State Analysis, Inc. v. American Financial Services Association et al, No. 1:2008cv01333 - Document 35 (E.D. Va. 2009)
Court Description: MEMORANDUM OPINION: For the reasons stated in open court and in this Opinion, the defendants' motions will be GRANTED IN PART and DENIED IN PART. A separate order consistent with this opinion will be issued. Signed by District Judge Leonie M. Brinkema on 03/31/09. (yguy)
Download PDF
<![CDATA[
IN THE UNITED STATES DISTRICT COURT FOR THE EASTERN DISTRICT OF VIRGINIA Alexandria Division STATE ANALYSIS, INC., d/b/a STATESCAPE Plaintiff, ) l:08cvl333 (LMB/TCB) v. AMERICAN FINANCIAL et SERVICES ASSOC, al.. Defendants. MEMORANDUM OPINION The defendants have moved to dismiss several of the counts of the Complaint for failure to state a claim. stated in open court and in this opinion, For the reasons the defendants' motions will be granted in part and denied in part. I. Background Plaintiff State Analysis, ("StateScape") Inc. d/b/a/ is a Virginia government relations and analysis firm that owns and operates a searchable, local, state, StateScape proprietary database of and federal bills and regulations, to it on a subscription basis to its clients. and sells access It claims to be the first firm to offer tracking of state legislation and regulation, and has been in business since 1991. According to the Complaint, regulations StateScape's software downloads bills from government websites, examine the bills, "tag" and its analysts then them according to issue areas, together customized listings of bills StateScape's and and regulations and put for customers. Co-defendant American Financial Services Association ("AFSA") D.C. is a business whose members client of association headquartered in Washington, are financial services StateScape from 1998 renewed one-year contracts. with StateScape, businesses provided with access companies. AFSA was a through 2008 under a series of Under the terms of AFSA's contracts that were members of AFSA were to StateScape's database and custom reports, and each AFSA member received a StateScape username and password.1 Co-defendant Kimbell Sherman Ellis relations and public affairs {"KSE") is a government firm located in Montpelier, Vermont whose services include monitoring legislative and regulatory developments. KSE was a customer of 1999 and February 29, 2000; however, StateScape between March 1, it is now a competitor of StateScape. In December 2002, database. KSE offered to purchase StateScape's StateScape declined the offer and shortly thereafter 'in the Complaint, StateScape uses the terms "password" and "passcode" interchangeably. This "password." -2- opinion will use the term fired its marketing director, co-defendant Leif Johnson. Johnson was subject to a non-compete and non-disclosure agreement that prohibited him, for one year from the date his employment with StateScape ended, from working for any entity or service similar to the services he performed for StateScape, and from performing similar services for any StateScape customer. these agreements, Notwithstanding Johnson was hired by KSE in or about July 2003 and began working in KSE's Washington office. least one other StateScape employee, had done research services KSE also hired at researcher Gia Biden, for StateScape's contract with AFSA. Biden began working for KSE sometime after August 13, On October 23, 2008, who 2003. AFSA informed StateScape that it would not renew its contract and planned to switch to KSE's tracking database, FOCUS, beginning on January 1, 2009. StateScape claims it was surprised because AFSA had never complained to StateScape about its services or costs. StateScape began to investigate AFSA's activity logs in its database, October 2004 through November 2008, and discovered that from the database had been accessed 735 times from an internet protocol located in Montpelier, ("IP") address Vermont - the location of KSE's headquarters - using three usernames associated with AFSA employees who worked in AFSA's Washington office. the Complaint, KSE is not, and never has been, StateScape further discovered, -3- According to a member of AFSA. on AFSA's website, a number of "white papers . . . prepared for AFSA by KSE containing bill summaries markedly similar, by StateScape." Compl. discovered "bill counts" if not identical, g[ 21. to those authored In those white papers, it - listings of the number of bills reported to exist on a topic that were identical to the bill for subjects using the StateScape database. counts StateScape also discovered, - on KSE's website, that a number of features of StateScape's proprietary database had been incorporated into KSE's FOCUS database. StateScape concluded that KSE repeatedly accessed StateScape's database from 2004 through 2008, passwords provided to KSE by AFSA, StateScape database records, November 13, 2008, using usernames and and downloaded and copied including copyrighted works. On StateScape temporarily blocked AFSA's passwords and reminded AFSA of its obligations not to share its passwords and usernames with unauthorized persons. It also blocked access to its database from the Vermont IP address. week later, after receiving a response from AFSA, One StateScape re activated the passwords but has continued to block access from the Vermont IP address. StateScape's Complaint includes eleven counts, as follows: Claims against AFSA and KSE Count 1: Violations of the Copyright Act. reproducing StateScape's 17 U.S.C. copyrighted works, -4- § 501, and preparing for derivative works based upon copyrighted works without authorization. Count 2: Violations of the Computer Fraud and Abuse Act, intentionally accessing StateScape's authorization, server without in violation of 18 U.S.C. § trafficking in passwords and access codes, U.S.C. § Count 3: for 1030(a)(2), and in violation of 18 1030(a)(6). Violations of Title II of the Electronic Communications Privacy Act, 18 U.S.C. §§ 2701 et sea.. for intentionally accessing password-protected database areas, electronic communications obtaining access to stored in the database, and disclosing them to third parties not authorized to receive them. Count 4: § Violations of the Virginia Computer Crimes Act, 18.2-152.3 et sea.. without authority, pretenses, Va. Code for using a computer or computer network and thereby obtaining property by false embezzling or committing larceny, and/or converting StateScape's property. Count 10: Misappropriation of Trade Secrets, the passwords StateScape gave for misappropriating to AFSA. Claim against AFSA only Count 5: Breach of Contract, passwords members for providing AFSA usernames and for StateScape's database to persons who were not of AFSA. Claims against KSE only -5- Count 6: Trespass, for entering password-protected areas of StateScape's database without authorization and therebydiminishing their value. Count 7. Unjust Enrichment, for profiting from StateScape's proprietary database despite knowing that StateScape was the author, developer, under its own name, and source of the information that KSE posted and benefitting from the time, money, and resources StateScape invested to create StateScape's database. Count 8, Interference with Prospective Business Relations, for interfering with the business relationship between StateScape and AFSA. Count 9. Interference with contract, contract between AFSA and StateScape, for interfering with the and causing AFSA to breach the agreement. Claim Against Leif Johnson only Count 11. Breach of Contract, for breaching his non-compete agreement with StateScape by commencing work with KSE less than one year after his termination from StateScape and for performing services for a StateScape customer that were similar to the services he performed at StateScape. IX. Standard of Review In reviewing a motion to dismiss claim, for failure to state a a court reviews only the legal sufficiency of the complaint. See Eastern Shore Markets. -6- Inc. v. J.D. Associates Ltd. Partnership. 213 F.3d 175, must assume the truth of all 180 facts (4th Cir. See id. However, complaint attacked by a Rule 12(b)(6) need detailed factual allegations, than labels and conclusions, a plaintiff's obligation to to relief requires more and a formulaic recitation of the elements of a cause of action will not do." 550 U.S. 544, "[w]hile a motion to dismiss does not provide the ground of his entitle[ment] Twomblv. consistent with the and construe the facts in the light most favorable to the plaintiff. v. 127 S.Ct. 1955, Bell Atlantic Corp. 1964-65 (2007) {internal quotation marks and citations omitted). not accept legal conclusions drawn from the facts, inferences, Shore. 213 unreasonable conclusions, or arguments. A court need or unwarranted See Eastern F.3d at 180. III. A. The Court alleged in the complaint and the existence of any fact that can be proved, complaint's allegations, 2000) . Count 2: Discussion Computer Fraud and Abuse Act. StateScape has alleged that AFSA and KSE have violated two distinct provisions of the Computer Fraud and Abuse Act 18 U.S.C. § 1030(a)(2) 18 U.S.C. and 18 U.S.C. § 1030{a)(6). § 1030(a)(2) prohibits "intentionally accessing] a computer without authorization or exceed[ing] access, and thereby obtain[ing] protected computer ..." . . . authorized information from any "Exceeds authorized access" -7- ("CFAA"), is explicitly defined as "to access a computer with authorization and to use such access computer that alter." to obtain or alter Information in the the accesser is not entitled so to obtain or 18 U.S.C. § 1030{e)(6). Both AFSA and KSE have moved to dismiss this count on the grounds that they did not access StateScape's systems "without authorization" or "exceed authorized access." Courts have differed as construe 18 U.S.C. the CFAA was Supp. 1030(a)(2). targeted at trespassers)," F. § 820 (E.D. Litiq., a computer," 168 F. Supp. v. Mich. situation "where an outsider, accesses Some authorities have held that "computer hackers Sherman & Co. 2d 817, to how broadly or narrowly to electronic Salton Maxim Housewares. 2000), Inc.. and only applies 94 to a or someone without authorization, In re AOL. 2d 1359, (e.g., Inc. 1370 Version 5.0 (S.D. Fla. Software 2001). These authorities have rejected attempts to apply the CFAA to cases where the defendants are not alleged to have "broken into" system but to have abused the privileges of a license. the Other courts have held that the CFAA does apply to authorized users who use programs in an unauthorized way, including employees who obtain and use proprietary information in violation of a duty of loyalty, 420-21 Int'l Airport Ctrs.. (7th Cir. 2006), L.L.C. v. Citrin. 440 F.3d 418, and licensees who breach an agreement restricting their use of the software, 8 Modis v. Bardelli. 531 F. Supp. 2d 314, account, 319 (D. on the facts Conn. 2008). Taking these authorities into alleged in the Complaint, the Court that StateScape has stated a claim under § 1030(a)(2) KSE, finds against but not against AFSA. According to the Complaint, KSE accessed StateScape's website using usernames and passwords that did not belong to it. StateScape has pled that under the terms of their contract, only clients were authorized to use StateScape's subscription services, and that KSE was not so authorized. acted "without authorization." KSE may not hide behind purported "authorization" granted to it by AFSA, KSE, KSE therefore particularly given that a former client of StateScape that employed StateScape's former marketing director, was presumably familiar with the terms of StateScape's agreement and with the scope of authority granted to licensees.2 KSE has also moved for a partial dismissal of the CFAA claims on statute of limitations grounds. A two-year statute of 2KSE relies on Securelnfo Corp. v. Telos Corp., 387 F. Supp. 2d 593 (E.D. Va. 2005), in support of its Motion to Dismiss. In Securelnfo, a licensee of the plaintiff's software was alleged to have shared the software with a competitor of the plaintiff. The plaintiff sued the competitor for violations of § 1030(a)(2), and the court found that because the licensee had given the competitor permission to access the software using its license, the competitor could not have intentionally acted without authorization or in excess of its authority within the meaning of the statute. This Court finds, however, that even if AFSA granted KSE permission to access StateScape's database, KSE still may have acted "without authorization" if its access was not authorized by StateScape. -9- limitations, which begins to run from "the date of the act complained of or the date of discovery of the damage," applies to this claim. CFAA as 18 U.S.C. § 1030{g). "Damage" is defined in the "any impairment to the integrity or availability of data, a program, a system, KSE correctly argues or information." 18 U.S.C. § 1030(e){8). that StateScape has not pled that it suffered any "damage" as a result of the defendants' conduct, as alleged it has not alleged that the "integrity or availability of data, been impaired. a program, a system, or information" has The CFAA allows a plaintiff to recover for "loss," defined as well as "damage;" however, damage in that the "any reasonable cost to any victim . . ."as it distinguishes between loss and "discovery" provision that can lengthen the statute of limitations applies only to the discovery of damage, not loss. Assoc. See Kluber Skahan & Assoc.. Inc.. 2009 WL 466812, Because StateScape has but not damage, at *8 Inc. (N.D. alleged that it has v. 111. Cordoaan. Feb. 25, Clark & 2009). suffered only loss, the statute of limitations for the CFAA claim began to run from the date of the defendants' alleged violations and therefore bars any claims for violations occurring before December 24, 2006, two years before the Complaint was AFSA's Motion to Dismiss the § granted. areas 1030(a)(2) filed. claim will be It is undisputed that AFSA itself never went beyond the that StateScape authorized AFSA to access. -10- Rather, StateScape alleges that AFSA was "without authorization" because it breached its contract with StateScape in which it agreed to provide access to StateScape's services only to AFSA members. its opposition to AFSA's Motion to Dismiss, In StateScape relies on case law holding that employees who use their employers' computers to pass authorization." information to competitors act See, e.g.. Safeguard Self Storage, Wash. 2000) "without Shuraard Storage Centers. Inc.. 119 F. Supp. (holding that an employee, 2d 1121, Inc. 1125 employer's computers, became "without authorization" when he became an "agent" one of his employer's competitors, mails containing his employer's proprietary information). (E.D. who by virtue of his employment was authorized to access his defendant, v. for the to whom he sent e- trade secrets and other These cases, however, are distinguishable because AFSA's contract with StateScape makes clear that in the event that AFSA breached the contract by providing its passwords to others, to terminate AFSA's contract, terminated. Compl. Ex. StateScape reserved the right but it was not automatically 1 f 4. As such, at no point was AFSA's access "without authorization." AFSA's alleged offense was not an unauthorized access - which § 1030(a)(2) prohibits - but an unauthorized use or misappropriation. AFSA's access also did not meaning of the CFAA. "exceed authorization" within the As explained supra. -11- the CFAA explicitly defines "exceeds authorization" as "to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter." 18 U.S.C. § 1030(e)(6). Nowhere in the Complaint does StateScape allege that AFSA obtained or altered any information it was not entitled to; rather, the allegation is that AFSA used the information in an inappropriate way. Such allegations do not state a claim for a violation of § 1030(a)(2). Accordingly, that AFSA's motion to dismiss fall under § 1030(a)(2) StateScape has U.S.C. § those claims in Count 2 will be granted. also sued KSE and AFSA for violations of 1030(a)(6), which prohibits to defraud traffic[king] {as 18 "knowingly and with intent, defined in section 1029) in any password or similar information through which a computer may be accessed without authorization." this claim. 18 U.S.C. § 1029 defines otherwise dispose of, "traffic" to another, intent to transfer or dispose of." that KSE transferred, rather, as "transfer, or or obtain control of with The Complaint does not allege or otherwise disposed of, AFSA's passwords; it alleges that KSE received them from AFSA and used them without authorization. "trafficking" under the § Only KSE has moved to dismiss 1030(a)(6) § Such conduct does not constitute 1029. Therefore, KSE's motion to dismiss trafficking claim will be granted. -12- B. Count 3: Electronic Communications Privacy Act. The Electronic Communications Privacy Act U.S.C. §§ access[] 2701 et sea. . makes it an offense to obtain[], 18 "intentionally without authorization a facility through which an electronic communication service is provided, exceed[] ("ECPA"), an authorization to access alter[], or prevent[] that or intentionally facility; and thereby authorized access to a wire or electronic communication while it is in electronic storage." U.S.C. § 18 2701. Both defendants have moved to dismiss the ECPA count on similar grounds as the motion to dismiss the CFAA count - that they were not "without authorization" database and did not authorization." "intentionally exceed[] . . . KSE also argues that its conduct falls within a statutory exception to the ECPA, does not prohibit to access StateScape's which provides "conduct authorized (1) that the statute by the person or entity providing a wire or electronic communications service [or] (2) by a user of that service with respect to a communication of or intended for that user." 18 U.S.C. § 2701(c)(2). Specifically, KSE argues that its conduct falls within the second exception, its use of the database was authorized by AFSA, [StateScape's] as a "user of service." As with the CFAA count, StateScape has stated a claim against KSE by alleging that KSE, without any authorization from -13- StateScape, site. accessed the password-protected areas of StateScape's KSE has cited no authority that supports the principle that a third party who intentionally accesses a system after being given a password by an authorized user cannot be liable under the ECPA; rather, Trust Leasing v. 1494-95 {D. Jack Farrell Implement Co.. Minn. state a claim), in the case cited by KSE, 1991) 763 F. Computer Supp. 1473, (dismissing an ECPA count for failure to the party alleged to have violated the ECPA was the authorized user or licensee, On the facts alleged here, against KSE, Am. which, not an unauthorized third party. the ECPA claim is adequately pled according to the Complaint, was never authorized by StateScape to use the database.3 Conversely, StateScape has not alleged a viable ECPA claim against AFSA because AFSA falls within the first statutory exception for "conduct authorized by the person or entity providing a wire or electronic communications service." StateScape asserts that AFSA was not entitled, contract, Although pursuant to its to pass any information from StateScape's database along to KSE, it is undisputed that AFSA was contractually entitled to see all of the information it is alleged to have accessed. Accordingly, it cannot be liable under the ECPA. See 3 The statutory exception relied on by KSE does not apply because the alleged conduct of KSE, although authorized by a user, AFSA, was not authorized "with respect of or intended for that user." -14- to a communication Int'l Ass'n of Machinists & Aerospace Workers v. 390 F. Supp. trespasses 2d 479, 497 to which the trespasser gains access entitled to see, (D. Md. [ECPA] 2005) Werner-Masuda. (holding that "the sort of applies are those in which the to information to which he is not not those in which the trespasser uses the information in an unauthorized way"). For these reasons, AFSA's motion to dismiss the ECFA claim will be granted. C. Count 4: Virginia Computer Crimes Act. AFSA and KSE have moved to dismiss Crimes Act, grounds, the Virginia Computer Va. Code § 18.2-152.3 et sea. ("VCCA"), on multiple including preemption of the VCCA by the Copyright Act. Section 301(a) of the Copyright Act states: "all legal or equitable rights that are equivalent to any of the exclusive rights within the general scope of copyright as specified by section 106 [of the Copyright Act] in works of authorship that are fixed in a tangible medium of expression and come within the subject matter of copyright as specified by sections 102 and 103 title." 17 U.S.C. 102, . § 301(a). Copyright Act if the . . are governed exclusively by this A state law claim is preempted by the (1) the work at issue is 'subject matter of copyright' 103 and (2) "within the scope of as specified in 17 U.S.C.A. §§ the rights granted under state law are equivalent to any exclusive rights within the scope of federal copyright as set out in 17 U.S.C.A. § 106." Arete Associates. 229 under state law is Inc.. 1 F.3d 225, "equivalent" Rosciszewski v. (4th Cir. 1993). to a right under federal -15- A right copyright law if that right "may be abridged by an act which, and of itself, in would infringe one of the exclusive rights [granted in the Copyright Act]." Id. "However, if an extra element is required instead of or in addition to the acts of reproduction, performance, distribution or display, constitute a state-created cause of action, preemption . . in order to there is no . provided that the extra element changes the nature of the action so that it is qualitatively different from a copyright infringement claim." Id. {internal quotation marks and citations omitted). The elements of a violation of the VCCA are that the defendant (1) uses a computer or computer network; authority; and pretenses, embezzles or commits of another. (3) (2) without either obtains property or services by false Va.Code § larceny; 18.2-152.3. or converts the property In Rosciszewski. Circuit held that a claim under a prior, but similar, the Fourth version of the VCCA based on unauthorized copying of copyrighted software was preempted by the Copyright Act. It concluded that the first element for preemption was satisfied because software is within the subject matter of copyright. It next Rosciszewski. 1 F.3d at 229.4 found that rights granted under the VCCA that protect 4The court found that software programs are "original works of authorship fixed in [a] tangible medium of expression . . . from which they can be perceived, reproduced, or otherwise communicated, either directly or with the aid of a machine or device." 17 U.S.C.A. § 102(a). -16- against unauthorized copying of software are equivalent to those granted by the Copyright Act because none of of the VCCA were sufficient to "qualitatively chang[e] claim from one of unauthorized copying." findings, 18.2-152.3 Id. the Fourth Circuit concluded that computer programs the three elements at 230.5 the state On these "the protection of from unauthorized copying granted under § is equivalent to the exclusive right of the copyright owner to reproduce a copyrighted work under the Copyright Act," and that a cause of action under the VCCA "is preempted to the extent that it is based on reproduction of computer program." Rosciszewski. [a] copyrighted 1 F.3d at 230. Given the Fourth Circuit's holding, the only basis for finding that the VCCA claim is not preempted would be if the VCCA violations alleged here are distinguishable from the software copying alleged in Rosciszewski. StateScape argues that the case 5The Rosciszewski court held that using a computer, the first element of a VCCA violation, is merely a "necessary condition" to the copying, and that the second element - lack of authority - is also, by definition, an element of copyright infringement. Regarding the third element, the version of the VCCA before the court in Rosciszewski did not require a defendant to actually embezzle, convert or obtain property by false pretenses, but only required the intent to do so. Accordingly, the Fourth Circuit found that "[a]n action will not be saved from preemption by elements such as awareness or intent, which alter 'the action's scope but not its nature.'" Rosciszewski. 1 F.3d at 230. The current version of the VCCA differs in that to be held liable, the defendant must actually commit larceny, false pretenses, embezzlement, or conversion. Va.Code § 18.2-152.3. However, at least one court has found that the VCCA, in the context of a software copying case, is still preempted by the Copyright Act. See Securelnfo. 387 F. Supp. 2d at 610. -17- at bar is distinguishable, because (1) unlike in Rosciszewski. where the case was at summary judgment, begun, discovery has not even and it is not yet known whether all wrongful KSE database accesses constituted copyright infringement, proprietary database, (2) StateScape's which the defendants allegedly accessed, included both copyrighted and non-copyrighted materials, the VCCA claim here is [including] (3) "based on elements beyond mere copying, false pretenses, As AFSA points out, alleges that and embezzlement, however, and/or conversion." the Complaint consistently "[e]ach of the reports generated by the StateScape proprietary database bears a copyright notice," Compl. l 8, that "StateScape owns a copyright in the StateScape proprietary database in the organization of the information in a searchable format available in no other source," "StateScape also owns copyrights id. SI 30, and that in each of the bill summaries within the StateScape database that were original works of authorship," id. On those facts as pled by StateScape, it is difficult to see how any claim under the VCCA would contain any elements making it Act claims. "qualitatively" different from the Copyright As such, the VCCA claim is preempted by the Copyright Act and will be dismissed. D. Count 6: Trespass KSE has moved to dismiss the claim for trespass to chattels, which is based oh the allegation that KSE accessed password- -18- protected areas of StateScape's website without authorization. trespass to chattels occurs "when one party intentionally uses A or intermeddles with personal property in rightful possession of another without authorization," America Online, Inc. Inc.. and "if 46 F.Supp.2d 444, chattel is impaired as 451-52 (E.D. Va. 1998), to its condition, quality, v. LCGM. the or value," id. KSE has moved to dismiss on the ground that StateScape has not alleged that its website, impaired. See Securelnfo. the object of the trespass, 387 F. Supp. 2d at 621 was (dismissing a trespass claim for failure to allege that improperly downloaded software had been impaired)6 Notwithstanding the holding in Securelnfo, claim should not be dismissed. trespass was not [StateScape's] 17. Here, the object of the alleged the downloaded content, but "the part of website that is password-protected." StateScape has alleged that value of these areas permission. the trespass the trespass PL's Opp. "diminished the [of the website]" by using them without Moreover, this Court has held that senders of bulk e-mail committed a trespass to chattels when they "caused contact 6In Securelnfo, the defendants allegedly downloaded the contents of a software system. Although the plaintiff claimed that this contributed to the loss of customers and goodwill, and caused "diminution in the value of its confidential information and other proprietary data," the court found that the plaintiff had not alleged "that the materials that were taken by the defendants were damaged or diminished in value." Securelnfo, 387 F. Supp. 2d at 621 (emphasis in original). -19- with [the plaintiff's] [the plaintiff's] computer network. . . and . . Inc. v. injured business goodwill and diminished the value of its possessory interest in its computer network." Online. . IMS. 24 F.Supp.2d 548, 550 {E.D. Although KSE's use of StateScape's resources America Va. 1998). is not alleged to have affected StateScape's network capacity and performance, given that StateScape charges fees for its passwords, of [StateScape's] the "value possessory interest in its computer network" diminished if unauthorized users access its password-protected areas. As chattels E. such, StateScape has adequately pled a trespass claim. Count 10: Misappropriation of Trade Secrets. AFSA and KSE have moved to dismiss Virginia Uniform Trade Secrets Act the claim under the ("VUTSA"), which StateScape bases on AFSA's unauthorized sharing of its passwords StateScape's database with KSE. passwords, as a matter of law, A "trade secret" for The defendants argue that are not trade secrets. under the VUTSA is defined as follows: "Trade secret" means information, including but not limited to, a formula, pattern, compilation, program, device, method, technique, or process, that: 1. to Derives independent economic value, potential, actual or from not being generally known to, and not being readily ascertainable by proper means by, persons who can obtain economic value disclosure or use, other from its and 2. Is the subject of efforts that are reasonable under the circumstances to maintain its secrecy. -20- is Va Code. Ann. § 59.1-336. Both defendants argue that passwords lack "independent economic value," but are instead a security mechanism designed to control access to information, secrets. Although they concede that there is no Virginia holding directly on point, v. Bus. and therefore are not trade Objects, they rely on a footnote in Microstrategy. S.A.. 331 F. Supp. 2d 396, 429 n. 4 {E.D. Inc. Va. 2004): The court also voices its skepticism that a CD Key can constitute a trade secret. A trade secret is information and a CD Key, a series of random numbers, is not information. Instead, it is a lock - a barrier - to the access of information that might properly be considered a trade secret. Defendants' argument that a password is random numbers and letters that copyrighted material," AFSA Mem. merit. "simply a series of is a barrier to its alleged 16, and not a trade secret, has Although the passwords at issue clearly have economic value given that they are integral to accessing StateScape's database, they have no independent economic value in the way a formula or a customer list might have. Where a plaintiff has not alleged that its passwords are the product of any special formula or algorithm that it developed, secrets. as Accordingly, the passwords are not trade Count 10 will be dismissed in its entirety to both defendants. F. Count 11: Breach of Contract StateScape alleges (Johnson). that Johnson was a party to a non-compete -21- agreement that prohibited him, termination, for one year from the date of his from working for any entity or service similar to the services he performed for StateScape, and from performing similar services for StateScape customers. working for StateScape on March 19, KSE less than one year later, Virginia's Va. and began working for in July 2003. Johnson has moved to dismiss limitations grounds, 2003, Johnson stopped this claim on statute of arguing that the contract is subject to five-year statute of limitations on written contracts, Code Ann. § 8.01.246(2), and that because he started working for KSE no later than July 2003 December 24, 2008 - more and this then five years suit was filed on later - the claim is completely time-barred. StateScape has opposed the motion on the grounds Virginia law provides w[a]n exception to strict application of the statute of limitations contract, that ... in the case of an where a non-breaching party can 'indivisible' * elect between pursuing his remedy when an action which would constitute a breach occurs or awaiting the time fixed by the contract for full and final performance. If he elects the latter course, the statute of limitations does not begin to run against his right of action until the time for final performance fixed by the contract has passed.'" American Inn, Appx. 319-20, 316, L.P. (4th Cir. v. Suntrust Banks, 2002), -22- Inc.. 28 Fed. quoting Suffolk Citv Sen. Bd. v. Conrad Bros.. Inc.. 495 S.E.2d470, 472-73 {Va. 1998). StateScape argues that the non-compete agreement was an indivisible contract, 19, 2004, and that because its term expired on March the statute did not begin to run until that date. Under Virginia law, the "indivisible contract" or "continuing undertaking" doctrine is an exception to the normal rule that a statute of limitations runs from the moment the breach occurs. This exception applies "only with regard to a continuous or recurring course of professional services related to a particular undertaking." 453 S.E.2d 284, 286 (1995). Harris v. K & K Ins. Aaencv. Inc.. The Virginia Supreme Court has applied it "in cases stating claims of breach of contract or negligence involving the professional services of physicians, attorneys, and accountants." id. The exception does not apply here because Johnson's noncompete contract cannot be considered indivisible. StateScape offers no evidence that the contract was indivisible. Conversely, Johnson has pointed to specific language in the contract - a clause stating that «each of the rights and remedies enumerated above shall be independent of the other, severally enforceable indivisible. . . and shall be ." to show that the contract was not In addition, unlike the "continuing undertaking" types of contracts discussed in Harris. contract not to do certain things. -23- Johnson's contract is a It is clearly distinguishable from the types of contracts for which the "continuing undertaking" exception has been applied by Virginia courts. However, StateScape's contract claims against Johnson allege two types of breaches. The first is the alleged breach of Johnson's agreement not to work for an entity similar to StateScape within the one year following termination. began to accrue in July 2003, when, Johnson began working for KSE. according to the Complaint, Because StateScape did not sue Johnson within five years of July 2003, barred. This claim this claim is time- StateScape also alleges that Johnson breached his agreement not to perform services one year. for StateScape customers for It is unclear from the Complaint - and will not become clear until discovery - whether and when Johnson began to solicit AFSA business, and perhaps other StateScape customers. If StateScape discovers that Johnson breached this provision of the contract between December 24, filed suit) and March 19, 2004 termination from StateScape), barred. For these reasons, 2003 (five years before StateScape (one year after Johnson's those claims would not be time- Johnson's Motion to Dismiss Count 11 will be granted in part and denied in part. 6. KSE's Motions to Dismiss Counts 1 (Copyright) and 7 (Unjust Enrichment) on Statute of Limitations Grounds. KSE has moved for a partial dismissal of StateScape's copyright claims, arguing that any claims for violations before -24- December 24, 2005 are time-barred. for copyright claims is U.S.C. § 507(b). The statute of limitations three years after the claim accrues. 17 A claim for copyright infringement accrues "when one has knowledge of a violation or is chargeable with such knowledge." F.3d 789, Lyons Partnership, 797 (4th Cir. 2001) LP v. Morris Costumes, Inc., 243 (internal citations omitted). Statescape has represented in the Complaint that it first learned of KSE and AFSA's alleged violations of copyright law in 2008, after AFSA terminated its relationship with StateScape, KSE hid its activities by using AFSA usernames unauthorized accesses. and that to engage in its StateScape has adequately pled that it did not know and had no reason to know about any of the conduct in question before 2008. Whether or not StateScape had actual or constructive knowledge of previous violations is a question of fact to be resolved after discovery, Accordingly, not on a motion to dismiss. the motion for partial dismissal of the copyright claim will be denied. KSE has also moved to partially dismiss StateScape's Count 7 claim for unjust enrichment to the extent that the claim arose before December 24, 2005, arguing that unjust enrichment claims in Virginia are subject to a three-year time bar. Kirkwood, 383 S.E.2d 729, 731 (Va. that equitable estoppel defeats defense. 1989). See Belcher v. StateScape responds the statute of limitations Equitable estoppel applies where one party "reasonably -25- relied on the words and conduct of the person to be estopped in allowing the limitations period to expire." James Leffel & Co., 558 F.2d 216, StateScape has pled that KSE, 218 City of Bedford v. (4th Cir. 1977). Here, for an extended period of time, used the passwords of AFSA to disguise its accesses into StateScape's system. This allegation is sufficient to defeat dismissal of the unjust enrichment claim on statute of limitations grounds. IV. Conclusion For the above-stated reasons: As to Count 1, KSE's partial motion to dismiss the copyright claim on statute of limitations grounds will be DENIED. As to Count 2, AFSA's motion to dismiss the § 1030{a)(2) portion of the CFAA claim against it will be GRANTED. motion to dismiss the § 1030(a)(6) against it will also be GRANTED. 1030(a)(2) portion of the CFAA claim KSE's motion to dismiss the § claim in its entirety will be DENIED. the running of the statute of limitations, recover against KSE under § 1030(a)(2) on or after December 24, As to Count 3, KSE's However, due to StateScape may only for violations occurring 2006. AFSA's motion to dismiss the ECPA claim will be GRANTED and KSE's motion to dismiss it will be DENIED. As to Counts 4 and 10, both parties' be GRANTED. -26- motions to dismiss will As to Counts 6 and 7, KSE's motions to dismiss will be DENIED. As to Count 11, Johnson's motion to dismiss contract claims will be GRANTED IN PART, the breach of such that any claims against him for commencing work with KSE are time-barred, but any claims against him for breach of his agreement not to do business with StateScape customers are allowed to the extent that the breaches occurred between December 24, 2003 A separate order consistent with this and March 19, 2004. opinion will be entered. Entered this 31 Alexandria, day of March, 2009. Virginia /a/ Leonie M. Brinkema Usited St&tes District Judge -27-
]]>
Some case metadata and case summaries were written with the help of AI, which can produce inaccuracies. You
should read the full case before relying on it for legal research purposes.
This site is protected by reCAPTCHA and the Google
Privacy Policy and
Terms of Service apply.
