United States District Court, D. Colorado
ORDER
MICHAEL E. HEGARTY UNITED STATES MAGISTRATE JUDGE
This
action arises out of the departure of the individual
Defendants from employment with Plaintiff to form the entity
Defendant. Plaintiff's allegations against Defendants
involve computer fraud, misappropriation of trade secrets,
and other state law violations. See Am. Compl., ECF
16. In response, Defendants have filed a motion to dismiss
pursuant to Fed.R.Civ.P. 12(b)(1) and 12(b)(6) arguing the
Plaintiff fails to state plausible federal claims and the
Court lacks supplemental jurisdiction to hear the state law
claims or, in the alternative, Plaintiff fails to state
plausible state law claims. For the reasons that follow, the
Court will grant in part and deny in part the Defendants'
motion.
STATEMENT
OF FACTS
The
following are relevant factual allegations (as opposed to
legal conclusions, bare assertions, or merely conclusory
allegations) made by Plaintiff in its First Amended
Complaint, which are taken as true for analysis under
Fed.R.Civ.P. 12(b)(6) pursuant to Ashcroft v. Iqbal,
556 U.S. 662, 678 (2009).
Plaintiff
MSC Safety Solutions, LLC, f/k/a MSC Inc., d/b/a MSC Safety
Solutions (“MSC”) is a Colorado company that
competes in the safety consulting industry. MSC provides loss
control and risk management services to large and small
commercial construction contractors, government agencies, and
general industry manufacturing facilities. Among other
things, MSC's services include providing safety policy
development, training for management personnel and field
level employees, safety and loss control inspections,
accident investigations and OSHA compliance assistance and
representation. The safety consulting industry is a small
niche industry that is highly competitive.
Because
of the highly competitive nature of the safety consulting
industry, MSC closely protects and preserves its confidential
information and trade secrets, including customer and vendor
lists, product and services pricing, and training materials.
This valuable information is developed and maintained by MSC
at significant expense. To protect and preserve its
confidential information and trade secrets, MSC uses, among
other things, firewalls, antivirus software, password
protection, and physical safeguards. MSC does not share its
customer and vendor information, pricing information, product
information, or training materials (collectively, the
“Proprietary Information”) with the public. MSC
provides the customer and vendor information only to its
current employees and only for the purpose of carrying out
their MSC job responsibilities.
MSC
currently has six employees. With the exception of the
Director of Operations and Troy Clark, the owner and
President of MSC, all of MSC's employees are employed in
positions called Consultants or Consultants & Safety
Specialists. The Consultants and Consultants & Safety
Specialists are the “face” of the Company, and
such positions are positions of authority, trust, and
responsibility with MSC. Defendants Dax Biederman and Bryan
McClure joined MSC in 2016 and were employed as Senior Safety
Consultants. Defendant Scott Seppers joined MSC in April 2017
and was employed as a Safety Consultant. MSC hired these
individual Defendants to provide MSC customers and clients
with safety training, assist clients with any safety related
matters, and conduct inspections of client work sites. As
employees of MSC, the individual Defendants were given access
to MSC's Proprietary Information for the purpose of
carrying out their job responsibilities. In addition, the
individual Defendants were provided with company email
addresses in MSC's email system to conduct MSC's
business on MSC's computers. The individual Defendants
each terminated his employment with MSC on November 1, 2018.
On
September 29, 2018, while still employed with MSC, the
individual Defendants filed Articles of Incorporation for
“Trivent Safety Consulting Corp.” with the
Colorado Secretary of State and established a Facebook page
and Twitter account for the new entity. Subsequently, on
October 23, 2018, the Defendants filed a Statement of
Conversion with the Colorado Secretary of State, converting
“Trivent Safety Consulting Corp.” from a
corporation to a limited liability company, and filed
Articles of Organization for Defendant Trivent Safety
Consulting, LLC (“Trivent”) and registered
Trivent as a limited liability company. Trivent is a direct
competitor of MSC and provides safety consulting services in
the State of Colorado.
While
the individual Defendants were MSC employees, they used
MSC's IT resources to wrongfully solicit testimonials
from MSC's clients and customers. These solicited
testimonials are now used in the marketing of Trivent's
products and services in direct competition with MSC. In
addition, the Defendants used MSC's financial resources
and MSC's company credit card to purchase products and
services for the operation of Trivent. These purchases were
made in furtherance of competing with MSC. Additionally, the
Defendants made disparaging remarks about MSC and attempted
to convince MSC clients and current and prospective customers
to transfer their business to Trivent. Defendants'
attempts to divert MSC's clients and current and
prospective customers to Trivent are shown on Trivent's
LinkedIN, Facebook, and Twitter pages where, on November 5,
2018, four days after their termination date, Defendants
posted the following “byline” for Trivent:
“The same faces you've come to know over the years
in a new setting.”
Prior
to their termination date, and without authorization from
MSC, Defendants removed from MSC and/or copied on MSC copiers
Proprietary Information and other confidential information
for the benefit of Trivent. Biederman and McClure, without
authorization from MSC, deleted thousands of Company emails
from MSC's email servers. After his termination, on or
about November 1, 2018, McClure accessed MSC's online
website management system without authorization and deleted
information and data from MSC's website. MSC engaged its
outside information technology provider, Aspire Technology
Solutions, Inc. (“Aspire”), in an attempt to
restore MSC's email accounts, website account, and server
to their conditions prior to Defendants' conduct. Aspire
was unable to accomplish this. MSC engaged a computer
forensics firm to assess the alleged manipulation of and
damage to the email accounts, website account, and server, as
well as to further investigate the extent of Defendants'
conduct; at significant expense to MSC, the firm was able to
recover some of the deleted emails from the Defendants'
company-owned computers.
Prior
to their termination date, the individual Defendants ordered
over five hundred “ITI Rigging Cards, ” valued at
approximately $2, 000.00, using MSC's company credit
card. ITI Rigging Cards are training cards for trainees in
MSC classes. The cards were delivered to MSC's office in
Frederick, Colorado. After the Defendants were terminated,
MSC conducted an inventory audit to determine whether the
individual Defendants took any safety equipment and/or other
materials, and MSC discovered that the Rigging Cards, along
with numerous other safety equipment items, were missing.
At no
time did the individual Defendants disclose to MSC that they
were conducting Trivent business while employed by MSC.
LEGAL
STANDARDS
The
purpose of a motion to dismiss under Fed.R.Civ.P. 12(b)(6) is
to test the sufficiency of the plaintiff's complaint.
Sutton v. Utah State Sch. For the Deaf & Blind,
173 F.3d 1226, 1236 (10th Cir. 2008). “To survive a
motion to dismiss, a complaint must contain sufficient
factual matter, accepted as true, to ‘state a claim to
relief that is plausible on its face.'”
Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (quoting
Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570
(2007)). Plausibility, in the context of a motion to dismiss,
means that the plaintiff pled facts which allow “the
court to draw the reasonable inference that the defendant is
liable for the misconduct alleged.” Id.
Twombly requires a two-prong analysis. First, a court
must identify “the allegations in the complaint that
are not entitled to the assumption of truth, ” that is,
those allegations which are legal conclusions, bare
assertions, or merely conclusory. Id. at 679.
Second, the Court must consider the factual allegations
“to determine if they plausibly suggest an entitlement
to relief.” Id. at 681. If the allegations
state a plausible claim for relief, such claim survives the
motion to dismiss. Id. at 680.
Plausibility
refers “to the scope of the allegations in a complaint:
if they are so general that they encompass a wide swath of
conduct, much of it innocent, then the plaintiffs have not
nudged their claims across the line from conceivable to
plausible.” S.E.C. v. Shields, 744 F.3d 633,
640 (10th Cir. 2014) (quoting Khalik v. United Air
Lines, 671 F.3d 1188, 1191 (10th Cir. 2012)). “The
nature and specificity of the allegations required to state a
plausible claim will vary based on context.” Safe
Streets All. v. Hickenlooper, 859 F.3d 865, 878 (10th
Cir. 2017) (quoting Kan. Penn Gaming, LLC v.
Collins, 656 F.3d 1210, 1215 (10th Cir. 2011)). Thus,
while the Rule 12(b)(6) standard does not require that a
plaintiff establish a prima facie case in a complaint, the
elements of each alleged cause of action may help to
determine whether the plaintiff has set forth a plausible
claim. Khalik, 671 F.3d at 1191.
However,
“[t]hreadbare recitals of the elements of a cause of
action, supported by mere conclusory statements, do not
suffice.” Iqbal, 556 U.S. at 678. The
complaint must provide “more than labels and
conclusions” or merely “a formulaic recitation of
the elements of a cause of action, ” so that
“courts ‘are not bound to accept as true a legal
conclusion couched as a factual allegation.'”
Twombly, 550 U.S. at 555 (quoting Papasan v.
Allain, 478 U.S. 265, 286 (1986)). “Determining
whether a complaint states a plausible claim for relief will
. . . be a context-specific task that requires the reviewing
court to draw on its judicial experience and common
sense.” Iqbal, 556 U.S. at 679. “[W]here
the well-pleaded facts do not permit the court to infer more
than the mere possibility of misconduct, ” the
complaint has made an allegation, “but it has not shown
that the pleader is entitled to relief.” Id.
(quotation marks and citation omitted).
ANALYSIS
Defendants
first argue that Plaintiff fails to state plausible claims
under federal law; accordingly, the Court will begin by
analyzing Plaintiff's claims for violations of the
Computer Fraud and Abuse Act, 18 U.S.C. § 1030, et
seq. (“CFAA”) and the Defend Trade Secrets
Act, 18 U.S.C. § 1836, et seq.
(“DTSA”). If Plaintiff does not state plausible
federal claims, the Court will determine whether it should
exercise supplemental jurisdiction over Plaintiff's state
law claims. If it does exercise jurisdiction and/or if
Plaintiff states plausible federal claims, the Court will
evaluate whether Plaintiff states plausible state law claims.
I.
First Claim for Violations of the CFAA
Plaintiff
alleges against all Defendants violations of the CFAA
pursuant to 18 U.S.C. §§ 1030(a)(4), 1030(a)(5)(A),
1030(a)(5)(B), 1030(a)(5)(C), and 1030(g). Section (g)
provides a private right of action (under certain
circumstances) in this otherwise “criminal”
statute:
Any person who suffers damage or loss by reason of a
violation of this section may maintain a civil action against
the violator to obtain compensatory damages and injunctive
relief or other equitable relief. A civil action for a
violation of this section may be brought only if the conduct
involves 1 of the factors set forth in subclauses (I), (II),
(III), (IV), or (V) of subsection (c)(4)(A)(I).
Id.; see also Cloudpath Networks, Inc. v.
SecureW2 B.V., 157 F.Supp.3d 961, 972 (D. Colo. 2016).
Here, Plaintiff alleges Defendants' conduct falls under
subclause (I), “loss to 1 or more persons during any
1-year period ... aggregating at least $5, 000 in
value.” 18 U.S.C. § 1030(c)(4)(A)(i)(I); see
also Am. Compl. ¶ 59. As such, “[d]amages for
a violation involving only conduct described in subsection
(c)(4)(A)(i)(I) are limited to economic damages.” 18
U.S.C. § 1030(g).
Section
1030(a) describes the conduct prohibited by the statute;
here, the relevant subsections provide:
(4) knowingly and with intent to defraud, accesses a
protected computer without authorization, or exceeds
authorized access, and by means of such conduct furthers the
intended fraud and obtains anything of value, unless the
object of the fraud and the thing obtained consists only of
the use of the computer and the value of such use is not more
than $5, 000 in any 1-year period;
(5)(A) knowingly causes the transmission of a program,
information, code, or command, and as a result of such
conduct, intentionally causes damage without authorization,
to a protected computer;
(B) intentionally accesses a protected computer without
authorization, and as a result of such conduct, recklessly
causes damage; or
(C) intentionally accesses a protected computer without
authorization, and as a result of such conduct, causes damage
and loss.
18 U.S.C.A. § 1030. Plaintiff alleges Defendants
violated these provisions as follows:
Individual Defendants and Trivent, acting through Individual
Defendants, intentionally and knowingly accessed MSC's
email accounts, website account, and server without
authorization from MSC and/or exceeded any such authorized
access, with the intent to defraud MSC by recklessly deleting
information and data from the MSC website and email accounts
and server. In addition, Biederman and McClure, on behalf of
Defendants, intentionally and knowingly deleted thousands of
MSC emails without authorization from MSC and/or exceeded any
such authorized access, with the intent to defraud MSC by
recklessly depriving MSC of vital communications and data
which were stored on the email server.
Am. Compl. ¶¶ 60-61. Defendants argue the
allegations fail to support that they acted “without
authorization, ” since it is undisputed that the
individual Defendants were authorized to access
Plaintiff's computers before their termination date,
November 1, 2018, and all of the alleged conduct occurred
before that date. In addition, ...