Summary
denying a request to incorporate-by-reference documents that were filed with the plaintiff's TRO application in part because the complaint did not extensively refer to the documents
Summary of this case from Guardant Health, Inc. v. Natera, Inc.Opinion
Case No. 19-CV-02082-LHK
10-01-2019
SYNOPSYS, INC., Plaintiff, v. INNOGRIT, CORP., Defendant.
ORDER DENYING DEFENDANT'S MOTION TO DISMISS
Re: Dkt. No. 52
Plaintiff Synopsys, Inc. ("Synopsys") brings this action against Defendants InnoGrit, Corp. ("InnoGrit") and Does 1-10. ECF No. 50 ("SAC"). Before the Court is InnoGrit's motion to dismiss the second amended complaint ("SAC"). ECF No. 52 ("Mot."). Having considered the submissions of the parties, the relevant law, and the record in the instant case, the Court DENIES InnoGrit's motion to dismiss the SAC.
InnoGrit's motion to dismiss the SAC contains a notice of motion that is separately paginated from the memorandum of points and authorities in support of the motion. See Mot. at ii-iv. Civil Local Rule 7-2(b) provides that the notice of motion and points and authorities should be contained in one document with a combined limit of 25 pages. See Civ. Loc. R. 7-2(b).
I. BACKGROUND
A. Factual Background
Synopsys is a provider of electronic design automation ("EDA"). SAC ¶ 8. EDA entails "using computers to design, verify, and simulate the performance of electronic circuits." Id. Synopsys has invested substantial sums of money in designing EDA software, and offers a variety of software applications to purchasers. Id. ¶¶ 10, 11.
In order to access Synopsys's software, customers purchase licenses, which grant "customers limited rights to install [Synopsys's] EDA software and to access and use specific . . . software programs subject to control by [Synopsys] via its license key system." Id. ¶ 11. Synopsys's license key system is a "security system that controls access to its licensed software by requiring a user to access an encrypted control code provided by [Synopsys] in order to execute the licensed software." Id. The "encrypted control code is contained in a license key file that specifies the location(s) where the licensed software is authorized to be used and controls certain aspects of the licensed software, including among other items the quality and term of the licensed software in accordance with the purchased license terms." Id.
In early 2017, Synopsys International Ltd., Synopsys's wholly owned subsidiary charged with distribution and oversight of Synopsys software in China, began negotiations to license the EDA software to InnoGrit. Id. ¶ 18. On January 20, 2017, an end user license and maintenance agreement ("EULA") was executed between Synopsys International Ltd. and InnoGrit for InnoGrit's use of Synopsys's software at the address that InnoGrit provided. Id. ¶ 19. The address InnoGrit provided is located in Shanghai, China. Id.
1. Manipulation of Identifying Information of Computers
Synopsys alleges that around May 2017, months after the EULA that specified use exclusively in Shanghai was signed, InnoGrit began pirating Synopsys software for use in InnoGrit's San Jose, California office. Id. ¶ 27.
Synopsys alleges that the Synopsys license key system requires software users to supply a "Host ID for the computer(s) that will execute Synopsys license software," which Synopsys then includes in a license key file. Id. ¶ 14. The Host ID prevents users from accessing Synopsys software on unauthorized computers. Id. ¶¶ 14, 15.
According to Synopsys, InnoGrit affirmatively manipulated the identifying information of at least 15 InnoGrit computers in San Jose, California in order to bypass the Host ID restriction and run Synopsys software. Id. ¶ 27. InnoGrit has allegedly used this technique to "use Synopsys software without authorization many thousands of times." Id.
2. "Crack File" Download from Iran
Synopsys also alleges that at an unknown time, an InnoGrit employee downloaded a variety of "software piracy tools" from an Iranian website. Id. ¶ 30. The material that the InnoGrit employee downloaded included a "crack file" that consisted of "counterfeit license keys for Synopsys products, instructions for how to configure counterfeit Synopsys license keys, and illegal copies of Synopsys' software that InnoGrit never obtained a license to." Id.
InnoGrit allegedly transferred this "crack file" onto a portable USB flash drive in order to distribute it across different InnoGrit computers. Id. ¶¶ 30, 31. Synopsys alleges that the flash drive that contains the "crack file" has been connected to at least seven different computers in this district, and that the "crack file" contents currently reside on at least one computer in this district. Id. ¶¶ 31, 32. Synopsys also asserts that InnoGrit manually configured the counterfeit license key associated with the crack file to match identifying information on one of the InnoGrit computers located in this district. Id. ¶ 33.
3. Piracy Tools and Counterfeit License Key Generator Download from China
In addition to the crack file that InnoGrit downloaded from the Iranian website, Synopsys alleges that at an unknown time, an InnoGrit employee downloaded piracy tools and counterfeit license key generator software from a Chinese website. Id. ¶ 34. On or around July 20, 2018, the InnoGrit employee then copied a zip file containing this material into a file folder marked "share" on an InnoGrit computer located in this district. Id.
Synopsys alleges that among the piracy tools were instructions for how to generate and configure counterfeit license keys to Synopsys software. Id. ¶ 35. Synopsys asserts that an InnoGrit employee used these instructions to generate at least one counterfeit license key to Synopsys software, and that this counterfeit license key resides in the file folder containing the piracy tools and counterfeit license key generator. Id. ¶¶ 35, 36.
According to Synopsys, an InnoGrit employee also sent other InnoGrit employees located outside of the United States the counterfeit license key generator software and/or counterfeit license keys generated by the software. Id. ¶ 37. InnoGrit employees in both China and Canada have allegedly used counterfeit license keys generated by the counterfeit license key generator software to access Synopsys software. Id.
4. Synplify Version 2014.03
Finally, Synopsys alleges that InnoGrit downloaded an illegal copy of Plaintiff's copyright-protected software, Synplify version 2014.03 ("Synplify 2014.03"), from an Iranian website. Id. ¶¶ 38, 41. The copy of Synplify 2014.03 downloaded by InnoGrit "is non-genuine; it does not match the unique hash value signature of the authentic Synplify 2014.03 published by Synopsys and appears to have code removed from the original binary file." Id. ¶ 41. InnoGrit lacks a license to use Synplify 2014.03. Id. ¶ 40.
Synopsys alleges that InnoGrit distributed the illegal copy of Synplify 2014.03 to InnoGrit employees throughout this district, "including by reproducing copies of the illegal software on a flash drive and multiple computers." Id. ¶¶ 42, 45. Moreover, Synopsys claims that "InnoGrit employees located within this judicial district executed the illegal copies of Synplify 2014.03 on computers located within this judicial district" on multiple occasions. Id. ¶ 43. The execution of the illegal Synplify 2014.03 copies by InnoGrit employees also allegedly "created additional illegal copies in the random access memory . . . of their computers." Id.
B. Procedural History
On April 17, 2019, Synopsys filed a complaint against InnoGrit. See ECF No. 1. On April 18, 2019, Synopsys filed an ex parte motion for: (1) a temporary restraining order; (2) an order to show cause why a preliminary injunction should not issue; (3) expedited discovery; and (4) entry of a protective order. See ECF No. 12. On April 13, 2019, the Court: (1) denied entry of a temporary restraining order; (2) ordered InnoGrit to show cause why a preliminary injunction should not issue; (3) granted expedited discovery; and (4) denied without prejudice the request to enter a protective order. See ECF No. 16. Specifically, the Court denied entry of a temporary restraining order because the Court determined that Synopsys could not show that Synopsys would be irreparably harmed in the absence of a temporary restraining order. See id. at 4-6.
On May 23, 2019, Synopsys filed a first amended complaint ("FAC") against InnoGrit, see ECF No. 33, and on May 24, 2019, InnoGrit filed a motion to dismiss the FAC, see ECF No. 36. The Court denied as moot the motion to dismiss the FAC based on the parties' subsequent stipulation allowing Synopsys to file the SAC. See ECF Nos. 49, 65.
On June 26, 2019, the Court filed an order granting a preliminary injunction. See ECF No. 48. In the course of doing so, the Court concluded that Synopsys had shown a likelihood of success on the merits for the claims Synopsys alleged under 17 U.S.C. § 1201(a)(1) and (a)(2). See id. at 4-5.
On June 28, 2019, Synopsys filed a second amended complaint ("SAC") against InnoGrit. See ECF No. 50. The SAC alleges three causes of action: (1) violations of the Digital Millennium Copyright Act ("DMCA"), 17 U.S.C. § 1201(a)(1), SAC ¶¶ 49-58; (2) violations of the DMCA, 17 U.S.C. § 1201(a)(2), id. at ¶¶ 59-66; (3) violations of the Copyright Act, 17 U.S.C. §§ 106 and 602.
On July 12, 2019, InnoGrit filed the instant motion to dismiss the SAC. See ECF No. 52 ("Mot."). On July 26, 2019, Synopsys opposed the motion to dismiss the SAC, see ECF No. 55 ("Opp."), and on August 1, 2019, InnoGrit filed a reply, see ECF No. 58 ("Reply").
II. LEGAL STANDARD
Rule 8(a)(2) of the Federal Rules of Civil Procedure requires a complaint to include "a short and plain statement of the claim showing that the pleader is entitled to relief." A complaint that fails to meet this standard may be dismissed pursuant to Rule 12(b)(6). Rule 8(a) requires a plaintiff to plead "enough facts to state a claim to relief that is plausible on its face." Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007). "A claim has facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged." Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009). "The plausibility standard is not akin to a probability requirement, but it asks for more than a sheer possibility that a defendant has acted unlawfully." Id. (internal quotation marks omitted). For purposes of ruling on a Rule 12(b)(6) motion, the Court "accept[s] factual allegations in the complaint as true and construe[s] the pleadings in the light most favorable to the nonmoving party." Manzarek v. St. Paul Fire & Marine Ins. Co., 519 F.3d 1025, 1031 (9th Cir. 2008). The Court, however, need not "assume the truth of legal conclusions merely because they are cast in the form of factual allegations." Fayer v. Vaughn, 649 F.3d 1061, 1064 (9th Cir. 2011) (per curiam). Indeed, mere "conclusory allegations of law and unwarranted inferences are insufficient to defeat a motion to dismiss." Adams v. Johnson, 355 F.3d 1179, 1183 (9th Cir. 2004).
III. DISCUSSION
InnoGrit moves to dismiss each of Synopsys's claims for failure to state a claim. Specifically, with respect to Synopsys's claim under Section 1201(a)(1) of the DMCA, InnoGrit asserts that Synopsys failed to allege facts showing circumvention. With respect to Synopsys's claim under Section 1201(a)(2) of the DMCA, InnoGrit asserts that Synopsys failed to allege facts showing that InnoGrit ever used any of the devices that InnoGrit allegedly trafficked. Finally, with respect to Synopsys's claim under the Copyright Act, InnoGrit asserts that InnoGrit's conduct falls under the de minimis copying or fair use exceptions to copyright infringement.
A. InnoGrit's Untimely Request for the Improper Consideration of Evidence Lacks Merit
As an initial matter, InnoGrit also argues that the Court should look beyond the four corners of the SAC to assess the sufficiency of Synopsys's claims.
The Court first addresses InnoGrit's argument that the Court should evaluate evidence in the course of resolving the instant motion to dismiss. The Court then addresses the sufficiency of each of Synopsys's individual claims.
1. InnoGrit's Request Is Improper as a Matter of Law
Despite filing a motion to dismiss, InnoGrit argues that the Court "is in the unique position of being able to evaluate the evidence at an early stage in this matter," and that the Court "can dismiss all claims here with prejudice." Mot. at 3.
InnoGrit's request is improper as a matter of law. In the Ninth Circuit, the general rule is that "district courts may not consider material outside the pleadings when assessing the sufficiency of a complaint under Rule 12(b)(6) of the Federal Rules of Civil Procedure." Khoja v. Orexigen Therapeutics, Inc., 899 F.3d 988, 998 (9th Cir. 2018). InnoGrit's motion to dismiss the SAC relies solely on Rule 12(b)(6) to challenge the sufficiency of the SAC. See Mot. at 5 (outlining the standard for "a Rule 12(b)(6) motion to dismiss"). The Court may not look beyond the four corners of a complaint in ruling on a motion to dismiss, with the narrow exceptions of documents incorporated by reference, and any relevant matters subject to judicial notice. See Swartz v. KPMG LLP, 476 F.3d 756, 763 (9th Cir. 2007) ("In ruling on a 12(b)(6) motion, a court may generally consider only allegations contained in the pleadings, exhibits attached to the complaint, and matters properly subject to judicial notice."); Lee v. City of L.A., 250 F.3d 668, 688-89 (2001) ("As a general rule, 'a district court may not consider any material beyond the pleadings in ruling on a Rule 12(b)(6) motion.'" (citation omitted)). Accordingly, it is improper for the Court to "evaluate the evidence" in ruling on the instant motion.
2. InnoGrit's Request that the Court Consider Three Types of Documents Is Untimely
Moreover, in its reply, InnoGrit belatedly argues that "three types of documents" are subject to the incorporation by reference and judicial notice exceptions. See Reply at 3-4. First, InnoGrit requests that the Court consider the EULA, several versions of which Synopsys filed alongside Synopsys's ex parte application for a temporary restraining order. See Reply at 3; ECF Nos. 11-4, 11-5. Second, InnoGrit requests that the Court consider a declaration by Daniel Roffman, a forensic investigator, which Synopsys filed in response to the Court's order to show cause regarding a preliminary injunction. See Reply at 3-4; ECF No. 43-2. Finally, InnoGrit requests that the Court consider two "emails sent by Synopsys employees to InnoGrit," from which InnoGrit argues that the Court may take judicial notice of "the free evaluation license to Synopsys Premier that Synopsys granted to InnoGrit during May 9, 2017 - July 14, 2017." See Reply at 4; ECF Nos. 36-2, 36-3.
The Court disagrees. First of all, InnoGrit's argument is untimely. InnoGrit only argued that the foregoing documents fall within the incorporation by reference and judicial notice exceptions in InnoGrit's reply. This decision deprived Synopsys of an opportunity to respond to either InnoGrit's request or to the documents themselves in Synopsys's own opposition. This alone is fatal to InnoGrit's request. See, e.g., Mahon v. Anesthesia Bus. Consultants, LLC, 2016 WL 1452333, at *3 n.3 (D.D.C. Apr. 13, 2016) (declining to take judicial notice of a document because the moving party "belatedly produced" the document "in its reply, instead of in its motion to dismiss"); see also United States v. Ritchie, 342 F.3d 903, 909 (9th Cir. 2003) (explaining that a defendant "should have been given some opportunity to respond to the propriety of taking judicial notice of the facts alleged" in administrative records).
Further, for the reasons outlined below, the Court concludes that the documents to which InnoGrit points are not subject to either the incorporation by reference exception or the judicial notice exception. The Court considers these two exceptions in turn.
3. None of the Documents Belatedly Cited by InnoGrit Are Incorporated by Reference in the SAC
InnoGrit argues that the documents cited by InnoGrit in its reply are incorporated by reference in the SAC. See Reply at 3-4. A document is "incorporated by reference into a complaint if the plaintiff refers extensively to the document or the document forms the basis of plaintiff's claim." Ritchie, 243 F.3d at 908.
None of the documents cited by InnoGrit meet this standard. The SAC does not refer to either the declaration of Daniel Roffman or the two emails that InnoGrit cites. The SAC does refer to the EULA, but only a handful of times in the context of factual background. See SAC ¶¶ 19-27. The SAC's references to the EULA therefore fall well short of "extensive[]." See id.
Moreover, none of the documents cited by InnoGrit "form[] the basis of plaintiff's claim." Ritchie, 243 F.3d at 908. Synopsys is not a party to the EULA. See Mot. at 5 ("Synopsys is not a party to the [EULA] and asserts no breach claim."). Synopsys International Ltd., Synopsys's wholly owned subsidiary, is the only party to the EULA other than InnoGrit, and is not a party to the instant case. Id. Further, Synopsys does not assert any claim in the SAC arising out of the EULA. Id. Additionally, none of the claims that Synopsys asserts are in any way based on the two emails that InnoGrit cites.
Moreover, the declaration of Daniel Roffman largely outlines the technical process by which Roffman's firm conducted a forensic inspection of InnoGrit's computers. See ECF No. 43-2 ¶¶ 7-12. However, the examples of documents that the Ninth Circuit has provided that "form the basis" of complaints are documents directly implicated by claims, like "a coverage plan in a claim about insurance coverage and SEC filings when a claim for stock fraud was based on their content." Lazy Y. Ranch, Ltd. v. Wiggins, 2007 WL 1381805, at *5 (D. Idaho Mar. 13, 2007); see also Ritchie, 243 F.3d at 908 ("The doctrine of incorporation by reference may apply, for example, when a plaintiff's claim about insurance coverage is based on the contents of a coverage plan, or when a plaintiff's claim about stock fraud is based on the contents of SEC filings." (citations omitted)). Roffman's declaration does not "form the basis" of any of Synopsys's claims in the way that a coverage plan forms the basis of an insurance coverage claim or an SEC filing forms the basis of a claim for stock fraud. The Court therefore concludes that none of the documents InnoGrit belatedly cites in its reply are incorporated by reference in the SAC.
Moreover, even if the Court considered all of the documents InnoGrit belatedly cites in its reply, the documents would not affect the Court's analysis in the instant Order. The Court proceeds to consider whether these documents are subject to judicial notice.
4. None of the Documents Belatedly Cited by InnoGrit Are Subject to Judicial Notice
InnoGrit also argues that the documents it cites in its reply are subject to judicial notice under Federal Rule of Evidence 201. See Reply at 3-4. Under Federal Rule of Evidence 201, "a court may take judicial notice of 'matters of public record.'" Lee, 250 F.3d at 689 (citation omitted). However, the Court "may not take judicial notice of a fact that is 'subject to reasonable dispute.'" Id. A fact is "not subject to reasonable dispute" only if it is "generally known," or "can be accurately and readily determined from sources whose accuracy cannot reasonably be questioned." Fed. R. Evid. 201(b)(1)-(2). The Court may deny a request to take judicial notice of facts that are irrelevant to the instant motion. See, e.g., CYBERsitter, LLC v. People's Rep. of China, 805 F. Supp. 2d 958, 963-64 (C.D. Cal. 2011) (declining to take judicial notice of a fact because it "is irrelevant to the instant motions"); Metro. Creditors' Trust v. Pricewatershousecoopers, LLP, 463 F. Supp. 2d 1193, 1197 (E.D. Wash. 2006) (same). Indeed, the Ninth Circuit has explained that because of the impact of taking judicial notice of a fact, "caution must be used in determining that a fact is beyond controversy under Rule 201(b)." Rivera v. Philip Morris, Inc., 395 F.3d 1142, 1151 (9th Cir. 2005).
Here, the Court concludes that none of the documents that InnoGrit belatedly cites in its reply are subject to judicial notice. The EULA and the declaration of Daniel Roffman are both irrelevant to the instant motion. Synopsys is not a party to the EULA. See Mot. at 5 ("Synopsys is not a party to the [EULA] and asserts no breach claim."). Synopsys International Ltd., Synopsys's wholly owned subsidiary, is the only party to the EULA other than InnoGrit, and is not a party to the instant case. Id. Further, Synopsys does not assert any claim in the SAC arising out of the EULA. Id. As for the declaration of Daniel Roffman, this document largely outlines the technical process by which Roffman's firm conducted a forensic inspection of InnoGrit's computers and is not relevant to the instant motion to dismiss. See ECF No. 43-2 ¶¶ 7-12. Because neither document is relevant to the instant motion, the Court concludes that judicial notice of these documents is inappropriate. See, e.g., Hitachi Kokusai Electric Inc. v. ASM Internat'l, N.V., 2018 WL 6099953, at *3 (N.D. Cal. Nov. 21, 2018) (declining to take judicial notice of webpages because the court found them to be irrelevant to motion).
Moreover, InnoGrit requests that the Court consider the two emails that InnoGrit cites in its reply to take judicial notice of what InnoGrit calls "the free evaluation license to Synopsys Premier that Synopsys granted to InnoGrit during May 9, 2017 - July 14, 2017." Reply at 4. InnoGrit claims that the fact of "the free evaluation license to Synplify Premier . . . are [sic] not disputed by Synopsys." Reply at 4.
However, the emails demonstrate that the purported evaluation license is clearly "subject to reasonable dispute." Lee, 250 F.3d at 689. Indeed, for instance, the emails appear to show a gap in the purported license period in early June 2017, which contradicts InnoGrit's own claim that the evaluation license was operative from "May 9, 2017 - July 14, 2017." See ECF Nos. 36-2, 36-3. For this reason, it is clear that InnoGrit's purported evaluation license cannot "be accurately and readily determined" from the two emails and that judicial notice of the emails is not appropriate. Fed. R. Evid. 201(b)(1)-(2). In light of the foregoing, the fact of the "the free evaluation license to Synopsys Premier that Synopsys granted to InnoGrit during May 9, 2017 - July 14, 2017" cannot be "accurately and readily determined" from the emails that InnoGrit provides and thus judicial notice cannot be taken of this alleged fact.
Moreover, even if the Court considered the documents InnoGrit belatedly cites in its reply, the documents would not affect the Court's analysis in the instant Order. Because neither incorporation by reference nor judicial notice applies, the Court will not look beyond the four corners of the SAC in resolving the instant motion. The Court now proceeds to consider Synopsys's three claims in turn.
B. Synopsys Adequately Alleges a Claim Under 17 U.S.C. § 1201(a)(1)
InnoGrit argues that the SAC fails to adequately allege that InnoGrit "circumvented a technological measure" pursuant to the DMCA.
The Court disagrees. Section 1201(a)(1) of the DMCA prohibits circumvention of "a technological measure that effectively controls access to" a copyrighted work. 17 U.S.C. § 1201(a)(1)(A); see United States v. Elcom Ltd., 203 F. Supp. 2d 1111, 1119 (N.D. Cal. 2002) (explaining that Section 1201(a)(1) of the DMCA targets "circumvention of technology measures that effectively control access to a copyrighted work" (emphasis in original)).
First, the Court considers whether Synopsys's license key system is a "technological measure" for the purposes of the DMCA. Second, the Court considers whether InnoGrit's alleged conduct amounts to "circumvention" for the purposes of the DMCA.
1. Synopsys Adequately Alleges that the License Key System Is a Technological Measure that Effectively Controls Access to a Copyrighted Work
Section 1201(a)(1) of the DMCA only applies to defendants who "circumvent a "technological measure that effectively controls access to" a copyrighted work. 17 U.S.C. § 1201(a)(1)(A) (emphasis added). The DMCA defines a "technological measure that effectively controls access to a work" as a measure that, "in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work." Id. § 1201(a)(3)(B).
InnoGrit does not challenge the proposition that Synopsys's license key system amounts to a "technological measure that effectively controls access to a copyrighted work" under the foregoing definition. Indeed, the relevant case law makes clear that the license key system fits this definition.
Specifically, the SAC alleges that Synopsys's license key system is "a security system that controls access to its licensed software by requiring a user to access an encrypted control code." SAC ¶ 11. Each Synopsys customer receives a license key file, which contains an encrypted control code that may be used to access Synopsys software. Id. Courts that have examined similar password or encrypted control code systems in the past have roundly concluded that these systems are indeed "technological measures" for the purposes of the DMCA. See, e.g., Universal City Studios, Inc. v. Corley, 273 F.3d 429, 440 (2d Cir. 2001) ("The DMCA . . . backed with legal sanctions the efforts of copyright owners to protect their works from piracy behind digital walls such as encryption codes or password protection.").
Synopsys's license key system requires the use of an encrypted control code to access Synopsys software. SAC ¶ 11. The license key system therefore "requires the application of information . . . to gain access to the" Synopsys software. 17 U.S.C. § 1201(a)(3)(B).
Accordingly, the Court concludes that the license key system comprises a "technological measure that effectively controls access to a" copyrighted work for the purposes of the DMCA. The Court proceeds to consider whether Synopsys has adequately alleged that InnoGrit's actions amounted to "circumvention" of this technological measure.
2. Synopsys Adequately Alleges that InnoGrit Circumvented the License Key System
InnoGrit asserts that the SAC's allegation under Section 1201(a)(1) of the DMCA should be dismissed because it fails to adequately allege that InnoGrit circumvented the license key system. Mot. at 6. According to InnoGrit, as a matter of law, the use of "duly issued, authentic license keys from Synopsys that function precisely as intended is no [sic] covered by the DMCA, even if it is a violation of the parties' contractual agreement." Id. InnoGrit claims that even if InnoGrit employees altered identifying information on InnoGrit computers, the use of Synopsys's own license key files can never amount to circumvention. Id. At worst, InnoGrit argues, InnoGrit's alleged behavior only represents a breach of the EULA. Id.
Synopsys responds by pointing to the majority of case law from this district that concludes that unauthorized use of a license key constitutes circumvention under Section 1201(a)(1) of the DMCA. Opp. at 9-10. Synopsys also asserts that the case law upon which InnoGrit relies is distinguishable on several grounds. Opp. at 8-9.
The Court agrees with the majority of case law from this district cited by Synopsys that holds that unauthorized use of a license key constitutes circumvention under Section 1201(a)(1) of the DMCA. Moreover, the Court also agrees that the case law InnoGrit cites to the contrary is distinguishable from the facts of the instant case.
As discussed above, Section 1201(a)(1) of the DMCA only applies to defendants who "circumvent a technological measure that effectively controls access to" a copyrighted work. 17 U.S.C. § 1201(a)(1)(A) (emphasis added). The DMCA dictates that "to 'circumvent a technological measure' means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner." Id. § 1201(a)(3)(A).
Synopsys argues that InnoGrit circumvented Synopsys's license key system when it "altered identifying information on their computers and servers located in California in order to circumvent Synopsys' access control license key protections." SAC ¶ 53.
The majority of the courts in this district have found that a defendant's unauthorized use of license keys or passwords, as Synopsys has alleged, constitutes circumvention under Section 1201(a)(1). See Actuate Corp. v. Internat'l Bus. Machines Corp., 2010 WL 1340519 (N.D. Cal. Apr. 5, 2010) (Spero, M.J.) ("[U]nauthorized distribution of passwords and usernames avoids and bypasses a technological measure in violation of sections 1201(a)(2) and (b)(1)."); Microsoft Corp. v. EEE Bus. Inc., 555 F. Supp. 2d 1051, 1059 (N.D. Cal. 2008) (White, J.) ("By distributing a VLK without authorization, [defendant] effectively circumvented [plaintiff's] technological measure to control access to a copyrighted work in violation of the DCMA."); 321 Studios v. MGM Studios, Inc., 307 F. Supp. 2d 1085, 1098 (N.D. Cal. 2004) (N.D. Cal. 2004) (Illston, J.) ("However, while [defendant's] software does use the authorized key to access the DVD, it does not have authority to use this key, as licensed DVD players do, and it therefore avoids and bypasses [the technological measure]."); see also Burroughs Payment Sys., Inc. v. Symco Grp., Inc., 2012 WL 1670163, at *4 (N.D. Cal. May 14, 2012) (Spero, M.J.) (explaining that the Northern District of California has taken the "view that unauthorized use of a valid password 'circumvents' technology measures" (quoting Burroughs Payment Sys., Inc. v. Symco Grp., Inc., 2011 WL 13217738, at *5 (N.D. Ga. Dec. 13, 2011)). Under the holdings of these cases, InnoGrit's conduct clearly constitutes circumvention under Section 1201(a)(1) of the DMCA because the SAC specifically alleges that InnoGrit lacked authorization to use the license key on the 15 InnoGrit computers in San Jose, California. SAC ¶ 27.
InnoGrit points to a single case from this district that reached a different conclusion: Adobe Sys. Inc. v. A&S Electronics, Inc., 2015 WL 13022288 (Armstrong, J.) (N.D. Cal. Aug. 19, 2015). The Adobe court held that because license keys used by unauthorized recipients still "function[ed] precisely as intended," the use of those license keys did not amount to circumvention under Section 1201(a)(1) of the DMCA. See id. at *8. InnoGrit also cites Egilman v. Keller & Heckman, LLP, 401 F. Supp. 2d 105 (D.D.C. 2005), in support of the Adobe court's position. See id. at 113 ("[E]ntering a valid username and password, albeit without authorization—does not constitute circumvention under the DMCA.").
However, Adobe and Egilman are inapposite. These two cases concern the mere use or distribution of unauthorized passwords and license keys, without any additional actions taken on the part of the defendants. See Adobe, 2015 WL 13022288, at *8 (challenged conduct consisted of "unauthorized distribution of serial license keys"); Egilman, 401 F. Supp. 2d at 112 (challenged conduct consisted of "gaining access to [a] website using an unauthorized but valid password"). Moreover, Adobe and Egilman grounded their holdings in the fact that unauthorized license keys and passwords still "function precisely as intended." Adobe, 2015 WL 13022288, at *8; see Egilman, 401 F. Supp. 2d at 113 ("[U]sing a username/password combination as intended—by entering a valid username and password, albeit without authorization—does not constitute circumvention under the DMCA." (emphasis added)).
Synopsys's allegations in the SAC go far beyond the allegation that InnoGrit lacked authorization to use a license key that nonetheless functioned "precisely as intended." Adobe, 2015 WL 13022288, at *8. Instead, Synopsys alleges that the Synopsys license key system requires software users to supply a "Host ID for the computer(s) that will execute Synopsys license software," which Synopsys then includes in a license key file. Id. ¶ 14. The Host ID prevents users from accessing Synopsys software on unauthorized computers. Id. ¶¶ 14, 15. According to Synopsys, InnoGrit affirmatively manipulated the identifying information of at least 15 InnoGrit computers in San Jose, California, in order to bypass the Host ID restriction and wrongfully run Synopsys software. Id. ¶ 27.
The alleged manipulation of the InnoGrit computers' identifying information on the part of InnoGrit constitutes circumvention even under Adobe and Egilman. According to Synopsys, InnoGrit's conduct prevented the Synopsys license key system from functioning "precisely as intended." Id. ¶¶ 27, 53. Specifically, the manipulation of InnoGrit computers' identifying information allegedly prevented the license key system's Host ID requirement from restricting the use of Synopsys software as it was designed and intended to do. Id.
Accordingly, the Court concludes that Synopsys has sufficiently stated a claim under Section 1201(a)(1) of the DMCA. The Court proceeds to consider whether Synopsys has also stated a claim under Section 1201(a)(2) of the DMCA.
C. Synopsys Adequately Alleges a Claim Under 17 U.S.C. § 1201(a)(2)
InnoGrit asserts that Synopsys's claim under Section 1201(a)(2) of the DMCA should be dismissed. Mot. at 7-9. According to InnoGrit, Synopsys's Section 1201(a)(2) claim fails because it does not allege that InnoGrit actually used any of the technology that it allegedly trafficked to circumvent the license key system. Id. at 8-9. InnoGrit also belatedly argues that downloading files cannot amount to importation under Section 1201(a)(2) of the DMCA. Reply at 9-10.
Synopsys responds that Section 1201(a)(2) of the DMCA only requires a showing that a defendant trafficked the relevant technology, not that the defendant ever used the technology to circumvent a security measure. Opp. at 11.
The Court agrees with Synopsys. Section 1201(a)(2) of the DMCA does not require a showing that a defendant used the technology it allegedly trafficked. The Court need not reach InnoGrit's alternative argument that downloading files does not amount to importation under Section 1201(a)(2) of the DMCA because InnoGrit first raised this argument in its reply.
Section 1201(a)(2) of the DMCA dictates that "[n]o person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that . . . is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a [copyrighted] work." 17 U.S.C. § 1201(a)(2).
Synopsys alleges that InnoGrit violated this DMCA provision in several ways. First, Synopsys alleges that at an unknown time, InnoGrit downloaded a "crack file" that consisted of "counterfeit license keys for Synopsys products, instructions for how to configure counterfeit Synopsys license keys, and illegal copies of Synopsys' software that InnoGrit never obtained a license to." Id. InnoGrit allegedly transferred this "crack file" onto a portable USB flash drive in order to distribute it across different InnoGrit computers. Id. ¶¶ 30, 31. Synopsys alleges that the flash drive that contains the "crack file" has been connected to at least seven different computers in this district, and that the "crack file" contents currently reside on at least one computer in this district. Id. ¶¶ 31, 32. Synopsys also asserts that InnoGrit manually configured the counterfeit license key associated with the crack file to match identifying information on one of the InnoGrit computers located in this district. Id. ¶ 33.
Second, Synopsys alleges that at an unknown time, an InnoGrit employee downloaded piracy tools and counterfeit license key generator software from a Chinese website. Id. ¶ 34. On or around July 20, 2018, the InnoGrit employee then copied a zip file containing this material into a file folder marked "share" on an InnoGrit computer located in this district. Id.
Synopsys alleges that among the piracy tools were instructions for how to generate and configure counterfeit license keys to Synopsys software. Id. ¶ 35. Synopsys asserts that an InnoGrit employee used these instructions to generate at least one counterfeit license key to Synopsys software, and that this counterfeit license key resides in the file folder containing the piracy tools and counterfeit license key generator. Id. ¶¶ 35, 36.
According to Synopsys, an InnoGrit employee also sent other InnoGrit employees located outside of the United States the counterfeit license key generator software and/or counterfeit license keys generated by the software. Id. ¶ 37. InnoGrit employees in both China and Canada have allegedly used counterfeit license keys generated by the counterfeit license key generator software to access Synopsys software. Id.
In its motion to dismiss the SAC, InnoGrit does not dispute that any of the foregoing material that InnoGrit allegedly downloaded and distributed represents "technology, product, service, device, component, or part thereof, that . . . is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a [copyrighted] work." 17 U.S.C. § 1201(a)(2).
Instead, InnoGrit argues that "neither file is alleged to have been used by InnoGrit for the purpose of circumventing a technological measure as required to violate" Section 1201(a)(2) of the DMCA. Mot. at 7. With respect to the "crack file," InnoGrit claims that Synopsys has not sufficiently alleged that the "crack file" "was ever executed." Id. at 8. Similarly, with respect to the piracy tools and counterfeit license key generator software, InnoGrit argues that Synopsys has not sufficiently alleged that "this 'generator' was ever used to circumvent any of Synopsys's technological measures." Id. at 9.
InnoGrit's argument fails as a matter of law. Section 1201(a)(1) of the DMCA requires a plaintiff to allege that a defendant has actually circumvented a technological measure. However, Section 1201(a)(2) does not. See, e.g., Autodesk, Inc. v. Flores, 2011 WL 337836, at *9 n.2 (N.D. Cal. Jan. 31, 2011) (explaining that a complaint that "focused on allegations that Defendants sold or trafficked in circumvention technology and does not allege that they actually used the technology themselves" states a claim under Section 1201(a)(2) of the DMCA); see also MDY Indus., LLC v. Blizzard Entertainment, Inc., 629 F.3d 928, 953 (9th Cir. 2010) (outlining the elements of a claim under Section 1201(a)(2) of DMCA). InnoGrit's argument therefore cannot justify dismissal of Synopsys's Section 1201(a)(2) claim.
In its reply, InnoGrit raises a second argument. InnoGrit belatedly claims that "[d]ownloading a file from a foreign website is not the 'importation' that § 1201(a)(2) was intended to prohibit." Reply at 9. Accordingly, InnoGrit argues, "[t]he mere downloading of these two files is not a plausible DMCA violation." Id. at 11. InnoGrit raises this argument for the first time in InnoGrit's reply, so the Court need not consider it. See, e.g., Zamani v. Carnes, 491 F.3d 990, 997 (9th Cir. 2007) ("The district court need not consider arguments raised for the first time in a reply brief.").
The Court notes, however, that another court in this district has found Section 1201(a)(2)'s trafficking requirement was satisfied in a situation similar to the one in the instant case. See Synopsys, Inc. v. Ubiquiti Networks, Inc., 2017 WL 3485881, at *8 (N.D. Cal. Aug. 17, 2017) (holding that "the unilateral actions of defendant] in manufacturing the [counterfeit software] keys using software secured from hacker websites . . . and importing those keys from Taiwan into the United States is sufficient" to state a claim under Section 1201(a)(2) of the DMCA).
The Court therefore finds that Synopsys has successfully stated a claim under 17 U.S.C. § 1201(a)(2). The Court proceeds to consider Synopsys's final claim under the Copyright Act.
D. Synopsys Adequately Alleges Claims Under 17 U.S.C. §§ 106 and 602
In its motion to dismiss the SAC, InnoGrit raises two affirmative defenses in response to the SAC's allegations that InnoGrit committed copyright infringement. Specifically, InnoGrit argues that InnoGrit's alleged conduct amounts to either de minimis copying or fair use. Mot. at 9-10. Synopsys responds that these two affirmative defenses are unavailable to InnoGrit at the motion to dismiss stage because neither affirmative defense clearly appears on the face of the SAC and because both defenses involve disputed issues of fact. Opp. at 12-15.
The Court agrees with Synopsys. InnoGrit may not invoke either of the affirmative defenses that InnoGrit raises in order to dismiss Synopsys's copyright infringement claims at this stage of the litigation.
Synopsys alleges that InnoGrit committed two forms of copyright infringement under the Copyright Act. First, Synopsys alleges that InnoGrit violated 17 U.S.C. § 106 when InnoGrit "unlawfully copied and distributed Synopsys' copyright-protected software [Synplify 2014.03] in the United States and abroad." SAC ¶ 76. Second, Synopsys alleges that InnoGrit violated 17 U.S.C. § 602 when InnoGrit "knowingly and unlawfully imported into the United States copies of Synplify version 2014.03 acquired outside the United States." Id. ¶ 75.
In order for the Court to dismiss the SAC on the basis of an affirmative defense, "the defense must clearly appear on the face of the pleading." Carson v. Verismart Software, 2012 WL 1038662, at *3 (N.D. Cal. Mar. 27, 2012). Further, the defense "may not raise disputed issues of fact." Id. Neither of the two affirmative defenses that InnoGrit raises meets this standard.
First, with respect to de minimis copying, the Ninth Circuit has explained that "a use is de minimis only if the average audience would not recognize the appropriation." Newton v. Diamond, 388 F.3d 1189, 1993 (9th Cir. 2004). The SAC alleges that InnoGrit downloaded and copied entire copies of Synplify 2014.03. SAC ¶¶ 41-43. InnoGrit's appropriation was therefore not so "meager and fragmentary that the average audience would not recognize the appropriation." Newton, 388 F.3d at 1193. Accordingly, it is not clear from the face of the complaint that the de minimis copying defense would apply. See, e.g., Calibrated Success, Inc. v. Charters, 72 F. Supp. 3d 763, 770 (E.D. Mich. 2014) ("[Defendant] admits downloading [plaintiff's] Tuning Guide in its entirety. . . . There is nothing de minimis about copying an entire video."). To the extent that InnoGrit argues that InnoGrit's possession of a license to use another version of the Synplify software rendered any copyright infringement de minimis, this argument raises issues of fact regarding the differences between two versions of Synopsys software that the Court declines to resolve at the motion to dismiss stage.
Second, with respect to fair use, InnoGrit claims that InnoGrit's allegedly unlawful use of Synplify 2014.03 occurred during a software evaluation period and that "any harm to [the software's] commercial value is nonexistent." Mot. at 10. As an initial matter, the Court notes that InnoGrit's motion to dismiss fails to analyze the four factors of the fair use defense. This alone is fatal to InnoGrit's argument. See, e.g., Carson, 2012 WL 1038662, at *3 ("Defendants do not discuss any of the elements of the 'fair use' affirmative defense and their conclusory assertions cannot defeat Carson's allegations on a motion to dismiss.").
Further, the SAC contradicts InnoGrit's claim of fair use. Synopsys alleges that InnoGrit engaged in copyright violations for seemingly commercial purposes, SAC ¶¶ 42-43, that InnoGrit did not engage in any transformative use, id. ¶ 41, and that InnoGrit acted in bad faith by willfully infringing Synopsys's copyright, id. ¶ 47. Each of these allegations militates against a finding of fair use. See A&M Records, Inc. v. Napster, Inc., 239 F.3d 1004, 1015 (9th Cir. 2001) ("A commercial use weighs against a finding of fair use but is not conclusive on the issue."); id. ("Courts have been reluctant to find fair use when an original work is merely retransmitted in a different medium."); see also Perfect 10, Inc. v. Amazon.com, Inc., 508 F.3d 1146, 1164 n.8 (9th Cir. 2007) ("[A] party claiming fair use must act in a manner generally compatible with principles of good faith and fair dealing.").
The Court therefore concludes that neither of the affirmative defenses that InnoGrit raises in its motion to dismiss the SAC is sufficient to defeat Synopsys's copyright infringement allegations under 17 U.S.C. §§ 106 and 602 at this stage of the litigation.
IV. CONCLUSION
For the foregoing reasons, the Court DENIES InnoGrit's motion to dismiss the SAC.
IT IS SO ORDERED.
Dated: October 1, 2019
/s/_________
LUCY H. KOH
United States District Judge