Summary
dismissing a motion to dismiss a CFAA claim when plaintiff alleged the defendant “fraudulently posed as a customer of [plaintiff] and then used that false identity to obtain login credentials to access [plaintiff's] password-protected platform.”
Summary of this case from ACI Payments, Inc. v. Conservice, LLCOpinion
Case No. 2:20-cv-352-DB
11-24-2020
PODIUM CORPORATION INC., Plaintiff, v. CHEKKIT GEOLOCATION SERVICES INC., Defendant.
MEMORANDUM DECISION AND ORDER DENYING MOTION TO DISMISS
Before the court is Defendant Chekkit Geolocation Services, Inc.'s ("Chekkit") Motion to Dismiss Computer Fraud and Abuse Act Claim. (Dkt. No. 27.) The Motion has been fully briefed by the parties, and the Court has considered the facts and arguments set forth in those filings. Pursuant to civil rule 7-1(f) of the United States District Court for the District of Utah Rules of Practice, the Court elects to determine the motion on the basis of the written memoranda and finds that oral argument would not be helpful or necessary. DUCivR 7-1(f).
BACKGROUND
Plaintiff Podium Corporation Inc. ("Podium") develops software to help businesses with their customer interactions. On June 8, 2020, Plaintiff filed suit against Defendant Chekkit alleging, among other things, that Defendant fraudulently gained access to Plaintiff's products and services by using a false identity, creating a fake user account, and forging a signature on a contract with Podium in order to gain unauthorized access to Podium's customer lists, target Podium's customers through its webchat widget, use the Podium name and logo to promote Chekkit's products and services, and make unauthorized copies of Podium's copyrighted software and other works. (Compl. ¶ 2.)
On September 8, 2020, Defendant Chekkit moved to dismiss Plaintiffs first cause of action - the Computer Fraud and Abuse Act claim - pursuant to Rule 12(b)(6) of the Federal Rules of Civil Procedure. For the reasons stated herein, Defendant's motion is denied.
DISCUSSION
"The court's function on a Rule 12(b)(6) motion is not to weigh potential evidence that the parties might present at trial, but to assess whether the plaintiff's complaint alone is legally sufficient to state a claim for which relief may be granted." Tal v. Hogan, 453 F.3d 1244, 1252 (10th Cir. 2006). The court must construe the complaint in the light most favorable to the Plaintiff, accept all well-pleaded factual allegations as true, and draw all reasonable inferences in favor of the Plaintiff. See Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009); Khalik v. United Air Lines, 671 F.3d 1188, 1191 (10th Cir. 2012); Jordan-Arapahoe, LLP v. Board of City Comm'rs, 633 F.3d 1022, 1025 (10th Cir. 2011).
Plaintiff must provide "enough facts to state a claim to relief that is plausible on its face." Bell Atlantic Corp. v. Twombly, 550 U.S. 544 (2007). "A claim has facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged." Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009). The plausibility standard is not a "probability requirement," but it does require "more than a sheer possibility that a defendant has acted unlawfully." Id.
In considering the adequacy of a plaintiff's allegations in a complaint subject to a motion to dismiss, a district court not only considers the complaint, but may also "consider documents referred to in the complaint if the documents are central to the plaintiff's claim and the parties do not dispute the documents' authenticity." Alvarado v. KOB-TV, LLC, 493 F.3d 1210, 1215 (10thCir. 2007); see Tellabs, Inc. v. Makor Issues & Rights, Ltd., 551 U.S. 308, 322 (2007) (district court may consider "documents incorporated into the complaint by reference and matters of which a court may take judicial notice").
The Computer Fraud and Abuse Act ("CFAA") provides a private right of action where a defendant:
Intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains . . . information from any protected computer, [or]18 U.S.C. § 1030(a)(2)(c), and (a)(5)(B) & (C).
Intentionally accesses a protected computer without authorization and as a result of such conduct, recklessly causes damage [or] causes damage and loss.
The United States Court of Appeals for the Tenth Circuit has recognized that a defendant accesses a computer "without authorization" under the CFAA by falsely posing as someone else to defraud and use the login credentials created for that other person in order to gain access to a protected computer. United States v. Willis, 476 F.3d 1121, 1125-27 (10th Cir. 2001). Other courts have similarly concluded that access to a computer is "unauthorized" or "without authorization" where access is obtained via fraud, misrepresentation, or other deceptive means. See Yoder & Frey Auctioneers, Inc. v. EquipmentFacts, LLC, 774 F.3d 1065, 1069 (6th Cir. 2014) (concluding defendant violated CFAA "by posing as one of [plaintiff's] customers" in order to gain "unauthorized access" to plaintiff's online platform); Theofel v. Farley-Jones, 359 F.3d 1066, 1075 (9th Cir. 2003) (reversing dismissal of CFAA claim and rejecting defendant's claim that it had authorization where alleged authorization was obtained under false pretenses - "the busybody who gets permission to come inside by posing as a meter reader is a trespasser").
Likewise, on the subject of "authorization" obtained by fraud or misrepresentation, the Restatement (Second) of Torts provides:
If the person consenting to the conduct of another is induced to consent by a substantial mistake concerning the nature of the invasion of his interests or the extent of the harm to be expected from it and the mistake is known to the other or is induced by the other's misrepresentation, the consent is not effective for the unexpected invasion or harm.Restatement (Second) of Torts § 892B (1979).
Plaintiff in this case has alleged that Defendant Chekkit fraudulently posed as a customer of Podium (Eric Winters of Munch Box) and then used that false identity to obtain login credentials to access Podium's password-protected platform and the valuable information contained on that platform without authorization. (Compl. ¶¶ 27-30.) Given the legal standards set forth above, and taking these facts as true, the Court finds Plaintiff's allegations are sufficient to state a claim under the CFAA.
CONCLUSION
For the reasons stated, Defendant's Motion to Dismiss Plaintiff's CFAA Claim is DENIED.
DATED this 24th day of November, 2020.
BY THE COURT:
/s/_________
Dee Benson
United States District Judge