Filing 41

MEMORANDUM OPINION AND ORDER: Upon consideration of Defendants' Motion To Dismiss or, in the Alternative, for Summary Judgment 29 and Plaintiff's Motion for Leave To Amend Plaintiff's First Amended Complaint 38 , it is hereby ORDERE D that Defendant's Motion for Summary Judgment 29 is DENIED as premature; Defendant's Motion To Dismiss 29 is GRANTED in part and DENIED in part; and Plaintiff's Motion for Leave To Amend Plaintiff's First Amended Complaint 38 is DENIED. See document for details. Signed by Judge Randolph D. Moss on 9/23/2017. (lcrdm2)

Download PDF
UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA HEDGEYE RISK MANAGEMENT, LLC, Plaintiff, v. Civil Action No. 16-935 (RDM) PAUL HELDMAN, et al., Defendants. MEMORANDUM OPINION AND ORDER This is round two in a dispute between an investment advisory company, Hedgeye Risk Management, and one of its former employees, Paul Heldman. Hedgeye purchased the assets of Heldman’s former employer, Potomac Research Group (“PRG”), in December 2015. After the purchase, Hedgeye and Heldman were unable to come to terms on an employment agreement. Heldman, accordingly, left Hedgeye after just five weeks to start his own firm. In round one, Hedgeye brought suit against Heldman and his new company, Heldman Simpson Partners (“HSP”), seeking, among other things, a preliminary injunction to enforce non-compete and nonsolicitation clauses in Heldman’s employment contract with PRG. Defendants, in turn, opposed Hedgeye’s motion and moved to dismiss or, in the alternative, for summary judgment. The Court agreed with Defendants and, thus, denied Hedgeye’s motion for a preliminary injunction, granted Defendants summary judgment on Hedgeye’s claim for breach of the non-compete and non-solicitation provisions, and dismissed Hedgeye’s remaining claims without prejudice. See Hedgeye Risk Mgmt., LLC v. Heldman, 196 F. Supp. 3d 40 (D.D.C. 2016). In round two, Hedgeye has now filed an amended complaint renewing and supplementing its claims for breach of fiduciary duty, interference with advantageous business relations, and constructive trust. And, once again, Heldman and HSP have moved to dismiss or, in the alternative, for summary judgment. Hedgeye opposes that motion and also seeks leave to file a second amended complaint, which would add claims for violation of the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030, and conversion. For the reasons that follow, the Court will DENY Defendants’ motion for summary judgment without prejudice, will GRANT in part and DENY in part Defendants’ motion to dismiss, and will DENY without prejudice Hedgeye’s motion for leave to amend. I. BACKGROUND The Court recounted much of the relevant background in its prior opinion, see Hedgeye, 196 F. Supp. 3d at 42–45, and will, accordingly, only briefly outline the facts and allegations relevant to the pending motions. In considering Heldman’s motion to dismiss and Hedgeye’s motion for leave to amend, moreover, the Court will accept Hedgeye’s factual allegations as true. See Ashcroft v. Iqbal, 556 U.S. 662, 679 (2009). Although that standard does not apply to Heldman’s motion for summary judgment, Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 248– 49 (1986), that distinction will have no bearing on the Court’s decision for reasons explained below, see infra Part II.A. Hedgeye is an investment advisory firm that “provides financial and economic research and analysis to institutional investors and newsletter products to mass market customers.” Dkt. 28 at 2 (Am. Compl. ¶ 5). On December 15, 2015, Hedgeye purchased the assets of Heldman’s employer, PRG. Id. (Am. Compl. ¶ 8). Heldman worked for Hedgeye for approximately five weeks following the sale. Id. (Am. Compl. ¶ 9). He left on January 21, 2016 to found HSP, which “directly competes with Hedgeye.” Id. at 2–3 (Am. Compl. ¶¶ 11, 20). 2 While he was still employed by Hedgeye, Heldman allegedly recruited Hedgeye employees, solicited Hedgeye clients, and used Hedgeye resources to start his own firm. Hedgeye alleges, for example, that Heldman “recruited two other Hedgeye employees to join him in the new business.” Id. at 3 (Am. Compl. ¶ 20). In addition, although the amended complaint does not identify any particular companies, Hedgeye alleges—on “information and belief”—that Heldman solicited Hedgeye’s clients before leaving the firm. 1 Id. at 4 (Am. Compl. ¶ 22). Finally, Hedgeye alleges that Heldman “used [Hedgeye’s] instrumentalities to start his business while he was still employed with Hedgeye.” Id. at 3 (Am. Compl. ¶ 19). After Heldman’s exit, Hedgeye enlisted Setec Security Technologies, Inc. (“Setec”) “to perform a forensic examination of the laptop computer used by Heldman.” Id. at 2 (Am. Compl. ¶ 12). Setec’s investigation revealed the following: First, “Heldman’s computer was found to have logged several USB storage devices during his employment with Hedgeye,” which Hedgeye asserts “suggest[s] improper information downloads.” Id. at 3 (Am. Compl. ¶ 14). Second, Heldman “open[ed] a large number of files and folders on the Hedgeye network shared drive,” including “[d]ozens of . . . files and folders [that were] highly sensitive and contain[ed] documents that Heldman would not have . . . access[ed] in his normal and ordinary course of business.” Id. (Am. Compl. ¶¶ 15–16). Third, “many emails were sent [by Heldman] to individuals requesting in-person meetings.” Id. (Am. Compl. ¶ 17). Fourth, “Heldman’s web- 1 Without this temporal limitation, the amended complaint alleges generally that, “[a]s a result of Heldman’s activities, several clients have left Hedgeye, or have moved all or portions of their business from Hedgeye, including Partner Fund Management, L.P. (U.S.) and Redmile [G]roup, LLC,” which has “had a significant and detrimental financial impact [on] Hedgeye’s revenue.” Dkt. 28 at 4 (Am. Compl. ¶¶ 23–24). There is a material difference, however, between soliciting Hedgeye’s clients while still employed by Hedgeye and competing for those clients after leaving the firm. With respect to the specific clients referenced in the amended complaint, Hedgeye fails to address this critical distinction. 3 browsing history revealed contact lookups, contact searches and dozens of individual contacts being referenced in late December 2015, through January 13, 2016.” Id. (Am. Compl. ¶ 18). Against this backdrop, the amended complaint asserts three causes of action. First, Hedgeye alleges that Heldman breached his duty of loyalty to Hedgeye “by actively soliciting [Hedgeye’s] clients and employees while employed [by] Hedgeye” and “by using and appropriating confidential and sensitive Hedgeye information” through the use of “Hedgeye instrumentalities.” Id. at 4 (Am. Compl. ¶ 28). Second, it avers that Heldman tortiously interfered with Hedgeye’s “business relationships.” Id. at 5 (Am. Compl. ¶ 31). Third, it asserts a claim for “constructive trust” and requests that the Court declare that “Defendants are involuntary trustees holding . . . profits in constructive trust” for Hedgeye. Id. at 6 (Am. Compl. ¶ 36). Defendants move to dismiss and, in the alternative, move for summary judgment. Dkt. 30. Hedgeye opposes both motions, Dkt. 33, and also moves for leave to file a second amended complaint, Dkt. 38, which would add claims for violation of the CFAA and for common law conversion. II. ANALYSIS A. Defendants’ Motion for Summary Judgment As an initial matter, the Court concludes that Defendants’ motion for summary judgment is premature. That motion is supported by Heldman’s own declaration, which denies the core allegations of the amended complaint. He attests, for example, that before his departure he “worked diligently with the best interests of Hedgeye in mind” and “sought to contact clients who had engaged PRG in order to facilitate a transition of their business to Hedgeye,” Dkt. 30-1 at 2 (Heldman Decl. ¶ 6); that, while he worked at Hedgeye, he “did not access or review any files, folders, documents or information that [he] was not authorized to access,” id. (Heldman 4 Decl. ¶ 8); that he has not “used any property or information belonging to Hedgeye” while at HSP, id. at 3 (Heldman Decl. ¶ 9); that “[a]t no time while [he] worked at Hedgeye did [he] suggest or request that a client move its business away from Hegdeye,” id. (Heldman Decl. ¶ 12); and that he “did not encourage” the two former Hedgeye employees who joined him at HSP “to terminate their employment with Hedgeye” but, rather, that “they approached [him],” id. at 4 (Heldman Decl. ¶ 15). Although Heldman’s declaration provides important evidence, it is asking too much to require Hedgeye to controvert this evidence without first having any opportunity to engage in discovery. Federal Rule of Civil Procedure 56(d) speaks directly to this concern and provides that, “[i]f a nonmovant shows by affidavit or declaration that, for specified reasons, it cannot present facts essential to justify its opposition,” the Court may deny the motion and permit the nonmovant to take appropriate discovery. Fed. R. Civ. P. 56(d). Such an affidavit must satisfy three criteria. See Convertino v. U.S. Dep’t of Justice, 684 F.3d 93, 99–100 (D.C. Cir. 2012); see also U.S. ex rel. Folliard v. Gov’t Acquisitions, Inc., 764 F.3d 19, 26 (D.C. Cir. 2014) (“[D]istrict courts must assess all the requirements discussed in Convertino.”). First, it must “outline the particular facts [the party] intends to discover and describe why those facts are necessary to the litigation.” Convertino, 684 F.3d at 99. Second, it must explain “why [the party] could not produce [the facts] in opposition to the motion [for summary judgment].” Id. at 99–100 (second and third alterations in original) (quoting Carpenter v. Fed. Nat’l Mortg. Ass’n, 174 F.3d 231, 237 (D.C. Cir. 1999)). Finally, the affidavit must demonstrate that “the information is in fact discoverable.” Id. at 100. Consistent with Rule 56(d) and these requirements, Hedgeye has submitted an affidavit describing the specific discovery it needs to respond to Defendants’ motion for summary 5 judgment. As explained in that affidavit, Hedgeye seeks to discover two categories of information: (1) “the nature of [the] conversations . . . Heldman had with approximately eleven clients of [Hedgeye] who subsequently hired [HSP] . . . and [with] two employees who subsequently left Hedgeye for [HSP],” and (2) “facts surrounding how [Heldman] used [Hedgeye’s] property and highly proprietary intellectual property to start [HSP] . . . includ[ing] whether [Hedgeye’s] proprietary data can be found on [HSP’s] systems and whether Defendants used such data in the production of their research reports.” Dkt. 33-1 at 1 (Prisby Aff. ¶¶ 1–2). The affidavit also explains that Hedgeye has been unable to obtain this information “despite diligent investigation” because it has not been able “to depose Heldman, the departed Hedgeye employees, or anyone at the Hedgeye client firms,” nor has it had the chance to inspect Heldman’s Hedgeye-issued smartphone or HSP’s “electronic storage systems.” Id. at 2 (Prisby Aff. ¶¶ 3–4). Importantly, the affidavit further avers that several former Hedgeye clients have stated that they will not “provide testimony” without a subpoena. Id. (Prisby Aff. ¶ 3). Finally, the affidavit attests that Hedgeye would be able to obtain this information if permitted to depose witnesses and to inspect the electronic devices and systems in question. Id. (Prisby Aff. ¶ 5). The affidavit readily satisfies the requirements of Rule 56(d), as explicated by the D.C. Circuit. Because “summary judgment is [typically] premature unless all parties have ‘had a full opportunity to conduct discovery,’” Convertino, 684 F.3d at 99 (quoting Liberty Lobby, 477 U.S. at 257), and because Hedgeye has made the required showing, the Court will deny Defendants’ motion for summary judgment as premature. Heldman, of course, remains free to move for summary judgment after Hedgeye has had the opportunity to take appropriate discovery. 2 2 The Court recognizes the burden that discovery might impose on both parties by, among other things, potentially intruding on existing business relationships, and it will monitor the discovery 6 B. Defendants’ Motion To Dismiss To survive a motion to dismiss, a complaint “must contain sufficient factual matter, accepted as true, to ‘state a claim to relief that is plausible on its face.’” Iqbal, 556 U.S. at 678 (quoting Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007)). The “plausibility standard . . . asks for more than a sheer possibility that a defendant has acted unlawfully.” Id. To meet the threshold of plausibility, the plaintiff must plead “factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Id. The Court, in assessing plausibility, must “assume [the] veracity” of “well-pleaded factual allegations,” id. at 679, and it must “grant [the] plaintiff the benefit of all inferences that can be derived from the facts alleged,” Sparrow v. United Air Lines, Inc., 216 F.3d 1111, 1113 (D.C. Cir. 2000) (internal quotation marks omitted). Unlike well-pleaded factual assertions, however, “[t]hreadbare recitals of the elements of a cause of action [and] mere conclusory statements” are “not entitled to the assumption of truth.” Iqbal, 556 U.S. at 678–79. 1. Breach of Fiduciary Duty The Court concludes that Hedgeye’s amended complaint includes enough factual detail to state a plausible claim for breach of fiduciary duty. To plead a claim for breach of fiduciary duty under D.C. law, a plaintiff must allege facts sufficient to show that (1) the defendant owed the plaintiff a fiduciary duty; (2) the defendant breached that duty; and (3) the breach proximately caused an injury. See Dorsey v. Am. Express Co., 680 F. Supp. 2d 250, 254 (D.D.C. 2010). For present purposes, Defendants focus on only the second element and argue that “Hedgeye does not allege any facts showing an actual breach of [Heldman’s] duty of loyalty.” Dkt. 30 at 12. process to ensure that any discovery is “proportional to the needs of the case,” as specified in Rule 26(b). See Fed R. Civ. P. 26(b)(1). 7 As Defendants observe, an employee “is entitled to make arrangements to compete” with his employer—even before terminating his employment—subject to several limitations. Mercer Mgmt. Consulting, Inc. v. Wilde, 920 F. Supp. 219, 233 (D.D.C. 1996) (quoting Restatement (Second) of Agency § 393 cmt. e). The employee, “[i]n preparing to compete, . . . may not commit fraudulent, unfair, or wrongful acts, such as misuse of confidential information.” Id. at 234 (citing Sci. Accessories Corp. v. Summagraphics Corp., 425 A.2d 957, 965 (Del. 1980). And the employee “must refrain from actively and directly competing with [his existing] employer for customers and employees” through solicitation, while he is still employed. Id. (quoting William M. Fletcher, Fletcher Cyclopedia of the Law of Private Corporations § 856 (1994)). Hedgeye alleges that Heldman misused proprietary information and solicited Hedgeye clients and employees. See Dkt. 28 at 4 (Am. Compl. ¶ 28). Unlike Hedgeye’s original complaint, moreover, the amended complaint alleges facts that permit a reasonable inference that Heldman used Hedgeye resources for his own benefit, and to Hedgeye’s detriment, before he left the company. The amended complaint asserts that Heldman formed a competing firm and staffed it with Hedgeye employees within just a week or so of his departure. Id. at 3 (Am. Compl. ¶ 20). More importantly, it alleges that, while still employed by Hedgeye, Heldman engaged in conduct arguably indicative of efforts to misappropriate Hedgeye’s proprietary information and customer base. The amended complaint avers, for example, that Heldman connected storage devices to his computer, accessed a large number of files and folders on the Hedgeye shared drive that he ordinarily would not have accessed, searched for contacts, and requested in-person meetings. Id. at 3 (Am. Compl. ¶¶ 14–18). Although it is certainly possible—as Heldman asserts—that all of his actions were entirely innocent, the Court may not 8 make factual findings on a motion to dismiss, and the allegations that Hedgeye has added in its amended complaint elevate Hedgeye’s breach of fiduciary duty claim from merely “possible” to “plausible.” Iqbal, 556 U.S. at 678. Defendants offer three arguments in support of their motion to dismiss. First, they attack Hedgeye’s need to rely upon its “information and belief” in alleging that Heldman solicited the firm’s clients, Dkt. 30 at 14 (quoting Dkt. 28 at 4 (Am. Compl. ¶ 22)), and they emphasize that the amended complaint “does not identify a single client [that] was solicited by Heldman,” id. at 6. Although Heldman is correct that a plaintiff must offer “more than labels and conclusions,” id. at 14, that requirement extends to the complaint as a whole, not to each individual allegation within it. Even after the Supreme Court’s decisions in Twombly and Iqbal, a plaintiff may still plead facts upon information and belief “where the facts are peculiarly within the possession and control of the defendant, or where the belief is based on factual information that makes the inference of culpability plausible.” Evangelou v. District of Columbia, 901 F. Supp. 2d, 159, 170 (D.D.C. 2012) (quoting Arista Records LLC v. Doe 3, 604 F.3d 110, 120 (2d Cir. 2010)); see Kelleher v. Dream Catcher, L.L.C., --- F. Supp. ---, No. 16-2092, 2017 WL 3499961, at *2 (D.D.C. Aug. 15, 2017). Hedgeye’s allegation that Heldman solicited the firm’s clients while still employed by Hedgeye is supported, moreover, by specific—albeit inconclusive—factual allegations regarding Heldman’s use of his computer and electronic files during his final weeks at the firm. Thus, although Hedgeye does not identify particular clients that Heldman allegedly solicited while employed by Hedgeye, the complaint nonetheless clears the modest hurdle of alleging sufficient facts to “state a claim to relief that is plausible on its face.” Twombly, 550 U.S. at 570. 9 Second, Defendants posit an alternative explanation for Setec’s findings, reasoning that they are “consistent with Heldman’s proper, lawful, and loyal conduct seeking to ensure that PRG clients would continue to use Hedgeye after the sale.” Dkt. 30 at 12. That argument, however, misapprehends the standard governing a motion to dismiss. The question is not whether Heldman’s actions admit of an innocent explanation or, indeed, who is right about what happened. Rather, at this early stage of the litigation, the Court’s role is limited to deciding whether the amended complaint contains sufficient “factual content” to permit the Court “to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Iqbal, 556 U.S. at 678. As a result, a complaint will survive a motion to dismiss “even ‘[i]f there are two alternative explanations, one advanced by [the] defendant and the other advanced by [the] plaintiff, both of which are plausible.’” Banneker Ventures, LLC v. Graham, 798 F.3d 1119, 1129 (D.C. Cir. 2015) (alterations in original) (quoting Starr v. Baca, 652 F.3d 1202, 1216 (9th Cir. 2011)). In other words, “a well-pleaded complaint may proceed even if it strikes a savvy judge that actual proof of those facts is improbable, and that a recovery is very remote and unlikely.” Twombly, 550 U.S. at 556 (internal quotation marks omitted). Although Heldman may ultimately prevail on the merits, his alternative explanation for the facts alleged in the amended complaint does not render Hedgeye’s theory of the case implausible. Finally, Defendants cite a number of decisions holding that “it is not solicitation or a breach of an employee’s fiduciary duty to inform his employer’s clients that he intends to leave . . . or even to start his own competing business.” Dkt. 30 at 14; see id. at 12–14 (citing BroTech Corp. v. Thermax, Inc., 651 F. Supp. 2d 378, 414 (E.D. Pa. 2009); Mercer Mgmt. Consulting, 920 F. Supp. at 234; Benfield, Inc. v. Moline, No. 04-3513, 2006 WL 452903, at *6 (D. Minn. Feb. 22, 2006)). Hedgeye does not take issue with that statement of the law. It is 10 beside the point, however, because Hedgeye alleges that Heldman did more than this; it alleges that Heldman solicited Hedgeye’s clients and used Hedgeye’s resources and proprietary information while still employed at Hedgeye. The Court will therefore deny the motion to dismiss Hedgeye’s claim for breach of fiduciary duty. 2. Tortious Interference with Business Relations Hedgeye also alleges that Heldman interfered with Hedgeye’s business relations. Dkt. 28 at 5 (Am. Compl. ¶¶ 31–32). “To survive a motion to dismiss on this claim, [Hedgeye] must plead ‘(1) the existence of a valid business relationship or expectancy, (2) knowledge of the relationship or expectancy on the part of the interferer, (3) intentional interference inducing or causing a breach or termination of the relationship or expectancy, and (4) resultant damage.’” Browning v. Clinton, 292 F.3d 235, 242 (D.C. Cir. 2002) (quoting Bennett Enters. v. Domino’s Pizza, Inc., 45 F.3d 493, 499 (D.C. Cir. 1995)). Defendants contend that the amended complaint fails to allege sufficient facts to satisfy the third and fourth elements of the tort. Dkt. 30 at 14– 15. Hedgeye, in turn, offers no response to Defendants’ contentions. See generally Dkt. 33. “It is well understood in this Circuit that when a plaintiff files an opposition to a dispositive motion and addresses only certain arguments raised by the defendant, a court may treat those arguments that the plaintiff failed to address as conceded.” 3 Xenophon Strategies, 3 In a related context, the D.C. Circuit has “expressed concern about the interaction of Local Rule 7(b),” which permits the Court to treat a motion that is not opposed in a timely manner as conceded, and Federal Rule of Civil Procedure 12(b)(6). Washington v. United States, --- F. Supp. 3d ---, No. 17-111, 2017 WL 1232400, at *1 (D.D.C. Apr. 3, 2017); see also Texas v. United States, 798 F.3d 1108, 1110 (D.C. Cir. 2015) (noting that Local Rule 7(b) “is understood to mean that if a party files an opposition to a motion and therein addresses only some of the movant’s arguments, the court may treat the unaddressed arguments as conceded” (quoting Wannall v. Honeywell, Inc., 775 F.3d 425, 428 (D.C. Cir. 2014))). The Court of Appeals, however, has nonetheless affirmed the discretion of district courts to apply Local Rule 7(b) to 11 Inc. v. Jernigan Copeland & Anderson, PLLC, --- F. Supp. 3d ---, No. 15-1774, 2017 WL 3278839, at *7 (D.D.C. Aug. 1, 2017) (quoting Hopkins v. Women’s Div., Gen. Bd. of Glob. Ministries, 284 F. Supp. 15, 25 (D.D.C. 2003)); see also Davis v. Transp. Sec. Admin., --- F. Supp. 3d ---, No. 15-135, 2017 WL 3723862, at *3 (D.D.C. Aug. 28, 2017) (quoting Xenophon Strategies, 2017 WL 3278839, at *7). The present context presents a particularly compelling setting for applying the rule that unopposed arguments may be treated as conceded: Hedgeye is represented by counsel; Defendants unambiguously moved to dismiss the tortious interference claim; and Hedgeye unambiguously failed to respond to that entire section of Defendants’ motion. Because Hedgeye otherwise opposed Defendants’ motion, it is fair to infer that Hedgeye made a considered—and perhaps strategic—decision not to oppose dismissal of the tortious interference claim. That inference finds further support, moreover, in counsel’s concession during round one of this litigation that a similar claim in Hedgeye’s original complaint was simply “derivative of its other claims.” Hedgeye, 196 F. Supp. 3d at 53. It is one thing for the Court to ensure that an unopposed, dispositive motion has legal merit, see Cohen v. Bd. of Trustees of Univ. of D.C., 819 F.3d 476, 480 (D.C. Cir. 2016); it is altogether a different thing for the Court to second guess the decisions made by counsel regarding which arguments to counter and which to leave unanswered. The Court will, accordingly, grant Defendants’ motion to dismiss the amended complaint’s tortious interference claim as conceded but will do so without prejudice. unopposed motions to dismiss, so long as such a dismissal is without prejudice. See Cohen v. Bd. of Trustees of Univ. of D.C., 819 F.3d 476, 480 (D.C. Cir. 2016). 12 3. Constructive Trust The amended complaint’s request for a constructive trust is styled as a third cause of action. See Dkt. 28 at 5–6 (Am. Compl. ¶¶ 33–36). Defendants argue that “a constructive trust is not a cause of action, but rather a remedy.” Dkt. 30 at 16. In its opposition, Hedgeye concedes that a constructive trust “is an equitable remedy” and volunteers to move its request “to its prayer for relief.” Dkt. 33 at 7. The Court will grant Defendants’ motion to dismiss this count for failure to state a claim and will treat the request for a constructive trust as part of Hedgeye’s request for relief. C. Hedgeye’s Motion To Amend Hedgeye seeks leave to file a second amended complaint, principally for the purpose of adding two new claims—one for a violation of the CFAA and one for conversion. The Court will deny that motion, but will provide Hedgeye with the opportunity, if possible, to cure the deficiencies discussed below. Under the Federal Rules of Civil Procedure, the Court must “freely” grant leave to amend “when justice so requires.” Fed. R. Civ. P. 15(a)(2). Although the Supreme Court has admonished that “this mandate is to be heeded,” Foman v. Davis, 371 U.S. 178, 182 (1962), that does not mean that a motion for leave to amend must be granted as a matter of course. Rather, the Court must consider whether “any apparent or declared reason—such as undue delay, bad faith or dilatory motive on the part of the movant, repeated failure to cure deficiencies by amendments previously allowed, undue prejudice to the opposing party . . . [or] futility of amendment”—counsels against allowing the proposed amendment. Id. For present purposes, only one of these factors—futility—is relevant. That factor, however, is also dispositive. 13 1. Computer Fraud and Abuse Act Hedgeye’s first proposed amendment would add a claim against Heldman (but not HSP) for allegedly violating the CFAA. The proposed amendment avers that Heldman violated 18 U.S.C. § 1030(a)(4) by “knowingly and with intent to defraud, access[ing] a protected computer without authorization, or exceed[ing] [his] authorized access, and by means of such conduct further[ing] the intended fraud and obtain[ing] [some]thing of value.” 18 U.S.C. § 1030(a)(4); see also Dkt. 38-4 at 6–7 (Prop. Compl. ¶ 38) (tracking § 1030(a)(4)). In support of this claim, Hedgeye alleges that Heldman was informed of his duty of confidentiality; that he was notified that Hedgeye’s “computers were for business use . . . and that information on its systems was the property of” Hedgeye; that he nevertheless “accessed a series of highly confidential documents” and “may have . . . altered or disclosed” those documents; and that he accessed specific documents that he was not “authorized to access.” Dkt. 38-4 at 7 (Prop. Compl. ¶¶ 39–44). Defendants, in response, assert that the amendment would be futile because Hedgeye has failed to plead facts sufficient to satisfy (1) the “protected computer” element and (2) the “without authorization” or “exceeds authorized access” element of § 1030(a)(4). Dkt. 39 at 7–8. a. Access to a “Protected Computer” Defendants’ first argument—that Hedgeye has not adequately pled that he accessed a “protected computer”—carries little force. The CFAA defines both “computer” and “protected computer.” The term “computer” means “an electronic, magnetic, optical, electrochemical, or other high speed data processing device performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device.” 18 U.S.C. § 1030(e)(1). The term “protected computer” means “a computer . . . which is used in or affecting interstate or foreign commerce or communication.” Id. § 1030(e)(2). In light of these broad definitions, “effectively all computers with Internet 14 access” constitute “protected computers.” United States v. Nosal, 676 F.3d 854, 859 (9th Cir. 2012) (en banc); see also United States v. Yücel, 97 F. Supp. 3d 413, 418–19 (S.D.N.Y. 2015) (collecting cases and noting “widespread agreement in the case law on the meaning of ‘protected computer’”); Human Touch DC, Inc. v. Merriweather, No. 15-741, 2015 WL 12564166, at *4 (D.D.C. May 26, 2015) (holding that “the computer from which [the defendant] obtained the information at issue was ‘protected’” because it “was connected to the internet”). Heldman gestures at the argument that the proposed second amended complaint (“proposed complaint”) merely alleges that he accessed “documents” and does not assert that he found those documents on a “protected computer.” Dkt. 39 at 7. But, as Hedgeye notes, it is “abundantly clear from the [proposed] complaint . . . [that] [Hedgeye] was referring to electronically stored documents.” Dkt. 40 at 4. It is equally clear, moreover, that Hedgeye alleges that those “electronically stored documents” were found on, or accessed through, computers that were connected to the Internet. The proposed pleading, for example, alleges that (1) Setec “perform[ed] a forensic examination of the laptop computer used by Heldman during his employment with Hedgeye,” Dkt. 38-4 at 2 (Prop. Compl. ¶ 12); (2) “Setec looked for . . . suspicious emails, . . . suspicious internet browsing and search history, and nonstandard file access,” id. (Prop. Compl. ¶ 13); (3) Heldman “open[ed] a large number of files and folders on the Hedgeye network shared drive,” id. at 3 (Prop. Compl. ¶ 15); and (4) “many emails were sent [by Heldman] to individuals requesting in-person meetings,” id. (Prop. Compl. ¶ 17). These allegations are more than sufficient to satisfy the “protected computer” element of a CFAA claim. 15 b. “Without Authorization” or “Exceeds Authorized Access” Hedgeye’s effort to satisfy the “without authorization” or “exceeds authorized access” element, however, does not fare as well. As an initial matter, the Court notes that Hedgeye fails to offer any response to Defendants’ argument on this point, and, for the reasons explained above, see supra Part II.B.2, that would justify treating the issue as conceded and denying Hegdeye’s motion for leave to amend. Nonetheless, to avoid future confusion, the Court will address the substance of Defendants’ contention. Hedgeye’s proposed CFAA claim turns on the allegation that Heldman accessed files “to which he did not have authorized access.” Dkt. 38-4 at 7 (Prop. Compl. ¶¶ 41–42). This allegation parallels 18 U.S.C. § 1030(a)(4), which applies to those who either “access[] a protected computer without authorization” or “exceed[] [their] authorized access” in obtaining information. Although the meaning of the first clause—“without authorization”—is fairly straightforward, the second clause—“exceeds authorized access”—has generated substantial debate and disagreement. In the present context, not a great deal turns on the first clause because the proposed complaint plainly fails to allege that Heldman “accesse[d] a . . . computer without authorization.” This is not a case, for example, in which the plaintiff alleges that a former employee hacked into a computer system, used someone else’s credentials, or managed to access a private server after leaving the firm. There is no suggestion that Heldman lacked permission to access “the laptop computer [he] used . . . during his employment with Hedgeye.” Dkt. 38-4 at 2 (Prop. Compl. ¶ 12). See LVRC Holdings LLC v. Brekka, 581 F.3d 1127, 1133 (9th Cir. 2009) (“[A]n employer gives an employee ‘authorization’ to access a company computer when the employer gives the employee permission to use it.”). Instead of asserting that Heldman accessed a computer without 16 authorization, the proposed complaint alleges that he accessed particular files “to which he did not have authorized access.” The “without authorization” prong, therefore, is inapplicable here. Application of the “exceeds authorized access” clause is less straightforward. That phrase is defined to mean “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.” 18 U.S.C. § 1030(e)(6). The question, then, is whether this clause applies only to someone who accesses information or particular files without authorization or, alternatively, whether it also reaches one who is authorized to access the information or files at issue but then uses those files or information for unauthorized purposes. See Nosal, 676 F.3d at 856–57. The D.C. Circuit has yet to opine on this issue, and the Courts of Appeals that have done so are divided. The Fifth, Seventh, and Eleventh Circuits have taken the latter, more expansive view of the “exceeds authorized access” clause. The Court of Appeals for the Fifth Circuit, for example, has held that an employee who is authorized “to utilize computers for any lawful purposes . . . and only in furtherance of the employer’s business” may run afoul of § 1030(a) “if he or she use[s] that access to obtain or [to] steal information as part of a criminal scheme.” United States v. John, 597 F.3d 263, 271 (5th Cir. 2010). Likewise, the Court of Appeals for the Eleventh Circuit has held that an individual who violates a clear employer policy barring use of databases for non-business purposes can be prosecuted under the CFAA for “exceed[ing] [his] authorized access” to a protected computer. United States v. Rodriguez, 628 F.3d 1258, 1263 (11th Cir. 2010). And, in perhaps the broadest reading of both the “without authorization” and “exceeds authorized access” prongs of the CFAA, the Court of Appeals for the Seventh Circuit has held that an employee’s authorization to access a computer system or computer files is “terminated” when the employee accesses the computer or files to harm his employer; that is, the employee’s 17 “breach of his duty of loyalty” may “terminate[] his agency relationship . . . and with it his authority to access the” computer. Int’l Airport Centers, LLC v. Citrin, 440 F.3d 418, 420–21 (7th Cir. 2006). That view of the law, however, has met with strong opposition from a number of other Courts of Appeals. In the words of the Court of Appeals for the Ninth Circuit, “the CFAA target[s] the unauthorized procurement or alteration of information, not its misuse or misappropriation.” Nosal, 676 F.3d at 863 (internal quotation marks omitted); see also Brekka, 581 F.3d at 1133 (“No language in the CFAA supports [the] argument that authorization to use a computer ceases when an employee resolves to use the computer contrary to the employer’s interests.”). Under this view of the CFAA, a person “exceeds [his] authorized access” only if he “has permission to access the computer, but [then] accesses information on the computer that [he] is not entitled to access.” Id. (emphases added). The Courts of Appeals for the Fourth and Second Circuits concur with this reading of the statute. Thus, the Fourth Circuit has held that “an employee ‘exceeds authorized access’ when he has approval to access a computer, but uses his access to obtain or alter information that falls outside the bounds of his approved access.” WEC Carolina Energy Sols., LLC v. Miller, 687 F.3d 199, 204 (4th Cir. 2012). The Second Circuit, likewise, has held that “by its plain terms the statute is directed to improper ‘access’” and that the “exceeds authorized access” clause is best construed to apply “where a user has permission to access the computer but proceeds to ‘exceed’ the parameters of authorized access by entering an area of the computer to which his authorization does not extend.” United States v. Valle, 807 F.3d 508, 524 (2d Cir. 2015). In short, unlike the Fifth, Seventh, and Eleventh Circuits, these Courts read both potentially relevant clauses of the CFAA as targeted at unauthorized access to a computer 18 (“without authorization”) and particular files or “area[s]” (“exceeds authorized access”). They do not read the statute to “extend[] to the improper use of information validly accessed.” WEC Carolina, 687 F.3d at 204. For the reasons detailed in those decisions, this Court agrees. Although the Court recognizes that the statutory definition of “exceeds authorized access” is not crystal clear, the Second, Fourth and Ninth Circuits have identified the more persuasive reading of that phrase. It bears emphasis that, even without the benefit of the definition, the relevant phrase—“exceeds authorized access”—focuses on “access” and not “use.” Nor does the definition change that focus. To be sure, the definition refers to “use,” but it does so in discussing a person’s “use” of his “access” to a computer “to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter,” 18 U.S.C. § 1030(e)(6), not his “use” of the information found on the computer. The operative term, moreover, is “entitled;” a violation occurs only if the “accesser” is “not entitled” to obtain or to alter the information. Id. And, in context, the most “sensible reading of ‘entitled’ is as a synonym for ‘authorized.’” Nosal, 676 F.3d at 857. Thus, the CFAA prohibits the authorized computer user from accessing “information” that he is not “authorized” to obtain or alter. The statute says nothing about the misuse of information that the user was authorized to access. Furthermore, the Court is cognizant that the CFAA is both a criminal and civil statute. As a result, interpretations of its provisions apply across both domains. See Leocal v. Ashcroft, 543 U.S. 1, 11 n.8 (2004). Construing the CFAA to impose criminal liability for the violation of private computer use policies would “criminalize the conduct of millions of ordinary computer users.” Valle, 807 F.3d at 527. It is safe to assume that, had Congress intended to impose criminal penalties on such a broad swath of conduct ordinarily left to local employment and tort law, it would have done so with far greater clarity. See Nosal, 676 F.3d at 859; WEC Carolina, 19 687 F.3d at 206 (“[T]he [plaintiff’s] theory has far-reaching effects unintended by Congress.”). A similar concern is reflected in the rule of lenity, which counsels in favor of reading ambiguous statutes in a manner that “ensure[s] both that there is fair warning of the boundaries of criminal conduct and that legislatures, not courts, define criminal liability.” Crandon v. United States, 494 U.S. 152, 158 (1990); see also United States v. Santos, 553 U.S. 507, 514 (2008). Finally, this reading of the statute comports with other decisions of this Court. See Econ. Research Servs., Inc. v. Resolution Econ., LLC, 208 F. Supp. 3d 219, 232 (D.D.C. 2016); Roe v. Bernabei & Wachtel PLLC, 85 F. Supp. 3d 89, 103 (D.D.C. 2015); Lewis-Burke Assocs., LLC v. Widder, 725 F. Supp. 2d 187, 194 (D.D.C. 2010). In each of those cases, as here, the Court concluded that the CFAA “speaks only of authorized access to data and not of use.” Bernabei & Wachtel PLLC, 85 F. Supp. 3d at 103 (internal quotation marks omitted). That view represents the best reading of the statute, it is consistent with the purpose of the CFAA to target “hackers,” Brekka, 581 F.3d at 1130; WEC Carolina, 687 F.3d at 207, and it avoids creating uncertainty regarding the breadth of the criminal law. Returning to the case at hand, the Court must determine whether Hedgeye’s proposed complaint adequately alleges that Heldman “exceeded [his] authorized access” to particular files by violating a restriction on his authority to access those files. The pleading contains conclusory allegations that Heldman “accessed” files “to which he did not have authorized access.” Dkt. 384 at 7 (Prop. Compl. ¶¶ 41–43). The Court need not, however, credit legal conclusions that are not supported by factual allegations, Iqbal, 556 U.S. at 678–79, and the risk of doing so in this context—where there is substantial dispute in the law about the meaning of the legal terms that are parroted in the claim—is particularly acute. The relevant factual allegations, moreover, suggest that Hedgeye’s proposed CFAA claim likely falls on the wrong side of the legal divide 20 discussed above. Most notably, the sole factual allegation that purports to define the conditions that were imposed on Heldman’s use of the Hedgeye computer system does not indicate that he was denied access to particular files or segments of the system. Instead, that allegation posits that Heldman received “compliance training” and was instructed (1) that he had a “duty of confidentiality,” (2) that Hedgeye’s “computers were for business use” alone, and (3) that “information on [Hedgeye’s] system was the property of [Hedgeye].” Dkt. 38-4 at 7 (Prop. Compl. ¶ 39). All of those instructions echo the theory of the “exceeds authorized access” clause that the Court considered, and rejected, above. The Court, accordingly, concludes that the allegations contained in Hedgeye’s proposed complaint fail to state a claim and that, as a result, the proposed amendment is futile. The Court will, however, permit Hedgeye to renew its motion—if it can in good faith allege a claim consistent with the construction of the CFAA set forth above. 2. Conversion Finally, Hedgeye’s proposed complaint would assert a conversion claim against Heldman and HSP. Dkt. 38-4 at 8 (Prop. Compl. ¶¶ 47–51). Hedgeye alleges the following in support of this claim: (1) “Heldman converted propriet[ar]y ideas and information from [Hedgeye], including, but not limited to, customer lists, employee lists, employee salaries, proprietary research and customer payments,” id. (Prop. Compl. ¶ 48); (2) “Heldman used and shared these converted ideas and information with . . . [HSP],” id. (Prop. Compl. ¶ 49); (3) “Both [Heldman and HSP] disseminated these ideas and information causing damage to [Hedgeye] because these ideas and information were not widely known,” id. (Prop. Compl. ¶ 50); and (4) “Both [Heldman and HSP] also caused damage by exercising dominion over these ideas and information” in a way that was “inconsistent with [Hedgeye’s] ownership,” id. (Prop. Compl. ¶ 51). 21 To state a claim for conversion under District of Columbia law, a plaintiff must allege “(1) an unlawful exercise, (2) of ownership, dominion, or control, (3) over the personal property of another, (4) in denial or repudiation of that person’s rights thereto.” Campbell v. Nat’l Union Fire Ins. Co. of Pittsburgh, 130 F. Supp. 3d 236, 258 (D.D.C. 2015) (quoting Johnson v. McCool, 808 F. Supp. 2d 304, 308 (D.D.C. 2011)). The proposed complaint, however, offers little more than conclusory assertions that Heldman “converted” Hedgeye’s property and “exercis[ed] dominion over [Hedgeye’s] ideas and information.” Dkt. 38-4 at 8 (Prop. Compl. ¶¶ 48, 51). “[T]he tenet that a court must accept as true all of the allegations contained in a complaint is inapplicable to legal conclusions.” Iqbal, 556 U.S. at 678. To plead the element of “ownership, dominion, or control,” a plaintiff must allege that the defendant “d[id] something that ‘seriously interfere[d]’ with the plaintiff’s right to control the property in question.” Council on Am.-Islamic Relations Action Network, Inc. v. Gaubatz, 793 F. Supp. 2d 311, 340 (D.D.C. 2011) (quoting Blanken v. Harris, Upham & Co., Inc., 359 A.2d 281, 283 (D.C. 1976)). Hedgeye’s proposed complaint “is devoid of factual allegations indicating that [Heldman and HSP] exercised the requisite ownership, dominion, or control over [Hedgeye’s] electronic data.” Id. The proposed complaint does not allege, for instance, that Heldman deleted or destroyed the materials in question or even that Heldman copied them. Because the proposed complaint fails to state a claim for conversion, the Court will deny Hedgeye leave to amend, but will, again, permit Hedgeye to renew its motion if it can identify specific property that Defendants allegedly misappropriated and the means by which they did so. 22 CONCLUSION For the reasons stated above, Defendants’ motion for summary judgment, Dkt. 29, is hereby DENIED without prejudice. Defendants’ motion to dismiss, Dkt. 29, is hereby GRANTED in part and DENIED in part. Plaintiff’s motion for leave to amend, Dkt. 38, is hereby DENIED without prejudice. SO ORDERED. /s/ Randolph D. Moss RANDOLPH D. MOSS United States District Judge Date: September 23, 2017 23

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.

Why Is My Information Online?