlying causes-of-action before bringing a Lanham Act false advertising claim. Nor does the court see any reason to apply Rule 9(b) to this claim. While the court respects that other district courts in the Ninth Circut have concluded otherwise, as Defendants acknowledge, the Ninth Circuit itself has never held as such. In sum, dismissal of Oracle's Lanham Act claim is not warranted.
E. Intentional Interference with Prospective Economic Relations
Oracle also seeks relief for intentional interference with prospective economic relations. "To prove a claim of tortious interference with prospective economic advantage in California, a plaintiff must set forth the following elements: '(1) an economic relationship between the plaintiff and some third party, with the probability of future economic benefit to the plaintiff; (2) the defendant's knowledge of the relationship; (3) intentional acts on the part of the defendant designed to disrupt the relationship; (4) actual disruption of the relationship; and (5) economic harm to the plaintiff proximately caused by the acts of the defendant.'" In Delia Penna v. Toyota Motor Sales the California Supreme Court explained that a plaintiff must plead that "the defendant not only knowingly interfered with the plaintiff's expectancy, but engaged in conduct that was wrongful by some legal measure other than the fact of interference itself."
City of San Jose v. Office of Comm'r of Baseball, Case No.: 5:13-cv-02787-RMW, at *14 2013 WL 5609346 (N.D. Cal. Oct. 11, 2013) (quoting Korea Supply Co. v. Lockheed Martin Corp., 29 Cal. 4th 1134, 1153 (2003)).
625 3rd St. Associates, L.P. v. Alliant Credit Union, 633 F. Supp. 2d 1040, 1049 (N.D. Cal. 2009) (quoting Della Penna v. Toyota Motor Sales, 11 Cal. 4th 376, 393 (1995)).
Defendants contend that: (1) Oracle has not alleged an economic relationship between the plaintiff and some third party, with the probability of future economic benefit to the plaintiff, (2) that amending the complaint will be difficult because Rule 9(b) should apply to this claim, and (3) that Oracle has not pleaded an adequate legal theory that Defendants "engaged in conduct that was wrongful by some legal measure other than the fact of interference itself."
Id.
Oracle responds that it has plainly alleged an existing relationship with Oracle hardware customers who had "previously purchased support on that hardware" from Oracle, "sought ongoing support for that Oracle hardware" - including Solaris Updates - and "because only Oracle can legally provide those updates, Oracle would have gotten that support business" but for Defendants' actions. As to Rule 9(b), Oracle argues that because the entire complaint does not sound in fraud, no extension of Kearns is warranted as to this claim. Finally, if the court finds that any of Oracle's independent causes-of-action survive Defendants' motions to dismiss then Oracle will have adequately pleaded a legal theory that Defendants engaged in wrongful conduct independent of the interference itself.
Docket No. 31 at 23 (citing Docket No. 1 at ¶ 40, 42).
The court agrees with Oracle that it has pleaded a reasonable expectation of future economic benefit from the pool of Oracle hardware owners who had previously purchased Oracle support. Oracle also is right that Rule 9(b) does not apply here. While Rule 9(b) might apply to an interference claim presented entirely on conduct fraudulent conduct or conduct sounding in fraud, Oracle's interference claim relies on several instances of misconduct, including its violations of the CFAA and its unfair competition that do neither. Put another way, Oracle does not "allege a unified course of fraudulent conduct and rely entirely on that court of conduct as the basis of" its interference claims, which is the standard for whether a claim sounds in fraud.
Docket No. 1 at ¶ 82; see, e.g., WMCV Phase 3, LLC v. Shushok & McCoy, Inc., 750 F. Supp. 2d 1180, 1193 (D. Nev. 2010) (rejecting the defendants' argument that Rule 9(b) should apply to claims including intentional interference with contractual relations: although "Plaintiff uses the word 'fraud' often" in its complaint "these claims are not all grounded in fraud." Plaintiff "has alleged fraud as one theory, but it has pled other theories, as well, and neither the Complaint as a whole nor the other separate causes of action therein necessarily rely on a theory of fraud, except the RICO claim.").
Kearns, 567 F.3d at 1125.
Because at least some of Oracle's independent causes of action have survived Defendants' Rule 12(b)(6) motions, Oracle has adequately pleaded a legal theory that Defendants engaged in wrongful conduct independent of the interference itself. Dismissal of Oracle's intentional interference with prospective economic relations claim is not warranted.
F. Unfair Competition - Cal. Bus. & Prof. Code § 17200
"To bring a UCL claim, a plaintiff must show either an (1) "unlawful, unfair, or fraudulent business act or practice," or (2) "unfair, deceptive, untrue or misleading advertising." "The 'unlawful' prong of Section 17200 prohibits 'any practices forbidden by law, be it civil criminal, federal, state, or municipal, statutory, regulatory, or court-made.'" Defendants seek dismissal of Oracle's UCL claims solely because Oracle's underlying legal theories within its complaint fall short. But, as discussed above, because several of Oracle's claims survive Defendants' Rule 12(b)(6) motions, dismissal of Oracle's UCL claim is not warranted on these grounds.
Lippitt v. Raymond James Fin. Servs., Inc., 340 F.3d 1033, 1043 (9th Cir. 2003) (quoting Cal. Bus. & Prof. Code § 17200)
Makreas v. First Nat. Bank of N. California, 856 F. Supp. 2d 1097, 1102 (N.D. Cal. 2012) (quoting Saunders v. Superior Court, 27 Cal. App. 4th 832, 838-39 (1994)) (internal quotations omitted); see also Nat'l Rural Telecomms. Coop. v. DIRECTV, Inc., 319 F. Supp. 2d 1059, 1074-75 (C.D. Cal. 2003) (holding that a violation of common law can support a Section 17200 claim, provided that the conduct also is unlawful, unfair, or fraudulent).
Because the court is not convinced that amendment would be futile, the court grants Oracle leave to amend its complaint. Any amended complaint must be filed within fourteen days of this order.
IT IS SO ORDERED.
___________________
PAUL S. GREWAL
United States Magistrate Judge