Designer Skin LLC v. S & L Vitamins, Inc., et al.
Theraputic Research Faculty v. NBTY Inc., et al.
488 F.Supp.2d 991, 2007 WL 214595 (E.D. Ca., January 25, 2007)
Copyright Infringement Claims Proceed For Unauthorized Access To Subscription Website
Court allows the operator of a subscription-based website to proceed with copyright infringement and other claims arising out of the allegedly unauthorized access by the defendants of copyrighted materials contained on plaintiff's site. These materials consist of pharmacist prepared monographs describing the results and/or effects of various drug treatments. The complaint alleged that defendants NBTY, Rexall Sundown and Le Naturiste improperly used passwords obtained from plaintiff to allow more users to access plaintiff's site than permitted by applicable license agreements, thereby depriving plaintiff of appropriate license fees. The court denied in its entirety defendants' motion to dismiss plaintiff's claims that such conduct constituted copyright infringement, violations of the Computer Fraud and Abuse Act ("CFAA"), the Electronic Communications Privacy Act and California Penal code section 502, as well as common law trespass and misappropriation of trade secrets.
The Court held that plaintiff had adequately plead a copyright infringement claim by alleging that the defendants had accessed the monographs on its website without its permission, and had cut and pasted portions thereof into emails that were transmitted to others.
The Court further held that plaintiff had alleged damages sufficient to support its CFAA claim by alleging that it lost revenue as a result of defendants' unauthorized use of its site in excess of their license rights.
Finally, the Court held that the passwords necessary to access plaintiff's site were trade secrets entitled to protection under the Uniform Trade Secrets Protection Act.
More Users Access Subscription Website Than Permitted By License
Plaintiff Theraputic Research Faculty provides analysis of drug therapies to member of the medical community. Plaintiff holds the copyright in the Natural Medicines Comprehensive Database, which it makes available both in a hard cover edition and online at its website. Access to this online database is limited to those who possess an authorized password. To obtain such a password, a user must enter into a license agreement with the plaintiff. Plaintiff offered two types of licenses - a single user license for under $100, and licenses for organizations with multiple users for many thousands of dollars. Licenses for single users only permitted use by a single individual for limited purposes.
According to the complaint, defendant NBTY obtained a single user license, and thereby obtained a password that permitted access to plaintiff's site. NBTY thereafter breached this license by sharing the password among many of its employees over a two and one half year period.
According to the complaint, defendants breached a subsequent license agreement between the parties by permitting more users and companies than authorized by that agreement, including employees of Le Naturiste, to access plaintiff's web site.
As a result, Theraputic Research Faculty commenced this suit, charging defendants with copyright infringement, violations of the Computer Fraud and Abuse Act ("CFAA"), the Electronic Communications Privacy Act and California Penal code section 502, as well as common law trespass and misappropriation of trade secrets. The complaint also advanced claims of breach of the operative license agreements between the parties.
Defendants moved to dismiss all of these claims save those asserting breach of the license agreements. Defendants' motion was denied in its entirety.
Unauthorized Access Charges Sufficient To State Copyright Infringement Claims
Defendants sought to dismiss the copyright infringement claims, arguing that "unauthorized access to the Publication 'is not the type of conduct subject to the protection by the copyright laws.'" The Court rejected this contention, and denied defendants' motion to dismiss plaintiff's copyright infringement claims. "A plaintiff must meet two requirements to establish a prima facie case of copyright infringement: (1) ownership of the allegedly infringed material and (2) violation by the alleged infringer of at least one of the exclusive rights granted to copyright holders." The Court held plaintiff met this burden by alleging that the access without authorization by various of the defendants employees to plaintiff's copyrighted database, and their act of "cutting and pasting" various portions of the monographs found therein into emails subsequently forwarded to third parties. Said the Court:
Loss Of License Fees Sufficient To Support Computer Fraud And Abuse Claim
The Court further held that the damage and loss plaintiff claimed to have sustained as a result of defendants' failure to pay license fees commensurate with their use of plaintiff's subscription based website, and their unauthorized disclosure of information found on the site, was sufficient to support a cause of action under the Computer Fraud and Abuse Act ("CFAA"). Said the Court:
Cal. Penal Code 502(c ) Claim Proceeds
The Court also held that plaintiff had adequately plead a claim under California Penal code section 502(c ). A defendant violates this statute when he "(2) knowingly accesses and without permission takes, copies or makes use of any data from a computer, computer system or computer network … (3) knowing and without permission uses or causes to be used computer services; (6) knowingly and without permission provides or assists in providing a means of accessing a computer, computer system or computer network; (7) knowing and without permission accesses or causes to be accessed any computer, computer system or computer network." Cal. Penal Code section 502(e)(1) grants the owner of such computer system or network a private right of action to seek redress for a violation of this statute. The court held that plaintiff had adequately plead a claim under this section by alleging that numerous employees of defendants accessed plaintiff's website without authorization.
Theft Of Password Constitutes Misappropriation Of Trade Secret
Finally, the court held that plaintiff had stated a valid misappropriation of trade secret claim by alleging that defendants misappropriated user names and passwords for their own benefit. Such user names and passwords can constitute trade secrets entitled to protection under applicable California statutes. Said the Court: