Synopsys, Inc. v. Ubiquiti Networks, Inc. et al

Filing 145

ORDER ON PENDING MOTIONS by Judge William H. Orrick denying 77 Motion for Leave to File, granting 79 Motion to Dismiss, and denying 80 Motion to Strike. Defendants' further motions to amend, if any, should be filed within twenty days of the date below. (jmdS, COURT STAFF) (Filed on 3/13/2018)

Download PDF
1 2 3 4 UNITED STATES DISTRICT COURT 5 NORTHERN DISTRICT OF CALIFORNIA 6 7 SYNOPSYS, INC., Plaintiff, 8 9 10 United States District Court Northern District of California 11 Case No. 17-cv-00561-WHO ORDER ON PENDING MOTIONS v. Re: Dkt. Nos. 77, 79, 80 UBIQUITI NETWORKS, INC., et al., Defendants. 12 This case stems from the purported interest of defendants Ubiquiti Network, Inc., Ubiquiti 13 Networks International Limited (UNIL), and Ching-Han Tsai to review and evaluate for licensing 14 plaintiff Synopsys, Inc.’s semiconductor electronic design and automation software. In its Second 15 Amended Complaint, Synopsys alleges that defendants fraudulently gained access to its 16 copyrighted software and related support materials and used evaluation license keys and 17 counterfeit keys to repeatedly and illegally access and copy those programs and materials over the 18 course of three years. When defendants’ alleged conduct was discovered by Synopsys – through 19 embedded “piracy tracking” tools (as described by Synopsys) or “spyware” (as described by 20 defendants) – Synopsys sued. 21 Ubiquiti and UNIL counterclaimed based on Synopsys’s use of the piracy tracking tools. They 22 argue that Synopsys’s conduct – hiding or failing to disclose the presence and operation of the anti- 23 piracy software, using the anti-piracy software to access information on defendants’ systems, and then 24 sharing defendants’ confidential information with third-parties – violated the parties’ master non- 25 disclosure agreement (MNDA) as well as federal and state computer abuse and common laws. UNIL 26 alleges the following counterclaims: (1) declaratory relief; (2) violation of 18 U.S.C. § 1030, 27 Computer Fraud and Abuse Act; (3) violation of Cal. Penal Code § 502, Computer Data Access Fraud 28 Act; (4) Trespass to Personal Property and Chattels; (5) Conversion; (6) violation of 18 U.S.C. § 1 1962(c), Civil RICO; (7) violation of 18 U.S.C. § 1962(d), RICO Conspiracy; and (8) Fraud. Ubiquiti 2 currently has counterclaimed only for declaratory relief and breach of contract, but seeks leave to 3 amend to match the counterclaims asserted by UNIL (e.g., adding the federal and state computer abuse 4 and common law claims).1 Synopsys moves to dismiss UNIL’s counterclaims, arguing that the counterclaims are either 5 6 barred or inadequately pleaded. Similarly, Synopsys argues Ubiquiti’s motion for leave to amend 7 should be denied because of undue delay and prejudice in seeking leave, but also because amendment 8 would be futile because the claims Ubiquiti seeks to allege (like UNIL’s) are barred or inadequately 9 pleaded. Finally, Synopsys moves to strike the state law counterclaims asserted by UNIL under California’s anti-SLAPP statute, because those claims are based on Synopsys’ privileged pre-litigation 11 United States District Court Northern District of California 10 conduct in identifying what it believed were defendants’ acts of piracy and seeking pre-litigation 12 settlement of those claims. 13 As discussed below, defendants’ theory of fraud is implausible and I agree in many respects 14 with the arguments in Synopsys’s motion. I GRANT the motion to dismiss UNIL’s counterclaims. I 15 DENY Ubiquiti’s motion for leave to amend its counterclaims without prejudice and DENY 16 Synopsys’s motion to strike without prejudice. BACKGROUND 17 The background to Synopsys’s claims against defendants are laid out in full in my August 18 19 2017 Order. For purposes of ruling on the pending motions, I will focus on the allegations in 20 Ubiquiti’s existing counterclaims and those made in UNIL’s counterclaims. 21 As part of the parties’ agreement to allow Ubiquiti to review Synopsys’s software, the 22 parties entered into a master non-disclosure agreement (MNDA) to allow for the confidential 23 exchange of information between the parties. UNIL Counterclaims ¶¶ 30 - 31, 34-35, 40.2 24 Ubiquiti signed the MNDA on October 15, 2013, and Synopsys executed it on November 25, 25 1 26 Because UNIL initially moved to dismiss for lack of jurisdiction, UNIL’s answer and counterclaims were not filed until September 19, 2017. Dkt. No. 76. 27 2 28 The factual allegations and claims Ubiquiti seeks leave to add are similar (in most respects) to the allegations and claims asserted in UNIL’s counterclaims. 2 1 2013. UNIL Counterclaims ¶ 40; see also Second Amended Complaint (SAC) ¶ 40. 2 Defendants allege that Synopsys formed an “Enterprise” with QuatreWave LLC d/b/a 3 SmartFlow Compliance Solutions (SmartFlow) and related-entity IT Compliance Association 4 (“ITCA”), and the founders and current officers of those companies (Ted Miracco and Chris 5 Luijten). The Enterprise placed SmartFlow’s “phone-home” “spyware” in Synopsys’ software 6 programs. UNIL Counterclaims ¶¶ 8-16.3 UNIL alleges that SmartFlow and ITCA “work in 7 partnership in schemes to generate revenue for software companies by targeting supposed 8 unlicensed uses of their customers’ software.” UNIL Counterclaims ¶ 11. As part of that effort: SmartFlow’s spyware is embedded at least into that company’s software and subsequently used to monitor and collect data from computers, servers, and unsuspecting individuals who use or have access to that software. The data includes individuals’ personally identifiable information, such as user names and email addresses, the software programs and features accessed by users, and the locations, dates, and times of access. SmartFlow then shares the data that it collects and the identity of the suspected unlicensed users with its software customers. SmartFlow also offers the services of its sister company ITCA, who uses various coercive techniques to pressure individuals to pay exorbitant fees or other compensation to the software company for the alleged unlicensed uses. 9 10 United States District Court Northern District of California 11 12 13 14 15 UNIL Counterclaim ¶ 11. 16 UNIL asserts (and Ubiquiti wants to allege) that Synopsys concealed the presence of the 17 spyware in the products that was downloaded pursuant to the parties’ agreements onto Ubiquiti 18 and UNIL’s servers and computers. UNIL contends that Synopsys’s license evaluation and 19 MNDA agreements fail to disclose the presence and operation of this spyware in its products. 20 UNIL Counterclaims ¶¶ 17, 47. 21 UNIL states that Synopsys together with ITCA and SmartFlow use the spyware to identify, 22 23 often mistakenly, unauthorized users of Synopsys’s software in order to “extract exorbitant license fees under the threat of litigation.” UNIL Counterclaims ¶¶ 14, 18-25. UNIL identifies five 24 lawsuits Synopsys filed based on unlicensed use of its software and alleges on information and 25 belief that the facts regarding unauthorized use in those suits were obtained from phone-home 26 27 28 3 The co-founder and current CEO of SmartFlow (Ted Miracco) and the co-founder of SmartFlow, founder of ITCA, and ITCA’s current CEO (Chris Luijten) are repeatedly identified in UNIL’s Counterclaims at ¶¶ 8-9,13-14. 3 1 spyware and that the Enterprise monitored, collected, and transmitted the confidential information 2 of the defendants in those cases. Id. ¶¶ 18-25. 3 UNIL asserts that the Enterprise likewise monitored, collected, and transmitted UNIL and 4 Ubiquiti’s confidential information through the spyware in violation of the MNDA, unbeknownst 5 to UNIL or Ubiquiti, and without their consent. Id. ¶¶ 29-36, 40, 52-53. That confidential 6 information includes “IP addresses, MAC addresses, user names, host names, user accounts, email 7 addresses, workstation information, system administrators, IT system logs, and other confidential 8 information.” Id. ¶ 47. 9 UNIL and Ubiquiti became aware of the spyware and the activities of the Enterprise in May 2016, when ITCA emailed Ubiquiti’s CEO as an agent of Synopsys and disclosed its 11 United States District Court Northern District of California 10 possession of the confidential UNIL and Ubiquiti information it had gathered through the 12 spyware. ITCA made that disclosure and contact in order to convince Ubiquiti to pay “exorbitant 13 fees” for the Synopsys software programs allegedly accessed by UNIL and Ubiquiti employees. 14 Id. ¶¶ 51-52. Ubiquiti and UNIL argue that Synopsys delayed notifying them of the matter until 15 two and one-half years after Synopsys had notice in order to allow the Enterprise to keep 16 collecting confidential information and enlarge the period over which Synopsys could claim 17 damages in the form of retroactive license fees. Id. ¶ 55. 18 In opposing Ubiquiti’s motion for leave to amend and in support of its separate motion to 19 strike UNIL’s state law counterclaims, Synopsys relies on evidence that in order for Tsai to download 20 Synopsys’ software in December 2013 (which is when Tsai admits he downloaded Synopsys software 21 initially: UNIL Counterclaim ¶ 41; Ubiquiti’s Proposed Counterclaims ¶ 42), Tsai would have had to 22 “click through” a notice and agreement that disclosed that “Licensed Products communicate with 23 Synopsys services for the purpose of . . . detecting software piracy and verifying that customers are 24 using Licensed Products in conformity with the applicable License Key” and that Synopsys will use 25 that information to “pursue software pirates and infringers.” Declaration of Norman F. Kelly [Dkt. 26 No. 78-1], Ex. 2. Similarly, when an unnamed UNIL employee admittedly downloaded Synopsys 27 software in April 2014, UNIL Counterclaim ¶ 44, he or she would have had to click through the same 28 4 1 notice. Kelly Decl. ¶ 5.4 LEGAL STANDARD 2 3 I. MOTION TO DISMISS FOR FAILURE TO STATE A CLAIM Under Federal Rule of Civil Procedure 12(b)(6), a district court must dismiss if a claim 4 5 fails to state a claim upon which relief can be granted. To survive a Rule 12(b)(6) motion to 6 dismiss, the claimant must allege “enough facts to state a claim to relief that is plausible on its 7 face.” Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007). A claim is facially plausible when 8 the plaintiff pleads facts that “allow the court to draw the reasonable inference that the defendant 9 is liable for the misconduct alleged.” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (citation omitted). There must be “more than a sheer possibility that a defendant has acted unlawfully.” Id. 11 United States District Court Northern District of California 10 While courts do not require “heightened fact pleading of specifics,” a claim must be supported by 12 facts sufficient to “raise a right to relief above the speculative level.” Twombly, 550 U.S. at 555, 13 570. Under Federal Rule of Civil Procedure 9(b), a party must “state with particularity the 14 15 circumstances constituting fraud or mistake,” including “the who, what, when, where, and how of 16 the misconduct charged.” Vess v. Ciba-Geigy Corp. USA, 317 F.3d 1097, 1106 (9th Cir. 2003) 17 (internal quotation marks omitted). However, “Rule 9(b) requires only that the circumstances of 18 fraud be stated with particularity; other facts may be pleaded generally, or in accordance with Rule 19 8.” United States ex rel. Lee v. Corinthian Colls., 655 F.3d 984, 992 (9th Cir. 2011). In deciding a 20 motion to dismiss for failure to state a claim, the court accepts all of the factual allegations as true 21 22 23 24 25 26 27 28 4 While Synopsys contends that I may rely on this outside-the-pleadings-evidence in support of its futility arguments in opposing the motion for leave to amend, the authorities Synopsys relies on are not persuasive. Gaspard v. DEA Task Force, 2016 WL 2586182, at *1 (C.D. Cal., April 4, 2016) (deciding issue without analysis and misstating cited reference); Haney v. Baker, 2012 WL 2521895, at *3 (E.D. Cal. June 28, 2012) (relying on evidence in support of a motion to dismiss for failure to exhaust administrative remedies). I conclude that I may rely on this evidence only in support of Synopsys’ special motion to strike UNIL’s state law counterclaims. In that regard, defendants contest whether there is proof Ubiquiti “clicked” assent to the terms of use and argue even if it did, it has alleged conduct that could not be consented to (e.g., that the piracy software surveilled “areas of Ubiquiti’s and/or UNIL’s computers and servers wholly unconnected to the areas where Synopsys’ evaluation software operated, and to monitor, collect, and transmit confidential, proprietary information with no connection to Synopsys’ evaluation software.”). UNIL Counterclaim ¶ 48. 5 1 and draws all reasonable inferences in favor of the plaintiff. Usher v. City of Los Angeles, 828 2 F.2d 556, 561 (9th Cir. 1987). But the court is not required to accept as true “allegations that are 3 merely conclusory, unwarranted deductions of fact, or unreasonable inferences.” In re Gilead Scis. 4 Sec. Litig., 536 F.3d 1049, 1055 (9th Cir. 2008). 5 II. 6 SPECIAL MOTION TO STRIKE California Code of Civil Procedure section 425.16 is California’s response to “strategic lawsuits against public participation,” or SLAPP lawsuits. It was enacted “to provide a procedure 8 for expeditiously resolving nonmeritorious litigation meant to chill the valid exercise of the 9 constitutional rights of freedom of speech and petition in connection with a public issue.” Hansen 10 v. California Dep’t of Corr. & Rehab., 171 Cal. App. 4th 1537, 1542-43 (2008). It provides that a 11 United States District Court Northern District of California 7 cause of action against a person “arising from any act of that person in furtherance of the person’s 12 right of petition or free speech under the United States Constitution or the California Constitution 13 in connection with a public issue shall be subject to a special motion to strike, unless the court 14 determines that the plaintiff has established that there is a probability that the plaintiff will prevail 15 on the claim.” Cal. Civ. Proc. Code § 425.16(b)(1). An “act in furtherance of the person’s right of 16 petition or free speech under the United States Constitution or the California Constitution in 17 connection with a public issue” includes: 18 19 20 21 22 23 24 25 26 27 (1) any written or oral statement or writing made before a legislative, executive, or judicial proceeding, or any other official proceeding authorized by law, (2) any written or oral statement or writing made in connection with an issue under consideration or review by a legislative, executive, or judicial body, or any other official proceeding authorized by law, (3) any written or oral statement or writing made in a place open to the public or a public forum in connection with an issue of public interest, or (4) any other conduct in furtherance of the exercise of the constitutional right of petition or the constitutional right of free speech in connection with a public issue or an issue of public interest. Cal. Civ. Proc. Code § 425.16(e). “When served with a SLAPP suit, the defendant may immediately move to strike the 28 6 1 complaint under Section 425.16.” Id. at 1543. That motion is known as an anti-SLAPP motion. 2 To determine whether an anti-SLAPP motion should be granted, the trial court must engage in a 3 two-step process. “First, the defendant must make a prima facie showing that the plaintiff’s suit 4 arises from an act in furtherance of the defendant’s rights of petition or free speech.” Mindys 5 Cosmetics, Inc. v. Dakar, 611 F.3d 590, 595 (9th Cir. 2010) (citation and internal quotation marks 6 omitted). “Second, once the defendant has made a prima facie showing, the burden shifts to the 7 plaintiff to demonstrate a probability of prevailing on the challenged claims.” Id. “At [the] second step of the anti-SLAPP inquiry, the required probability that [a party] will 8 9 prevail need not be high.” Hilton v. Hallmark Cards, 599 F.3d 894, 908 (9th Cir. 2009). A plaintiff must show “only a ‘minimum level of legal sufficiency and triability.’” Mindys, 611 F.3d 11 United States District Court Northern District of California 10 at 598 (quoting Linder v. Thrifty Oil Co., 23 Cal. 4th 429, 438 n.5 (2000)). The plaintiff need only 12 “state and substantiate a legally sufficient claim.” Id. at 598-99 (citation and internal quotation 13 marks omitted). In conducting its analysis, the “court ‘does not weigh the credibility or 14 comparative probative strength of competing evidence,’ but ‘should grant the motion if, as a 15 matter of law, the defendant’s evidence supporting the motion defeats the plaintiff’s attempt to 16 establish evidentiary support for the claim.’” Id. at 599 (quoting Wilson v. Parker, Covert & 17 Chidester, 28 Cal. 4th 811, 821 (2002). At this stage, the court considers “the pleadings, and 18 supporting and opposing affidavits stating the facts upon which the liability or defense is based.” 19 Id. at 598 (quoting Cal. Civ. Proc. Code § 425.16(b)(2)). “[T]he anti-SLAPP statute cannot be used to strike federal causes of action.” Hilton v. 20 21 Hallmark Cards, 599 F.3d 894, 901 (9th Cir. 2010). 22 III. 23 MOTION FOR LEAVE Under Federal Rule of Civil Procedure 15(a), leave to amend “shall be freely given when 24 justice so requires.” Fed. R. Civ. P. 15(a). However, it “is not to be granted automatically.” 25 Jackson v. bank of Hawaii, 902 F. 2d 1385, 1387 (9th Cir. 1990). Courts generally weigh the 26 following factors to determine whether leave should be granted: “(1) bad faith, (2) undue delay, 27 (3) prejudice to the opposing party, (4) futility of amendment; and (5) whether plaintiff has 28 previously amended his complaint.” In re W. States Wholesale Natural Gas Antitrust Litig., 715 7 1 F.3d 716, 738 (9th Cir. 2013). A lack of diligence may warrant denying leave under Rule 15. “Where the party seeking 2 3 amendment knows or should know of the facts upon which the proposed amendment is based but 4 fails to include them in the original complaint, the motion to amend may be denied.” Jordan v. 5 County of Los Angeles, 669 F.2d 1311, 1324 (9th Cir. 1982), vacated on other grounds, 459 U.S. 6 810 (1982). DISCUSSION 7 8 I. UBIQUITI MOTION FOR LEAVE TO AMEND Ubiquiti seeks leave to amend its counterclaims to add the computer abuse and related state 9 law counterclaims; essentially the identical counterclaims UNIL asserts against Synopsys. 5 11 United States District Court Northern District of California 10 Synopsys opposes on grounds of undue delay, prejudice, and futility. 12 A. 13 Synopsys argues that Ubiquiti has unduly delayed moving to amend because Ubiquiti Delay 14 knew the factual basis underlying the current claims at least as of March 2017 when it filed its 15 initial counterclaims, and arguably even earlier in May 2016 when ITCA confronted Ubiquiti with 16 its evidence that Ubiquiti was illegally accessing and using Synopsys’ software. Proposed 17 Counterclaims ¶ 45. However, while the facts could have been suspected in May 2016, they were 18 not known until March 2017. Given that this case is still very much in its infancy, I will not deny 19 leave to amend based on undue delay. 20 B. 21 The parties have agreed to an aggressive schedule, with close of fact discovery in April Prejudice/Futility 22 2018. Synopsys contends that adding in these counterclaims now will cause significant delay to 23 that schedule, especially given the allegations against the two “conspirators” ITCA and SmartFlow 24 (as part of RICO enterprise) may require their joinder and, in any event, significant additional 25 discovery. However, this third-party discovery (or motion practice) will arguably be required if 26 UNIL’s counterclaims stand after Synopsys’s motion to dismiss, irrespective of whether Ubiquiti 27 5 28 UNIL does not assert a breach of contract counterclaim, because UNIL was not a signatory to the MNDA signed by Ubiquiti and Synopsys. 8 1 is given leave to amend. Therefore, prejudice could be demonstrated only if UNIL’s 2 counterclaims are dismissed and then Ubiquiti was given leave to amend. Whether that is 3 warranted depends on whether that leave would be futile, which will be considered below in 4 conjunction with Synopsys’s motion to dismiss UNIL’s counterclaims. 5 II. 6 7 MOTION TO DISMISS UNIL COUNTERCLAIMS/FUTILITY OF UBIQUITI’S PROPOSED COUNTERCLAIMS Synopsys moves to dismiss UNIL’s second through eighth counterclaims, arguing the claims are either barred as a matter of law or inadequately pleaded.6 Similarly, Synopsys argues 8 that allowing Ubiquiti leave to add its proposed counterclaims is futile as those claims fail on 9 essentially the same grounds as UNIL’s. 10 A. United States District Court Northern District of California 11 Computer Fraud and Abuse Act – 18 U.S.C. § 1030 et seq. The “CFAA was enacted in 1984 to enhance the government’s ability to prosecute 12 computer crimes. The act was originally designed to target hackers who accessed computers to 13 steal information or to disrupt or destroy computer functionality, as well as criminals who 14 15 possessed the capacity to ‘access and control high technology processes vital to our everyday lives. . . .’ [] The CFAA prohibits a number of different computer crimes, the majority of which 16 involve accessing computers without authorization or in excess of authorization, and then taking 17 specified forbidden actions, ranging from obtaining information to damaging a computer or 18 computer data.” LVRC Holdings LLC v. Brekka, 581 F.3d 1127, 1130–31 (9th Cir. 2009). 19 UNIL alleges (and Ubiquiti seeks to allege) three violations under the Computer Fraud and 20 21 22 23 Abuse Act: a violation of 28 U.S.C. § 1030(a)(2) – prohibiting “intentionally accesses a computer without authorization or exceeds authorized access” and thereby obtaining “information from any protected computer if the conduct involved an interstate or foreign communication”; a violation of § 1030(a)(4) – prohibiting “knowingly and with intent to defraud, accesses a protected computer 24 without authorization, or exceeds authorized access, and by means of such conduct furthers [a] 25 intended fraud and obtains anything of value”; and violation of § 1030(a)(5)(A-C) –prohibiting 26 27 6 28 Synopsys does not move to dismiss UNIL’s first counterclaim, seeking declaratory relief that any use of plaintiff’s software programs by UNIL did not constitute a violation of 17 U.S.C. § 1201. 9 1 (A) knowingly causing the transmission of a program, information, code, or 2 command, and as a result of such conduct, intentionally causes damage without 3 authorization, to a protected computer, 4 (B) intentionally accesses a protected computer without authorization, and as a 5 result of such conduct, recklessly causes damage, or 6 (C) intentionally accesses a protected computer without authorization, and as a 7 result of such conduct, causes damage and loss. Under § 1030(g), in order to bring a private right of action under any of these provisions, 8 defendants must also allege one of the following forms of damage, under § 1030(c)(4)(A)(i): 10 (I) loss to 1 or more persons during any 1-year period . . . aggregating at least 11 United States District Court Northern District of California 9 $5,000 in value; 12 (II) the modification or impairment, or potential modification or impairment, of the 13 medical examination, diagnosis, treatment, or care of 1 or more individuals; 14 (III) physical injury to any person; 15 (IV) a threat to public health or safety; Synopsys contends that the CFAA counterclaims fail for a number of reasons, as discussed 16 17 18 19 below. 1. Unauthorized Access All CFAA claims asserted require “unauthorized access.” Synopsys argues that cannot be 20 shown here where defendants intentionally visited Synopsys’s website and voluntarily 21 downloaded Synopsys’s software. See, e.g., In re Sony PS3 Other OS Litigation, 551 Fed.Appx. 22 916, 923 (9th Cir. 2014) (“As lower courts have reasoned, users who had ‘voluntarily installed’ 23 software that allegedly caused harm cannot plead unauthorized ‘access’ under the CFAA.”); see 24 also In re iPhone Application Litigation, 844 F.Supp.2d 1040, 1066 (N.D. Cal. 2012) (“Voluntary 25 installation of software that allegedly harmed the phone was voluntarily downloaded by the user. 26 Other courts in this District and elsewhere have reasoned that users would have serious difficulty 27 pleading a CFAA violation.”); see also Flextronics International, Ltd. v. Parametric Technology 28 Corporation, 2014 WL 2213910, at *5 (N.D. Cal., May 28, 2014, No. 5:13-CV-00034-PSG) 10 1 (interpreting the California CDAFA and holding “that an unknown file or subroutine of otherwise 2 voluntarily installed software cannot be said to have been installed on the computer ‘without 3 permission’ in violation of the CDAFA.”). These unauthorized access cases are not helpful to Synopsys. Defendants’ theory is that 4 5 Synopsys exceeded any authorization it may have had by using the hidden anti-piracy software to 6 access their confidential information. See, e.g., Flextronics International, Ltd., 2014 WL 7 2213910, at *3 (denying motion to dismiss “exceed authorization” CFAA claim where plaintiff 8 alleged defendants concealed embedded technology in their software and used that technology to 9 “access, obtain, and transmit information” in plaintiff’s computers that defendants were not entitled to access, obtain, or transmit). UNIL has alleged and Ubiquiti can (if otherwise sufficient) 11 United States District Court Northern District of California 10 allege an “exceeds authorization” claim under the CFAA.7 12 2. Use Versus Access to Data Synopsys argues that because defendants’ complaints are about the use of the data secured 13 14 by Synopsys – as opposed to the access to that information by its anti-piracy software – 15 defendants cannot plead a CFAA claim focused on the impermissible “access” to computers. As 16 explained by the Ninth Circuit, “the plain language of the CFAA ‘target[s] the unauthorized 17 procurement or alteration of information, not its misuse or misappropriation.’” U.S. v. Nosal, 676 18 F.3d 854, 863 (9th Cir. 2012). The court so held in the context of narrowly interpreting the statute 19 to not criminalize the conduct of users who simply exceed corporate “terms of use” to hold “that 20 the phrase ‘exceeds authorized access’ in the CFAA does not extend to violations of use 21 restrictions.” Id. As noted above, this case fits within the “exceeds authorization” line of cases because the 22 23 allegations are not based on violation of generally applicable “terms of use” but based on the 24 25 26 27 28 7 Synopsys contends that because Ubiquiti consented to its terms of use when Ubiquiti downloaded the software – relying on its outside-the-allegations evidence – Ubiquiti expressly consented to and had notice of Synopsys’s anti-piracy efforts and therefore cannot allege a CFAA claim. Opposition to Motion for Leave to Amend (Synopsys Oppo.) at 7-9. That may be true, but this evidence cannot be relied on in support of the opposition for leave to amend. The same is true of Synopsys’s attempt to rely on this evidence in support of its opposition on Ubiquiti’s proposed Section 502, trespass, and conversion claims discussed below. 11 1 hidden presence of software that accesses, obtains, and transmits information that a party was not 2 entitled to access, obtain, or transmit. See Flextronics International, Ltd., 2014 WL 2213910, at 3 *3. Synopsys’s argument does not work. 4 3. Damage and Loss Synopsys contends that defendants fail to allege facts to show that defendants suffered a 5 6 “loss” of more than $5,000 in a one year period as a result of Synopsys’ conduct. A mere 7 conclusion of damage or loss is insufficient. See, e.g., NovelPoster v. Javitch Canfield Group, 140 8 F.Supp.3d 938, 949 (N.D. Cal. 2014).8 There are two problems with the defendants’ counterclaim 9 allegations. While defendants are correct that courts have considered the “cost of investigating the source of a breach and remedying it” as a loss appropriately counted towards the $5,000 mark, 9 11 United States District Court Northern District of California 10 there are no facts alleged that defendants incurred $5,000 of loss in responding to Synopsys’ 12 alleged illegal conduct.10 Further, while defendants have no doubt incurred costs investigating 13 how Synopsys learned about defendants’ alleged piracy, those expenses would necessarily have 14 been incurred as part of defendants’ investigation of and response to Synopsys’s affirmative 15 allegations against them. Defendants must plead facts showing that they incurred costs above and 16 beyond those needed to respond to Synopsys’s affirmative claims to state a separate claim for 17 damages recoverable under the CFAA. In addition, there are no allegations that the presence of Synopsys’ anti-piracy software 18 19 8 20 21 22 23 24 25 “Loss” is defined as “any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.” § 1030(e)(11). “Damage” is defined “any impairment to the integrity or availability of data, a program, a system, or information.” § 1030(e)(8). 9 See, e.g., Enki Corporation v. Freedman, No. 5:13-CV-02201-PSG, 2014 WL 261798, at *2 (N.D. Cal., Jan. 23, 2014) (“the cost of investigating the source of the breach and remedying it would qualify as ‘loss’ within that definition, as they would be required to return the system to its secured state”). 10 26 27 28 UNIL alleges only Synopsys’s actions have “imposed unknown costs by depriving Ubiquiti and UNIL of the economic value of confidential information taken without their consent or knowledge, and causing undue expenditures of resources to investigate access to proprietary information” and then that they have been damaged of an unknown total “but aggregating more than $5,000.” UNIL Counterclaims ¶¶ 49, 66. 12 1 caused any disruption or other damage to defendants’ computer systems. See, e.g., In re iPhone 2 Application Litigation, 844 F.Supp.2d 1040, 1067 (N.D. Cal. 2012) (while “Plaintiffs have alleged 3 that the location files consume valuable memory space on their iDevices, Plaintiffs have not 4 plausibly alleged that the location file impairs Plaintiffs’ devices or interrupts service, or otherwise 5 fits within the statutory requirements of “loss” and “economic damage” as defined by the 6 statute”).11 7 Finally, defendants have not plausibly alleged that accessing the types of information 8 secured by Synopsys – IP addresses, MAC addresses, user names, host names, user accounts, 9 email addresses, workstation information, system administrators, and IT system logs – caused economic damage to defendants under the CFAA. In re iPhone Application Litigation, 844 11 United States District Court Northern District of California 10 F.Supp.2d at 1068 (“courts have tended to reject the contention that personal information—such as 12 the information collected by the Mobile Industry Defendants—constitutes economic damages 13 under the CFAA.”).12 The categories of information identified do not, on their face, appear to 14 convey or create any economic value to defendants (or create harm to defendants’ customers and 15 hence defendants). Finally, the claim under § 1030(a)(5) requires a showing of damage to the computer 16 17 systems – e.g., some impairment of the functioning of those systems. Defendants have not 18 pleaded such a claim. UNIL’s failure to adequately allege damage and loss under the CFAA requires the 19 20 dismissal of those counterclaims. Ubiquiti’s failure to allege the same makes their proposed 21 11 22 Defendants vaguely plead “damage and loss” from impairment of integrity of defendants’ information and “otherwise causing damage to protected computers.” UNIL Counterclaims ¶ 63. 23 12 24 25 26 27 28 Defendants assert only that “confidential and proprietary information that was collected by the Enterprise has economic value to Ubiquiti, UNIL, their competitors, and those who trade in such information, and is information that Ubiquiti and UNIL use as an economic asset.” UNIL Counterclaim ¶ 64. However, as Synopsys points out, there are no facts supporting that allegation and numerous cases in this District have rejected the argument that IP addresses and other categories of information defendants contend were unlawfully accessed and transmitted have any proprietary value. Defendants’ reliance on U.S. v. Ivanov, 175 F.Supp.2d 367, 371 (D. Conn. 2001) is misplaced. In that case, by obtaining “root access” a hacker had complete control over the victim’s information (credit card numbers and merchant account numbers) and systems. The value of credit card and merchant account numbers to a hacker is obvious. 13 1 amendment futile. 2 4. Fraud For the § 1030(a)(4) claim, defendants must also allege facts supporting a knowing intent 3 4 to defraud defendants with particularity under Rule 9. See, e.g., Oracle America, Inc. v. Service 5 Key, LLC, 2012 WL 6019580, at *6 (N.D. Cal. 2012) (“Rule 9(b) plainly applies to section 6 1030(a)(4)’s requirement that the defendant’s acts further the intended fraud.”).13 Synopsys 7 initially challenges the failure of defendants to plead the who, what, where, when of a knowing 8 intent to defraud. Read generously, the essence of defendants’ allegations is that Ubiquiti was 9 misled by the failure of Synopsys to disclose in the negotiations with Ubiquiti and the signing of the MNDA that Synopsys would embed and access the piracy tools in the software defendants 11 United States District Court Northern District of California 10 intended to download. 12 More problematic is that defendants’ fraud theory rests on an implausible chain of 13 inferences: Synopsys induced Ubiquiti (not UNIL) to enter into the MNDA with the expectation 14 that Ubiquiti’s confidential information would be kept confidential -> Synopsys expected 15 defendants would download its software -> defendants would (without any alleged encouragement 16 by Synopsys) continue to use that software after the evaluation licenses expired -> Synopsys 17 would uncover that continued use through its hidden anti-piracy software -> and Synopsys would 18 then be able to “defraud” defendants by demanding exorbitant licensing fees.14 The heart of the 19 fraud allegations are not plausible as alleged. UNIL has a separate and threshhold problem. It was not a party to the MNDA. It is 20 21 unclear whether (and if so, how) UNIL’s fraud claim could be based on the subsequent 22 conversations UNIL had with Synopsys regarding UNIL’s evaluation license. 23 24 25 26 27 28 13 Because defendants’ § 1030(a)(4) counterclaim expressly pleads fraudulent action by Synopsys, even its own authorities recognize the need to meet the 9(b) standard. NetApp, Inc. v. Nimble Storage, Inc., 41 F.Supp.3d 816, 834 (N.D. Cal. 2014) (when “read together, the foregoing precedents require that CFAA claims under § 1030(a)(4) be pleaded with specificity only when fraudulent conduct is specifically alleged as the basis for the wrongdoing.”). 14 The fraud allegations in the stand-alone fraud and RICO counterclaims suffer from the same implausibility as discussed in more detail below. 14 1 UNIL’s §§ 1030(a)(2) and (a)(5) counterclaims are DISMISSED with leave to amend to 2 plead facts regarding loss and damages, and the § 1030(a)(4) counterclaim based on fraud is 3 DISMISSED with leave to amend to attempt to plead a plausible claim. Ubiquiti’s motion for 4 leave to amend is DENIED as to the CFAA, without prejudice. Ubiquiti may move for leave to 5 amend again, if it can plausibly allege loss and damage under §§ 1030(a)(2) and (a)(5) and fraud 6 under § 1030(a)(4). 7 8 9 B. California Penal Code Section 502 - the Comprehensive Computer Data Access and Fraud Act (“CCDAFA”) 1. Pleading deficiencies Defendants allege that Synopsys violated several subsections of California Penal Code § 10 502(c), which prohibits one who: § 502(c) (1) –“[k]nowingly accesses and without permission 11 United States District Court Northern District of California alters, damages, deletes, destroys, or otherwise uses any data, computer, computer system, or 12 computer network in order to either (A) devise or execute any scheme or artifice to defraud, 13 14 15 16 deceive, or extort, or (B) wrongfully control or obtain money, property, or data”; § 502(c)(2) – “[k]nowingly accesses and without permission takes, copies, or makes use of any data from a computer, computer system, or computer network”; § 502(c)(3) –“[k]nowingly and without permission uses or causes to be used computer services”; § 502(c)(6) –“[k]nowingly and without 17 permission provides or assists in providing a means of accessing a computer, computer system, or 18 19 20 computer network in violation of this section”; § 502(c)(7) –“[k]nowingly and without permission accesses or causes to be accessed any computer, computer system, or computer network”; and § 502(c)(8) –“[k]nowingly introduces any computer contaminant into any computer, computer 21 system, or computer network.” 22 Synopsys argues that there is substantial overlap between the CFAA and CCDAFA except 23 for one respect: “A plain reading of the [CCDAFA] demonstrates that its focus is on unauthorized 24 taking or use of information. In contrast, the CFAA criminalizes unauthorized access, not 25 subsequent unauthorized use.” U.S. v. Christensen, 801 F.3d 970, 994 (9th Cir. 2015) (emphasis 26 in original). More generally, Synopsys contends that the CCDAFA claims fail for the same 27 reasons as the CFAA claims. For the reasons discussed above, I agree with Synopsys concerning 28 15 1 the fraud-based allegations and damage/loss allegations. See, e.g., Perkins v. LinkedIn 2 Corporation, 53 F.Supp.3d 1190, 1219 (N.D. Cal. 2014) (“Plaintiffs must plead some injury 3 emanating from LinkedIn’s alleged Section 502 violations to survive the Motion to Dismiss. See 4 Cal.Penal Code § 502(e)(1) (noting that only an individual ‘who suffers damage or loss by reason 5 of a violation’ may bring a private action).”). Its other arguments on this cause of action, 6 discussed below, are not well taken. 7 8 a. Without Permission With respect to the claims that require actions to be “without permission,” (i.e., (2), (3), (6), and (7)), some courts in this District have concluded that “when software containing 10 ‘surreptitious code’ is installed voluntarily by a plaintiff, a defendant has not accessed the 11 United States District Court Northern District of California 9 plaintiff’s computer ‘without permission,’ even if the plaintiff was unaware of the ‘surreptitious 12 code’ when he or she installed the software.” Flextronics International, Ltd. v. Parametric 13 Technology Corporation, 2014 WL 2213910, at *4 (N.D. Cal., May 28, 2014, No. 5:13-CV- 14 00034-PSG); In re iPhone Application Litig., 2011 WL 4403963, at *12 (N.D. Cal., Sept. 20, 15 2011, No. 11-MD-02250-LHK) (“Plaintiffs’ own allegations, the iOS and third party apps—which 16 contain the alleged ‘surreptitious code’—were all installed or updated voluntarily by Plaintiffs.”). 17 However, other courts faced with allegations that embedded software was “deeply hidden” so that 18 plaintiffs had no notice it “was operating, and they had no way to remove the software or to opt- 19 out of its functionality” have concluded that voluntary installation does not defeat the CCDAFA 20 claim. In re Carrier IQ, Inc., 78 F.Supp.3d 1051, 1101 (N.D. Cal. 2015). 21 Defendants argue that this case is more similar to In re Carrier IQ and goes beyond the 22 “voluntary installation” cases because not only do they allege that the anti-piracy software was 23 deeply hidden, but they assert that the areas of their systems accessed and “surveilled” by the anti- 24 piracy software had nothing to do with the use or running of Synopsys’ EDA software. UNIL 25 Counterclaim ¶ 106. These allegations adequately allege access was “without permission” under 26 the CCDAFA to the areas of defendants’ systems “wholly unconnected to the areas where 27 Synopsys’ evaluation software operated.” Id. 28 16 b. 1 Knowing Access As an additional ground to dismiss under CCDAFA, Synopsys argues that defendants need 2 to but have not pleaded facts that could show that Synopsys subjectively believed that it lacked 3 4 permission to access defendants’ computers in the way it did given defendants’ voluntary actions downloading Synopsys’s software, including the anti-piracy component. With particular respect 5 to UNIL, Synopsys argues there are no allegations that UNIL and Synopsys had an agreement 6 (like the MNDA with Ubiquiti) to not disclose information that it secured, no allegations of breach 7 of terms of use, and no allegation that Synopsys did anything to circumvent technical barriers. 8 9 However, this argument ignores defendants’ claims that the hidden anti-piracy exceeded the contemplated and authorized use of defendants’ data by Synopsys’ software. Defendants could 10 not have given permission for activities that Synopsys knew (or were alleged to have known) were United States District Court Northern District of California 11 hidden from defendants’ knowledge. 12 c. 13 Contaminant Defendants also argue that they have separately pleaded a claim under Section 502(c)(8), 14 15 which does not contain a “without permission” requirement, but does require a “contaminant” to have been placed in defendants’ computers. As explained in Flextronics International, Ltd. v. 16 Parametric Technology Corporation, 2014 WL 2213910, at *5 (N.D. Cal., May 28, 2014), in 17 order to state a claim under this subsection “plaintiff need only allege that the actions of the 18 contaminant (modify/damage/destroy/record/ transmit) were undertaken by overcoming a 19 technical barrier without the permission of the owner; the introduction of the contaminant to the 20 21 system need not surmount the same hurdle.” In Flextronics, the plaintiff was able to state a claim where defendant was alleged to have embedded hidden technology in plaintiff’s system (even 22 though initial access was with permission) but thereafter used the embedded technology to 23 transmit information within the computer system without the intent or permission of the owners of 24 the information. Id. at *6. Defendants have made similar allegations here. 25 26 2. Use of Data and CUTSA In addition to the pleading deficiency arguments, Synopsys contends that to the extent that 27 defendants’ CCDAFA claims are based on misappropriation of confidential and proprietary 28 17 1 information, the claims are preempted by California’s Uniform Trade Secrets Act (CUTSA). 2 Synopsys points to a line of cases holding that where there are allegations of misappropriation of 3 information, even if that information does not meet the high standard of a protectable trade secret, 4 any claim based on the misappropriation of that information is nonetheless preempted. See, e.g., 5 Waymo LLC v. Uber Technologies, Inc., 256 F.Supp.3d 1059, 1063 (N.D. Cal. 2017) (“CUTSA 6 also supersedes claims based on alleged misappropriation of non-trade secret information unless 7 some other provision of positive law grants a property right in that information.”). However, the cases relied on by Synopsys address preemption of common law and unfair 8 9 competition claims and do not explicitly address whether CUTSA would preempt a statutory claim arising under the California Penal Code. See, e.g., Waymo LLC v. Uber Technologies, Inc., 11 United States District Court Northern District of California 10 256 F.Supp.3d 1059, 1064 (N.D. Cal. 2017) (preempts Cal. Bus. & Prof. Code § 17200 claim 12 based on misappropriation of information); Avago Technologies U.S. Inc. v. Nanoprecision 13 Products, Inc., 2017 WL 412524, at *8 (N.D. Cal., Jan. 31, 2017) (conversion claim prerempted); 14 Heller v. Cepia, L.L.C., 2012 WL 13572, at *7 (N.D. Cal. Jan. 4, 2012) (finding misappropriation, 15 conversion, unjust enrichment, and trespass to chattels claims based on misappropriate of 16 information superseded by CUTSA); SunPower Corp. v. SolarCity Corp., 2012 WL 6160472, at 17 *3 (N.D. Cal. Dec. 11, 2012) (listing common law claims); see also Regents v. Aisen, 2016 WL 18 4097072, *8 (S.D. Cal., Apr. 18, 2016) (rejecting preemption of CCDAFA claim).15 Absent 19 additional authority or persuasive argument, I will not find the CCDAFA claim preempted even if 20 based in part on the misappropriation and subsequent use of defendants’ information. 21 3. Finally, Synopsys argues that defendants cannot assert a CCDAFA claim based on the use 22 23 Noerr-Pennington and Litigation Privilege of the information secured by Synopsys because that use, as alleged by defendants, constitutes 24 25 26 27 28 15 I recognize that the court in Henry Schein, Inc. v. Cook, 2017 WL 783617, at *5 (N.D. Cal., Mar. 1, 2017, No. 16-CV-03166-JST), found in passing that a Section 502 claim was preempted under CUTSA. However, the court did not analyze how CUTSA could preempt a specific provision of the California Penal Code that provides a private right of action for use of misappropriated information secured from a computer “hack,” as opposed to common law claims based on misappropriation of business information. 18 1 pre-litigation conduct protected under the Noerr-Pennington doctrine as petitioning activity and 2 protected activity under California’s litigation privilege. Cal. Civil Code § 47(b). The Noerr-Pennington doctrine “provides that concerted efforts to petition the government 3 4 that would otherwise be illegal may nonetheless be protected by the First Amendment's Petition 5 Clause when certain criteria are met.” United Nurses Associations of California v. National Labor 6 Relations Board, 871 F.3d 767, 786–87 (9th Cir. 2017). Protected conduct includes conduct 7 “incidental” to litigation, such as “sending a pre-litigation settlement demand letter.” Id. at 788; 8 see also Sosa v. DIRECTV, Inc., 437 F.3d 923, 940 (9th Cir. 2006) (“presuit letters threatening 9 legal action and making legal representations” are protected under the Noerr-Pennington doctrine 10 “absent representations so baseless that the threatened litigation would be a sham.”). However, it is not the use of defendants’ data by SmartFlow and Synopsys, resulting in United States District Court Northern District of California 11 12 ITCA sending its demand letter to Ubiquiti, that underlays the CCDAFA claims. The CCDAFA 13 claims hinge on the use of the hidden anti-piracy software that allegedly exceeded defendants’ 14 understanding of what Synopsys’ software would do and defendants’ authorization, and then 15 Synopsys disclosure of that allegedly confidential information to SmartFlow and ITCA. The 16 Noerr-Pennington doctrine does not immunize Synopsys from these claims.16 In sum, UNIL’s CCDAFA claims are DISMISSED with leave to amend the damage/loss 17 18 and fraud allegations, and Ubiquiti’s motion for leave to amend is DENIED without prejudice. 19 C. 20 Synopsys argues that defendants’ Racketeer Influenced and Corrupt Organizations Act RICO 21 (RICO) counterclaims are deficient because of their failure to adequately plead: (i) an enterprise, 22 (ii) a pattern of racketeering activity, (iii) proximate cause, and (iv) for UNIL, a domestic injury.17 23 Even if those deficiencies could be cured, Synopsys argues that the RICO claims are also barred 24 16 25 26 27 Synopsys’s argument under California’s litigation privilege – which similarly protects communications made in connection with contemplated or ongoing litigation – fails for the same reasons. See, e.g., Rohde v. Wolf, 154 Cal.App.4th 28, 36 (2007) (pre-litigation communication is privileged only when it relates to litigation that is contemplated in good faith and under serious consideration). 17 28 UNIL has pleaded and Ubiquiti seeks to plead a substantive RICO claim under 18 U.S.C. § 1962(c) and a RICO conspiracy claim under § 1962(d). 19 1 because they are inextricably based on pre-litigation petitioning activity protected under the 2 Noerr-Pennington doctrine. 3 4 1. Pleading deficiencies The RICO statute, 18 U.S.C. § 1962(c), requires a plaintiff to prove that each defendant 5 participated: in (1) the conduct of (2) an enterprise that affects interstate commerce (3) through a 6 pattern (4) of racketeering activity which (5) the proximately harmed the victim. See Eclectic 7 Properties E., LLC v. Marcus & Millichap Co., 751 F.3d 990, 997 (9th Cir. 2014). To show an 8 enterprise, “plaintiffs must plead that the enterprise has (A) a common purpose, (B) a structure or 9 organization, and (C) longevity necessary to accomplish the purpose.” Id. The purpose here is the implementation of a “compliance program for Synopsys to recover license fees and to convert 11 United States District Court Northern District of California 10 suspected unlicensed users of Synopsys’ EDA software to licensed customers.” UNIL 12 Counterclaims ¶ 95. 13 “Racketeering activity,” as defined in 18 U.S.C. § 1961(1)(B), is the commission of a 14 predicate act that is one of an enumerated list of federal crimes; here the only predicate acts 15 identified are wire fraud under 18 U.S.C. § 1343. The acts of wire fraud as part of the pattern of 16 racketeering activity alleged are: 17 18 19 20 21 22 23 24 25 (a) September 11, 2013 and September 16, 2013 emails from Synopsys’s manager to Tsai and Ubiquiti’s general counsel representing Synopsys’ proposed MNDA terms, which were false or misleading when made because Synopsys did not intend to protect Defendants’ confidential information disclosed from computers in California and Taiwan pursuant to the MNDA, but rather intended to monitor and collect it via embedded spyware; (b) November 15, 2013 and November 25, 2013 emails from Synopsys’s manager to Tsai and Ubiquiti’s in-house counsel with Synopsys executed copies of the MNDA, which were false or misleading when made because Synopsys did not intend to protect Defendants’ confidential information disclosed from computers in California and Taiwan pursuant to the MNDA; 27 (c) Transmission of Synopsys’s software installation, documentation, and license files from Synopsys’s electronic file transfer website hosted on California servers to Tsai in December 2013, which resulted in SmartFlow’s spyware being installed on Ubiquiti’s and UNIL’s servers in California and Taiwan; 28 (d) 26 Transmission of Synopsys’s 20 software installation, 1 2 3 4 5 6 7 8 9 10 United States District Court Northern District of California 11 12 13 14 documentation, and license files from Synopsys’s electronic file transfer website hosted on California servers to UNIL in April 2014, which resulted in SmartFlow’s spyware being installed on Ubiquiti’s and UNIL’s servers in California and Taiwan; (e) The Enterprise’s continual monitoring, collection, and transmittal of Defendants’ confidential information through spyware from Ubiquiti’s and UNIL’s servers in California and Taiwan between November 2013 and approximately May 2016, representing a 2.5-year period during which the Enterprise conspired to avoid detection of the spyware, thereby extending the time period over which Synopsys could claim damages in the form of retroactive license fees; and (f) May 10, 2016 email from ITCA, containing a letter from its chief executive officer Chris Luijten based in Netherlands to Ubiquiti’s chief executive officer in the United States, with a settlement demand on behalf of Synopsys, followed by subsequent email demands to Ubiquiti to recover Synopsys’ fees over a 2.5-year period for unlicensed users alleged by ITCA to have accessed Synopsys’ EDA software, but who had no reason to ever use or access the software for an evaluation or any other purpose. UNIL Counterclaims ¶ 100. a. Enterprise/Purpose A RICO enterprise has three elements: (1) a common purpose, (2) an ongoing 15 organization, and (3) a continuing unit. United States v. Christensen, 828 F.3d 763, 780 (9th Cir. 16 2015). Synopsys argues, first, that defendants have not pleaded these elements because they have 17 only pleaded (and can only plead) facts showing legitimate and arms-length business dealings 18 between Synopsys, the supplier of its anti-piracy software, and its enforcement agent ITCA, all of 19 whom are engaged in permissible anti-piracy endeavors. Because all three’s endeavors are 20 consistent with a legitimate business purpose, there can be no inference of a RICO enterprise with 21 a common, illegal purpose. Synopsys MTD at 15. The cases relied on by Synopsys for this point 22 are well-taken as to the RICO conspiracy claim, but do not preclude a direct RICO claim. 23 However, other deficiencies in the enterprise allegations exist. For example, defendants 24 have failed to plead that anyone other than Synopsys had knowledge of the only predicate act – the 25 wire fraud – because there are no allegations that SmartFlow or ITCA were aware of the MNDA 26 and negotiations regarding access to Synopsys’ software. MTD at 15-16. The existence of the 27 MNDA is key to the effectuation of the enterprise’s fraud (enticing victims to download 28 Synopsys’ software with false assurances the victims’ confidential information will not be used 21 1 against them). Similarly, Synopsys points out that there is no evidence that SmartFlow or ITCA 2 were involved in the litigations filed by Synopsys against alleged unlicensed users of its software, 3 yet these “improper” litigations are really the only facts supporting the purpose and longevity 4 elements. Defendants’ enterprise allegations are deficient. 5 b. Predicate Acts/Pattern of Racketeering Activity 6 To plead a RICO pattern, at least two predicate acts of racketeering activity need to be 7 alleged. 18 U.S.C. § 1961(5). Synopsys argues that only one instance of wire fraud has been 8 alleged – the entering into the MNDA by Ubiquiti – which is insufficient to allege a pattern. 9 Defendants discuss other “wire acts,” including the actual downloading of the Synopsys software, but defendants identify no additional representations or omissions that occurred in connection 11 United States District Court Northern District of California 10 with those downloads. The downloads are merely the effectuation of the initial fraud. As to the 12 May 2016 communications from ITCA (by letter and subsequent email), defendants do not assert 13 that the ITCA communications were fraudulent in and of themselves (e.g., they intentionally 14 misstated or overstated the use of Synopsys’s software by defendants), only that they were part of 15 the otherwise fraudulent scheme. 16 Defendants might also intend to rely on the “information and belief” conduct that 17 Synopsys and its Enterprise associates undertook with respect to the other lawsuits identified, in 18 support of the pattern of racketeering element. UNIL Counterclaims ¶¶ 19-23. But information 19 and belief is insufficient. Facts must be stated to support a charge that Synopsys or its Enterprise 20 associates committed acts of wire fraud with respect to those lawsuits.18 As currently stated, the one predicate act of wire fraud identified – the initial discussion 21 22 about and provision of the MNDA that was “false and misleading” – is insufficient to establish the 23 requisite number of predicate acts or the pattern of racketeering activity. 24 c. Proximate Cause Another significant flaw with UNIL’s RICO claim is the lack of proximate cause between 25 26 27 28 18 Synopsys questions whether, consistent with Rule 11, defendants will be able to allege fraud in connection with the other lawsuits, as publicly filed pleadings in those cases do not disclose the existence of MNDAs in those cases. Oppo. at 16 & n.6. 22 1 the fraud alleged and the harm suffered. Under RICO, there must be a “direct relation” between 2 the injury asserted and the conduct alleged, and that link cannot be “too remote,” “purely 3 contingent,” or “indirect.” Hemi Group, LLC v. City of New York, N.Y., 559 U.S. 1, 9 (2010) 4 (internal quotations omitted). As pleaded, the fraudulent scheme hinges on the MNDA – signed by Ubiquiti but not 5 UNIL – that allegedly gave Ubiquiti confidence that its confidential information would not be 7 disclosed and that was allegedly violated when Synopsys included the anti-piracy tools in its 8 software. Because UNIL did not sign the MNDA, because UNIL voluntarily downloaded 9 Synopsys’s software, because UNIL then (allegedly) continued to use that software after the 10 evaluation license period, and because the ITCA communications were sent to Ubiquiti (not 11 United States District Court Northern District of California 6 UNIL), any harm to UNIL is too remote and indirect from the fraudulent conduct alleged. 12 d. Injury to Business or Property/Domestic Injury In order to state a RICO claim, a plaintiff must “allege and prove a domestic injury to 13 14 business or property” because RICO “does not allow recovery for foreign injuries.” RJR Nabisco, 15 Inc. v. European Community, 136 S.Ct. 2090, 2111 (2016). UNIL’s RICO counterclaims fail for 16 this independent reason; it fails to plead injury to its business or property in the United States, as 17 opposed to a “foreign injury.” Mindful of UNIL’s repeated protestations in this case that it has no 18 presence in California and did no business in California, facts supporting a domestic injury have 19 not been alleged.19 More generally, Synopsys argues that both defendants have failed to allege facts showing 20 21 they were “injured” in their business or property by the alleged RICO conduct. Defendants 22 counter that because the “extent” of the information secured by the anti-piracy tools in Synopsys’s 23 software is currently unknown, the extent of defendants’ injuries are unknown. UNIL 24 Counterclaims ¶¶ 105-106. Defendants, however, are required to allege more than they were 25 “damaged” by the RICO conduct. Facts must be alleged to show how and why those assertions 26 19 27 28 UNIL’s only authority, Tatung Company, Ltd. v. Shu Tze Hsu, 217 F.Supp.3d 1138, 1155 (C.D. Cal. 2016), is not apposite on the facts here. There, while the plaintiff was a foreign corporation, it was doing business in the United States through a wholly owned corporation and maintained a “hub” in the United States. 23 1 2 3 are plausible given the information currently available to defendants. 2. Noerr-Pennington In addition to the pleading deficiencies identified above, Synopsys contends that UNIL’s current and Ubiquiti’s contemplated RICO counterclaims are barred as a matter of law because the 5 alleged “target” of the claim is Synopsys’s Noerr-Pennington protected pre-litigation licensing 6 and settlement negotiations. As noted above, Noerr-Pennington does not bar the CCDAFA 7 claims. But the result is different for RICO, given the nature of RICO scheme as pleaded by 8 defendants (a fraudulent scheme to extort license fees). See UNIL Counterclaim ¶ 14 (“the 9 purpose of exploiting personal and proprietary information from Synopsys’s software users to 10 generate revenue for Synopsys, SmartFlow, and ITCA based on the ‘recovery’ of Synopsys’s 11 United States District Court Northern District of California 4 license fees”); ¶ 95 (“the common purpose of implementing a compliance program for Synopsys 12 to recover license fees and to convert suspected unlicensed users of Synopsys’ EDA software to 13 licensed customers”); ¶ 104 (“exploited for the purpose of making exorbitant license fee demands 14 to those users. In cases where Synopsys escalated to filing lawsuits against users who had their 15 personally identifiable information or confidential information unlawfully obtained by the 16 Enterprise, each case settled shortly thereafter.”). 17 In support of their allegations, defendants rely not only on the ITCA demand letter and 18 Synopsys’s subsequent lawsuit based on defendants’ use of its software post the evaluation license 19 period but also on other litigation Synopsys has filed seeking damages from unlicensed users. 20 UNIL Counterclaims ¶¶ 19-25. What defendants have not done is claim that any of these license 21 demands and the subsequent litigations were shams. Sosa v. DIRECTV, Inc., 437 F.3d 923, 934 22 (9th Cir. 2006) (Noerr-Pennington protects litigation and related pre-litigation conduct, unless the 23 contemplated or actual litigation was a sham, meaning it was “both objective[ly] baselessness and 24 [based on] an improper motive”). 25 Given how they have chosen to frame their RICO claims, the pre-petitioning and 26 petitioning activities of Synopsys are at the heart of the fraudulent scheme alleged. As such, 27 defendants must plead facts showing that the pre-suit license demands and subsequent litigations 28 they rely on as evidence of the RICO Enterprise’s purpose were objectively baseless and based on 24 1 improper motives. All that has been alleged to date is that the Enterprise associates (Synopsys, 2 SmartFlow, ITCA, Luijten, and Miracco) have sought to enforce Synopsys’s software rights, and 3 that in some instances the information relied on by the Enterprise associates to enforce those rights 4 might not have been “accurate.” UNIL Counterclaim ¶ 12. That is insufficient. 5 UNIL’s RICO claims are DISMISSED with leave to amend and Ubiquiti’s motion for leave to amend is DENIED. If defendants can allege facts to plausibly suggest that Synopsys’s 7 (and its Enterprise associates’) demand letters and litigation to “extort” license fees were 8 objectively and subjectively baseless (and then if defendants can cure the additional pleading 9 deficiencies identified above), then defendants may be able to clear the Noerr-Pennington hurdle 10 and state a RICO claim. Separately, UNIL will also have to allege additional facts in support of 11 United States District Court Northern District of California 6 proximate cause and domestic injury with respect to the harms caused to it by the RICO 12 enterprise. 13 D. 14 Under California law, trespass to chattels “lies where an intentional interference with the Trespass to Chattels 15 possession of personal property has proximately caused injury.” Intel Corp. v. Hamidi, 30 Cal. 4th 16 1342, 1350–51 (2003). In cases of interference with possession of personal property not 17 amounting to conversion, “the owner has a cause of action for trespass or case [sic], and may 18 recover only the actual damages suffered by reason of the impairment of the property or the loss of 19 its use.” Id. at 1351 (internal quotations and citations omitted). Further, “while a harmless use or 20 touching of personal property may be a technical trespass (see Rest.2d Torts, § 217), an 21 interference (not amounting to dispossession) is not actionable, under modern California and 22 broader American law, without a showing of harm.” Id.; see also In re iPhone Application 23 Litigation, 844 F.Supp.2d 1040, 1069 (N.D. Cal. 2012) (dismissing allegations of harm that “do 24 not plausibly establish a significant reduction in service constituting an interference with the 25 intended functioning of the system, which is necessary to establish a cause of action for 26 trespass.”). 27 28 To the extent defendants base their trespass claims on the accessing of their systems by the anti-piracy software, they must but have not alleged facts showing that access impaired the 25 1 intended functioning of defendants’ systems. And to the extent that defendants base their trespass 2 claim on the anti-piracy software’s securing of and use of defendants’ data, that common law 3 claim would be preempted by CUTSA. See, e.g., Heller v. Cepia, L.L.C., 2012 WL 13572, at *7 4 (N.D. Cal., Jan. 4, 2012) (common law claims, including trespass, “premised on the wrongful 5 taking and use of confidential business and proprietary information, regardless of whether such 6 information constitutes trade secrets, are superseded by the CUTSA”). Therefore, UNIL’s trespass counterclaim is dismissed with leave to state facts showing the 8 trespass caused some harm to its computer systems. Ubiquiti’s motion to amend is denied without 9 prejudice. 10 E. 11 United States District Court Northern District of California 7 As to conversion, “if the only property identified in the complaint is confidential or Conversion 12 proprietary information, and the only basis for any property right is trade secrets law, then a 13 conversion claim predicated on the theft of that property is preempted” by CUTSA. Avago 14 Technologies U.S. Inc. v. Nanoprecision Products, Inc., 2017 WL 412524, at *7 (N.D. Cal. Jan. 15 31, 2017). Defendants’ claim is preempted and DISMISSED as to UNIL; leave to amend 16 DENIED as to Ubiquiti. 17 F. 18 Synopsys makes a number of well-taken attacks on UNIL’s fraud claims, primarily that Fraud 19 UNIL was not a party to the MNDA and has not identified any fraudulent misstatements directed 20 to it, as opposed to Ubiquiti. Those omissions are significant in the context of this case, where 21 UNIL has repeatedly emphasized that it is a separate legal entity from Ubiquiti and that Tsai (the 22 primary negotiator with Synopsys) did not work for UNIL. Given that context, it is questionable 23 whether UNIL could plead reliance on the MNDA or on representations made by Synopsys, or 24 damages suffered from a breach of the MNDA.20 As to both defendants, Synopsys relies on the actual text of the MNDA – which is 25 26 27 28 20 While UNIL argues in its opposition that it was an expected third-party-beneficiary of the MDNA in light of actions taken by Ubiquiti and Synopsys, those allegations are not currently included in UNIL’s Counterclaims. 26 1 incorporated by reference given the repeated reference to it in UNIL’s existing and Ubiquiti’s 2 proposed counterclaims. Synopsys argues that the information allegedly fraudulently procured 3 from defendants – IP addresses, MAC addresses, user names, host names, user accounts, email 4 addresses, workstation information, system administrators, IT system logs – is not included within 5 the MNDA’s definition of “confidential information” nor covered by the “purpose” of the MNDA. 6 MTD 23-24; Oppo. at 13-15. However, I need not analyze the language of the MNDA. The fatal problem with 7 8 defendants’ theory of fraud has been identified above; the current allegations are implausible 9 because they rely on too many intervening steps that were beyond the control of Synopsys. Synopsys did not force either defendant to use its software beyond the period of the evaluation 11 United States District Court Northern District of California 10 licenses. But that conduct – defendants voluntary use of Synopsys’s software that defendants do 12 not deny – lies at the heart of the fraudulent scheme alleged. As to plausibility, defendants offer 13 no real response. At most they argue that because Synopsys let defendants impermissibly use its 14 software for two years after the expiration of the evaluation licenses before it decided to have 15 ITCA go after defendants, their theory is somehow plausible. MTD at 25. It is not. UNIL’s fraud claim is DISMISSED with leave to amend. Ubiquiti’s motion for leave to 16 17 include a fraud counterclaim is DENIED without prejudice. 18 For the foregoing reasons, Synopsys’s motion to dismiss UNIL’s counterclaims is 19 GRANTED. UNIL’s second through eighth counterclaims are DISMISSED with leave to amend. 20 Ubiquiti’s motion for leave to amend its existing counterclaims to assert ones consistent with 21 UNIL’s is DENIED without prejudice due to futility. 22 III. 23 SPECIAL MOTION TO STRIKE Synopsys also moves to strike UNIL’s state law counterclaims. It argues that it satisfies 24 the first prong of the anti-SLAPP statute because the elements of UNIL’s state law counterclaims 25 demonstrate that those claims are aimed at chilling Synopsys’s right to enforce its copyrights 26 through pre-litigation demand letters and litigation. On the second prong, Synopsys argues that 27 UNIL’s state law claims are barred by the litigation privilege and that UNIL cannot otherwise 28 prevail on those claims because Synopsys’s terms of use in place during the relevant timeframe 27 1 disclosed that Synopsys’s software would communicate with Synopsys’ servers to detect software 2 piracy and verify only licensed use of its software. See Declaration Norman F. Kelly [Dkt. No. 3 801-1] ¶¶ 3, 5 & Exs 1&2. 4 However, as noted above, because all of the challenged state law counterclaims have been 5 dismissed (albeit, with leave to amend), I need not reach the separate anti-SLAPP motion to strike. 6 Synopsys’s motion to strike is DENIED without prejudice. If UNIL amends, its amendments 7 must clarify whether any of the counterclaims are based on the use of the data by Synopsys and 8 ITCA (e.g., implicating Synopsys’s protected pre-litigation activities) or are based on conduct that 9 pre-dates any use of the data. CONCLUSION 10 United States District Court Northern District of California 11 Synopsys’s motion to dismiss UNIL’s counterclaims is GRANTED with leave to amend. 12 Ubiquiti’s motion for leave to amend its counterclaims is DENIED for futility without prejudice. 13 Synopsys’s motion to strike is DENIED without prejudice. Defendants’ further motions to amend, 14 if any should be filed within twenty days of the date below. 15 16 IT IS SO ORDERED. Dated: March 13, 2018 17 18 William H. Orrick United States District Judge 19 20 21 22 23 24 25 26 27 28 28

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.

Why Is My Information Online?