Opinion
Case No.: 17-cv-0192-AJB NLS
04-14-2017
SATMODO, LLC, a California limited liability company, Plaintiff, v. WHENEVER COMMUNICATIONS, LLC, d.b.a. StatellitePhoneStore.com, a Nevada limited liability company, HENAA BLANCO, an individual, and DOES 1 through 50, inclusive, Defendants.
ORDER GRANTING IN PART AND DENYING IN PART DEFENDANTS' MOTION TO DISMISS
Presently before the Court is Defendants' Whenever Communications, LLC, d.b.a. SatellitePhoneStore.com and Henaa Blanco, (collectively "Defendants"), motion to dismiss Plaintiff's Satmodo, LLC, ("Plaintiff") complaint. (Doc. No. 9.) Having reviewed the parties' arguments and controlling legal authority, the Court finds this motion suitable for determination on the papers and without oral argument. Accordingly, the motion hearing presently set for April 20, 2017 at 2:00 p.m. is VACATED pursuant to Local Rule 7.1.d.1. For the reasons set forth below, the Court GRANTS IN PART AND DENIES IN PART Defendants' motion to dismiss. //
BACKGROUND
The following facts are taken from Plaintiff's complaint and accepted as true for the limited purpose of resolving the pending motion before the Court. See Vasquez v. L.A. Cnty., 487 F.3d 1246, 1249 (9th Cir. 2007) (noting a court must "accept all material allegations of fact as true" when ruling on a motion to dismiss).
The present action arises out of an intentional and systematic "click fraud" scheme, wherein Defendants clicked on Plaintiff's paid online advertisements with the intent to harm Plaintiff. (Doc. No. 1 ¶ 9.) Plaintiff and Defendant Whenever Communications are two of the largest competitors in the business of online sale and rental of satellite phones. (Id. ¶ 12.) These companies buy satellite phones at wholesale and then sell or rent the phones to online customers. (Id.) Within this industry, sales and rentals are heavily reliant on a company's online presence. (Id. ¶ 14.) To promote their online presence, competing companies, including Plaintiff and Defendant Whenever Communications, take part in advertisements via search engines. (Id.) Each time a customer clicks on a company's advertisement through a search engine, the company pays for the click through a set daily advertising budget. (Id. ¶ 9.) Once a company's set daily advertising budget has been met, the search engine will stop publishing the company's advertisement for that day. (Id.)
From 2016 to 2017, Defendant Whenever Communications, in part through its agent Defendant Henna Blanco, intentionally sought out Plaintiff's advertisements on search engines including Google, Yahoo!, and Bing, to carry out their "click fraud" scheme. (Id. ¶¶ 9-11, 20.) "Click fraud" is the practice of fraudulently or maliciously clicking the online search advertisements of an advertiser to force the advertiser to pay for the click while having no intention of buying the advertised services or products. (Id. ¶ 10.) Defendants intentionally clicked on Plaintiff's advertisements to push Plaintiff out of the market and to receive a better advertising rank over Plaintiff. (Id. ¶¶ 18-19.) Plaintiff observed the use of multiple IP addresses used to commit this click fraud scheme and believes the addresses were tied to Defendants. (Id. ¶¶ 25, 28, 31.) Plaintiff believes that Defendants are utilizing automated means and rotating through proxy servers in order to avoid detection. (Id. ¶ 27.) Specifically, on August 22, 2016, Plaintiff observed Defendants use automated means to click on Plaintiff's homepage approximately 96 times within a few minutes. (Id. ¶¶ 25-27.) At times where the IP addresses were unmasked by proxy servers, Plaintiff observed fraudulent clicks and chat requests originating from Lakeland, Florida, Las Vegas, Nevada, and San Diego, California, which are all locations where Whenever Communications maintains offices. (Id. ¶ 31.) In response to these observations, Plaintiff blocked several IP addresses associated with Defendants. (Id. ¶ 29.) In September 2016, Plaintiff's counsel sent a cease and desist letter to Defendants and asked Defendants to stop their click fraud scheme. (Id. ¶ 32.) However, instead of ceasing, Defendants used proxy servers to circumvent Plaintiff's online blockade and continued to engage in their click fraud scheme. (Id. ¶ 29, 32.) Plaintiff alleges it has been damaged in that it paid for clicks that Defendants fraudulently created and lost sales from being forced out of the market prematurely. (Id. ¶ 34.)
On February 1, 2017, Plaintiff filed a complaint seeking compensatory damages and injunctive relief for Defendants' alleged click fraud scheme. (Doc. No. 1.) Plaintiff alleged four causes of actions in its complaint: (1) violation of the Computer Fraud and Abuse Act ("CFAA"); (2) violation of California's Comprehensive Computer Data Access and Fraud Act ("CDAFA"); (3) intentional interference with prospective economic relations; and (4) violation of California's Unfair Competition Law, Business and Professions Code Section 17200 ("UCL"). Presently before the Court is Defendants' amended motion to dismiss, which was filed on February 27, 2017. (Doc. No. 9.) Plaintiff filed an opposition on March 10, 2017, (Doc. No. 10), and Defendants replied on March 16, 2017, (Doc. No. 12).
LEGAL STANDARD
A motion to dismiss under Federal Rule of Civil Procedure 12(b)(6) tests the legal sufficiency of a plaintiff's complaint and allows a court to dismiss a complaint upon a finding that the plaintiff has failed to state a claim upon which relief may be granted. See Navarro v. Block, 250 F.3d 729, 732 (9th Cir. 2001). "[A] court may dismiss a complaint as a matter of law for (1) lack of a cognizable legal theory or (2) insufficient facts under a cognizable legal claim." SmileCare Dental Grp. v. Delta Dental Plan of Cal., Inc., 88 F.3d 780, 783 (9th Cir. 1996) (internal quotations and citation omitted). However, a complaint will survive a motion to dismiss if it contains "enough facts to state a claim to relief that is plausible on its face." Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007). In making this determination, a court reviews the contents of the complaint, accepting all factual allegations as true, and drawing all reasonable inferences in favor of the nonmoving party. Cedars-Sinai Med. Ctr. v. Nat'l League of Postmasters of U.S., 497 F.3d 972, 975 (9th Cir. 2007).
Notwithstanding this deference, the reviewing court need not accept "legal conclusions" as true. Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009). It is also improper for a court to assume "the [plaintiff] can prove facts that [he or she] has not alleged." Associated Gen. Contractors of Cal., Inc. v. Cal. State Council of Carpenters, 459 U.S. 519, 526 (1983). However, "[w]hen there are well-pleaded factual allegations, a court should assume their veracity and then determine whether they plausibly give rise to an entitlement to relief." Iqbal, 556 U.S. at 679.
Further, factual allegations must meet the requisite level of specificity. See Kearns v. Ford Motor Co., 567 F.3d 1120, 1124 (9th Cir. 2009). Federal Rule of Civil Procedure 8(a)(2) requires a party's pleading to contain "a short and plain statement of the claim showing that the pleader is entitled to relief." Fed. R. Civ. P. 8(a)(2). However, Rule 9(b) requires that, when fraud is alleged, "a party must state with particularity the circumstances constituting fraud . . . ." Fed. R. Civ. P. 9(b). When fraud is not a necessary element of a claim, a plaintiff may choose to allege a unified course of fraudulent conduct and rely entirely on that course of conduct as the basis of a claim. Vess v. Ciba-Geigy Corp. USA, 317 F.3d 1097, 1103 (9th Cir. 2003). In such event, "the claim is said to be 'grounded in fraud' or to 'sound in fraud,' and the pleading of that claim as a whole must satisfy the particularity requirement of Rule 9(b)." Id. at 1103-04. Rule 9(b) demands that the circumstances constituting the alleged fraud "be 'specific enough to give defendants notice of the particular misconduct . . . so that they can defend against the charge and not just deny that they have done anything wrong.'" Bly-Magee v. California, 236 F.3d 1014, 1019 (9th Cir. 2001) (quoting Neubronner v. Milken, 6 F.3d 666, 672 (9th Cir. 1993)).
DISCUSSION
A. Rule 9(b) Heightened Pleading Standard
As a preliminary matter, the Court will address to what extent Plaintiff's claims are subject to the heightened pleading requirements of Federal Rule of Civil Procedure 9(b). Defendants contend that all of Plaintiff's claims are subject to Rule 9(b) because each claim is based upon a fraudulent course of conduct. (Doc. No. 9 at 11-12, 14, 16, 18.) Plaintiff counters that only specific averments of fraud must be pled with particularity and that, even if the Court disagrees, the complaint meets the heightened pleading standard. (Doc. No. 10 at 15-18, 19-20, 21, 23.) The Court finds that each of Plaintiff's claims are subject to the Rule 9(b) pleading standard.
Each of Plaintiff's claims against Defendants arise from the alleged click fraud scheme. (See generally Doc. No. 1.) Plaintiff defines click fraud as "generating clicks with a fraudulent or malicious intent . . . despite the fact that the person or entity making the click has no intention of buying the advertised services or products." (Doc. No. 1 ¶ 10.) Moreover, when Plaintiff alleges how Defendants implemented the scheme, it explains that "Defendants intentionally sought out Plaintiff's ads, clicking on them to present the false impression that they were intended customers." (Doc. No. 1 ¶ 19.) Plaintiff makes these allegations in support of its CFAA, CDAFA, UCL, and intentional interference with prospective economic relations claims; thus, it follows that all claims rely on a unified fraudulent course of conduct. See Kearns, 567 F.3d at 1125-26.
Therefore, the Court finds that Plaintiff's complaint alleges a unified course of fraudulent conduct.
B. Computer Fraud and Abuse Act
Plaintiff alleges Defendants violated four subsections of the CFAA, sections 1030(a)(4) and (5)(A)-(C), when they accessed Plaintiff's computers without authorization by logging onto the search engine website and making fraudulent clicks, or alternatively, when they exceeded their authorized access after being put on notice of their wrongful conduct in September 2016. (Doc. No. 1 ¶¶ 37, 39.) Plaintiff alleges damages and economic loss exceeding $75,000 based on the costs incurred in paying for invalid clicks and the loss of sales and profits from those clicks after Plaintiff was prematurely kicked out of the market. (Id. ¶ 39(d).) Defendants argue for dismissal because the alleged conduct does not conform to the criminal "anti-hacking" conduct that the CFAA was designed to prevent. Specifically, Defendants contend that each of Plaintiff's claims must fail because Plaintiff (1) has not shown how accessing Plaintiff's website through a publicly available third-party search engine is a recognized violation under the CFAA, (2) has not alleged sufficient facts for the requirement of loss or damage, and (3) fails to comply with Rule 9(b). (Doc. No. 9 at 8-12.) As explained below, the Court agrees with Defendants and will address each contention below.
The CFAA was first enacted to enhance the government's ability to prosecute computer crimes and to "target hackers who accessed computers to steal information or to disrupt or destroy computer functionality, as well as criminals who possessed the capacity to access and control high technology processes vital to our everyday lives." LVRC Holdings LLC v. Brekka, 581 F.3d 1127, 1130 (9th Cir. 2009) (internal quotation marks and citation omitted). "The CFAA prohibits a number of different computer crimes, the majority of which involve accessing computers without authorization or excess of authorization, and then taking specific forbidden actions, ranging from obtaining information to damaging a computer or computer data." Id. at 1131. Any individual may bring a private civil cause of action under the CFAA for damages and equitable relief if he or she suffers damages or loss as a result of a violation of these provisions. 18 U.S.C. § 1030(g). Within this context, the statute "targets the unauthorized procurement or alteration of information, not its misuse or misappropriation." United States v. Nosal, 676 F.3d 854, 863-64 (9th Cir. 2012) (interpreting the phrase "exceeds authorized access" to apply to "violations of restrictions on access to information, and not restrictions on its use.") (emphasis in original).
To establish a violation under section 1030(a)(4), Plaintiff must allege Defendants (1) accessed a "protected computer," (2) without authorization or exceeding authorization that was granted, (3) "knowingly" and with "intent to defraud," and thereby (4) "further[ed] the intended fraud and obtain[ed] anything of value," causing (5) a loss to one or more persons during any one-year period aggregating at least $5,000 in value. Brekka, 581 F.3d at 1132. Plaintiff alleges Defendants accessed its protected computers by "logging onto the search engine website in which Plaintiff used to facilitate its business and violated the terms and conditions of the search engine advertising contracts by producing invalid clicks on Plaintiff's advertisements." (Doc. No. 1 ¶ 37.) As currently pled, Plaintiff has not provided sufficient facts to demonstrate the threshold element that Defendants accessed Plaintiff's computers under section 1030(a)(4). Cf. Craigslist Inc. v. 3Taps Inc., 942 F. Supp. 2d 962, 968 (N.D. Cal. 2013) (holding plaintiff alleged "access of a protected computer" where it alleged "[d]efendants accessed Craigslist's website and the 'protected computers' hosting the website").
The Court notes that Plaintiff's opposition explains that clicking on the advertisements on the search engines resulted in Defendants being redirected to Plaintiff's website, servers, and computers. (See Doc. No. 10 at 11.) However, Plaintiff fails to allege this information in its complaint. See Associated Gen. Contractors of Cal. Inc., 459 U.S. at 526 (discussing that because a Rule 12(b)(6) motion tests the legal sufficiency of a complaint, a plaintiff cannot avoid dismissal by adding information not originally alleged in the complaint).
Accordingly, the Court finds that Plaintiff also fails to plead this element for sections 1030(a)(5)(B)-(C).
Defendants' main contention is whether Plaintiff has sufficiently alleged that Defendants improperly accessed Plaintiff's computers without authorization or by exceeding authorization . The Court finds that Plaintiff has sufficiently pled this element. The CFAA "'provides two ways of committing the crime of improperly accessing a protected computer: (1) obtaining access without authorization; and (2) obtaining access with authorization but then using that access improperly.'" Facebook, Inc. v. Power Ventures, Inc., 844 F.3d 1058, 1066 (9th Cir. 2016) (quoting Musacchio v. United States, 136 S. Ct. 709, 713 (2016)). Access without authorization under the CFAA occurs "when the person has not received permission to use the computer for any purpose (such as when a hacker accesses someone's computer without any permission), or when the employer has rescinded permission to access the computer and the defendant uses the computer anyway." Brekka, 581 F.3d at 1135. In contrast, exceeding authorized access is defined as accessing a computer with authorization and then using that access to obtain or alter information in the computer that the person is not entitled to alter or obtain. 18 U.S.C. § 1030(e)(6). The Ninth Circuit recently distilled two general rules for analyzing "authorization" under the CFAA: (1) "a defendant can run afoul of the CFAA when he or she has no permission to access a computer or when such permission has been revoked explicitly;" and (2) "a violation of the terms of use of a website—without more—cannot establish liability under the CFAA." Power Ventures, 844 F.3d at 1067 (following the Court's analysis in Nosal, 828 F.3d 865).
In Power Ventures, the defendant initially had permission to access the plaintiff's website. Id. However, plaintiff took two actions that expressly rescinded authorization: sending a cease and desist letter to the defendant and blocking the defendant's IP addresses. Id. The letter informed defendant that it had violated plaintiff's terms of use, as well as federal and state law, and demanded defendant stop soliciting information, using the website's content, or otherwise interacting with the website through automated scripts. Id. at 1067 n.3. While a violation, or notification of such a violation, of the website's terms of use was not sufficient to impose liability, the content of the cease and desist letter put defendant on notice that it no longer had authorized access to plaintiff's computers. Id. (citing Nosal, 676 F.3d at 862-63.) Plaintiff then further demonstrated that it had rescinded defendant's authorization by instituting an IP block to prevent defendant from accessing the Facebook website, which defendant circumvented by switching IP addresses. Id. at 1063. When defendant accessed plaintiff's website after receiving the letter, the Ninth Circuit held the access to be without authorization under the CFAA. Id. at 1069.
Here, Plaintiff asserts two theories alleging how Defendants acquired improper access: (1) violating the terms and conditions of the search engine's advertising contracts, and (2) accessing Plaintiff's website after Plaintiff blocked various IP addresses and asked Defendants to cease. (Doc. No. 1 ¶¶ 29, 32.) However, a violation of a website's terms of use, without more, is not sufficient to impose liability as a matter of law. See Power Ventures, 844 F.3d at 1067 n.3; Nosal, 676 F.3d at 862-63. Regarding the second theory, Plaintiff alleges that it first blocked various IP addresses associated with Defendants and that Defendants circumvented its efforts to continue their click fraud scheme. (Doc. No. 1 ¶ 29.) This allegation on its own is not sufficient to show improper access. See Power Ventures, 844 F.3d at 1068 n.5 ("Simply bypassing an IP address, without more, would not constitute unauthorized use."). However, Plaintiff's counsel notified Defendants in writing about their wrongful conduct and a demand was made to stop these actions immediately. (Doc. No. 1 ¶ 32.) The combination of these factual allegations is sufficient to allege improper access at the pleading stage. See Power Ventures, 844 F.3d at 1068; see also Craigslist Inc. v. 3Taps Inc., 942 F. Supp. 2d 962, 969-70 (N.D. Cal. 2012) (holding defendants' continued use of plaintiff's website after receiving cease and desist letters and evading technological blocking measures constitutes unauthorized access). Accordingly, Plaintiff has adequately alleged that if Defendants did access its computers, such access was improper because Defendants exceeded authorization. Ultimately, however, because Plaintiff failed to adequately plead the threshold element that Defendants accessed Plaintiff's computers , Plaintiff's claim under section 1030(a)(4) is DISMISSED.
Defendants contend that Plaintiff's second theory of improper access is a new theory first introduced in Plaintiff's opposition papers and absent from the complaint. (Doc. No. 12 at 5-6.) The Court disagrees with Defendants. While Plaintiff's opposition papers primarily focus on this second theory, the factual allegations are also pled in the complaint. (See Doc. No. 1 ¶¶ 29, 32.)
Interestingly, the Court notes that if Plaintiff wishes to proceed on a contract-based theory, there might be an issue establishing standing without first demonstrating privity of contract. See NovelPoster v. Javitch Canfield Grp., No. 13-cv-05186-WHO, 2014 WL 5687344, at *5 (N.D. Cal. Nov. 4, 2014) (noting "the general rule among federal courts applying California law is that one who is not a party to a contract does not have standing to sue for breach of that contract.").
2. Sections 1030(a)(5)(A)-(C)
Plaintiff next alleges three violations under section 1030(a)(5)(A)-(C). (Doc. No. 1 ¶ 39.) Subsection A creates a cause of action against anyone who knowingly transmits a program, information, or command, intentionally causing damage without authorization. 18 U.S.C. § 1030(a)(5)(A). Subsection B imposes civil liability on whoever intentionally accesses a protected computer without authorization and recklessly causes damage. 18 U.S.C. § 1030(a)(5)(B). Lastly, subsection C penalizes a defendant who intentionally accesses a protected computer without authorization and causes damage and loss. 18 U.S.C. § 1030(a)(5)(C). The CFAA broadly defines "loss" as "any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service." 18 U.S.C. § 1030(e)(11). In contrast, "damage" is statutorily defined separately as "any impairment to the integrity or availability of data, a program, a system, or information." 18 U.S.C. § 1030(e)(8). "Thus, while 'damage' covers harm to data and information, 'loss' refers to monetary harms sustained by the plaintiff." NovelPoster v. Javitch Canfield Grp., 140 F. Supp. 3d 954, 961 (N.D. Cal. 2014) (citation omitted).
As currently pled, Plaintiff has failed to set forth facts sufficient to state a claim for relief under sections 1030(a)(5)(A)-(C). Plaintiff contends that by orchestrating the click fraud scheme, Defendants inhibited Plaintiff's advertisements from being displayed online, essentially causing Plaintiff's premature exclusion from the market and causing a loss of sales and profits. (Doc. No. ¶¶ 34, 39, 40.) Drawing all reasonable inferences in Plaintiff's favor, Plaintiff has adequately pled the more loosely-interpreted element of loss. However, Plaintiff has not pled any facts sufficient to state a claim for damages based on CFFA's statutory definition. Instead, Plaintiff pleads facts sufficient for loss and summarily labels them as "damage." (See Doc. No. 1 ¶ 39(b)-(d).) This is insufficient. Plaintiff must allege facts that demonstrate that their data was destroyed, their computer system was harmed, or there was an inability to access their own computer data. See, e.g., Int'l Airport Ctrs., LLC v. Citrin, 440 F.3d 418, 419 (7th Cir. 2006) (harm constituted "damage" under the statute where defendant installed a secure-erasure program to prevent recovery of important files); NetApp, Inc. v. Nimble Storage, Inc., 41 F. Supp. 3d 816, 834 (N.D. Cal. 2014) ("damage" insufficiently pled where plaintiff plainly alleged "harm to the integrity of its data, programs, and computer system" without any plausible detail); NovelPoster, 140 F. Supp. 3d at 961 ("damage" sufficient under CFAA where plaintiff alleged defendants maintained unauthorized control of plaintiff's online accounts, which prohibited plaintiff from accessing their own data and communications within).
Thus, Plaintiff's allegation of loss is also sufficient for its section 1030(a)(4) claim.
Accordingly, for the reasons stated above, Plaintiff's claims under the CFAA are DISMISSED.
C. California's Comprehensive Computer Data Access and Fraud Act
Plaintiff next alleges Defendants violated four subsections of the CDAFA, sections 502(c)(1), (3), (5), (7). (Doc. No. 1 ¶¶ 44-47.) Plaintiff's claim under this statute arises from the same conduct alleged under the CFAA. Defendants contend that each of Plaintiff's CDAFA claims must fail because Plaintiff has not alleged use of its computers "without permission" and the allegations fail to comply with Rule 9(b). (Doc. No. 9 at 13-14.)
California Penal Code § 502 "prohibits unauthorized access to computers, computer systems, and computer networks, and provides for a civil remedy in the form of compensatory damages, injunctive relief, and other equitable relief." Sunbelt Rentals, Inc. v. Victor, 43 F. Supp. 3d 1026, 1032 (2014). Section 502 is also considered an "anti-hacking statute intended to prohibit the unauthorized use of any computer system for improper or illegitimate purpose." Id. Section 502 "is seen as the California corollary to the CFAA, and the requisite elements for pleading violations of the CFAA and CCDAFA are the same." Lakeland Tours, LLC v. Bauman, No. 13cv2230-CAB-JMA, 2014 WL 12570970, at *7 (S.D. Cal. Feb. 11, 2014) (citing Multiven v. Cisco Sys. Inc., 725 F. Supp. 2d 887, 895 (N.D. Cal. 2010)). Plaintiff brings a private action pursuant to section 502(e) and alleges violations of Sections 502(c)(1), (c)(3), (c)(5), and (c)(7), which provides that a person is liable if he or she:
(1) Knowingly accesses and without permission alters, damages, deletes, destroys, or otherwise uses any data, computer, computer system, or computer network to either (A) devise or execute any scheme or artifice to defraud, deceive, or extort, or (B) wrongfully control or obtain money, property or data.
...
(3) Knowingly and without permission uses or causes to be used computer services.
...
(5) Knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network.
...
(7) Knowingly and without permission accesses or causes to be accessed any computer, computer system, or computer network.Cal. Penal Code §§ 502(c)(1), (3), (5), (7). All of the prohibited conduct articulated in the subsections above requires that the defendant act "without permission." In re Carrier IQ, Inc., 78 F. Supp. 3d 1051, 1098 (N.D. Cal. 2015). "For purposes of Section 502, parties act without permission when they circumvent [ ] technical or code-based barriers in place to restrict or bar a user's access." Sunbelt Rentals Inc., 43 F. Supp. 3d at 1032 (internal quotations omitted).
Defendants contend that "access" or "use of data without permission" requires a showing of "circumventing technical or code based barriers intended to restrict such access." (Doc. No. 9 at 13.) However, the Court notes that circumventing technical barriers is not the only way to access or use a computer "without permission," but that it is the relevant requirement for the Court's consideration here because Plaintiff does not allege facts that Defendants misused information. See Christensen, 828 F.3d at 789-90. Here, Plaintiff alleges Defendants acted "without permission" after Plaintiff "blocked various IP addresses associated with Defendants, and instead of ceasing [the click fraud scheme], Defendants began to use proxy servers that automatically rotated IP addresses to strategically avoid the Plaintiff's blocking efforts." (Doc. No. 1 ¶ 29.) The Court finds this allegation to be a sufficient for pleading the "without permission" requirement. See Power Ventures, 844 F.3d at 1069 (finding CDAFA analysis to be same as CFAA analysis on similar facts).
The Ninth Circuit highlighted the alternative method of demonstrating the "without permission" element. While the CDAFA only requires knowing access and not unauthorized access, using valid login credentials and subsequently misusing the information obtained does in fact constitute a CDAFA violation. United States v. Christensen, 828 F.3d 763, 789-90 (9th Cir. 2015).
However, Plaintiff's CDAFA claims ultimately fail on its allegations of "access" and "disruption of computer services." Similar to Plaintiff's alleged CFAA violations, the Court finds Plaintiff has not adequately pled facts with enough particularity to show that Defendants accessed Plaintiff's computers. Further, Plaintiff's allegation of disruption under section 502(c)(5) is conclusory and merely restates the statutory language instead of providing factual support to show Defendants' click fraud scheme disrupted their computer service or data. (See Doc. No. 1 ¶ 46.) Consequently, the Court finds Plaintiff has failed to state a claim against Defendants under this subsection as well. See Oracle Corp. v. SAP AG, 734 F. Supp. 2d 956, 964 (N.D. Cal. 2010) (defendant did not violate section 502(c)(5) where there were no facts of slowdowns; disruptions in service; impairments to the availability of the data; or changes, deletions, or destruction of data).
Therefore, Plaintiff's claims under the CDAFA are DISMISSED.
D. California's Unfair Competition Law
Plaintiff alleges Defendants' click fraud scheme also violated the "unlawful" and "unfair" prongs of the UCL. (Doc. No. 1 ¶ 66.) Defendants contend Plaintiff does not allege a valid violation under any of the UCL's three available theories, is not entitled to the relief is seeks, and has failed to plead with the requisite Rule 9(b) particularity. (Doc. No. 9 at 16-18.)
Plaintiff originally asserted a claim under the "fraudulent" prong, (Doc. 1 ¶ 66), but appears to abandon this theory in its opposition, (See Doc No. 10 at 23) ("Satmodo brings its UCL claim under the 'unlawful' and 'unfair' prongs of the UCL."). Therefore, the Court will not address the "fraudulent" prong.
The Court finds Defendants' "safe harbor" argument unpersuasive. "The rule does not [] prohibit an action under the [UCL] merely because some other statute on the subject does not, itself, provide for the action or prohibit the challenged conduct. To forestall an action under the [UCL], another provision must actually 'bar' the action or clearly permit the conduct." Cel-Tech Commc'ns, Inc. v. Los Angeles Cellular Tel. Co., 20 Cal. 4th 163, 182-83 (1999).
California's Unfair Competition Law "is a broad remedial statute that permits an individual to challenge wrongful business conduct in whatever context such activity might occur." Lozano v. AT&T Wireless Servs., Inc., 504 F.3d 718, 731 (9th Cir. 2007) (internal quotation marks and citation omitted). The UCL prohibits any "unlawful, unfair, or fraudulent business act or practice." Cal. Bus. & Prof. Code § 17200. Accordingly, there are three prongs under which a claim may be established: unlawful, unfair, and fraudulent. Daro v. Superior Court, 151 Cal. App. 4th 1079, 1093 (2007) ("a business act or practice need only meet one of the three criteria—unlawful, unfair, or fraudulent—to be considered unfair competition"); Lozano, 504 F.3d at 731 ("[e]ach prong . . . is a separate and distinct theory of liability").
1. Unlawful Business Practice
"Unlawful" practices are "any practices forbidden by law, be it civil or criminal, federal, state, or municipal, statutory, regulatory, or court-made." Saunders v. Superior Court, 27 Cal. App. 4th 832, 838-39 (1994). "By proscribing any unlawful business practice, [the UCL] borrows violations of other laws and treats them as unlawful practices that the unfair competition law makes independently actionable." Woods v. Google, Inc., No. 11-cv-1263-JF, 2011 WL 3501403, at *7 (N.D. Cal. Aug. 10, 2011) (internal quotation marks omitted) (citing Cel-Tech Commc'ns, Inc., 20 Cal. 4th at 180)). The unlawful activities Plaintiff alleges in its complaint are for violations of the CFAA and CDAFA. Since Plaintiff has not pled these claims adequately, it follows that Plaintiff has failed to provide an independent violation to state a claim under the "unlawful" prong of the UCL. See Woods, 2011 WL 3501403, at *7. Thus, Plaintiff's claim of an "unlawful" practice under the UCL is DISMISSED.
2. Unfair Business Practice
The "unfair" prong under the UCL, targets conduct that "threatens an incipient violation of an antitrust law, or violates the policy or spirit of one of those laws because its effects are comparable to or the same as a violation of the law, or otherwise significantly threatens or harms competition." Cel-Tech Commc'ns. Inc., 20 Cal. 4th at 187 (designating the present test for actions between competitors alleging anticompetitive practices); see also Lozano, 504 F.3d at 735 (recognizing test as appropriate for actions based on unfairness between competitors). Thus, Plaintiff must allege that Defendants' conduct "'(1) violates the policy or spirit of the antitrust laws because the effect of the conduct is comparable to or the same as a violation of the antitrust laws, or (2) it otherwise significantly threatens or harms competition.'" Obesity Research Inst., LLC v. Fiber Research Int'l, LLC, 165 F. Supp. 3d 937, 953 (S.D. Cal. 2016) (quoting People's Choice Wireless, Inc. v. Verizon Wireless, 131 Cal. App. 4th 656, 662 (2005)). Conduct that violates the spirit of antitrust laws includes exclusive dealing, horizontal price fixing, and monopolization. Id.
Plaintiff's independent claim under the "unfair" prong has been sufficiently pled. The crux of Plaintiff's complaint focuses on Defendants' alleged click fraud scheme, which takes Plaintiff, "one of its main competitors, out of the marketplace for a period of time, all to the Defendants' benefit." (Doc. No. 1 ¶ 66.) These allegations, taken as true, allege unfair conduct that violates the spirit of antitrust laws and significantly threatens competition. Moreover, the Court believes the alleged click fraud scheme is the type of conduct the Legislature intended to protect against. "[T]he section was intentionally framed in its broad, sweeping language, precisely to enable judicial tribunals to deal with the innumerable 'new schemes which the fertility of man's invention would contrive.'" Cel-Tech Commc'ns. Inc., 20 Cal. 4th at 181 (quoting American Philatelic Soc. v. Claibourne, 3 Cal. 2d 689, 698 (1935)). However, the Court agrees with Defendants that Plaintiff is not entitled to recover damages or nonrestitutionary disgorgement under the UCL and is limited to injunctive relief. See Korea Supply v. Lockheed Martin Corp., 29 Cal. 4th 1134, 1152 (2003) (holding nonrestitutionary disgorgement of profits is not an available remedy in an individual action under the UCL).
Accordingly, Plaintiff's claim under the "unlawful" prong of the UCL is DISMISSED, and the Court DENIES Defendants' motion to dismiss Plaintiff's claim under the "unfair" prong of the UCL.
E. Intentional Interference with Prospective Economic Relations
Lastly, Plaintiff alleges "Defendants intentionally interfered with Plaintiff's economic relationship with potential customers" by making fraudulent clicks and prematurely terminating Plaintiff's online ad presence each day, thus, eliminating the number of clicks that would have resulted in a sale absent Defendants' conduct. (Doc. No. 1 ¶ 56.) Defendants counter that Plaintiff has not alleged interference with existing economic relationships and has not alleged the required independently wrongful conduct. (Doc. No. 9 at 14-16.) Plaintiff argues that it need only plead a "colorable economic relationship" and that this relationship is not hypothetical because "there is a known quantifiable percentage of legitimate clicks (had they not been replaced by Defendants' fraudulent clicks) that would have led to actual customers." (Doc. No. 10 at 15-16.)
First, Plaintiff must plead "that the [Defendants'] interference was wrongful by some measure beyond the fact of interference itself." Della Penna v. Toyota Motor Sales, U.S.A., Inc., 11 Cal. 4th 376, 392-93 (1995). A claim for intentional interference with prospective economic relations requires an allegation of some independently wrongful conduct that is "proscribed by some constitutional, statutory, regulatory, common law, or other determinable legal standard." Korea Supply, 29 Cal. 4th at 1159. "Wrongful conduct" has been interpreted to mean conduct "outside the realm of legitimate business transactions" and conduct that "may lie in the method used or by virtue of an improper motive." Della Penna, 11 Cal. 4th at 380 n.1. Plaintiff rests its claim of independently actionable wrongful conduct upon its claims under the CFAA, CDAFA, and UCL. (Doc. No. 1 ¶ 57.) Here, because Plaintiff has adequately pleaded a claim under the "unfair" prong of the UCL, it has sufficiently alleged the necessary wrongful conduct to support a claim for intentional interference with prospect economic relations.
However, the Court finds that Plaintiff has not sufficiently pleaded the necessary existing economic relationship. See Westside Ctr. Assocs. v. Safeway Stores 23, Inc., 42 Cal. App. 4th 507, 523-28 (1996). The elements of a cause of action for intentional interference with prospective economic relations under California law are: (1) an economic relationship between the plaintiff and another containing a probability of future economic benefit, (2) knowledge by the defendant of the existence of the relationship, (3) intentional acts on the part of the defendant designed to disrupt the relationship, (4) actual disruption of the relationship, and (5) damages to the plaintiff proximately caused by the acts of the defendant. Korea Supply, 29 Cal. 4th at 1153. "To establish the first element, plaintiff must allege the existence of a specific prospective relationship, not potential relationships with a class of unknown investors or purchasers." Buxton v. Eagle Test Syss., Inc., No. C-08-04404 RMW, 2010 WL 1240749, at * 1 (N.D. Cal. Mar. 26, 2010) (quotation marks and citation omitted); see also Kasparian v. Cty. of Los Angeles, 38 Cal. App. 4th 242, 261 (1995) ("an interference with an existing contract or a contract which is certain to be consummated"). Plaintiff alleges to have "prospective economic relationships with a certain percentage of all individuals making valid clicks on its paid advertisement." (Doc. No. 1 ¶ 53.) However, Plaintiff does not allege any facts that show the existence of any specific economic relationship with identifiable third parties. Without any identifiable prospective customers, Plaintiff's expectation is "at most a hope for an economic relationship and a desire for future benefit." Blank v. Kirwan, 39 Cal. 3d 311, 331 (1985).
Consequently, Plaintiff's claim for intentional interference with prospective economic relations is DISMISSED.
CONCLUSION
In light of the above, the Court GRANTS IN PART and DENIES IN PART Defendants' motion to dismiss Plaintiff's complaint. The Court DISMISSES WITHOUT PREJUDICE Plaintiff's claims under the CFAA, CDAFA, "unlawful" prong of the UCL, and intentional interference with prospective economic relations. Plaintiff may address the deficiencies noted herein by filing an amended complaint no later than 30 days from the issuance of this order .
IT IS SO ORDERED.
Dated: April 14, 2017
/s/_________
Hon. Anthony J. Battaglia
United States District Judge