HILLMAN, District Judge.
This is an action for misappropriation of trade secrets, unfair competition, breach of contract, violation of the Computer Fraud and Abuse Act ("CFAA"), and conspiracy.
In a motion to dismiss under Fed. R.Civ.P. 12(b)(6), the Court "must assume the truth of all well-plead[ed] facts and give the plaintiff the benefit of all reasonable inferences therefrom." Ruiz v. Bally Total Fitness Corp., 496 F.3d 1, 5 (1st Cir.2007) (citing Rogan v. Menino, 175 F.3d 75, 77 (1st Cir.1999)). A pleading must contain "a short and plain statement of the claim showing that the pleader is entitled to relief." Fed.R.Civ.P. 8(a)(2). The pleading standard set forth in Rule 8 does not require "detailed factual allegations, but it demands more than an unadorned, the-defendant-unlawfully-harmed-me accusation." Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007) (citing Papasan v. Allain, 478 U.S. 265, 286, 106 S.Ct. 2932, 92 L.Ed.2d 209 (1986)). A complaint will not suffice if it offers "naked assertion[s]" devoid of "further factual enhancement." Twombly, 550 U.S. at 557, 127 S.Ct. 1955. "The plausibility standard is not akin to a probability requirement, but it asks for more than a sheer possibility that a defendant has acted unlawfully." Ashcroft v. Iqbal, 556 U.S. 662, 678, 129 S.Ct. 1937, 173 L.Ed.2d 868 (2009) (internal quotations omitted). Dismissal is appropriate if plaintiff's well-pleaded facts do not "possess enough heft to show that plaintiff is entitled to relief." Ruiz Rivera v. Pfizer Pharm., LLC, 521 F.3d 76, 84 (1st Cir. 2008) (internal quotations and original alterations omitted). Therefore, under the Twombly/Iqbal standard, Plaintiff's claim must clear two hurdles, (1) the pleaded facts must contain sufficient particularity to be plausible, and (2) they must also, if assumed to be true, establish a prima facie case for relief.
Furthermore, where a party filing or opposing a motion to dismiss under Rule 12(b)(6) presents matters outside the pleadings which are considered by the court, the motion to dismiss will be treated as one for summary judgment in accordance with Fed.R.Civ.P. 56. Fed.R.Civ.P. 12(b)(6); Trans-Spec Truck Serv. Inc. v. Caterpillar, Inc., 524 F.3d 315, 321 (1st Cir.2008). Courts may consider documents the authenticity of which are not in dispute — such as public records — without converting the motion into one for summary judgment. Id.
A substantial quantity of extrinsic evidence has already been presented to the Court as part of Plaintiff's Application for Preliminary Injunction. However, under the Rule 12(b)(6) standard, the Court will rely only upon the facts contained in Plaintiff's Second Amended Complaint or incorporated therein by reference. For the sake of brevity, the Court hereby incorporates the statement of facts set forth in its prior order (Docket No. 105) to the extent that that statement reflects the facts included in the Second Amended Complaint.
Defendants individually move to dismiss every claim against them. The Court will address the motions of Feldstein, Hagen, Desai, and Kociuk collectively in this order, considering each Count in turn.
Count I, raised against Feldstein, Desai, and Kociuk, is for misappropriation of Trade Secrets under Massachusetts common law; Count II, raised against Feldstein, Desai, and Kociuk, is for misappropriation of trade secrets under Mass. Gen. Law ch. 93, § 42, and § 42A. For the reasons set forth in this Court's prior order, Plaintiff has demonstrated a likelihood of success on the merits with regard to misappropriation. Even considering only the evidence included in the Complaint these allegations contain a level of specificity sufficient to surpass the Twombly/Iqbal plausibility threshold.
Count III, against Feldstein, Desai, and Kociuk is for unfair competition under Mass. Gen. Law ch. 93A, § 11. This claim is dismissed as against all three defendants as they correctly assert the "intra-enterprise" exception to Chapter 93A, § 11. See Guest-Tek Interactive Entm't, Inc. v. Pullen, 665 F.Supp.2d 42, 46 (D.Mass.2009). Plaintiff attempts to define the employer-employee relationship as existing within normal trade and commerce. This position has been explicitly rejected by the Supreme Judicial Court of Massachusetts. Bertrand v. Quincy Mkt. Cold Storage & Warehouse Co., 728 F.2d 568, 571 (1st Cir.1984); id. (citing Linkage Corp. v. Trustees of Boston University, 425 Mass. 1, 23, 679 N.E.2d 191 (1997); Manning v. Zuckerman, 388 Mass. 8, 13-14, 444 N.E.2d 1262 (1983)).
Plaintiff further argues that the misappropriation claims against Feldstein, Desai, and Kociuk are wholly independent from their employment at AMD, and therefore are no bar to the Chapter 93A claim. See Specialized Tech. Res., Inc. v. JPS Elastomerics Corp., 80 Mass.App.Ct. 841, 847, 957 N.E.2d 1116, 1121 (2011). That is not an accurate assessment of Plaintiff's pleaded claims. AMD has not alleged any facts suggesting that Defendants misappropriated trade secrets through means other than abusing their positions as AMD employees. Consequently, the employee/employer relationship is a necessary element of the misappropriation claims. See Guest-Tek, 665 F.Supp.2d at 46. Plaintiff's unfair competition claim is therefore properly barred as a matter of law by the "intra-enterprise" exception and the motions to dismiss will be allowed.
Count IV, raised against Feldstein, Desai, and Kociuk, is for violation of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030. AMD alleges that Feldstein, Desai, and Kociuk have knowingly, and with intent to defraud, accessed AMD's protected computer network either without authorization or in a manner than exceeded their authorized access.
Most relevant to this case are § 1030(a)(2)(C) and § 1030(a)(4). § 1030(a)(2)(C) states that it is a violation of the statute to "intentionally [access] a computer without authorization or exceed[] authorized access and thereby [obtain] — ... information from any protected computer." The breadth of this provision is difficult to understate. § 1030(a)(4) provides that it is a violation of the CFAA to
Neither the term "without authorization" nor the word "authorization" are defined by the CFAA, although the act does define "exceeds authorized access" as "to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter[.]" 18 U.S.C. § 1030(e)(6). Despite this statutory definition the exact parameters of "authorized access" remain elusive.
Courts have generally adopted one of two positions when interpreting the CFAA. A narrow interpretation reflects a technological model of authorization, whereby the scope of authorized access is defined by the technologically implemented barriers that circumscribe that access. Thus if Company C maintains two secure servers, X and Y, and issues Employee E valid login credentials for Server X but not for Server Y, then Employee E has authorized access to Server X, but not to Server Y. Any data accessed by Employee E from Server X would be with authorization no matter how Employee E used that information. However, if Employee E used his/her Server X access to illicitly access Server Y, any data thus accessed on Server Y would be outside the scope of authorization.
By contrast, a broader interpretation defines access in terms of agency or use. Thus wherever an employee breaches a duty or loyalty, or a contractual obligation, or otherwise acquires an interest adverse to the employer, their authorization to access information stored on an employer's computer terminates and all subsequent access is unauthorized/exceeds the scope of authorization, whether or not the access is still technologically enabled. Thus, using the example stated above, Employee E would exceed the scope of his/her authorized access if data accessed from Server X was used for some purpose that was prohibited by Employee E's contractual or legal obligations to Company C.
Proponents of a narrower interpretation suggest that Congress' intent in passing the CFAA was to address computer hacking activities and not to supplement state misappropriation of trade secrets laws. Nosal, 676 F.3d at 857 (majority opinion). They further argue that expanding the definition of authorization to encompass extrinsic contractual agreements has farreaching
There is no express indication in the legislative history of the CFAA that Congress intended for employers to sue at-will employees to recover economic damages resulting from time spent looking at personal emails instead of working. See id. at 857-58 (majority opinion). However, any information stored on any computer can satisfy the textual requirements of § 1030(a)(2)(C). Therefore, if this Court were to adopt a broad interpretation of the term of art "access that exceeds the scope of authorization" then arguably any violation of a contractual obligation regarding computer use becomes a federal tort so long as a very minimal damages threshold is met ($5,000 in any twelve-month period).
Moreover, as the majority in Nosal noted, these features are substantially more troubling in a criminal context. Id. 676 F.3d at 860-61 (majority opinion). It is not possible to define authorization narrowly for some CFAA violations and broadly for others. Powerex Corp. v. Reliant Energy Servs., Inc., 551 U.S. 224, 232, 127 S.Ct. 2411, 168 L.Ed.2d 112 (2007) (holding that "identical words and phrases within the same statute should normally be given the same meaning"). It is obviously absurd to impose criminal liability for checking personal email at the workplace, or some similarly innocuous violation of an employee computer use agreement. Nor is it acceptable to rely solely upon prosecutorial discretion to refrain from prosecuting trivial offenses. Nosal, 676 F.3d at 862 (majority opinion). As between a broad definition that pulls trivial contractual violations into the realm of federal criminal penalties, and a narrow one that forces the victims of misappropriation and/or breach of contract to seek justice under state, rather than federal, law, the prudent choice is clearly the narrower definition.
At the time of this order, the First Circuit has not clearly articulated its position on this issue. Some district judges
Turning to the case at hand, AMD has not pleaded any analogous facts. AMD favors a broader interpretation of the CFAA and alleges that merely by violating their contractual agreements and/or their duty of loyalty to AMD, Feldstein, Desai, and Kociuk rendered access that would otherwise have been authorized "without authorization" or "exceeding authorization" because they possessed an interest adverse to that of AMD. The Second Amended Complaint includes specific facts about when and how Feldstein, Desai, and Kociuk logged into AMD's secure network with valid login credentials and accessed confidential AMD information which they later retained in violation of their respective contractual agreements with AMD. The Court notes that while the Second Amended Complaint alleges intent to defraud on the part of Feldstein, Desai, and Kociuk, it is sparse on the details of any such fraud or deception.
Plaintiff's allegations are thus insufficient to sustain a CFAA claim under a narrow interpretation the CFAA and, for the reasons stated above, the narrower interpretation is preferable. However, this is an unsettled area of federal law, and one where courts have yet to establish a clear pleading standard. Given the incomplete nature of the evidentiary record and out of an abundance of caution, I will not dismiss these claims at this time. If AMD can plead specific details indicating that some or all of the defendants used fraudulent or deceptive means to obtain confidential AMD information, and/or that they intentionally defeated or circumvented technologically implemented restrictions to obtain confidential AMD information, then the CFAA claims will surpass the Twombly/Iqbal standard. Otherwise these claims will be dismissed once the factual record is complete.
Count V, raised against Feldstein, Desai, and Kociuk, is for breach of
AMD has not, however, pleaded that Desai and Kociuk were executives, officers or directors of AMD. Second Am. Compl. ¶¶ 214-221 (Docket No. 91). Desai was a senior manager of ASIC/Layout design and Kociuk was an engineer reporting directly to Desai. "Rank-and-file" employees are not captured by the employee's duty of loyalty unless they occupy "a position of trust and confidence." Talent-Burst, Inc. v. Collabera, Inc., 567 F.Supp.2d 261, 266 (D.Mass.2008). Plaintiff pleads that Desai and Kociuk both had access to confidential AMD information, and therefore held such positions of "trust and confidence." Pl.'s Opp, to Mot. to Dismiss at 11-12 (Docket No. 69) (citing id.; Meehan, 404 Mass. at 438, 535 N.E.2d 1255; Inner-Tite Corp. v. Brozowski, 27 Mass.L.Rptr. 204, 2010 WL 3038330 (2010)).
The Court is wary of holding that any employee given access to any confidential information owes a fiduciary duty to his or her employer. However, as hardware designers working for a high-tech business that generates much of its revenue from intellectual property, they had access to confidential information of substantial value. Construing all factual ambiguities in favor of AMD, it is plausible that Desai and Kociuk held special positions of trust and confidence and did owe AMD a fiduciary duty. However, in order to sustain these allegations through summary judgment, AMD must produce specific evidence sufficient to establish that Desai and Kociuk were in positions entrusting them with a level of "trust and confidence" analogous to that of a law firm associate or regional sales manager.
Count VI, raised against all Defendants, is for breach of contract, through (1) failing to return confidential AMD information at the end of their employment and/or (2) solicitation of AMD employees. For the reasons set for this in this Court's prior order, Plaintiff has demonstrated a likelihood of success on the merits of this claim as against all defendants. Even considering only the evidence included in the Complaint, or incorporated into the same by reference, Plaintiff has pleaded a claim sufficient to surpass the Twombly/Iqbal threshold as against all Defendants.
Count VII, raised against Desai and Kociuk, is for conspiracy. AMD alleges that Desai and Kociuk conspired to misappropriate trade secrets, and/or violate the CFAA, and/or breach their employee's duty of loyalty. In order to prove a civil conspiracy, Plaintiff must demonstrate (1) that "a combination of two or more persons acting in concert to commit an unlawful act, or to commit a lawful act by unlawful means, the principal element of which is an agreement between the parties `to inflict a wrong or injury upon another,' and (2) `an overt act that results in damages.'" Grant v. John Hancock Mutual Life Insurance Co., 183 F.Supp.2d 344 (D.Mass.2002) (internal quotations omitted). Under the Twombly/Iqbal standard, AMD has pleaded a prima facie claim for relief for misappropriation of trade secrets against both Desai and Kociuk. Plaintiff also pleaded specific facts regarding email exchanges between Desai and Kociuk that could, in the light most favorable to Plaintiff, be construed as acting in concert to commit the misappropriation. Second Am. Compl. ¶ 65 (Docket No. 91). Thus Plaintiff's conspiracy claim also surpasses the Twombly/Iqbal threshold.
For the foregoing reasons, Defendants' individual motions to dismiss (Docket Nos. 42-45) will be