WILLIAM T. MOORE, JR., District Judge.
Before the Court are Defendants' Motion to Dismiss or Transfer Venue (Doc. 14) and Plaintiff's Motion for Temporary Restraining Order (Doc. 12). For the following reasons, Defendants' motion is
This case involves classic allegations by an employer that former high-ranking employees misappropriated confidential information, solicited customers, and poached employees in connection with their move to a direct competitor.
Sometime beginning around the summer of 2011, Plaintiff identified AIRCO Industrial Services, Inc. ("AIRCO I") as a potential acquisition. (Id. ¶ 15.) As a result, Defendant Onofry was involved in both researching AIRCO I and negotiating the terms of any acquisition. (Id. ¶ 16.) By the fall of 2011, however, Plaintiff ceased its pursuit of AIRCO I, having been unable to successfully negotiate agreeable terms for an acquisition. (Id. ¶ 17.)
Subsequently, AIRCO I was purchased by the private equity firm Azalea Capital, which employed Plaintiff's founder and former President, Keith Ravan. The company was then divided into two separate entities, Defendants AIRCO Power Services, Inc. ("AIRCO Power") and AIRCO Industrial Services, Inc. ("AIRCO Industrial"), both of which are owned by the same holding company. (Id. ¶ 25.) According to Plaintiff, however, Defendants Onofry and Burrows decided to leave Plaintiff's employ and join AIRCO I sometime prior to Azalea Capital acquiring AIRCO I. (Id. ¶ 26.) Moreover, Plaintiff contends that Defendants Onofry and Burrows, despite having earlier decided to leave for AIRCO I, waited until November 21, 2012 to announce their resignations. (Id. ¶ 28.)
Plaintiff alleges that, between the time Defendants Onofry and Burrows decided to leave its employ and actually announced their intentions, they surreptitiously accessed and acquired Plaintiff's confidential information and trade secrets for use during their employment with AIRCO I. For example, Plaintiff contends that Defendant Onofry emailed Defendant Burrows a copy of Plaintiff's Steam/Gas Turbine Service Five Year Strategy Plan so that AIRCO I would have a competitive advantage over Plaintiff. (Id. ¶¶ 31-33.) Also, Plaintiff claims that Defendant Burrows sent, from his work account to his personal account, an email containing key information regarding one of its customers. (Id. ¶¶ 34-36.)
Plaintiff also contends that, after leaving its employ, Defendant Burrows logged into a database of turbine industry information and upcoming business opportunities using Plaintiff's login credentials. (Id. ¶ 49.) Plaintiff pays a subscription for access to this database, which can be used to identify potential customers. (Id. ¶ 50.) Finally, Plaintiff alleges that since Defendant Burrows's departure, he has continuously solicited its customers, directly resulting in the loss of one client and millions of dollars in lost revenue. (Id. ¶¶ 53-55.)
Plaintiff maintains that it takes reasonable measures to protect the confidentiality of its information. (Id. ¶¶ 56-61.) For example, Plaintiff's high level employees, who have access to particularly sensitive information, are required to enter into nondisclosure agreements. (Id. ¶ 58.) Those documents most dear to Plaintiff are marked "confidential." (Id. ¶ 59.) In addition, Plaintiff's email system automatically appends a confidentiality notice to all outgoing emails, stating that the email may contain confidential information not intended for public disclosure. (Id. ¶ 60.) Finally, Plaintiff employs a variety of other security measures, including passwords, security time-outs, training, and segregation of confidential information. (Id. ¶ 61.)
On March 8, 2013, Plaintiff filed its complaint in this Court. (Doc. 1.) In the complaint, Plaintiff brings claims against all Defendants for violations of the Computer Fraud and Abuse Act ("CFAA"), 18 U.S.C. § 1030, tortious interference with business relations, misappropriation of trade secrets, and conspiracy. (Id.) Also, Plaintiff alleges that Defendants Onofry and Burrows breached the duty of loyalty owed by employees to their employers, and that Defendants AIRCO Power, AIRCO Industrial, and Onofry aided and abetted the breach of loyalty. (Id.) Later, Plaintiff filed a Motion for Temporary Restraining Order (Doc. 12), seeking to prevent Defendants from using any misappropriated trade secrets and prohibiting them from contacting any of Plaintiff's customers or employees.
On March 29, 2013, Defendants filed a Motion to Dismiss or Transfer Venue. (Doc. 14.) In this motion, Defendants argue that Plaintiff failed to allege a cause of action under the CFAA. (Id. at 4-14.) In this regard, Defendants contend that Burrow's and Onofry's actions are not violations of the CFAA because they were authorized to access that information. They reason that the CFAA only creates a cause of action for wrongfully accessing the information, not the wrongful use of that information. (Id. at 4-12.) In addition, Defendants maintain that Plaintiff has failed to adequately plead the appropriate damage or loss required under the CFAA. (Id. at 12-14.) Defendants argue that once the Court dismisses Plaintiff's CFAA claim, which is the only federal question in
In its response, Plaintiff argues that it has properly pled a claim under the CFAA because Defendants Burrow's and Onofry's actions fall within the scope of the conduct prohibited by that act, and they have properly pled the act's loss element. (Doc. 23 at 3-8.) Also, Plaintiff contends that venue is proper in the Southern District of Georgia and Defendants have failed to meet their burden of establishing the propriety of transfer to the District of South Carolina. (Id. at 9-14.)
Federal Rule of Civil Procedure 8(a)(2) requires a complaint to contain "a short and plain statement of the claim showing that the pleader is entitled to relief." "[T]he pleading standard Rule 8 announces does not require `detailed factual allegations,' but it demands more than an unadorned, the-defendant-unlawfully-harmed-me accusation." Ashcroft v. Iqbal, 556 U.S. 662, 678, 129 S.Ct. 1937, 173 L.Ed.2d 868 (2009) (quoting Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007)).
"To survive a motion to dismiss, a complaint must contain sufficient factual matter, accepted as true, to `state a claim to relief that is plausible on its face.'" Id. (quoting Twombly, 550 U.S. at 570, 127 S.Ct. 1955). For a claim to have facial plausibility, the plaintiff must plead factual content that "`allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.'" Sinaltrainal v. Coca-Cola Co., 578 F.3d 1252, 1261 (11th Cir.2009) (quoting Iqbal, 556 U.S. at 678, 129 S.Ct. 1937). Plausibility does not require probability, "but it asks for more than a sheer possibility that a defendant has acted unlawfully." Iqbal, 556 U.S. at 678, 129 S.Ct. 1937. "Where a complaint pleads facts that are `merely consistent with' a defendant's liability, it `stops short of the line between possibility and plausibility of entitlement to relief.'" Id. (quoting Twombly, 550 U.S. at 557, 127 S.Ct. 1955.) Additionally, a complaint is sufficient only if it gives "`fair notice of what the ... claim is and the grounds upon which it rests.'" Sinaltrainal, 578 F.3d at 1268 (quoting Twombly, 550 U.S. at 555, 127 S.Ct. 1955).
When the Court considers a motion to dismiss, it accepts the well-pleaded facts in the complaint as true. Sinaltrainal, 578 F.3d 1252 at 1260. However, this Court is "not bound to accept as true a legal conclusion couched as a factual allegation." Iqbal,
The CFAA is primarily a criminal statute that provides victimized parties with a civil remedy. Indeed, 18 U.S.C. § 1030(g) provides that "[a]ny person who suffers damage or loss by reason of a violation of this section may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief." Important to this case, the CFAA holds civilly liable an individual that "intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss." 18 U.S.C. § 1030(a)(5)(C). To establish civil liability, a plaintiff must show that the defendant accessed a protected computer without authorization or exceeded his authorized access, causing "loss to 1 or more persons during any 1-year period ... aggregating at least $5,000 in value." Id. § 1030(c)(4)(A)(i)(I).
In this Court's opinion, these provisions of the CFAA were drafted to combat, what was at the time, the new and increasing phenomenon of computer hacking. According to the committee report, a major impetus behind the legislation was to "impose criminal sanctions upon `hackers' and other criminals who access computers without authorization." H.R. Rep. 98-894, at 21 (1984), reprinted in 1984 U.S.C.C.A.N. 3689, 3707. While there has been some disagreement, most federal district courts have adopted a narrow definition of unauthorized access or access exceeding authorization. See, e.g., Trademotion, LLC v. Marketcliq, Inc., 857 F.Supp.2d 1285, 1291 (M.D.Fla.2012); Clarity Servs., Inc. v. Barney, 698 F.Supp.2d 1309, 1315 (M.D.Fla.2010); Shamrock Foods Co. v. Gast, 535 F.Supp.2d 962, 968 (D.Ariz.2008); Lockheed Martin Corp. v. Speed, 2006 WL 2683058, at *4-5 (M.D.Fla. Aug. 1, 2006). Generally, these courts work under the premise that the CFAA focuses on an individual's unauthorized access of information rather than how a defendant used the accessed data. More specifically, the proper inquiry is whether an employer had, at the time, both authorized the employee to access a computer and authorized that employee to access specific information on that computer.
In this respect, the actions of the employer are more dispositive that those of the employee. That is, "[i]t is the employer's decision to allow or to terminate an employee's authorization to access a computer that determines whether the employee is with or `without authorization.'"
Courts that disagree with this interpretation use an agency theory to conclude that an employee's access automatically terminates or is exceeded when his actions are no longer taken in the interest of his employer. See, e.g., Lockheed Martin, 2006 WL 2683058, at *5-*7 (M.D.Fla. Aug. 1, 2006) (discussing courts' application of agency theory to the CFAA). This methodology, however, is severely flawed in that it creates a nebulous area where the same action can fall on either side of the CFAA based on the highly subjective intentions of the employee. For example, routinely checking personal email at work may violate the CFAA if an employer has a policy prohibiting any computer access for non-business related reasons. Further, accessing files prior to deciding to depart for a competitor may retroactively be deemed as exceeding authority should the employee make use of that information to the benefit of his new employer. Such outcomes place employees in the precarious position of almost any access possibly being construed as exceeding authorized access, potentially resulting in civil liability under the CFAA.
Furthermore, the plain language of the CFAA supports an employer-based inquiry. The language of the CFAA simply prohibits accessing information either without authorization or in excess of authorized access. 18 U.S.C. § 1030. It does not confer upon employers the ability to sue their employees in federal court for violations of company policy regarding computer usage. Quite simply, without authorization means exactly that: the employee was not granted access by his employer. Similarly, exceeds authorized access simply means that, while an employee's initial access was permitted, the employee accessed information for which the employer had not provided permission. Resort to linguistic gymnastics and theories of agency are completely unnecessary to interpret these axioms provided by the plain language of the CFAA. In this Court's opinion, the language of the CFAA does not speak to employees who properly accessed information, but subsequently used it to the detriment of their employers: either one has been granted access or has not. Employers cannot use the CFAA to grant access to information and then sue an employee who uses that information in a manner undesired by the employer.
In this case, Plaintiff contends that Defendants Onofry and Burrows accessed sensitive information prior to announcing their intention to leave Plaintiff's employ for a competitor, taking trade secrets and other confidential information with them. (Doc. 1 ¶¶ 30-48.) In addition, Plaintiff alleges that Defendant Burrows used its credentials to access a industry database of upcoming business opportunities. (Id. ¶¶ 49-52.) However, Plaintiff also admits that Defendants Onofry and Burrows were "key members of PEM's management team and had knowledge of and access to PEM's financial information, pricing information, bidding strategies, profit margins, customer contacts and preferences, processes, methods, and corporate and marketing strategies." (Id. ¶ 13.) What is missing from the complaint, and thus fatal, is any allegation that Defendants Onofry
The same reasoning applies to Defendant Burrows's use of Plaintiff's credentials to access the industry database: Defendant Burrows's access was authorized even though his use of Plaintiff's credentials may have been improper. While his use of the credentials may possibly give rise to a cause of action, it is not one under the CFAA. Similarly, Plaintiff's allegation that Defendant Burrows, after his access had been revoked, improperly accessed files by having an administrative assistant print a confidential contract for him fails to allege a claim under the CFAA. Indeed, that allegation does not even include any access at all by Defendant Burrows, just that he managed to convince another with access to provide him with the information. Clearly, the CFAA requires that the individual actually access the information, not merely receive it from a third party.
In their response to Defendants' Motion to Dismiss, Plaintiff relies heavily on United States v. Rodriguez, 628 F.3d 1258 (11th Cir.2010) to argue that liability attaches under the CFAA when an employee "abuses his access ... for illegal and/or nonbusiness reasons." (Doc. 23 at 4-5.) However, the defendant in Rodriguez was criminally charged with accessing the sensitive personal information of individuals he was not assisting as part of his employment as a Social Security Administration ("SSA") TeleService representative. 628 F.3d at 1260-61. The SSA had a well advertised policy that employees are only permitted to access personal information when assisting individuals with their social security inquiries. Id. at 1260. The Eleventh Circuit Court of Appeals concluded that the defendant violated § 1030(a)(2)(B) of the CFAA because he was only permitted to access the information of specific individuals for business reasons. Rodriguez, 628 F.3d at 1263.
Rodriguez, however, presents an entirely different set of facts than those present in this case. There, the defendant was being prosecuted criminally for exceeding his authorized access with respect to a government computer. Also, SSA policy stated that the defendant may only access personal information in the course of assisting individuals with questions concerning their social security. Here, Plaintiffs are attempting to leverage alleged violations of nondisclosure agreements, and possibly company policy, by Defendants Onofry and Burrows into civil liability under the CFAA. Also, Defendants Onofry's and Burrows's access was not restricted in any meaningful way: they were granted full access to these materials. In Rodriguez, the defendant was authorized to access personal information only under specific and narrow circumstances, and only to perform particular tasks. For these reasons, this Court concludes that Rodriguez bears little application to this case. While Defendants' conduct may leave Plaintiff with a cause of action and an entitlement to relief, it is not one provided for by the CFAA.
Plaintiff appears to recognize the weight of persuasive authority against its position, insisting that "[s]ince Rodriguez, district courts in the Eleventh Circuit have
As discussed above, this Court concludes that the CFAA only provides for civil liability where an employee's access with either unauthorized by his employer or in excess of his authorized access. As a result, Plaintiff's concession that Defendants Onofry and Burrows enjoyed full access to all of its confidential information and trade secrets is fatal to their CFAA claims. Accordingly, Defendants' Motion to Dismiss is
In light of the Court dismissing the only federal issue present in this case, the Court will now examine whether it should exercise supplemental jurisdiction, pursuant to 28 U.S.C. § 1367, over Plaintiff's state law claims. Under § 1367(c), the Court "may decline to exercise supplemental jurisdiction over a claim ... if [] the district court has dismissed all claims over which it has original jurisdiction." 28 U.S.C. § 1367(c)(3). Factors the Court should consider in determining whether to exercise its discretion and decline supplemental jurisdiction include judicial economy, convenience, fairness, and comity. Palmer v. Hosp. Auth. of Randolph Cnty., 22 F.3d 1559, 1569 (11th Cir.1994).
After careful consideration, the Court finds no reason to exercise its supplemental jurisdiction over Plaintiff's remaining state law claims. In the Court's opinion, having these state law issues heard in state court economizes judicial resources and is more convenient to the parties. In addition, notions of fairness and comity would suggest that a case now composed of claims based entirely on state law should be tried in a state court. Therefore, the Court will exercise its discretion
Plaintiff has filed a Motion for Temporary Restraining Order. (Doc. 12.) As an initial matter, Plaintiff does not really seek a temporary restraining order ("TRO"), but rather a preliminary injunction. First, Plaintiff's only initial reference to any injunctive relief was buried on the twenty-third page of its complaint. (Doc. 1 at 23.) As a result, the Court did not initially entertain a request for a TRO because there was no motion before it seeking that type of relief. Had there been, the Court would have quickly denied such a motion because Plaintiff completely failed to meet the prerequisites for such relief outlined in Federal Rule of Civil Procedure 65.
For a preliminary injunction to issue, the moving party must show "(1) a substantial likelihood of success on the merits; (2) that irreparable injury will be suffered if the relief is not granted; (3) that the threatened injury outweighs the harm the relief would inflict on the non-movant; and (4) that entry of the relief would serve the public interest." Schiavo ex rel. Schindler v. Schiavo, 403 F.3d 1223, 1225-26 (11th Cir.2005). A preliminary injunction is an extraordinary and drastic remedy that should not be granted unless the movant clearly carries the burden of persuasion as to the four prerequisites. United States v. Jefferson Cnty., 720 F.2d 1511, 1519 (11th Cir.1983). "The burden of persuasion in all of the four requirements is at all times upon the plaintiff." Id.
In this case, Plaintiff is unable to establish a substantial likelihood of success on the merits. As discussed above, the Court has dismissed the sole federal claim in this case and declined to exercise its supplemental jurisdiction over the remaining state law claims. As a result, Plaintiff's entire complaint has been dismissed. Even though Plaintiff may file an amended complaint, it is very unlikely that Plaintiff would enjoy any relief from this Court. Quite simply, the apparent factual scenario laid out by Plaintiff appears insufficient to support a claim under the CFAA. Based on this shortcoming, Plaintiff's motion is
For the foregoing reasons, Defendants' Motion to Dismiss is