
    GUEST-TEK INTERACTIVE ENTERTAINMENT INC. and Guest-Tek Interactive Entertainment Ltd., Plaintiffs, v. Thomas PULLEN and Purehd Ltd., Defendants.
    Civil Action No. 09-11164-NMG.
    United States District Court, D. Massachusetts.
    Oct. 19, 2009.
    
      David M. Cogliano, Gary M. Feldman, Christopher J. Marino, Davis Malm & D’Agostine P.C., Boston, MA, for Plaintiffs.
    Anne B. Ladov, Shepherd Law Group, Stephen T. Paterniti, Erik J. Winton, Jackson Lewis LLP, Boston, MA, for Defendants.
   MEMORANDUM & ORDER

GORTON, District Judge.

This is an action for injunctive relief and monetary damages for the alleged violation of the Lanham Act and misappropriation and misuse of confidential business information and trade secrets. The defendants have moved to dismiss three counts of the complaint.

I. Factual Background

The plaintiffs in this case, Guesb-Tek Interactive Entertainment Inc. and GuestTek Interactive Entertainment Ltd. (collectively, “Guesb-Tek”) have brought suit against their former employee Thomas Pullen (“Pullen”) and his new company, PureHD Inc. (“PureHD”). According to the plaintiffs’ Verified Complaint (“the Complaint”), Pullen was employed by Guesb-Tek for over two years as its Vice President of North American Sales. By virtue of his position, Pullen was involved in all aspects of Guesb-Tek’s sales and marketing efforts and had access to its confidential and proprietary information and trade secrets. Guest-Tek alleges that prior to Pullen’s resignation on May 3, 2009, for a period of approximately eight months, Pullen surreptitiously transposed thousands of Guest-Tek computer files onto his personal USB device and conspired with one of Guest-Tek’s largest competitors to launch PureHD, a company which now competes with Guesb-Tek.

According to the Complaint, Pullen, as the President and founder of PureHD, has made a series of false and misleading statements designed to deceive the hospitality industry. PureHD purportedly asserts that it is the only company which can provide certain services despite the fact that Guesb-Tek contends that it offers those same services as well.

Guest-Tek’s complaint alleges six counts against Pullen: 1) Violation of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (Count II), 2) Breach of the duty of loyalty (Count IV), 3) Misrepresentation (Count V), 4) Breach of the implied covenant of good faith and fair dealing (Count VI), 5) Unjust enrichment (Count XIII) and 6) Violation of the Massachusetts Consumer Protection Act, M.G.L. c. 93A, § 11 (“Chapter 93A”) (Count X). The Complaint also alleges two counts against PureHD: Violation of the Lanham Act (Count I) and Violation of Chapter 93A (Count IX). Finally, the Complaint alleges two counts against both defendants: Misappropriation of Trade Secrets in violation of M.G.L. c. 93, § 42 and 42A (Count III) and Conversion (Count VII). The defendants have moved to dismiss Counts II, IX and X of the Complaint.

II. Legal Analysis

A. Standard of Review

To survive a motion to dismiss, a complaint must contain sufficient factual matter, accepted as true, to “state a claim to relief that is plausible on its face.” Bell Atlantic Corp. v. Twombly, 550 U.S. 544, 570, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007). In considering the merits of a motion to dismiss, the Court may look only to the facts alleged in the pleadings, documents attached as exhibits or incorporated by reference in the complaint and matters of which judicial notice can be taken. Nollet v. Justices of the Trial Court of Mass., 83 F.Supp.2d 204, 208 (D.Mass.2000) aff'd, 248 F.3d 1127 (1st Cir.2000). Furthermore, the Court must accept all factual allegations in the complaint as true and draw all reasonable inferences in the plaintiffs favor. Langadinos v. American Airlines, Inc., 199 F.3d 68, 69 (1st Cir.2000). If the facts in the complaint are sufficient to state a cause of action, a motion to dismiss the complaint must be denied. See Nollet, 83 F.Supp.2d at 208.

Although a court must accept as true all of the factual allegations contained in a complaint, that doctrine is not, however, applicable to legal conclusions. Ashcroft v. Iqbal, — U.S. —, 129 S.Ct. 1937, 1949, 173 L.Ed.2d 868 (2009). Threadbare recitals of the legal elements, supported by mere conclusory statements, do not suffice to state a cause of action. Id. Accordingly, a complaint does not state a claim for relief where the well-pled facts fail to warrant an inference of any more than the mere possibility of misconduct. Id. at 1950.

B. Application

1. Computer Fraud and Abuse Act (Count II)

An individual is liable under the Computer Fraud and Abuse Act (“the CFAA”) if he

knowingly and with the intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value.

18 U.S.C. § 1030(a)(4). Accordingly, a prerequisite to a claim under the CFAA is proof that the accused party either accessed a protected computer “without authorization” or “exceeded” his “authorized access.” The defendants challenge whether the allegations in Guest-Tek’s complaint establish either of those elements.

The phrase “without authorization” is not defined in the CFAA. To “exceed authorized access” is defined as “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.” 18 U.S.C. § 1030(e)(6). The defendants contend that accessing a computer “without authorization” occurs only when initial authorization is not permitted and “exceeding] authorized access” occurs only when general access is permitted but access of certain information is restricted.

The defendants argue that the factual allegations in the Complaint contradict any conclusion that Pullen’s access was “without authorization” or that he “exceeded] authorized access.” As the Vice President of North American Sales, Pullen had full and unrestricted access to all of the information at issue in the case, including Guest-Tek’s customer account information, pricing, terms, customer preferences, internal financial information, marketing plans and strategies, business plans, pending proposals, contract documents and technical capabilities.

In response, Guest-Tek asserts that Pullen’s alleged breach of his fiduciary duty of loyalty to Guest-Tek (by copying files and secretly planning a competitive venture while still employed) effectively extinguished his authorization to access Guest-Tek computers. See International Airport Centers v. Citrin, 440 F.8d 418, 419-21 (7th Cir.2006) (Posner, J.) (holding that an employee acted “without authorization” when he accessed a computer with the intent to destroy company information because his breach of his duty of loyalty terminated his authority to access the laptop). Relying on Citrin, Guest-Tek contends that, because Pullen’s initial authorization to access Guest-Tek’s confidential information was premised on the agency relationship between the parties, breaching his duty of loyalty ended that relationship and constructively terminated his authorization to access Guest-Tek’s files.

The parties’ dispute reflects two lines of cases interpreting the meaning of “authorization.” The first position, advocated by the defendants, espouses a narrow interpretation of the CFAA, holding that the phrase “without authorization” only reaches conduct by outsiders who do not have permission to access the plaintiffs’ computer in the first place. See, e.g., Shamrock Foods v. Gast, 535 F.Supp.2d 962, 967 (D.Ariz.2008); Lockheed Martin Corp v. Speed, et al., No. 6:05-cv-1580, 2006 WL 2683058 at *5, 2006 U.S. Dist. LEXIS 53108 at *14 (M.D.Fla.2006). In contrast, other courts have opted for a more expansive view, finding that an employee accesses a computer “without authorization” whenever the employee, without the employer’s knowledge, acquires an interest that is adverse to that of his employer or is guilty of a serious breach of loyalty. See, e.g., Citrin, 440 F.3d at 419; Shurgard Storage Centers, Inc. v. Safeguard Self Storage, Inc. 119 F.Supp.2d 1121, 1125 (W.D.Wash.2000).

The defendants contend that the plain language of the CFAA and its legislative history support the more narrow view that the CFAA applies only to those lacking initial authorization and not those who subsequently misuse or misappropriate information. Although the First Circuit Court of Appeals has not directly addressed the meaning of “without authorization” or “exceeded authorization,” it has favored a broader reading of the CFAA than that which the defendants now urge. See EF Cultural Travel BV v. Explorica, Inc., 274 F.3d 577, 582-84 (1st Cir.2001). In EF Cultural, the court upheld a CFAA claim against employees who had collected pricing information from their former employer’s website in order to develop a competing entity with lower prices, finding that the former employees’ reliance on EF’s pricing information “reek[ed] of use — and indeed, abuse — of proprietary information that goes beyond any authorized use of EF’s website.” Id. at 583. The court’s analysis of the employees’ “authorized use” and “abuse” of EF’s proprietary information rather than their initial authorization to access the website undercuts the defendants’ plain language argument.

Moreover, as the plaintiffs urge, a narrow reading of the CFAA ignores the consistent amendments that Congress has enacted to broaden its application. Although the majority of CFAA cases still involve “classic hacking activities,” the CFAA’s reach has been expanded in the past two decades by the enactment of a private cause of action and a more liberal judicial interpretation of the statutory provisions. As the Third Circuit has noted,

Employers ... are increasingly taking advantage of the CFAA’s civil remedies to sue former employees and their new companies who seek a competitive edge through wrongful use of information from the former employer’s computer system.

P.C. Yonkers, Inc. v. Celebrations the Party and Seasonal Superstore, LLC, 428 F.3d 504, 510 (3rd Cir.2005). Although some courts still insist on a more narrow interpretation of the CFAA, see LVRC Holdings LLC v. Brekka, 581 F.3d 1127 (9th Cir.2009), the First Circuit has advocated a broader reading of the statute. See EF Cultural Travel, 274 F.3d at 583.

Accordingly, the Court concludes that Guest-Tek has alleged sufficient facts to state a claim that Pullen’s use and abuse of Guest-Tek’s proprietary information was “without authorization” or in excess of his “authorized access.” Defendants’ motion to dismiss will, therefore, be denied.

2. Violation of Chapter 93A

a. Pullen (Count X)

Chapter 93A provides a private cause of action to

any person who engages in the conduct of any trade or commerce and who suffers any loss of money or property ... as a result of the use or employment by another person who engages in any trade or commerce of an unfair method of competition or an unfair or deceptive act or practice.

M.G.L. c. 93A, § 11. The defendants maintain that conduct arising from an employment relationship cannot form the basis for a claim under Chapter 93A because 1) the relationship between employee and employer is purely private in nature and does not occur in “trade or commerce,” see Manning v. Zuckerman, 388 Mass. 8, 13-14, 444 N.E.2d 1262 (1983), and 2) suits between employers and employees fall under the so-called “intra-enterprise” exception to Chapter 93A in that they are “more similar to private disputes and are not commercial transactions ... in the sense required by 93A.” Linkage Corp. v. Trustees of Boston University, 425 Mass. 1, 23, 679 N.E.2d 191 (1997).

There is ample evidence to support the defendants’ assertion. See Manning, 388 Mass, at 11-12, 444 N.E.2d 1262 (finding that a dispute between a former employee and employer did not state a claim under Chapter 93A because it arose out of the parties’ employment relationship and not from an arms length commercial transaction). However, the plaintiffs attempt to distinguish their case on several grounds. First, they argue that although most disputes between employees and employers are not sufficiently connected to the public interest to warrant coverage by Chapter 93A, Pullen’s theft of trade secrets directly impacts the open market because it impedes competition and defies commercial ethics. Their argument is unpersuasive. Although an employee’s theft of trade secrets from his former employer may well violate principles of commercial ethics, such a transgression does not alone invoke the protections of Chapter 93A.

Next, the plaintiffs contend that not all disputes involving employers and employees fall outside the scope of Chapter 93A. In support of that proposition, they cite Peggy Lawton Kitchens Inc. v. Hogan, 18 Mass.App.Ct. 937, 466 N.E.2d 138, 141 (1984), but that case is inapposite because its application has been limited to claims between employers and employees concerning conduct that occurred “post-employment” or “independent of the former employment relationship.” See The Descartes System Group, Inc. v. Celarix, Inc., No. 00-05042, 2001 WL 721493, at *2 (Mass.Super. June 20, 2001) (where evidence showed employee improperly acquired trade secrets after employment had ended). Because Pullen’s alleged misappropriation of information occurred while he was still employed by Guest-Tek, it was not independent of his employment relationship and is not, therefore, covered by Chapter 93A.

Finally, the plaintiffs argue that their claim does not fall under the “intra-enterprise exception” to Chapter 93A because it arose not from a private employment contract or non-compete agreement but from Pullen’s breach of his common law and statutory duties. The cases cited by the plaintiffs are unavailing, however, because in those cases, the former employees’ misconduct occurred post-employment, not during the course of the employment relationship. Moreover, although the dispute between Pullen and Guest-Tek did not originate from the breach of a private employment contract or non-compete agreement, the primary relationship between the parties was one of employee and employer. Accordingly, the plaintiffs’ Chapter 93A claim against the individual defendant will be dismissed.

b. PureHD (Count IX)

The defendants also contend that Guest-Tek has failed to allege sufficient facts to support its claim that PureHD, Pullen’s new employer, violated Chapter 93A. They assert that because Guest-Tek’s claim against PureHD stems from Pullen’s former employment relationship with Guest-Tek, it must fail for the same reasons that Guest-Tek’s Chapter 93 claim against Pullen is defective. In short, the defendants rely on the “intra-enterprise” exception again.

This time the argument falls short. Although the plaintiffs’ claim against Pullen is precluded by the intra-enterprise exception, that exception does not apply to PureHD which never had an employment relationship with Guest-Tek. See Peggy Lawton, 466 N.E.2d at 141 (holding that the intra-enterprise exception applies only to employees, not their new employers); Hanover Insurance Co. v. Sutton, 46 Mass.App.Ct. 153, 705 N.E.2d 279, 294 (1999) (rejecting the suggestion that if an employee is not liable to his former employer under Chapter 93A, his new employer is also immune from liability). Because PureHD and Guest-Tek are distinct business entities, any dispute between them falls squarely within the realm of “trade or commerce” envisioned by Chapter 93A. Defendants’ motion to dismiss Count IX will be denied.

ORDER

In accordance with the foregoing, defendants’ motion to dismiss (Docket No. 13) is:

1) with respect to Count X, ALLOWED, but

2) with respect to Counts II and IX, DENIED.

So ordered.  