HEDGEYE RISK MANAGEMENT, LLC v. HELDMAN, et al.
MEMORANDUM OPINION AND ORDER: Upon consideration of Defendants' Motion To Dismiss or, in the Alternative, for Summary Judgment 29 and Plaintiff's Motion for Leave To Amend Plaintiff's First Amended Complaint 38 , it is hereby ORDERE D that Defendant's Motion for Summary Judgment 29 is DENIED as premature; Defendant's Motion To Dismiss 29 is GRANTED in part and DENIED in part; and Plaintiff's Motion for Leave To Amend Plaintiff's First Amended Complaint 38 is DENIED. See document for details. Signed by Judge Randolph D. Moss on 9/23/2017. (lcrdm2)
UNITED STATES DISTRICT COURT
FOR THE DISTRICT OF COLUMBIA
HEDGEYE RISK MANAGEMENT, LLC,
Civil Action No. 16-935 (RDM)
PAUL HELDMAN, et al.,
MEMORANDUM OPINION AND ORDER
This is round two in a dispute between an investment advisory company, Hedgeye Risk
Management, and one of its former employees, Paul Heldman. Hedgeye purchased the assets of
Heldman’s former employer, Potomac Research Group (“PRG”), in December 2015. After the
purchase, Hedgeye and Heldman were unable to come to terms on an employment agreement.
Heldman, accordingly, left Hedgeye after just five weeks to start his own firm. In round one,
Hedgeye brought suit against Heldman and his new company, Heldman Simpson Partners
(“HSP”), seeking, among other things, a preliminary injunction to enforce non-compete and nonsolicitation clauses in Heldman’s employment contract with PRG. Defendants, in turn, opposed
Hedgeye’s motion and moved to dismiss or, in the alternative, for summary judgment. The
Court agreed with Defendants and, thus, denied Hedgeye’s motion for a preliminary injunction,
granted Defendants summary judgment on Hedgeye’s claim for breach of the non-compete and
non-solicitation provisions, and dismissed Hedgeye’s remaining claims without prejudice. See
Hedgeye Risk Mgmt., LLC v. Heldman, 196 F. Supp. 3d 40 (D.D.C. 2016).
In round two, Hedgeye has now filed an amended complaint renewing and supplementing
its claims for breach of fiduciary duty, interference with advantageous business relations, and
constructive trust. And, once again, Heldman and HSP have moved to dismiss or, in the
alternative, for summary judgment. Hedgeye opposes that motion and also seeks leave to file a
second amended complaint, which would add claims for violation of the Computer Fraud and
Abuse Act (“CFAA”), 18 U.S.C. § 1030, and conversion.
For the reasons that follow, the Court will DENY Defendants’ motion for summary
judgment without prejudice, will GRANT in part and DENY in part Defendants’ motion to
dismiss, and will DENY without prejudice Hedgeye’s motion for leave to amend.
The Court recounted much of the relevant background in its prior opinion, see Hedgeye,
196 F. Supp. 3d at 42–45, and will, accordingly, only briefly outline the facts and allegations
relevant to the pending motions. In considering Heldman’s motion to dismiss and Hedgeye’s
motion for leave to amend, moreover, the Court will accept Hedgeye’s factual allegations as true.
See Ashcroft v. Iqbal, 556 U.S. 662, 679 (2009). Although that standard does not apply to
Heldman’s motion for summary judgment, Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 248–
49 (1986), that distinction will have no bearing on the Court’s decision for reasons explained
below, see infra Part II.A.
Hedgeye is an investment advisory firm that “provides financial and economic research
and analysis to institutional investors and newsletter products to mass market customers.” Dkt.
28 at 2 (Am. Compl. ¶ 5). On December 15, 2015, Hedgeye purchased the assets of Heldman’s
employer, PRG. Id. (Am. Compl. ¶ 8). Heldman worked for Hedgeye for approximately five
weeks following the sale. Id. (Am. Compl. ¶ 9). He left on January 21, 2016 to found HSP,
which “directly competes with Hedgeye.” Id. at 2–3 (Am. Compl. ¶¶ 11, 20).
While he was still employed by Hedgeye, Heldman allegedly recruited Hedgeye
employees, solicited Hedgeye clients, and used Hedgeye resources to start his own firm.
Hedgeye alleges, for example, that Heldman “recruited two other Hedgeye employees to join
him in the new business.” Id. at 3 (Am. Compl. ¶ 20). In addition, although the amended
complaint does not identify any particular companies, Hedgeye alleges—on “information and
belief”—that Heldman solicited Hedgeye’s clients before leaving the firm. 1 Id. at 4 (Am.
Compl. ¶ 22). Finally, Hedgeye alleges that Heldman “used [Hedgeye’s] instrumentalities to
start his business while he was still employed with Hedgeye.” Id. at 3 (Am. Compl. ¶ 19).
After Heldman’s exit, Hedgeye enlisted Setec Security Technologies, Inc. (“Setec”) “to
perform a forensic examination of the laptop computer used by Heldman.” Id. at 2 (Am. Compl.
¶ 12). Setec’s investigation revealed the following: First, “Heldman’s computer was found to
have logged several USB storage devices during his employment with Hedgeye,” which
Hedgeye asserts “suggest[s] improper information downloads.” Id. at 3 (Am. Compl. ¶ 14).
Second, Heldman “open[ed] a large number of files and folders on the Hedgeye network shared
drive,” including “[d]ozens of . . . files and folders [that were] highly sensitive and contain[ed]
documents that Heldman would not have . . . access[ed] in his normal and ordinary course of
business.” Id. (Am. Compl. ¶¶ 15–16). Third, “many emails were sent [by Heldman] to
individuals requesting in-person meetings.” Id. (Am. Compl. ¶ 17). Fourth, “Heldman’s web-
Without this temporal limitation, the amended complaint alleges generally that, “[a]s a result
of Heldman’s activities, several clients have left Hedgeye, or have moved all or portions of their
business from Hedgeye, including Partner Fund Management, L.P. (U.S.) and Redmile [G]roup,
LLC,” which has “had a significant and detrimental financial impact [on] Hedgeye’s revenue.”
Dkt. 28 at 4 (Am. Compl. ¶¶ 23–24). There is a material difference, however, between soliciting
Hedgeye’s clients while still employed by Hedgeye and competing for those clients after leaving
the firm. With respect to the specific clients referenced in the amended complaint, Hedgeye fails
to address this critical distinction.
browsing history revealed contact lookups, contact searches and dozens of individual contacts
being referenced in late December 2015, through January 13, 2016.” Id. (Am. Compl. ¶ 18).
Against this backdrop, the amended complaint asserts three causes of action. First,
Hedgeye alleges that Heldman breached his duty of loyalty to Hedgeye “by actively soliciting
[Hedgeye’s] clients and employees while employed [by] Hedgeye” and “by using and
appropriating confidential and sensitive Hedgeye information” through the use of “Hedgeye
instrumentalities.” Id. at 4 (Am. Compl. ¶ 28). Second, it avers that Heldman tortiously
interfered with Hedgeye’s “business relationships.” Id. at 5 (Am. Compl. ¶ 31). Third, it asserts
a claim for “constructive trust” and requests that the Court declare that “Defendants are
involuntary trustees holding . . . profits in constructive trust” for Hedgeye. Id. at 6 (Am. Compl.
Defendants move to dismiss and, in the alternative, move for summary judgment. Dkt.
30. Hedgeye opposes both motions, Dkt. 33, and also moves for leave to file a second amended
complaint, Dkt. 38, which would add claims for violation of the CFAA and for common law
Defendants’ Motion for Summary Judgment
As an initial matter, the Court concludes that Defendants’ motion for summary judgment
is premature. That motion is supported by Heldman’s own declaration, which denies the core
allegations of the amended complaint. He attests, for example, that before his departure he
“worked diligently with the best interests of Hedgeye in mind” and “sought to contact clients
who had engaged PRG in order to facilitate a transition of their business to Hedgeye,” Dkt. 30-1
at 2 (Heldman Decl. ¶ 6); that, while he worked at Hedgeye, he “did not access or review any
files, folders, documents or information that [he] was not authorized to access,” id. (Heldman
Decl. ¶ 8); that he has not “used any property or information belonging to Hedgeye” while at
HSP, id. at 3 (Heldman Decl. ¶ 9); that “[a]t no time while [he] worked at Hedgeye did [he]
suggest or request that a client move its business away from Hegdeye,” id. (Heldman Decl. ¶ 12);
and that he “did not encourage” the two former Hedgeye employees who joined him at HSP “to
terminate their employment with Hedgeye” but, rather, that “they approached [him],” id. at 4
(Heldman Decl. ¶ 15).
Although Heldman’s declaration provides important evidence, it is asking too much to
require Hedgeye to controvert this evidence without first having any opportunity to engage in
discovery. Federal Rule of Civil Procedure 56(d) speaks directly to this concern and provides
that, “[i]f a nonmovant shows by affidavit or declaration that, for specified reasons, it cannot
present facts essential to justify its opposition,” the Court may deny the motion and permit the
nonmovant to take appropriate discovery. Fed. R. Civ. P. 56(d). Such an affidavit must satisfy
three criteria. See Convertino v. U.S. Dep’t of Justice, 684 F.3d 93, 99–100 (D.C. Cir. 2012); see
also U.S. ex rel. Folliard v. Gov’t Acquisitions, Inc., 764 F.3d 19, 26 (D.C. Cir. 2014) (“[D]istrict
courts must assess all the requirements discussed in Convertino.”). First, it must “outline the
particular facts [the party] intends to discover and describe why those facts are necessary to the
litigation.” Convertino, 684 F.3d at 99. Second, it must explain “why [the party] could not
produce [the facts] in opposition to the motion [for summary judgment].” Id. at 99–100 (second
and third alterations in original) (quoting Carpenter v. Fed. Nat’l Mortg. Ass’n, 174 F.3d 231,
237 (D.C. Cir. 1999)). Finally, the affidavit must demonstrate that “the information is in fact
discoverable.” Id. at 100.
Consistent with Rule 56(d) and these requirements, Hedgeye has submitted an affidavit
describing the specific discovery it needs to respond to Defendants’ motion for summary
judgment. As explained in that affidavit, Hedgeye seeks to discover two categories of
information: (1) “the nature of [the] conversations . . . Heldman had with approximately eleven
clients of [Hedgeye] who subsequently hired [HSP] . . . and [with] two employees who
subsequently left Hedgeye for [HSP],” and (2) “facts surrounding how [Heldman] used
[Hedgeye’s] property and highly proprietary intellectual property to start [HSP] . . . includ[ing]
whether [Hedgeye’s] proprietary data can be found on [HSP’s] systems and whether Defendants
used such data in the production of their research reports.” Dkt. 33-1 at 1 (Prisby Aff. ¶¶ 1–2).
The affidavit also explains that Hedgeye has been unable to obtain this information “despite
diligent investigation” because it has not been able “to depose Heldman, the departed Hedgeye
employees, or anyone at the Hedgeye client firms,” nor has it had the chance to inspect
Heldman’s Hedgeye-issued smartphone or HSP’s “electronic storage systems.” Id. at 2 (Prisby
Aff. ¶¶ 3–4). Importantly, the affidavit further avers that several former Hedgeye clients have
stated that they will not “provide testimony” without a subpoena. Id. (Prisby Aff. ¶ 3). Finally,
the affidavit attests that Hedgeye would be able to obtain this information if permitted to depose
witnesses and to inspect the electronic devices and systems in question. Id. (Prisby Aff. ¶ 5).
The affidavit readily satisfies the requirements of Rule 56(d), as explicated by the D.C.
Circuit. Because “summary judgment is [typically] premature unless all parties have ‘had a full
opportunity to conduct discovery,’” Convertino, 684 F.3d at 99 (quoting Liberty Lobby, 477 U.S.
at 257), and because Hedgeye has made the required showing, the Court will deny Defendants’
motion for summary judgment as premature. Heldman, of course, remains free to move for
summary judgment after Hedgeye has had the opportunity to take appropriate discovery. 2
The Court recognizes the burden that discovery might impose on both parties by, among other
things, potentially intruding on existing business relationships, and it will monitor the discovery
Defendants’ Motion To Dismiss
To survive a motion to dismiss, a complaint “must contain sufficient factual matter,
accepted as true, to ‘state a claim to relief that is plausible on its face.’” Iqbal, 556 U.S. at 678
(quoting Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007)). The “plausibility standard . . .
asks for more than a sheer possibility that a defendant has acted unlawfully.” Id. To meet the
threshold of plausibility, the plaintiff must plead “factual content that allows the court to draw
the reasonable inference that the defendant is liable for the misconduct alleged.” Id. The Court,
in assessing plausibility, must “assume [the] veracity” of “well-pleaded factual allegations,” id.
at 679, and it must “grant [the] plaintiff the benefit of all inferences that can be derived from the
facts alleged,” Sparrow v. United Air Lines, Inc., 216 F.3d 1111, 1113 (D.C. Cir. 2000) (internal
quotation marks omitted). Unlike well-pleaded factual assertions, however, “[t]hreadbare
recitals of the elements of a cause of action [and] mere conclusory statements” are “not entitled
to the assumption of truth.” Iqbal, 556 U.S. at 678–79.
Breach of Fiduciary Duty
The Court concludes that Hedgeye’s amended complaint includes enough factual detail to
state a plausible claim for breach of fiduciary duty. To plead a claim for breach of fiduciary duty
under D.C. law, a plaintiff must allege facts sufficient to show that (1) the defendant owed the
plaintiff a fiduciary duty; (2) the defendant breached that duty; and (3) the breach proximately
caused an injury. See Dorsey v. Am. Express Co., 680 F. Supp. 2d 250, 254 (D.D.C. 2010). For
present purposes, Defendants focus on only the second element and argue that “Hedgeye does
not allege any facts showing an actual breach of [Heldman’s] duty of loyalty.” Dkt. 30 at 12.
process to ensure that any discovery is “proportional to the needs of the case,” as specified in
Rule 26(b). See Fed R. Civ. P. 26(b)(1).
As Defendants observe, an employee “is entitled to make arrangements to compete” with
his employer—even before terminating his employment—subject to several limitations. Mercer
Mgmt. Consulting, Inc. v. Wilde, 920 F. Supp. 219, 233 (D.D.C. 1996) (quoting Restatement
(Second) of Agency § 393 cmt. e). The employee, “[i]n preparing to compete, . . . may not
commit fraudulent, unfair, or wrongful acts, such as misuse of confidential information.” Id. at
234 (citing Sci. Accessories Corp. v. Summagraphics Corp., 425 A.2d 957, 965 (Del. 1980).
And the employee “must refrain from actively and directly competing with [his existing]
employer for customers and employees” through solicitation, while he is still employed. Id.
(quoting William M. Fletcher, Fletcher Cyclopedia of the Law of Private Corporations § 856
Hedgeye alleges that Heldman misused proprietary information and solicited Hedgeye
clients and employees. See Dkt. 28 at 4 (Am. Compl. ¶ 28). Unlike Hedgeye’s original
complaint, moreover, the amended complaint alleges facts that permit a reasonable inference that
Heldman used Hedgeye resources for his own benefit, and to Hedgeye’s detriment, before he left
the company. The amended complaint asserts that Heldman formed a competing firm and
staffed it with Hedgeye employees within just a week or so of his departure. Id. at 3 (Am.
Compl. ¶ 20). More importantly, it alleges that, while still employed by Hedgeye, Heldman
engaged in conduct arguably indicative of efforts to misappropriate Hedgeye’s proprietary
information and customer base. The amended complaint avers, for example, that Heldman
connected storage devices to his computer, accessed a large number of files and folders on the
Hedgeye shared drive that he ordinarily would not have accessed, searched for contacts, and
requested in-person meetings. Id. at 3 (Am. Compl. ¶¶ 14–18). Although it is certainly
possible—as Heldman asserts—that all of his actions were entirely innocent, the Court may not
make factual findings on a motion to dismiss, and the allegations that Hedgeye has added in its
amended complaint elevate Hedgeye’s breach of fiduciary duty claim from merely “possible” to
“plausible.” Iqbal, 556 U.S. at 678.
Defendants offer three arguments in support of their motion to dismiss. First, they attack
Hedgeye’s need to rely upon its “information and belief” in alleging that Heldman solicited the
firm’s clients, Dkt. 30 at 14 (quoting Dkt. 28 at 4 (Am. Compl. ¶ 22)), and they emphasize that
the amended complaint “does not identify a single client [that] was solicited by Heldman,” id. at
6. Although Heldman is correct that a plaintiff must offer “more than labels and conclusions,”
id. at 14, that requirement extends to the complaint as a whole, not to each individual allegation
within it. Even after the Supreme Court’s decisions in Twombly and Iqbal, a plaintiff may still
plead facts upon information and belief “where the facts are peculiarly within the possession and
control of the defendant, or where the belief is based on factual information that makes the
inference of culpability plausible.” Evangelou v. District of Columbia, 901 F. Supp. 2d, 159, 170
(D.D.C. 2012) (quoting Arista Records LLC v. Doe 3, 604 F.3d 110, 120 (2d Cir. 2010)); see
Kelleher v. Dream Catcher, L.L.C., --- F. Supp. ---, No. 16-2092, 2017 WL 3499961, at *2
(D.D.C. Aug. 15, 2017). Hedgeye’s allegation that Heldman solicited the firm’s clients while
still employed by Hedgeye is supported, moreover, by specific—albeit inconclusive—factual
allegations regarding Heldman’s use of his computer and electronic files during his final weeks
at the firm. Thus, although Hedgeye does not identify particular clients that Heldman allegedly
solicited while employed by Hedgeye, the complaint nonetheless clears the modest hurdle of
alleging sufficient facts to “state a claim to relief that is plausible on its face.” Twombly, 550
U.S. at 570.
Second, Defendants posit an alternative explanation for Setec’s findings, reasoning that
they are “consistent with Heldman’s proper, lawful, and loyal conduct seeking to ensure that
PRG clients would continue to use Hedgeye after the sale.” Dkt. 30 at 12. That argument,
however, misapprehends the standard governing a motion to dismiss. The question is not
whether Heldman’s actions admit of an innocent explanation or, indeed, who is right about what
happened. Rather, at this early stage of the litigation, the Court’s role is limited to deciding
whether the amended complaint contains sufficient “factual content” to permit the Court “to
draw the reasonable inference that the defendant is liable for the misconduct alleged.” Iqbal, 556
U.S. at 678. As a result, a complaint will survive a motion to dismiss “even ‘[i]f there are two
alternative explanations, one advanced by [the] defendant and the other advanced by [the]
plaintiff, both of which are plausible.’” Banneker Ventures, LLC v. Graham, 798 F.3d 1119,
1129 (D.C. Cir. 2015) (alterations in original) (quoting Starr v. Baca, 652 F.3d 1202, 1216 (9th
Cir. 2011)). In other words, “a well-pleaded complaint may proceed even if it strikes a savvy
judge that actual proof of those facts is improbable, and that a recovery is very remote and
unlikely.” Twombly, 550 U.S. at 556 (internal quotation marks omitted). Although Heldman
may ultimately prevail on the merits, his alternative explanation for the facts alleged in the
amended complaint does not render Hedgeye’s theory of the case implausible.
Finally, Defendants cite a number of decisions holding that “it is not solicitation or a
breach of an employee’s fiduciary duty to inform his employer’s clients that he intends to leave
. . . or even to start his own competing business.” Dkt. 30 at 14; see id. at 12–14 (citing BroTech Corp. v. Thermax, Inc., 651 F. Supp. 2d 378, 414 (E.D. Pa. 2009); Mercer Mgmt.
Consulting, 920 F. Supp. at 234; Benfield, Inc. v. Moline, No. 04-3513, 2006 WL 452903, at *6
(D. Minn. Feb. 22, 2006)). Hedgeye does not take issue with that statement of the law. It is
beside the point, however, because Hedgeye alleges that Heldman did more than this; it alleges
that Heldman solicited Hedgeye’s clients and used Hedgeye’s resources and proprietary
information while still employed at Hedgeye.
The Court will therefore deny the motion to dismiss Hedgeye’s claim for breach of
Tortious Interference with Business Relations
Hedgeye also alleges that Heldman interfered with Hedgeye’s business relations. Dkt. 28
at 5 (Am. Compl. ¶¶ 31–32). “To survive a motion to dismiss on this claim, [Hedgeye] must
plead ‘(1) the existence of a valid business relationship or expectancy, (2) knowledge of the
relationship or expectancy on the part of the interferer, (3) intentional interference inducing or
causing a breach or termination of the relationship or expectancy, and (4) resultant damage.’”
Browning v. Clinton, 292 F.3d 235, 242 (D.C. Cir. 2002) (quoting Bennett Enters. v. Domino’s
Pizza, Inc., 45 F.3d 493, 499 (D.C. Cir. 1995)). Defendants contend that the amended complaint
fails to allege sufficient facts to satisfy the third and fourth elements of the tort. Dkt. 30 at 14–
15. Hedgeye, in turn, offers no response to Defendants’ contentions. See generally Dkt. 33.
“It is well understood in this Circuit that when a plaintiff files an opposition to a
dispositive motion and addresses only certain arguments raised by the defendant, a court may
treat those arguments that the plaintiff failed to address as conceded.” 3 Xenophon Strategies,
In a related context, the D.C. Circuit has “expressed concern about the interaction of Local
Rule 7(b),” which permits the Court to treat a motion that is not opposed in a timely manner as
conceded, and Federal Rule of Civil Procedure 12(b)(6). Washington v. United States, --- F.
Supp. 3d ---, No. 17-111, 2017 WL 1232400, at *1 (D.D.C. Apr. 3, 2017); see also Texas v.
United States, 798 F.3d 1108, 1110 (D.C. Cir. 2015) (noting that Local Rule 7(b) “is understood
to mean that if a party files an opposition to a motion and therein addresses only some of the
movant’s arguments, the court may treat the unaddressed arguments as conceded” (quoting
Wannall v. Honeywell, Inc., 775 F.3d 425, 428 (D.C. Cir. 2014))). The Court of Appeals,
however, has nonetheless affirmed the discretion of district courts to apply Local Rule 7(b) to
Inc. v. Jernigan Copeland & Anderson, PLLC, --- F. Supp. 3d ---, No. 15-1774, 2017 WL
3278839, at *7 (D.D.C. Aug. 1, 2017) (quoting Hopkins v. Women’s Div., Gen. Bd. of Glob.
Ministries, 284 F. Supp. 15, 25 (D.D.C. 2003)); see also Davis v. Transp. Sec. Admin., --- F.
Supp. 3d ---, No. 15-135, 2017 WL 3723862, at *3 (D.D.C. Aug. 28, 2017) (quoting Xenophon
Strategies, 2017 WL 3278839, at *7). The present context presents a particularly compelling
setting for applying the rule that unopposed arguments may be treated as conceded: Hedgeye is
represented by counsel; Defendants unambiguously moved to dismiss the tortious interference
claim; and Hedgeye unambiguously failed to respond to that entire section of Defendants’
motion. Because Hedgeye otherwise opposed Defendants’ motion, it is fair to infer that Hedgeye
made a considered—and perhaps strategic—decision not to oppose dismissal of the tortious
interference claim. That inference finds further support, moreover, in counsel’s concession
during round one of this litigation that a similar claim in Hedgeye’s original complaint was
simply “derivative of its other claims.” Hedgeye, 196 F. Supp. 3d at 53. It is one thing for the
Court to ensure that an unopposed, dispositive motion has legal merit, see Cohen v. Bd. of
Trustees of Univ. of D.C., 819 F.3d 476, 480 (D.C. Cir. 2016); it is altogether a different thing
for the Court to second guess the decisions made by counsel regarding which arguments to
counter and which to leave unanswered.
The Court will, accordingly, grant Defendants’ motion to dismiss the amended
complaint’s tortious interference claim as conceded but will do so without prejudice.
unopposed motions to dismiss, so long as such a dismissal is without prejudice. See Cohen v.
Bd. of Trustees of Univ. of D.C., 819 F.3d 476, 480 (D.C. Cir. 2016).
The amended complaint’s request for a constructive trust is styled as a third cause of
action. See Dkt. 28 at 5–6 (Am. Compl. ¶¶ 33–36). Defendants argue that “a constructive trust
is not a cause of action, but rather a remedy.” Dkt. 30 at 16. In its opposition, Hedgeye
concedes that a constructive trust “is an equitable remedy” and volunteers to move its request “to
its prayer for relief.” Dkt. 33 at 7. The Court will grant Defendants’ motion to dismiss this
count for failure to state a claim and will treat the request for a constructive trust as part of
Hedgeye’s request for relief.
Hedgeye’s Motion To Amend
Hedgeye seeks leave to file a second amended complaint, principally for the purpose of
adding two new claims—one for a violation of the CFAA and one for conversion. The Court
will deny that motion, but will provide Hedgeye with the opportunity, if possible, to cure the
deficiencies discussed below.
Under the Federal Rules of Civil Procedure, the Court must “freely” grant leave to amend
“when justice so requires.” Fed. R. Civ. P. 15(a)(2). Although the Supreme Court has
admonished that “this mandate is to be heeded,” Foman v. Davis, 371 U.S. 178, 182 (1962), that
does not mean that a motion for leave to amend must be granted as a matter of course. Rather,
the Court must consider whether “any apparent or declared reason—such as undue delay, bad
faith or dilatory motive on the part of the movant, repeated failure to cure deficiencies by
amendments previously allowed, undue prejudice to the opposing party . . . [or] futility of
amendment”—counsels against allowing the proposed amendment. Id. For present purposes,
only one of these factors—futility—is relevant. That factor, however, is also dispositive.
Computer Fraud and Abuse Act
Hedgeye’s first proposed amendment would add a claim against Heldman (but not HSP)
for allegedly violating the CFAA. The proposed amendment avers that Heldman violated 18
U.S.C. § 1030(a)(4) by “knowingly and with intent to defraud, access[ing] a protected computer
without authorization, or exceed[ing] [his] authorized access, and by means of such conduct
further[ing] the intended fraud and obtain[ing] [some]thing of value.” 18 U.S.C. § 1030(a)(4);
see also Dkt. 38-4 at 6–7 (Prop. Compl. ¶ 38) (tracking § 1030(a)(4)). In support of this claim,
Hedgeye alleges that Heldman was informed of his duty of confidentiality; that he was notified
that Hedgeye’s “computers were for business use . . . and that information on its systems was the
property of” Hedgeye; that he nevertheless “accessed a series of highly confidential documents”
and “may have . . . altered or disclosed” those documents; and that he accessed specific
documents that he was not “authorized to access.” Dkt. 38-4 at 7 (Prop. Compl. ¶¶ 39–44).
Defendants, in response, assert that the amendment would be futile because Hedgeye has failed
to plead facts sufficient to satisfy (1) the “protected computer” element and (2) the “without
authorization” or “exceeds authorized access” element of § 1030(a)(4). Dkt. 39 at 7–8.
Access to a “Protected Computer”
Defendants’ first argument—that Hedgeye has not adequately pled that he accessed a
“protected computer”—carries little force. The CFAA defines both “computer” and “protected
computer.” The term “computer” means “an electronic, magnetic, optical, electrochemical, or
other high speed data processing device performing logical, arithmetic, or storage functions, and
includes any data storage facility or communications facility directly related to or operating in
conjunction with such device.” 18 U.S.C. § 1030(e)(1). The term “protected computer” means
“a computer . . . which is used in or affecting interstate or foreign commerce or communication.”
Id. § 1030(e)(2). In light of these broad definitions, “effectively all computers with Internet
access” constitute “protected computers.” United States v. Nosal, 676 F.3d 854, 859 (9th Cir.
2012) (en banc); see also United States v. Yücel, 97 F. Supp. 3d 413, 418–19 (S.D.N.Y. 2015)
(collecting cases and noting “widespread agreement in the case law on the meaning of ‘protected
computer’”); Human Touch DC, Inc. v. Merriweather, No. 15-741, 2015 WL 12564166, at *4
(D.D.C. May 26, 2015) (holding that “the computer from which [the defendant] obtained the
information at issue was ‘protected’” because it “was connected to the internet”).
Heldman gestures at the argument that the proposed second amended complaint
(“proposed complaint”) merely alleges that he accessed “documents” and does not assert that he
found those documents on a “protected computer.” Dkt. 39 at 7. But, as Hedgeye notes, it is
“abundantly clear from the [proposed] complaint . . . [that] [Hedgeye] was referring to
electronically stored documents.” Dkt. 40 at 4. It is equally clear, moreover, that Hedgeye
alleges that those “electronically stored documents” were found on, or accessed through,
computers that were connected to the Internet. The proposed pleading, for example, alleges that
(1) Setec “perform[ed] a forensic examination of the laptop computer used by Heldman during
his employment with Hedgeye,” Dkt. 38-4 at 2 (Prop. Compl. ¶ 12); (2) “Setec looked for . . .
suspicious emails, . . . suspicious internet browsing and search history, and nonstandard file
access,” id. (Prop. Compl. ¶ 13); (3) Heldman “open[ed] a large number of files and folders on
the Hedgeye network shared drive,” id. at 3 (Prop. Compl. ¶ 15); and (4) “many emails were sent
[by Heldman] to individuals requesting in-person meetings,” id. (Prop. Compl. ¶ 17). These
allegations are more than sufficient to satisfy the “protected computer” element of a CFAA
“Without Authorization” or “Exceeds Authorized Access”
Hedgeye’s effort to satisfy the “without authorization” or “exceeds authorized access”
element, however, does not fare as well. As an initial matter, the Court notes that Hedgeye fails
to offer any response to Defendants’ argument on this point, and, for the reasons explained
above, see supra Part II.B.2, that would justify treating the issue as conceded and denying
Hegdeye’s motion for leave to amend. Nonetheless, to avoid future confusion, the Court will
address the substance of Defendants’ contention.
Hedgeye’s proposed CFAA claim turns on the allegation that Heldman accessed files “to
which he did not have authorized access.” Dkt. 38-4 at 7 (Prop. Compl. ¶¶ 41–42). This
allegation parallels 18 U.S.C. § 1030(a)(4), which applies to those who either “access a
protected computer without authorization” or “exceed [their] authorized access” in obtaining
information. Although the meaning of the first clause—“without authorization”—is fairly
straightforward, the second clause—“exceeds authorized access”—has generated substantial
debate and disagreement.
In the present context, not a great deal turns on the first clause because the proposed
complaint plainly fails to allege that Heldman “accesse[d] a . . . computer without authorization.”
This is not a case, for example, in which the plaintiff alleges that a former employee hacked into
a computer system, used someone else’s credentials, or managed to access a private server after
leaving the firm. There is no suggestion that Heldman lacked permission to access “the laptop
computer [he] used . . . during his employment with Hedgeye.” Dkt. 38-4 at 2 (Prop. Compl. ¶
12). See LVRC Holdings LLC v. Brekka, 581 F.3d 1127, 1133 (9th Cir. 2009) (“[A]n employer
gives an employee ‘authorization’ to access a company computer when the employer gives the
employee permission to use it.”). Instead of asserting that Heldman accessed a computer without
authorization, the proposed complaint alleges that he accessed particular files “to which he did
not have authorized access.” The “without authorization” prong, therefore, is inapplicable here.
Application of the “exceeds authorized access” clause is less straightforward. That
phrase is defined to mean “to access a computer with authorization and to use such access to
obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.”
18 U.S.C. § 1030(e)(6). The question, then, is whether this clause applies only to someone who
accesses information or particular files without authorization or, alternatively, whether it also
reaches one who is authorized to access the information or files at issue but then uses those files
or information for unauthorized purposes. See Nosal, 676 F.3d at 856–57. The D.C. Circuit has
yet to opine on this issue, and the Courts of Appeals that have done so are divided.
The Fifth, Seventh, and Eleventh Circuits have taken the latter, more expansive view of
the “exceeds authorized access” clause. The Court of Appeals for the Fifth Circuit, for example,
has held that an employee who is authorized “to utilize computers for any lawful purposes . . .
and only in furtherance of the employer’s business” may run afoul of § 1030(a) “if he or she
use[s] that access to obtain or [to] steal information as part of a criminal scheme.” United States
v. John, 597 F.3d 263, 271 (5th Cir. 2010). Likewise, the Court of Appeals for the Eleventh
Circuit has held that an individual who violates a clear employer policy barring use of databases
for non-business purposes can be prosecuted under the CFAA for “exceed[ing] [his] authorized
access” to a protected computer. United States v. Rodriguez, 628 F.3d 1258, 1263 (11th Cir.
2010). And, in perhaps the broadest reading of both the “without authorization” and “exceeds
authorized access” prongs of the CFAA, the Court of Appeals for the Seventh Circuit has held
that an employee’s authorization to access a computer system or computer files is “terminated”
when the employee accesses the computer or files to harm his employer; that is, the employee’s
“breach of his duty of loyalty” may “terminate his agency relationship . . . and with it his
authority to access the” computer. Int’l Airport Centers, LLC v. Citrin, 440 F.3d 418, 420–21
(7th Cir. 2006).
That view of the law, however, has met with strong opposition from a number of other
Courts of Appeals. In the words of the Court of Appeals for the Ninth Circuit, “the CFAA
target[s] the unauthorized procurement or alteration of information, not its misuse or
misappropriation.” Nosal, 676 F.3d at 863 (internal quotation marks omitted); see also Brekka,
581 F.3d at 1133 (“No language in the CFAA supports [the] argument that authorization to use a
computer ceases when an employee resolves to use the computer contrary to the employer’s
interests.”). Under this view of the CFAA, a person “exceeds [his] authorized access” only if he
“has permission to access the computer, but [then] accesses information on the computer that
[he] is not entitled to access.” Id. (emphases added).
The Courts of Appeals for the Fourth and Second Circuits concur with this reading of the
statute. Thus, the Fourth Circuit has held that “an employee ‘exceeds authorized access’ when
he has approval to access a computer, but uses his access to obtain or alter information that falls
outside the bounds of his approved access.” WEC Carolina Energy Sols., LLC v. Miller, 687
F.3d 199, 204 (4th Cir. 2012). The Second Circuit, likewise, has held that “by its plain terms the
statute is directed to improper ‘access’” and that the “exceeds authorized access” clause is best
construed to apply “where a user has permission to access the computer but proceeds to ‘exceed’
the parameters of authorized access by entering an area of the computer to which his
authorization does not extend.” United States v. Valle, 807 F.3d 508, 524 (2d Cir. 2015).
In short, unlike the Fifth, Seventh, and Eleventh Circuits, these Courts read both
potentially relevant clauses of the CFAA as targeted at unauthorized access to a computer
(“without authorization”) and particular files or “area[s]” (“exceeds authorized access”). They
do not read the statute to “extend to the improper use of information validly accessed.” WEC
Carolina, 687 F.3d at 204. For the reasons detailed in those decisions, this Court agrees.
Although the Court recognizes that the statutory definition of “exceeds authorized
access” is not crystal clear, the Second, Fourth and Ninth Circuits have identified the more
persuasive reading of that phrase. It bears emphasis that, even without the benefit of the
definition, the relevant phrase—“exceeds authorized access”—focuses on “access” and not
“use.” Nor does the definition change that focus. To be sure, the definition refers to “use,” but it
does so in discussing a person’s “use” of his “access” to a computer “to obtain or alter
information in the computer that the accesser is not entitled so to obtain or alter,” 18 U.S.C. §
1030(e)(6), not his “use” of the information found on the computer. The operative term,
moreover, is “entitled;” a violation occurs only if the “accesser” is “not entitled” to obtain or to
alter the information. Id. And, in context, the most “sensible reading of ‘entitled’ is as a
synonym for ‘authorized.’” Nosal, 676 F.3d at 857. Thus, the CFAA prohibits the authorized
computer user from accessing “information” that he is not “authorized” to obtain or alter. The
statute says nothing about the misuse of information that the user was authorized to access.
Furthermore, the Court is cognizant that the CFAA is both a criminal and civil statute.
As a result, interpretations of its provisions apply across both domains. See Leocal v. Ashcroft,
543 U.S. 1, 11 n.8 (2004). Construing the CFAA to impose criminal liability for the violation of
private computer use policies would “criminalize the conduct of millions of ordinary computer
users.” Valle, 807 F.3d at 527. It is safe to assume that, had Congress intended to impose
criminal penalties on such a broad swath of conduct ordinarily left to local employment and tort
law, it would have done so with far greater clarity. See Nosal, 676 F.3d at 859; WEC Carolina,
687 F.3d at 206 (“[T]he [plaintiff’s] theory has far-reaching effects unintended by Congress.”).
A similar concern is reflected in the rule of lenity, which counsels in favor of reading ambiguous
statutes in a manner that “ensure[s] both that there is fair warning of the boundaries of criminal
conduct and that legislatures, not courts, define criminal liability.” Crandon v. United States,
494 U.S. 152, 158 (1990); see also United States v. Santos, 553 U.S. 507, 514 (2008).
Finally, this reading of the statute comports with other decisions of this Court. See Econ.
Research Servs., Inc. v. Resolution Econ., LLC, 208 F. Supp. 3d 219, 232 (D.D.C. 2016); Roe v.
Bernabei & Wachtel PLLC, 85 F. Supp. 3d 89, 103 (D.D.C. 2015); Lewis-Burke Assocs., LLC v.
Widder, 725 F. Supp. 2d 187, 194 (D.D.C. 2010). In each of those cases, as here, the Court
concluded that the CFAA “speaks only of authorized access to data and not of use.” Bernabei &
Wachtel PLLC, 85 F. Supp. 3d at 103 (internal quotation marks omitted). That view represents
the best reading of the statute, it is consistent with the purpose of the CFAA to target “hackers,”
Brekka, 581 F.3d at 1130; WEC Carolina, 687 F.3d at 207, and it avoids creating uncertainty
regarding the breadth of the criminal law.
Returning to the case at hand, the Court must determine whether Hedgeye’s proposed
complaint adequately alleges that Heldman “exceeded [his] authorized access” to particular files
by violating a restriction on his authority to access those files. The pleading contains conclusory
allegations that Heldman “accessed” files “to which he did not have authorized access.” Dkt. 384 at 7 (Prop. Compl. ¶¶ 41–43). The Court need not, however, credit legal conclusions that are
not supported by factual allegations, Iqbal, 556 U.S. at 678–79, and the risk of doing so in this
context—where there is substantial dispute in the law about the meaning of the legal terms that
are parroted in the claim—is particularly acute. The relevant factual allegations, moreover,
suggest that Hedgeye’s proposed CFAA claim likely falls on the wrong side of the legal divide
discussed above. Most notably, the sole factual allegation that purports to define the conditions
that were imposed on Heldman’s use of the Hedgeye computer system does not indicate that he
was denied access to particular files or segments of the system. Instead, that allegation posits
that Heldman received “compliance training” and was instructed (1) that he had a “duty of
confidentiality,” (2) that Hedgeye’s “computers were for business use” alone, and (3) that
“information on [Hedgeye’s] system was the property of [Hedgeye].” Dkt. 38-4 at 7 (Prop.
Compl. ¶ 39). All of those instructions echo the theory of the “exceeds authorized access” clause
that the Court considered, and rejected, above.
The Court, accordingly, concludes that the allegations contained in Hedgeye’s proposed
complaint fail to state a claim and that, as a result, the proposed amendment is futile. The Court
will, however, permit Hedgeye to renew its motion—if it can in good faith allege a claim
consistent with the construction of the CFAA set forth above.
Finally, Hedgeye’s proposed complaint would assert a conversion claim against Heldman
and HSP. Dkt. 38-4 at 8 (Prop. Compl. ¶¶ 47–51). Hedgeye alleges the following in support of
this claim: (1) “Heldman converted propriet[ar]y ideas and information from [Hedgeye],
including, but not limited to, customer lists, employee lists, employee salaries, proprietary
research and customer payments,” id. (Prop. Compl. ¶ 48); (2) “Heldman used and shared these
converted ideas and information with . . . [HSP],” id. (Prop. Compl. ¶ 49); (3) “Both [Heldman
and HSP] disseminated these ideas and information causing damage to [Hedgeye] because these
ideas and information were not widely known,” id. (Prop. Compl. ¶ 50); and (4) “Both [Heldman
and HSP] also caused damage by exercising dominion over these ideas and information” in a
way that was “inconsistent with [Hedgeye’s] ownership,” id. (Prop. Compl. ¶ 51).
To state a claim for conversion under District of Columbia law, a plaintiff must allege
“(1) an unlawful exercise, (2) of ownership, dominion, or control, (3) over the personal property
of another, (4) in denial or repudiation of that person’s rights thereto.” Campbell v. Nat’l Union
Fire Ins. Co. of Pittsburgh, 130 F. Supp. 3d 236, 258 (D.D.C. 2015) (quoting Johnson v.
McCool, 808 F. Supp. 2d 304, 308 (D.D.C. 2011)). The proposed complaint, however, offers
little more than conclusory assertions that Heldman “converted” Hedgeye’s property and
“exercis[ed] dominion over [Hedgeye’s] ideas and information.” Dkt. 38-4 at 8 (Prop. Compl.
¶¶ 48, 51). “[T]he tenet that a court must accept as true all of the allegations contained in a
complaint is inapplicable to legal conclusions.” Iqbal, 556 U.S. at 678. To plead the element of
“ownership, dominion, or control,” a plaintiff must allege that the defendant “d[id] something
that ‘seriously interfere[d]’ with the plaintiff’s right to control the property in question.” Council
on Am.-Islamic Relations Action Network, Inc. v. Gaubatz, 793 F. Supp. 2d 311, 340 (D.D.C.
2011) (quoting Blanken v. Harris, Upham & Co., Inc., 359 A.2d 281, 283 (D.C. 1976)).
Hedgeye’s proposed complaint “is devoid of factual allegations indicating that [Heldman and
HSP] exercised the requisite ownership, dominion, or control over [Hedgeye’s] electronic data.”
Id. The proposed complaint does not allege, for instance, that Heldman deleted or destroyed the
materials in question or even that Heldman copied them. Because the proposed complaint fails
to state a claim for conversion, the Court will deny Hedgeye leave to amend, but will, again,
permit Hedgeye to renew its motion if it can identify specific property that Defendants allegedly
misappropriated and the means by which they did so.
For the reasons stated above, Defendants’ motion for summary judgment, Dkt. 29, is
hereby DENIED without prejudice. Defendants’ motion to dismiss, Dkt. 29, is hereby
GRANTED in part and DENIED in part. Plaintiff’s motion for leave to amend, Dkt. 38, is
hereby DENIED without prejudice.
/s/ Randolph D. Moss
RANDOLPH D. MOSS
United States District Judge
Date: September 23, 2017
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?