Phishme, Inc. v. Wombat Security Technologies, Inc.

Filing 111

REPORT AND RECOMMENDATIONS recommending GRANTING-IN-PART AND DENYING-IN-PART D.I. 20 MOTION to Dismiss for Failure to State a Claim - Motion to Dismiss Wombat's State Law and Lanham Act Counterclaims - filed by PhishMe, Inc.. Plea se note that when filing Objections pursuant to Federal Rule of Civil Procedure 72(b)(2), briefing consists solely of the Objections (no longer than ten (10) pages) and the Response to the Objections (no longer than ten (10) pages). No further briefing shall be permitted with respect to objections without leave of the Court. Objections to R&R due by 9/18/2017. Signed by Judge Christopher J. Burke on 8/31/2017. (mlc)

Download PDF
IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF DELAWARE PHISHME, INC., Plaintiff/Counterclaim Defendant, v. WOMBAT SECURITY TECHNOLOGIES, INC. Defendant/ Counterclaim Plaintiff. ) ) ) ) ) ) ) ) ) ) ) ) Civil Action No. 16-403-LPS-CJB (Consolidated)• REPORT AND RECOMMENDATION In one case of this consolidated action pitting Plaintiff/Counterclaim Defendant PhishMe, Inc. ("Plaintiff' or "PhishMe"). against Defendant/Counterclaim Plaintiff Wombat Security Technologies, Inc. ("Defendant" or "Wombat"), Plaintiff currently alleges infringement of United States Patent No. 9,398,038 {"the '038 patent"). (D.1. 16 at~ 1) Presently before the Court is PhishMe's Motion to Dismiss Wombat's State Law and Lanham Act Counterclaims, . filed pursuant to Federal Rule of Civil Procedure 12(b)(6) (the "Motion"). (D.I. 20) For the following reasons, the Court recommends that PhishMe's Motion be GRANTED-IN-PART and DENIED-IN-PART. I. BACKGROUND A.· The Parties PhishMe is a Delaware corporation with its principal place of business in Leesburg, Virginia. (D.I. 16 at~ 3) It provides cybersecurity services aimed at reducing targeted phishing threats and cyberattacks. (Id. at~ 12) PhishMe's e-mail software plug-in, "Reporter™," enhances phishing detection and response by, among other things, automatically distinguishing between simulated and potentially real phishing e-mails, so that reports of possibly malicious emails are delivered to appropriate security operations and incident response teams: (Id at ~ 13) PhishMe is the owner by assignment of the patent-in-suit. (Id. at·~ 14 & ex. A) Wombat is a Delaware corporation with its principal place of business in Pittsburgh, Pennsylvania. (Id at~ 4) Ittoo is a provider of cybersecurity products, including phishing awareness technology. (Id at~ 17) Wombat is alleged to be a major competitor of PhishMe in, inter alia, the phishing attack simulation market, and it commercially provides the cybersecurity product ThreatSim®. (Id; see also id at~ 24; D.I. 18 at~ 16) B. The Patent at Issue in this Motion Although the current allegations of patent infringement relate to the '03 8 patent, the issues at play regarding this Motion involve a related patent owned by PhishMe, U.S. Patent No. 9,356,948 (the '"948 patent"). The '948 patent is entitled "Collaborative Phishing Attack Detection." This patent relates to "methods, network devices and machine-readable media for detecting phishing attacks, and . , . relies upon the responses of individuals ... to classify or not classify a message as a phishing attack." ('948 patent, col. 1: 19-24) 1 The claimed invention of the '948 patent, inter alia, enables employees to recognize and report potentially malicious phishing e-mails. For example, claim 1 of the patent describes a method by which a network device sends an e-mail that simulates a phishing attack to a computer The '948 patent explains that a "phishing attack" occurs when an individual receives a message (e.g., an e-mail message) directing him to perform an apparently innocuous action (e.g., opening an e-mail attachment), and where such a message is in fact from an attacker disguised as a trusted source; When the individual undertakes that action, a haimful result follows (e.g., opening the attachment causes the installation of malicious computer software on the individual's computer). ('948 patent, col. 1:28-47) 2 device, and wherein certain "header" information used to identify the e-mail is then eleetronically stored. (Id., cols. 12:59-13:6) The computer user then reports that the e-mail is potentially malicious through the use of a "user interface action[,]" and, in response, the invention compares · · the e-mail's header information with the previously-stored header information, all in order to determine whether the e-mail is a known simulated phishing attack or a potentially real phishing attack. (Id., col. 13: 1-12) If the comparison shows that the e-mail is a known simulated attack, the user then receives feedback indicating that he or she successfully reported it as a phishing attack. (Id., col. 13:13-21) And ifthe comparison shows that the e-mail is not a known •· simulated attack, the invention forwards the e-mail on for further review, so that a determination can be made as to whether it was areal phishing attack. (Id., col. 13:22-:30) Claim 1 of the '948 patent is set out in its entirety below: 1. A method, comprising: generating, by a network device, a simulated phishing email, the simulated phishing email comprising a first header, wherein the simulated phishing email is a non-malicious email thafresembles a phishing attack, and wherein the first header identifies the simulated phishing email as non-malicious; electronically storing the first header in a computerized data store; receiving, by the network device from a computing device associated with an individual, a notification triggered by a user interface action by the individual that an email delivered in an account associated with the individual has been identified by the individual as a possible phishing attack; . . in response to receiving the notification, determining whether the identified email is a known simulated phishing attack by comparing the firstheader stored in the data store to one or more headers of the identified email, said determining occurring at the network device or at the computing device; 3 when the identified email is determined to be a known simulated . . phishing attack based on the comparison of the first header stored in the computerized data store to the one or more headers of the identified email, electronically recording that the individual has correctly identified.the identified email as a possible phishing attack and providing feedback to the individual confirming that the identified email was a simulated phishing attack; and . when the identified email is determined not to be a known simulated phishing attack based on the comparisonofthe first header stored in the computerized data store to the one or more headers of the identified email, sending the identified email to a computer security technician for review or to an email address configured to receive the identified email or to configured to detect whether or not the identified email is a threat or real phishing attack. ('948 patent, cols. 12:59-13:30) There are two other independent claims of the patent: claims 13 and 27. Both of those claims largely mirror claim 1-that is, claim 13 claims ''[a] system" rather than a method, but includes all of the language of claim 1 (as the system claimed performs all of the steps set out in claim 1), (see id, col. 14: 13-56), and claim 27 is a method claim that is identical to claim 1, with the exception of the addition of one limitation, (see id., cols. 15:5016:38). The discussion below as to the '948 patent applies equally to every claim of that patent. C. Procedural History PhishMe filed suit against Wombat (Civil Action No. 16-403:.LPS-CJB) on June 1, 2016, alleging, inter alia, infringement of '948 patent. (D.I. 1) On June 9, 2016, Chief Judge Leonard P. Starkreferred the case to the Court for any and all matters related to scheduling, and to resolve any and all motions to dismiss, stay, and/or transfer venue. (D.I. 5) · Since then, PhishMe has filed two amended complaints in the case, including the currently operative Second Amended Complaint ("SAC"); the SAC was filed on September 6, 2016 and alleges infringement of only 4 the '038 patent. (D.I. 16 at~· 1) On September 20, 2016, Wombat filed its Answer to the SAC, including counterclaims for, inter alia: (1) tortious interference with prospective business relations under Delaware law (the "tortious interference" claim); (2) violation of the Lanham Act, 15 U.S.C. § 1125; and (3) abuse of process under Delaware law. (D.1. 18 at~~ 137-63) PhishMe filed the instant Motion on October 14, 2016 in that case; seeking dismissal of Wombat's Lanham Act and Delaware state law counterclaims pursuant to Rule 12(b)(6). (D.I. 20) Briefing on the Motion was complete as of November 10, 2016. (D.I. 27) 2 D. Wombat's Counterclaims The counterclaims at issue here, (D.I. 18, Counts I-III, hereinafter, the "counterclaims"), relate to PhishMe's prior (now dropped) assertion that Wombat infringed the '948 patent. (See id at~~ 137-63) As was noted above, PhishMe's original Complaint alleged infringement of that patent. (D.I. 1) The same is true of PhishMe's First Amended Complaint (which alleged infringement of both the '948 patent and the '038 patent). (D.I. 8) It was only with the filing of the SAC, on September 6, 2016, that PhishMe withdrew its claill1 that Wombat infringed the '948 patent. (D.I. 16) Wombat's key factual allegations regarding the three counterclaims at issue are that: (1) PhishMe's claims of patent infringement related to the '948 patent were objectively and subjectively baseless, (D.I. 18 at~~ 20-36); (2) PhishMe issued a false and misleading press release (the "Press Release") accusing Wombat of infringement of the '948 patent, (id 2 at~~ 37- Subsequently, PhishMe filed a second patent infringement suit in this Court against Wombat, asserting two additional patent~ (Civil Action No. 17-769-LPS-CJB); that suit was later consolidated with Civil Action No. 16-403-LPS-CJB, the matter that gave rise to the instant Motion. (D.I. 108) All citations herein are to the docket in Civil Action No. 16-403LPS-CJB, and all references are to certain of the counterclaims at issue in only that case. 5 48); (3) PhishMe's dissemination of the Press Release harmed Wombat's customer relations and derailed its fundraising process, (id at ~~ 49-66); and (4) PhishMe then pressured Wombat into merger negotiations on terms unfavorable to Wombat, (id. at~~ 67-71). More specifically, Wombat's counterclaims assert that one day after the '948 patent was issued (that is, on June 1, 2016), PhishMe "filed a baseless claim [of patent infringement] relying solely on a few isolated quotes from a [publicly available] 'ThreatSim® for Outlook Administrator Guide [the "Administrator Guide",]"' without contacting Wombat ''to request any information about how Wombat's products operated or to discuss its accusation that Wombat infringes the '948 Patent[.]" (Id at~~ 20-23 (citing D.I. 1 at~ 16))3 The relied-upon Administrator Guide, according to Wombat, "does not address, let alone provide a basis to assert, that ThreatSim® practices at least one necessary element of the independent claims of the '948 Patent." (Id at~ 24) Wombat alleges that when PhishMe filed its Complaint, it "had no information that showed any Wombat product performed the steps of the '948 Patent[,]" and "knew or should have known that it had no good faith basis to assert that Wombat's products infringed the '948 Patent." (Id. at~~ 26-27) According to Wombat's counterclaims, PhishMe then issued the Press Release, entitled "'PhishMe® Initiates Intellectual Property Enforcement Action Against Wombat Security Technologies®, Inc."' on June 23, 2016 (22 days after filing the original Complaint). (Id at ~37; 3 Wombat did not attach the '948 patent or the Administrator Guide to its counterclaims, but those documents are otherwise a part of the case record. (D.I. 1, ex. A; D.I. 21, ex. A) Because the documents are explicitly relied upon by the counterclaims, and are integral to the counterclaims, (see, e.g., D.I. 18 at~~ 23-24, 137, 145, 157), the Court may take note of their content herein, (D.I. 21 at 9-10); see also In re Burlington Coat Factory Secs. Litig., 114 F.3d 1410, 1426 (3d Cir. 1997). 6 see also id, ex. 1) The Press Release stated, inter alia, that PhishMe's suit against Wombat was "a result of [Wombat's] infringement of the '948 Patent ... which covers PhishMe' s ReporterTM technologies" and that PhishMe had "'clear evidence of Wombat infringing PhishMe's innovative solutions."' (Id., ex. 1 at 1) However, Wombat alleges that, in fact, "PhishMe had no evidence, let alone 'clear' evidence, of the alleged infringement." (Id. at ,-i 42) The Press Release, which was disseminated in various ways, stated that PhishMe "fully intends to protect its investments ... with legal enforcement where necessary[,]" (id., ex. 1 at 1), which Wombat takes to suggest that PhishMe "would pursue litigation against Wombat's customers who use ThreatSim®[,]" (id. at ,-i 44-46). Wombat further alleges that "[s]hortly after PhishMe issued its Press Release, existing and prospective customers of Wombat contacted Wombat to express concern about PhishMe's infringement claims." (Id at ,-i 49) It also alleges, "[u]pon information and belief," that aside from the Press Release, "PhishMe sent similar emails to other existing and prospective customers of Wombat." (Id. at ,-i 52) Wombat asserts that multiple prospective customers either expressed serious concerns about contracting with Wombat after reading the Press Release, or in fact elected not tq contract with Wombat after doing so. (See id. at ,-i,-i 54-56) In addition, Wombat alleges that it "was forced to offer extensive indemnification to potential and existing customers during contract negotiations" because of "PhishMe's bad faith accusations[.]" (Id. at ,-i 59) And Wombat asserts that PhishMe's suit completely derailed Wombat's efforts to fundraise from third parties, and that "but for PhishMe's baseless accusations, Wombat would have received a higher number of concrete offers and the concrete offers it received would have been based on higher valuations." (Id at ,-i 64) 7 Finally, Wombat alleges that "[o]n the same day the final prospective investor withdrew its offer to Wombat, Bessemer Venture Partners ('BVP')," a significant investor in PhishMe,4 "contacted Wombat to propose a discussion of a potential acquisition of Wombat by PhishMe or merger opportunities with PhishMe." (Id. regarding the same subject. (Id. at~ at~ 67) BVP contacted Wombat again three days later 69) According to Wombat, "[p]rior to these communications, PhishMe and its investors had never seriously prirsued merger or acquisition discussions with Wombat." (Id. at~ 70) Wombat alleges, on information and belief, that "PhishMe and its investors are seeking to unjustly enrich themselves by leveraging PhishMe's baseless accusations and interference with Wombat's business relationships in an attempt to damage Wombat's business and acquire Wombat for a discounted amount." (Id. at~ 71) Wombat then alleges that PhishMe's actions, described above, help provide the factual basis for the three counterclaims at issue. (Id. II. at~~ 137-63) STANDARD OF REVIEW Pursuant to Rule 12(b)(6), a party may move to dismiss a plaintiffs complaint based on the failure to state a claim upon which relief can be granted. Fed. R. Civ. P. 12(b)(6). The sufficiency of pleadings for non-fraud cases is governed by Federal Rule of Civil Procedure 8, which requires "a short and plain statement of the claim showing that the pleader is entitled to relief[.]" Fed. R. Civ. P. 8(a)(2). When presented with a Rule 12(b)(6) motion to dismiss for failure to state a claim, a court conducts a two-part analysis. Fowler v. UPMC Shadyside, 578 F.3d 203, 210 (3d Cir. 4 "Specifically, BVP contributed $42.5 million in Series C funding that PhishMe raised and announced on July 26th, 2016." (D.I. 18 at~ 68) 8 2009). First, the court separates the factual and legal elements of a claim, accepting "all of the complaint's well-pleaded facts as true, but [disregarding] any legal conclusions." Id. at 210-11. Second, the court determines "whether the facts alleged in the complaint are sufficient to show that the plaintiff has a 'plausible claim for relief."' Id at 211 (quoting Ashcroft v. Iqbal, 556 U.S. 662, 679 (2009)). Determining whether a claim is plausible is "a context-specific task that requires the reviewing court to draw on its judicial experience and common sense." Iqbal, 556 U.S. at 679. A plausible claim does more than merely allege entitlement to relief; it must also demonstrate the basis for that "entitlement with its facts." Fowler, 578 F.3d at 211. Thus, a claimant's "obligation to provide the 'grounds' of his 'entitle[ment] to relief' requires more than labels and conclusions, and a formulaic recitation of the elements of a cause of action will not do[.]" Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555 (2007); accord Iqbal, 556 U.S. at 678 ("Threadbare recitals of the elements of a cause of action, supported by mere conclusory statements, do not suffice."). In assessing the plausibility of a claim, the court must '"construe the complaint in the light most favorable to the plaintiff, and determine whether, under any reasonable reading of the complaint, the plaintiff may be entitled to relief."' Fowler, 578 F.3d at 210 (quoting Phillips v. Cnty. ofAllegheny, 515 F.3d 224, 233 (3d Cir. 2008)). III. DISCUSSION The Court will first address Wombat's state law counterclaims, and then will assess its Lanham Act counterclaim. A. State Law Counterclaims 1. Has Wombat adequately pleaded bad faith to avoid preemption by 9 federal patent law? · Counts I and III of Wombat's counterclaims (the tortious interference and abuse of process claims) arise under Delaware state law. (See, e.g., D.I. 21 at 9) PhishMe argues that these state law counterclaims are preempted by federal patent law. (See id. at 9-12; D.I. 27 at 2- 6) "[F]ederal patent law preempts state-law tort liability for a patentholder's good faith conduct in communications asserting infringement of its patent and warning about potential litigation." Globetrotter Software, Inc. v. Elan Comput. Grp., 362 F.3d 1367, 1374 (Fed. Cir. 2004) (citing Zenith Elecs. Corp. v. Exzec, Inc., 182 F.3d 1340, 1355 (Fed. Cir. 1999)). "Statelaw claims [of this nature] can survive federal preemption only to the extent that those claims are based on a showing of 'bad faith' action in asserting infringement." Id. Accordingly, to avoid preemption, "bad faith must be alleged and ultimately proven, even ifbad faith is not otherwise an element of the tort claim." Zenith, 182 F.3d at 1355. "In general, a threshold showing of incorrectness or falsity, or disregard for either, is required in order to find bad faith in the communication of information about the existence or pendency of patent rights." Mikohn Gaming Corp. v. Acres Gaming, Inc., 165 F.3d 891, 897 (Fed. Cir. 1998). "Bad faith includes separate objective and subjective components." Dominant Semiconductors Sdn. Bhd. v. OSRAM GmbH, 524 F.3d 1254, 1260 (Fed. Cir. 2008) (citing Mikohn Gaming, 165 F.3d at 897). "The objective component requires a showing that the infringement allegations are 'objectively baseless."' 800 Adept, Inc. v. Murex Sec., Ltd., 539 F.3d 1354, 1370 (Fed. Cir. 2008) (quoting Globetrotter, 362 F.3d at 1375). Infringement allegations are objectively baseless if "no reasonable litigant could realistically expect to secure 10 favorable relief." Prof'! Real Estate Inv'rs, Inc. v. Columbia Pictures Indus., Inc., 508 U.S. 49, 62 (1993) (citation omitted); see also Dominant Semiconductors, 524 F.3d at 1260. Therefore, a counterclaimant seeking to prove bad faith in this regard must "prove that the [counterclaim] defendant lacked probable cause ... and ... pressed the action for an improper, malicious purpose." Prof'l Real Estate Inv'rs, 508 U.S. at 62. The subjective component relates to a showing that the patentee demonstrated subjective bad faith in enforcing the patent. 800 Adept, 539 F.3d at 1370. Here, the Court finds that Wombat has not sufficiently pleaded objective bad faith, as required in order to overcome Patent Act preemption of Wombat's tortious interference state law counterclaim (Count 1). 5 To review, Wombat pleaded that PhishMe: (1) "filed a baseless claim relying solely on a few isolated quotes from a 'ThreatSim® for Outlook Administrator Guide[,]"' (D.I. 18 at~ 23 (quoting D.I. 1 at~ 16)); (2) "had no information that showed any Wombat product performed the steps of the '948 Patent[,]" (id. at~ 26); and (3) "should have known that it had no good faith basis to assert that Wombat's products infringed the '948 Patent[,]" (id. at~ 27). In more particularly explaining why PhishMe's claim was so baseless, paragraphs 24 and 25 of Wombat's counterclaims alleged as follows: 24. The Administrator Guide does not address, let alone provide any basis to assert, that ThreatSim practices at least one necessary element of the independent claims of the '948 Patent-that "feedback to the individual confirming that the identified email was a simulated phishing attack" be provided only after and "in 5 Wombat separately argues that its abuse of process claim (Count 111) is not subject to this "bad faith" requirement because that type of claim does not fall within the ambit of federal patent law so as to implicate preemption concerns. (See D.I. 23 at 9-10) The Court will address this argument separately below. See infra Section 111.A.2. Thus, in this subsection, the Court ultimately addresses only the tortious interference counterclaim in Count I. 11 response to" "the network device" receiving "from a computing device associated with an individual, a notification triggered by a user interface action by the individual that an email delivered in an account associated with the individual has been identified by the individual as a possible phishing attack." See '948 Patent, [] col. 13:1-21 (emphasis added). 25. In fact, ThreatSim® does not provide feedback to the reporting individual after and in response to a "network device" receiving "from a computing device associated with an individual, a notification triggered by a user interface action by the individual that an email delivered in an account associated with the individual has been identified by the individual as a possible phishing attack." (Id. at~~ 24-25 (emphasis in original)) Finally, Wombat pleaded that PhishMe dropped its allegedly baseless claim after PhishMe "achieved its objective of derailing potential investments in Wombat, and positioned itself to try to acquire Wombat at an artificially depressed price tllrough its Press Release and emails containing bad faith assertions that Wombat infringes the '948 Patent." (Id. at~ 72; see also id. at~ 74) As can be seen from the previous paragraph, the core of Wombat's "bad faith" argument (laid out in paragraphs 24 and 25 of the counterclaims) is that: (1) the ThreatSim product clearly did not meet one identified limitation of the independent claims of the '948 patent; (2) the Administrator Guide-the sole resource that PhishMe relied upon to assert infringement-made this clear; and (3) yet PhishMe leveled its baseless allegations anyway, all to the detriment of Wombat. What is the key claim limitation at issue (that Wombat says ThreatSim clearly did not meet)? Paragraphs 24 and 25 again appear to make clear Wombat's answer: (1) Wombat is pointing to the claims' requirement (as set out, for example, in claim 1) that when an identified email is determined to be a known, simulated phishing attack, that "feedback" be provided to the individual computer user "confirming that the identified email was a simulated fishing attack[,]" 12 ('948 patent, col. 13:13-21)6 ; and (2) Wombat is then asserting that the claim requires that this "feedback" be provided "in response to" the receipt by the "network device" of a certain "notification" triggered by an action of the individual computer user (the notification indicating that the user has identified a received e-mail as a possible phishing attack), (id., col. 13: 1-13). (D.I. 18 at iii! 24-25) And Wombat is next claiming that ThreatSim does not provide the required "feedback" in response to a "network device" receiving the aforementioned "notification "-but instead, that ThreatSim provides the feedback in response to a ''plug-in" (i.e., software found on the email recipient's computing device) making a determination as to whether the identified email is a simulated phishing attack. (Id.; see also D.I. 23 at 5 (citing D.I. 21, ex. A at 11)) Candidly, it would not have been the Court's first thought that the claims require "providing feedback" directly "in response to" the network device receiving the "notification" at issue. Claim 1, for example, does explicitly talk about something happening directly "in 6 The Court comes to this conclusion after reading the plain language of paragraphs 24 and 25, particularly the emphasis Wombat includes as to the words "in response to" in paragraph 24. (D.I. 18 at if 24) In reading Wombat's answering brief, however, at times it appears that Wombat is asserting that there is another limitation that ThreatSim did not meet that is relevant to the question of bad faith. That is, at times it seems as if Wombat could be asserting that it is the "network device" that must make the required "determin[ation]" called for by the claim (as opposed to allowing that such a determination can be made by the "computing device"). (See, e.g., D.I. 23 at 5 ("Thus the '948 Patent requires ... that the feedback be provided 'in response' to ... 'the network device' [] receiving the notification from an individual and then determining whether the email is a simulated phishing email.") (emphasis added); id. at 6 ("To execute either of [two recited actions in the claim based on whether the reported e-mail is a simulated phishing e-mail] the plug-in [i.e., part of the accused product] first must have determined, at the individual's computing device, whether the email contains the X-ThreatSimID (i.e., whether the email is a simulated phishing attack)" (emphasis in original)); see also D.I. 27 at 4) If Wombat is making that assertion in its briefs, the Court will not consider it here, as the allegation was not fairly set out in Wombat's counterclaims. Moreover, the Court does not see how the assertion can be correct, as the patent claims appear clearly to permit the "determining" step to be accomplished either "at the network device or at the computing device[.]" ('948 patent, col: 13:7-12; see also D.I. 27 at 4) 13 response to" something else-but there, it is that a determination as to whether the identified email is a simulated phishing e-mail is to be made "in response to" the network device's having received the "notification." ('948 patent, col. 13:7-12) And, as PhishMe argues, ifthe step of "providing feedback" can be said to be taken directly in response to anything, it appears to be taken not in response to the act of receiving the "notification," but instead in response to the occurrence of the "determining" step (i.e., to the act wherein "the identified email is determined to be a known simulated phishing attack based on the comparison" of certain information), (id., col. 13:7-21). (D.I. 27 at 4 ("In addition, contrary to Wombat's assertion, claim 1 requires 'providing feedback' 'when the identified email is determined to be a known simulated phishing attack' based on a certain 'comparison'[]-not in response to the network device receiving a 'notification"')) This is because in the claims, the "notification" step occurs at an earlier stage then the "determining" step, and both occur before the "feedback" is provided. However, even if at the claim construction stage, the claims are somehow found to require that the "feedback" be provided directly "in response to" the receipt by the "network device" of the "notification," then, in the Court's view, Wombat still would not have demonstrated that it is plausible that PhishMe had an objectively baseless infringement claim. That is because even if this ends up being found to be a claim requirement, for the reasons stated above, that requirement surely was not clear at the time PhishMe took the actions called out by Count I. The Court does not believe that "no reasonable litigant [in PhishMe's shoes] could realistically [have] expect[ed] to secure favorable relief' by arguing that the claim does not require what Wombat now says it does. Prof'l Real Estate Inv 'rs, Inc., 508 U.S. at 62; cf Wilco AG v. Packaging Techs. & Inspection LLC, 615 F. Supp. 2d 320, 325-26 (D. Del. 2009) (finding 14 that a defendant's Delaware state law tortious interference claim was preempted for the failure to sufficiently allege bad faith, where the defendant made general allegations that a plaintiff representative "inaccurately" advised a third party of defendant's purported infringement-a "sentiment shared by any accused infringer, but not indicative of any disregard on the part of plaintiff for the accuracy of [its representative's] statement"). 7 For these reasons, Wombat has failed to sufficiently plead objective bad faith as to Count I, and thus Count I is preempted by federal patent law. 8 2. Is Wombat's abuse of process counterclaim subject to preemption by federal patent law? While it is undisputed that a failure to sufficiently plead bad faith compels dismissal of Count I, Wombat separately argues that federal patent law preemption (and the associated bad faith requirement) do not extend to abuse of process claims such as that found in Count III. (See D.I. 23 at 9) Specifically,-Wombat asserts that "courts have held that preemption does not apply to such claims when they are based on misuse of judicial proceedings." (Id.) For this 7 Alternatively, it could be that the claims will be construed to require that the provision of feedback be provided "in response to" the receipt of the "notification"-but only in the sense that the notification sets off a chain of events that can eventually (though perhaps not directly) lead to the provision of feedback thereafter (i.e., it prompts the "determining" step to happen, which, in turn, then can prompt the provision of feedback to the user). But ifthat is what is required, then the content of the Administrator Guide demonstrates why PhishMe had at least probable cause to believe that this is how Wombat's product actually worked. (D.I. 21 at 67 (citing id., ex. A at 4, 10-11 ), 10-11) 8 Though the parties do not present arguments regarding whether allegations purporting to demonstrate "bad faith" implicate the heightened pleading standard of Federal Rule of Civil Procedure 9(b), the Court notes that there is a lack of clear authority on this issue. See, e.g., Wilco AG, 615 F. Supp. 2d at 325 n.2. Here, the Court need not address this issue further because it finds that the allegations regarding Count I do not meet even the more liberal pleading standard under Rule 8(a). 15 proposition, Wombat cites two district court cases. In the first case, Verve, L.L.C. v. Hypercom Corp., No. CV-05-0365-PHX-FJM, 2006 WL 2390505 (D. Ariz. Aug. 16, 2006), the United States District Court for the District of Arizona indeed held that the defendant's malicious prosecution and abuse of process counterclaims (which arose under state law) were not preempted by federal patent law. 2006 WL 2390505, at *2 (citing US. Aluminum Corp. v. Alumax, Inc., 831F.2d878, 881 (9th Cir. 1987) ("While we do not deny that conflict is possible between state malicious prosecution laws and federal patent laws, the policies underlying each are not inherently antithetical. Patents do not create an exemption from state malicious prosecution laws.")). In the second case, Artemi Ltd v. SafeStrap Co., Inc., Civ. Action No. 03-3382 (JEI/AMD), 2013 WL 6860734 (D.N.J. Dec. 30, 2013), the United States District Court for the District of New Jersey held that the defendant's New Jersey state abuse of process counterclaim was not preempted by federal patent law, noting that "[t]he federal preemption cases [plaintiff] relies upon[] merely stand for the proposition that common law tort claims of abuse of process cannot be based on 'bad faith misconduct before the [United States Patent and Trademark Office, or "PTO"]."' 2013 WL 6860734, at *5 (quoting Semiconductor Energy Lab. Co., Ltd v. Samsung Elecs. Co., Ltd, 204 F.3d 1368, 1382 (Fed. Cir. 2000)). Accordingly, the Artemi Court determined that "allegations supporting an inequitable conduct defense cannot simultaneously support an abuse of process claim." Id However, the defendant's abuse of process counterclaim, which was "not based on [plaintiffs] alleged actions before the PTO, but rather the initiation and continued pursuit of the instant suit[,]" was not preempted. Id. In response to these cases, PhishMe argues that "controlling Federal Circuit 16 law"-specifically, Globetrotter Software, Inc. v. Elan Comput. Grp., 362 F.3d 1367 (Fed. Cir. 2004)-indicates that: (1) Wombat is required to allege bad faith in support of its abuse of process claim; and (2) the abuse of process claim is the kind of claim that is subject to preemption by federal patent law in the absence of a sufficient allegation of bad faith. (D.I. 27 at 2-3 (quoting Globetrotter, 362 F.3d at 1377 ("A plaintiff claiming a patent holder has engaged in wrongful conduct by asserting claims of patent infringement must establish that the claims of infringement were objectively baseless."))) But Globetrotter did not address an abuse of process claim; indeed, it focused specifically on "pre-litigation communications alleging patent infringement" and "conduct in communications asserting infringement of [a] patent and warning about potential litigation." 362 F.3d at 1377 (emphasis added). In this case, by contrast, Wombat's abuse of process counterclaim is based on PhishMe's alleged activities "[a}fter filing the Complaint[.]" (D.I. 18 at~ 159 (emphasis added)) Moreover, the Court notes that to impose an "objectively baseless" requirement in the context of an abuse of process counterclaim seems particularly discordant, as such a requirement is fundamentally at odds with the very purpose of the tort. The abuse of process tort was created (and is distinguishable from, for example, a malicious prosecution claim) in order to prevent a plaintiff from "us[ing] an otherwise valid action as a pretext to achieve a collateral objective, and avoid liability for malfoious prosecution because there was probable cause to bring the action." Toll Bros., Inc. v. Gen. Accident Ins. Co., No. C.A. 98C-08-203 WTQ,'1999 WL 744426, at *5 (Del. Super. Ct. Aug. 4, 1999) (emphasis added) (citation omitted). "The quintessential case of abuse of process is the initiation of a valid law suit to compel the payment of a debt unrelated to the suit (a collateral purpose) and an offer to terminate such litigation upon payment of the 17 unrelated debt." Id (emphasis added) (citation omitted); see also Carr v. Town of Dewey Beach, 730 F. Supp. 591, 599 (D. Del. 1990); Pfeiffer v. State Farm Mut. Auto. Ins. Co., C.A. No. NlOA-12-006 JRS, 2011 WL 7062498, at *5 n.50 (Del. Sup. Ct. Dec. 20, 2011). It seems strange, even in the context of a preemption inquiry, to require Wombat to allege that PhishMe' s infringement claim as to the '948 patent was wholly baseless-all in order that Wombat be permitted to assert a counterclaim whose very raison d'etre is to allow for a claim where the underlying cause of action (or use of process) is not, in fact, wholly baseless. 9 In sum, the Court cannot find binding law supporting PhishMe' s assertion of federal patent law preemption for state law abuse of process claims (and there is case law affirmatively to the contrary). PhishMe has thus not met its burden to demonstrate that Count III is preempted by federal patent law. The Court will therefore proceed to assess whether Wombat has sufficiently pleaded that counterclaim pursuant to Rule 8(a). 3. Is Wombat's abuse of process counterclaim sufficiently pleaded? To establish an abuse of process claim under Delaware law, a plaintiff must prove: '"(1) an ulterior purpose; and (2) a willful act in the use of the process not proper in the regular 9 PhishMe does cite two cases in which appellate courts have appeared to apply an "objectively baseless" requirement to an abuse of process or malicious prosecution counterclaim. (D.I. 27 at 3 & n.9 (citing Cheminor Drugs, Ltd. v. Ethyl Corp., 168 F.3d 119, 128 (3d Cir. 1999); Carroll Touch, Inc. v. Electro Mech. Sys., 15 F.3d 1573, 1581, 1583 (Fed. Cir. 1993))) However, neither of those cases did so on the ground that federal patent law preempts state law abuse of process claims absent a showing of bad faith. Instead, the Carroll Touch and Cheminor Courts each found that the respective counterclaim-defendants were protected from state law abuse of process or malicious prosecution counterclaims by Noerr-Pennington immunity, a First Amendment-related doctrine. See Cheminor, 168 F.3d at 128-29; Carroll Touch, 15 F.3d at 1581-83. PhishMe does not directly assert here that the Noerr-Pennington doctrine in fact applies to immunize it from liability as to Wombat's abuse of process counterclaim, and so the Court need not further address that issue. (D.I. 27 at 2-3) 18 conduct of the proceedings."' Paoli v. Stetser, Civil Action No. 12-66-GMS-CJB, 2014 WL 3386037, at *35 (D. Del. July 11, 2014) (citing Esposito v. Townsend, C.A. 12C-08-006 (RBY), 2013 WL 493321, at *5 (Del. Super. Ct. Feb. 8, 2013)), report and recommendation adopted in part, rejected in part on other grounds, C.A. No. 12-66-GMS-CJB, 2014 WL 5847567 (D. Del. Nov. 10, 2014). "[S]ome definite act or threat, not consistent with process, or designed for an illegitimate objective in the use of process, is required." Chase Bank USA, NA. v. Hess, C.A. No. 08-121-LPS-MPT, 2013 WL 867542, at *4 (D. Del. Mar. 7, 2013) (citing Nix v. Sawyer, 466 A.2d 407, 412 (Del. Super. Ct. 1983)). "Some form of coercion to obtain a collateral advantage, not properly involved in the proceeding itself, must also be shown." Id. (citing Nix, 466 A.2d at 412). On the other hand, merely carrying out the process to its authorized conclusion, even though with bad intentions, does not result in liability. Nix, 466 A.2d at 412 (citation omitted). PhishMe contends that Wombat's abuse of process counterclaim cannot survive because "Wombat bases [that] counterclaim on PhishMe's infringement claim for the '948 Patent,[] but this accuses PhishMe' s pleading, not the use of a court process." (D .I. 21 at 18 (emphasis in original)) PhishMe asserts that "[a]lleged misstatements in pleadings cannot support an abuse of process claim." (Id. (citations omitted)) But Wombat's allegations go well beyond PhishMe's statements in its first two complaints (in which PhishMe alleged infringement of the '948 patent). (D.I. 23 at 2) Indeed, Wombat specifically pleads that PhishMe-with the ulterior motive of attempting to gain an unfair advantage over Wombat in the marketplace-"[a]fter filing the Complaint ... used the litigation [via the dissemination of the Press Release, related social media posts and via direct communications with Wombat customers] as means to interfere with Wombat's business and 19 dissuade third parties from doing business with Wombat." (D.I. 18 at ifif 158-59 (emphasis added); see also id. at iii! 37-71) PhishMe's ultimate plan, Wombat alleges, was for these actions to permit PhishMe to acquire Wombat on unfair commercial terms (and for Wombat to understand that only were it to accede to that kind of acquisition, would this lawsuit then be resolved). (Id. at iii! 160-62) This Court and Delaware state courts have repeatedly found that if a party files a lawsuit, and then is alleged to have (with an ulterior motive) tried to use the fact of that suit to cause extra-litigation or extra-judicial injury to another party, a Delaware state law claim for abuse of process can stand. 10 Accordingly, the Court will recommend denial of PhishMe's Motion as it pertains to Count III. B. Lanham Act Counterclaim In Count II, Wombat alleges that PhishMe committed false advertising when it issued the "false and misleading" Press Release, in violation of the Lanham Act, 15 U.S.C. § 1125(a)(l)(B). 10 See, e.g., Chase Bank, 2013 WL 867542, at *1-2, *5 (recommending grant of summary judgment to the plaintiff on its abuse of process claim, where the defendant initiated litigation "employed to further an improper purpose ... and for collateral advantage"-specifically to allow the defendant the ability to obtain monthly fees from the plaintiff's clients, in lieu of the clients making payments to the plaintiff) (internal quotation marks omitted); Trueposition, Inc. v. Allen Telecom, Inc., No. C.A. 01-823 GMS, 2003 WL 151227, at *3, *6 (D. Del. Jan. 21, 2003) (denying motion to dismiss an abuse of process counterclaim, albeit pre-Twombly and Iqbal, based on the plaintiff's (1) filing of a patent infringement suit against the defendant, and (2) issuance of a press release announcing the same, all of which caused the defendant to incur additional legal expenses in renegotiating a contract, caused more onerous indemnification terms to be inserted in that contract, and caused additional damage to the defendant's reputation); cf Esposito, 2013 WL 493321, at *6 (finding that a report of child abuse resulting in "an investigation [that] led to cont~ct with an employer, or coverage in a newspaper, or community black listing, or some such event" could support a claim for abuse of process). 20 (D.I. 18 at iii! 145-56) Wombat's primary allegation is that what was false and misleading about the Press Release was that it contained statements to the effect that Wombat infringed the '948 patent, and that PhishMe had clear evidence of the same; Wombat alleges that this amounted to a . "bad faith" attempt by PhishMe to "influence consumers not to purchase Wombat's products and/or to purchase PhishMe's product's instead" or to cause other harm to Wombat. (D.I. 18 at irir 148, 151-53) 11 The parties agree that "a bad faith standard applies to Lanham Act claims to avoid a 11 To the extentthat Wombat's Lanham Act counterclaim is additionally based on the· assertion that the Press Release contains false and misleading statements about PhishMe's "products, including that the scope of its patent protection under the '948 Patent extends beyond the patent's claims[,]''. (D.I. 18 at if 149; see also D.I. 23 at 19), there is very little content in the counterclaims that actually speaks directly to that allegation, (see D.I. 18 at iii! 40, 149). To establish a Lanham Act claim based on false advertising, a claimant must plead: 1) that the defendant has made false or misleading statements as to his own product [or another's]; 2) that there is actual deceptfon or at least a tendency to deceive a substantial portion of the intended audience; 3) that the deception is material in that it is likely to influence purchasing decisions; 4) that the advertised goods traveled in interstate commerce;· and 5) that there is a likelihood of injury to the. [claimant] in terms of declining sales, loss of good will, etc. · Warner-Lamb.ert Co. v. BreathAsure, Inc., 204 F.3d.87, 91-92 (3d Cir. 2000). Here, there are so · few factUal allegations in Wombat's counterclaims that actually speak directly to this aspect of the Press Release, that the Court is unable to conclude that a Lanham Act claim based on this . statement has been sufficiently pleaded. For example, there is little factual articulation in the counterclaims as to why it is that PhishMe's statement that the '948 patent "covers PhishMe's Reporter™ technologies[,]" (D.1. 18, ex. 1 at 1; see also D.I. 18 at iii! 39-40, 149, 153, 156), is ass.erted to be material or likely to cause injury to Wombat. In light of this, the Court recommends dismissal of Count ill without prejudice, only as to this particular theory of Lanham Act liability. This will allow Wombat, if it actually wishes to move forward with such a claim, to re-plead it With greater factual specificity. Cf Keeton v. Bd. of Educ. ofSussex Tech. Sch. Dist., Civil Action No. 15-1036-LPS, 2016 WL 5938699, at *11-12 (D. Del. Oct. 12, 2016) (recommending dismissal without prejudice where the deficiencies of the plaintiffs claims "may ' simply go to a failtire of articlliation, not a failure to possess sufficient facts"). 21 potential conflict with federal patent laws." (D.I. 23 at 10 n.2; D.I. 27 at 2 (citing Zenith, 182 F.3d at 1353 ("[B]efore a patentee may be held liable under Section 43(a) [of the Lanham Act] for marketplace activity in support of its patent, and thus be deprived of the right to make statements about potential infringement of its patent, the marketplace activity must have been undertaken in bad faith."))) "Exactly what constitutes bad faith [in this context] remains to be determined on a case by case basis." Zenith, 182 F.3d at 1354. Nonetheless, "a clear case of bad faith exists when 'the patentee knows that the patent is invalid, unenforceable, or not infringed, yet represents to the marketplace that a competitor is infringing the patent."' Isco Int'!, Inc.- v. Conductus, Inc., 279 F. Supp. 2d 489, 504 (D. Del. 2003) (quoting Zenith, 182 F.3d at 1354). "By contrast, a patentee does not commit [a Lanham Act violation] when it makes representations that ultimately prove to be inaccurate, provided they make them in good faith." Id. (citing Golan v. Pingel Enter., 310 F.3d 1360, 1371 (Fed. Cir. 2002)). "In general, a threshold showing of incorrectness or falsity, or disregard for either, is required in order to find bad faith in the communication of information about the pendency of patent rights." Mikohn Gaming, 165 F.3d at 897. For the reasons described in Section III.A.I, supra, Wombat has not pleaded facts sufficient to support a plausible inference of bad faith as to this theory of Lanham Act liability. Accordingly, the Court will recommend that PhishMe's Motion be granted as to Count II, with regard to the theory of liability in Count II premised on PhishMe's statements in the Press Release to the effect that Wombat infringed the '948 patent, and that PhishMe had clear evidence 22 of such infringement. 12 IV. CONCLUSION For the reasons set forth above, the Court recommends that PhishMe's Motion be GRANTED-IN-PART and DENIED-IN-PART. 13 . Specifically, the Court recommends that the District Court: (1) GRANT the Motion with prejudice as to Count I of Wombat's counterclaims, (2) GRANT the Motion without prejudice as to Count II of Wombat's counterclaims, only to the extent that Count II is premised on the theory of liability described in Paragraph 149 of that Count, and otherwise GRANT the Motion with prejudice as to Count II; and (3) DENY the Motion as to Count III of Wombat's counterclaims. This Report and Recommendation is filed pursuant to 28 U.S.C. § 636(b)(l)(B), Fed. R. Civ. P. 72(b)(l), and D. Del. LR 72.1. The parties may serve and file specific written objections within fourteen (14) days after being served with a copy of this Report and Recommendation. Fed. R. Civ. P. 72(b). The failure of a party to.object to legal conclusions may result in the loss of the right to de novo review in the district court. See Henderson v. Carlson, 812 F.2d 874, 87879 (3d Cir. 1987); Sincavage v. Barnhart, 171 F. App'x 924, 925 n.l (3d Cir. 2006). The parties are directed to the Court's Standing Order for Objections Filed Under Fed. R. 12 In their briefing, the parties also dispute whether the Noerr-Pennington doctrine bars Wombat's Lanham Act counterclaim. (See, e.g., D.I. 21 at 12-14; D.I. 23 at 7-9) This Court has noted that "[i]t is not clear whether the Noerr-Pennington doctrine applies to Lanham Act claims[.]" Kimberly-Clark Wordlwide, Inc. v. Cardinal Health 200, LLC, Civil Action No. 111228-RGA, 2012 WL 3063974, at *2 n.l (D. Del. July 27, 2012) (citing cases) (internal quotation marks and citations omitted); !GT v. Bally Gaming Int 'l Inc., Civ. No. 06-282-SLR, 2010 WL 1727388, at *3 n.6 (D. Del. Apr. 28, 2010). Here, the Court need not now determine whether the Noerr-Pennington doctrine applies to Lanham Act claims, as there are other bases on which it can dispose of the Motion as it relates to Count II. 13 PhishMe's request for oral argument is DENIED. (D.I. 29) 23 Civ. P. 72, dated October 9, 2013, a copy of which is available on the District Court's website, . located at Dated: August 31, 2017 Christopher J. Burke UNITED STATES MAGISTRATE JUDGE 24

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.

Why Is My Information Online?