Opinion
2:05-cv-2322-GEB-DAD.
January 25, 2007
Adam J. Rappaport, Celeste Phillips, Chad Bowman, Seth D. Berlin, Levine, Sullivan, Koch and Schulz LLP, Washington, DC, for Plaintiff.
John T. Williams, Lord, Bissell Brook, LLP, Chicago, IL, Donald E. Chomiak, Gabriel G. Green, Lord Bissell and Brook LLP, Los Angeles, CA, lor Defendants.
ORDER
This case was determined to be suitable for decision without oral argument. L.R. 78-230(h).
Defendants NBTY, Inc. ("NBTY") and Rexall Sundown, Inc. ("Rexall Sundown") (collectively "Defendants") move to dismiss eight of the thirteen claims alleged in Plaintiff's Second Amended Complaint ("Complaint") under Federal Rule of Civil Procedure 12(b)(6). Plaintiff opposes the motion. For the following reasons, Defendants' motion is denied.
Defendant Le Naturiste has not joined in this Motion.
BACKGROUND
Plaintiff is an organization that provides analysis of drug therapy information and advice for professionals in the medical community. (Compl. ¶ 12.) Plaintiff owns copyrights in the Natural Medicines Comprehensive Database (the "Publication") which "includes over 1,100 pharmacist-prepared monographs containing detailed evidence-based information." (Id. ¶¶ 2, 12.) The Publication is available both annually, in a hard copy print edition, and through subscription, in a continually updated online version contained in a passcode-protected area of Plaintiff's website. (Id. ¶ 2.) There are two different types of subscriptions: "[a]n annual single user limited-purpose subscription for Internet access . . . which was made available in April and May 2002 for under $100" and "site licenses for organizations or corporations with higher usage patterns [which] are sold for many thousand dollars." (Id. ¶ 15.)
NBTY purchased a single user subscription to the Publication and thereby entered into a single user license agreement with Plaintiff. (Id. ¶ 3.) The single user license agreement "limits access to `one and only one person,' either `accessing information for personal use' or `for the benefit of an individual patient or as part of an educational exercise.'" (Id. ¶ 5.) In addition,
[e]ach . . . [s]ingle [u]ser [l]icense specifically provides that access is limited to the individual employee and that `under no circumstances may [the employee] permit any person or entity, including fellow employees or employer, to use [the employee's] passcodes for the purpose of accessing the site, nor may [the employee] use [his/her] passcodes to access the site for anyone else.'
(Id.) Nonetheless, Plaintiff claims that NBTY "shared the confidential username and passcode among many [of its employees] for two-and-a-half years, thereby infringing on [Plaintiff's] rights in the Publication." (Id. ¶ 3.)
Plaintiff also alleges that NBTY and Rexall Sundown infringed on its rights in the Publication when Rexall Sundown used the confidential username and passcode from NBTY's single user subscription without authorization. (Id.) Finally, Plaintiff claims that NBTY "improperly and deceptively obtained access to the Publication for Le Naturiste employees" under a group license agreement entered into between Plaintiff and NBTY to address the previously alleged violations of the single user license agreement. (Id. ¶¶ 3, 40.) Under the group license agreement, only twelve designated researchers employed by NBTY or Rexall Sundown were permitted to access the Publication. (Id. ¶ 3.)
Defendants move to dismiss eight claims: copyright infringement, contributory copyright infringement, vicarious copyright infringement, violation of the Computer Fraud and Abuse Act ("CFAA") (under 18 U.S.C. § 1030), violation of Title II of the Electronic Communications Privacy Act ("ECPA") (under 18 U.S.C. § 2701), violation of the California Comprehensive Data Access and Fraud Act (under section 502 of the California Penal Code), trespass and misappropriation of trade secret. (Mot. at 2.)
DISCUSSION
Dismissal is appropriate under Rule 12(b)(6) if Plaintiff failed to (1) present a cognizable legal theory, or (2) plead sufficient facts to support a cognizable legal theory. Robertson v. Dean Witter Reynolds, Inc., 749 F.2d 530, 533-34 (9th Cir. 1984). When considering a motion to dismiss, all material allegations in the Complaint must be accepted as true and construed in the light most favorable to Plaintiff. Scheuer v. Rhodes, 416 U.S. 232, 236 (1974); Cahill v. Liberty Mut. Ins. Co., 80 F.3d 336, 337-38 (9th Cir. 1996). In addition, Plaintiff is given the benefit of every reasonable inference that can be drawn from the allegations in the Complaint. Retail Clerks Int'l Ass'n v. Shermahorn, 373 U.S. 746, 753 n. 6 (1963). Accordingly, a motion to dismiss must be denied "unless it appears beyond doubt that [Plaintiff] can prove no set of facts in support of [its] claim which would entitle [it] to relief." Conley v. Gibson, 355 U.S. 41, 45-46 (1957).
I. Copyright Infringement
"A plaintiff must meet two requirements to establish a prima facie case of copyright infringement: (1) ownership of the allegedly infringed material and (2) violation by the alleged infringer of at least one of the exclusive rights granted to copyright holders." LGS Architects, Inc. v. Concordia Homes of Nev., 434 F.3d 1150, 1156 (9th Cir. 1996). Under § 106 of the Copyright Act:
[T]he owner of copyright . . . has the exclusive rights to do and to authorize any of the following: (1) to reproduce the copyrighted works in copies or phonorecords; (2) prepare derivative works based on the copyrighted words; (3) to distribute copies or phonorecords of the copyrighted work to the public by sale or other transfer of ownership, or by rental, lease, or lending; (4) in the case of literary, musical, dramatic, and choreographic works, pantomimes, and motion pictures and other audiovisual works, to perform the copyrighted work publicly; (5) in the case of literary, musical, dramatic, and choreographic works, pantomines, and pictorial, graphic or sculptural works, including the individual images of a motion picture or other audiovisual work, to display the copyrighted work publicly; (6) in the case of sound recordings, to perform the copyrighted work publicly, by means of a digital audio transmission.17 U.S.C. § 106.
The parties dispute whether Plaintiff has sufficiently alleged a violation of any of its exclusive rights under § 106 of the Copyright Act. Defendants argue that Plaintiff's contention that its copyrights have been infringed by unauthorized access to the Publication "is not the type of conduct subject to protection by the copyright laws — the allegation simply has nothing to do with Defendants copying Plaintiff's work." (Mot. at 3.) Plaintiff responds that the term "copying" is used to describe a violation of any one of the copyright holder's exclusive rights, such as the right to reproduce, display and distribute, and Plaintiff has adequately alleged that Defendant has violated these rights. (Opp'n at 9-10.)
Plaintiff alleges in its Complaint that Defendants "have willfully and without [Plaintiff's] permission infringed [its] copyrights by engaging in the systematic, regular and repeated unauthorized access to the Publication" and that Plaintiff "has been irreparably harmed by [D]efendants' unauthorized access to and reproduction of its copyrighted works." (Compl. ¶¶ 48, 49.) In particular, Plaintiff alleges that an "employee pasted text from the Publication into an email and forwarded it to three other employees" who were unauthorized users and that "NBTY employees improperly accessed the Publication for the purpose of preparing FDA notifications and maintaining files evidencing support for product labeling. . . ." (Id. ¶¶ 31, 26.)
"The word `copying' is shorthand for the infringing of any of the copyright owner's exclusive rights, described [in § 106 of the Copyright Act]." S.O.S., Inc. v. Payday, Inc., 886 F.2d 1081, 1085, n. 3 (9th Cir. 1989). "`[C]opying' for purposes of copyright law occurs when [copyrighted material] is transferred from [the memory of one computer to the other]." MAI Sys. Corp. v. Peak Computer, Inc., 991 F.2d 511, 519 (9th Cir. 1993). Plaintiff's claim of "unauthorized access," including allegations regarding pasting of text from the copyrighted work into an email, sending of emails to unauthorized users and improperly accessing the Publication for purposes of preparing FDA notifications, sufficiently alleges a violation of Plaintiff's exclusive rights to display, reproduce and distribute its work protected by the Copyright Act. (Id. ¶¶ 48, 31, 26.)
Defendants also argue that "Plaintiff fails to allege that Defendants' allegedly infringing conduct involved Plaintiff's original work" since "[p]urely factual information . . . may not be copyrighted." (Mot. at 4.) Plaintiff alleges in its Complaint that the Publication "includes over 1,100 pharmacist-prepared monographs containing detailed evidence-based information" and that it "constitutes original material authored by Therapeutic Research pursuant to the Copyright Act." (Compl. ¶¶ 12, 16.)
"Addressing the threshold of copyrightability . . ., the Supreme Court [has] held that `[t]he sine quanon of copyright[ability] is originality' and that `[o]riginal, as the term is used in copyright, means only that the work was independently created by the author (as opposed to copied from other works), and that it possesses at least some minimal degree of creativity.'" Ets-Hokin v. Skyy Spirits, Inc., 225 F.3d 1068, 1076 (9th Cir. 2000) (quoting Feist Pub'lns, Inc. v. Rural Tel. Servs. Co., 499 U.S. 340, 345 (1991)). "Feist . . . described the requisite degree of creativity as `extremely low, even a slight amount will suffice. The vast majority of works make the grade quite easily, as they possess some creative spark. . . .'" Id. Accordingly, given the low threshold of creativity required to create an "original work" and accepting the allegations in the Complaint as true, Plaintiff has adequately pled that Defendants' conduct infringed its "original work."
For the stated reasons, Defendants' Motion to dismiss Plaintiff's copyright infringement claim is denied. Further, since Defendants' move to dismiss Plaintiff's claims for contributory and vicarious copyright infringement for the same reasons discussed above, Defendants' motion to dismiss those claims are also denied. (Mot. at 4-5.)
II. The CFAA
Defendants also seek dismissal of Plaintiff's CFAA claim, arguing that Plaintiff "has not plead the requisite type of economic damages . . . under [the CFAA]" since Plaintiff has not "allege[d] that it has incurred a `loss' of $5,000, as contemplated by [subsection (a)(5)(B)(i) of the CFAA, 18 U.S.C. § 1030 (a)(5)(B)(i)]" where "loss" refers to damage to a computer. (Id. at 5, 6.) Plaintiff alleges in its Complaint that it "has suffered damage and loss by reason of [Defendants' violations of 18 U.S.C. § 1030 (a)(2), (5) and (6)]" and thus it "is entitled to damages, injunctive relief and other equitable relief as provided by 18 U.S.C. § (g)." (Compl. ¶ 74.) Plaintiff further contends that the access unlawfully obtained by Defendants was valued at materially more than $5,000 per year" and that given the statutory definitions of "loss" and "damage," "courts have . . . routinely applied the [CFAA] to losses that do not involve impairment to a computer, including those arising from unauthorized access or the infringement of intellectual property." (Opp'n at 15, 16.)
18 U.S.C. § 1030(a)(2), (5) and (6) provide for relief in accordance with § 1030(g) when one:
[I]ntentionally accesses a computer without authorization or exceeds such authorized access, and thereby obtains . . . information from any protected computer if the conduct involved an interstate or foreign communication [;] knowingly causes the transmission of a . . . code . . . and as a result of such conduct, intentionally causes damage without authorization, to a protected computer [;] and knowingly, and with intent to defraud traffics . . . in any password or similar information through which a computer may be accessed without authorization, if . . . such trafficking affects interstate or foreign commerce. . . .18 U.S.C. § 1030(a)(2)(c); (a)(5)(A)(i); (a)(6)(A).
Section 1030(g) states, in relevant part:
Any person who suffers damages or loss by reason of this section may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief. A civil action for violation of this section may be brought only if the conduct involves 1 of the factors set forth in clause (i), (ii), (iii), (iv) or (v) of subsection (a)(5)(B). Damages for a violation involving any conduct described in subsection (a)(5)(b)(i) are limited to economic damages.18 U.S.C. § 1030(g). Subsection (a)(5)(B)(i) allows recovery of damages. Id. § 1030(a)(5)(B)(i). Section 1030(e)(8) defines "damage" as "any impairment to the integrity or availability of data, a program, a system or information." Id. § 1030(e)(8). See generally Shurgard Storage Ctrs., Inc. v. Safeguard Self Storage, Inc., 119 F. Supp. 2d 1121, 1126 (W.D. Wash. 2000) (stating "the alleged access and disclosure of trade secrets" constituted an "impairment to the integrity of data . . . or information."). The alleged unauthorized access to the Publication and the disclosure of its information may constitute an impairment to the integrity of data or information even though "no data was physically changed or erased." Id.
18 U.S.C. § 1030(a)(5)(B)(i) provides that "by conduct described in clause (i), (ii), or (iii) of subparagraph (A), [whoever] caused . . . (i) loss to 1 or more persons during any 1-year period . . . aggregating at least $5,000 in value . . . shall be punished as provided in subsection (c) of this section."
Section 1030(e)(11) defines "loss" as "any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service." 18 U.S.C. § 1030(e)(11). Plaintiff's loss allegation includes the claim that it suffered loss as a result of Defendants' breach of the single user license agreement. (Compl. ¶¶ 37, 15.) Plaintiff argues "a full corporate license for NBTY and its subsidiaries would cost approximately forty thousand dollars . . . per year," as opposed to under $100 for "an annual single user limited-purpose subscription for Internet access. . . ." (Id. ¶ 15.)
Plaintiff's allegations sufficiently state a claim under the CFAA. See generally Charles Schwab Co. v. Carter, 2005 WL 351929, at *3 (N.D. Ill. Feb. 11, 2005) (stating "several district courts have recognized that damage caused by unauthorized access or access in excess of authorization to a computer system may be redressed under the CFAA.") (internal citations omitted). Therefore, Defendants' motion to dismiss the CFAA claim is denied.
III. Electronic Communications Privacy Act ("ECPA")
Defendants seek dismissal of Plaintiff's claim under the ECPA. (Mot. at 7.) Plaintiff alleges that Defendants violated Title II of the ECPA, which states in pertinent part:
[W]hoever . . . intentionally accesses without authorization a facility through which an electronic communication service is provided; or . . . intentionally exceeds an authorization to access that facility; and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system shall be punished. . . .18 U.S.C. § 2702.
Specifically, Plaintiff alleges that Defendants "intentionally access[ed] without authorization, or intentionally exceed[ed] an authorization to access, the password-protected areas of [its] Internet web site[;]" obtained "access to electronic communications while such communications were in electronic storage on that web site . . . [;and,] disclos[ed] such communications to third parties [who were] not authorized to receive them and conspir[ed], encourag[ed], aid[ed], abett[ed], and participat[ed] in efforts to do so." (Compl. ¶ 76.)
Defendants argue dismissal is appropriate because the claims are barred by an exception prescribed in § 2701(c). Section 2701(c) of the ECPA provides, in relevant part, that an exception exists "with respect to conduct authorized (1) by the person or entity providing a wire or electronic communications service; [or] (2) by a user of that service with respect to a communication of or intended for that user." 18 U.S.C. § 2701(c)(1), (2). Defendants argue "[b]ecause [they] were authorized to access the [Publication], the authorization exception to the ECPA is triggered. . . ." (Mot. at 7.) Plaintiff counters that "the vast majority of [Defendants'] access was not authorized, as repeatedly alleged in the Complaint." (Opp'n at 17.) Defendants neither show how they satisfy the first exception nor that they come within the ambit of the second exception.
Defendants also argue that Plaintiff does not state an ECPA claim because even though "Plaintiff contends that Defendants used the [Publication] in excess of the usage permitted under the relevant license agreements, such conduct does not trigger a claim under the ECPA." (Id.) But it is "`evident that the sort of trespasses to which the [ECPA] applies are those in which the trespasser gains access to information . . . which he is not entitled to see. . . .'" Int'l Ass'n of Machinists Aerospace Workers v. Werner-Masuda, 390 F. Supp. 2d 479, 497 (D. Md. 2005) (quoting Educ. Testing Serv. v. Stanley H. Kaplan, Educ. Ctr., Ltd., 965 F. Supp. 731, 740 (D. Md. 1997)); see also Crowley v. CyberSource Corp., 166 F. Supp. 2d 1263, 1271 (N.D. Cal. 2001) ("[F]or [Plaintiff] to be liable for unauthorized access under the ECPA, it must have gained unauthorized access to a facility through which electronic communications services are provided, (or its access must have exceeded the scope of authority given), it must thereby have accessed electronic communications in storage, and its access must not fall within the exception of subsection (c).") Since Defendants' have not shown that Plaintiff fails to state a claim under the ECPA, this portion of the motion is denied.
IV. California Penal Code Section 502 (Comprehensive Computer Data Access and Fraud Act)
Defendants seek dismissal of Plaintiff's claim that Defendants violated California Penal Code section 502(c)(2), (3), (6), (7), which provides:
[A]ny person who commits any of the following acts is guilty of a public offense: (2) [k]nowingly accesses and without permission takes, copies, or makes use of any data from a computer, computer system, or computer network, or takes or copies any supporting documentation, whether existing or residing internal or external a computer, computer system, or computer network[;] (3) [k]nowingly and without permission uses or causes to be used computer services[;] (6) [k]nowingly and without permission provides or assists in providing a means of accessing a computer, computer system, or computer network[;] (7) [k]nowingly and without permission accesses or causes to be accessed any computer, computer system, or computer network.
Cal. Penal Code § 502(c)(2), (3), (6) and (7). Plaintiff claims that it "has been injured by these violations . . . and is entitled to damages and attorneys' fees pursuant to California Penal Code § 502(e)." (Compl. ¶ 83).
Defendants argue that Plaintiff fails to state a claim under this provision because "Plaintiff's allegations themselves . . . directly refute any claim that Defendant acted `knowingly and without permission[,]'" since "Plaintiff alleged that Defendants `purchased' various Site Licenses to access the [Publication], such that any access to [it] by Defendants was with permission, not without." (Mot. at 8.) Plaintiff replies that "[a]s numerous employees of [D]efendants accessed the Publication without any authorization whatsoever, their conduct falls well within the ambit of this statute, and [Plaintiff] has therefore properly stated a claim." (Opp'n at 18.) Since the focus of Plaintiff's allegations is on the unauthorized access to the Publication and not the authorized access provided under the license agreements, Defendants' arguments are unavailing.
Defendants shift focus in their Reply from an emphasis on their permission to access the Publication to whether Plaintiff has adequately specified the nature of its "injury." (Reply at 8.) Defendants rely on California Penal Code section 502(e)(1) and (b)(8), arguing that "[g]iven the statutory requirements [at] issue . . ., [Plaintiff's] bald representation that an injury has occurred . . . is insufficient to state a claim under Penal Code § 502." (Id.) However, nothing in those statutes supports Defendants' position that Plaintiff's allegation of "injury" is insufficient. Therefore, Defendants motion to dismiss Plaintiff's claims under California Penal Code section 502 is denied.
California Penal Code section 502(e)(1) provides in pertinent part:
[T]he owner . . . of the computer, computer system, computer network, computer program, or data who suffers damage or loss by reason of a violation of any of the provisions of subdivision (c) may bring a civil action against the violator for compensatory damages and injunctive relief or other equitable relief. Compensatory damages shall include any expenditures reasonably and necessarily incurred by the owner or lessee to verify that a computer, computer system, computer network, computer program, or data was or was not altered, damaged, or deleted by the access.
Section 502(b)(8) defines injury as "any alteration, deletion, damage, or destruction of a computer system, computer network, computer program or, data caused by the access, or the denial of access to the legitimate users of a computer system, network, or program."
V. Common Law Claims A. Trespass
Defendants argue that Plaintiff's trespass claim should be dismissed because it "has not alleged the required damage or impairment to state a legally cognizable cause of action for trespass." (Opp'n at 9.) Plaintiff alleges in its Complaint that it has suffered "irreparable damages" because "Defendants, without permission . . . or exceeding the scope of such permission, willfully and maliciously entered upon [its] passcode-protected web site." (Compl. ¶¶ 96, 95.) Since Defendants fail to show Plaintiff's allegations are insufficient to state a trespass claim, this portion of their motion is denied.
B. Misappropriation of Trade Secret
Defendants also seek dismissal of Plaintiff's misappropriation of trade secret claim. Plaintiff alleges that "[w]ithout authorization . . . [D]efendants misappropriated the usernames and passwords and used them for [their] benefit." (Compl. ¶ 102.) Defendants argue that "Plaintiff fails to allege that the information, which Defendants allegedly misappropriated, constitutes a trade secret." (Opp'n at 10.) The Uniform Trade Secrets Act ("UTSA"), adopted by California with minor modifications, "codifies a cause of action for misappropriation of trade secrets." Fas Techs, Ltd. v. Dainippon Screen MFG., Co., Ltd., 2001 WL 637451, at *3 (N.D. Cal. May 31, 2001); Cal. Civ. Code §§ 3426.2, 3426.3. "To prevail on [this] claim . . . plaintiff must show that (1) the misappropriated information constitutes a trade secret, (2) the defendant "used" the trade secret, and (3) the plaintiff was actually damaged by the misappropriation or the defendant was unjustly enriched by such misappropriation and use." Fas Techs. Ltd., 2001 WL 637451, at *3 (internal citations omitted).
A "trade secret" is defined as "information, including a formula, pattern, compilation, program, device, method, technique or process, that: (1) [d]erives independent economic value, actual or potential, from not being generally known to the public or to other persons who can obtain economic value from its disclosure or use; and (2) [i]s subject to efforts that are reasonable under the circumstances to maintain its secrecy." Cal. Civ. Code § 3426.1(d). Defendants argue Plaintiff does not allege "that the username and passcode combination constituted a trade secret" and that even had Plaintiff made such an allegation, "its claim would nevertheless fail because the username-passcode combination `does not derive independent economic value' — it only provides access to the [Publication], and Defendants had access in print form." (Mot. at 10.)
However, Plaintiff has adequately alleged that its username and passcode constitute a "trade secret" under the definition provided in California Civil Code section 3426.1(d). Plaintiff alleges in its Complaint that it "issued a confidential username and passcode [to Defendants under its various license agreements,] and that username and passcode combination was an item of independent economic value". (Compl. ¶¶ 98-100.) Plaintiff also alleges that "[t]he confidential username and passcodes' value is derived from not being generally known to, and not being readily ascertainable by, other persons who can obtain economic value from disclosure or use of the username and passcode." (Id. ¶ 101.) Defendants have not shown the insufficiency of these allegations.
Defendants also argue that "Plaintiff . . . fails to allege that Defendants were unjustly enriched by any misappropriation of the combination." But Plaintiff could prevail on its claim of misappropriation of trade secrets by showing either damage as a result of the misappropriation or unjust enrichment. See Fas Techs. Ltd., 2001 WL 637451, at *3, ("To prevail on [this] claim . . . plaintiff must that . . . [it] was actually damaged by the misappropriation or the defendant was unjustly enriched. . . ."). Plaintiff adequately alleges in its Complaint that it has been damaged by the alleged misappropriation. "Defendants' misappropriation of [Plaintiff's] confidential usernames and passcodes was willful and malicious and caused irreparable damage to [Plaintiff]." (Compl. ¶ 103.) Accordingly, Defendants' motion to dismiss Plaintiff's claim for misappropriation of trade secret is denied.
CONCLUSION
For the stated reasons, Defendants' motion to dismiss is denied.
IT IS SO ORDERED.