Liveperson, Inc. v. 24/7 Customer, Inc.
Filing
46
MEMORANDUM AND OPINION re: 25 MOTION to Dismiss for Failure to State a Claim, or, In the Alternative MOTION for More Definite Statement filed by 24/7 Customer, Inc. For the reasons set out above, Defendant's motion is granted in part and denied in part. With respect the claims and portions of claims held to be inadequately pled, Plaintiff may replead within twenty days of the date of this opinion. With respect to the Lanham Act claim, Plaintiff shall provide a more definite statement as outlined above within twenty days of the date of this opinion. It is so ordered. (See Opinion.) (Signed by Judge Robert W. Sweet on 1/9/2015) (ajs)
UNITED STATES DISTRICT COURT
SOUTHERN DISTRICT OF NEW YORK
----------------------------------------x
LIVEPERSON,
INC.,
Plaintiff,
14 Civ. 1559 (RWS)
- against OPINION
24/7 CUSTOMER, INC.,
Defendant.
----------------------------------------x
A P P E A RA N C E S:
Attorneys for Plaintiffs
O'MELVENY & MYERS, LLP
7 Times Square
New York, NY 10036
By:
Carolyn S. Wall, Esq.
l
dnoc
r . j-j-~~~,
·. l
USDCSDNY
DOCU~tfENT
1'FLECTRONlCALLY
~,
#·
DATE rlLED:
O'MELVENY & MYERS, LLP
Two Embarcadero Center, 28th Floor
San Francisco, California 94111-3823
By:
George A. Riley, Esq.
Mark E. Miller, Esq.
David Eberhart, Esq.
Susan Roeder, Esq.
Elysa Q. Wan, Esq.
Attorneys for Defendants
COHEN & GRESSER LLP
800 Third Avenue
New York, New York 10022
By:
Mark S. Cohen, Esq.
Sandra C. Mccallion, Esq.
HONIGMAN MILLER SCHWARTZ AND COHN LLP
130 S. First Street, 4th Floor
FILED 1:
'
1
Ann Arbor, MI 48104
By:
J. Michael Huget, Esq.
Jeffrey K. Lamb, Esq.
Roger P. Meyers, Esq.
Sweet, D.J.
Defendant 24/7 Customer, Inc.
(" [24] 7" or "24/7"
or
"Defendant), moves to dismiss plaintiff Liveperson, Inc.'s
("LivePerson" or "Plaintiff") First Amended Complaint ("FAC" or
"Complaint") filed May 15, 2014.
As to any claims not
dismissed, Defendant moves for an order requiring Plaintiff to
provide a more definite statement.
Based upon the conclusions
set for below, the motion to dismiss the complaint is granted in
part and denied in part, and the motion for a more definite
statement is granted in part and denied in part.
Prior Proceedings
LivePerson initiated this action on March 6, 2014 by
filing a summons and complaint.
filed the FAC alleging:
of 17 U.S.C.
§
On May 15, 2014, Plaintiff
(i) copyright infringement in violation
101 et seq.;
Millennium Act, 17 U.S.C.
§
(ii) violation of the Digital
1201(a)
("DMCA");
the Computer Fraud and Abuse Act, 18 U.S.C.
(iv) misappropriation of trade secrets;
(vi)
§
(iii) violation of
1030 ("CFAA");
(v) breach of contract;
intentional interference with advantageous existing
economic relationships;
(vii)
intentional interference with
prospective advantageous economic relationships;
1
(viii) unfair
competition in violation of the Lanham Act, 28 U.S.C.
§
1125(a);
(ix) common law unfair competition; and (x) unjust enrichment.
On July 18, 2014, Defendant filed the instant motion, seeking to
dismiss each of Plaintiff's ten causes of action, and further
seeking an order for a more definitive statement for any of
Plaintiff's claims that are not dismissed.
The instant motion
was heard and marked fully submitted on September 24, 2014.
Facts
For the purposes of this motion, the FAC's allegations
are assumed true and summarized as follows.
LivePerson, a Delaware corporation with its principal
place of business in New York City, provides customers with
live-interaction and customer engagement technology for ecommerce websites, enabling businesses to interact in real-time
with their website customers.
FAC
':l[':l[
1, 10.
[24]7, a
California corporation with its principal place in New York
City, is a customer service technology that historically
provided human call-center operators to answer phones in
customers' call centers.
FAC
3, 11.
':l[':l[
More recently,
also developed its own live-interaction technology.
2
[24] 7
FAC ':JI 7.
In 2006 and 2007,
[24]7 and LP entered into two
contracts to cooperatively market to and serve certain
customers: a Co-Marketing and Referral Agreement ("CMA") and a
Master Service Agreement
("MSA").
FAC Ex. A and Ex. B.
The
contracts were executed in support of the "joint solutions" the
parties intended to offer their clients, namely, use of
LivePerson's technology coupled with [24]7's call center
personnel.
FAC 'lI 3.
Under the CMA, which took effect on July 10, 2006,
[24]7 obtained a license to "access, operate, and use"
LivePerson's intellectual property as specified in the CMA until
expiration or termination of the agreement.
CMA 'lI 2.1.
The
parties acknowledged the CMA did not grant a party the rights to
the other party's intellectual property beyond the limited
license granted in the agreement.
CMA 'lI 2.4.
The CMA permitted
each party to co-market the other party's products and services
to certain third parties, but each party reserved the right to
"sell, license, support and install its own products and
services either directly to customers or indirectly" through
various distribution channels.
CMA 'll'll 4.1, 4.3.
The CMA
included schedules listing LivePerson's customers and [24]7's
customers.
FAC Ex. A Schedules 1, 2.
3
On January 26, 2007,
the MSA.
[24]7 and LivePerson entered into
Among other things, LivePerson agreed to provide [24]7
with "access to and license to use" LivePerson's service for the
purpose of delivering services to these clients.
7(a).
MSA ':II':II 5(b),
The MSA set forth the terms and conditions under which
LivePerson was able to offer the combined solution to its
clients.
FAC ':II 27.
[24]7 began to develop its own competing liveinteraction technology, allegedly by misappropriating
LivePerson's software and selling it as its own.
FAC ':II 35.
[24]7 also allegedly engaged in additional improper conduct in
order to gain a competitive edge over LivePerson.
FAC ':II 35-51.
See generally
The alleged conduct includes accessing
LivePerson's back-end systems to download and manipulate
LivePerson's data for the purpose of copying LivePerson's
technology, and interfering with LivePerson's client
relationships.
FAC ':II 37.
[24]7 also allegedly designed its
competing software to both interfere with LivePerson's software,
such that a customer using both technologies on its website
would experience poor performance from LivePerson's technology,
and to collect performance data from LivePerson's data, which
would then be sent to [24]7.
FAC ':II':II 39, 40, 44.
[24]7 used its
access to LivePerson's code to "mimic" LivePerson, thereby
4
gaining access to LivePerson's servers and mining LivePerson's
confidential and proprietary system data.
FAC
~
41.
[24]7's
alleged conduct also included poaching LivePerson employees to
work for [24]7, falsely claiming that [24]7's software is the
"first predictive or smart chat platform," and disseminating
fabricated and disparaging LivePerson performance metrics to
clients.
FAC
~~
38, 45-46.
The Applicable Standard
Under Rule 12 (b) ( 6), "a complaint must contain
sufficient factual matter, accepted as true, to 'state a claim
to relief that is plausible on its face.'"
556 U.S. 662, 678
(2009)
Ashcroft v. Iqbal,
(quoting Bell Atl. Corp. v. Twombly,
550 U.S. 544, 570 (2007)).
A claim is facially plausible when
"the plaintiff pleads factual content that allows the court to
draw the reasonable inference that the defendant is liable for
the misconduct alleged."
Iqbal, 556 U.S. at 663 (quoting
Twombly, 550 U.S. at 556).
In other words, the factual
allegations must "possess enough heft to show that the pleader
is entitled to relief."
Twombly, 550 U.S. at 557
(internal
quotation marks omitted)
Though the court must accept the £actual allegations
5
of a complaint as true, it is "not bound to accept as true a
legal conclusion couched as a factual allegation."
U.S. at 678
Iqbal, 556
(quoting Twombly, 550 U.S. at 555).
In considering a motion to dismiss, "a district court
may consider the facts alleged in the complaint, documents
attached to the complaint as exhibits, and documents
incorporated by reference in the complaint."
DiFolco v. MSNBC
Cable L.L.C., 622 F.3d 104, 111 (2d Cir. 2010).
The Copyright Infringement Claim Is Not Adequately Pled
The parties agree that a copyright infringement claim
must allege:
of the claim;
those works;
(1) which specific original works are the subject
(2) plaintiff's ownership of the copyrights in
(3) proper registration of the copyrights; and (4)
"by what acts during what time the defendant infringed the
copyright."
Kelly v. L.L. Cool J., 145 F.R.D. 32, 36 (S.D.N.Y.
1992), aff'd, 23 F.3d 398
950
(2d Cir. 1994), cert. denied, 513 U.S.
(1994), cited in Def.'s Mem. in Supp. 4 and Pl.'s Mem. in
Opp'n 5.
With respect to the first three elements, Plaintiff
has adequately identified the LivePerson Visitor Monitoring
6
Module (the "Module") as its original work, alleged that it is
copyrighted, and that the copyright was registered with the
See FAC
United States Copyright Office.
~
53 and FAC Ex. C.
Defendant contends, however, that Plaintiff has failed to
adequately plead the fourth infringement element.
Plaintiff alleges that "24/7, without LivePerson's
authorization or consent" copied "LivePerson's own copyrighted
software code."
FAC
~
53.
Plaintiff further alleges that
"[24]7's conduct constitutes direct and intentional infringement
of LivePerson's exclusive rights under the Copyright Act to
control the reproduction, publication, use and display of
LivePerson's live-interaction technology, including the
LivePerson Visitor Monitoring Module."
FAC
~
54.
Defendant contends that Plaintiff fails to adequately
allege the time of infringement, that the FAC does not identify
[24]7's infringing product, and that the Plaintiff has not pled
which aspects of its Module were copyrightable.
Supp. 5-6.
Def.' s Mem. in
For the purposes of a motion to dismiss, courts
evaluating the time of infringement element under Kelly consider
whether the complaint, read in the light most favorable to the
non-moving party, contains enough factual allegations to provide
notice of the period of time during which infringement occurred.
7
See Tangorre v. Mako's, Inc., 01-cv-4430, 2002 WL 313156, at *3
(S.D.N.Y. Jan. 30, 2002)
(collecting cases to outline the
distinction: "Compare Carell v. Shubert Org., Inc., 104 F. Supp.
2d 236, 251
(S.D.N.Y. 2000)
(complaint sufficient under Rule 8
[ . . . ] where plaintiff alleged the publication of certain
designs in national and international stage productions and
videos in 1997 and 1998 and their use in certain commercial
products) and Kelly, 145 F.R.D. at 36 n.3
(infringement claim
adequately supported when plaintiff narrowed the infringing act
to the publishing and distribution of two specific songs during
1991) with Mahnke v. Munchkin Prod., Inc., 99-cv-4684, 2001 WL
637378, at *5 (S.D.N.Y. Jun. 07, 2001)
(no proper allegation of
the nature of the infringing act with only generic references to
an infringing 'baby soda bottle,'
beginning some time in 1993)
and Plunket v. Doyle, 99-cv-11006, 2001 WL 175252, at *5
(S.D.N.Y. Feb. 22, 2001)
(claim insufficiently detailed where
plaintiff merely alleged that defendants had entered into or had
offered licenses "granting the rights to exploit [the books at
issue] in various media" during an unspecified period of
time)").
A complaint containing no reference to time of
infringement will not survive a motion to dismiss, but one in
which the plaintiff alleges continued infringement from a
8
specific time to the present may survive.
Carnival Corp.,
25, 2009)
Compare Jacobs v.
06-cv-0606, 2009 WL 856637, at *5
(S.D.N.Y. Mar.
(granting motion to dismiss where "Plaintiffs make no
reference whatsoever to time in the Complaint") with Home &
Nature Inc. v. Sherman Specialty Co., 322 F. Supp. 2d 260, 266267
(E.D.N.Y. 2004)
(denying motion to dismiss where complaint
alleges ongoing infringement since December 2000); but see
Mahnke,
2001 WL 637378, at *5
(described above).
Plaintiff contends that the FAC's allegations, taken
together, are fairly read as alleging that the period of
infringement was "between 2006 when the parties began their
contractual relationship and May 2014 when LivePerson filed the
FAC."
Pl.'s Mem. in Opp'n 6.
However, the FAC does not specify
time of infringement, nor can a period of infringement fairly be
implied from the various allegations in the FAC and its
exhibits.
While the FAC clearly alleges that the parties'
contractual relationship began in 2006, this allegation does not
place Defendant on notice that the alleged copyright
infringement started then as well.
Nor does the FAC contain any
allegation either stating the end of the infringement period or
that the infringement continued from 2006 to the present.
This
assertion was made for the first time in Plaintiff's brief in
opposition, rather than in the FAC.
9
See Pl.'s Mem. in Opp'n 6.
The case law Plaintiff cites in support of its contention that
time of infringement is adequately pled does not contradict the
outcome here.
In Richard Feiner & Co. v. Larry Harmon Pictures
Corp., the complaint alleged that the purportedly infringed
"copyrights remain in full force as and of the date of this
complaint and were in effect at all times during the complained
of acts."
38 F. Supp. 2d 276, 279 (S.D.N.Y. 1999).
A similar
assertion cannot be made by Plaintiff, since the Module was
registered in 2014, not in 2006 when the FAC's time frame began.
See FAC Ex. C.
In Home & Nature, the complaint, unlike here,
explicitly alleged ongoing infringement.
266-267.
322 F. Supp. 2d 260,
Finally, in Tangorre, the complaint explicitly alleged
a defined period, December 21, 2000, through April 5, 2001,
during which the copyright was infringed.
2002 WL 313156, at *3
(S.D.N.Y. Jan. 30, 2002).
In addition to its time-of-infringement argument,
Defendant further contends that the FAC does not identify
[24]7's infringing product, and that the Plaintiff has not pled
which aspects of its Module were copyrightable.
Supp. 5-6.
Def.'s Mem. in
The accusation that Defendant copied the entire
module necessarily implies that Defendant copied protectible
elements of the module.
Nevertheless, failure to plead a time
period of infringement renders the claim inadequate.
10
The DMCA Claim Is Not Adequately Pled
Defendant contends that Plaintiff failed to allege
both the existence of a technological measure and actions
constituting circumvention within the meaning of the Digital
Millennium Act.
Def.'s Mem. in Supp. 7-8.
The DMCA states, in relevant part, that "[n]o person
shall circumvent a technological measure that effectively
controls access to a work protected under this title."
U.S.C.
§
120l(a).
17
"[T]o 'circumvent a technological measure'
means to descramble a scrambled work, to decrypt an encrypted
work, or otherwise to avoid, bypass, remove, deactivate, or
impair a technological measure, without the authority of the
copyright owner."
17 U.S.C.
§
1201 (a) (3) (A).
The act of
circumvention under the DMCA can be characterized as "breaking
and entering (or hacking)
into computer systems.
I. M.
S. Inquiry
Mgmt. Sys., Ltd. v. Berkshire Info. Sys., Inc., 307 F. Supp. 2d
521, 532
(S.D.N.Y. 2004).
Moreover, "a person circumvents a
technological measure only when he affirmatively performs an
action that disables or voids the measure that was installed to
prevent them from accessing the copyrighted material."
Network L.L.C. v. World Cable Inc., 893 F. Supp. 2d 452,
(E.D.N.Y. 2012)
Dish
466
(internal quotations and citations omitted).
11
A "technological measure 'effectively controls access
to a work'
if the measure,
in the ordinary course of its
operation, requires the application of information, or a process
or a treatment, with the authority of the copyright owner, to
gain access to the work.
17 U.S.C. § 1201 (a) (3) (B).
Courts in this Circuit have held that password
protection, DVD encryption measures, and activation and
validation keys are technological measures within the meaning of
the DMCA.
2004)
I.M.S. Inquiry, 307 F. Supp. 2d at 531
(S.D.N.Y.
(password protection); Paramount Pictures Corp. v. 321
Studios, 03-cv-8970, 2004 WL 402756, at *l (S.D.N.Y. Mar. 3,
2004)
(encryption system for DVDs); Macrovision v. Sima Prods.
Corp., 05-cv-5587, 2006 WL 1063284, at *l (S.D.N.Y. Apr. 20,
2006)
301-02
(same); Adobe Sys. Inc. v. Feather, 895 F. Supp. 2d 297,
(D. Conn. 2012)
software).
(activation and validation key codes for
Outside this Circuit, a "secret handshake" protocol,
a software security measure ensuring that only authorized users
would be able to access to a particular website, was found to
qualify as a technological measure.
Jung,
422 F.3d 630,
640
Davidson & Associates v.
(8th Cir. 2005).
The Complaint's allegations here are somewhat
contradictory.
In one portion, Plaintiff alleges that Defendant
12
already had access to its backend system pursuant to Defendant's
business relationship with Plaintiff, and that Defendant misused
its access to "observe, penetrate, and manipulate the operation
of LivePerson's technology and download extensive data
order .
in
. to reverse engineer and copy LivePerson's
technology."
FAC
~
37.
Plaintiff further alleges that [24]7
improperly used its knowledge of LivePerson's customer-facing
software architecture to mimic LivePerson, thereby gaining
unauthorized access to LivePerson's secure internal computer
system.
FAC
alleges that
~
37.
In another part of the Complaint, Plaintiff
[24]7 improperly used its knowledge of LivePerson's
customer-facing software architecture to mimic LivePerson,
thereby gaining unauthorized access to LivePerson's secure
internal computer system.
LivePerson's secure system,
See FAC
~~
41,
61.
Once inside
[24]7 allegedly installed spyware to
obtain competitive information on LivePerson's software product
and also introduced code that would degrade the functionality of
LivePerson's software product.
FAC
~~
41,
61.
The FAC also
alleges that, having accessed Plaintiff's internal computer
system, Defendant reverse-engineered Plaintiff's software
products.
FAC
~
42.
Plaintiff contends that its allegations are akin to
those in Davidson, where the plaintiff established circumvention
13
by claiming that the defendant reverse-engineered the
plaintiff's software in order to bypass the plaintiff's security
measures.
Pl.'s Mem. in Opp'n 8; see Davidson, 422 F.3d at 641.
Even setting aside Paragraph 37's contradicting allegation, the
reverse-engineering here is alleged to have occurred after [24]7
allegedly breached LivePerson's system.
See FAC
~
42.
The
Complaint does not allege that Defendant used reverse
engineering to circumvent its security measures, but rather that
"LivePerson believes that [24]7
[breached its security measures]
in an effort to reverse engineer and misappropriate the
proprietary technology and methodologies that LivePerson
pioneered."
FAC
~
42.
In short, the reverse engineering
allegations do not constitute circumvention within the meaning
of the DMCA.
The remaining allegation that may be construed as "an
action that disables or voids the measure that was installed to
prevent them from accessing the copyrighted material," Dish
Network, 893 F. Supp. 2d at 466, is Defendant's purported
mimicking Plaintiff in order to gain access to Plaintiff's
secure system.
However, even if that were to constitute
circumvention, Plaintiff does not adequately allege what
technological measure the mimicry circumvented.
In all of the
cases discussed above, including Davidson, upon which Plaintiff
14
relies,
Pl.'s Mem. in Opp'n 8, the complaints explicitly
referenced a password, encryption system, software protocol,
validation key, or some other measure designed to thwart
unauthorized access to a protected work.
The FAC states that
Defendant, by impersonating Plaintiff, "circumvented
LivePerson's security measures" without specifying what those
measures were.
FAC
~
42.
Without specifying the technological
measure, the FAC does not provide Defendant with adequate notice
of the claim, i.e., information upon which to determine whether
the measure "effectively controls access to a work" within the
meaning of the DMCA.
17 U.S.C. § 1201
(a) (3) (B).
Plaintiff has not adequately alleged circumvention of
a technological measure within the meaning of the DMCA.
The CFAA Claim Is Not Adequately Pled
Defendant contends that Plaintiff fails to state a
claim under the Computer Fraud and Abuse Act, both because
Plaintiff has not pled facts showing that [24]7 exceeded its
authorization to access LivePerson's computers and because
Plaintiff has not adequately alleged damages cognizable under
the CFAA.
See Def.'s Mem. in Supp.
15
9-10.
The CFAA is principally a criminal statute prohibiting
"fraud and related activity in connection with computers."
U.S.C.
§
1030.
18
The Act also establishes a private cause of
action against a person who "knowingly accessed a computer
without authorization or exceeding authorization," and whose
prohibited access result in:
(a)
"loss" in excess of $5,000;
interference with a person's medical treatment;
injury;
(d)
(b)
(c) physical
a threat to public health or safety; or (e) damage
to a specific category computers used by the United States
Government and its affiliates.
See 18 U.S.C. § 1030(g),
referencing 18 U.S.C. § 1030(c) (4) (A) (i) (I)-(V), see generally
18 U.S.C. § 1030(a).
Plaintiff's CFAA claim is presumably based upon
economic damages in excess of $5,000, as FAC's allegations
foreclose the other bases for liability under the CFAA.
e.g., 18 U.S.C. § 1030(a) (1)
See
(relating to certain classes of
computers protected the United States Government); § 1030(a) (3)
(relating to certain classes of computers used by the United
States Government) ; § 1030 (a) ( 4)
(accessing computers with
intent to defraud); § 1030 (a) ( 6)
(trafficking in computer
passwords); § 1030 (a) (7)
(engaging in extortion).
To state a claim for loss in excess of $5,000,
16
Plaintiff must plead that Defendant:
computer";
(2)
(1) accessed a "protected
"without any authorization or exceeding its
authorized access"; and (3) caused "loss" in excess of $5,000.
See, 18 U.S.C. § 1030(g) referencing 18 U.S.C. § 1030(a) (2)
(obtaining information from a "protected computer" through
unauthorized access)
and
§
1030 (a) (5)
(damaging a protected
computer directly through unauthorized access or by knowingly,
and without authorization,
introducing a program, information,
code or command into the protected computer resulting in
damage).
Under the Complaint's set of allegations, Section 1030
limits damages to "economic damages."
18 U.S.C. § 1030(g).
Under the Act, a "protected computer" is defined, in
relevant part, as a computer "which is used in or affecting
interstate or foreign commerce or communication."
1030 (e) (2) (B).
18 U.S.C. §
While authorization is not defined, "exceeds
authorized access" is defined as "access[ing] a computer with
authorization and .
. us[ing]
such access to obtain or alter
information in the computer that the accesser is not entitled so
to obtain or alter."
18 U.S.C. § 1030 (e) (6).
"Loss" is defined
as "any reasonable cost to any victim, including the cost of
responding to an offense, conducting a damage assessment, and
restoring the data, program, system, or information to its
condition prior to the offense, and any revenue lost, cost
17
incurred, or other consequential damages incurred because of
interruption of service."
18 U.S.C. § 1030(e) (11).
Damage is
defined as "any impairment to the integrity or availability of
data, a program, a system, or information."
18 U.S.C.
§
1030 (e) (8).
Plaintiff's allegation that its servers are engaged in
internet commerce sufficiently establishes that they are
"protected computers" within the meaning of the Act.
FAC 'TI 65.
With respect to unauthorized access, Plaintiff alleges
that Defendant "abused its access to LivePerson's back-end
systems to observe, penetrate, and manipulate the operations of
LivePerson's servers."
FAC 'TI 37.
As Defendant correctly notes,
there is some uncertainty on the question of whether a user who
is authorized to access a computer and abuses that privilege to
the detriment of the computer-owner is "exceeding [the user's]
authorized access" within the meaning of the Act.
See Def.'s
Mem. in Supp. 9-10 citing, JBC Holdings NY, LLC v. Pakter, 931
F. Supp. 2d 514, 522
(S.D.N.Y. 2013).
As the Honorable Paul A. Engelmayer explained in JBC,
the Second Circuit has not ruled on this issue and other
Circuits are split.
931 F. Supp. 2d at 521-22.
18
The First,
Fifth, Seventh and Eleventh Circuits held that a defendant that
misuses information to which he was given access constitutes
exceeding authorized access within the meaning of the Act, what
Judge Engelmayer termed the "broad" approach.
Id.
By contrast,
the Fourth and Ninth Circuits held that that misuse of
information alone is insufficient to establish that a defendant
exceeded his authorized access, what Judge Engelmayer termed the
"narrow" approach.
Id.
Different district courts within this Circuit have
likewise come to divergent conclusions on the question of how
broadly to interpret the term "exceeds authorized access."
Id.
("Compare United States v. Aleynikov, 737 F.Supp.2d 173, 190-94
(S.D.N.Y.2010)
(Cote, J.)
(taking the narrow approach, and
stating that "[t]he phrases 'accesses a computer without
authorization' and 'exceeds authorized access' cannot be read to
encompass an individual's misuse or misappropriation of
information to which the individual was permitted access.
What
use an individual makes of the accessed information is utterly
distinct from whether the access was authorized in the first
place."), Advanced Aerofoil Techs., AG v. Todaro, No. 11 Civ.
9505
(ALC)
(DCF), 2013 WL 410873, at *7
(Carter, J.)
(S.D.N.Y. Jan. 30, 2013)
(narrow approach), Univ. Sports Publ'ns Co. v.
Playmakers Media Co., 725 F.Supp.2d 378, 383-84
19
(S.D.N.Y.2010)
(Holwell,
J.)
(narrow approach), and Orbit One Commc' ns., Inc.
v. Numerex Corp.,
(Kaplan,
J.)
692 F.Supp.2d 373, 384-86 (S.D.N.Y.2010)
(narrow approach), with Mktg. Tech. Solutions, Inc.
v. Medizine LLC, No. 09 Civ. 8122(LLM), 2010 WL 2034404, at *7
(S.D.N.Y. May 18, 2010)
(McKenna,
J.)
(broad approach), Calyon
v. Mizuho Secs. USA, Inc., No. 07 Civ. 2241(RO), 2007 WL
2618658, at *l (S.D.N.Y. Sept. 5, 2007)
(Owen, J.)
(broad
approach), and Register.com, Inc. v. Verio, Inc., 126 F.Supp.2d
238, 253
(S.D.N.Y.2000)
(Jones, J.)
(broad approach)").
This Court joins the majority in this district in
adopting the "narrow" approach, for the reasons more extensively
articulated in JBC.
See generally, 931 F. Supp. 2d at 522-25.
Briefly, the narrow approach grounds the definition in access
rather than use, and avoids adding "a subjective intent
requirement that Congress did not impose" to the Act.
Id.
The
narrow approach is also in harmony with the type of "loss"
against which the Act protects, since the Second Circuit made
clear that the Act does not recognize losses related to
misappropriation of information.
Id. citing Nexans Wires S.A.
v. Sark-USA, Inc., 166 Fed. Appx. 559, 563
(2d Cir. 2006)
(affirmed the district court's reading of this provision to
exclude losses incurred as a result of plaintiff's
misappropriation of proprietary information).
20
Finally, "lenity
requires ambiguous criminal laws to be interpreted in favor of
the defendants subjected to them," and the narrow approach
conforms to this rule.
JBC,
931 F. Supp. 2d at 524 quoting
Jones v. United States, 529 U.S. 848, 858
(2000).
In sum, a defendant "exceeds authorized access" as
defined by Section 1030(e) (6) "when he has permission to access
certain information on a computer, but accesses other
information as to which he lacks permission."
JBC, 931 F. Supp.
2d at 523.
Applied to this case, the Complaint does not
adequately allege that Defendant exceeded its authorized access
with respect to Plaintiff's computer system.
Plaintiff's
allegations focus primarily on Defendant's misuse of data
obtained through authorized access.
See, e.g., FAC
~
37
(alleging that "[24]7 enjoys the client's access to LivePerson's
back end systems
(same); FAC
~
abused its access"); FAC
. and
~
39
41 (alleging that Defendant mimicked Plaintiff in
order to "hijack[] LivePerson's programming
. secretly
inject[ing] millions of tracking and indexing numbers into
LivePerson's systems"); FAC
~
47
(alleging that "the MSA and Co-
Marketing Agreement put strict protections in place to prevent
24/7 from using its access to LivePerson's intellectual property
21
for any purpose other than the mutually beneficial activities of
the parties .
[and] access to LivePerson's technology was
never provided for the purpose of allowing or assisting 24/7 to
create competing technology"); FAC
~
48
(same).
Other
allegations of Defendant's purported abuses of the Plaintiff's
systems do not discuss the means by which Defendants allegedly
gained access to those systems and so cannot be construed as
establishing that Defendant either lacked or exceeded its
authorization within the meaning of the CFAA.
See, e.g.,
FAC
~
40 (alleging that Plaintiff discovered "[24]/7 programming code
embedded on client websites that is clearly designed to siphon
data regarding the operation and activity of LivePerson's
proprietary behavioral analytics and predictive targeting
functionalities - and then stream this information back to
[24]7's servers"); FAC
~
43 (alleging that "LivePerson also has
discovered evidence that 24/7 has abused its access to client
websites and to LivePerson systems" in order to disrupt
Plaintiff's systems and harm its relations with its customers).
In addition to inadequately pleading the authorization
element of the CFAA claim, Plaintiff also fails to adequately
allege economic damage as required under the Act.
To state a
private claim under the CFAA, a plaintiff must plead damage or
loss in excess of $5,000.
See 18 U.S.C. § 1030(g); Nexans Wires
22
S.A. v. Sark-USA, Inc., 319 F. Supp. 2d 468, 474
aff'd, 166 F. App'x 559 (2d Cir. 2006).
(S.D.N.Y. 2004)
Loss is defined as "any
reasonable cost to any victim, including the cost of responding
to an offense, conducting a damage assessment, and restoring the
data, program, system, or information to its condition prior to
the offense, and any revenue lost, cost incurred, or other
consequential damages incurred because of interruption of
service."
18 U.S.C.
§
1030 (e) (11).
Damage is defined as "any
impairment to the integrity or availability of data, a program,
a system, or information."
18 U.S.C.
§
1030 (e) (8).
Both loss
and damage must relate to the victim's computer systems.
Nexans, 319 F. Supp. 2d at 477; Civic Center Motors, Ltd. v.
Mason Street Imported Cars, Ltd., 387 F.Supp.2d 378, 381
(S.D.N.Y. 2005).
Plaintiff alleges that Defendant's "wrongful conduct
endangered LivePerson's relationships with several major
clients
. and harmed LivePerson financially in an amount
well in excess of the diversity jurisdictional threshold of
$75,000."
FAC
~
51.
Specifically in support of its CFAA claim,
Plaintiff further alleges that it suffered "disruption of its
business relationships and the loss of clients and potential
clients, dilution of good will, injury to its reputation,
misappropriation of its intellectual property, and devaluation
23
of its live-interaction and analytic technology and its trade
secrets."
FAC
sufficient.
~
67.
Neither of these allegations are
The former does not specify what portion of the
over $75,000 in damages constitute either loss or damage under
the Act, i.e., whether $5,000 or more of the damages alleged are
attributable to the CFAA claim.
The latter CFAA-specific
allegation does not quantify the loss it alleges and therefore
also does not satisfy the $5,000 threshold requirement.
Plaintiff's CFAA claim is therefore inadequately pled.
The Misappropriation of Trade Secrets Claim Is Adequately Pled
Defendant contends that Plaintiff fails to state a
claim for misappropriation of trade secrets, both because the
FAC does not establish the elements of a trade secret and
because Plaintiff's allegations do not establish
misappropriation.
See Def.'s Mem. in Supp. 11.
The parties agree on the applicable standard.
Mem. in Supp. 11; Pl.'s Mem in Opp'n 11.
Def.'s
To state a claim for
trade secret misappropriation under New York law, Plaintiff must
plead that
(1) it possessed a trade secret, and (2) defendant is
using that trade secret in breach of an agreement, confidence,
or duty, or as a result of discovery by improper means.
24
Geritrex Corp. v. Dermarite Indus., LLC,
910 F. Supp. 955, 961
(S.D.N.Y. 1996).
To determine whether information qualifies as a trade
secret, New York courts generally consider six factors: "(l) the
extent to which the information is known outside of the
business;
(2) the extent to which it is known by employees and
others involved in the business;
(3) the extent of measures
taken by the business to guard the secrecy of the information;
(4) the value of the information to the business and its
competitors;
(5) the amount of effort or money expended by the
business in developing the information; and (6) the ease or
difficulty with which the information could be properly acquired
or duplicated by others.
188 F.3d 38, 44
N. Atl. Instruments, Inc. v. Haber,
(2d Cir. 1999).
These factors are guideposts,
not elements, and it is not necessary to plead every single
factor to state a claim, and "the most important consideration
is whether the information is actually a secret."
See Jinno
Int'l Co. v. Premier Fabrics, Inc., 12-cv-07820, 2013 WL
4780049, at *4
Jones
&
(S.D.N.Y. May 24, 2013)
Co., 783 F.2d 285, 298
(citing Lehman v. Dow
(2d Cir. 1986)).
Plaintiff alleges that its "predictive algorithms" and
"proprietary behavioral analysis methods" based on "many years'
25
of research undertaken at great expense" constituted a trade
secret.
FAC ':![':![ 1-2.
These algorithms and methods "allow
LivePerson to understand when a website visitor needs help, and
what type of help or content will benefit that visitor at any
given moment" based on "sophisticated analysis of website
visitors' actions and behaviors online, both individually and in
the aggregate."
FAC ':![':![ 17-18.
The methods are based on
"identifying key actions or 'events' that take place during one
or more web browsing sessions, and applying artificial
intelligence to determine whether, when, and how to initiate a
personalized interactive experience to assist that web visitor."
FAC ':![ 19.
And Plaintiff claims that "[these technologies] are
secured by patents, copyrights, trademarks, trade dress and
other trade secret protections," and that Plaintiff included
confidentiality provisions and prohibitions against reverse
engineering, infringing, or disrupting LivePerson's technology
in its direct contracts with [24]7, as well as confidentiality
and limited-use license restrictions in its client agreements,
to which [24]7 is subject as one of the clients' vendors.
':![':![
2, 26, 28-29, 32-33.
Finally, Plaintiff alleges that
Defendant could not have replicated Plaintiff's technology
without incurring "millions of dollars in research and
development costs and many years' worth of effort and
investment."
FAC ':![ 8.
26
FAC
Plaintiff has adequately alleged that its technology
was contractually protected from dissemination, was the result
of Plaintiff's significant investment of both time and money,
and could not have been developed independently by Defendant
without a similarly substantial investment.
Plaintiff's use of
contractual provisions in contracts with Defendant and with
clients indicate the confidential nature of its technology.
Jinno, 2013 WL 4780049, at *5.
See
Plaintiff has also alleged that
Defendant misappropriated the trade secret by accessing
Plaintiff's backend system in order to "reverse engineer and
copy" the technology.
FAC
~
37.
These allegations are
sufficient to plead possession and misappropriation of a trade
secret.
The Breach of Contract Claim Is Adequately Pled
To state a claim for a breach of contract under New
York law,
Plaintiff must plead plausible facts regarding:
the existence of a contract;
obligations;
(1)
(2) performance of the plaintiff's
(3) breach by the defendant; and (4) damages to the
plaintiff caused by the breach.
Diesel Props S.r.l. v.
Greystone Bus. Credit II LLC, 631 F.3d 42, 52
(2d Cir. 2011)
Defendant contends Plaintiff has not satisfied the first,
or fourth elements.
Def.'s Mem. in Supp't 14-16.
27
third
With respect to existence of a contract, Defendant
contends that Plaintiff must identify the dates of any wrongful
act by Defendants to satisfy by this element, but do not provide
case law to substantiate this assertion.
Supp't 15.
See Def.'s Mem. in
Plaintiff has adequately pled existence of two
contracts: the MSA and the Co-Marketing Agreement.
27.
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?