Opinion
Civil Action No. 1:17-cv-3140-SDG
03-26-2020
ORDER
This matter is before the Court on the following motions: Plaintiff's Motion for Partial Summary Judgment [ECF 149]; Defendant's Motion for Summary Judgment [ECF 170]; and, Defendant's motion to exclude declaration statements by Plaintiff's President, Jason Kronz [ECF 230].
For the reasons stated below, the Court DENIES Defendant's motion to exclude; GRANTS in part and DENIES in part Defendant's Motion for Summary Judgment; and, DENIES Plaintiff's Motion for Partial Summary Judgment.
I. PROCEDURAL HISTORY
This dispute arose when Defendant downloaded Plaintiff's customer information from Plaintiff's website in September 2014. The customer information taken was provided via a search tool on Plaintiff's public website; however, Plaintiff argues that the manner through which Defendant retrieved the information went beyond the intended use of the website tool. Accordingly, Plaintiff initiated this action on August 18, 2017.
ECF 1.
The operative pleading, Plaintiff's Second Amended Complaint, was filed on June 29, 2018. It alleges that Defendant violated the Georgia Trade Secrets Act ("GTSA"), O.C.G.A. § 10-1-760 et seq. and the Georgia Computer Systems Protection Act ("GCSPA"), O.C.G.A. § 16-9-90 et seq. Plaintiff also alleges that Defendant committed tortious interference with a former employee's confidentiality agreement through actions unrelated to the customer information obtained from Plaintiff's website.
ECF 81.
Id. at 2. Plaintiff's Second Amended Complaint [ECF 81] also asserts a claim for attorneys' fees under O.C.G.A. § 13-6-11 and punitive damages under O.C.G.A. § 51-12-5.1. Id. This Court previously dismissed any punitive damages claim based on the GCSPA. ECF 129, at 13-14.
Following discovery, Plaintiff filed a Motion for Partial Summary Judgment [ECF 149]. Plaintiff's motion requests that the Court find Defendant accessed Plaintiff's computer systems "without authority," an essential element for Plaintiff's GCSPA claim. Defendant also filed a Motion for Summary Judgment [ECF 170]. Defendant's motion asks the Court to grant summary judgment to Defendant on all of Plaintiff's claims.
ECF 149, at 1.
ECF 170, at 1-3.
II. TRADE SECRETS AND COMPUTER TRESPASS CLAIMS
a. Factual Background
The following facts are relevant to Plaintiff's GTSA and GCSPA claims. Unless otherwise noted, the following facts are not disputed by the parties or are supported by undisputed evidence in the record. Defendant and Plaintiff are competitors in the fire and life safety compliance inspection software industry. Formed in 1999, Plaintiff provides software applications to its customers for tracking various aspects of building management, including tracking and storing of building-related reports. Plaintiff specializes in inspection software. In 2011, Defendant started developing a competing inspection software called "eVance." Defendant launched eVance in 2014. The inspection software provided by both companies automates required inspections of fire protection systems and allows users to generate electronic inspection reports.
ECF 175, ¶ 1.
Id. ¶ 4.
ECF 208-10, ¶ 1.
ECF 175, ¶ 3.
Id. at ¶ 64.
Id.; ECF 81, ¶ 33.
ECF 175, ¶¶ 62-63.
In September 2014, Defendant downloaded customer information provided on Plaintiff's pubic website. Plaintiff maintains two websites, a private website (the "Customer Portal") and a public website (the "Marketing Website"). The two websites serve different purposes. The Customer Portal is restricted to Plaintiff's customers and employees. It requires a password to access and general members of the public do not have the ability to create a login. Customers must agree to terms and conditions before being granted access. The Marketing Website is public and accessible to anyone with an internet connection. It does not require a username or password for access. It does not require a user to affirmatively agree to terms and conditions before use. The Customer Portal and Marketing Website are stored in different locations and hosted by entirely separate servers. Information that is accessible through the Customer Portal is not on the same server as the Marketing Website.
ECF 149-2, ¶ 29.
Plaintiff refers to the Customer Portal as its "main website." ECF 175, ¶ 78, n.1.
Id. ¶ 78.
Id. ¶ 78.
Id. ¶ 84.
Id. ¶¶ 79, 95.
Id. ¶ 92.
Id. ¶ 81.
Id. ¶ 105.
Id. ¶ 107.
Id. ¶¶ 82-83, 97.
Id. ¶ 90.
The Marketing Website provides users with information about Plaintiff's products and services. It also hosts a "web-form" search tool called the Member Locator Finder ("MLF"). Plaintiff refers to its customers as "members." The MLF launched on September 8, 2014. A picture of the MLF webpage as it existed on September 25, 2014 is included in Plaintiff's Statement of Material Facts. The top of the webpage states the following:
Id. ¶ 98.
Id. ¶ 111 n.2 ("A web-form is a field on a web page into which a user can enter information and ask the website to perform various functions, including querying the website for information.").
Id. ¶ 100.
Id. ¶ 112.
ECF 208-10, ¶ 78.
ECF 149-2, ¶ 6.
Find Service CompaniesThe site also has language telling users to "Please select your location from the form." The search tool allows the user to enter a zip code or city and run a search for all of Plaintiff's customers within the user's choice of a 5, 25, 50, or 100-mile radius of that zip code or city.
With the largest network of qualified service companies, BuildingReports gives you access to top service companies. Regardless of location, size or complexity of your facility. BuildingReports can connect you to the service company best suited to meet your inspection and compliance reporting needs.
Id.
Id.
Id. ¶ 113.
When someone runs a search on the MLF, the request causes a JavaScript program to access an Application Programmer's Interface ("API"). The API sends the request from the Marketing Website to the Customer Portal. The Customer Portal retrieves the information through its database hosted on its separate server. The API then delivers the data back to the Marketing Website's server and the user who made the request.
ECF 149-2 ¶ 13. API is a software intermediary that allows applications to communicate with one another. Id.
Id. ¶ 14. See also ECF 175-3 (Dispain Dep. Tr. at 209:15-21).
ECF 149-2, ¶ 15. See also ECF 175-3 (Dispain Dep. Tr. at 209:4-5, 18-21, 210:6-7).
ECF 149-2, ¶ 16. ECF 175-3 (Dispain Dep. Tr. at 209:25-210:3).
The data provided to the MLF user is a subset of the data contained in Plaintiff's database. It includes the customer name, address, website, and Plaintiff's employee who serves as the customer's contact. These details are provided for any customer that appears within the designated mile-radius of the specific zip code and/or city entered. The MLF does not obtain any other information from the Customer Portal or its server.
ECF 208-13 (Kronz Dep. Tr. Feb. 22, 2019 at 378:9-24).
ECF 175, ¶ 120.
Id. ¶ 119.
Id. ¶ 122.
In 2014, Plaintiff did not use a rate-limiter, CAPTCHA, or other tool to prevent the automatic searching of the MLF. A rate-limiter bans an IP address after that address makes a certain number of requests within a specific period of time. Plaintiff uses a rate-limiter to limit MLF searches today. CAPTCHA stands for "completely automated public [Turing] test to tell computer and humans apart." CAPTCHA can be used in various ways, including requiring a webpage user to confirm, "I'm not a robot." Plaintiff made a business decision not to implement CAPTCHA because it did not want to burden potential customers or members from using the MLF.
ECF 149-2, ¶¶ 8, 9.
An IP address is a unique numerical identifier that is assigned to each device connected to the internet. ECF 175, ¶ 162, n.7.
ECF 175-18 (Kronz Dep. Tr. Feb. 22, 2019 at 362:4-6).
Id. at 362:1.
ECF 175, ¶ 137 (quoting Luis von Ahn, Manuel Blum, and John Langford, Telling Humans and Computers Apart (Automatically) at 2, Carnegie Mellon University (2010)).
Id. ¶¶ 139-40.
Id. ¶ 136; ECF 175-3 (Dispain Dep. Tr. at 264:7-16).
In September 2014, Jeffrey Netland, Defendant's former employee, saw the MLF tool on Plaintiff's website and was interested in the data provided. Netland is one of several employees who oversaw Defendant's eVance initiative. In mid-September 2014, Netland sent the MLF webpage link to Graham Pederson. At the time, Pederson was a senior level software engineer for Defendant. Pederson helped design eVance. Netland asked Pederson if there was a way to extract the information provided by the MLF tool from the website. Netland testified, "[W]e were thinking about otherwise having maybe some clerical people collect this information. But I asked [Pederson] if there would be maybe say a simpler way of collecting this information that was made publicly available on this site."
ECF 157-3 (Netland Dep. Tr. at 118:24-25).
ECF 213, ¶ 20.
ECF 149-2, ¶ 22.
Id. ¶ 18.
ECF 175, ¶ 30.
ECF 157-3 (Netland Dep. Tr. at 119:3-5).
Id. at 119:5-10.
In response to Netland's request, Pederson developed a software program to automatically run searches through the Marketing Website. Pederson ran his program on September 15 and 16, 2014. The program ran as ten simultaneous threads to save time, each thread executing separate zip code queries. The program ran more than 200,000 searches. Pederson's searches identified 32% of Plaintiff's customers. While Pederson was running the program, he sent his wife a series of text messages. The messages included the following statements: "1830/10000 almost done ha. . . . I might have to leave my laptop here tonight"; "I'm waiting for this stupid thing to finish, it's 25% done now"; "gotta steal all the datas"; "I wonder if building reports will notice we're sending them a bunch of requests hehe."
ECF 175, ¶ 159. Plaintiff claims that Pederson bypassed the Marketing Website and accessed the customer information through the Customer Portal. ECF 149-2, ¶ 24. This is not supported by the evidence cited by Plaintiff or otherwise provided. During Pederson's deposition, he explained that the program he created sent the requests directly to the API, allowing him to bypass rendering the form and the JavaScript. ECF 149-5 (Pederson Dep. Tr. at 81:17-22). However, the requests still went through the Marketing Website and through the API created for the MLF tool. Id. at 73:13-16.
ECF 149-2, ¶ 29.
Id. ¶ 27. Neither party defines "threads" in their pleadings. However, in Pederson's deposition, he described "threads" as applications running within a broader application, "it's sort of like ten little brains inside a big brain doing whatever action you need them to do." ECF 149-5 (Pederson Dep. Tr. 90:21-91:17).
ECF 149-2, ¶ 31.
ECF 175, ¶ 187.
ECF 208-10, ¶ 120.
Id.
On September 15, 2014, Plaintiff received an alert from Linode, the company hosting Plaintiff's Marketing Website, that the server had exceeded the notification threshold for CPU Usage. The alert prompted an investigation and, within hours, Plaintiff had blocked further search requests. However, while attempting to block Pederson's program, Plaintiff inadvertently blocked all IP addresses from using its Marketing Website for five to fifteen minutes.
Id. ¶ 45.
ECF 175, ¶ 171. CPU refers to a computer system's processing power. Id. ¶ 172, n.8.
ECF 149-2, ¶ 33.
ECF 175-4 (Kronz Dep. Tr. Jan. 17, 2019 at 76:10-12, 185:10).
Pederson's program caused Plaintiff's Marketing Website to operate at a slower speed than normal. However, Plaintiff did not receive any complaints about the functionality of its Marketing Website while Pederson's program was running. The script run by Pederson's program resulted in the addition of log entries on the Marketing Website's files. The parties dispute whether Pederson received any indications that his searches were causing an adverse effect on Plaintiff's network or that Plaintiff was trying to stop them.
ECF 175, ¶ 198. The parties dispute how long the Marketing Website was operating at a slower speed. Defendant claims it was "momentarily" slowed. Id. Plaintiff claims it lasted 10 hours and 29 minutes. ECF 208-1, ¶ 198.
ECF 175, ¶ 197.
Id. ¶ 202.
Id. ¶¶ 182-83; ECF 208-1, ¶¶ 182-83. Pederson testified that he did not see anything when he was accessing Plaintiff's website manually or running the program that led him to believe that his actions were improper or that he was having any sort of adverse effect on Plaintiff's website or computer system. ECF 171-10 (Pederson Dep. Tr. at 93:16-94:2, 192:21-193:5). Conversely, Kronz testified that, based on his knowledge of Pederson's program, Pederson would have received connection failed errors. ECF 203-14 (Kronz Dep. Tr. Jan. 17, 2019 at 78:20-79:2). Additionally, Chris Dispain, Plaintiff's Vice President, testified that there were times when Plaintiff had to shut down the website during the attack, which would have signaled that there was an issue in Pederson's logs that Pederson claimed he was monitoring. ECF 208-15 (Dispain Dep. Tr. at 314:9-14); but see ECF 175-4 (Kronz Dep. Tr. Jan. 17, 2019 at 75:1-2, 185:10) (testifying that Marketing Website was never shut down; rather, IP addresses were blocked from using it for five to fifteen minutes).
b. Factual Disputes Raised to The Court
As part of Plaintiff's response to Defendant's motion, Plaintiff filed a Notice of Objection to Defendant's Statement of Material Fact Nos. 123 and 124 [ECF 207]. Plaintiff's summary judgment briefing also included a declaration from its President, Jason Kronz. Defendant filed a motion to exclude statements from that declaration [ECF 230] because it claims they contradict Kronz's previous testimony. The Court addresses this objection and motion below.
ECF 208-11.
i. Plaintiff's Objection to Defendant's Statement of Material Fact Nos. 123 & 124
Plaintiff objects to Defendant's discussion of a demonstration Plaintiff's expert witness, Simon Garfinkel, was asked to do by defense counsel during his deposition. Defense counsel asked Garfinkel to run searches through the MLF. Garfinkel was instructed to search for all customers within a 100-mile radius of seventeen cities. In its Statement of Facts, Defendant asserts that it was able to obtain 50% of Plaintiff's entire customer list through Garfinkel's searches. Defendant claims that the demonstration shows "how easy it is to find [Plaintiff]'s customers using the [MLF]." Plaintiff argues that evidence relating to the demonstration is inadmissible under Fed. R. Evid. 402 and 403 as irrelevant and/or unfairly prejudicial and confusing. Boiled down, Plaintiff argues that Defendant's emphasis on the demonstration is misplaced because Plaintiff's customer list is not the same in 2019 (when Garfinkel was deposed) as it was in 2014.
ECF 175-19 (Garfinkel Dep. Tr. at 202:8—213:25).
ECF 175, ¶ 124.
Id. ¶ 123.
ECF 207, at 4-6.
Id. at 5.
The Court will not exclude Defendant's statements because it finds the demonstration relevant and not substantially outweighed by the danger of unfair prejudice or confusion. One of the core issues in this case is the extent to which the MLF tool made Plaintiff's customer lists publicly available. Thus, a demonstration of how that tool works is highly relevant. The Court does not see how that relevancy is substantially outweighed by potential prejudice or confusion. Plaintiff is correct that Defendant's demonstration would not be admissible to prove that a user could have obtained 50% of Plaintiff's customer information through the same seventeen searches in 2014. The Court understands that Plaintiff's customers have changed in the last five years. But this goes to the weight of the evidence, not its admissibility. Accordingly, Plaintiff's notice of objection [ECF 207] is overruled.
ii. Defendant's Objection to Kronz's Second Declaration
Defendant moves to exclude portions of Kronz's second declaration as a sham because it contradicts his previous declaration and testimony.
ECF 230, at 1-2.
Under the sham affidavit rule, "[w]hen a party has given clear answers to unambiguous questions which negate the existence of any genuine issue of material fact, that party cannot thereafter create such an issue with an affidavit that merely contradicts, without explanation, previously given clear testimony." The Defendants bear a heavy burden in order to exclude an affidavit under the sham affidavit rule.In re Stand 'N Seal, Prod. Liab. Litig., 636 F. Supp. 2d 1333, 1335 (N.D. Ga. 2009) (quoting Van T. Junkins & Assocs., Inc. v. U.S. Indus., Inc., 736 F.2d 656, 657 (11th Cir. 1984)).
Defendant claims that Kronz previously testified that the only "barrier" protecting the MLF was its 100-mile radius limitation. However, Plaintiff's response to Defendant's motion for summary judgment and Kronz's second declaration, filed therewith, now emphasize three other limitations on the MLF tool. Plaintiff's summary judgment briefing refers to these other preventative measures as the "Legitimate User Boundary," the "Text Box Boundary," and the "User Location Boundary."
Id. at 6.
Id. at 6-8.
ECF 208, at 4.
While Plaintiff may not have used these specific terms prior to responding to Defendant's summary judgment motion, they are based on undisputed evidence identified by Plaintiff. The three boundaries are based on the MLF webpage. The Legitimate User Boundary is based on the text at the top of the MLF webpage that states, "BuildingReports can connect you to the service company best suited to meet your inspection and compliance reporting needs." The User Location Boundary refers to the language telling the user to select their location from the form. Finally, the Text Box Boundary refers to the fact that a user could only search for one city or zip code at a time.
ECF 149-2, ¶ 6.
ECF 208, at 4. See also ECF 149-2, ¶ 6.
ECF 208, at 4.
Id. See also ECF 149-2, ¶ 6.
Each of these "boundaries" is based on evidence that had already been produced. They refer to the design of the MLF webpage and Plaintiff's intent in building the webpage, which has stayed consistent throughout the action. Thus, Plaintiff's characterizations of the boundaries in its summary judgment opposition does not create new issues of material fact. Further, while Kronz's second declaration puts more emphasis on these boundaries, it does not contradict his prior testimony that the 100-mile radius was the only technical barrier restricting the MLF tool. Nor does Plaintiff's articulation of these other boundaries change the Court's analysis of the issues. The Court will not exclude these portions of Kronz's declaration. Defendant's motion in this regard [ECF 230] is DENIED.
It also aligns with other testimony in this case regarding the intent behind the MLF tool. See, e.g., ECF 175-3 (Dispain Dep. Tr. at 262:5-9) ("The intent of the [MLF] was to provide data for building companies to be able to find service companies within their area. It was never intended for people to use as a . . . general access tool for member data.").
c. GTSA CLAIM
i. Legal Standard
To prove a claim under the GTSA, Plaintiff must prove that "(1) it had a trade secret and (2) the opposing party misappropriated the trade secret." Capital Asset Research Corp. v. Finnegan, 160 F.3d 683, 685 (11th Cir. 1998) (quoting Camp Creek Hosp. Inns, Inc. v. Sheraton Franchise Corp., 139 F.3d 1396, 1410 (11th Cir. 1998)). "The party asserting the existence of a trade secret has the burden of proving that the information so qualifies and that the accused party violated the Act." Capital Asset Research Corp., 160 F.3d at 685. "Whether a particular type of information constitutes a trade secret under the GTSA is ordinarily a question of fact. However, the Court can determine that the information at issue is not a trade secret as a matter of law if there is no evidence in the record to support [Plaintiff]'s claim." Coal. Am, Inc. v. Nat'l Health Benefits Corp., No. 1:03-CV-4012-CC, 2009 WL 10664900, at *3 (N.D. Ga. Feb. 6, 2009) (citations omitted).
Trade secrets are defined under O.C.G.A § 10-1-761(4) as:
(4) "Trade secret" means information, without regard to form, including, but not limited to, technical or nontechnical data, a formula, a pattern, a compilation, a program, a device, a method, a technique, a drawing, a process, financial data, financial plans, product plans, or a list of actual or potential customers or suppliers which is not commonly known by or available to the public and which information:
Thus, in order to show that the customer list qualifies as a trade secret, Plaintiff must show the following elements: "(i) information not commonly known by or available to the public, (ii) which derives economic value from not being generally known to or ascertainable by proper means by others who can obtain economic value from the information; and (ii) that was subject to reasonable efforts to maintain its secrecy." EarthCam, Inc. v. OxBlue Corp., 49 F. Supp. 3d 1210, 1224-25 (N.D. Ga. 2014), aff'd, 703 F. App'x 803 (11th Cir. 2017).(A) Derives economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use; and
(B) Is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.
Under the plain language of the statute, the plaintiff must show that the information is not generally known or ascertainable by proper means; however, the way the defendant obtained the alleged trade secret is inconsequential. AmeriGas Propane, L.P. v. T-Bo Propane, Inc., 972 F. Supp. 685, 699 (S.D. Ga. 1997). The Southern District of Georgia emphasizes this point in the following passage:
Under this portion of the statute, if the information could be (as opposed to was) readily ascertained by proper means, the circumstances surrounding its alleged misappropriation is, quite simply, irrelevant. It does not matter if the offender engaged in a Watergate type burglary to get the list or if the offender innocently found the list laying on a church pew wrapped in a purple ribbon with a pink bow.Id. at 699-700.
The inquiry simply boils down to the question: was this information truly a secret?
ii. Analysis
Plaintiff argues that the customer information extracted by Defendant through the MLF tool amounts to a customer list and that list is a protected trade secret under the GTSA. Plaintiff claims that Defendant violated the GTSA by misappropriating the customer list. Defendant argues that it is entitled to summary judgment on this claim because the customer information it obtained is not a trade secret because it is (1) publicly available through Plaintiff's Marketing Website, (2) is readily ascertainable via the same, and (3) Plaintiff did not take reasonable efforts to ensure secrecy of the list. The Court agrees with Defendant that the customer information cannot qualify as a trade secret. Accordingly, it grants Defendant's motion for summary judgment as to the GTSA claim.
ECF 81, ¶ 76.
Id. ¶ 79.
ECF 170-1, at 7-8.
As a preliminary matter, it is not clear to the Court that the customer information obtained by Defendant could ever qualify as a trade secret under Georgia law. "Georgia courts likely will not confer trade secret status on customer lists unless the lists contain information in addition to names, addresses and contact persons." AmeriGas Propane, L.P. v. T-Bo Propane, Inc., 972 F. Supp. 685, 699 (S.D. Ga. 1997) (quoting C. Geoffrey Weirich and James R. Glenister, Revisiting Trade Secrets and Issues of Confidentiality in the Employment Context, Ga. B. J., June 1996, at 35, 37; see also Leo Publ'ns, Inc. v. Reid, 265 Ga. 561, 562 (1995)); but see Capital Asset Research, 160 F.3d at 686 (finding that unique compilations adding value to publicly available information may qualify as trade secret). The information provided through the MLF tool included the customer name, address, website, and employee contact. Thus, the list can only qualify as a trade secret if it is the result of a unique compilation of information. The parties did not brief on this issue, but the Court need not decide whether this list could qualify as a protected trade secret because it finds that the list was generally known, readily ascertainable, and not protected by reasonable measures. Bacon v. Volvo Serv. Ctr., Inc., 266 Ga. App. 543, 545 (2004) (quoting Crews v. Roger Wahl, C.P.A., P.C., 238 Ga. App. 892, 898, n.4 (1999)) ("Confidentiality is afforded only where the customer list is not generally known or ascertainable from other sources and was the subject of reasonable efforts to maintain its secrecy.").
ECF 175, ¶ 120.
The customer information provided through the MLF tool was generally known or ascertainable. In Wachovia Insurance Services, Inc. v. Fallon, the Georgia Court of Appeals held that, in order to prevail under the GTSA, the plaintiff must show that the information collected by the defendant "was a 'list of actual or potential customers or suppliers which is not commonly known by or available to the public.'" 299 Ga. App. 440, 446 (2009) (quoting O.C.G.A. § 10-1-761(4)). In that case, the plaintiff claimed former employees misappropriated client contact information. Id. at 445-46. The court ruled against the plaintiff because a public website (that was not operated by either party) provided the same information regarding the plaintiff's customers. Id. at 446; see also Leo Publ'ns, 265 Ga. at 562 (holding list of advertising clients was readily ascertainable by reviewing plaintiff's publication, finding addresses and telephone numbers in telephone directory, and contacting those organizations to determine rates and client contact).
Similarly, the customer information Defendant obtained here was available to anyone with internet access via Plaintiff's Marketing Website. However, because it was provided through Plaintiff's website, Plaintiff argues that the information was not generally known or ascertainable because it undertook reasonable measures to limit the information through the 100-mile radius barrier and the fact that a user could only manually enter one search item at a time (i.e., the "Text Box Boundary"). Such measures do not amount to reasonable efforts to maintain secrecy.
ECF 208, at 13-14. Plaintiff does not assert the Legitimate User Boundary or the User Location Boundary were "reasonable measures" to maintain the list's secrecy. ECF 241, at 6-7. Nor would the inclusion of those boundaries alter the Court's reasonableness analysis.
The unreasonableness of these types of measures was well addressed by the District of New Jersey in a similar action brought under O.C.G.A. § 10-1-760 et seq., Events Media Network, Inc. v. Weather Channel Interactive, Inc., No. CIV. 13-03 RBK/AMD, 2015 WL 457047 (D.N.J. Feb. 3, 2015). In that case, the parties had entered into a contract containing a confidentiality provision, but the plaintiff alleged that the defendant continued to use information provided on the plaintiff's website after termination of that contract. Id. at *5. The plaintiff claimed that the information was "only available in a limited format on its website" because search results were limited to a 50-mile radius of the zip code entered, 99 results per search, and it monitored usage to prevent users or specific IP addresses from running too many searches. Id. at *10. The district court found these measures unreasonable, noting that "even within the confines of [the plaintiff]'s present search limitations, members of the public may access hundreds of results." Id. Pointedly, the court stated:
While it may have profited from its efforts spent compiling the Information over time, Plaintiff cites no case which suggests that creating a valuable integration of information available in the public domain, and then making that integration of information available to
customers and the public deserves trade secret protection.Id. at *10-11. Ultimately, the district court held that the plaintiff did not take reasonable measures to protect the secrecy of its information.
Plaintiff's attempts to distinguish Events Media—by claiming that "[i]t did not involve a customer list and did not hold that discrete customer data searchable by a web browser forfeited a company's right to claim that its entire customer list qualifies as a trade secret"—are at best ineffective. Defendant did not obtain Plaintiff's entire customer list, which is stored in Plaintiff's private database. Rather, Defendant retrieved information on 32% of Plaintiff's customers through the MLF tool. Thus, the issue is whether the information provided through the MLF tool on Plaintiff's Marketing Website can constitute a trade secret.
ECF 208, at 12.
Like the plaintiff in Events Media, Plaintiff here made its customer information publicly available and then failed to take reasonable measures to protect that information. The 100-mile radius and the Text Box Boundary may increase the amount of time it would take to obtain the customer information made available through the Marketing Website. However, it does not prevent a determined user from taking the time to enter every possible zip code or city to obtain the entire list. In fact, Netland testified that he was going to have some clerks do just that but decided to ask Pederson if there was an easier method of extraction. Also instructive is the fact that Plaintiff has since restricted the number of searches a particular user can execute through a rate-limiter. Prior to this limitation, there was nothing preventing a user or a competitor from taking the time to obtain the customer information for Plaintiff's entire customer list.
ECF 157-3 (Netland Dep. Tr. 119:5-10).
Through Pederson's program, Defendant was able to obtain the information faster than it could have through individual searches. But case law is clear that whether Defendant's methods were proper is not relevant to Plaintiff's GTSA claim. AmeriGas, 972 F. Supp. at 699; Leo Publ'ns, 265 Ga. at 562. The relevant question remains: is the information secret? The resounding answer is no. Accordingly, the Court grants Defendant's motion for summary judgment as to the GTSA claim.
d. GCSPA CLAIM
i. Legal Standard
Plaintiff alleges Defendant violated the GCSPA by committing computer trespass in violation of O.C.G.A. § 16-9-93(b)(2) and (3). The applicable statutory provisions state:
(b) Computer Trespass. Any person who uses a computer or computer network with knowledge that such use is without authority and with the intention of:
. . . .
(2) Obstructing, interrupting, or in any way interfering with the use of a computer program or data; or
(3) Altering, damaging, or in any way causing the malfunction of a computer, computer network, or computer program, regardless of how long the alteration, damage, or malfunction persists
Under the statute, "use" is defined as causing or attempting to cause:
shall be guilty of the crime of computer trespass.
(A) A computer or computer network to perform or to stop performing computer operations;O.C.G.A. § 16-9-92.
(B) The obstruction, interruption, malfunction, or denial of the use of a computer, computer network, computer program, or data; or
(C) A person to put false information into a computer.
In order to violate O.C.G.A. § 16-9-93(b)(2) or (3), "the proscribed actions [must] be taken 'with knowledge' that the use of the computer or the examination of the other person's data was 'without authority' and that the actions be taken with the requisite intent." Sitton v. Print Direction, Inc., 312 Ga. App. 365, 368 (2011). O.C.G.A. § 16-9-93(g) creates a private right of action: "Any person whose property or person is injured by reason of a violation of any provision of this article may sue therefor and recover for any damages sustained and the costs of suit." Thus, a plaintiff must show that it sustained such an injury in order to bring a civil action under this statute. Moulton v. VC3, No. 1:00CV434-TWT, 2000 WL 33310901, at *6 (N.D. Ga. Nov. 7, 2000) ("When damage results from the criminal activity, the section also authorizes a civil suit for monetary recovery.").
ii. Analysis
In order to succeed on this claim, Plaintiff must show that Defendant's use of the MLF tool was either intended to (1) obstruct, interrupt, or interfere with the use of Plaintiff's website, or (2) alter, damage, or otherwise cause the malfunction of Plaintiff's website. The Court finds that Plaintiff cannot show that Defendant had the requisite intent. Sitton, 312 Ga. App. at 368 (finding that defendant's actions do not fall within scope of GCSPA because plaintiff failed to show requisite intent). It is therefore unnecessary for the Court to reach any of the other elements of such a claim.
Plaintiff argues that the requisite intent can be inferred from the circumstances and points to the following evidence as permitting that inference: Pederson's messages to his wife about "stealing" the data; his likely knowledge that the program would slow the website down; his removal of time delays; and, knowingly injecting hundreds of thousands of lines into the server logs. None of these assertions support an inference that Pederson intended to interfere with the use of Plaintiff's website.
ECF 208, at 14-15.
Pederson's text messages to his wife, while perhaps persuasive evidence that he knew his actions were without authority, only reinforce that Defendant's underlying motive was to take all the information available through the website about Plaintiff's customers. The time delays referenced by Plaintiff were part of Pederson's testing process, allowing him to review the data that was returned before another request was sent. It was not a barrier implemented by Plaintiff that Pederson removed, it was a testing tool that Pederson added and then removed.
ECF 204-10 (Pederson Dep. Tr. 79:25-80:11; 81:9-14).
Further, Plaintiff has not provided any authority to support its contention that adding lines to a server log alters a computer system within the meaning of this statute. Log entries are created any time an individual visits a website that maintains a site log. As Defendant notes, if adding entries to the log qualifies as an alteration under the GCSPA, every individual who visits the Marketing Website or other websites that maintain log files would violate the GCSPA, leading to an impermissibly absurd result. Finally, regarding Plaintiff's assertion that Pederson must have known that the program would slow down Plaintiff's website, Pederson testified that he believed Plaintiff's servers were large and his requests would not impact them in a negative way.
ECF 208, at 9. Plaintiff only claims that adding lines to the log altered its system. Id. It does not allege that any harm was caused by the log entries. See ECF 208-1, at ¶ 203.
ECF 175, ¶ 204-05.
ECF 170-1, at 28-29.
ECF 171-10 (Pederson Dep. Tr. 94:1-2; 95:5-9). For these same reasons, Plaintiff cannot carry its burden on the injury element either. See Moulton, 2000 WL 33310901, at *6 ("Defendant argues that it does not matter that the slow down was not noticeable because the statute states that an activity in violation of the statute can be actionable no matter how long it persists. However, the language that allows a claim for actions that are not noticeable to the victim apply only to activities which alter, damage or malfunction a network.").
Additionally, Defendant has offered evidence that its intent was never to harm Plaintiff's website. When asked about his objective, Pederson stated it was to get all the data from the MLF tool. This is supported by Netland's deposition. Regarding the MLF data, Netland testified:
Id. at 84:20-85:4.
[S]o we were looking at this data, which we did find interesting, and so at this point I did have a conversation with Graham Pederson who you mentioned earlier andThus, Pederson and Netland, the two employees of Defendant who were most intimately involved with obtaining the data, state the same objective: Defendant wanted the customer information provided from the MLF tool.
asked Graham if there would be a way to, you know, collect this information from this website. We were thinking about otherwise having maybe some clerical people collect this information. But I asked him if there would be maybe say a simpler way of collecting this information that was made publicly available on this site.
ECF 204-11 (Netland Dep. Tr. 118:24-119:10).
Most importantly, the evidence does not support Plaintiff's argument that Defendant's underlying intent was to slow the system down, rather than extract the customer information. Plaintiff's theory throughout its filings is that Defendant improperly extracted customer information from Plaintiff's website in order to bolster Defendant's recently developed eVance inspection software. Only in the GCSPA briefing does Plaintiff allege the additional motive of interfering with the use of Plaintiff's website. This allegation is not supported by the evidence, which shows that Defendant's motive was to obtain as much of Plaintiff's customer list as possible, not to interfere with the website. There is simply nothing in the record suggesting Defendant's intent was to interfere, alter, or otherwise harm Plaintiff's website. Accordingly, the Court grants Defendant's motion for summary judgment as to the GCSPA claim.
Plaintiff separately moved for partial summary judgment on the "without authority" element of computer trespass. Because the Court finds that Plaintiff cannot carry its burden as to the intent element of its GCSPA claim, it denies Plaintiff's motion for partial summary judgment on the same grounds.
III. TORTIOUS INTERFERENCE CLAIM
a. Factual Background
The following facts are relevant to Plaintiff's tortious interference with a contract claim. Unless otherwise noted, the following facts are not disputed by the parties or are supported by undisputed evidence in the record. Jeffrey Montoney is a former sales representative for Plaintiff. While employed by Plaintiff, Montoney signed an employment agreement and a confidentiality agreement. In 2017, Montoney began working for Defendant as a sales representative for eVance. Defendant was aware of Montoney's Confidentiality Agreement with Plaintiff by at least July 20, 2017 when Montoney emailed a copy of the Agreement to Paula Eldridge, Defendant's human resources representative.
ECF 175, ¶ 220.
Id. ¶ 221.
Id. ¶ 224.
ECF 208-10, ¶ 161; ECF 173-16.
Montoney's Confidentiality Agreement states:
1. The Undersigned agrees to hold all disclosed confidential or proprietary information or trade secrets ("information") in trust and confidence and agrees that it shall be used only for the contemplated purpose, and shall not be used for any other purpose nor disclosed to any third party without written consent of BuildingReports.com. Confidential information includes but is not limited to software programs designed and distributed by BuildingReports.com/ BuildingReports.com and/or its associated companies; customer lists, vendor lists, pricing, bank information and any other confidential accounting information.
. . . .
5. It is understood that the Undersigned shall have no obligation to hold confidential with respect to any information known by the Undersigned or generally known within the industry prior to date of this agreement, or that shall become common knowledge within the industry thereafter as said information shall not be deemed protected under this agreement.
ECF 173-16.
While working for Defendant, Montoney shared Plaintiff's pricing information with some of Defendant's employees, including Taryn McCarthy. McCarthy is the director of Defendant's eVance business unit. McCarthy included the pricing information in a draft PowerPoint presentation. On August 4, 2017, McCarthy emailed a copy of the draft to Montoney for review and noted that she would like to distribute the presentation to Defendant's regional sales managers ("RMSs"). Montoney replied:
ECF 208-10, ¶ 159.
Id. ¶ 154.
Id. ¶ 162.
Id. ¶ 163; ECF 208-24 (McCarthy Dep. Tr. at 70:10-12).
I'm not sure I feel comfortable with actual published BR pricing being distributed to so many people (all RSM's) knowing that the pricing came from me. Any way we can just say that there are costs associated with all of the line items on that document, and not include specific pricing?McCarthy responded, "We will re-work so that it is not obvious." McCarthy later sent Plaintiff's pricing to at least one of Defendant's regional sales managers.
ECF 208-31.
Id.
ECF 208-10, ¶ 165.
Plaintiff has four levels of pricing: member, partner, VAR, and MSP. Plaintiff generally does not disclose its VAR or MSP pricing externally and limits its disclosure internally. Plaintiff shares its member pricing with current and prospective customers. The pricing McCarthy shared was an approximation of Plaintiff's member pricing.
ECF 175, ¶ 226. VAR stands for "value added reseller." ECF 175-17 (Wills Dep. Tr. at 22:12-13). MSP stands for "managed service provider." Id. at 22:16-17.
ECF 175, ¶ 227; ECF 175-17 (Wills Dep. Tr. at 22:24-23:3).
ECF 175, ¶ 229; ECF 175-17 (Wills Dep. Tr. at 160:22-25).
ECF 175, ¶ 230.
Plaintiff's customers enter into a terms and conditions agreement with Plaintiff, hereinafter "Customer Terms Agreement." Under the Customer Terms Agreement, a former customer's obligation to keep Plaintiff's information confidential ends three years after the relationship with Plaintiff is terminated. Plaintiff maintains that its Customer Terms Agreement applies to pricing. Plaintiff's pricing has not changed since 2012. Since 2012, some of Plaintiff's former customers' confidentiality obligations have expired. Those customers would no longer be prohibited from disclosing Plaintiff's confidential information covered by the Customer Terms Agreements they entered into.
Id. ¶ 231.
Id. ¶ 234.
Id. ¶ 233.
Id. ¶ 236; ECF 175-17 (Wills Dep. Tr. at 164:15-19, 165:5-10).
ECF 175, ¶ 235.
Id. ¶ 237.
Plaintiff also shares its pricing with prospective customers. Plaintiff does not request prospective customers to sign confidentiality agreements or nondisclosure agreements before receiving its pricing information, nor does it ask them to treat the pricing list as confidential. However, the bottom of Plaintiff's pricing sheet is marked as confidential.
ECF 175, ¶ 238; ECF 175-17 (Wills Dep. Tr. at 161:1-11, 165:11-15).
ECF 175, ¶¶ 239, 242, 243; ECF 175-17 (Wills Dep. Tr. at 167:11—168:6-11).
ECF 175-17 (Wills Dep. Tr. at 165:16-17).
b. Legal Standard
To prevail on a claim of tortious interference with business relations, a plaintiff must prove the following elements: (1) improper action or wrongful conduct by the defendant without privilege; (2) the defendant acted purposely and with malice with the intent to injure; (3) the defendant induced a breach of a contractual obligation or caused a party or a third party to discontinue or fail to enter into an anticipated relationship with the plaintiff; and (4) the defendant's tortious conduct proximately caused damage to the plaintiff.Onbrand Media v. Codex Consulting, Inc., 301 Ga. App. 141, 150 (2009). "[C]ontractual obligations are separate and independent from those imposed under the GTSA." Penalty Kick Mgmt. Ltd. v. Coca Cola Co., 318 F.3d 1284, 1298 (11th Cir. 2003) (citing O.C.G.A. § 10-1-767(b)(1)). When confidential information does not amount to a trade secret, the employer enforcing a nondisclosure agreement must rely on the terms of the agreement. Howard Schultz & Assocs. of the Se., Inc. v. Broniec, 239 Ga. 181, 187 (1977); see also Roboserve, Ltd. v. Tom's Foods, Inc., 940 F.2d 1441, 1456 (11th Cir. 1991) (citing Capriulo v. Bankers Life Co., 178 Ga. App. 635, 638-40 (1986)) ("A confidential relationship is distinguished by the expectations of the parties involved, while a trade secret is identified through rigorous examination of the information sought to be protected."). An employee may acknowledge that certain information is confidential through the terms of the confidentiality agreement. Palmer & Cay of Ga., Inc. v. Lockton Cos., Inc., 273 Ga. App. 511, 516 (2005), rev'd on other grounds, 280 Ga. 479 (2006) ("But, the employees, by signing the employment agreement, acknowledged that names of customers are considered confidential business information.") (citing Wiley v. Royal Cup, Inc., 258 Ga. 357, 359-360 (1988)).
c. Analysis
Plaintiff claims that Defendant committed tortious interference with Montoney's confidentiality agreement by inducing Montoney to provide confidential pricing information. As noted above, Montoney's confidentiality agreement expressly considers pricing to be protected confidential information. However, it also states that the confidentiality obligations under the agreement will not apply to any information "known by the Undersigned or generally known within the industry prior to date of this agreement, or that shall become common knowledge within the industry thereafter." Defendant argues that it is entitled to summary judgment on Plaintiff's tortious interference claim because the pricing information provided by Montoney was not confidential. Therefore, Defendant argues that Plaintiff cannot carry its burden as to the 'induced a breach' element of its tortious interference claim because it cannot show that Montoney provided confidential information.
ECF 208, at 20.
ECF 173-16.
Id.
ECF 170-1, at 19.
Defendant's Motion for Summary Judgment does not address the other elements of a tortious interference claim.
Defendant claims that the pricing information is not confidential because (1) Plaintiff provides it to third parties who are not subject to confidentiality agreements and (2) the information is generally known within the industry. Defendant's first argument fails for multiple reasons. First, Defendant's authority for the proposition that information commonly known or provided to third parties is not subject to confidentiality obligations is easily distinguishable from the facts of this case. Those cases either address whether company information is sufficiently "confidential" to be considered a trade secret, or they address confidentiality obligations in the absence of a contract. As such, they are not applicable to Plaintiff's ability to enforce its contractual agreement separate and independent from a potential trade secret claim. Montoney already acknowledged that Plaintiff's pricing information is considered confidential business information through the express terms of the contract. Therefore, he was obligated not to disclose such information for two years following termination of his employment so long as the information was not considered "generally known within the industry." Thus, the key issue here is whether Plaintiff's member pricing is considered "generally known within the industry."
ECF 170-1, at 19.
See id.
For example, Defendant cites to Smart Profitability Solutions, LLC v. Double Check Risk Solutions, LLC, No. 1:18-CV-706-MHC, 2018 WL 6380886, at *7-8 (N.D. Ga. Aug. 2, 2018) for the proposition that "information marked 'confidential' but shared with third-parties who were not subject to NDA was not confidential." ECF 170-1, at 19. But, that section of the opinion expressly finds such information is not protected under the GTSA. Smart Profitability, 2018 WL 6380886, at *8. Similarly, the portion of Bacon v. Volvo Service Center, Inc., 266 Ga. App. 543 (2004) cited by Defendant addresses whether the party took reasonable steps to maintain confidentiality under the GTSA.
TDS Healthcare Sys. Corp. v. Humana Hosp. Ill., Inc., 880 F. Supp. 1572, 1585 (N.D. Ga. 1995) ("In the absence of a contract, however, it appears that such information is protected only so long as competitors fail to duplicate it by legitimate, independent research or until it becomes public property by being released on the market.").
The Court agrees with Plaintiff that Defendant has not carried its burden to show that Plaintiff's member pricing is generally known within the industry. Defendant showed that Plaintiff's customers are required to sign a non-disclosure agreement, the confidentiality obligations end three years after the end of the customer's relationship with Plaintiff, and Plaintiff's pricing has not changed since 2012. Defendant also provided evidence that prospective customers are not required to sign any confidentiality agreement or asked to keep the information confidential. These factors are relevant to whether the pricing is generally known within the industry because Defendant has demonstrated that it is not uncommon for companies, including Plaintiff, to receive pricing information on their competitors through their customers. Thus, it is possible that Plaintiff's prior customers or prospective customers have widely shared the pricing information with Plaintiff's competitors, making the data generally known within the industry.
ECF 175, ¶ 247; ECF 175-17 (Wills Dep. Tr. at 128:25—129:3). One of Plaintiff's employees stated that, based on his experience in this industry, he believes but does not know that Plaintiff's customers or prospective customers share Plaintiff's pricing information with Plaintiff's competitors "with some regularity." ECF 203-16 (Hicks Dep. Tr. at 153:5-11).
However, as noted by Plaintiff, Defendant has provided no evidence that any of Plaintiff's customers or prospective customers in fact disclosed its pricing information to a third-party. Nor does Defendant claim that it received Plaintiff's pricing information from Plaintiff's prior customers, prospective customers, or any other third-party. Rather, the evidence shows Defendant relied exclusively on Montoney for the information even after Montoney expressed that he was uncomfortable being the source. Thus, the Court finds that an issue of material fact remains as to whether Plaintiff's member pricing is generally known within the industry. Accordingly, Defendant's motion for summary judgment as to the tortious interference claim is DENIED.
ECF 208-10, ¶ 167.
IV. CONCLUSION
For the foregoing reasons, the Court GRANTS in part and DENIES in part Defendant's motion for summary judgment [ECF 170]. Defendant's motion is GRANTED as to the GTSA and GCSPA claims (Counts I and II) and DENIED as to the tortious interference claim (Count III). Plaintiff's motion for partial summary judgment [ECF 149] is DENIED. Defendant's motion to exclude declaration statements of Kronz [ECF 230] is DENIED.
The case will proceed on Plaintiff's tortious interference claim, as well as its derivative claims for attorneys' fees and punitive damages. The parties are hereby DIRECTED to file their Proposed Consolidated Pretrial Order within 30 days after entry of this Order.
SO ORDERED this the 26th day of March 2020.
/s/_________
Steven D. Grimberg
United States District Court Judge