Phishme, Inc. v. Wombat Security Technologies, Inc.
Filing
111
REPORT AND RECOMMENDATIONS recommending GRANTING-IN-PART AND DENYING-IN-PART D.I. 20 MOTION to Dismiss for Failure to State a Claim - Motion to Dismiss Wombat's State Law and Lanham Act Counterclaims - filed by PhishMe, Inc.. Plea se note that when filing Objections pursuant to Federal Rule of Civil Procedure 72(b)(2), briefing consists solely of the Objections (no longer than ten (10) pages) and the Response to the Objections (no longer than ten (10) pages). No further briefing shall be permitted with respect to objections without leave of the Court. Objections to R&R due by 9/18/2017. Signed by Judge Christopher J. Burke on 8/31/2017. (mlc)
<![CDATA[
IN THE UNITED STATES DISTRICT COURT
FOR THE DISTRICT OF DELAWARE
PHISHME, INC.,
Plaintiff/Counterclaim
Defendant,
v.
WOMBAT SECURITY
TECHNOLOGIES, INC.
Defendant/
Counterclaim Plaintiff.
)
)
)
)
)
)
)
)
)
)
)
)
Civil Action No. 16-403-LPS-CJB
(Consolidated)•
REPORT AND RECOMMENDATION
In one case of this consolidated action pitting Plaintiff/Counterclaim Defendant PhishMe,
Inc. ("Plaintiff' or "PhishMe"). against Defendant/Counterclaim Plaintiff Wombat Security
Technologies, Inc. ("Defendant" or "Wombat"), Plaintiff currently alleges infringement of
United States Patent No. 9,398,038 {"the '038 patent"). (D.1. 16 at~ 1) Presently before the
Court is PhishMe's Motion to Dismiss Wombat's State Law and Lanham Act Counterclaims,
. filed pursuant to Federal Rule of Civil Procedure 12(b)(6) (the "Motion"). (D.I. 20) For the
following reasons, the Court recommends that PhishMe's Motion be GRANTED-IN-PART and
DENIED-IN-PART.
I.
BACKGROUND
A.·
The Parties
PhishMe is a Delaware corporation with its principal place of business in Leesburg,
Virginia. (D.I. 16 at~ 3) It provides cybersecurity services aimed at reducing targeted phishing
threats and cyberattacks. (Id.
at~
12) PhishMe's e-mail software plug-in, "Reporter™,"
enhances phishing detection and response by, among other things, automatically distinguishing
between simulated and potentially real phishing e-mails, so that reports of possibly malicious emails are delivered to appropriate security operations and incident response teams: (Id at ~ 13)
PhishMe is the owner by assignment of the patent-in-suit. (Id.
at·~
14 & ex. A)
Wombat is a Delaware corporation with its principal place of business in Pittsburgh,
Pennsylvania. (Id at~ 4) Ittoo is a provider of cybersecurity products, including phishing
awareness technology. (Id
at~
17) Wombat is alleged to be a major competitor of PhishMe in,
inter alia, the phishing attack simulation market, and it commercially provides the cybersecurity
product ThreatSim®. (Id; see also id at~ 24; D.I. 18 at~ 16)
B.
The Patent at Issue in this Motion
Although the current allegations of patent infringement relate to the '03 8 patent, the issues
at play regarding this Motion involve a related patent owned by PhishMe, U.S. Patent No.
9,356,948 (the '"948 patent"). The '948 patent is entitled "Collaborative Phishing Attack
Detection." This patent relates to "methods, network devices and machine-readable media for
detecting phishing attacks, and . , . relies upon the responses of individuals ... to classify or not
classify a message as a phishing attack." ('948 patent, col. 1: 19-24) 1
The claimed invention of the '948 patent, inter alia, enables employees to recognize and
report potentially malicious phishing e-mails. For example, claim 1 of the patent describes a
method by which a network device sends an e-mail that simulates a phishing attack to a computer
The '948 patent explains that a "phishing attack" occurs when an individual
receives a message (e.g., an e-mail message) directing him to perform an apparently innocuous
action (e.g., opening an e-mail attachment), and where such a message is in fact from an attacker
disguised as a trusted source; When the individual undertakes that action, a haimful result follows
(e.g., opening the attachment causes the installation of malicious computer software on the
individual's computer). ('948 patent, col. 1:28-47)
2
device, and wherein certain "header" information used to identify the e-mail is then eleetronically
stored. (Id., cols. 12:59-13:6) The computer user then reports that the e-mail is potentially
malicious through the use of a "user interface action[,]" and, in response, the invention compares
· · the e-mail's header information with the previously-stored header information, all in order to
determine whether the e-mail is a known simulated phishing attack or a potentially real phishing
attack. (Id., col. 13: 1-12) If the comparison shows that the e-mail is a known simulated attack,
the user then receives feedback indicating that he or she successfully reported it as a phishing
attack. (Id., col. 13:13-21) And ifthe comparison shows that the e-mail is not a known
•· simulated attack, the invention forwards the e-mail on for further review, so that a determination
can be made as to whether it was areal phishing attack. (Id., col. 13:22-:30)
Claim 1 of the '948 patent is set out in its entirety below:
1. A method, comprising:
generating, by a network device, a simulated phishing email, the
simulated phishing email comprising a first header, wherein the
simulated phishing email is a non-malicious email thafresembles a
phishing attack, and wherein the first header identifies the simulated
phishing email as non-malicious;
electronically storing the first header in a computerized data store;
receiving, by the network device from a computing device
associated with an individual, a notification triggered by a user
interface action by the individual that an email delivered in an
account associated with the individual has been identified by the
individual as a possible phishing attack;
.
.
in response to receiving the notification, determining whether the
identified email is a known simulated phishing attack by comparing
the firstheader stored in the data store to one or more headers of the
identified email, said determining occurring at the network device
or at the computing device;
3
when the identified email is determined to be a known simulated
.
.
phishing attack based on the comparison of the first header stored in
the computerized data store to the one or more headers of the
identified email, electronically recording that the individual has
correctly identified.the identified email as a possible phishing attack
and providing feedback to the individual confirming that the
identified email was a simulated phishing attack; and
.
when the identified email is determined not to be a known
simulated phishing attack based on the comparisonofthe first
header stored in the computerized data store to the one or more
headers of the identified email, sending the identified email to a
computer security technician for review or to an email address
configured to receive the identified email or to a.computer
configured to detect whether or not the identified email is a threat or
real phishing attack.
('948 patent, cols. 12:59-13:30) There are two other independent claims of the patent: claims 13
and 27. Both of those claims largely mirror claim 1-that is, claim 13 claims ''[a] system" rather
than a method, but includes all of the language of claim 1 (as the system claimed performs all of
the steps set out in claim 1), (see id, col. 14: 13-56), and claim 27 is a method claim that is
identical to claim 1, with the exception of the addition of one limitation, (see id., cols. 15:5016:38). The discussion below as to the '948 patent applies equally to every claim of that patent.
C.
Procedural History
PhishMe filed suit against Wombat (Civil Action No. 16-403:.LPS-CJB) on June 1, 2016,
alleging, inter alia, infringement of '948 patent. (D.I. 1) On June 9, 2016, Chief Judge Leonard
P. Starkreferred the case to the Court for any and all matters related to scheduling, and to resolve
any and all motions to dismiss, stay, and/or transfer venue. (D.I. 5) · Since then, PhishMe has
filed two amended complaints in the case, including the currently operative Second Amended
Complaint ("SAC"); the SAC was filed on September 6, 2016 and alleges infringement of only
4
the '038 patent. (D.I. 16 at~· 1) On September 20, 2016, Wombat filed its Answer to the SAC,
including counterclaims for, inter alia: (1) tortious interference with prospective business
relations under Delaware law (the "tortious interference" claim); (2) violation of the Lanham Act,
15 U.S.C. § 1125; and (3) abuse of process under Delaware law. (D.1. 18
at~~
137-63)
PhishMe filed the instant Motion on October 14, 2016 in that case; seeking dismissal of
Wombat's Lanham Act and Delaware state law counterclaims pursuant to Rule 12(b)(6). (D.I.
20) Briefing on the Motion was complete as of November 10, 2016. (D.I. 27) 2
D.
Wombat's Counterclaims
The counterclaims at issue here, (D.I. 18, Counts I-III, hereinafter, the "counterclaims"),
relate to PhishMe's prior (now dropped) assertion that Wombat infringed the '948 patent. (See
id
at~~
137-63) As was noted above, PhishMe's original Complaint alleged infringement of
that patent. (D.I. 1) The same is true of PhishMe's First Amended Complaint (which alleged
infringement of both the '948 patent and the '038 patent). (D.I. 8) It was only with the filing of
the SAC, on September 6, 2016, that PhishMe withdrew its claill1 that Wombat infringed the '948
patent. (D.I. 16)
Wombat's key factual allegations regarding the three counterclaims at issue are that: (1)
PhishMe's claims of patent infringement related to the '948 patent were objectively and
subjectively baseless, (D.I. 18
at~~
20-36); (2) PhishMe issued a false and misleading press
release (the "Press Release") accusing Wombat of infringement of the '948 patent, (id
2
at~~
37-
Subsequently, PhishMe filed a second patent infringement suit in this Court
against Wombat, asserting two additional patent~ (Civil Action No. 17-769-LPS-CJB); that suit
was later consolidated with Civil Action No. 16-403-LPS-CJB, the matter that gave rise to the
instant Motion. (D.I. 108) All citations herein are to the docket in Civil Action No. 16-403LPS-CJB, and all references are to certain of the counterclaims at issue in only that case.
5
48); (3) PhishMe's dissemination of the Press Release harmed Wombat's customer relations and
derailed its fundraising process, (id at ~~ 49-66); and (4) PhishMe then pressured Wombat into
merger negotiations on terms unfavorable to Wombat, (id.
at~~
67-71).
More specifically, Wombat's counterclaims assert that one day after the '948 patent was
issued (that is, on June 1, 2016), PhishMe "filed a baseless claim [of patent infringement] relying
solely on a few isolated quotes from a [publicly available] 'ThreatSim® for Outlook
Administrator Guide [the "Administrator Guide",]"' without contacting Wombat ''to request any
information about how Wombat's products operated or to discuss its accusation that Wombat
infringes the '948 Patent[.]" (Id at~~ 20-23 (citing D.I. 1 at~ 16))3 The relied-upon
Administrator Guide, according to Wombat, "does not address, let alone provide a basis to assert,
that ThreatSim® practices at least one necessary element of the independent claims of the '948
Patent." (Id
at~
24) Wombat alleges that when PhishMe filed its Complaint, it "had no
information that showed any Wombat product performed the steps of the '948 Patent[,]" and
"knew or should have known that it had no good faith basis to assert that Wombat's products
infringed the '948 Patent." (Id.
at~~
26-27)
According to Wombat's counterclaims, PhishMe then issued the Press Release, entitled
"'PhishMe® Initiates Intellectual Property Enforcement Action Against Wombat Security
Technologies®, Inc."' on June 23, 2016 (22 days after filing the original Complaint). (Id at ~37;
3
Wombat did not attach the '948 patent or the Administrator Guide to its
counterclaims, but those documents are otherwise a part of the case record. (D.I. 1, ex. A; D.I.
21, ex. A) Because the documents are explicitly relied upon by the counterclaims, and are
integral to the counterclaims, (see, e.g., D.I. 18 at~~ 23-24, 137, 145, 157), the Court may take
note of their content herein, (D.I. 21 at 9-10); see also In re Burlington Coat Factory Secs. Litig.,
114 F.3d 1410, 1426 (3d Cir. 1997).
6
see also id, ex. 1) The Press Release stated, inter alia, that PhishMe's suit against Wombat was
"a result of [Wombat's] infringement of the '948 Patent ... which covers PhishMe' s ReporterTM
technologies" and that PhishMe had "'clear evidence of Wombat infringing PhishMe's
innovative solutions."' (Id., ex. 1 at 1) However, Wombat alleges that, in fact, "PhishMe had no
evidence, let alone 'clear' evidence, of the alleged infringement." (Id. at ,-i 42) The Press
Release, which was disseminated in various ways, stated that PhishMe "fully intends to protect
its investments ... with legal enforcement where necessary[,]" (id., ex. 1 at 1), which Wombat
takes to suggest that PhishMe "would pursue litigation against Wombat's customers who use
ThreatSim®[,]" (id. at ,-i 44-46).
Wombat further alleges that "[s]hortly after PhishMe issued its Press Release, existing
and prospective customers of Wombat contacted Wombat to express concern about PhishMe's
infringement claims." (Id at ,-i 49) It also alleges, "[u]pon information and belief," that aside
from the Press Release, "PhishMe sent similar emails to other existing and prospective customers
of Wombat." (Id. at ,-i 52) Wombat asserts that multiple prospective customers either expressed
serious concerns about contracting with Wombat after reading the Press Release, or in fact
elected not tq contract with Wombat after doing so. (See id. at ,-i,-i 54-56) In addition, Wombat
alleges that it "was forced to offer extensive indemnification to potential and existing customers
during contract negotiations" because of "PhishMe's bad faith accusations[.]" (Id. at ,-i 59) And
Wombat asserts that PhishMe's suit completely derailed Wombat's efforts to fundraise from
third parties, and that "but for PhishMe's baseless accusations, Wombat would have received a
higher number of concrete offers and the concrete offers it received would have been based on
higher valuations." (Id at ,-i 64)
7
Finally, Wombat alleges that "[o]n the same day the final prospective investor withdrew
its offer to Wombat, Bessemer Venture Partners ('BVP')," a significant investor in PhishMe,4
"contacted Wombat to propose a discussion of a potential acquisition of Wombat by PhishMe or
merger opportunities with PhishMe." (Id.
regarding the same subject. (Id.
at~
at~
67) BVP contacted Wombat again three days later
69) According to Wombat, "[p]rior to these
communications, PhishMe and its investors had never seriously prirsued merger or acquisition
discussions with Wombat." (Id.
at~
70) Wombat alleges, on information and belief, that
"PhishMe and its investors are seeking to unjustly enrich themselves by leveraging PhishMe's
baseless accusations and interference with Wombat's business relationships in an attempt to
damage Wombat's business and acquire Wombat for a discounted amount." (Id.
at~
71)
Wombat then alleges that PhishMe's actions, described above, help provide the factual
basis for the three counterclaims at issue. (Id.
II.
at~~
137-63)
STANDARD OF REVIEW
Pursuant to Rule 12(b)(6), a party may move to dismiss a plaintiffs complaint based on
the failure to state a claim upon which relief can be granted. Fed. R. Civ. P. 12(b)(6). The
sufficiency of pleadings for non-fraud cases is governed by Federal Rule of Civil Procedure 8,
which requires "a short and plain statement of the claim showing that the pleader is entitled to
relief[.]" Fed. R. Civ. P. 8(a)(2).
When presented with a Rule 12(b)(6) motion to dismiss for failure to state a claim, a
court conducts a two-part analysis. Fowler v. UPMC Shadyside, 578 F.3d 203, 210 (3d Cir.
4
"Specifically, BVP contributed $42.5 million in Series C funding that PhishMe
raised and announced on July 26th, 2016." (D.I. 18 at~ 68)
8
2009). First, the court separates the factual and legal elements of a claim, accepting "all of the
complaint's well-pleaded facts as true, but [disregarding] any legal conclusions." Id. at 210-11.
Second, the court determines "whether the facts alleged in the complaint are sufficient to show
that the plaintiff has a 'plausible claim for relief."' Id at 211 (quoting Ashcroft v. Iqbal, 556
U.S. 662, 679 (2009)).
Determining whether a claim is plausible is "a context-specific task that requires the
reviewing court to draw on its judicial experience and common sense." Iqbal, 556 U.S. at 679.
A plausible claim does more than merely allege entitlement to relief; it must also demonstrate the
basis for that "entitlement with its facts." Fowler, 578 F.3d at 211. Thus, a claimant's
"obligation to provide the 'grounds' of his 'entitle[ment] to relief' requires more than labels and
conclusions, and a formulaic recitation of the elements of a cause of action will not do[.]" Bell
Atl. Corp. v. Twombly, 550 U.S. 544, 555 (2007); accord Iqbal, 556 U.S. at 678 ("Threadbare
recitals of the elements of a cause of action, supported by mere conclusory statements, do not
suffice."). In assessing the plausibility of a claim, the court must '"construe the complaint in the
light most favorable to the plaintiff, and determine whether, under any reasonable reading of the
complaint, the plaintiff may be entitled to relief."' Fowler, 578 F.3d at 210 (quoting Phillips v.
Cnty. ofAllegheny, 515 F.3d 224, 233 (3d Cir. 2008)).
III.
DISCUSSION
The Court will first address Wombat's state law counterclaims, and then will assess its
Lanham Act counterclaim.
A.
State Law Counterclaims
1.
Has Wombat adequately pleaded bad faith to avoid preemption by
9
federal patent law? ·
Counts I and III of Wombat's counterclaims (the tortious interference and abuse of
process claims) arise under Delaware state law. (See, e.g., D.I. 21 at 9) PhishMe argues that
these state law counterclaims are preempted by federal patent law. (See id. at 9-12; D.I. 27 at 2-
6)
"[F]ederal patent law preempts state-law tort liability for a patentholder's good faith
conduct in communications asserting infringement of its patent and warning about potential
litigation." Globetrotter Software, Inc. v. Elan Comput. Grp., 362 F.3d 1367, 1374 (Fed. Cir.
2004) (citing Zenith Elecs. Corp. v. Exzec, Inc., 182 F.3d 1340, 1355 (Fed. Cir. 1999)). "Statelaw claims [of this nature] can survive federal preemption only to the extent that those claims are
based on a showing of 'bad faith' action in asserting infringement." Id. Accordingly, to avoid
preemption, "bad faith must be alleged and ultimately proven, even ifbad faith is not otherwise
an element of the tort claim." Zenith, 182 F.3d at 1355. "In general, a threshold showing of
incorrectness or falsity, or disregard for either, is required in order to find bad faith in the
communication of information about the existence or pendency of patent rights." Mikohn
Gaming Corp. v. Acres Gaming, Inc., 165 F.3d 891, 897 (Fed. Cir. 1998).
"Bad faith includes separate objective and subjective components." Dominant
Semiconductors Sdn. Bhd. v. OSRAM GmbH, 524 F.3d 1254, 1260 (Fed. Cir. 2008) (citing
Mikohn Gaming, 165 F.3d at 897). "The objective component requires a showing that the
infringement allegations are 'objectively baseless."' 800 Adept, Inc. v. Murex Sec., Ltd., 539
F.3d 1354, 1370 (Fed. Cir. 2008) (quoting Globetrotter, 362 F.3d at 1375). Infringement
allegations are objectively baseless if "no reasonable litigant could realistically expect to secure
10
favorable relief." Prof'! Real Estate Inv'rs, Inc. v. Columbia Pictures Indus., Inc., 508 U.S. 49,
62 (1993) (citation omitted); see also Dominant Semiconductors, 524 F.3d at 1260. Therefore, a
counterclaimant seeking to prove bad faith in this regard must "prove that the [counterclaim]
defendant lacked probable cause ... and ... pressed the action for an improper, malicious
purpose." Prof'l Real Estate Inv'rs, 508 U.S. at 62. The subjective component relates to a
showing that the patentee demonstrated subjective bad faith in enforcing the patent. 800 Adept,
539 F.3d at 1370.
Here, the Court finds that Wombat has not sufficiently pleaded objective bad faith, as
required in order to overcome Patent Act preemption of Wombat's tortious interference state law
counterclaim (Count 1). 5 To review, Wombat pleaded that PhishMe: (1) "filed a baseless claim
relying solely on a few isolated quotes from a 'ThreatSim® for Outlook Administrator Guide[,]"'
(D.I. 18
at~
23 (quoting D.I. 1 at~ 16)); (2) "had no information that showed any Wombat
product performed the steps of the '948 Patent[,]" (id.
at~
26); and (3) "should have known that
it had no good faith basis to assert that Wombat's products infringed the '948 Patent[,]" (id.
at~
27). In more particularly explaining why PhishMe's claim was so baseless, paragraphs 24 and 25
of Wombat's counterclaims alleged as follows:
24. The Administrator Guide does not address, let alone provide
any basis to assert, that ThreatSim practices at least one necessary
element of the independent claims of the '948 Patent-that
"feedback to the individual confirming that the identified email was
a simulated phishing attack" be provided only after and "in
5
Wombat separately argues that its abuse of process claim (Count 111) is not subject
to this "bad faith" requirement because that type of claim does not fall within the ambit of federal
patent law so as to implicate preemption concerns. (See D.I. 23 at 9-10) The Court will address
this argument separately below. See infra Section 111.A.2. Thus, in this subsection, the Court
ultimately addresses only the tortious interference counterclaim in Count I.
11
response to" "the network device" receiving "from a computing
device associated with an individual, a notification triggered by a
user interface action by the individual that an email delivered in an
account associated with the individual has been identified by the
individual as a possible phishing attack." See '948 Patent, [] col.
13:1-21 (emphasis added).
25. In fact, ThreatSim® does not provide feedback to the reporting
individual after and in response to a "network device" receiving
"from a computing device associated with an individual, a
notification triggered by a user interface action by the individual
that an email delivered in an account associated with the individual
has been identified by the individual as a possible phishing attack."
(Id.
at~~
24-25 (emphasis in original)) Finally, Wombat pleaded that PhishMe dropped its
allegedly baseless claim after PhishMe "achieved its objective of derailing potential investments
in Wombat, and positioned itself to try to acquire Wombat at an artificially depressed price
tllrough its Press Release and emails containing bad faith assertions that Wombat infringes the
'948 Patent." (Id.
at~
72; see also id.
at~
74)
As can be seen from the previous paragraph, the core of Wombat's "bad faith" argument
(laid out in paragraphs 24 and 25 of the counterclaims) is that: (1) the ThreatSim product clearly
did not meet one identified limitation of the independent claims of the '948 patent; (2) the
Administrator Guide-the sole resource that PhishMe relied upon to assert infringement-made
this clear; and (3) yet PhishMe leveled its baseless allegations anyway, all to the detriment of
Wombat. What is the key claim limitation at issue (that Wombat says ThreatSim clearly did not
meet)? Paragraphs 24 and 25 again appear to make clear Wombat's answer: (1) Wombat is
pointing to the claims' requirement (as set out, for example, in claim 1) that when an identified email is determined to be a known, simulated phishing attack, that "feedback" be provided to the
individual computer user "confirming that the identified email was a simulated fishing attack[,]"
12
('948 patent, col. 13:13-21)6 ; and (2) Wombat is then asserting that the claim requires that this
"feedback" be provided "in response to" the receipt by the "network device" of a certain
"notification" triggered by an action of the individual computer user (the notification indicating
that the user has identified a received e-mail as a possible phishing attack), (id., col. 13: 1-13).
(D.I. 18 at iii! 24-25) And Wombat is next claiming that ThreatSim does not provide the required
"feedback" in response to a "network device" receiving the aforementioned "notification "-but
instead, that ThreatSim provides the feedback in response to a ''plug-in" (i.e., software found on
the email recipient's computing device) making a determination as to whether the identified email is a simulated phishing attack. (Id.; see also D.I. 23 at 5 (citing D.I. 21, ex. A at 11))
Candidly, it would not have been the Court's first thought that the claims require
"providing feedback" directly "in response to" the network device receiving the "notification" at
issue. Claim 1, for example, does explicitly talk about something happening directly "in
6
The Court comes to this conclusion after reading the plain language of paragraphs
24 and 25, particularly the emphasis Wombat includes as to the words "in response to" in
paragraph 24. (D.I. 18 at if 24) In reading Wombat's answering brief, however, at times it
appears that Wombat is asserting that there is another limitation that ThreatSim did not meet that
is relevant to the question of bad faith. That is, at times it seems as if Wombat could be asserting
that it is the "network device" that must make the required "determin[ation]" called for by the
claim (as opposed to allowing that such a determination can be made by the "computing
device"). (See, e.g., D.I. 23 at 5 ("Thus the '948 Patent requires ... that the feedback be provided
'in response' to ... 'the network device' [] receiving the notification from an individual and then
determining whether the email is a simulated phishing email.") (emphasis added); id. at 6 ("To
execute either of [two recited actions in the claim based on whether the reported e-mail is a
simulated phishing e-mail] the plug-in [i.e., part of the accused product] first must have
determined, at the individual's computing device, whether the email contains the X-ThreatSimID (i.e., whether the email is a simulated phishing attack)" (emphasis in original)); see also D.I.
27 at 4) If Wombat is making that assertion in its briefs, the Court will not consider it here, as
the allegation was not fairly set out in Wombat's counterclaims. Moreover, the Court does not
see how the assertion can be correct, as the patent claims appear clearly to permit the
"determining" step to be accomplished either "at the network device or at the computing
device[.]" ('948 patent, col: 13:7-12; see also D.I. 27 at 4)
13
response to" something else-but there, it is that a determination as to whether the identified email is a simulated phishing e-mail is to be made "in response to" the network device's having
received the "notification." ('948 patent, col. 13:7-12) And, as PhishMe argues, ifthe step of
"providing feedback" can be said to be taken directly in response to anything, it appears to be
taken not in response to the act of receiving the "notification," but instead in response to the
occurrence of the "determining" step (i.e., to the act wherein "the identified email is determined
to be a known simulated phishing attack based on the comparison" of certain information), (id.,
col. 13:7-21). (D.I. 27 at 4 ("In addition, contrary to Wombat's assertion, claim 1 requires
'providing feedback' 'when the identified email is determined to be a known simulated phishing
attack' based on a certain 'comparison'[]-not in response to the network device receiving a
'notification"')) This is because in the claims, the "notification" step occurs at an earlier stage
then the "determining" step, and both occur before the "feedback" is provided.
However, even if at the claim construction stage, the claims are somehow found to
require that the "feedback" be provided directly "in response to" the receipt by the "network
device" of the "notification," then, in the Court's view, Wombat still would not have
demonstrated that it is plausible that PhishMe had an objectively baseless infringement claim.
That is because even if this ends up being found to be a claim requirement, for the reasons stated
above, that requirement surely was not clear at the time PhishMe took the actions called out by
Count I. The Court does not believe that "no reasonable litigant [in PhishMe's shoes] could
realistically [have] expect[ed] to secure favorable relief' by arguing that the claim does not
require what Wombat now says it does. Prof'l Real Estate Inv 'rs, Inc., 508 U.S. at 62; cf Wilco
AG v. Packaging Techs. & Inspection LLC, 615 F. Supp. 2d 320, 325-26 (D. Del. 2009) (finding
14
that a defendant's Delaware state law tortious interference claim was preempted for the failure to
sufficiently allege bad faith, where the defendant made general allegations that a plaintiff
representative "inaccurately" advised a third party of defendant's purported infringement-a
"sentiment shared by any accused infringer, but not indicative of any disregard on the part of
plaintiff for the accuracy of [its representative's] statement"). 7
For these reasons, Wombat has failed to sufficiently plead objective bad faith as to Count
I, and thus Count I is preempted by federal patent law. 8
2.
Is Wombat's abuse of process counterclaim subject to preemption by
federal patent law?
While it is undisputed that a failure to sufficiently plead bad faith compels dismissal of
Count I, Wombat separately argues that federal patent law preemption (and the associated bad
faith requirement) do not extend to abuse of process claims such as that found in Count III. (See
D.I. 23 at 9) Specifically,-Wombat asserts that "courts have held that preemption does not apply
to such claims when they are based on misuse of judicial proceedings." (Id.) For this
7
Alternatively, it could be that the claims will be construed to require that the
provision of feedback be provided "in response to" the receipt of the "notification"-but only in
the sense that the notification sets off a chain of events that can eventually (though perhaps not
directly) lead to the provision of feedback thereafter (i.e., it prompts the "determining" step to
happen, which, in turn, then can prompt the provision of feedback to the user). But ifthat is
what is required, then the content of the Administrator Guide demonstrates why PhishMe had at
least probable cause to believe that this is how Wombat's product actually worked. (D.I. 21 at 67 (citing id., ex. A at 4, 10-11 ), 10-11)
8
Though the parties do not present arguments regarding whether allegations
purporting to demonstrate "bad faith" implicate the heightened pleading standard of Federal Rule
of Civil Procedure 9(b), the Court notes that there is a lack of clear authority on this issue. See,
e.g., Wilco AG, 615 F. Supp. 2d at 325 n.2. Here, the Court need not address this issue further
because it finds that the allegations regarding Count I do not meet even the more liberal pleading
standard under Rule 8(a).
15
proposition, Wombat cites two district court cases.
In the first case, Verve, L.L.C. v. Hypercom Corp., No. CV-05-0365-PHX-FJM, 2006 WL
2390505 (D. Ariz. Aug. 16, 2006), the United States District Court for the District of Arizona
indeed held that the defendant's malicious prosecution and abuse of process counterclaims
(which arose under state law) were not preempted by federal patent law. 2006 WL 2390505, at
*2 (citing US. Aluminum Corp. v. Alumax, Inc., 831F.2d878, 881 (9th Cir. 1987) ("While we
do not deny that conflict is possible between state malicious prosecution laws and federal patent
laws, the policies underlying each are not inherently antithetical. Patents do not create an
exemption from state malicious prosecution laws.")). In the second case, Artemi Ltd v. SafeStrap Co., Inc., Civ. Action No. 03-3382 (JEI/AMD), 2013 WL 6860734 (D.N.J. Dec. 30, 2013),
the United States District Court for the District of New Jersey held that the defendant's New
Jersey state abuse of process counterclaim was not preempted by federal patent law, noting that
"[t]he federal preemption cases [plaintiff] relies upon[] merely stand for the proposition that
common law tort claims of abuse of process cannot be based on 'bad faith misconduct before the
[United States Patent and Trademark Office, or "PTO"]."' 2013 WL 6860734, at *5 (quoting
Semiconductor Energy Lab. Co., Ltd v. Samsung Elecs. Co., Ltd, 204 F.3d 1368, 1382 (Fed.
Cir. 2000)). Accordingly, the Artemi Court determined that "allegations supporting an
inequitable conduct defense cannot simultaneously support an abuse of process claim." Id
However, the defendant's abuse of process counterclaim, which was "not based on [plaintiffs]
alleged actions before the PTO, but rather the initiation and continued pursuit of the instant
suit[,]" was not preempted. Id.
In response to these cases, PhishMe argues that "controlling Federal Circuit
16
law"-specifically, Globetrotter Software, Inc. v. Elan Comput. Grp., 362 F.3d 1367 (Fed. Cir.
2004)-indicates that: (1) Wombat is required to allege bad faith in support of its abuse of
process claim; and (2) the abuse of process claim is the kind of claim that is subject to
preemption by federal patent law in the absence of a sufficient allegation of bad faith. (D.I. 27 at
2-3 (quoting Globetrotter, 362 F.3d at 1377 ("A plaintiff claiming a patent holder has engaged in
wrongful conduct by asserting claims of patent infringement must establish that the claims of
infringement were objectively baseless."))) But Globetrotter did not address an abuse of process
claim; indeed, it focused specifically on "pre-litigation communications alleging patent
infringement" and "conduct in communications asserting infringement of [a] patent and warning
about potential litigation." 362 F.3d at 1377 (emphasis added). In this case, by contrast,
Wombat's abuse of process counterclaim is based on PhishMe's alleged activities "[a}fter filing
the Complaint[.]" (D.I. 18
at~
159 (emphasis added))
Moreover, the Court notes that to impose an "objectively baseless" requirement in the
context of an abuse of process counterclaim seems particularly discordant, as such a requirement
is fundamentally at odds with the very purpose of the tort. The abuse of process tort was created
(and is distinguishable from, for example, a malicious prosecution claim) in order to prevent a
plaintiff from "us[ing] an otherwise valid action as a pretext to achieve a collateral objective, and
avoid liability for malfoious prosecution because there was probable cause to bring the action."
Toll Bros., Inc. v. Gen. Accident Ins. Co., No. C.A. 98C-08-203 WTQ,'1999 WL 744426, at *5
(Del. Super. Ct. Aug. 4, 1999) (emphasis added) (citation omitted). "The quintessential case of
abuse of process is the initiation of a valid law suit to compel the payment of a debt unrelated to
the suit (a collateral purpose) and an offer to terminate such litigation upon payment of the
17
unrelated debt." Id (emphasis added) (citation omitted); see also Carr v. Town of Dewey Beach,
730 F. Supp. 591, 599 (D. Del. 1990); Pfeiffer v. State Farm Mut. Auto. Ins. Co., C.A. No.
NlOA-12-006 JRS, 2011 WL 7062498, at *5 n.50 (Del. Sup. Ct. Dec. 20, 2011). It seems
strange, even in the context of a preemption inquiry, to require Wombat to allege that PhishMe' s
infringement claim as to the '948 patent was wholly baseless-all in order that Wombat be
permitted to assert a counterclaim whose very raison d'etre is to allow for a claim where the
underlying cause of action (or use of process) is not, in fact, wholly baseless. 9
In sum, the Court cannot find binding law supporting PhishMe' s assertion of federal
patent law preemption for state law abuse of process claims (and there is case law affirmatively
to the contrary). PhishMe has thus not met its burden to demonstrate that Count III is preempted
by federal patent law. The Court will therefore proceed to assess whether Wombat has
sufficiently pleaded that counterclaim pursuant to Rule 8(a).
3.
Is Wombat's abuse of process counterclaim sufficiently pleaded?
To establish an abuse of process claim under Delaware law, a plaintiff must prove: '"(1)
an ulterior purpose; and (2) a willful act in the use of the process not proper in the regular
9
PhishMe does cite two cases in which appellate courts have appeared to apply an
"objectively baseless" requirement to an abuse of process or malicious prosecution counterclaim.
(D.I. 27 at 3 & n.9 (citing Cheminor Drugs, Ltd. v. Ethyl Corp., 168 F.3d 119, 128 (3d Cir.
1999); Carroll Touch, Inc. v. Electro Mech. Sys., 15 F.3d 1573, 1581, 1583 (Fed. Cir. 1993)))
However, neither of those cases did so on the ground that federal patent law preempts state law
abuse of process claims absent a showing of bad faith. Instead, the Carroll Touch and Cheminor
Courts each found that the respective counterclaim-defendants were protected from state law
abuse of process or malicious prosecution counterclaims by Noerr-Pennington immunity, a First
Amendment-related doctrine. See Cheminor, 168 F.3d at 128-29; Carroll Touch, 15 F.3d at
1581-83. PhishMe does not directly assert here that the Noerr-Pennington doctrine in fact
applies to immunize it from liability as to Wombat's abuse of process counterclaim, and so the
Court need not further address that issue. (D.I. 27 at 2-3)
18
conduct of the proceedings."' Paoli v. Stetser, Civil Action No. 12-66-GMS-CJB, 2014 WL
3386037, at *35 (D. Del. July 11, 2014) (citing Esposito v. Townsend, C.A. 12C-08-006 (RBY),
2013 WL 493321, at *5 (Del. Super. Ct. Feb. 8, 2013)), report and recommendation adopted in
part, rejected in part on other grounds, C.A. No. 12-66-GMS-CJB, 2014 WL 5847567 (D. Del.
Nov. 10, 2014). "[S]ome definite act or threat, not consistent with process, or designed for an
illegitimate objective in the use of process, is required." Chase Bank USA, NA. v. Hess, C.A.
No. 08-121-LPS-MPT, 2013 WL 867542, at *4 (D. Del. Mar. 7, 2013) (citing Nix v. Sawyer, 466
A.2d 407, 412 (Del. Super. Ct. 1983)). "Some form of coercion to obtain a collateral advantage,
not properly involved in the proceeding itself, must also be shown." Id. (citing Nix, 466 A.2d at
412). On the other hand, merely carrying out the process to its authorized conclusion, even
though with bad intentions, does not result in liability. Nix, 466 A.2d at 412 (citation omitted).
PhishMe contends that Wombat's abuse of process counterclaim cannot survive because
"Wombat bases [that] counterclaim on PhishMe's infringement claim for the '948 Patent,[] but
this accuses PhishMe' s pleading, not the use of a court process." (D .I. 21 at 18 (emphasis in
original)) PhishMe asserts that "[a]lleged misstatements in pleadings cannot support an abuse of
process claim." (Id. (citations omitted))
But Wombat's allegations go well beyond PhishMe's statements in its first two
complaints (in which PhishMe alleged infringement of the '948 patent). (D.I. 23 at 2) Indeed,
Wombat specifically pleads that PhishMe-with the ulterior motive of attempting to gain an
unfair advantage over Wombat in the marketplace-"[a]fter filing the Complaint ... used the
litigation [via the dissemination of the Press Release, related social media posts and via direct
communications with Wombat customers] as means to interfere with Wombat's business and
19
dissuade third parties from doing business with Wombat." (D.I. 18 at ifif 158-59 (emphasis
added); see also id. at iii! 37-71) PhishMe's ultimate plan, Wombat alleges, was for these actions
to permit PhishMe to acquire Wombat on unfair commercial terms (and for Wombat to
understand that only were it to accede to that kind of acquisition, would this lawsuit then be
resolved). (Id. at iii! 160-62) This Court and Delaware state courts have repeatedly found that if
a party files a lawsuit, and then is alleged to have (with an ulterior motive) tried to use the fact of
that suit to cause extra-litigation or extra-judicial injury to another party, a Delaware state law
claim for abuse of process can stand. 10
Accordingly, the Court will recommend denial of PhishMe's Motion as it pertains to
Count III.
B.
Lanham Act Counterclaim
In Count II, Wombat alleges that PhishMe committed false advertising when it issued the
"false and misleading" Press Release, in violation of the Lanham Act, 15 U.S.C. § 1125(a)(l)(B).
10
See, e.g., Chase Bank, 2013 WL 867542, at *1-2, *5 (recommending grant of
summary judgment to the plaintiff on its abuse of process claim, where the defendant initiated
litigation "employed to further an improper purpose ... and for collateral
advantage"-specifically to allow the defendant the ability to obtain monthly fees from the
plaintiff's clients, in lieu of the clients making payments to the plaintiff) (internal quotation
marks omitted); Trueposition, Inc. v. Allen Telecom, Inc., No. C.A. 01-823 GMS, 2003 WL
151227, at *3, *6 (D. Del. Jan. 21, 2003) (denying motion to dismiss an abuse of process
counterclaim, albeit pre-Twombly and Iqbal, based on the plaintiff's (1) filing of a patent
infringement suit against the defendant, and (2) issuance of a press release announcing the same,
all of which caused the defendant to incur additional legal expenses in renegotiating a contract,
caused more onerous indemnification terms to be inserted in that contract, and caused additional
damage to the defendant's reputation); cf Esposito, 2013 WL 493321, at *6 (finding that a report
of child abuse resulting in "an investigation [that] led to cont~ct with an employer, or coverage in
a newspaper, or community black listing, or some such event" could support a claim for abuse of
process).
20
(D.I. 18 at iii! 145-56) Wombat's primary allegation is that what was false and misleading about
the Press Release was that it contained statements to the effect that Wombat infringed the '948
patent, and that PhishMe had clear evidence of the same; Wombat alleges that this amounted to a
. "bad faith" attempt by PhishMe to "influence consumers not to purchase Wombat's products
and/or to purchase PhishMe's product's instead" or to cause other harm to Wombat. (D.I. 18 at
irir 148, 151-53) 11
The parties agree that "a bad faith standard applies to Lanham Act claims to avoid a
11
To the extentthat Wombat's Lanham Act counterclaim is additionally based on
the· assertion that the Press Release contains false and misleading statements about PhishMe's
"products, including that the scope of its patent protection under the '948 Patent extends beyond
the patent's claims[,]''. (D.I. 18 at if 149; see also D.I. 23 at 19), there is very little content in the
counterclaims that actually speaks directly to that allegation, (see D.I. 18 at iii! 40, 149). To
establish a Lanham Act claim based on false advertising, a claimant must plead:
1) that the defendant has made false or misleading statements as to
his own product [or another's]; 2) that there is actual deceptfon or
at least a tendency to deceive a substantial portion of the intended
audience; 3) that the deception is material in that it is likely to
influence purchasing decisions; 4) that the advertised goods
traveled in interstate commerce;· and 5) that there is a likelihood of
injury to the. [claimant] in terms of declining sales, loss of good
will, etc.
· Warner-Lamb.ert Co. v. BreathAsure, Inc., 204 F.3d.87, 91-92 (3d Cir. 2000). Here, there are so
· few factUal allegations in Wombat's counterclaims that actually speak directly to this aspect of
the Press Release, that the Court is unable to conclude that a Lanham Act claim based on this
. statement has been sufficiently pleaded. For example, there is little factual articulation in the
counterclaims as to why it is that PhishMe's statement that the '948 patent "covers PhishMe's
Reporter™ technologies[,]" (D.1. 18, ex. 1 at 1; see also D.I. 18 at iii! 39-40, 149, 153, 156), is
ass.erted to be material or likely to cause injury to Wombat. In light of this, the Court
recommends dismissal of Count ill without prejudice, only as to this particular theory of Lanham
Act liability. This will allow Wombat, if it actually wishes to move forward with such a claim,
to re-plead it With greater factual specificity. Cf Keeton v. Bd. of Educ. ofSussex Tech. Sch.
Dist., Civil Action No. 15-1036-LPS, 2016 WL 5938699, at *11-12 (D. Del. Oct. 12, 2016)
(recommending dismissal without prejudice where the deficiencies of the plaintiffs claims "may
' simply go to a failtire of articlliation, not a failure to possess sufficient facts").
21
potential conflict with federal patent laws." (D.I. 23 at 10 n.2; D.I. 27 at 2 (citing Zenith, 182
F.3d at 1353 ("[B]efore a patentee may be held liable under Section 43(a) [of the Lanham Act]
for marketplace activity in support of its patent, and thus be deprived of the right to make
statements about potential infringement of its patent, the marketplace activity must have been
undertaken in bad faith."))) "Exactly what constitutes bad faith [in this context] remains to be
determined on a case by case basis." Zenith, 182 F.3d at 1354. Nonetheless, "a clear case of bad
faith exists when 'the patentee knows that the patent is invalid, unenforceable, or not infringed,
yet represents to the marketplace that a competitor is infringing the patent."' Isco Int'!, Inc.- v.
Conductus, Inc., 279 F. Supp. 2d 489, 504 (D. Del. 2003) (quoting Zenith, 182 F.3d at 1354).
"By contrast, a patentee does not commit [a Lanham Act violation] when it makes
representations that ultimately prove to be inaccurate, provided they make them in good faith."
Id. (citing Golan v. Pingel Enter., 310 F.3d 1360, 1371 (Fed. Cir. 2002)). "In general, a
threshold showing of incorrectness or falsity, or disregard for either, is required in order to find
bad faith in the communication of information about the pendency of patent rights." Mikohn
Gaming, 165 F.3d at 897.
For the reasons described in Section III.A.I, supra, Wombat has not pleaded facts
sufficient to support a plausible inference of bad faith as to this theory of Lanham Act liability.
Accordingly, the Court will recommend that PhishMe's Motion be granted as to Count II, with
regard to the theory of liability in Count II premised on PhishMe's statements in the Press
Release to the effect that Wombat infringed the '948 patent, and that PhishMe had clear evidence
22
of such infringement. 12
IV.
CONCLUSION
For the reasons set forth above, the Court recommends that PhishMe's Motion be
GRANTED-IN-PART and DENIED-IN-PART. 13 . Specifically, the Court recommends that the
District Court: (1) GRANT the Motion with prejudice as to Count I of Wombat's counterclaims,
(2) GRANT the Motion without prejudice as to Count II of Wombat's counterclaims, only to the
extent that Count II is premised on the theory of liability described in Paragraph 149 of that
Count, and otherwise GRANT the Motion with prejudice as to Count II; and (3) DENY the
Motion as to Count III of Wombat's counterclaims.
This Report and Recommendation is filed pursuant to 28 U.S.C. § 636(b)(l)(B), Fed. R.
Civ. P. 72(b)(l), and D. Del. LR 72.1. The parties may serve and file specific written objections
within fourteen (14) days after being served with a copy of this Report and Recommendation.
Fed. R. Civ. P. 72(b). The failure of a party to.object to legal conclusions may result in the loss
of the right to de novo review in the district court. See Henderson v. Carlson, 812 F.2d 874, 87879 (3d Cir. 1987); Sincavage v. Barnhart, 171 F. App'x 924, 925 n.l (3d Cir. 2006).
The parties are directed to the Court's Standing Order for Objections Filed Under Fed. R.
12
In their briefing, the parties also dispute whether the Noerr-Pennington doctrine
bars Wombat's Lanham Act counterclaim. (See, e.g., D.I. 21 at 12-14; D.I. 23 at 7-9) This Court
has noted that "[i]t is not clear whether the Noerr-Pennington doctrine applies to Lanham Act
claims[.]" Kimberly-Clark Wordlwide, Inc. v. Cardinal Health 200, LLC, Civil Action No. 111228-RGA, 2012 WL 3063974, at *2 n.l (D. Del. July 27, 2012) (citing cases) (internal
quotation marks and citations omitted); !GT v. Bally Gaming Int 'l Inc., Civ. No. 06-282-SLR,
2010 WL 1727388, at *3 n.6 (D. Del. Apr. 28, 2010). Here, the Court need not now determine
whether the Noerr-Pennington doctrine applies to Lanham Act claims, as there are other bases on
which it can dispose of the Motion as it relates to Count II.
13
PhishMe's request for oral argument is DENIED. (D.I. 29)
23
Civ. P. 72, dated October 9, 2013, a copy of which is available on the District Court's website,
. located at http://www.ded.uscourts.gov.
Dated: August 31, 2017
Christopher J. Burke
UNITED STATES MAGISTRATE JUDGE
24
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
