Opinion
Civil Action 3:22-CV-0147-B
07-26-2022
PHILIPS NORTH AMERICA LLC, Plaintiff, v. IMAGE TECHNOLOGY CONSULTING LLC, and MARSHALL R. SHANNON, Defendants.
MEMORANDUM OPINION AND ORDER
JANE J. BOYLE UNITED STATES DISTRICT JUDGE
Before the Court is Defendants Image Technology Consulting, LLC (Image Technology) and Marshall R. Shannon (Shannon) (collectively, the Defendants)'s Motion to Dismiss (Doc. 19). For the following reasons, the Court GRANTS IN PART and DENIES IN PART Defendants' Motion.
I.
The Court draws the following factual account from Philips's Complaint (Doc. 1).
This is a trade secrets case. Philips North America LLC (Philips) “develops, sells, supports, maintains, and services medical imaging systems . . . used at hospitals and medical centers, including the proprietary hardware, software, and documentation for such systems.” Doc. 1, Compl., ¶ 1. Philips controls access to its systems through copyright-protected proprietary software. Id. ¶¶ 2-3. Users must pay a license fee to access additional system features. Id. ¶ 20. “The systems include, but are not limited to, imaging devices such as CT and PET scanners, x-ray machines, ultrasound machines, MR scanners, and nuclear medicine scanners.” Id. ¶ 19. To support and service these machines, “Philips has developed extensive proprietary information, documentation, and software” known as Customer Service Intellectual Property (CSIP). Id. ¶ 22. Individuals contract with Philips for a particular CSIP Level. Id. ¶ 25. “CSIP Level 0 materials are available to [anyone] in the United States who request[s] access to such materials.” Id. CSIP Level 1 materials are “available only to Philips' employees and customers with a valid contract and subject to non-disclosure agreements.” Id. CSIP Level 2 is available “for certain Philips' employees and specific trade partners under contract.” Id. And CSIP Level 3 is reserved for specific Philips employees. Id. Individuals with above Level 0 access must sign a confidentiality agreement that acknowledges “Philips'[s] substantial investment in Philips'[s] proprietary information.” Id. ¶ 27.
Philips controls access to CSIP materials in part through the Integrated Security Tool (IST). Id. ¶¶ 28-29. Philips “uses [the] 1ST to restrict access to . . . enhanced software tools, advanced servicing, diagnostics, and calibration software, or enabling and disabling licensable features on the Philips systems.” Id. ¶ 30. The IST “manage[s] user entitlements through . . . a user-specific IST certificate.” Id. ¶ 29. An IST certificate is “generally valid for 30 days and must be renewed.” Id. ¶ 31. “[A] customer who entered into a service contract that provides a license to access certain Philips service tools and includes confidentiality and non-disclosure terms may access certain service tools that are not available to a customer who has not entered into such a service contract.” Id. ¶ 32.
“Image Technology is a medical device equipment sale[s] and servicing company that sell[s] Philips' medical imaging devices”-specifically parts for and servicing of Philips MRI systems-and Shannon “is [its] director of operations.” Id. ¶¶ 4, 38-41. Philips granted Defendants CSIP Level 0 access to service Philips systems and never authorized a higher level of access. Id. ¶¶ 52-56.
However, while investigating a “third-party medical device repair company, 626 Holdings, LLC . . . and its principal, Alexander Kalish” (Kalish), Philips “discovered that . . . Kalish created an IST certificate generator software program to generate fake Philips IST certificates that impersonate Philips employees,” and that Kalish provided such information to Defendants. Id. ¶ 43. Defendants used these “fake and/or unauthorized IST certificates to hack Philips'[s] access control mechanisms on the Philips systems to gain unlicensed and unauthorized access to Philips systems . . ., including software to modify medical devices.” Id. ¶ 42. “Defendants also s[old] and/or provide[d] fake and/or unauthorized IST certificates to third parties.” Id.
In another investigation, “Philips learned that Defendants provided and/or sold one or more unauthorized certificates” to Alpha Biomedical and Diagnostic Corp. (Alpha). Id. ¶ 44. Defendants used fake Philips IST certificates when servicing Philips systems for Alpha, altering the settings to grant “above Level 0 access to Philips'[s] CSIP during its service and repair activities.” Id. ¶ 45. Defendants profit from this unauthorized access by advertising their ability to provide this access to customers. Id. ¶¶ 59-60.
Philips filed its Complaint on January 21, 2022, asserting claims under the Computer Fraud and Abuse Act (CFAA), Digital Millennium Copyright Act (DMCA), Defend Trade Secrets Act (DTSA), Texas Uniform Trade Secrets Act (TUTSA), and for unfair competition and fraud. See Doc. 1, Compl. ¶¶ 61-137. Defendants filed their motion to dismiss on May 4, 2022, arguing for dismissal under Federal Rules of Civil Procedure 12(b)(6), 9(b), 12(b)(7), and 12(e). Doc. 19, Mot. Dismiss. The motion is briefed and ripe for review. The Court considers it below.
II.
LEGAL STANDARDS
A. Rule 12(b)(6) Standard
Under Federal Rule of Civil Procedure 8(a)(2), a complaint must contain “a short and plain statement of the claim showing that the pleader is entitled to relief.” Fed.R.Civ.P. 8(a)(2). Rule 12(b)(6) authorizes a court to dismiss a plaintiff's complaint for “failure to state a claim upon which relief can be granted.” Fed.R.Civ.P. 12(b)(6). In considering a Rule 12(b)(6) motion to dismiss, “[t]he court accepts all well-pleaded facts as true, viewing them in the light most favorable to the plaintiff.” In re Katrina Canal Breaches Litig., 495 F.3d 191, 205 (5th Cir. 2007). But the court will “not look beyond the face of the pleadings to determine whether relief should be granted based on the alleged facts.” Spivey v. Robertson, 197 F.3d 772, 774 (5th Cir. 1999).
To survive a motion to dismiss, plaintiffs must plead “enough facts to state a claim to relief that is plausible on its face.” Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007). “Threadbare recitals of the elements of a cause of action, supported by mere conclusory statements, do not suffice.” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009). “A claim has facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Id. “The plausibility standard is not akin to a ‘probability requirement,' but it asks for more than a sheer possibility that a defendant has acted unlawfully.” Id. (quoting Twombly, 550 U.S. at 556). When well-pleaded facts fail to meet this standard, “the complaint has alleged-but it has not shown-that the pleader is entitled to relief.” Id. at 679 (quotation marks and alterations omitted).
B. Rule 9(b) Standard
A dismissal for failure to plead with particularity in accordance with Rule 9(b) is treated as a Rule 12(b)(6) dismissal for failure to state a claim. Lovelace v. Software Spectrum, Inc., 78 F.3d 1015, 1017 (5th Cir. 1996). Rule 9(b) provides, in pertinent part, that, “[i]n alleging fraud or mistake, a party must state with particularity the circumstances constituting fraud or mistake.” Fed.R.Civ.P. 9(b). When claims for fraud and negligent misrepresentation are based on the same set of alleged facts, Rule 9(b)'s heightened pleading standard applies. Lone Star Fund V (U.S.), L.P. v. Barclays Bank PLC, 594 F.3d 383, 387 n.3 (5th Cir. 2010) (citing Benchmark Elecs., Inc. v. J.M. Huber Corp., 343 F.3d 719, 724 (5th Cir. 2003), modified on other grounds, 355 F.3d 356 (5th Cir. 2003)); see Paul v. Aviva Life & Annuity Co., 2010 WL 5105925, at *8 (N.D. Tex. Dec. 14, 2010) (applying Rule 9(b) to fraud and negligent misrepresentation claims that arose out of the same set of facts but were contained in separate counts in the complaint). A fraud claim requires pleading with particularity the “‘who, what, when, where, and how' of the alleged fraud.” United States ex rel. Nunnally v. W. Calcasieu Cameron Hosp., 519 F. App'x. 890, 892 (5th Cir. 2013) (quoting United States ex rel. Thompson v. Columbia/HCA Healthcare Corp., 125 F.3d 899, 903 (5th Cir. 1997)).
C. Rule 12(b)(7) Standard
Federal Rule of Civil Procedure12(b)(7) authorizes the court to dismiss a case for failure to join an indispensable party. Resolution of a 12(b)(7) motion requires two steps. August v. Boyd Gaming Corp., 135 Fed.Appx. 731, 732 (5th Cir. 2005). “First a court must determine whether a party should be added under the requirements of Federal Rule of Civil Procedure 19(a).” Id. Under Rule 19(a), a person is a required party if (1) the person's absence will prevent the court from “accord[ing] complete relief among existing parties,” or (2) the person has an interest in the subject of the case, and disposing of it in the person's absence will either “impair or impede the person's ability to protect the interest,” or create a risk of multiple or inconsistent obligations for an existing party because of the interest. Fed.R.Civ.P. 19(a)(1)(A)-(B).
Second, if joining the indispensable party would divest the court of subject matter jurisdiction, a court “must determine whether, in equity and good conscience, the action should proceed among the existing parties or should be dismissed” under Rule 19(b). Four factors are relevant to this analysis: (1) “the extent to which a judgment rendered in the person's absence might prejudice that person or the existing parties”; (2) the degree to which “protective provisions in the judgment,” “shaping the relief,” or “other measures” might mitigate any prejudice; (3) “whether a judgment rendered in the person's absence would be adequate”; and (4) “whether the plaintiff would have an adequate remedy if the action were dismissed for nonjoinder.” Fed.R.Civ.P. 19(b).
“[C]ourts are reluctant to grant motions to dismiss of this type.” 5C Charles Alan Wright & Arthur R. Miller, Federal Practice & Procedure § 1359 (3d ed. 2004). A court deciding a Rule 12(b)(7) motion “must accept all factual allegations in the complaint as true and draw inferences in favor of the non-moving party.” Id. Furthermore, the party seeking dismissal “has the initial burden of demonstrating that a missing party is necessary.” Hood ex rel. Miss. v. City of Memphis, 570 F.3d 625, 628 (5th Cir. 2009). But once “an initial appraisal of the facts indicates that a possibly necessary party is absent, the burden of disputing this initial appraisal falls on the party who opposes joinder.” Id. (quoting Pulitzer-Polster v. Pulitzer, 784 F.2d 1305, 1309 (5th Cir. 2006)).
D. Rule 12(e) Standard
“A party may move for a more definite statement of a pleading to which a responsive pleading is allowed but which is so vague or ambiguous that the party cannot reasonably prepare a response.” Fed. R. Civ. P. 12(e). Rule 12(e) requires the movant to “point out the defects complained of and the details desired.” Fed.R.Civ.P. 12(e). Courts generally disfavor motions for a more definite statement because of the liberal notice pleading standard of Rule 8. Mitchell v. E-Z Way Towers, Inc., 269 F.2d 126, 132 (5th Cir. 1959). Thus, “Rule 12(e) should not be used . . . [to] requir[e] a plaintiff to amend his complaint which under Rule 8 is sufficient to withstand a motion to dismiss.” Id.
III.
ANALYSIS
Below, the Court considers Defendants' Motion to Dismiss. First, the Court addresses Defendants' argument that FDA regulations control Philips's claims. Finding they do not, the Court then addresses Defendants' arguments to dismiss each of Philips's claims under Rule 12(b)(6). Third, the Court addresses Defendants' Rule 12(b)(7) arguments that the Court must join Alpha and Kalish to this suit to afford complete relief to Philips. Fourth, the Court addresses Defendants' Rule 12(e) arguments for a more definite statement.
A. Whether the FDA Regulations Control Philips's Claims
The FDA has promulgated rules that regulate “the design, manufacture, packaging, labeling, storage, installation, and servicing of all finished devices intended for human use.” 21 C.F.R. § 820.1. The regulation regarding installation reads:
(a) Each manufacturer of a device requiring installation shall establish and maintain adequate installation and inspection instructions, and where appropriate test procedures. Instructions and procedures shall include directions for ensuring proper installation so that the device will perform as intended after installation. The manufacturer shall distribute the instructions and procedures with the device or otherwise make them available to the person(s) installing the device.
(b) The person installing the device shall ensure that the installation, inspection, and any required testing are performed in accordance with the manufacturer's
instructions and procedures and shall document the inspection and any test results to demonstrate proper installation.21 C.F.R. § 820.170.
Defendants contend that “proper jurisdiction resides with the FDA” for this case because 21 C.F.R. § 820.170 governs Philips's claims. Doc. 20, Defs.' Br., 3. According to Defendants, the FDA must determine “whether the alleged protected information falls within the scope of information that the FDA requires [Philips] to provide to Defendants”-as inspectors and testers of Philips equipment-through an order or opinion “interpretati[ng] . . . its regulations.” Id.; Doc. 23, Defs.' Reply, 2-3. Thus, Defendants reason, the Court should dismiss under Federal Rules of Civil Procedure 12(b)(1), 12(b)(6), or “abate this matter and refer it to the FDA for an administrative determination.” Doc. 20, Defs.' Br., 5 (citing 21 C.F.R. § 10.25(c)).
Philips responds that Defendants' argument is “based on a non-existent and unsupported interpretation of FDA regulations.” Doc. 22, Pl.'s Resp., 3. First, Philips argues that it does not “allege the Defendants are installers,” but alleges “Defendants' acquisition, sale, and use of fake and/or unauthorized IST certificates,” which does not require interpretation of FDA regulations. Id. at 4. Second, the FDA's regulation of certain information disclosures cannot foreclose Philips's intellectual property and unfair competition claims. Id. at 5-6 (citing Pom Wonderful LLC v. Coca Cola Co., 573 U.S. 102 (2014)). Third, 21 U.S.C. § 337(a) vests the FDA with sole authority to “enforce[e]” or “restrain violations” of the Food, Drug, and Cosmetic Act. Id. at 6 (quoting 21 U.S.C. § 337(a)).
The Court finds a similar case from the District of Puerto Rico persuasive on this issue. In Philips, the plaintiff sought relief under the CFAA, DMCA, DTSA, and Puerto Rico Trade Secret Protection Act, as well as a permanent injunction, for the unauthorized access to plaintiff's CSIP that services plaintiff's MRI systems. Philips Med. Sys. P.R., Inc. v. Alpha Biomedical & Diagnostic Corp., 2020 WL 475616, at *1 (Jan. 29, 2020). In its motion to dismiss, the defendant argued that § 820.170 barred the plaintiff's claims. Id. at *2. The court held that “[t]he regulation does not require a manufacturer to disclose information such as the one contained in Philips CSIP, and that Plaintiff is trying to protect” such as “the inner working of MRI systems.” Id.
The Court finds the exact same here. This case and Philips involve almost the exact same claims and same arguments at the motion-to-dismiss stage. Compare id. at *1-2, with supra Section I. Nothing about § 820.170 implies that Philips was required to provide the Defendants with the highest level of CSIP access to inspect or test the equipment. While the regulation requires Philips to provide installers with the necessary instructions and procedures to install, inspect, and test its equipment, this does not require Philips to provide unfettered access to the features and tools for Philips's systems. See 21 C.F.R. § 820.170 (“The manufacturer shall distribute the instructions and procedures with the device or otherwise make them available to the person(s) installing the device. The person installing the device shall ensure that the installation, inspection, and any required testing are performed in accordance with the manufacturer's instructions and procedures ....”). The regulation does not require Philips to give Defendants access to the proprietary information it seeks to protect in this action.
The Court DENIES Defendants' Motion to Dismiss on this argument and finds no reason to refer this matter to the FDA for an administrative determination.
B. Whether Philips Sufficiently Pleaded Each of Its Claims
Philips brings five separate claims-four under federal law and one under state law-against Defendants. The Court addresses each in turn.
1. Whether Philips Sufficiently Pleaded a Claim Under the CFAA
Philips alleges that Defendants violated 18 U.S.C. § 1030 (a)(2)(C) and (a)(4) of the CFAA. Doc. 1, Compl., ¶¶ 68, 70. Section 1030(a)(2)(C) subjects to criminal and civil liability anyone who “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains . . . information from any protected computer.” Thus, “[t]he statute . . . provides two ways of committing the crime of improperly accessing a protected computer: (1) obtaining access without authorization; and (2) obtaining access with authorization but then using that access improperly.” Musacchio v. United States, 577 U.S. 237, 240 (2016).
Subsection (g) of the CFAA provides a private cause of action when the loss incurred by any individual exceeds $5,000 during a one-year period. 18 U.S.C. § 1030(c)(4)(A)(i)(I), (g). Thus, to plead a violation of § 1030 (a)(2)(C), Philips must allege that Defendants “(1) intentionally accessed a computer, (2) without authorization or exceeding authorized access, and (3) the [D]efendants thereby obtained information, (4) from a ‘protected computer,' and (5) there was a loss of at least $5,000 to one or more persons.” Ray v. Lynass, 2021 WL 8443684, at *8 (W.D. Tex. Nov. 9, 2021). To plead a violation of § 1030 (a)(4), Philips must allege that Defendants “(1) accessed a ‘protected computer,' (2) without authorization or exceeding such authorization that was granted, (3) ‘knowingly' and with ‘intent to defraud,' (4) thereby furthering the intended fraud and obtaining anything of value, and (5) causing a loss to one or more persons during any one-year period aggregating at least $5,000 in value.” Id.
Defendants attack the second and fifth elements of both claims. Doc. 20, Defs.' Br., 6-8. Specifically, Philips fails to allege the unauthorized materials that Defendants accessed, such as the CSIP material or proprietary software and CSIP documentation, Defendants argue. Id. at 7. Defendants also contend that § 820.170 entitled them to receive instruction and procedures to install the Philips systems and Defendants are unable to ascertain whether this is the information that Philips alleges the Defendants “accessed using ‘unauthorized access methods.'” Id. at 7-8. Lastly, Philips fails to allege a “damage” besides a “business loss,” which is unrecoverable for a CFAA claim, according to Defendants. Id. at 8 (first citing HCC Ins. Holdings, Inc. v. Flowers, 237 F.Supp.3d 1341 (N.D.Ga. 2017); and then citing Nexans Wires S.A. v. Sark-USA, Inc., 319 F.Supp.2d 468 (S.D.N.Y. 2004)).
Philips responds that its Complaint sufficiently alleges that Defendants exceeded their granted access or exceeded the access rightfully conferred by the systems' owners “by using counterfeit, fake, and/or unauthorized IST certificates to ‘impersonate Philips employees,'” thereby gaining access to “valuable proprietary and trade secret system software.” Doc. 22, Pl.'s Resp., 8. Also, Defendants' reliance on § 820.170, was rejected by the Supreme Court in Van Buren v. United States, 141 S.Ct. 1648 (2021), according to Philips. Id. at 8-9. Philips further contends that its allegations that it lost over $5,000 investigating Defendants and that Defendants' unauthorized use of Philips's proprietary information benefitted Defendants by over $5,000 sufficiently pleaded a recoverable loss under the CFAA. Id. at 9-10 (citing Motio, Inc. v. BSP Software LLC, 2016 WL 9559916 (N.D. Tex. May 27, 2016)).
The Court agrees with Philips that it sufficiently pleaded its CFAA claim. Philips pleaded that Defendants accessed Philips systems through “fake Philips IST certificates . . . during . . . service and repair activities.” Doc. 1, Compl., ¶¶ 44-45. Though not listing the title of the documents or the exact data accessed by Defendants, Philips sufficiently alleges that the Defendants accessed intellectual property, restricted software, and Philips CSIP manuals and instructions, exceeding their access level in violation of the CFAA. See id. ¶¶ 42-43.
Further, § 820.170 does not grant Defendants access to unauthorized information. As discussed above, the regulation only requires Philips to provide “instructions and procedures” to installers. 21 C.F.R. § 820.170. Regardless of what files were accessed, “an individual ‘exceeds authorized access' when he accesses a computer with authorization but then obtains information located in particular areas of the computer-such as files, folders, or databases-that are off limits to him.” Van Buren, 141 S.Ct. at 1662. Here, Philips alleges Defendants accessed unauthorized files in Philips systems. So even if Defendants accessed copies of files that they were otherwise authorized to access, but in an unauthorized area of the Philips system, Defendants exceeded their authorized access. See id. The area of the computer accessed to retrieve the information-not the information obtained-is what matters in this analysis. See id.
Finally, Philips does not plead a “business loss” as Defendants contend. Under the CFAA, a loss is “any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.” 18 U.S.C. § 1030(e)(11). Philips alleges that “Defendants hold themselves out as authorized to perform maintenance and other services . . . and received payment for those services, using Philips's proprietary tools and software” in excess of $5,000 in a one-year period. Doc. 1, Compl., ¶ 69. This at least alleges a “lost revenue” by Philips. See 18 U.S.C. § 1030(e)(11). Philips also alleges that it spent over $5,000 in a one-year period investigating Defendants' conduct, a “cost incurred.” Id. ¶ 66. These allegations sufficiently state losses that fall within the definition of loss in the CFAA. See 18 U.S.C. § 1030(e)(11).
Having found Philips sufficiently pleaded the CFAA claim, the Court DENIES Defendants' motion to dismiss this claim.
2.Whether Philips Sufficiently Pleaded the DMCA Claim
Philips brings a DMCA claim pursuant to 17 U.S.C. § 1201(a)(1)(A), (a)(2), and 1202(a) and (b). Doc. 1, Compl., ¶¶ 79, 81, 84-85. Section 1201(a)(1) of the DMCA “is targeted at circumvention [and] does not apply to the use of copyrighted works after the technological measure has been circumvented.” MGE UPS Sys., Inc. v. GE Consumer & Indus., Inc., 622 F.3d 361, 366 (5th Cir. 2010). It states: “No person shall circumvent a technological measure that effectively controls access to a work protected under this title.” 17 U.S.C. § 1201(a)(1)(A). “[T]o ‘circumvent a technological measure' means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner.” Id. § 1201(a)(3)(A). “[A] technological measure ‘effectively controls access to a work' if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.” Id. § 1201(a)(3)(B).
Section 1202 “protects the ‘integrity of copyright management information.'” Energy Intel. Grp., Inc. v. Kayne Anderson Cap. Advisors, L.P., 948 F.3d 261, 276 (5th Cir. 2020). It states: “No person shall knowingly and with the intent to induce, enable, facilitate, or conceal infringement provide copyright management information that is false, or distribute or import for distribution copyright management information that is false.” 17 U.S.C. § 1202(a). “No person shall, without the authority of the copyright owner or the law intentionally remove or alter any copyright management information, [or] distribute or import for distribution copyright management information knowing that the copyright management information has been removed or altered without authority of the copyright owner or the law.” Id. § 1202(b) (1-2).
Defendants contend that Philips “fails to identify which ‘technological measure' or ‘access control' w[as] allegedly breached by ‘unauthorized methods' of access.” Doc. 20, Defs.' Br., 9. Additionally, Defendants argue that 21 C.F.R. § 820.170 grants them access to certain documents and the Complaint does not distinguish between the authorized and unauthorized documents. Id. at 10. Alternatively, Defendants rely on the “reverse engineering” exemption within 17 U.S.C. § 1201 to argue that they lawfully circumvented Philips's security measures “for normal business reasons.” Id. at 10-11.
Philips responds that the Complaint identifies how Defendants “knowingly and intentionally obtained, used, and sold fake and/or unauthorized IST certificates . . . to gain unlicensed and unauthorized access to Philips' CSIP and proprietary tools.” Doc. 22, Pl.'s Resp., 10-11 (citing Doc. 1, Compl., ¶¶ 42-60, 77, 80-81). Additionally, Defendants under § 820.170 could not “legally access” information and tools above CSIP Level 0 because Defendants “never received IST certificates” with this higher level of access, according to Philips. Id. at 11. Further, Philips argues that the “reverse engineering” exemption applies only when one lawfully obtains the right to use a computer program, but Defendants unlawfully obtained access. Id. at 11-12.
Philips sufficiently pleaded its DMCA claim. Philips provides numerous allegations of the circumvention of “Philips'[s] access control mechanisms on the Philips systems” through “fake and/or unauthorized IST certificates.” Doc. 1, Compl., ¶¶ 42, 80. Defendants used these IST certificates to “impersonate Philips employees” with higher access levels “to modify Philips systems.” Id. At 45. These allegations sufficiently provide Defendants with notice of how Philips alleges that they violated the DMCA.
Defendants also again err by relying on 21 C.F.R. § 820.170. While this regulation requires Philips to provide certain documents and information, it does not excuse one who circumvents a technological measure or infringes on copyright management information. See 17 U.S.C. § 1201; id. § 1202. Defendants do not cite to any cases holding otherwise.
Thus, the “reverse engineering” exception does not apply to the actions alleged by Philips. The exception allows:
a person who has lawfully obtained the right to use a copy of a computer program [to] circumvent a technological measure that effectively controls access to a particular portion of that program for the sole purpose of identifying and analyzing those elements of the program that are necessary to achieve interoperability of an independently created computer program with other programs ....21 U.S.C. § 1201(f). Philips correctly points out that before this exception applies Defendants must have “lawfully obtained the right to use a copy of the computer program.” Doc. 22, Pl.'s Resp., 11-12. But, the Complaint alleges that Defendants exceeded their authorization, making their access of the computer program unlawful. See id.; Doc. 1, Compl., ¶¶ 44-45; see also Philips, 2020 WL 475616, at *6 (holding the same); Gen. Motors L.L.C. v. Autel. U.S. Inc., 2016 WL 1223357, at * 8 (E.D. Mich. Mar. 29, 2016) (same). Thus, the Court DENIES Defendants' motion for the DMCA claim.
The exception allows for circumvention “to identify the elements necessary to achieve compatibility of an independently created computer program with other programs.” Pyrotechnics Mgmt., Inc. v. XFX Pyrotechnics LLC, 2021 WL 925812, at *15 (W.D. Pa. Mar. 11, 2021) (citing 21 U.S.C. § 1201(f)), rev'd on other grounds, 2022 WL 2336477 (3d Cir. June 29, 2022). Defendants do not provide any evidence or argumentation that they circumvented the CSIP security measures to achieve interoperability with other programs or systems. Such an argument would be better decided at the summary judgment phase when the Court can assess any evidence presented in light of the parties' arguments.
3.Whether Philips Sufficiently Pleaded the DTSA & TUTSA Claims
Under the DTSA, “[a]n owner of a trade secret that is misappropriated may bring a civil action . . . if the trade secret is related to a product or service used in, or intended for use in, interstate or foreign commerce.” 18 U.S.C. § 1836(b)(1). The court may award “damages for actual loss caused by the misappropriation of the trade secret” and “any unjust enrichment.” Id. § 1836(b) (3) (B) (i-ii). To state a DTSA claim, Philips “must allege: (1) a trade secret; (2) misappropriation; and (3) use in interstate commerce.” DBG Grp. Invs., LLC v. Puradigm, LLC, 2022 WL 313435, at *2 (N.D. Tex. Feb. 2, 2022) (quoting Phazr, Inc. v. Ramakrishna, 2020 WL 5526554, at *3 (N.D. Tex. Sept. 14, 2020)). The DTSA defines a “trade secret” to include:
all forms and types of . . . program devices, . . . programs, or codes . . . if . . . the owner thereof has taken reasonable measures to keep such information secret; and the information derives independent economic value . . . from not being generally known to, and not being readily ascertainable through proper means by, another person who can obtain economic value from the disclosure or use of the information.18 U.S.C. § 1839(3).
The TUTSA contains similar or nearly identical provisions and definitions as the DTSA because both are based on the Uniform Trade Secrets Act. DBG Grp. Invs., LLC, 2022 WL 313435, at *2-3. To state a claim under the TUTSA, Philips must allege the first two elements of a DTSA claim, but not the third-use in interstate commerce. Id.; Retail Servs. WIS Corp. v. Crossmark, Inc., 2021 WL 1747033, at *8 (Tex. App.-Dallas May 4, 2021, no pet.).
Defendants ask the Court to dismiss the DTSA and TUTSA claims because Philips fails to identify the specific trade secrets for Defendants to “evaluate and defend the alleged wrongful conduct.” Doc. 20, Defs.' Br., 12-15. Defendants again cite to 21 C.F.R. § 820.170 for the proposition that “Philips is required to provide” certain information to Defendants that “is a part of the public domain, making it not a trade secret.” Id. at 13-16.
Philips argues that it sufficiently pleaded that “its proprietary software, documentation, and access control system . . . are trade secrets” and Defendants “obtained and misappropriated these trade secrets” through the unauthorized use of the IST certificates. Doc. 22, Pl.'s Resp., 12-13. Philips further contends that it is not required to “detail the misappropriated trade secrets.” Id. at 13. Additionally, 21 C.F.R. § 820.170 does not require Philips to provide “unfettered access to trade secret information,” according to Philips. Id. at 14.
The Court finds Philips sufficiently pleaded the DTSA and TUTSA claims. Philips is only required to plead that a trade secret was misappropriated (and for the DTSA, used in interstate commerce). See DBG Grp. Invs., LLC, 2022 WL 313435, at *2. Philips is not required to identify the specific trade secret. See id. However, Philips does provide ample allegations to identify the trade secrets at issue in this case. Philips describes them as “restricted software, including software to modify medical devices,” and “restricted confidential trade secret CSIP materials and software[,] . . . not generally known in the industry.” Doc. 1, Compl., ¶¶ 37, 96.
As for Defendants' argument regarding 21 C.F.R. § 820.170, the regulation does not require Philips to disclose trade secrets. What Philips describes in its Complaint is well outside of any information that Philips is required to provide an installer. See id.
Accordingly, the Court DENIES Defendants' motion for the DTSA and TUTSA claims.
4.Whether Philips Sufficiently Pleaded the Unfair Competition Claim
“Unfair competition under Texas law ‘is the umbrella for all statutory and nonstatutory causes of action arising out of business conduct which is contrary to honest practice in industrial or commercial matters.'” Taylor Pub. Co. v. Jostens, Inc., 216 F.3d 465, 486 (5th Cir. 2000) (quoting Am. Heritage Life Ins. Co. v. Heritage Life Ins. Co., 494 F.2d 3, 14 (5th Cir. 1974)). A Texas unfair competition claim requires “an illegal act by the defendant which interfered with the plaintiff's ability to conduct its business”-at minimum, an “independent tort.” Id.
Defendants argue for dismissal of the unfair competition claim because Philips fails to identify “dishonest business conduct, . . . how Defendants are in competition with [Philips], Defendants['] use of a product of [Philips]'s, or any resulting damages.” Doc. 20, Defs.' Br., 16.
Philips responds that it sufficiently pleaded the claim, including that Defendants used unauthorized IST certificates and “profit[ed] at the expense of Philips.” Doc. 22, Pl.'s Br., 14 (quoting Doc. 1, Compl., ¶ 60). Philips also argues that it provides sufficient allegations of “how Defendants . . . unfairly compet[e] in the marketplace by using, selling, and/or providing fake IST certificates . . . and by falsely advertising on their website.” Id. Philips also disagrees with Defendants' characterization of their claim as “solely based on misappropriation.” Id. at 15.
Philips's last argument highlights the problem with the unfair competition claim. Because the Texas common law claim of unfair competition is an umbrella term, many causes of action fall underneath its shadow. Seatrax, Inc. v. Sonbeck Int'l, Inc., 200 F.3d 358, 368 (5th Cir. 2000) (listing cases describing four independent causes of action). Philips's four preceding claims survived Defendants' motion to dismiss; any of these might perhaps serve as the basis for its unfair competition claim. Cf. Greater Hous. Transp. Co. v. Uber Techs., Inc., 155 F.Supp.3d 670, 696-97 (S.D. Tex. 2015) (denying dismissal of the unfair competition claim when only two of the four Lanham Act claims survived the motion to dismiss). Thus, not clearly defining which cause(s) of action support the unfair competition claim denies Defendants notice and the opportunity to appropriately defend against this claim. Seatrax, 200 F.3d at 368. Therefore, the Court DISMISSES Philips's unfair competition claim.
5.Whether Philips Sufficiently Pleaded the Fraud Claim
To state a claim for common law fraud, a plaintiff must allege: “(1) a material misrepresentation; (2) that is false; (3) made with knowledge of its falsity or recklessness as to its truth; (4) made with the intention that it should be acted upon by another party; (5) relied upon by the other party, and (6) causing injury.” Flaherty & Crumrine Preferred Income Fund, Inc. v. TXU Corp., 565 F.3d 200, 212 (5th Cir. 2009) (first citing Jag Media Holdings Inc. v. A.G. Edwards & Sons Inc., 387 F.Supp.2d 691, 709 (S.D. Tex. 2004); and then citing Ernst & Young, L.L.P. v. Pac. Mut. Life Ins. Co., 51 S.W.3d 573, 577 (Tex. 2001)). Under Texas law, a false representation is material “if a reasonable person would attach importance to and be induced to act on the information.” Shandong Yinguang Chem. Indus. Joint Stock Co. v. Potter, 607 F.3d 1029, 1033 (5th Cir. 2010). Fraud claims are subject to the pleading standards of Rule 9(b). Flaherty, 565 F.3d at 213.
Defendants argue that Philips does not comply with the specificity requirements of Federal Rule of Civil Procedure 9(b) by not identifying the information Defendants accessed, “statements or misrepresentations . . . made by the Defendants, . . . the . . . speaker, . . . when or where the representations were . . . made, or . . . why the misrepresentations were apparently fraudulent.” Doc. 20, Defs.' Br., 18.
Plaintiffs contend that the Complaint contains sufficient allegations of Defendant Shannon using unauthorized IST certificates, misrepresenting to Philips that he was authorized access. Doc. 22, Pl.'s Resp., 15 (citing Doc. 1, Compl., ¶¶ 129-32). These allegations contain the when, where, and how of the misrepresentations. Id.
Philips sufficiently pleaded the who, what, when, where, and how of the fraud claim. Nunnally, 519 F. App'x. at 892. Philips identifies the “who” as “Defendant Shannon . . . or . . . employees of Image Tech,” the “what” as “impersonat[ing] Philips employees,” “when” as “since April 2018,” “where” as “during its service and repair activities,” and “how” as “deceiv[ing] Philips into believing that Defendants were a Philips FSE and that Defendants were authorized to obtain access to the Philips systems with FSE-level credentials.” Doc. 1, Compl., ¶¶ 129-30, 33.
Therefore, the Court DENIES Defendants' motion to dismiss for the fraud claim.
C. Whether Alpha and Kalish Are Necessary Parties
Defendants argue that “the Court is unable to afford the Plaintiff complete relief without joining Alpha and Kalish” because “damages necessarily arise from” Kalish's creation of the software program to generate fake IST certificates and that Alpha's use of the unauthorized certificates on Philips systems. Doc. 20, Defs.' Br., 19-20. Not including Alpha and Kalish would prejudice Defendants because the Complaint alleges “Defendants['] purported wrongdoing was facilitated and executed by Alpha and Kalish,” according to Defendants. Id. at 20.
Philips contends that Defendants' 12(b)(7) arguments “contradict[] [their] arguments . . . under 12(b)(6) or 12(e).” Doc. 22, Pl.'s Resp., 16. Defendants have not moved to join Kalish and Alpha, so Philips argues that the Court should deny the motion for this alone. Id. (citing Allstate Ins. Co. v. Plambeck, 2009 U.S. Dist. LEXIS 10302 (N.D. Tex. Jan. 30, 2009)). Further, according to Philips, the Court is not required to join Defendants for a claim of contribution or joint tortfeasors. Id. at 16-17 (first citing Nottingham v. Gen. Am. Commc'n Corp., 811 F.2d 873 (5th Cir. 1987); then citing Sw. Bell Tel. Co. v. Raza Telecomm. Inc., 2013 U.S. Dist. LEXIS 190905 (N.D. Tex. Nov. 22, 2013); then citing Temple v. Synthes Corp., Ltd., 498 U.S. 5 (1990); then citing Herpich v. Wallace, 430 F.2d 792 (5th Cir. 1980); and then citing Haug v. Dependable Auto Shippers, Inc., 2010 WL 669756 (N.D. Tex. Feb. 25, 2010)).
Defendants have not proven Alpha and Kalish are indispensable parties. First, the Court notes that Defendants did not cite to any caselaw to buttress their argument or help elucidate to the Court how Rule 19 makes Alpha and Kalish indispensable to this case. See Doc. 20, Defs.' Resp., 18-20; Doc. 23, Defs.' Reply, 9-10. Regardless, the Court can afford complete relief to Philips for the actions of Defendants without Alpha and Kalish because the Defendants, Alpha, and Kalish are individually responsible for their alleged actions. As Philips correctly states, “it is well-established that Rule 19 does not require the joinder of joint tortfeasors.” Nottingham, 811 F.2d at 880. Thus, the Court is not required to join Alpha or Kalish.
Defendants' motion to dismiss under Rule 12(b)(7) is DENIED.
D. Whether Philips Pleaded with Enough Specificity for Defendants to Formulate a Response
Defendants alternatively argue that the Court should require Philips “to replead [its] case to allow Defendants to [answer].” Doc. 20, Defs.' Br., 20. Defendants contend that Philips pleaded with “vague assertions and ambiguous statements” regarding “Philips' restricted software, including software to modify medical devices; Philips' confidential and proprietary information, intellectual property, and trade secrets; . . . technological measures, including access control measures to protect Philips' copyright protected works, including software documentation;” and “the information, documentation, or software . . . accessed by Defendants beyond ‘Level 0.'” Id. at 20-21.
Philips responds that its Complaint satisfies Rule 8(a)(2) and is not unintelligible. Doc. 22, Pl.'s Resp., 17-18. Philips argues that “Defendants[] demand . . . details that can and will be clarified and developed during discovery.” Id. at 18 (citing Johnson v. BAE Sys. Land & Armaments, L.P., 2012 WL 5903780 (N.D. Tex. Nov. 26, 2012)).
Because four of five causes of action survive Defendants' motion under Rule 12(b)(6), the Court will not dismiss under Rule 12(e). See Mitchell, 269 F.2d at 132. The proper format for obtaining the further information that Defendants seek is through “discovery, interrogatories and the like.” See id. Accordingly, the Court DENIES the Rule 12(e) motion for more definite statement.
E. Leave to Amend
Given that this is the Court's first opportunity to assess the sufficiency of Philips's allegations, the Court deems it appropriate to provide it one chance to amend its pleadings in light of the deficiencies noted in this Order. See Fed.R.Civ.P. 15(a)(2) (“The court should freely give leave [to amend] when justice so requires.”). This amended complaint shall be filed within THIRTY (30) days of the date of this Order.
IV.
CONCLUSION
For the foregoing reasons, Defendant's motion to dismiss (Doc. 20) is GRANTED IN PART and DENIED IN PART. Specifically, the Court DISMISSES WITHOUT PREJUDICE the unfair competition claim. Within THIRTY (30) days of the date of this order, Philips may file an amended complaint as permitted in Part E. From the date of Philips's filing, Defendants have twenty-one (21) days to file an answer or motion to dismiss pursuant to Federal Rule of Civil Procedure 12.
SO ORDERED.