MEMORANDUM
LAWRENCE F. STENGEL, District Judge.
Brand Energy & Infrastructure Services, Inc., a construction company, contends that some of its former employees stole its trade secrets and equipment, and misappropriated its proprietary business information. These former employees have since left Brand and joined one of Brand's competitors: Irex Corporation. Brand claims these individuals have been using Brand's stolen equipment and trade secrets to benefit Irex and poach business from Brand.
Brand's federal claims are under the recently enacted Defend Trade Secrets Act of 2016, 18 U.S.C. § 1832, et seq. (DTSA), the Racketeer Influenced and Corrupt Organizations Act, 18 U.S.C. § 1961 et seq. (RICO), and the Computer Fraud and Abuse Act, 18 U.S.C. § 1030 et seq. (CFAA). Brand also brings eleven claims under Pennsylvania law.
Irex filed a motion to dismiss Brand's amended complaint. I will deny the motion to dismiss.
I. BACKGROUND1
Brand Energy & Infrastructure Services, Inc., is a company that provides scaffolding, industrial coatings, industrial insulation, fireproofing, asbestos remediation, and other construction-related services. Brand has a strong presence throughout the country, including in Pennsylvania and New Jersey. Irex Corporation is a Pennsylvania corporation with various subsidiaries in Pennsylvania that compete with Brand.2
The individual defendants in this case formerly worked in high-level positions at Brand. In 2011, Irex and another company, Harsco Infrastructure, entered into an agreement to attempt to compete with Brand in the construction industry. However, two years later, Brand acquired Harsco. From 2014 to 2015, all of the individual defendants left Brand and joined Irex.
According to the plaintiff, while some of the individual defendants were moving to Irex, other individual defendants (who were still employed at Brand) were siphoning them Brand's protected business information. This conspiracy allegedly began in early 2014. It involved the individual defendants accessing Brand's revenues, customers, drawings, and business opportunities. According to Brand, the defendants planned all along to steal Brand's business information, leave Brand, join Irex, and then run Brand out of business.
One specific item Brand alleges the defendants stole is Brand's "Market Playbook." The Market Playbook is a database that is only accessible on Brand-network computers.3 It contains billions of dollars in proprietary information, including Brand's future business plans and targets. Brand alleges that after the individual defendants left and went to Irex, Cathy Walls (a Brand employee) began accessing Brand information from the Market Playbook and giving it to the individual defendants. Brand claims, to this day, the individual defendants continue to use information they illegally obtained from the Market Playbook.
Brand further claims that defendants have fraudulently transformed the business information they stole from Brand into their own. For example, Brand alleges that many documents Irex now uses are really Brand documents that were modified to remove the Brand logo and add the Irex logo. Brand maintains it discovered much of this information through forensic analysis of the computers that the individual defendants used while employees at Brand.
Brand claims it has lost business opportunities as a result of the defendants' conduct. For years, Brand held a contract to provide scaffolding to the Westvaco Paper Mill in Maryland. While at Brand, one of the individual defendants, John Kwiatkoski, handled the Brand-Westvaco contract. Brand avers that, after Kwiatkoski left Brand, in conjunction with the other defendants, he used Brand's stolen equipment and business information to win over the Westvaco contract for Irex. In the process of doing so, Kwiatkoski transported stolen Brand scaffolding equipment from West Virginia to Maryland. According to Brand, the Westvaco contract yielded Brand about $600,000 in yearly revenue. In addition, Brand alleges the defendants used Brand's stolen property to steal away and out-bid Brand on various other scaffolding projects that had previously been performed by Brand for years.
Although this alleged conspiracy began in 2014, Brand alleges the defendants' theft and misappropriation continued consistently through 2015 and 2016, and continues to this day. Brand claims it has suffered millions of dollars in losses as a result of the defendants' alleged theft and misappropriation.
II. LEGAL STANDARD
A motion to dismiss under Rule 12(b)(6) of the Federal Rules of Civil Procedure for failure to state a claim upon which relief can be granted examines the legal sufficiency of the complaint. Conley v. Gibson, 355 U.S. 41, 45-46 (1957). The factual allegations must be sufficient to make the claim for relief more than just speculative. Bell Atlantic Corp. v. Twombly, 550 U.S. 544, 555 (2007). In determining whether to grant a motion to dismiss, a federal court must construe the complaint liberally, accept all factual allegations in the complaint as true, and draw all reasonable inferences in favor of the plaintiff. Id.; see also D.P. Enters. v. Bucks County Cmty. Coll., 725 F.2d 943, 944 (3d Cir. 1984).
The Federal Rules of Civil Procedure do not require a plaintiff to plead in detail all of the facts upon which she bases her claim. Conley, 355 U.S. at 47. Rather, the Rules require a "short and plain statement" of the claim that will give the defendant fair notice of the plaintiff's claim and the grounds upon which it rests. Id. The "complaint must allege facts suggestive of [the proscribed] conduct." Twombly, 550 U.S. at 564. Neither "bald assertions" nor "vague and conclusory allegations" are accepted as true. See Morse v. Lower Merion School Dist., 132 F.3d 902, 906 (3d Cir. 1997); Sterling v. Southeastern Pennsylvania Transp. Auth., 897 F.Supp. 893 (E.D. Pa. 1995). The claim must contain enough factual matters to suggest the required elements of the claim or to "raise a reasonable expectation that discovery will reveal evidence of" those elements. Phillips v. County of Allegheny, 515 F.3d 224, 234 (3d Cir. 2008) (quoting Twombly, 550 U.S. at 556).
In Ashcroft v. Iqbal, 556 U.S. 662 (2009), the Supreme Court defined a two-pronged approach to a court's review of a motion to dismiss. "First, the tenet that a court must accept as true all of the allegations contained in a complaint is inapplicable to legal conclusions. Threadbare recitals of the elements of a cause of action, supported by mere conclusory statements, do not suffice." Id. at 678. Thus, while "Rule 8 marks a notable and generous departure from the hyper-technical, code-pleading regime of a prior era . . . it does not unlock the doors of discovery for a plaintiff armed with nothing more than conclusions." Id. at 678-79.
A court "may dismiss a complaint only if it is clear that no relief could be granted under any set of facts that could be proved consistent with the allegations." Brown v. Card Service Center, 464 F.3d 450, 456 (3d Cir. 2006) (quoting Hishon v. King & Spalding, 467 U.S. 69, 73 (1984)).
III. DISCUSSION
Irex moves to dismiss Brand's claims under the DTSA, RICO, and CFAA. I will deny Irex's motion to dismiss in its entirety.
A. Defend Trade Secrets Act (DTSA) Claim
Irex argues that the DTSA does not apply to this action because the DTSA was enacted after the allegedly unlawful acts took place.4 Irex also contends that application of the DTSA here would be unconstitutionally retroactive. The DTSA's statutory language and history, emerging DTSA case law, and constitutional principles on retroactivity refute Irex's position.
1. The DTSA's Statutory Framework
The DTSA is the first federal law to create a private right of action for the misappropriation of trade secrets.5 The DTSA was formally enacted on May 11, 2016. See Defend Trade Secrets Act of 2016, Pub. L. No. 114-153, § 2, 130 Stat. 376 (2016) (codified as amended at 18 U.S.C. § 1831 et seq.). Now, the owner of a trade secret can bring a private cause of action in federal court for trade secret misappropriation. 18 U.S.C. § 1836(b)(1).
Under the DTSA, "misappropriation" is defined in several different ways. The "acquisition of a trade secret of another by a person who knows or has reason to know that the trade secret was acquired by improper means" constitutes a misappropriation. Id. § 1839(5)(A). A misappropriation also occurs when one "disclos[es]" or "use[s]" another's trade secret without the consent of the trade-secret owner. Id. § 1839(5)(B). The DTSA applies to the "misappropriation of a trade secret . . . for which any act occurs on or after the date of the enactment of [the DTSA]." Defend Trade Secrets Act of 2016, Pub. L. No. 114-153, § 2(e), 130 Stat. 376 (2016).6
There are key differences between the DTSA's language and the language of other trade secrets statutes. One useful comparison comes from the Uniform Trade Secrets Act (UTSA). A large majority of states used the UTSA as a model while drafting their own trade secrets statutes. The UTSA contains a provision stating that it "does not apply to misappropriation occurring prior to the effective date." UNIF. TRADE SECRETS ACT § 11( NAT'L CONFERENCE COMM'RS ON UNIF. STATE LAWS 1985) [hereinafter UTSA]. The UTSA also does not apply to a "continuing misappropriation that occurs after the effective date." Id. Pennsylvania's Uniform Trade Secrets Act (PUTSA) contains a nearly identical provision that has the same effect. Pennsylvania Uniform Trade Secrets Act, Pub. L. No. 143, § 4 (2004). Unlike the UTSA and the PUTSA, the DTSA does not contain such a provision.
2. Emerging DTSA Case Law
Other district courts have analyzed the applicability of the DTSA to misappropriations that occurred before the DTSA was enacted.7 These courts have all held that the DTSA applies to misappropriations that began prior to the DTSA's enactment if the misappropriation continues to occur after the enactment date. See Syntel Sterling Best Shores Mauritius Ltd. v. Trizetto Grp., Inc., 15-cv-211, 2016 WL 5338550, at *6 (S.D.N.Y. Sept. 23, 2016) (finding viable a continuing misappropriation claim that began pre-enactment because the DTSA defines misappropriation as the "disclosure or use of a trade secret" and the complaint alleged that the defendants "continue[d] to use" the trade secrets after the DTSA was enacted) (emphasis in original) (quoting 18 U.S.C. § 1839(5)(B)); Adams Arms, LLC v. Unified Weapon Sys., Inc., 16-cv-1503, 2016 WL 5391394, at *5-7 (M.D. Fla. Sept. 27, 2016) (same). One of these courts rested its decision, in part, on the fact that the DTSA—unlike the UTSA—does not preclude application to continuing misappropriations that continue to occur after the enactment date. Adams Arms, 2016 WL 5391394, at *6.
Other cases have, without question, applied the DTSA to misappropriations that occurred before and continued after the statute's enactment. See Allstate Ins. Co. v. Rote, 16-cv-1432, 2016 WL 4191015, at *1-5 (D. Or. Aug. 7, 2016) (granting preliminary injunction in DTSA case where the defendant left her job before the DTSA was enacted but remained in possession of alleged trade secrets after the DTSA's enactment); Henry Schein, Inc. v. Cook, 191 F.Supp.3d 1072, 1076-78 (N.D. Cal. 2016) (same with temporary restraining order).
3. Brand Adequately Pleads a Continuing Misappropriation
Brand's amended complaint alleges various times, after the enactment of the DTSA, that the defendants "used" Brand's alleged trade secrets.
Brand alleges that, to this day, the defendants continue to "obtain access to Brand's confidential and proprietary business information." (Doc. No. 61 ¶ 189). Brand also alleges "many documents currently in use in [defendants'] business are Brand documents that [defendants] . . . modified only to remove the Brand logo, insert the [defendants'] logos, and adjust pricing." (Id. ¶ 201). Brand's amended complaint contains various other allegations that defendants continued to use Brand's trade secrets after the DTSA's effective date. (Id. ¶¶ 214, 363).8
The "use" of another's trade secret explicitly qualifies as an act of misappropriation under the DTSA. 18 U.S.C. § 1839(5)(B); Syntel Sterling Best Shores, 2016 WL 5338550, at *7. Brand's amended complaint alleges multiple uses of its trade secrets that continued to occur after the date the DTSA was enacted. Accordingly, Brand may pursue its claim under the DTSA.9
4. Constitutional Analysis
Defendants next raise constitutional concerns with an application of the DTSA to this case. They argue that application of the DTSA here would render the statute an unconstitutional ex post facto law. After careful consideration, I find that applying the DTSA to the claim in this case does not violate the Ex Post Facto Clause of the United States Constitution. Thus, the DTSA, as applied here, is not impermissibly retroactive.
a. Ex Post Facto Analytical Framework
The United States Constitution proclaims that no "ex post facto Law shall be passed." U.S. Const. art. I § 9, cl. 3. An ex post facto inquiry is really a question of whether it is permissible for a statute to apply retroactively. Fernandez-Vargas v. Gonzalez, 548 U.S. 30, 37 (2006).
A retroactive statute is one that takes away or impairs vested rights, creates new obligations, imposes a new duty, or attaches a new disability with respect to transactions or events that have already passed. Id. (citing Soc'y for the Propagation of the Gospel v. Wheeler, 22 F. Cas. 756, 767 (C.C.N.H. 1814) (No. 13,156) (Story, J.)). Such retroactive statutes are disfavored "when their application would impair rights a party possessed when he acted, increase a party's liability for past conduct, or impose new duties with respect to transactions already completed." Fernandez-Vargas, 548 U.S. at 37 (quoting Landgraf v. USI Film Prods., 511 U.S. 244, 280 (1994)). Nevertheless, a statute is not impermissibly retroactive simply because it is applied in a case arising from conduct that pre-dates the statute's enactment. Landgraf, 511 U.S. at 269. "Rather, the court must ask whether the new provision attaches new legal consequences to events completed before its enactment." Id. at 269-70.
The United States Supreme Court has set forth a framework for courts to apply in determining whether a statute may or may not apply retroactively. This test is applicable when, as here, the "case implicates a federal statute enacted after the events in suit." Landgraf, 511 U.S. at 280.10 First, courts must look to "whether Congress has expressly prescribed the statute's proper reach." Fernandez-Vargas, 548 U.S. at 37 (quoting Landgraf, 511 U.S. at 280). If it has, the inquiry ends there. Id. In the absence of an express congressional command, however, courts "try to draw a comparably firm conclusion about the temporal reach specifically intended by applying our normal rules of construction." Id.
If applying normal rules of statutory construction proves unavailing, courts finally ask "whether applying the statute to the person objecting would have a retroactive consequence in the disfavored sense of affecting substantive rights, liabilities, or duties [on the basis of] conduct arising before [its] enactment." Id. (quoting Landgraf, 548 U.S. at 37) (alterations in original)). "If the answer is yes, we then apply the presumption against retroactivity by construing the statute as inapplicable to the event or act in question owing to the absen[ce of] a clear indication from Congress that it intended such a result." Id. (alterations in original).11
b. Express Congressional Command
The first step of the present analysis requires looking to "whether Congress has expressly prescribed the [DTSA]'s proper reach." Fernandez-Vargas, 548 U.S. at 37 (quoting Landgraf, 511 U.S. at 280). I find that Congress has not expressly prescribed the DTSA's proper reach.
Congress decided that the DTSA shall apply to the "misappropriation of a trade secret . . . for which any act occurs on or after the date of the enactment of this Act." Defend Trade Secrets Act of 2016, Pub. L. No. 114-153, § 2(e), 130 Stat. 376 (2016). This provision is susceptible to multiple different readings. On one hand, it could be read as only applying to misappropriations that occur on or after the date of enactment. Conversely, the phrase "for which any act occurs" seems to suggest that, so long as any act of misappropriation occurs after the enactment date, other related acts of misappropriation that began pre-enactment are also actionable.
To be sure, Congress could have simply stated that the DTSA applies to "any misappropriation of a trade secret that occurs after the enactment date." It did not. Instead, Congress inserted qualifying language: "for which any act occurs." Id. This phrase could reasonably be read to make the DTSA applicable to a pattern of misappropriations or one continuing misappropriation composed of multiple "acts." Similar statutory language has previously been held too ambiguous to provide a resolution of the retroactivity question at this first stage of an ex post facto inquiry. See Landgraf, 511 U.S. at 257-58 (finding that such statutory "language does not, by itself, resolve the question" of whether a federal statute should apply retroactively).12 Therefore, the DTSA's express congressional language alone does not resolve this dispute.
c. Application of Normal Rules of Construction
In the absence of an express congressional command, I must "try to draw a comparably firm conclusion about the temporal reach [of the DTSA] specifically intended by applying . . . normal rules of construction." Fernandez-Vargas, 548 U.S. at 37 (quoting Landgraf, 511 U.S. at 280); accord Monoson v. United States, 516 F.3d 163, 166 (3d Cir. 2008). In doing so, I conclude that application of the DTSA to this case is permissible.13
The statutory language and legislative history of the DTSA reveal Congress's intent to apply the DTSA to continuing misappropriations that began prior to its enactment but continued post-enactment. While § 2(e) of the DTSA may be ambiguous regarding the temporal reach of the Act, the DTSA's legislative history eliminates this ambiguity. At the same time, it evinces Congress's clear intent for the DTSA to apply to the type of continuing misappropriation alleged here.14
In formulating the DTSA, Congress had at its disposal a plethora of potential statutory blueprints: (1) the UTSA; and (2) forty-eight states' trade secrets laws.15 Congress explicitly acknowledged its intent to follow these statutory frameworks in drafting the DTSA. H.R. REP. NO. 114-529, at 2-5, 12-14 (2016).16 Indeed, Congress expressed its specific intent to model the DTSA in large part after the UTSA. For example, Congress directly modeled the DTSA's damages provisions after the UTSA's damages provisions. Id. at 12-13. Congress made the DTSA's statute of limitations period identical to the UTSA's. Id. at 13. Congress also copied UTSA provisions in defining the DTSA's most influential and significant terms. The DTSA's definition of "trade secret" conforms to the UTSA's definition of the same term. Id. at 13-14. The definitions of "misappropriation" and "improper means" are also the same under the DTSA as they are under the UTSA. Id. at 14.
It is clear that Congress borrowed heavily from the UTSA and the states' trade secrets laws in drafting many (if not most) provisions of the DTSA. The enactment of the DTSA was not a response to an inherent inadequacy in the states' trade secrets laws. Rather, it was merely an answer to the growing need for a uniform federal cause of action for trade-secret misappropriation in an increasingly "national and global economy." Id. at 4. Congress intended the DTSA to apply in substantially the same way as the states' trade secrets laws, but with a much broader geographic and jurisdictional reach. Id. at 2-5, 12-14.17
Congress's heavy reliance on the UTSA makes its exclusion of certain UTSA provisions from the DTSA especially revealing.18 The UTSA states: "This [Act] . . . does not apply to misappropriation occurring prior to the effective date. With respect to a continuing misappropriation that began prior to the effective date, the [Act] also does not apply to the continuing misappropriation that occurs after the effective date." UTSA § 11. Pennsylvania's Uniform Trade Secrets Act contains nearly identical language: "This act shall not apply to misappropriation occurring prior to the effective date of this act, including a continuing misappropriation that began prior to the effective date of this act and which continues to occur after the effective date of this act." PUTSA, Pub. L. No. 143, § 4 (2004). Many other states have also included similar or identical provisions in their respective trade secrets laws. See, e.g., Wy. Stat. Ann. § 40-24-110; Mo. Stat. § 417.467; S.D. Cod. L. §37-29-11; Az. H.B. 2013, ch. 37, § 3 (1990); N.J. Trade Secrets Act, ch. 161, ass. 921, § 10 (2011); Tenn. Unif. Trade Secrets Act, Pub. Ch. 647, H.B. No. 2350, § 11 (2000).
The DTSA's "effective date" provision, however, is very different. Congress specifically omitted the language (from the UTSA and states' trade secrets laws) that would have precluded the DTSA from applying to misappropriations that occurred pre-enactment. Congress also omitted the language that would have made the DTSA inapplicable to a misappropriation that begins before, but continues after, the effective date.
If Congress had wished to prevent application of the DTSA to continuing misappropriations that began pre-enactment, it easily could have. This simply would have required it to (as it did with countless other provisions) "rubberstamp" § 11 of the UTSA into the DTSA. Given its obvious familiarity with the UTSA's—and other state trade secrets laws'—provisions, any suggestion that Congress was unaware of the availability and import of § 11 would be nonsensical. It only follows that, when Congress did not adopt the anti-retroactivity provisions found in the UTSA and many states' trade secret laws, it did so consciously and for a reason.
Accordingly, I find that Congress clearly expressed its intent to apply the DTSA to continuing misappropriations that began prior to—but continued after—the DTSA's enactment.19 In short, because Brand's claim is that the defendants continued to misappropriate its trade secrets after the DTSA's enactment, the events giving rise to Brand's DTSA claim were not "completed before [the DTSA's] enactment." Landgraf, 511 U.S. at 269-70.
Defendants' motion to dismiss Brand's claim under the DTSA is denied.
B. Racketeer Influenced and Corrupt Organizations Act (RICO) Claim
Defendants want me to dismiss Brand's RICO claim because: (1) Brand has failed to allege facts establishing the "existence of an enterprise"; and (2) Brand has failed to sufficiently plead a "pattern of racketeering activity."
1. Existence of An Enterprise
RICO makes it unlawful "for any person employed by or associated with any enterprise engaged in, or the activities of which affect, interstate or foreign commerce, to conduct or participate, directly or indirectly, in the conduct of such enterprise's affairs through a pattern of racketeering activity." 18 U.S.C. § 1962(c). This prohibition necessarily requires the existence of an "enterprise." Id. To state a claim under § 1962(c), the plaintiff must allege that a "person" employed by or associated with an "enterprise": "(1) conducted (2) an enterprise (3) through a pattern (4) of racketeering activity." Lum v. Bank of Am., 361 F.3d 217, 233 (3d Cir. 2004) (citations omitted).
There are two types of associations that constitute valid "enterprises" under RICO. In re Ins. Brokerage Antitrust Litig., 618 F.3d 300, 364 (3d Cir. 2010). The first type is any sort of formal legal entity, such as a corporation or partnership. Id. The second type is an "association-in-fact," which is "any union or group of individuals associated in fact although not a legal entity." Id. (quoting United States v. Turkette, 452 U.S. 576, 581-82 (1981)).
In pleading the first type of enterprise, a legal entity, all aspects of the enterprise structure are met by mere proof of the existence of the legal entity. In re Ins. Brokerage Antitrust Litig., 618 F.3d at 364. Necessary to any RICO claim, however, is that the "person" alleged to have committed violations is separate and distinct from the "enterprise." Jaguar Cars, Inc. v. Royal Oaks Motor Car Co., 46 F.3d 258, 268 (3d Cir. 1995). In other words, there must be a person acting through an enterprise; a corporation may not serve as both the "person" and the "enterprise." Id.
In light of this separate-and-distinct requirement, courts at one time struggled with how to approach RICO claims where the alleged "person" is a corporate employee of the alleged "enterprise." However, the U.S. Supreme Court has since made clear that an enterprise is properly pled where a corporate employee "allegedly conducts the corporation's affairs in a RICO-forbidden way." Cedric Kushner Promotions, Ltd v. King, 533 U.S. 158, 163 (2001). The Court explained: "an employee who conducts the affairs of a corporation through illegal acts comes within the terms of a statute that forbids any `person' unlawfully to conduct an `enterprise,' particularly when the statute explicitly defines `person' to include `any individual . . . capable of holding a legal or beneficial interest in property,' and defines `enterprise' to include a `corporation.'" Id. (quoting 18 U.S.C. § 1961(3), (4)). This is the case whether the alleged enterprise is legitimate or illegitimate. Id. at 164-65; Jaguar Cars, 46 F.3d at 268-69. Accordingly, when a plaintiff asserts a legal entity as the "enterprise," her pleading requirements may be met "without great difficulty." In re Ins. Brokerage Antitrust Litig., 618 F.3d at 364.20
In pleading the second type of enterprise, an association-in-fact, the plaintiff must allege "a group of persons associated together for a common purpose of engaging in a course of conduct." Boyle v. United States, 556 U.S. 938, 946 (2009). The plaintiff must establish three structural components to an association-in-fact enterprise: (1) a purpose; (2) relationships among those alleged to be associated with the enterprise; and (3) longevity sufficient to allow the enterprise to pursue its purpose. Macauley v. Nicholas, 7 F.Supp.3d 468, 482 (E.D. Pa. 2014) (citing Boyle, 556 U.S. at 946).
Brand alleges three enterprises: (1) Irex; (2) Vertical Access; and (3) an associate-in-fact comprised of several individual defendants.21 I find that Brand has pled sufficient facts establishing each of these enterprises.
a. Irex and Vertical Access (Legal Entity Enterprises)
Brand alleges that, as legal entities, both Irex and Vertical Access are RICO enterprises that were used by the defendants to carry out their allegedly unlawful scheme. Defendants contend that neither Irex nor Vertical Access are proper "enterprises" because they are not distinct and separate from the individual defendants.
It is clear from Brand's amended complaint that Irex and Vertical Access are sufficiently pled enterprises. Both Brand and Vertical Irex are corporate entities. Consequently, "all aspects of the enterprise element . . . are satisfied by the mere proof that [Brand and Irex] do[] in fact have a legal existence." In re Ins. Brokerage Antitrust Litig., 618 F.3d at 364. Defendants' argument that the individual defendants are not distinct and separate from Irex or Vertical access is foreclosed by Cedric Kushner and Third Circuit precedent.
Brand specifically pleads that the individual defendants, who are corporate employees, used Irex and Vertical Access to "conduct[] the corporation's affairs in a RICO-forbidden way." Cedric Kushner, 533 U.S. at 163. Brand claims the individual defendants did this by stealing Brand's proprietary trade information, committing mail and wire fraud, and stealing Brand equipment. Once the individual defendants—former Brand employees—were working at Irex, they allegedly carried on Irex's affairs by improperly using Brand's proprietary information on customers, sales, data, and marketing. As legal entities, Irex and Vertical Access are sufficiently separate and distinct from the individual defendants. Id. at 163-64; Jaguar Cars, 46 F.3d at 269 ("[W]hen . . . employees operate and manage a legitimate corporation, and use it to conduct, through interstate commerce, a pattern of racketeering activity, those defendant persons are properly liable under § 1962(c).").
Therefore, Irex and Vertical Access are properly pled RICO enterprises.22
b. Individual Defendants (Association-in-Fact Enterprise)
Brand alleges that defendants Rowe, Kwiatkoski, Altmeyer, Shriver, Maupin, and Keane make up an association-in-fact enterprise. Defendants counter, arguing that this association-in-fact lacks the requisite structure and longevity under RICO.
The U.S. Supreme Court has held that an association-in-fact is proven by showing that: (1) there is an ongoing organization, formal or informal; (2) the associates of the group function as a continuing unit; and (3) the organization has an existence separate and apart from the alleged pattern of racketeering activity. Turkette, 452 U.S. at 583. The Supreme Court later expounded upon these requirements, holding that an association-in-fact must have three structural components: (1) a purpose, (2) relationships among those associated with the enterprise, and (3) longevity sufficient to permit these associates to pursue the enterprise's purpose. Boyle, 556 U.S. at 940. An enterprise is properly pled where the associates "engage in spurts of activity punctuated by periods of quiescence." Id.
In In re Insurance Brokerage Antitrust Litigation, the U.S. Court of Appeals for the Third Circuit outlined the requirements for pleading an association-in-fact enterprise. 618 F.3d 300 (3d Cir. 2010). It stressed that an enterprise does not require a formal structure or systemic plan. In re Insurance Brokerage Antitrust Litig., 618 F.3d at 403.
Brand has sufficiently pled an association-in-fact enterprise. The facts alleged show that defendants Rowe, Kwiatkoski, and Altmeyer were the "leaders" of the other individual defendants. These associates allegedly acted together, initially as co-workers at Brand, to download and steal Brand's proprietary business information and trade secrets. Later, they acted together as employees at Irex. These members allegedly stole Brand's scaffolding equipment, which they later used for their own benefit as employees at Irex and Vertical Access. This conduct occurred over several years with varying periods of severity, according to the amended complaint. Brand alleges these members had meetings in furtherance of their common scheme to defraud Brand by misappropriating and stealing Brand's trade secrets and equipment.
At this stage of the case, I am satisfied that Brand has met the Boyle standard. Brand alleges the members of the association-in-fact had a purpose: to use Brand's business information and equipment to benefit themselves by eliminating Brand as a competitor of Irex. The individual defendants had a relationship in that they held meetings in furtherance of their common scheme, which was spearheaded by the alleged leaders, Rowe, Kwiatkoski, and Altmeyer. The longevity of this alleged association-in-fact (over two years) is sufficient. See Devon Drive Lionville, LP v. Parke Bancorp, Inc., 2:15-cv-3435, 2016 WL 7475816, at *8 (E.D. Pa. Dec. 29, 2016) (recognizing that a span of "approximately two years" and "two years" is sufficient to satisfy Boyle's longevity requirement); see also United States v. Eiland, 738 F.3d 338, 360 (D.C. Cir. 2013) (two years sufficient); CIT Grp./Equip. Fin., Inc. v. Krones, Inc., Civ. A. No. 9-432, 2009 WL 3579037, at *9 (W.D. Pa. Sept. 16, 2009) (holding that 18-month period of alleged unlawful conduct was sufficient to satisfy RICO's longevity requirement).23
For all these reasons, I find that the purported association-in-fact is adequately pled.
2. Pattern of Racketeering Activity
Irex also attacks Brand's RICO claims on the basis that Brand has not sufficiently alleged a "pattern of racketeering activity."
In order to make out a claim under RICO, a plaintiff must plead a "pattern of racketeering activity." 18 U.S.C. § 1961(5); H.J. Inc. v. Nw. Bell Tel. Co., 492 U.S. 229, 237 (1989); United States v. Bergrin, 650 F.3d 257, 266-67 (3d Cir. 2011). A "pattern of racketeering activity" requires at least two predicate acts of racketeering activity. Bergrin, 650 F.3d at 266-67. The predicate acts must be related and pose the risk of continued criminal activity. Id. at 267. `"Relatedness' can be shown through evidence that the criminal activities `have the same or similar purposes, results, participants, victims, or methods of commission, or otherwise are interrelated by distinguishing characteristics and are not isolated events.'" Id. (quoting H.J. Inc., 492 U.S. at 240).
Under RICO, "racketeering activity" consists of a list of dozens of enumerated crimes. 18 U.S.C. § 1961(1). This list of crimes includes the theft of trade secrets, mail and wire fraud, and interstate transportation of stolen property. Id. (citing 18 U.S.C. §§ 1832, 1341, 1343, 2314-15). The continuity of predicate acts may be established in two different ways: (1) close-ended continuity, and (2) open-ended continuity. Bergrin, 650 F.3d at 267. A plaintiff can prove close-ended continuity by demonstrating "a series of related predicates extending over a substantial period of time." Id. Whether a plaintiff can prove open-ended continuity depends upon whether a "threat of continuity is demonstrated." Id. (emphasis in original).24
Brand's amended complaint alleges a series of alleged "predicate acts." As already discussed, Brand alleges that the defendants stole Brand's trade secrets in violation of the DTSA. Brand alleges dozens of DTSA violations. There is also a threat that the DTSA violations will continue because, allegedly, the defendants continue to use Brand's trade secrets in their business affairs at Irex. These allegations alone are sufficient to constitute a "pattern of racketeering activity" under RICO.25
Brand pleads more than just DTSA allegations to make out a pattern of racketeering activity. Brand also alleges the defendants committed various acts of mail and wire fraud, which is a predicate act under RICO. The elements of mail and wire fraud are: (1) a scheme to defraud; (2) use of the mails to further that scheme; and (3) fraudulent intent. United States v. Pharis, 298 F.3d 228, 233-34 (3d Cir. 2002). According to the amended complaint, defendants committed mail and wire fraud by sharing stolen Brand information via email and communicating via email to defraud Irex and poach construction projects from Brand. (Doc. No. 61 ¶ 391). Brand further alleges the defendants "used the mails and wires to transfer and download Brand drawings, trade secrets, and other proprietary business information to usurp [Brand]'s business opportunities, existing and prospective contracts, and otherwise harm Plaintiffs." (Id. ¶ 392). Brand relies on specific factual allegations—i.e., who, what, when, where—in support of these allegations. (Id. ¶ 391).
At the motion to dismiss stage, these allegations are sufficient to establish a plausible claim for mail and wire fraud even under the heightened pleading standard set forth in Federal Rule of Civil Procedure 9(b). "A scheme to defraud encompasses any deliberate plan of action or course of conduct by which someone intends to deceive or cheat another or by which someone intends to deprive another of something of value." Devon IT, Inc. v. IBM Corp., 805 F.Supp.2d 110, 123 (E.D. Pa. 2011). A plaintiff's pleading burden is satisfied by alleging "some sort of fraudulent misrepresentation or omissions reasonably calculated to deceive persons of ordinary prudence and comprehension." Id. (citing Kehr Packages, Inc. v. Fidelcor, Inc., 926 F.2d 1406, 1415 (3d Cir. 1992)). To prove a scheme to defraud, "[t]he scheme need not involve affirmative misrepresentation." Fidelcor, 926 F.2d at 1415. To "defraud," statutorily, means to deprive another "of something of value by trick deceit, chicane, or overreaching." Id. (citing McNally v. United States, 483 U.S. 350, 358 (1987), abrogated on other grounds, Skilling v. United States, 561 U.S. 358, 401-02 (2010)).
While Brand does not plead an "affirmative misrepresentation," its allegations that defendants stole Brand's trade secrets and used thousands of email transmissions to further their scheme certainly communicates an intent to deprive Brand of something of value: its business. Contrary to Irex's argument, reliance is not a required element of proof with respect to pleading mail and wire fraud. See Bridge v. Phoenix Bond & Indem. Co., 553 U.S. 639, 648 (2008) (emphasizing that alleging mail and wire fraud is a sufficient predicate act under RICO "even if no one relied on any misrepresentation").
In addition to DTSA violations and mail and wire fraud, Brand alleges another predicate act: defendants transported stolen property across state lines. Specifically, Brand avers that, in furtherance of a scheme to defraud, defendant Kwiatkoski stole scaffolding equipment from Brand and transported it from West Virginia to Maryland. (Doc. No. 61 ¶ 259). Viewing this allegation as true, as I must at this stage, this conduct amounts to a predicate act under RICO. 18 U.S.C. § 1961(1) (citing 18 U.S.C. §§ 2314, 2315).26
To summarize, Brand has sufficiently alleged a RICO claim against defendants. Brand pleads several viable enterprises. These enterprises, according to Brand, orchestrated a scheme to defraud Brand by stealing its trade secrets, stealing its equipment, and using its proprietary business information. Viewed together, the voluminous allegations of trade secrets theft, mail and wire fraud, and interstate transportation of stolen property form a plausible pattern of racketeering activity.
For all these reasons, I will deny Irex's motion to dismiss Brand's RICO claims.27
C. Computer Fraud and Abuse Act (CFAA) Claim
Brand's final federal claim is brought under the Computer Fraud and Abuse Act (CFAA). I find that Brand has stated a plausible claim for indirect access under the CFAA. Therefore, I will deny Irex's motion to dismiss the CFAA claim.
The CFAA was enacted by Congress in an attempt to create a cause of action against computer hackers. Dresser-Rand Co. v. Jones, 957 F.Supp.2d 610, 613 (E.D. Pa. 2013). The CFAA provision relevant to this case imposes civil liability on anyone who knowingly "accesses a protected computer without authorization, or exceeds authorized access" of a protected computer. 18 U.S.C. § 1030(a)(4). The CFAA does not define the term "access." Dresser-Rand, 957 F. Supp. 2d at 614. The CFAA defines the term "exceeds authorized access" as "to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter." 18 U.S.C. § 1030(e)(6).
Irex argues that Brand's CFAA claim must be dismissed because the individual defendants were authorized, as employees of Brand, to access Brand's computers. The law favors Irex on this point. However, Brand has alleged a plausible indirect-access claim under CFAA. Therefore, I will deny defendants' motion to dismiss the CFAA claim.
1. Authorized Access
Circuit courts are split on the issue of what constitutes "without authorization" under Section 1030(a)(4) of the CFAA.
Some circuits have adopted the view that an employee who has access to a work computer is authorized to access that computer regardless of his or her intent to subsequently misuse the information and any policies to regulate the use of information. WEC Carolina Energy Solutions LLC v. Miller, 687 F.3d 199 (4th Cir. 2012); United States v. Nosal, 676 F.3d 854 (9th Cir. 2012) (en banc); LVRC Holdings LLC v. Brekka, 581 F.3d 1127 (9th Cir. 2009); accord Dresser-Rand, 957 F. Supp. 2d at 616. Under this view, because the employee has authorization at the time of access, there is no CFAA claim against the employee. Id. Although the U.S. Court of Appeals for the Third Circuit has not yet addressed this question, district courts within the Third Circuit have endorsed this approach. See, e.g., Kappe Assocs., Inc. v. Chesapeake Environ. Equip., LLC, No. 15-2211, 2016 WL 1257665, at *8 (E.D. Pa. Mar. 31, 2016) (Leeson, J.); Dresser-Rand, 957 F. Supp. 2d at 616 (Brody, J.); Grant Mfg. & Alloying, Inc. v. McIlvain, No. 10-1029, 2011 WL 4467767, at *6-7 (E.D. Pa. Sept. 23, 2011) (Sánchez, J.), aff'd, 499 F. App'x 157 (3d Cir. 2012); Clinton Plumbing & Heating of Trenton, Inc. v. Ciacco, No. 09-2751, 2010 WL 4224473, at *5 (E.D. Pa. Oct. 22, 2010) (Rufe, J.); Integrated Waste Solutions, Inc. v. Goverdhanam, No. 10-2155, 2010 WL 4910176, at *8 (E.D. Pa. Nov. 30, 2010) (Buckwalter, J.); Bro-Tech Corp. v. Thermax, Inc., 651 F.Supp.2d 378, 407 (E.D. Pa. 2009) (Rufe, J.); Brett Senior & Assocs., P.C. v. Fitzgerald, No. 06-1412, 2007 WL 2043377, at *3 (E.D. Pa. July 13, 2007) (McLaughlin, J.).
The second competing view is broader in that it creates CFAA liability for any employee who exceeds his or her access by misusing information obtained on a work computer. United States v. John, 597 F.3d 263 (5th Cir. 2010); United States v. Rodriguez, 628 F.3d 1258 (11th Cir. 2010); Int'l Airport Ctrs., LLC v. Citrin, 440 F.3d 418 (7th Cir. 2006); EF Cultural Travel BV v. Explorica, Inc., 274 F.3d 577 (1st Cir. 2001). Unlike the first view, an employee may be liable under this view, even if it has authorization at the time of access, if the employee subsequently misuses the information accessed.
I see no reason to stray from my fellow district judges within the Third Circuit who have adopted the more narrow view. This view aptly recognizes that the other view would subject too wide a class of individuals—such as family members of employees— to CFAA liability. Dresser-Rand, 957 F. Supp. 2d at 618. This was not the intent of CFAA. Id. Furthermore, since CFAA was aimed at preventing access to computers (not use), the subjective intent of the accesser should not be taken into account if that person had authorization to access the computer. Id.28
Brand's amended complaint alleges that, while employees at Brand, the individual defendants used Brand computers to access Brand's proprietary business information. They allegedly used this information after they left Brand. This type of claim has been rejected by courts within this district. Because the defendants had authorization to access Brand's computers when they did, their subsequent misuse of this information is not actionable. Cf. Dresser-Rand, 957 F. Supp. 2d at 620 ("[Defendants] accessed their work laptops and downloaded thousands of documents to external storage devices. If [the defendants] were authorized to access their work laptops and to download files from them, they cannot be liable under the CFAA even if they subsequently misused those documents to compete against [plaintiff].").
2. Indirect Access
Brand presents an additional and alternative theory of liability: indirect access. Brand's allegations of indirect access are sufficient to state a claim under the CFAA.
Brand alleges that the defendants acted in concert to have Cathy Walls, who was an employee at Brand after the defendants left, access Brand's computers. Brand further alleges that the individual defendants then used the information Walls accessed to their benefit while at Irex and Vertical Access. Unlike claims of direct authorized access, a person may be liable if he directs, encourages, or induces someone else to access a computer that he himself is not authorized to access. E.g., Advanced Fluid Sys., Inc. v. Huber, 28 F.Supp.3d 306, 327 (M.D. Pa. 2014).29 This theory of liability is premised on the concept that "access" may be achieved through another person. This is especially true in our current era, and to hold otherwise would be to ignore the nature of technological communication.
Confronted with a similar indirect-access claim under CFAA, Judge Buckwalter reached the same result as I do. In doing so, he reasoned that although the defendants' access was "not personal. . . . the plain language of the statute requires only `access'—no modifying term suggesting the need for `personal access' is included." Synthes, Inc. v. Emerge Med., Inc., No. 11-1566, 2012 WL 4205476, at *17 (E.D. Pa. Sept. 19, 2012). I agree with this distinction.
I will deny defendants' motion to dismiss Brand's CFAA claim. However, Brand is limited to pursuing its CFAA claim under an indirect-access theory.
IV. CONCLUSION
Brand states plausible claims under the DTSA, RICO, and CFAA. Accordingly, I will deny defendants' motion to dismiss in its entirety.30