From Casetext: Smarter Legal Research

CCC Intelligent Servs. v. Tractable, Inc.

United States District Court, Northern District of Illinois
Jan 25, 2023
18 CV 7246 (N.D. Ill. Jan. 25, 2023)

Opinion

18 CV 7246

01-25-2023

CCC INFORMATION SERVICES, INC., Plaintiff, v. TRACTABLE, INC., Defendant.


MEMORANDUM OPINION & ORDER

Robert W. Gettleman, United States District Judge

Plaintiff CCC Information Services, Inc. (“CCC” or “plaintiff”) brings this seven-count first amended complaint against defendant Tractable, Inc. (“Tractable” or “defendant”), which alleges that defendant fraudulently obtained access to plaintiff's software and used that access to misappropriate plaintiff's data. Count One alleges violation of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030; Count Two alleges violation of the Defend Trade Secrets Act of 2016, 18 U.S.C. § 1836; Count Three alleges violation of the Illinois Trade Secrets Act of 2016, 765 ILCS 1065/2; Count Four alleges trademark infringement in violation of the Lanham Act, 15 U.S.C. § 1114; Count Five alleges false designation of origin in violation of the Lanham Act, 15 U.S.C. § 1125; Count Six alleges violation of the Illinois Uniform Deceptive Trade Practices Act, 815 ILCS 510; and Count Seven alleges common law fraud.

On September 21, 2022, defendant filed a motion seeking dismissal of Counts One and Six of plaintiff's first amended complaint for failure to state a claim under Federal Rule of Civil Procedure 12(b)(6) (Doc. 100). For the reasons discussed below, the court grants defendant's motion.

BACKGROUND

Defendant provides “technology solutions” for the automotive insurance and collision repair industries. Plaintiff alleges that defendant used a series of aliases and misrepresentations to fraudulently gain access to plaintiff's proprietary platforms, and used this access to misappropriate defendant's proprietary and confidential information. Plaintiff's platforms include its CCC ONE® Appraisal Platform and CCC ONE® Estimating (collectively, “CCC ONE”), which connect a network of insurance companies, independent appraisers, and repair facilities to generate vehicle damage estimates using algorithms and data. Independent appraisers physically inspect vehicular damage, take notes and photographs of the damage, and use CCC ONE to generate a damage estimate that the appraiser then transmits to an insurance company using the platform.

Plaintiff authorizes independent appraisers to use CCC ONE with licensing agreements. According to plaintiff, multiple customers informed plaintiff that defendant was “creating estimates using [plaintiff]'s trademarks and that such estimates appeared to be generated by CCC ONE.” Consequently, plaintiff began investigating defendant's activities on the CCC ONE platform. Plaintiff became concerned because, according to its records, defendant did not have a license to access CCC ONE. Rather, plaintiff had a licensing agreement with “JA Appraisal,” which is an allegedly fictious company that defendant used as a front to fraudulently obtain access to CCC ONE. According to plaintiff, its investigation led to “Jason Chen,” who approached plaintiff to obtain the licensing agreement on or around August 23, 2017. Plaintiff indicates that “Jason Chen” is an alias for Xing Xin, formerly the head of defendant's product development, and that plaintiff and defendant are rival companies.

Further, plaintiff alleges that its investigation revealed that defendant misappropriated CCC ONE over the course of fourteen months, by using it to create test files with fictitious inputs to generate unusual estimates that did not follow “the conventional appraiser workflow.” Instead of finalizing the estimates in the “workfiles” and transmitting them to insurers, plaintiff alleges that defendant created the files to “replicate (at least in part) CCC ONE's proprietary information and algorithms,” in violation of JA Appraisal's licensing agreement.Plaintiff's licensing agreement with JA Appraisal was “conditioned on the independent appraiser working on an assignment related to an insurance claim for the purpose of generating an estimate of vehicle damage.” Plaintiff terminated its license with JA Appraisal on October 26, 2018.

Plaintiff alleges that defendant used CCC ONE to create at least 2,303 workfiles without authorization, and of those files, approximately 1,100 of them “[did] not contain information or data that is typically used to generate vehicle damage estimates for legitimate claims.”

On October 30, 2018, plaintiff filed its original complaint in this case. Defendant moved to dismiss plaintiff's original complaint on December 20, 2018, for failure to state a claim pursuant to Rule 12(b)(6). In response, plaintiff filed its first amended complaint on January 10, 2019. Defendant also filed a motion to compel arbitration and stay the proceedings on December 20, 2018, which this court denied on May 7, 2019, and the Seventh Circuit subsequently affirmed, because it concluded that defendant was not in a contractual relationship with plaintiff and could not enforce the arbitration clause in question. 36 F.4th 721 (7th Cir. 2022).

LEGAL STANDARD

“To survive a motion to dismiss, a complaint must allege sufficient factual matter, accepted as true, to state a claim to relief that is plausible on its face.” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009). For a claim to have “facial plausibility,” a plaintiff must plead “factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Id. “[W]here the well-pleaded facts do not permit the court to infer more than the possibility of misconduct, the complaint has alleged-but has not shown-that the pleader is entitled to relief.” Id. “Threadbare recitals of the elements of a cause of action, supported by mere conclusory statements, do not suffice.” Id.

DISCUSSION

Defendant moves the court to dismiss two of plaintiff's seven claims in this case. Defendant argues that the court should dismiss Count One because plaintiff's allegations under the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030, do not allege a covered “damage or loss.” Next, defendant argues that the court should dismiss Count Six because, based on plaintiff's allegations, plaintiff is not entitled to relief authorized by the Illinois Uniform Deceptive Trade Practices Act (“IUDTPA”), 815 ILCS 510.

The court first evaluates defendant's arguments in favor of dismissing Count One. To state a claim under the CFAA, plaintiff must plead “damage” or “loss” caused by defendant's unauthorized access to its computer systems. See Tamlyn v. BlueStone Advisors, LLC, No. 17 C 8893, 2018 WL 1920184, at *2 (N.D. Ill. Apr. 24, 2018). The CCFA defines “damage” as “any impairment to the integrity or availability of data, a program, a system, or information,” 18 U.S.C. § 1030(e)(8), and “loss” as “any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.” 18 U.S.C. § 1030(e)(11).

According to defendant, plaintiff's claim fails because plaintiff has not alleged any “technological harm or damage to [plaintiff's] systems.” Defendant interprets the CFAA to require “some harm or damage to the computer system itself,” citing Van Buren v. United States, 141 S.Ct. 1648, 1660 (2021). Defendant argues that in Van Buren, the Supreme Court concluded that “[t]he statutory definitions of ‘damage' and ‘loss' . . . focus on technological harms-such as the corruption of data-of the type unauthorized users cause to computer systems and data.” Id. at 1660. The Court reasoned that “[l]imiting ‘damage' and ‘loss' in this way makes sense in a scheme ‘aimed at preventing the typical consequences of hacking.'” Id. In this case, defendant argues that plaintiff cannot state a claim under the CFAA because plaintiff alleges only harm stemming from the costs that it incurred by investigating defendant's use of its platform (i.e., its “considerable time and expense investigating [defendant's] conduct”), without more, which is neither “damage” nor “loss” contemplated by the CFAA.

Plaintiff counters that it has sufficiently pled “loss” as required by the statute, which plainly contemplates reasonable costs for “conducting a damage assessment.”Plaintiff argues that it can state a claim under the CFAA for its “loss” without tethering the costs of its damage assessment to an additional “damage pleading” (i.e., a pleading that alleges an actual technological harm). Plaintiff acknowledges that the CFAA limits recoverable assessment losses, but according to plaintiff, this limitation is based on costs that are “reasonable,” not based on the outcome of the assessment (in other words, the damages are not tied to whether the assessment leads to a finding of actual technological damage).

Plaintiff does not dispute that it has not alleged “damage” under the CFAA. It would have been difficult to do so, based on the first amended complaint. For example, in Cassetica Software, Inc. v. Comput. Scis. Corp., No. 09 C 0003, 2009 WL 1703015 (N.D. Ill. June 18, 2009), the court noted that “other courts have consistently found that merely copying electronic information from a computer system does not satisfy the ‘damage' element because the CFAA only recognizes damage to a computer system when the violation caused a diminution in the completeness or useability of the data on a computer system. Id., at *3.

The court agrees with plaintiff that an actual technological harm is not required to state a claim for “loss” under the CFAA-although it concludes that a “loss” based on assessment costs is covered by the statute only where the costs are “reasonable” and where the damage assessment is “related to costs caused by [technological] harm to computer data, programs, systems, or information services.” In other words, the assessment must be related to the possibility of some type of technological damage. The court recognizes that it takes the middle ground in construing the term “loss,” with courts in this district coming out both ways on this issue. See ExactLogix, Inc. v. JobProgress, LLC, 508 F.Supp.3d 254, 265-268 (N.D. Ill. 2020).

Accordingly, the court grants defendant's motion to dismiss Count One. Plaintiff has failed to plausibly allege that its investigation into defendant's access to, and misappropriation of, CCC ONE was related to the possibility of technological damage. While plaintiff was fearful that defendant may have copied its algorithms and data, plaintiff does not allege that it investigated defendant because it suspected that defendant harmed, or intended to harm, its platform. Rather, plaintiff alleges that defendant's access was part of “a concerted effort to discern [plaintiff]'s proprietary data, algorithms, and other information to achieve [defendant]'s own business ends.” In fact, the allegations in the first amended complaint cut against the argument that plaintiff investigated defendant to uncover potential technological harm. If, as plaintiff alleges, defendant was using plaintiff's trademarks to “pass[ ] off its own estimates as the product of CCC ONE,” it is implausible that defendant would have harmed the very platform that it allegedly bootstrapped for its own success.

Next, the court turns to defendant's argument that the court should dismiss Count Six because plaintiff has not plausibly alleged that it is entitled to injunctive relief under the IUDTPA, which requires an allegation of ongoing or future harm. See Darne v. Ford Motor Co., No. 13 C 03594, 2015 WL 9259455, at *12 (N.D. Ill.Dec. 18, 2015). Further, to the extent that plaintiff seeks relief beyond injunctive relief (such as recovery of profits, compensatory damages, and reasonable attorney's fees), defendant urges the court to dismiss the claim because the IUDTPA authorizes private suits for injunctive relief only. See, e.g., Purepecha Enters., Inc. v. El Matador Spices & Dry Chiles, No. 11 C 2569, 2012 WL 3686776, at *16 (N.D. Ill. Aug. 24, 2012) (“[T]he IUDTPA does not provide a private cause of action for damages.”).

The court agrees with plaintiffs that defendant overstates the limitations on relief under the IUDTPA. The IUDTPA authorizes the recovery of attorneys' fees and costs in addition to injunctive relief. 815 ILCS 510/3.

In response, plaintiff does not dispute that the IUDTPA contemplates primarily injunctive relief, and that it must allege ongoing or future harm to receive injunctive relief. Rather, plaintiff argues that it does allege ongoing and future harm, in the form of damage to its brand and lost business and profits. Because the two parties are business competitors, and because, according to plaintiff, the circumstances “support the inference that future harm will occur,” plaintiff argues that it states a claim in Count Six. Relatedly, because plaintiff alleges that defendant used its unauthorized access to CCC ONE to unlawfully replicate its proprietary information and algorithms, plaintiff argues that terminating the license did not prevent future or ongoing harm, despite mitigating the risk.

The court agrees with defendant that plaintiff has not plausibly alleged continuing and ongoing harm stemming from defendant's conduct. Past harm is not necessarily evidence of future harm, and where a party is now aware of another party's past deceptive practices, that party is not likely to be harmed by the practices in the future. See Camasta v. Jos. A. Bank Clothiers, Inc., 761 F.3d 732, 740-41 (7th Cir. 2014). It is plausible, as plaintiff alleges, that defendant could have copied plaintiff's algorithms and data, which could allow defendant to continue to misappropriate CCC ONE in the future. The problem for plaintiff is that the IUDTPA does not provide a cause of action against defendant's alleged misappropriation of CCC ONE's algorithms and data; rather, the foundation of plaintiff's IUDTPA claim must be defendant's allegedly fraudulent and deceptive practices. These practices allowed defendant to gain access to CCC ONE through the licensing agreement. The first amended complaint contains no suggestion that defendant will fraudulently attempt to gain access to CCC ONE in the future using aliases or fake companies, and there is also no plausible allegation that defendant continues to access the platform, given that plaintiff terminated the licensing agreement with JA Appraisal.

Although plaintiff claims that their first amended complaint alleges “numerous facts” supporting the inference of continuing and future harm, the factual allegations that plaintiff cites in its response (paragraphs 57-66 of the first amended complaint) refer only to past conduct. Plaintiff attempts to argue that these paragraphs allege that defendant continues to use plaintiff's trademarks to label its own estimates, to the detriment of plaintiff's business reputation and profits in the future. The first amended complaint, however, does not contain this allegation. Plaintiff has not plausibly alleged continuing or future harm, and has not stated a claim for relief under the IUDTPA.

CONCLUSION

For the reasons stated above, the court grants defendant's motion to dismiss Counts One and Six (Doc. 100), without prejudice.

The docket does not reflect that defendant has filed an answer to plaintiff's first amended complaint. Defendant is directed to file an answer to the remaining counts of the first amended complaint.


Summaries of

CCC Intelligent Servs. v. Tractable, Inc.

United States District Court, Northern District of Illinois
Jan 25, 2023
18 CV 7246 (N.D. Ill. Jan. 25, 2023)
Case details for

CCC Intelligent Servs. v. Tractable, Inc.

Case Details

Full title:CCC INFORMATION SERVICES, INC., Plaintiff, v. TRACTABLE, INC., Defendant.

Court:United States District Court, Northern District of Illinois

Date published: Jan 25, 2023

Citations

18 CV 7246 (N.D. Ill. Jan. 25, 2023)

Citing Cases

Magnuson v. Window Rock Residential Recovery Fund, L.P.

Nevertheless, the IUDTPA does not provide a private cause of action for damages. See 815 ILCS 510/3…