Computer Fraud And Abuse Act Claim Fails When Access Was Authorized by License Holder
Case: SecureInfo Corp. v. Telos Corp., Case No. 1:05-cv-00505-GBL-TCB (E.D. Va. 9/9/2005)
The One Sentence Summary: The District Court granted a motion to dismiss a claim under the Computer Fraud and Abuse Act against Plaintiff’s competitors, who were alleged to have hired a consultant to fraudulently obtain a license to use Plaintiff’s copyrighted software and then allow them, in violation of the license, to access and copy the software, user manuals, and outputs of the software, because the competitors had been authorized by the license holder to use the program and thus were not “unauthorized users” as defined by the statute.
What They Were Fighting About: SecureInfo licensed software used to help customers identify and comply with information security regulations. This software was copyrighted and contained confidential information, and its license was subject to stringent confidentiality requirements, as well as limits on authorized users. Two of SecureInfo’s competitors, Telos Corp and Xacta, allegedly hired a consulting firm to perform a competitive analysis of SecureInfo’s software. An employee of the consulting firm subsequently contacted SecureInfo and falsely claimed that he wished to license their software for a project his company had with the General Services Administration. When the license was granted, the employee installed the software on his server and allowed employees at Xacta and Telos to access the server in order to copy the software, user manuals and outputs of the software. SecureInfo filed suit against Telos and Xacta, alleging violation of the Computer Fraud and Abuse Act, copyright infringement, conspiracy, tortious interference with contract, violation of RICO, combination to injure plaintiff in its reputation, trade or business, violation of the Virginia Computer Crimes Act and Uniform Trade Secrets Act of Virginia, and common law trespass to chattels and detinue. SecureInfo also alleged that the consultant committed common law fraud.
District Court Holdings:
The One Sentence Summary: The District Court granted a motion to dismiss a claim under the Computer Fraud and Abuse Act against Plaintiff’s competitors, who were alleged to have hired a consultant to fraudulently obtain a license to use Plaintiff’s copyrighted software and then allow them, in violation of the license, to access and copy the software, user manuals, and outputs of the software, because the competitors had been authorized by the license holder to use the program and thus were not “unauthorized users” as defined by the statute.
What They Were Fighting About: SecureInfo licensed software used to help customers identify and comply with information security regulations. This software was copyrighted and contained confidential information, and its license was subject to stringent confidentiality requirements, as well as limits on authorized users. Two of SecureInfo’s competitors, Telos Corp and Xacta, allegedly hired a consulting firm to perform a competitive analysis of SecureInfo’s software. An employee of the consulting firm subsequently contacted SecureInfo and falsely claimed that he wished to license their software for a project his company had with the General Services Administration. When the license was granted, the employee installed the software on his server and allowed employees at Xacta and Telos to access the server in order to copy the software, user manuals and outputs of the software. SecureInfo filed suit against Telos and Xacta, alleging violation of the Computer Fraud and Abuse Act, copyright infringement, conspiracy, tortious interference with contract, violation of RICO, combination to injure plaintiff in its reputation, trade or business, violation of the Virginia Computer Crimes Act and Uniform Trade Secrets Act of Virginia, and common law trespass to chattels and detinue. SecureInfo also alleged that the consultant committed common law fraud.
District Court Holdings:
- The Computer Fraud and Abuse Act claim was dismissed. Telos and Xacta could not be held liable under the Computer Fraud and Abuse Act, because the consultant had authorized them to use his server, and thus they were not “unauthorized users” as defined by the Act. While the consultant had exceeded the scope of his license, Telos and Xacta were not parties to the license, and could not therefore be said to have accessed the server “without authorization or exceed[ing] authorized access.” The Court balked at the implications of the Plaintiff’s claim, stating, “In essence, the plaintiff is asking the Court to hold that every breach of a computer software license agreement allows the licensing party to recover damages against a non-party to the software license under the CFAA.”
- The copyright claims were not dismissed because the database of “facts” used by the software could be organized in such a way as to show the minimum amount of creativity necessary to deserve copyright protection, and the plaintiff had properly alleged that the database, its user manual, and any software outputs were copyrighted.
- The conspiracy and combination claims were dismissed because a principal and its agent cannot conspire or combine under Virginia law.
- The RICO claim was dismissed because there was no allegation of threat of future criminal activity. Because this was an isolated scheme to defraud, it was better handled under state law.
- The claims under the Virginia Computer Crimes Act and Uniform Trade Secrets Act of Virginia were dismissed because they were preempted by federal copyright law. The work at issue was “within the scope of the subject matter of copyright,” because the claim at issue dealt with the misappropriation of copyrighted material. In addition, “‘the rights granted under state law’” [were] “‘equivalent to any exclusive rights within the scope of federal copyright.”
- The tortious interference with contract claim was dismissed because the consulting company was alleged to have interfered with its own contract with SecureInfo, and under Virginia law, a company could not interfere with its own contracts.
- The common law trespass to chattels claim was dismissed because there was no contention that the property retained by the defendants had been damaged in any way. While the Plaintiffs alleged that their own proprietary information had lost value due to its disclosure, a trespass to chattels claim is only valid where the actual property in the defendants’ possession has lost value. The court found that the information retained by the Defendants had not lost value.
- The common law detinue claim, however, was upheld, since the Defendants had retained a number of tangible objects (e.g. instruction manuals and printouts of computer outputs) that the Plaintiff alleged were wrongfully withheld. The claim was not found to be pre-empted by copyright law, because the possession of tangible property constituted an element of the common law claim that was qualitatively different from a copyright claim.
- The fraud claim against the consultant was dismissed because the Plaintiff had not alleged any actual damages, but only the prospective harm the Defendants could cause to Plaintiff’s business with the fraudulently obtained information about their software.
0 Comments:
Post a Comment
<< Home