rejecting claim that "access to a publication and the disclosure of its information satisfies the CFAA's definition of damage"Summary of this case from Netapp, Inc. v. Nimble Storage, Inc.
Scott M. Hervey, Weintraub Genshlea Chediak Sproul, Scott M. Plamondon, Weintraub Genshlea Chediak, Sacramento, CA, for Plaintiff. Michael H. Page, Durie Tangri LLP, San Francisco, CA, Michael R. Silander, Lemieux & O'Neill, Westlake Village, CA, Mark R. Leonard, Davis & Leonard, LLP, Sacramento, CA, for Defendants.
Scott M. Hervey, Weintraub Genshlea Chediak Sproul, Scott M. Plamondon, Weintraub Genshlea Chediak, Sacramento, CA, for Plaintiff.Michael H. Page, Durie Tangri LLP, San Francisco, CA, Michael R. Silander, Lemieux & O'Neill, Westlake Village, CA, Mark R. Leonard, Davis & Leonard, LLP, Sacramento, CA, for Defendants.
Laura Larramendi, Monrovia, CA, pro se.
ORDER GRANTING IN PART AND DENYING IN PART DEFENDANT UMEMOTO'S MOTION TO DISMISS
GARLAND E. BURRELL, JR., Senior District Judge.
Defendant Keith Umemoto (“Defendant”) moves under Federal Rule of Civil Procedure (“Rule”) 12(b)(6) for dismissal of the following claims in Plaintiff's complaint: a claim alleging federal copyright infringement, a claim alleged under the Computer Fraud and Abuse Act (“CFAA”), a misappropriation of trade secrets claim, a claim alleged under Title II of the Electronic Communications Privacy Act (“ECPA”), a claim alleged under the California Comprehensive Computer Data Access and Fraud Act (“CCCDAFA”), and a trespass claim. Plaintiff opposes the motion.
I. FACTUAL BACKGROUND
The allegations in Plaintiff's complaint include the following. Plaintiff alleges it “is the owner of a publication entitled the Capitol Morning Report (‘The Report’),” which “is an online document published daily” that “lists dates, times and places for upcoming news conferences, legislative hearings, briefings, seminars and similar events” and “reports on gubernatorial appointments, lobbyists and their clients, political campaign committees, polling results, research studies and similar material.” (Complaint ¶ 8, ECF No. 1.) “Each daily issue of The Report and an archive of past issues of The Report is maintained within a passcode-protected area of Plaintiff's Internet web site ... and made available to subscribers who establish an account and pay a subscription fee” that is “based on the number of individuals who will have access to The Report.” ( Id. ¶¶ 8–9.)
“On or around January 25, 2012, [the Defendant] Water District purchased a one year, single reader User License to The Report” for $500. ( Id. ¶¶ 9, 11.) “[T]he Water District listed [Laura] Larramendi [ (‘Larramendi’) ] as the single individual to have access to The Report.” ( Id. ¶ 11.) “Larramendi [ ] shared the confidential passcode that would allow access to The Report with numerous other individuals, both employees and non-employees of the Water District, including but not limited to Defendant ..., in direct contravention of the User License and User Agreement.” ( Id. ¶ 12.)
[B]eginning on or about January 25, 2012 and continuing each business day until approximately August 3, 2012 (the date [Defendant] received Plaintiff's cease and desist letter), [Defendant] would access that day's issue of The Report by entering Larramendi's e-mail address and the Water District's confidential passcode and agreeing to the User Agreement, which required [Defendant] to affirmatively check the “I agree” box alongside the statement “I will not make electronic copies of The Capitol Morning Report.” ... [Defendant] would [then] copy the entire content [of The Report], and distribute the copy electronically to an e-mail distribution list of approximately 100 individuals.
( Id. ¶ 15.)
II. LEGAL STANDARD
Decision on Defendant's Rule 12(b)(6) dismissal motion requires determination of “whether the complaint's factual allegations, together with all reasonable inferences, state a plausible claim for relief.” United States ex rel. Cafasso v. Gen. Dynamics C4 Sys., 637 F.3d 1047, 1054 (9th Cir.2011) (citing Ashcroft v. Iqbal, 556 U.S. 662, 678–79, 129 S.Ct. 1937, 173 L.Ed.2d 868 (2009)). “A claim has facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Iqbal, 556 U.S. at 678, 129 S.Ct. 1937 (citing Bell Atl. Corp. v. Twombly, 550 U.S. 544, 556, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007)).
When determining the sufficiency of a claim under Rule 12(b)(6), “[w]e accept factual allegations in the complaint as true and construe the pleadings in the light most favorable to the non-moving party.” Fayer v. Vaughn, 649 F.3d 1061, 1064 (9th Cir.2011) (internal quotation marks omitted). However, this tenet does not apply to “legal conclusions ... cast in the form of factual allegations.” Id. (internal quotation marks omitted). “Therefore, conclusory allegations of law and unwarranted inferences are insufficient to defeat a motion to dismiss.” Id. (internal quotation marks omitted); see also Iqbal, 556 U.S. at 678, 129 S.Ct. 1937 (“A pleading that offers ‘labels and conclusions' or ‘a formulaic recitation of the elements of a cause of action will not do.’ ” (quoting Twombly, 550 U.S. at 555, 127 S.Ct. 1955)).
A. Federal Copyright Infringement
Defendant argues that “[b]ecause Plaintiff does not have a valid pending application for copyright, it cannot state a copyright claim.” (Def.'s Mot. to Dismiss (“Def.'s Mot.”) 4:3–4 (citing Torres–Negron v. J & N Records, LLC, 504 F.3d 151 (1st Cir.2007); Kodadek v. MTV Networks, Inc., 152 F.3d 1209 (9th Cir.1998); Coles v. Wonder, 283 F.3d 798 (6th Cir.2002)), ECF No. 19.)
Plaintiff rejoins that “regardless of whether Plaintiff's Copyright application is ultimately accepted or rejected by the Copyright office, pursuant [to] Section 411(a) of the Copyright Act, Plaintiff still may continue its copyright infringement lawsuit.” (Pl.'s Opp'n to Def.'s Mot. (“Pl.'s Opp'n”) 6:19–21, ECF No. 23.)
Since Defendant has not shown that no portion of Plaintiff's Copyright application could ultimately be accepted, this portion of the motion is denied.
B. Violations of the Computer Fraud and Abuse Act
Defendant argues that Plaintiff's CFAA claim should be dismissed because Plaintiff does not allege that “it actually suffered either ‘damage’ or ‘loss' as those terms are defined under the [CFAA],” and “no [such] facts.” (Def.'s Mot. 5:8–11, 5:22.) Defendant also contends that “ ‘[m]ost courts have found that “the CFAA does not recognize lost revenue damages as ‘loss' unless it was ‘incurred because of interruption of service.’ ” ' ” (Def.'s Reply 4:18–19 (quoting CoStar Realty Info., Inc. v. Field, 737 F.Supp.2d 496, 513 (D.Md.2010) (quoting Global Policy Partners, LLC v. Yessin, 686 F.Supp.2d 642, 653 (E.D.Va.2010))).)
Plaintiff rejoins that “the alleged unauthorized access to a publication and the disclosure of its information satisfies the CFAA's definition of damage as it ‘may constitute an impairment to the integrity of data even though no data was physically challenged or erased.’ ” (Pl.'s Opp'n 7:21–23 (quoting Therapeutic Research Faculty v. NBTY, Inc., 488 F.Supp.2d 991, 996 (E.D.Cal.2007)).) Plaintiff further contends that “[its] ‘loss' allegation clearly includes a claim that it suffered loss as a result of [Defendant]'s action; license agreements that were evaded valued at more than $5,000 per year, [and t]hese allegations are more than sufficient to overcome a motion to dismiss.” (Pl.'s Opp'n 8:20–24 (citing Compl. ¶¶ 8–9; CoStar Realty Info., Inc. v. Field, 612 F.Supp.2d 660, 675 (D.Md.2009)).)
The CFAA prescribes in 18 U.S.C. § 1030(e)(8): “the term ‘damage’ means any impairment to the integrity or availability of data, a program, a system, or information.” The CFAA prescribes in 18 U.S.C. § 1030(e)(11): “the term ‘loss' means any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.”
Plaintiff does not sufficiently allege that Defendant caused “any impairment to the integrity or availability of data, a program, a system, or information.” 18 U.S.C. § 1030(e)(8). Nor does Plaintiff sufficiently allege that Defendant caused “loss” “because of interruption of service.” 18 U.S.C. § 1030(e)(11)
Therefore, Defendant's motion seeking dismissal of this claim is granted.
C. Misappropriations of Trade Secrets
Defendant seeks dismissal of Plaintiff's misappropriations of trade secrets claim, arguing that “neither the password nor [T]he [Report] can ... be described as trade secrets.” (Def.'s Mot. 9:7–8.) Defendant further argues that “even if they were [trade secrets], [Plaintiff]'s misappropriation claim is squarely preempted by the Copyright Act.” ( Id. 9:8–9.) Plaintiff rejoins that “[n]owhere does Plaintiff allege that the confidential passcodes are copyrightable, or that Plaintiff applied for or registered a copyright for those passcodes.” (Pl.'s Opp'n 10:15–17.) Plaintiff argues that it “clearly alleges that the trade secret [Defendant] misappropriated was the confidential passcode that Plaintiff issued to the Water District.” ( Id. 10:13–15 (citing Complaint ¶¶ 49–53).)
“Under California's adoption of the Uniform Trade Secret Act (‘CUTSA’), information from which a person ‘[d]erives independent economic value ... from not being generally known to the public’ and ‘is the subject of efforts that are reasonable under the circumstances to maintain its secrecy’ is entitled to trade secret protection.” Brocade Commc'ns Sys., Inc. v. A10 Networks, Inc., No. C 10–3428 PSG, 2013 WL 831528, at *18 (N.D.Cal. Jan. 10, 2013) (quoting Cal. Civ.Code § 3426.1(d)(1)) (citing Reeves v. Hanlon, 33 Cal.4th 1140, 1155, 17 Cal.Rptr.3d 289, 95 P.3d 513 (2004)). A claim under CUTSA “require[s Plaintiff] to satisfy two steps: (1) a threshold showing that the information is a trade secret as defined by CUTSA; and (2) a showing that [Defendant] misappropriated the trade secret.” Id. (citing Reeves, 33 Cal.4th at 1155, 17 Cal.Rptr.3d 289, 95 P.3d 513).Cal. Civ.Code § 3426.1(b) of CUTSA prescribes in pertinent part:
“[m]isappropriation” means ... [d]isclosure or use of a trade secret of another without express or implied consent by a person who ... [a]t the time of disclosure or use, knew or had reason to know that his or her knowledge of the secret was ... [d]erived from or through a person who owed a duty to the person seeking relief to maintain its secrecy or limit its use.
Plaintiff alleges that it “licensed a confidential passcode to [the] Water District for use only by a single user, and that passcode was an item of independent economicvalue.” (Compl. ¶ 50.) Plaintiff alleges that “[t]he confidential passcode's value is derived from not being generally known to, and not being readily ascertainable by, other persons who can obtain economic value from disclosure or use of the passcode.” ( Id. ¶ 51.) Plaintiff also alleges that “[t]o prevent theft and free distribution of [T]he Report, Plaintiff provides each user a password and requires that he or she submit it along with his or her email address in order to access the Report.” ( Id. ¶ 9.) Plaintiff further alleges that “[e]ach User License specifically provides that ... the subscriber and each registered reader shall not ... share the confidential passcode with anyone else.” ( Id.)
Defendant's have not shown that this claim is implausible under California Civil Code section 3426.1(d). Therefore, this portion of the motion is denied.
D. Violation of Title II of the Electronic Communications Privacy Act / Stored Communications Act
Defendant argues that “it is not covered by the [Stored Communications Act (‘SCA’) ] and [Plaintiff] cannot state a claim under it,” since Plaintiff fails to allege that it qualifies as either “(1) [a] ‘remote computing services' (‘RCS'), [or] (2) [an] ‘electronic communication services' (‘ECS').” (Def.'s Mot. 11:15–16, 11:5–6 (quoting 18 U.S.C. § 2702(a)(1)-(2)).)
Plaintiff has not plausibly alleged that Defendant is covered by the SCA. Therefore this claim is dismissed.
E. Violations of California Comprehensive Computer Data Access and Fraud Act
Defendant argues that “Plaintiff's Section 502 [California Comprehensive Computer Data Access and Fraud Act] claim fails for the same reasons its CFAA claim does” since “Plaintiff has not made a plausible allegation of ‘damage or loss,’ ” and “the applicable provisions of the statute require that the alleged violator act ‘without permission,’ which [Defendant] did not do.” (Def.'s Mot. 11:25–12:2 (citing Cal.Penal Code § 502(c)(1)-(8), (b)(10)).) Defendant further argues that “[t]he Complaint['s] only allegation of ‘damage’ is an allegation of copyright infringement, which neither satisfies the statute nor avoids the same copyright preemption that bars Plaintiff's trade secret claims.” (Def.'s Reply 7:18–20.)
Plaintiff counters that “[Defendant] accessed The Report and the passcode protected section of the Website, ‘without permission.’ His conduct thus falls within the scope of Section 502, and Plaintiff has properly stated a claim.” (Pl.'s Opp'n 12:4–6 (citation omitted) (citing Compl. ¶ 58; Therapeutic Research Faculty, 488 F.Supp.2d at 998–99).) Plaintiff also contends that Defendant “is liable for ‘damages and attorneys' fees' when it ‘knowingly’ and ‘without permission’ engages in various activities relating to accessing computers and data without authorization.” (Pl.'s Opp'n 11:22–25 (quoting Cal.Penal Code § 502(c)(2), (3), (6), (7)).)
Section 502(c) prescribes in pertinent part:
[A]ny person who commits any of the following acts is guilty of a public offense: ... Knowingly accesses and without permission takes, copies, or makes use of any data from a computer, computer system, or computer network, or takes or copies any supporting documentation, whether existing or residing internal or external to a computer, computer system, or computer network.
Cal.Penal Code § 502(c)(2). Section 502(e)(1) authorizes a private right of action for “the owner or lessee of the computer, computer system, computer network,computer program, or data who suffers damage or loss by reason of a violation of any of the provisions of subdivision (c) [to] bring a civil action against the violator for compensatory damages.” Id. § 502(e)(1).
“[T]he [C]CDAFA does not include a monetary threshold for damages, and some courts have concluded that ‘any amount of loss or damage may be sufficient,’ to establish statutory standing.” In re Google Android Consumer Privacy Litig., No. 11–MD–02264 JSW, 2013 WL 1283236, at *11 (N.D.Cal. Mar. 26, 2013) (quoting Mintz v. Mark Bartelstein & Assocs., Inc., 906 F.Supp.2d 1017, 1032 (C.D.Cal.2012)) (citing Facebook, Inc. v. Power Ventures, Inc., 2010 WL 3291750, at *4 (N.D.Cal. July 20, 2010)).
Plaintiff alleges, inter alia, that it “has been injured by [Defendant's] violations of the [CCDAFA].” (Compl. ¶ 62.) Defendant has not shown that this claim is implausible. Therefore, this portion of the motion is denied.
Defendant argues that “[he] did not interfere with Plaintiff's ‘possessory interest’ in its computer systems, i.e., its iOS Devices. Plaintiff does not ... allege that it lost possession or use of its iOS Devices or any significant portion of its iOS devices, as is required to state a claim for trespass to chattels.” (Def.'s Mot. 12:19–22 (citing Intel Corp. v. Hamidi, 30 Cal.4th 1342, 1357, 1 Cal.Rptr.3d 32, 71 P.3d 296 (2003)).)
Plaintiff counters that “this action involves the trespass of a restricted and password protected area of Plaintiff's website that is inaccessible to the public without the password Plaintiff issues to its paid subscribers.... [Defendant] entered into this password protected area of the Website without authorization, satisfying the classic definition of a trespass.” (Pl.'s Opp'n 12:14–18 (citation omitted) (citing Compl. ¶¶ 64–66).) Plaintiff alleges: “Plaintiff maintains passcode-protected areas on its Internet web site. Defendant[ ], without permission from Plaintiff or exceeding the scope of such permission, willfully and maliciously entered upon Plaintiff's passcode-protected web site.” (Compl. ¶¶ 64–65.)
Plaintiff's allegations are insufficient to allege a trespass under California law since they do not plausibly show “intermeddling” with “chattel” which is sufficient to constitute an actionable trespass claim. Intel Corp. v. Hamidi, 30 Cal.4th 1342, 1357, 1 Cal.Rptr.3d 32, 71 P.3d 296 (2003). Therefore, this portion of motion is granted.
For the stated reasons, Defendant's dismissal motion is granted in part and denied in part. Plaintiff is granted fourteen (14) days from the date on which this order is filed to file a First Amended Complaint addressing the deficiencies in the claims dismissed in this order.