D.C. Court Dismisses Case Alleging Interference With Business Expectancy For Failure To Name Names

A recent decision from the United States District Court for the District of Columbia highlights the importance of pleading specific facts in support of unfair business practices claims to survive a Motion to Dismiss. In Command Consulting Group, LLC v. Neuraliq, Inc., 2009 U.S. Dist. Lexis 48082 (D.D.C. June 9, 2009), click here, the defendant counterclaimed for, among other things, interference with prospective business advantage and breach of fiduciary duty arising out of a government contracts consulting agreement.

Apparently, the plaintiff entered into a consulting agreement with the defendant pursuant to which he agreed to assist the defendant in developing business in the federal government defense community. When the plaintiff sued for unpaid fees, the defendant counterclaimed, alleging that the plaintiff used confidential information obtained from the defendant to interfere with the defendant's business. The plaintiff then moved to dismiss two of the claims.

The court first addressed the pleading requirements for the claim of interference with a prospective business advantage under D.C. law. That claim requires: "(1) the existence of a valid business relationship or expectancy, (2) knowledge of the relationship or expectancy on the part of the interferer, (3) intentional interference inducing or causing a breach or termination of the relationship or expectancy, and (4) resultant damages. Valid business expectancies that are "commercially reasonable" include "lost future contracts and lost opportunities to obtain customers. In addition, the plaintiff must make a strong showing of intent to "disrupt a business relationship or expectancy to establish a claim for interference." Intent can be shown if the conduct is egregious, such as libel, slander, physical coercion and fraud.

Here, the court found that the allegations were both unspecific and conclusory, thus failing to meet the standard required to allow the claim to proceed. Perhaps most notable is the requirement under D.C. law that the claimant must plead the particulars of the valid business expectancy, including the names of the third parties with which the claimant had the relationship or expectancy. Simply alleging categories of relationships that may have been affected is inadequate.

The court found similar flaws in the allegations supporting the claim for breach of fiduciary duty. Preliminarily, the court noted that, even though the relationship between the consultant and his client arose out of a written contract, "where circumstances show that the parties extended their relationship beyond the limits of the contractual obligations to a relationship founded upon trust and confidence" a fiduciary duty may exist. Here, the client alleged that the duty arose because "in its capacity as a consultant to the defendant, the plaintiff was privy to sensitive, confidential and proprietary information, including financial information."

Despite alleging that the plaintiff used that information "as part of a scheme to disrupt the operation and ownership of [the defendant], with the objective ... [of placing] financial pressure on [the defendant] that would force [the defendant] to enter business deals favorable" to individuals aligned with the plaintiff "and/or [to] gain control of [the defendant] for the benefit of [the plaintiff] and its co-conspirators" the court found those allegations deficient. It noted the defendant had failed to allege: (1) specific information regarding the confidential information wrongfully used, (2) that the defendant entered into any specific deals as a result of the pressure exerted by the plaintiff, and (3) that the defendant suffered any injury as a result of that pressure. Additionally, the defendant failed to allege that the efforts of the plaintiff to gain control of the defendant resulted in any injury. Accordingly, the court granted the Motion to Dismiss.

This case points out the importance of carefully crafted, factual-laden pleadings. Two recent Supreme Court decisions, Bell Atlantic Corp. v. Twombly, 550 U.S. 544 (2007) and Ashcroft v. Iqbal, 129 S.Ct. 1937 (2009), significantly tightened the pleading requirements in civil cases. Under the new standards, federal complaints must allege sufficient facts, that when accepted as true for purposes of a motion to dismiss, "state a claim to relief that is plausible on its face." Id. at 1949. "A claim has facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged." Id. In short, mere recitals of the elements of a cause of action, accompanied by conclusory statements, fail the test.

Competitor Raids Company's Computer Data: Passwords Are Not Trade Secrets

Your company operates a website that provides data to paid subscribers that access your website through individual passwords. Your database is so successful that one of your former clients, which is also in a similar business, offers to buy it. But you decline. Around the same time you fire your marketing director. But you think your company is protected from being injured by that employee because he is subject to a non-compete and non-disclosure agreement.

Readers of this blog, by now, know where this story is going.

You then discover that your former client--now competitor--hired your former marketing director to compete against your company, despite his non-compete agreement. Then one of your long-time clients informs you that it is switching to your competitor's services.

Suspicious, you begin to investigate and discover that for the last four years, your database had been accessed 735 times from an IP address traced to your competitor's home city. And your competitor seems to have accessed your database by using the passwords assigned to your long-time client that switched to your competitor.

What do you do?

In State Analysis, Inc. d/b/a Statescape v. American Financial Services, Assoc., et al., found here, the plaintiff, Statescape, brought suit in the U.S. District Court for the Eastern District of Virginia, asserting claims arising out of facts like those described above. Statecape filed suit against: 1) its former client -- who set-up a competing business (the "Competitor"); 2) its former client that allegedly provided its password to the competitor ("Former Client"); and 3) its former employee.

The defendants moved to dismiss many of StateScape's claims. Several of the court's findings are noteworthy because they involve unfair business practices claims.

Computer Fraud and Abuse Act ("CFAA")

"18 U.S.C. Sec. 1030 (a) (2) prohibits 'intentially access[ing] a computer without authorization or exceed[ing] authorized access, and thereby obtain[ing] . . . information from any protected computer . . ."

"Exceeds authorized access" is explicitly defined as 'to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.'"

Having recited the provisions, the court discussed the split between courts, some of which have limited the applicability of the CFAA to "computer hackers" who access computers without authorization. Those courts "reject[] attempts to apply the CFAA to cases where the defendants are not alleged to have 'broken into' the system but to have abused the privileges of a license." "Other courts have held that the CFAA does apply to authorized users who use programs in an unauthorized way, including employees who obtain and use proprietary information in violation of a duty of loyalty, and licensees who breach an agreement restricting their use of the software." (Internal citations omitted).

The court then found that the plaintiff stated a claim against its competitor for accessing "StateScape's website using usernames and passwords that did not belong to it. StateScape has pled that under the terms of their contract, only clients were authorized to use StateScape's subscription services, and that [the Competitor] was not so authorized. [The Competitor] therefore acted 'without authorization.'"

But the court found that StateScape did not state a claim against its Former Client because the Former Company "never went beyond the areas that StateScape authorized [it] to access." And the court did not have to resolve the case split because StateScape only reserved the right to terminate the Former Client's contract instead of having the contract automatically terminate if the Former Client breached the contract. Thus, the Former Client was never without authorization.

We have recently written about the applicability of the Computer Fraud and Abuse Act to departing employees who access their employer's computer data after they intend to join a competitor, which can be found here.

Electronic Communications Privacy Act ("ECPA")

The ECPA forbids "intentionally access[] without authorization a facility through which an electronic communication service is provided, or intentionally exceed[] an authorization to access that facility; and thereby obtain[], alter[], or prevent[] authorized access to a wire or electronic communication while it is in electronic storage."

The court found that "StateScape has stated a claim against [the Competitor] by alleging that [the Competitor], without any authorization from StateScape, accessed the password-protected areas of StateScape's site."

StateScape's claim against its Former Client, however, was dismissed under one of the ECPA's exceptions because the Former Client was "contractually entitled to see all of the information it is alleged to have accessed."

Virginia Computer Crimes Act

The court's opinion is also noteworthy because it held that StateScape's Virginia Computer Crimes Act claim was preempted by the federal Copyright Act. The claim was preempted since "software is within the subject matter of copyright" and, based on the alleged facts, the claims were not "'qualitatively' different from the Copyright Act claims."

Trespass

StateScape's claim for trespass to chattels is "based on the allegation that [the Former Client] accessed password-protected areas of StateScape's website without authorization. A trespass to chattels occurs 'when one party intentionally uses or intermeddles with personal property in rightful possession of another without authorization' and 'if the chattel is impaired as to its condition, quality, or value.'" (Internal citations omitted.)

The Former Client argued that no "impairment" was alleged. But the court found the impairment criterion was satisfied: "given that StateScape charges fees for its passwords, the value of StateScape's possessory interest in its computer network is diminished if unauthorized users access its password-protected areas."

Misappropriation of Trade Secrets

StateScape alleged that the Former Client's "sharing of its passwords for StateScape's database with [the Competitor]" violated the Virginia Uniform Trade Secrets Act ("VUTSA"). The defendants attacked the VUTSA claim, arguing that "passwords lack 'independent economic value,' but are instead a security mechanism designed to control access to information, and therefore are not trade secrets."

The court first reviewed the definition of a "trade secret" under the VUTSA: "'Trade secret' means information, including but not limited to, a formula, pattern, compilation, program, device, method, technique or process, that: 1. Derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use, and 2. Is the subject of efforts that are reasonable under the circumstances to maintain its secrecy."

"Although the passwords at issue clearly have economic value given that they are integral to accessing StateScape’s database, they have no independent economic value in the way a formula or a customer list might have. Where a plaintiff has not alleged that its passwords are the product of any special formula or algorithm that it developed, the passwords are not trade secrets."

Blog Conclusion

This case is another spin on the types of unfair business practices that can arise in today's electronic world. Many companies make their money by providing password-protected data on their websites. Protecting that data through security features and, if needed, litigation is critical. But, on a positive note, this case again demonstrates that unfair business practices can often be unmasked by tracing electronic footprints.

The "Employee Paradox" Webinar Materials Are Now Available Online

On May 21, 2009, the Williams Mullen Unfair Business Practices Team conducted its first webinar in its four-part Summer series. The webinar was entitled The Employee Paradox: The Best Employees Can Cause the Greatest Damage to Your Company.

The webinar addressed the fiduciary obligations of corporate officers, directors and employees, restrictive covenants such as noncompetition and non-soliciation clauses in employment contracts, and protecting against corporate raiding. The webinar also supplied a checklist for hiring new employees.

To hear the webinar: click here. To download the powerpoint presentation: click here. The webinar speakers were three members of Williams Mullen's Unfair Business Practices Team: David Burton, Sean Gibbons and Mike Lord.

The Team's next webiner is entitled "Beware the Government Contract: How to Protect Your Company's Assets from the Government and Other Contractors." To register for this June 17 webinar, click here.

Starwood Hotels & Resorts Worldwide, Inc. Sues Hilton Hotels Corporation

For an excellent example of the high-stakes nature of unfair business practices cases, Starwood Hotels & Resorts Worldwide, Inc. ("Starwood") sued Hilton Hotels Corporation ("Hilton") and several former Starwood employees on April 16, 2009. The allegations, if proven, are remarkable.

Starwood claims that Hilton recruited the President and Senior Vice President of Starwood's Luxury Brands Group to join Hilton. The executives were allegedly involved in developing Starwood's luxury hotel brands: the St. Regis, W Hotels and The Luxury Collection. The allegations are a worst-case-scenario for a company because the executives were alleged to have both misused Starwood's confidential information and recruited a group of senior-level Starwood employees to work for Hilton.

Specifically, Starwood alleges that its former executive requested "large volumes of confidential information from Starwood employees, which he took home, had loaded on a personal laptop computer and/or forwarded to a personal e-mail account, and which he then took to and used at and for Hilton." The Complaint outlines specific Starwood files that were taken to Hilton, including: Starwood's Forward-Looking Strategic Development Plans, Starwood's Property Improvement Plan, and confidential computer files containing the names and addresses of Luxury Brands Group owners, developers and designers compiled by Starwood. In total, Starwood alleges that its former executives took over 100,000 of its files to Hilton.

The complaint also alleges that after Starwood asked Hilton to preserve information relating to one of the employees who switched companies Hilton delivered to Starwood 'eight large boxes of computer hard drives, zip drives, thumb drives and paper records containing massive quantities of highly confidential and proprietary Starwood files . . . , including over 100,000 files downloaded from Starwood’s computers systems and files.

To read the entire complaint (without exhibits), click here.

Hilton’s response to the Complaint is also remarkable because Hilton takes corrective action almost immediately. A week after Starwood filed the case, Hilton agreed to a "Preliminary Injunction and Order Entered on Consent of All Defendants." The Order recites Hilton’s steps to attempt to cure any damages suffered by Hilton. First, on April 21, "Hilton placed [the executives] and their entire luxury and lifestyle team . . . on paid administrative leave of absence, and suspended all further development of the [competing] brand." Second, Hilton agreed to be enjoined from "knowingly using directly or indirectly in any way the Starwood Information, including without information contained therein or derived therefrom." Third, "all other persons who are in active concert or participation with them who receive actual notice of this order by personal service or otherwise, are hereby preliminary enjoined and shall cease all further development of the [competing] brand . . . ." The Order contains additional agreed upon actions, and it can be found by clicking here.

In addition, the parties agreed to stay the litigation pending further order of the court. It is a good bet that Starwood and Hilton are working to settle this dispute.

Summer Webinar Series: Protecting Corporate Assets from Unfair Business Practices

Williams Mullen is hosting a four-part webinar series entitled: Protecting Corporate Assets from Unfair Business Practices.

Here is a listing of the programs for each month. Click on the title for more information and to register for the individual events.

May
The Employee Paradox
Your Best Employees Can Cause the Greatest Damage to Your Company

June
Beware the Government Contract
How to Protect Your Company's Assets from the Government and other Contractors

July
Intellectual Property: Building Your Castle Moat
How to Protect Your Company's Knowledge

August
Defending Your Castle
Litigating Disputes to Protect Your Company's Assets

The first webinar is scheduled for May 21, 2009 from 12:00 to 1:15 p.m. (U.S.A. Eastern Daylight Time). There is no fee for participating in the webinars.

For a complete listing and registration information, click here.

Employees Who Take Proprietary Data May Violate the Federal Computer Fraud and Abuse Act

We recently published an article discussing the federal Computer Fraud and Abuse Act in the Potomac Techwire. It focused on the developing law surrounding whether a departing employee who takes proprietary electronic data has violated the Act by accessing his employer's computer to remove the data once he has begun plans to resign and join another company. There is a split among courts regarding whether that employee was "authorized" to access the computer or "exceeded his authorized access" when he did so. For those courts which have found that the access was unlawful, this Act becomes a big stick because it creates federal jurisdiction in cases that, most often, may only be brought in state courts. To review the entire article, see the link: http://www.williamsmullen.com/employees-who-take-proprietary-data-may-violate-the-federal-computer-fraud-and-abuse-act-03-11-2009/

LLC Members Do Not Owe Fiduciary Duties to Each Other, Virginia Supreme Court Rules

Last Spring, we profiled two Circuit Court decisions in Virginia that addressed whether members of Virginia Limited Liability Companies owed fiduciary duties to each other. See March 30, 2008 post, click here. The cases had held that: (1) members and managers of LLCs did not owe fiduciary duties to members, but only to the entity itself; and (2) a member could not sue a manager directly for breach of fiduciary duty, but could only maintain the suit in a derivative capacity. The cases were significant because the Virginia Supreme Court had not addressed the issues.

This week the Supreme Court issued an opinion in one of those cases, Remora Investments, LLC v. Orr. Click here. The opinion affirmed the decision of the Fairfax Circuit Court sustaining the defendant’s demurrer and dismissing the case.

The Supreme Court initially focused on the statutory basis for duties owed by members of an LLC. It noted that neither the Limited Liability Company Act nor the Virginia Stock Corporation Act imposed fiduciary duties “between members of an LLC, between members and managers of an LLC, between stockholders of a corporation, or between individual shareholders and officers and directors.” General partnership law in Virginia, on the other hand, specifically provides that partners owe the duties of loyalty and care both to the partnership and to other partners. Moreover, the court reaffirmed that, in the corporate context, the fiduciary duty owed by officers and directors is owed to shareholders as a class and not individually.

The court also examined the Operating Agreement for the LLC and found that it did not establish any fiduciary duties between the members or between the members and a manager. It specifically held, however, that such duties may be included in Operating Agreements if the members so desire and, thus, arise by contract.

For these reasons the court concluded that as a member of the LLC, Orr lacked standing to pursue a direct claim against the LLC’s manager.

Now that the Supreme Court has spoken on the issue, those forming LLCs would be wise to discuss whether such duties between the members or the members and manager of the LLC should be addressed in the Operating Agreement.