Opinion
Civil Action 20-3241
08-28-2024
CONTOUR DATA SOLUTIONS LLC Plaintiff, v. GRIDFORCE ENERGY MANAGEMENT LLC, et al. Defendants.
MEMORANDUM OPINION
Rufe, J. August 28, 2024
This case arises from a contractual dispute over the ownership and use of an Information Technology System (“IT System”). Plaintiff Contour Data Solutions, LLC brings this action against Gridforce Energy Management LLC and NAES Corporation (together, “Gridforce”) for breach of contract, conversion and/or negligent destruction of property, state and federal trade secret misappropriation, and violations of the federal Computer Fraud and Abuse Act (“CFAA”), the federal Stored Communications Act (“SCA”), and the Texas Harmful Access by a Computer Act (“THACA”). Gridforce has asserted a counterclaim for breach of contract. Both Gridforce and Contour have moved for summary judgment. For the reasons set forth below, Contour's partial Motion for Summary Judgment will be denied, and Gridforce's partial Motion for Summary Judgment will be granted.
Contour asserts its breach of contract claims against only Gridforce, but asserts its remaining claims against Gridforce and NAES.
See Contour's Mot. Summ. J. [Doc. No. 335]; Gridforce's Mot. Summ. J. [Doc. No. 339].
I. Background
This dispute centers on the IT System that Contour set up for Gridforce to run its business. Contour paints Gridforce as the mastermind behind a covert theft of that IT System, which Contour asserts is a trade secret. Gridforce paints a different picture, claiming that Gridforce merely terminated its IT services contract with Contour and shifted to another provider due to Contour's poor service.
The parties did not file a joint stipulation of material facts. Instead, Contour submitted a Statement of Facts as an attachment to its brief in support of summary judgment. See Contour's Statement of Facts [Doc. No. 335-1]. Gridforce submitted a Response to Contour's Statement of Facts as an attachment to its response brief in opposition. Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1]. Moreover, in its own Motion for Summary Judgment, Gridforce outlines what it refers to as “undisputed material facts” that were “principally taken from Contour's sworn testimony, including the verified allegations of its Second Amended Complaint.” Gridforce's Mem. Supp. Mot. Summ. J. [Doc. No. 339-1] at 2. The Court draws the factual background from the uncontested portions of each statement of facts and, as necessary, appropriate evidence introduced by the parties related to the claims.
Contour is a technology company that provides various technology services, including information technology and cloud-based network operating support. Contour works with each of its clients to identify their goals, technology integration issues, and problem areas to develop an IT strategy and system. Gridforce is a power services company that provides energy control and integration management services to balance and route electricity throughout North America.
See Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1] at SF 1, 2.
Id. at ¶ 2.
Id. at ¶ 3.
Gridforce (previously known as Constellation Energy Control and Dispatch LLC, hereinafter “Constellation Energy Control”) has used an IT system since 2001 to monitor and manage its customers' power facilities. In 2014, Constellation Energy Control, a subsidiary of Constellation Energy Corporation (“Constellation”), an Exelon company, was sold to Power Generation Services Inc. and renamed Gridforce Energy Management LLC. This sale was consummated on April 21, 2014, pursuant to a Purchase and Sale Agreement between Exelon and Power Generation Services. In connection with the Purchase and Sale Agreement, Exelon and Power Generation Services negotiated a Transition Services Agreement to allow Gridforce to move its applications and data from the Constellation/Exelon data centers to Contour's data centers. The Transition Services Agreement provided Gridforce with access to Exelon's and Constellation's network operating services and IT environment for a 12-month period, after which Gridforce was cut off from all of Exelon's services and was no longer able to access the Exelon IT environment.
Id. at ¶ 10.
Id. at ¶ 11.
Id. at ¶ 14.
1. Managed Master Services Agreement (“MMSA”)
In 2014, Gridforce engaged Contour to create an IT network system. J.T. Thompson, the founder and then-president of Gridforce, negotiated the agreement on behalf of Gridforce. Rocco Guerriero, Contour's founder and CEO, negotiated on behalf of Contour. On June 27, 2014, Gridforce and Contour entered into a Managed Master Services Agreement (“MMSA”) outlining the parties' obligations. The MMSA was signed by Thompson in Texas on June 25, 2014, and then by Guerriero in Pennsylvania on June 27, 2014. C.J. Ingersoll, an employee at Gridforce, was also involved in and present for all major negotiations and meetings leading up to the execution of the MMSA. During the relevant period, Fred Germana was an engineer for Contour and served as the Lead Architect for the Gridforce project.
Tillery Decl., Ex. 73, MMSA [Doc. No. 336-3]. The parties dispute the nature of the MMSA and the creativity required to build the IT System. According to Contour, Contour was engaged to “create, build, and manage an integrated IT network communication system by and from which Gridforce could run its business” and “designed, created, and deployed an entire virtual environment for Gridforce.” Contour's Statement of Facts [Doc. No. 335-1] ¶¶ 19, 73. Gridforce disputes this and states that Contour was merely engaged “to provide Gridforce with the same network operating and IT support that Constellation had provided.” Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1] at SF 19. These fundamental disagreements continue throughout the parties' presentation of “facts.” Contour claims that the IT System “includes hundreds of Contour's proprietary configurations, scripts, and GPOs [group policy objects] created by Contour and orchestrated in the compilation of the Contour IT System.” Contour's Statement of Facts [Doc. No. 335-1] ¶ 75. Gridforce disputes this and states that “Contour has produced no evidence to suggest it did anything more than use standard third-party commercial software tools and well-known industry concepts and technologies.” Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1] at SF 75.
Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1] at SF 20.
Id. at ¶ 65.
The MMSA provided for an initial 36-month term, followed by 12-month renewal periods unless terminated with written notice not less than 180 days before the expiration of the Initial Term or any Renewal Term. The MMSA governed Contour's design, construction, and maintenance of Gridforce's IT System, as well as the parties' rights and responsibilities concerning the IT System. Contour was tasked with server virtualization, i.e., converting Gridforce's physical servers into a cloud-based virtual environment through the use of virtual machines. Server virtualization allows virtual servers to perform specific tasks within the IT environment. The MMSA is a “master” contract, meaning it permits the parties to contract for multiple services without having to renegotiate the terms and conditions set forth in the MMSA. The MMSA governs the entirety of the parties' agreement, while various other documents, referred to as Service Order Forms or “SOFs,” were issued when Gridforce requested additional or new items of work stemming from the MMSA. Pursuant to the MMSA, a Billing Change Request was issued if any changes were made or requested by Gridforce that would impact either the terms of a particular SOF or the billing associated with an SOF. The parties entered into multiple SOFs and Billing Change Requests.
Tillery Decl., Ex. 73, MMSA [Doc. No. 336-3] at 2.
Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1] at SF 27, 59.
A virtual machine is a software program which emulates a physical computer or mimics a physical server or physical hardware. An operating system and applications can then be installed onto the virtual machine. A virtual machine can be created and run from a computer or deployed from a cloud-based environment. Once a virtual machine is created, an operating system and applications, such as email, phone, and file servers, may be installed on it and it can be deployed into a specific IT environment. See Contour Data Sols. LLC v. Gridforce Energy Mgmt. LLC, No. 20-3241, 2021 WL 5536266, at *6 (E.D. Pa. Sept. 2, 2021).
Id.
Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1] at SF 27.
Id. at ¶ 31.
Id.; Gridforce's Am. Answer [Doc. No. 236] ¶ 45 (“Gridforce admits that six Billing Change Requests were issued ....”); id. ¶ 46 (“Gridforce admits that SOFs were issued at various points during the relationship between it and Contour ....”).
Section 3(a) of the MMSA states:
Term. . . . [S]hould any Exhibit entered into during the period of this Agreement require Services to be performed beyond the expiration or termination date of this Agreement, then the terms of this Agreement shall remain in effect with respect to such Exhibit(s) until the expiration or termination of the Exhibit(s) at issue.
Tillery Decl., Ex. 73, MMSA [Doc. No. 336-3] at 2.
Section 3(b) of the MMSA states:
Termination. (i) Either party hereto may immediately terminate this Agreement, with written notice, prior to the end of the Term upon the breach of any material provision of this Agreement by the other party, which breach shall have remained uncured for thirty (30) consecutive calendar days after written notice of such failure shall have been given to such party.
Id.
Section 9(a) of the MMSA states:
Warranties of Contour. Contour shall perform the Services (i) in a professional manner, (ii) in conformance with that level of care and skill ordinarily exercised in similar circumstances, including services for critical infrastructure, by providers of the same or similar services, and (iii) in compliance with all applicable federal, state and local laws, statutes, rules and regulations.
Id. at 4.
Section 6 of the MMSA outlined the parties' individual ownership of Contour's materials and information, as well as Gridforce's technology.
Id. at 2-3.
For approximately the first year of the MMSA, which overlapped with the Gridforce-Exelon/Constellation Transition Services Agreement, Gridforce used the Exelon-owned, pre-Contour IT System housed in Baltimore, Maryland. The hardware for Contour's replacement IT System was housed in two data centers, one in Utah and one in Pennsylvania.Contour owned the hardware housed in these facilities. The new IT System was set up prior to the termination date of the Transition Services Agreement, and Gridforce was able to “cut over” to the new IT environment without having to shut down its energy services.
Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1] at SF 45.
Id. at ¶ 48.
Id. at ¶ 50.
Id. at ¶ 63.
2. Service Order Forms 005 and 007
On July 22, 2014, Gridforce's Thompson signed 062014-Gridforce-005 (Order 001) (“SOF 005”). SOF 005 states:
Tillery Decl., Ex. 57, Service Order Forms [Doc. No. 336-2]; see also Second Am. Compl., Ex. C [Doc. No. 185]. Contour's Rocco Guerriero's signature on SOF 005 is dated August 8, 2014. Id.
This service order form is used as a guideline based on the customer provided communication to Contour. Customers billing will be based on actual usage. Once billing occurs customer is committed to the terms set forth. Once additional components are added to monthly billing, the contract will extend itself by an additional 36 months.
Tillery Decl., Ex. 57, Service Order Forms [Doc. No. 336-2]; see also Second Am. Compl., Ex. C [Doc. No. 185]; Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1] at SF 38.
In other words, SOF 005 had an “autorenewal” provision of 36 months.
The IT System went live in 2015. On August 11, 2015, Thompson executed 062014-007 (Private Cloud) (“SOF 007”). SOF 007 stated that:
Tillery Decl., Ex. 57, Service Order Forms [Doc. No. 336-2]; see also Second Am. Compl., Ex. D [Doc. No. 185]; Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1] at SF 42.
This Service Order Form is issued pursuant to the terms and conditions set forth in the Master Services Agreement, and addenda thereto, entered into by the parties (or such other software license or service agreement entered into by the parties) and referenced above (the “Master Service Agreement”). By signing
below, Customer agrees to be bound by the terms and conditions of this Order Form and the Master Service Agreement.
Tillery Decl., Ex. 57, Service Order Forms [Doc. No. 336-2]; see also Second Am. Compl., Ex. D [Doc. No. 185].
Thus, unlike in SOF 005, there was no autorenewal provision in SOF 007. SOF 007 provided for a recurring monthly subscription of $87,302.23 for August 1, 2015, through January 1, 2016, and then a recurring monthly subscription of $100,999.38 for January 1, 2016, through August 1, 2020. Guerriero attached a cover letter to the executed copy of SOF 007 that states:
Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1] at SF 43.
Enclosed please find the executed Service Order Form for Private Cloud Infrastructure. This Service Order #062014-007 [SOF 007] amends and restates in its entirety Service Order #062014-Gridforce-005 [SOF 005]. All terms and conditions set forth in MSA #06.24.2019 Gridforce Energy Management, LLC and in Service Order #062014-Gridforce-005 [SOF 005] remain in effect and are unchanged.
Tillery Decl., Ex. 57, Service Order Forms [Doc. No. 336-2]; see also Second Am. Compl., Ex. D [Doc. No. 185].
Gridforce issued Billing Change Requests throughout 2019 that updated SOF 007 on minor matters.
See Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1] at SF 178.
3. Issues in the Contour and Gridforce Relationship
On September 22, 2016, Gridforce sent Contour a letter with the subject line “Notice of Material Breach, Failure to Conduct Operations in the Normal Course of Business, and Breach of Warranty.” Specifically, Gridforce claimed a right to terminate the MMSA for “failure to implement a compliant CIP [Critical Infrastructure Protection Reliability Standards] program by the July 1, 2016 deadline, and for Contour's other failures to perform as required under the specific terms of this agreement.” Gridforce did not terminate the MMSA at that time.
Id. at ¶ 132; Tillery Decl., Ex. 77, Sept. 22, 2016 Letter [Doc. No. 336-3].
Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1] at SF 131; Tillery Decl., Ex. 77, Sept. 22, 2016 Letter [Doc. No. 336-3] at 5. The Critical Infrastructure Protection Reliability Standards are requirements from the federal government for entities involved in critical infrastructure, including electrical power grids. See id. at 2.
On October 4, 2016, Contour responded to the letter, providing its own account of why Gridforce had no basis to terminate the agreement and asserting that it was “Gridforce's obligation to comply with NERC Critical Infrastructure Protection Reliability Standards.” Gridforce did not follow up on the letter or serve any additional notices of material breach after receiving the letter. Gridforce contends that it did not send another notice of material breach because it was actively trying to work alongside Contour to help it cure the breach.
Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1] at SF 138; Tillery Decl., Ex. 78, Oct. 4, 2016 Letter [Doc. No. 336-3] at 2.
Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1] at SF 139.
On or about June 9, 2017, due to Gridforce's concerns regarding the IT System, Contour and Gridforce entered into a Shared Infrastructure Management Addendum (“SIMA”) to the MMSA. The addendum provided Gridforce with administrative-level credentials to the IT System. Gridforce further agreed in the SIMA as follows:
Tillery Decl., Ex. 92, SIMA [Doc. No. 336-4].
Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1] at SF 141; Tillery Decl., Ex. 92, SIMA [Doc. No. 336-4] § 1.1.
[Gridforce] is solely responsible and liable for all actions taken on a Device using Customer's [Gridforce's] administrative-level credentials, including but not limited to, all modifications, additions, or deletions made to the Devices, such as changes to configurations, settings, permissions, users or any other configurable feature, system or subsystem of any Device (“Customer Actions”).
Tillery Decl., Ex. 92, SIMA [Doc. No. 336-4] § 1.2.
As relevant, the 36-month Initial Term under the MMSA ended on June 27, 2017, and, given that there was no written notice of termination, the MMSA was automatically renewed for another 12-month term (until June 27, 2018). As of July 20, 2017, Gridforce believed that Contour was in default of certain of its obligations under the MMSA. On July 26, 2017, Gridforce provided Contour with a “Notice of Concerns” regarding ticketing system issues, to which Contour replied. Gridforce was acquired by North American Energy Services Corporation (“NAES”) about this time.
In 2019, Gridforce issued a Notice of Non-Renewal stating that the MMSA was set to expire on June 27, 2020. Therefore, the Court infers that the MMSA auto-renewed three times after the initial term expired. See Tillery Decl., Ex. 112, Dec. 23, 2019 Notice of Non-Renewal [Doc. No. 336-4].
Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1] at SF 159.
Id. at ¶ 161.
Id. at ¶ 7.
The MMSA was automatically renewed for another 12-month term on June 27, 2018.In March 2019, Gridforce hired Ed Angus to manage its virtual infrastructure-mainly, its virtual machines and associated systems. The IT System suffered two outage events over the following months. In May 2019, Gridforce's primary data center went offline for 30 hours after an external network line was cut. In July 2019, Gridforce's other data center went offline for weeks after a water leak flooded the hardware. Gridforce thought that Contour did not respond to these situations quickly enough and began to doubt the viability of Contour's services.However, the MMSA had automatically renewed for another 12-month term beginning on June 27, 2019, and ending on June 27, 2020-i.e., after the first outage event, but before the second.
Supra n.42.
See Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1] at SF 146.
Chung Decl., Ex. 20, May 18, 2019 Email [Doc. No. 339-2].
See Chung Decl., Ex. 21, Oct. 17, 2019 Email [Doc. No. 339-2].
Contour argues that the main reason that Gridforce terminated the contract with Contour was because of the NAES acquisition of Gridforce, which led to the need to cut costs. See Contour's Statement of Facts [Doc. No. 353-1] at SF 151-60.
Supra n.42.
4. Data Migration Project
On August 28, 2019, NAES, Gridforce's parent entity, hired CDW, a technology company that sells hardware, software, and technology solutions, to perform a data migration project related to the IT System. NAES hired Krissie Nelson as a project manager to assist with the project. Contour contends, in its own words, that the project was an unauthorized “lift and shift” operation, by which Gridforce “‘moved' large portions of the Contour IT System secretly, without any approved Change Request.” Gridforce asserts that Contour approved the data migration. Both parties agree that Gridforce did not tell Contour of its plans to terminate the Contour contract prior to the data migration. CDW received authorization from Gridforce to migrate the IT System, but it did not request or receive authorization from Contour.
Tillery Decl., Ex. 47, CDW Statement of Work [Doc. No. 336-2]; Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1] at SF 175-76.
Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1] at SF 195.
Id. at ¶ 205, 206 n.5. Gridforce could request changes to the scope of services Contour was obligated to provide under § 1(b), as outlined in § 5 of the MMSA. Tillery Decl., Ex. 73, MMSA [Doc. No. 336-3] at 2 (“Change Order Proposal. Customer may, from time to time, submit to Contour a request for changes to an existing Exhibit.”).
Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1] at SF 193.The parties dispute what exactly was migrated. Contour asserts that the entire “Contour IT System” was migrated, while Gridforce asserts that it was only Gridforce's VMs, which “comprise only a small portion of the ‘IT System' as a whole.” Id. at ¶ 205.
See id. at ¶ 148.
Over the Thanksgiving weekend in 2019, CDW migrated portions of the IT System at Gridforce's request. Gridforce did not submit a “change request” to Contour prior to the migration. Once Contour's engineers realized that a new IP address had joined the System, Contour personnel confronted Gridforce about the data migration. Gridforce's Angus told Contour to “not take any action ....” The migration was completed by early 2020.
Id. at ¶ 205.
Id. at ¶ 204, 206.
Id. at ¶ 206.
Id. at ¶ 213.
5. Termination of the Gridforce and Contour Relationship
On December 23, 2019, Gridforce's Ingersoll wrote to Contour's Guerriero to inform him that the MMSA was set to expire in the summer of 2020, and that under Section 3 of the MMSA, Gridforce did not intend to renew. Sections 3 and 7 of the MMSA require a party to return and to cease using the other's confidential information at the expiration of the agreement, and not to disclose confidential information or use confidential information for its own benefit or for the benefit of any third party.
Tillery Decl., Ex. 112, Dec. 23, 2019 Notice of Non-Renewal [Doc. No. 336-4]; see also Tillery Decl., Ex. 73, MMSA [Doc. No. 336-3] § 3(a) (“This Agreement shall automatically renew for successive 12 (12) [month] periods (each a “Renewal Term”), unless otherwise terminated by either party giving written notice to the other party not less than one hundred eighty days (180) days prior to the expiration of the Initial Term or any Renewal Term.”).
Tillery Decl., Ex. 73, MMSA [Doc. No. 336-3] §§ 3(c), 7(a).
On February 7, 2020, Gridforce sent Contour a “Notice of Termination for Default,” stating that Gridforce was terminating the Agreement and any active service orders effective immediately. Gridforce's letter asserted that “[r]ather than cure the breaches identified in the [September 22, 2016 Letter] to bring its services into conformity with the appropriate level of care, Contour has continued to commit the same and similar fundamental breaches of the Agreement and standard IT practices, including those described below.” The letter listed seven “Representative Fundamental Breaches.”
Tillery Decl., Ex. 93, Feb. 7, 2020 Termination Letter [Doc. No. 336-4]; Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1] at SF 243.
Tillery Decl., Ex. 93, Feb. 7, 2020 Termination Letter [Doc. No. 336-4] at 1.
Id. at 2-3. There is also a dispute as to when the last payment from Gridforce to Contour was made. Contour states that Gridforce stopped paying Contour on February 7, 2020. Gridforce states that it made a payment in July 2020. See Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1] at SF 245.
B. Procedural History
Contour filed this lawsuit on July 1, 2020. Gridforce answered the Complaint and asserted a counterclaim against Contour. As authorized by the federal Defend Trade Secrets Act (“DTSA”) and the relevant state uniform trade secret acts, Contour filed a motion for a preliminary injunction in connection with the lawsuit. Initially, Contour sought to enjoin Gridforce's use of the entire IT System. However, at a status hearing on June 3, 2021, Contour represented that it was narrowing its motion and sought only to enjoin Gridforce from using 16 virtual machines (“VMs”) allegedly containing confidential information and trade secrets.
Gridforce's Answer [Doc. No. 16].
See Contour's Mot. Prelim. Inj. [Doc. No. 25].
Contour, 2021 WL 5536266, at *1.
On June 15 and 16, 2021, the Court held a hearing on Contour's Preliminary Injunction Motion, after which the Court entered its Findings of Fact and Conclusions of Law. The Court denied Contour's Motion for a Preliminary Injunction because Contour failed to present sufficient evidence that the 16 VMs contained protectable trade secrets or that Contour would be irreparably harmed if an injunction did not issue. Contour filed an amended complaint on December 1, 2021, adding three additional “hacking” claims. Contour and Gridforce have now filed cross-motions for summary judgment, in addition to numerous sealing motions. Gridforce also moved to exclude the opinions of Contour's experts, James Joseph (“J.T.”) Thompson, the former President of Gridforce, and William Brian Bohn, Chief Architect at Clearpath Solutions Group. The Court addresses here the cross-motions for summary judgment.
Id. at *15.
Second Am. Compl. [Doc. No. 185].
See Contour Data Sols. LLC v. Gridforce Energy Mgmt. LLC, No. 20-3241, 2024 WL 3925685 (E.D. Pa. Aug. 23, 2024) (granting motions to exclude Thompson and Bohn).
II. Legal Standard
A court will award summary judgment on a claim or part of a claim where there is “no genuine dispute as to any material fact and the movant is entitled to judgment as a matter of law.” A fact is “material” if it could affect the outcome of the suit, given the applicable substantive law. A dispute is “genuine” if the evidence presented “is such that a reasonable jury could return a verdict for the nonmoving party.” In evaluating a summary judgment motion, a court “must view the facts in the light most favorable to the non-moving party and must make all reasonable inferences in that party's favor.” Further, “a court may not weigh the evidence or make credibility determinations ....” Nevertheless, the party opposing summary judgment must support each essential element of the opposition with concrete evidence in the record. “If the evidence is merely colorable, or is not significantly probative, summary judgment may be granted.” Therefore, if, after making all reasonable inferences in favor of the non-moving party, the court determines that there is no genuine dispute as to any material fact, summary judgment is appropriate. Under Federal Rule of Civil Procedure 56(g), “[i]f the court does not grant all the relief requested by the motion, it may enter an order stating any material fact- including an item of damages or other relief-that is not genuinely in dispute and treating the fact as established in the case.”
Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 248 (1986).
Id.
Hugh v. Butler Cnty. Fam. YMCA, 418 F.3d 265, 267 (3d Cir. 2005) (citation omitted).
Boyle v. County of Allegheny, 139 F.3d 386, 393 (3d Cir. 1998) (citation omitted).
Celotex Corp. v. Catrett, 477 U.S. 317, 322-23 (1986).
Anderson, 477 U.S. at 249-50 (internal citations omitted).
Wisniewski v. Johns-Manville Corp., 812 F.2d 81, 83 (3d Cir. 1987).
“The rule is no different where there are cross-motions for summary judgment,” As stated by the Third Circuit, “[c]ross-motions are no more than a claim by each side that it alone is entitled to summary judgment, and the making of such inherently contradictory claims does not constitute an agreement that if one is rejected the other is necessarily justified or that the losing party waives judicial consideration and determination whether genuine issues of material fact exist.”
Lawrence v. City of Phila., 527 F.3d 299, 310 (3d Cir. 2008).
Id. (quoting Rains v. Cascade Indus., Inc., 402 F.2d 241, 245 (3d Cir. 1968)).
III. Discussion
Contour and Gridforce both move for partial summary judgment. In Gridforce's Motion, Gridforce first seeks summary judgment on Contour's breach of contract claim to limit the damages Contour may recover. Second, Gridforce moves for judgment in its favor as to Contour's misappropriation claims because: (i) Contour has not described its purported trade secret with sufficient specificity; (ii) Contour has failed to show that the IT System has independent economic value; and (iii) there is no evidence that Gridforce took the IT System. Third, Gridforce moves for summary judgment on Contour's three hacking claims because Gridforce had contractual authority to access (and restrict access to) the system components that Contour claims were “hacked.” Fourth, Gridforce moves for judgment on Contour's conversion claim as a matter of law because Pennsylvania law does not recognize the conversion of intangible property, like the digital components of a computer system. Gridforce does not move for summary judgment on its counterclaim or on its affirmative defenses.
In its Motion for Summary Judgment, Contour seeks: (i) judgment in its favor on Gridforce's counterclaim for breach of contract, arguing that it is barred by the statute of limitations and is without merit; (ii) judgment in its favor on six of Gridforce's seven affirmative defenses; and (iii) judgment in its favor on Contour's claims for breach of contract, conversion, and hacking. Contour does not seek summary judgment on its state and federal trade secret misappropriation claims.
A. Contour and Gridforce's Breach of Contract Claims
Contour seeks summary judgment on its breach of contract claim and on Gridforce's breach of contract counterclaim. Gridforce seeks partial summary judgment to limit Contour's recoverable damages on its breach of contract claim. Both parties agree that Maryland law governs the breach of contract claims. Under Maryland law, the elements of a claim for breach of contract are “contractual obligation, breach, and damages.”
Tucker v. Specialized Loan Servicing, LLC, 83 F.Supp.3d 635, 655 (D. Md. 2015) (quoting Kumar v. Dhanda, 17 A.3d 744, 749 (Md. Ct. Spec. App. 2011)); see also Taylor v. NationsBank, N.A., 776 A.2d 645, 651 (Md. 2001) (“To prevail in an action for breach of contract, a plaintiff must prove that the defendant owed the plaintiff a contractual obligation and that the defendant breached that obligation.”).
1. Contour's Breach of Contract Claims
Contour seeks summary judgment on claims that Gridforce breached its obligations under the MMSA by: (1) failing to make monthly payments after February 7, 2020 (the date of the Notice of Termination); (2) failing to return and cease use of all “confidential information;” (3) disclosing the “confidential information” without authorization; (4) claiming ownership of the IT System; and (5) deleting a “notice” in the IT System firewall that stated it was owned by Contour. Lastly, Contour alleges that Gridforce breached an implied covenant of good faith and fair dealing. The Court addresses each alleged breach in turn.
a. Claimed Breach 1: Failure to Pay after February 7, 2020
First, Contour alleges that Gridforce breached its contractual obligations under Sections 2 and 3(d) of the MMSA by failing to pay Contour after February 7, 2020. Section 2 of the MMSA states, “Customer shall pay Contour the fees, compensation and expenses (the “Fees”) for the Services as set forth in each respective Exhibit.” Section 3(d) of the MMSA states:
Tillery Decl., Ex. 73, MMSA [Doc. No. 336-3] § 2.
Upon termination of this Agreement, neither Contour nor the Customer shall have any further rights or obligations hereunder except for (i) Customer's obligation to pay Contour the Fees due and payable as of the date of expiration or termination of this Agreement, and (ii) the parties' respective obligations under Sections hereof.
Id. § 3(d).
Contour alleges that Gridforce failed to pay during two discrete time periods. First, Contour argues that Gridforce was required to continue paying Contour its monthly billing rate from February 7, 2020 through July 31, 2020, the end date of SOF 007. Second, Contour argues that Gridforce owes payment from August 2020 through July 2023 due to an “autorenewal” provision outlined in SOF 005.
Contour's Mem. Supp. Mot. Summ. J. [Doc. No. 335] at 66.
See id.
i. February 7, 2020 to July 31, 2020
Contour argues that Gridforce breached its contractual obligation to remit payment from February 7, 2020 to July 31, 2020, the end date outlined in SOF 007. Although the MMSA was set to terminate on June 27, 2020, SOF 007 was set to expire on August 1, 2020. Section 3(a) of the MMSA states, “should any Exhibit entered into during the period of this Agreement require Services to be performed beyond the expiration or termination date of this Agreement, then the terms of this Agreement shall remain in effect with respect to such Exhibit(s) until the expiration or termination of the Exhibit(s) at issue.” A direct application of the MMSA's language would suggest that the later termination date of SOF 007 controls.
See Tillery Decl., Ex. 112, Dec. 23, 2019 Notice of Non-Renewal [Doc. No. 336-4].
Tillery Decl., Ex. 57, Service Order Forms [Doc. No. 336-2]; see also Second Am. Compl., Ex. D [Doc. No. 185] at 2 (listing August 1, 2015 as effective date of service and providing for an “Extended Term” of 60 months).
Tillery Decl., Ex. 73, MMSA [Doc. No. 336-3] § 3(a).
The Court will not grant summary judgment on Contour's failure to pay claim from February 7, 2020 through July 31, 2020 because there are genuine and material factual disputes-namely, whether Contour breached its own obligations under the MMSA. “On a claim for breach of contract, the plaintiff (or counterplaintiff) asserting the claim for damages bears the burden of proving all elements of the cause of action, including plaintiff's own performance of all material contractual obligations.” “[U]nder Maryland law, a party suing on the contract must first prove [its] own performance, or an excuse for nonperformance, in order to recover for any breach by the opposing party.”
Collins/Snoops Assocs., Inc. v. CJF, LLC, 988 A.2d 49, 57 (Md. Ct. Spec. App. 2010) (citing Johnson & Higgins v. Simpson, 163 A. 832, 834 (Md. 1933)).
Hubler Rentals, Inc. v. Roadway Express, Inc., 637 F.2d 257, 260-61 (4th Cir. 1981) (citations omitted).
Section 9(a) of the MMSA outlined Contour's material contractual obligations as follows:
Contour shall perform the Services (i) in a professional manner, (ii) in conformance with that level of care and skill ordinarily exercised in similar circumstances, including services for critical infrastructure, by providers of the same or similar services, and (iii) in compliance with all applicable federal, state and local laws, statutes, rules and regulations.
Tillery Decl., Ex. 73, MMSA [Doc. No. 336-3] § 9(a).
Gridforce contends that Contour did not fulfill these obligations, particularly with respect to compliance with critical infrastructure standards. Contour cites the two major outage events that, according to Gridforce, called into question Contour's professional standards and were suggestive of negligence. Gridforce's February 7, 2020 Notice of Termination Letter further outlines numerous purported breaches, such as failing to comply with the required NERC Critical Infrastructure Protection Reliability Standards and other standard practices in the industry. Contour responds that “both Rocco Guerriero and James ‘J.T.' Thompson . . . have testified and will testify that Contour fully complied with all of its obligations under the MMSA.” Because the parties have presented conflicting evidence as to whether Contour complied with its duties under the MMSA, the issue cannot be resolved on summary judgment.
Gridforce's Resp. Opp'n. [Doc. No. 358] at 12.
Tillery Decl., Ex. 93, Feb. 7, 2020 Termination Letter [Doc. No. 336-4] at 1-3.
See Contour's Reply Supp. Mot. Summ. J. [Doc. No. 364] at 3 (emphasis omitted).
ii. August 2020 to July 2023
Contour asserts that Gridforce breached its contractual obligations by failing to pay Contour from August 2020 to July 2023 because, according to Contour, the parties agreed to renew the MMSA for an additional three years through a routine Billing Change Request in 2019. Gridforce seeks partial summary judgment on this claim to limit Contour's potential damages.
Contour's Mem. Supp. Mot. Summ. J. [Doc. No. 335] at 66.
Gridforce's Mem. Supp. Mot. Summ. J. [Doc. No. 339-1] at 12.
The dispute revolves around two service order forms (SOFs) signed by both parties- SOF 005 and SOF 007. SOF 005 was signed on July 22, 2014 by Gridforce and on August 8, 2024 by Contour. It set Gridforce's monthly billing expenses at $79,804.27. SOF 005 also contained an “autorenewal provision,” stating: “Once additional components are added to monthly billing, the contract will extend itself by an additional 36 months.” Over a year later, on July 27, 2015, the parties signed a replacement SOF (“SOF 007”), which included an increased monthly recurring cost of $87,302.23 for August 1, 2015 through January 1, 2016, and then a monthly recurring cost of $100,999.38 for January 1, 2016 through August 1, 2020. Importantly, SOF 007 did not include an autorenewal provision, but was instead operative for 60 months from the effective date of service (August 1, 2015 through August 1, 2020).
Tillery Decl., Ex. 57, Service Order Forms [Doc. No. 336-2]; Second Am. Compl., Ex. C [Doc. No. 185].
Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1] at SF 43.
Tillery Decl., Ex. 57, Service Order Forms [Doc. No. 336-2]; Second Am. Compl., Ex. D [Doc. No. 185] at 2.
Contour argues that the “autorenewal provision” in SOF 005 remained operative because Guerriero's attached cover letter stated that “[a]ll terms and conditions” set forth in SOF 005 “remain in effect and are unchanged.” Contour further asserts that a routine Billing Change Request in 2019, which added many additional components to the monthly billing, triggered the then-inoperative SOF 005's autorenewal provision. Because SOF 005 stated that the addition of components to the monthly billing would extend the contract by 36 months, Contour argues that the 2019 Billing Change Request-executed when SOF 007, not SOF 005, was the operative agreement-triggered the autorenewal provision in SOF 005 and renewed the contract for another 36 months, i.e., from August 2020 to July 2023.
Tillery Decl., Ex. 57, Service Order Forms [Doc. No. 336-2].
Contour's Resp. Opp'n [Doc. No. 353] at 20. On February 4, 2019, Denise Ayers of Gridforce executed a Billing Change Request for “Cross Connect Cable for two new circuits at Databank.” Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1] at SF 180. The costs associated with the Billing Change Request were a set-up fee of $300.00 and a monthly fee of $400.00. Id.
Contour's argument is without merit because SOF 007 replaced SOF 005 and is a clear and unambiguous contract on its face. “[A] written contract is ambiguous if, when read by a reasonably prudent person, it is susceptible of more than one meaning.” “[W]here a contract is plain as to its meaning there is no room for construction and it must be presumed that the parties meant what they expressed.” Maryland law “requires giving legal effect to the clear terms of a contract and bars the admission of prior or contemporaneous agreements or negotiations to vary or contradict a written contractual term.” Extrinsic evidence will be barred when the written contractual language is unambiguous.
Calomiris v. Woods, 727 A.2d 358, 363 (Md. 1999) (citations omitted); see also State Highway v. Bramble, 717 A.2d 943, 949 (Md. 1998) (“[T]he question of whether a contract is ambiguous ordinarily is determined by the court as a question of law.”); Hous. Auth. of College Park v. Macro Hous., Inc., 340 A.2d 216, 218 (Md. 1975) (holding that extrinsic evidence cannot be introduced when terms are unambiguous).
Canaras v. Lift Truck Servs., Inc., 322 A.2d 866, 873 (Md. 1974) (quoting Lawless v. Merrick, 175 A.2d 27, 71 (Md. 1961)).
Calomiris, 727 A.2d at 361 (citation omitted).
Hous. Auth. of College Park, 340 A.2d at 218.
Contour does not argue that any terms within SOF 007 are ambiguous, so as to warrant the use of extrinsic evidence, i.e., the cover letter. Instead, SOF 007, which was drafted by Contour, unambiguously stated that it was for 60 months and was issued pursuant to the terms of the MMSA. Therefore, the Court will grant Gridforce's Motion for Partial Summary Judgment on Contour's breach of contract claim, limiting Contour's recoverable damages to those incurred before August 2020.
A cover letter is considered extrinsic evidence. See, e.g., Telogis, Inc. v. InSight Mobile Data, Inc., No. 14-563, 2014 WL 7336678, at *3 (D. Md. Dec. 19, 2014) (defining a cover letter as extrinsic evidence).
Even if there were contractual ambiguity, Contour drafted the SOF and therefore the contractual ambiguity would be construed against it. See Stanbalt Realty Co. v. Com. Credit Corp., 401 A.2d 1043, 1047 (Md. Ct. Spec. App. 1979) (“[A]n ambiguous provision . . . should be construed against the draftsman.”).
b. Claimed Breach 2: Failure to Cease Use of All Confidential Information and Claimed Breach 3: Unauthorized Disclosure
Contour alleges that Gridforce breached the MMSA by: (1) failing to return, certify, and cease use of all “confidential information” and trade secrets of Contour (“Breach 2”); and (2) disclosing the “confidential information” without authorization (“Breach 3”).
Section 3(c) of the MMSA states:
Duties Upon Expiration or Termination. Upon expiration or termination of this Agreement pursuant to Sections 3(a) or 3(b), each party shall deliver to the other party all Confidential Information (as defined below) owned by such party, and destroy the Confidential Information contained in any computer memory or data storage apparatus. Such party shall certify in writing to the other party within one week after expiration or termination of this Agreement that it has delivered to
such party, or destroyed, the Confidential Information and all copies of the Confidential Information.
Section 7(a) of the MMSA states:
Non-Disclosure. . . . The Recipient agrees that neither Recipient nor Recipient's Representatives (as defined below) will, directly or indirectly, (i) use the Confidential Information in any way other than for the purpose of providing or receiving the Services hereunder, or (ii) disclose to any third party or use for Recipient's own benefit or for the benefit of any third party, all or any part of the Confidential Information, except as expressly provided for herein.
“Confidential Information” is defined in Section 7(b) of the MMSA as:
[A]ny proprietary or confidential information, whether in verbal, written or some other tangible medium, including, but not limited to, any prospective business opportunities, technical data, trade secrets, know-how, assets, operations, finances, technologies, patents, copyrights, trademarks, techniques, drawings, sketches, models, inventions, processes, apparatus, equipment, algorithms, formulae, software, [and] research . . .; provided, however, such term shall not include (i) information which, at the time of disclosure, is already known or available to the public, can be obtained from public sources or is otherwise in the public domain, (ii) information which, after disclosure, becomes known or available to the public through no breach by the Recipient or Recipient's Representatives of this Agreement, (iii) information already in the Recipient's possession at the time of disclosure, as evidenced by written documentary records of the Recipient, (iv) information which was independently developed by or for the Recipient without the use of or reliance on the Disclosing Party's Confidential Information, [or] (v) information received by the Recipient from another person or entity who is not known by the Recipient to be under an obligation to the Disclosing Party to keep the same confidential ....
Tillery Decl., Ex. 73, MMSA [Doc. No. 336-3] § 3(c).
Id. § 7(a).
Id. § 7(b).
Contour argues that-pursuant to Section 3(c) of the MMSA-Gridforce was not authorized to use its confidential information after Gridforce sent the February 7, 2020 Termination Letter to Contour. However, Contour has failed to define what that “confidential information” is, or how it was stolen or disclosed. Contour claims that the entire “Contour IT System” is a trade secret, which constitutes confidential information. However, as further discussed below, the IT System is not a trade secret. Contour has failed to articulate with any specificity how the IT System otherwise fits within the contractual definition of “confidential information.” Accordingly, the Court denies Contour's Motion for Summary Judgment as to the alleged Breach 2 (failure to return the “confidential information”) and Breach 3 (disclosure of the “confidential information”).
Contour's Reply Supp. Mot. Summ. J. [Doc. No. 364] at 7-10; see also Contour's Mem. Supp. Mot. Summ. J. [Doc. No. 335] at 64.
Infra Section III.B.
Contour states that “the definition of Confidential Information under the MMSA would include the Contour IT System regardless of whether it is a Trade Secret.” Contour's Mem. Supp. Mot. Summ. J. [Doc. No. 335] at 70. However, Contour does not provide any additional detail on what the confidential information is in relation to the definition in Section 7(b) of the MMSA.
c. Claimed Breach 4: Section 6(a) - Claim of Ownership
Section 6(a) of the MMSA states that “Contour shall retain all exclusive right, title and interest to its software, technologies, processes, systems, platforms, techniques, materials, equipment, templates, programs, know-how or other materials that are owned by or licensed to Contour ....” Contour argues that Gridforce breached Section 6(a) of the MMSA because “Gridforce agreed that all Contour Confidential Information and Trade Secrets used to develop Gridforce's IT System was and would remain Contour property,” and that Gridforce breached this agreement when it asserted ownership of the IT System in one of its affirmative defenses.As stated above, Contour has failed to articulate with specificity what portions of the IT System Gridforce improperly claimed to be its own, and therefore, the Court will deny Contour's Motion for Summary Judgment on the claim that Gridforce breached Section 6(a) of the MMSA.
Tillery Decl., Ex. 73, MMSA [Doc. No. 336-3] § 6(a).
Contour's Mem. Supp. Mot. Summ. J. [Doc. No. 335] at 70-71 (citing Gridforce's Answer [Doc. No. 16] at 40).
d. Claimed Breach 5: Section 6(c) - Deletion/Alteration of Notice
Section 6(c) of the MMSA states:
Notices. Contour and Customer shall not delete, alter, cover, or distort any copyright, trademark, or other proprietary rights notice placed by the other party on or in Contour materials and information or Technology and shall ensure that all such notices are reproduced on all copies thereof.
Tillery Decl., Ex. 73, MMSA [Doc. No. 336-3] § 6(c).
Contour claims that Gridforce violated Section 6(c) by altering its IT System firewall banner, which previously stated, “[t]his system is the property of Contour,” by replacing the word “Contour” with the word “Gridforce.” Gridforce argues that it purchased its own firewalls from CDW and it was those firewalls that state they are the property of Gridforce. As there remains a material factual dispute regarding the ownership of these firewalls, summary judgment must be denied.
Contour's Mem. Supp. Mot. Summ. J. [Doc. No. 335] at 71-72.
Gridforce's Resp. Opp'n [Doc. No. 358] at 37.
e. Claimed Breach 6: Breach of Implied Covenant of Good Faith and Fair Dealing
Lastly, Contour argues that Gridforce breached an implied covenant of good faith and fair dealing when it completed the data migration project, thereby “preventing Contour from performing its obligations under the MMSA.” Every contract contains an implied covenant of good faith and fair dealing. “Maryland law recognizes an implied duty of good faith and fair dealing as applied to the ‘performance and enforcement' of the contract itself.” “[T]he implied duty of good faith and fair dealing recognized in Maryland requires that one party to a contract not frustrate the other party's performance ....”
Contour's Mem. Supp. Mot. Summ. J. [Doc. No. 335] at 72.
Neal v. Monument Realty LLC, No. 0266, Sept. Term, 2014, 2016 WL 1733193, at *10 (Md. Ct. Spec. App. Apr. 29, 2016).
Polek v. J.P. Morgan Chase Bank, N.A., 36 A.3d 399, 416 (Md. 2012) (citing Blondell v. Littlepage, 991 A.2d 80, 90 (Md. 2010)).
Neal, 2016 WL 1733193, at *10 (quoting Blondell, 991 A.2d at 91).
In arguing that Gridforce breached the implied covenant of good faith and fair dealing, Contour states:
When Gridforce had completed its “lift and shift,” and had been caught redhanded, it terminated the MMSA and braced for the inevitable lawsuit and justice for its serious error in judgment. Gridforce knew that what it was doing was improper and that Contour would, as it eventually did, take appropriate legal action to stop it.
Contour's Mem. Supp. Mot. Summ. J. [Doc. No. 335] at 72.
However, Contour fails to explain what it was prevented from doing as a result of the data migration. Likewise, Contour does not clearly articulate any contractual obligations that Gridforce failed to perform in good faith. To the extent that Contour broadly characterizes Gridforce's data migration project and suspension of monthly payments as constituting bad faith, such arguments are subsumed by “Breach 1,” Gridforce's alleged failure to pay what it owed. Summary judgment will be denied on any theory of breach of contract predicated on an implied covenant of good faith and fair dealing.
Contour clarifies in its briefing that it is not bringing a separate cause of action on the basis of the implied covenant of good faith and fair dealing; it cites the covenant only insofar as it is “an implied term in every contract.” Contour's Mem. Supp. Mot. Summ. J. [Doc. No. 335] at 72 n.39.
2. Gridforce's Breach of Contract Counterclaim
Contour seeks summary judgment in its favor on Gridforce's breach of contract counterclaim, asserting that (1) Gridforce's claim is barred by Maryland's three-year statute of limitations; (2) Gridforce waived its September 2016 notice of material breach; and (3) Contour did not breach the MMSA. On September 22, 2016, Gridforce sent Contour a “Notice of Material Breach” letter, which stated that Contour failed to implement a compliant Critical Infrastructure Protection (“CIP”) program by the agreed-upon deadline of July 1, 2016.Gridforce's counterclaim alleges that Contour breached Section 9(a) of the MMSA, which guaranteed that Contour would perform its services “in conformance with that level of care and skill ordinarily exercised in similar circumstances, including services for critical infrastructure.”
Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1] at SF 130-40; Tillery Decl., Ex. 77, Sept. 22, 2016 Letter [Doc. No. 336-3].
Am. Answer [Doc. No. 239] at 71.
On October 4, 2016, Contour responded to the September letter. Gridforce did not send a reply letter or serve any other Notice of Breach letter over the next three years. Then, on February 7, 2020, Gridforce sent Contour a “Notice of Termination for Default” letter, which stated: “Rather than cure the breaches identified in the [September 22, 2016 Letter] to bring its services into conformity with the appropriate level of care, Contour has continued to commit the same and similar fundamental breaches of the Agreement and standard IT practices ....” Gridforce filed its initial breach of contract counterclaim on August 11, 2020.
Tillery Decl., Ex. 78, Oct. 4, 2016 Letter [Doc. No. 336-3].
Gridforce's Resp. to Contour's Statement of Facts [Doc. No. 358-1] at SF 139.
Tillery Decl., Ex. 93, Feb. 7, 2020 Termination Letter [Doc. No. 336-4] at 1.
Gridforce Answer [Doc. No. 16] at 44.
The Maryland Code provides that “[a] civil action at law shall be filed within three years from the date it accrues unless another provision of the Code provides a different period of time within which an action shall be commenced.” A cause of action for breach of contract typically accrues at the time of the alleged breach. Maryland follows the discovery rule, which means that “the cause of action accrues when the claimant in fact knew or reasonably should have known of the wrong.” “[W]here a contract provides for continuing performance over a period of time, each successive breach of that obligation begins the running of the statute of limitations anew, with the result being that accrual occurs continuously and a plaintiff may assert claims for damages occurring within the statutory period of limitations.” “The question of accrual is left to judicial determination, which ‘may be based solely on law, solely on fact, or on a combination of law and fact, and is reached after careful consideration of the purpose of the statute [of limitations] and the facts to which it is applied.'”
Singer Co., Link Simulation Sys. Div. v. Balt. Gas & Elec. Co., 558 A.2d 419, 424 (Md. Ct. Spec. App. 1989).
See Poffenberger v. Risser, 431 A.2d 677, 680 (Md. 1981).
Singer Co., 558 A.2d at 426.
Miller v. Pac. Shore Funding, 224 F.Supp.2d. 977, 985 (D. Md. 2002) (footnote omitted) (quoting Frederick Rd. Ltd. P'ship v. Brown & Sturm, 756 A.2d 963, 973 (Md. 2000)).
First, Contour argues that Gridforce's counterclaim asserts a single breach of contract claim based on an alleged breach as of July 1, 2016, while Gridforce argues that Contour continually breached under the MMSA. The MMSA required continuing performance in relation to the IT System that Contour provided to Gridforce. Although Contour may have learned about an initial material breach in 2016, Gridforce alleges successive breaches under the continuously governing MMSA. Gridforce notified Contour that it was terminating the MMSA in its letter of February 7, 2020, wherein it outlined breaches that had occurred throughout 2019. Therefore, the statute of limitations does not bar Gridforce's counterclaim.
Tillery Decl., Ex. 93, Feb. 7, 2020 Termination Letter [Doc. No. 336-4] at 2-3.
Second, Contour claims that it is entitled to summary judgment on Gridforce's counterclaim for breach of contract because Gridforce failed to issue any new notices of breach after the September 2016 letter. Contour argues that Gridforce's failure to send notices constitutes a waiver of any alleged breach of contract claims arising from those other alleged breaches. Section 3(b) of the MMSA outlined the governing termination procedure as follows:
Either party hereto may immediately terminate this Agreement, with written notice, prior to the end of the Term upon the breach of any material provision of this Agreement by the other party, which breach shall have remained uncured for thirty (30) consecutive calendar days after written notice of such failure shall have been given to such party.
Tillery Decl., Ex. 73, MMSA [Doc. No. 336-3] § 3(b).
While Gridforce provided notice to Contour in its September 22, 2016 “Notice of Material Breach” letter, Contour maintains that Gridforce waived this notice when it continued to conduct business with Contour over the next three years. However, there are material factual disputes as to whether: (1) Contour ever cured the underlying breach outlined in the September 2016 letter; and (2) whether Gridforce in fact waived its notice of material breach by continuing to use the IT System after it issued the September 2016 letter. Such factual disputes fall within the province of the factfinder, and therefore the Court must deny summary judgment on this issue. Contour also argues that summary judgment must be granted in its favor on Gridforce's breach of contract counterclaim because Gridforce did not provide expert testimony. However, there are material factual disputes as to Contour's performance under the MMSA that may be resolved without expert witnesses and must be resolved by the factfinder. Accordingly, Contour's Motion for Summary Judgment will be denied as to Gridforce's counterclaim.
Contour's Mem. Supp. Mot. Summ. J. [Doc. No. 335] at 21.
The February 7, 2020 Notice of Termination Letter states: “Despite the passage of nearly three and a half years, Contour has failed to support Gridforce in becoming compliant with NERC CIP standards and to cure other specified breaches.” Tillery Decl., Ex. 93, Feb. 7, 2020 Termination Letter [Doc. No. 336-4] at 1.
Contour also argues that Gridforce's damages are zero because Section 10(b) of the MMSA states that Contour's liability for consequential damages “shall be limited to the total amount paid to such party by Customer under this Agreement during the six (6) month period immediately preceding the date of the cause of action ....” Tillery Decl., Ex. 73, MMSA [Doc. No. 336-3] § 10(b). The Court will also deny summary judgment on Contour's damage cap arguments, as Gridforce has presented evidence of payment after February 7, 2020, and within six months preceding the date of the cause of action. See Gridforce's Resp. Opp'n, Chung Second Decl., Ex. 96, Customer Statement [Doc. No. 358-4].
B. Contour's Trade Secret Misappropriation Claims
Gridforce seeks summary judgment on Contour's misappropriation of trade secrets claims under the federal DTSA and the Pennsylvania, Maryland, Texas, Washington, and Delaware Uniform Trade Secrets Acts (“UTSAs”). To prove trade secret misappropriation, Contour must establish “(1) the existence of a trade secret; (2) communication of the trade secret pursuant to a confidential relationship; (3) use of the trade secret, in violation of that confidence; and (4) harm to the plaintiff.”
18 U.S.C. § 1836, et seq.; 12 Pa. Cons. Stat. §§ 5301-5308; Md. Code Ann., Com. Law §§ 11-1201 to -1209; Tex. Civ. Prac. & Rem. Code Ann. §§ 134A.001-.008; Wash. Rev. Code §§ 19.108.010-.930; Del. Code Ann. tit. 6, §§ 2001-2009.
Moore v. Kulicke & Soffa Indus., Inc., 318 F.3d 561, 566 (3d Cir. 2003) (footnote omitted). The federal and state statutes all apply the same legal standards as to misappropriation of trade secrets; each of these acts use nearly identical definitions as to what constitutes “trade secrets” and actionable “misappropriation.” See 18 U.S.C. § 1839(3), (5); 12 Pa. Cons. Stat. § 5302; Md. Code Ann., Com. Law § 11-1201(c), (e); Tex. Civ. Prac. & Rem. Code Ann. § 134A.003(3), (6); Wash. Rev. Code § 19.108.010(2), (4); Del. Code Ann. tit. 6, § 2001(2), (4).
1. Whether the “IT System” is a Trade Secret
The “starting point” in a misappropriation case is “whether, in fact, there was a trade secret to be misappropriated.” A “trade secret” is defined as “information, including a formula, pattern, compilation, program, device, method, technique, or process” that “hold[s] independent economic value because it is not generally known to or readily ascertainable by others who stand to benefit economically if they use or disclose it, and . . . [is] the subject of reasonable efforts to maintain its secrecy.”
Van Prods. Co. v. Gen. Welding & Fabricating Co., 213 A.2d 769, 780 (Pa. 1965) (citation omitted).
LeJeune v. Coin Acceptors, Inc., 849 A.2d 451, 462 (Md. 2004) (quoting Md. Code Ann., Com. Law § 11-1201(e)).
Id. (quoting Optic Graphics, Inc. v. Agee, 591 A.2d 578, 587 (Md. Ct. Spec. App. 1991)); see also Teva Pharms. USA, Inc. v. Sandhu, 291 F.Supp.3d 659, 675 (E.D. Pa. 2018) (discussing essentially identical definitions of trade secrets under DTSA, 18 U.S.C. § 1839(3), and PUTSA, 12 Pa. Cons. Stat. § 5302).
To establish the existence of a trade secret, a plaintiff must describe the trade secret with a “reasonable degree of precision and specificity . . . such that a reasonable jury could find that plaintiff established each statutory element of a trade secret.” “This identification must be particular enough as to separate the trade secret from matters of general knowledge in the trade . . . or special knowledge of persons skilled in the trade.” Courts may grant summary judgment on trade secret misappropriation when a plaintiff does not sufficiently identify its purported trade secrets.
Synygy, Inc. v ZSAssocs., Inc., No. 07-3536, 2015 WL 899408, at *6 (E.D. Pa. Mar. 3, 2015) (quoting Dow Chem. Can. Inc. v. HRD Corp., 909 F.Supp.2d 340, 346 (D. Del. 2012)).
Id. (quoting Dow, 909 F.Supp.2d at 346).
See, e.g., Givaudan Fragrances Corp. v. Krivda, 639 Fed.Appx. 840, 845 (3d Cir. 2016) (“Givaudan failed to provide enough specific information about many of the formulas it believed had been misappropriated. Summary judgment on those claims was proper on this basis alone.”).
“[I]nformation will not necessarily be deprived of protection as a trade secret because parts of it are publicly available.” “[A] trade secret can exist in a combination of characteristics and components, each of which, by itself, is in the public domain, but the unified process, design and operation of which, in unique combination, affords a competitive advantage and is a protectable secret.” In other words, generally known computer elements may gain trade secret protection from the unique nature of their combination. However, when the secrecy rests in the combination of various elements, then the plaintiff must establish what makes that combination confidential and unique.
Mallet & Co. v. Lacayo, 16 F.4th 364, 386 (3d Cir. 2021).
Id. (quoting AirFacts, Inc. v. de Amezaga, 909 F.3d 84, 96 (4th Cir. 2018)).
See Arconic Inc. v. Novelis Inc., No. 17-1434, 2020 WL 7247112, at *17 (W.D. Pa. Dec. 9, 2020).
Throughout this litigation, Contour's definition of the IT System purportedly constituting a “trade secret” has been built on shifting sand. Contour has defined its IT System as “thousands of Contour's proprietary Configurations, Scripts, and GPOs [Group Policy Objects] created by Contour and orchestrated in the compilation of the Contour IT System.” It has also defined its IT System as “a closed electronic nervous system, a highly intricate network of configurations, computer source code, scripts, protocols, diagrams, rules, Group Policy Objects, and settings, the specific design, configuration/assembly authorship and combination of which is all original to Contour.” Sometimes, Contour is more specific: It has stated that the IT System “includes four firewalls, the national operation center, the datacenter configurations, remote location configurations, remote location configurations, DMVPN configurations, and the virtual machines.” In its most detailed formulation, Contour has defined the system as (1) 40,000 lines of source code (the “Contour Code”), (2) 94 Virtual Machines (the “94 VMs”), and (3) related Firewall Configurations.
Contour's Resp. Opp'n [Doc. No. 353] at 4.
Id. at 7-8.
Contour's Statement of Facts in Support of Contour's Mot. Summ. J. [Doc. No. 335-1] ¶ 95.
Contour's Resp. Opp'n [Doc. No. 353] at 8.
Contour's President Guerriero admits that there is “nothing singular that adds value” to the system, and that “independently, nothing” about the individual components of the IT System “is valuable.” This makes sense, as many of the settings include “standard common elements known to others,” the code includes copyright notices from third parties, and Contour does not clearly delineate between firewall configurations written by Contour and configurations that appear “everywhere” in the industry.
Chung Decl., Ex. 1, Guerriero Dep. Tr. [Doc. No. 339-2] at 216.
Chung Decl., Ex. 12, Bohn Dep. Tr. [Doc. No. 339-2] at 199.
Chung Decl., Ex. 33, 2021 Report of Gridforce's Expert Garry Zacheiss [Doc. No. 339-2] at 27-29.
Chung Decl., Ex. 1, Guerriero Dep. Tr. [Doc. No. 339-2] at 234-35.
Of more concern, however, Contour has also failed to articulate how the combination of code, VMs, and firewall configurations constitutes a trade secret. Regardless of whether these individual elements are publicly known or closely held, Contour does not delineate how the IT System contains some uniquely valuable combination of these elements. Indeed, the Court has previously alerted Contour of its need to “sufficiently identify its claimed trade secrets” for summary judgment and trial. Despite the Court's warnings, Contour has failed to carry its burden to describe how the components are combined and operate in unique combination.
Order, Jan. 19, 2021 [Doc. No. 69] at 10. Furthermore, Contour never specifically separated out what parts of the IT System were general knowledge versus what were trade secrets that are not known in the industry.
Contour relies on two expert reports by Bohn and Thompson opining on the uniqueness of the IT System. However, by separate Opinion and Order, the Court has excluded both experts from testifying at trial under Federal Rule of Evidence 702. Contour, 2024 WL 3925685.
2. Whether the “IT System” Has Independent Economic Value
To be considered a trade secret, the IT System must also “derive[ ] independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable through proper means by, another person who can obtain economic value from the disclosure or use of the information[.]” In other words, the IT System must derive economic value from the fact that it is not generally known.
Oakwood Laboratories LLC v. Thanoo, 999 F.3d 892, 905 (3d Cir. 2021) (quoting 18 U.S.C. § 1839(3)).
As this Court has previously held, it is Contour's burden “to identify how a competitor could obtain an economic advantage from accessing the system within the Gridforce environment.” Contour argues that the IT System has independent economic value (“IEV”) because “there is no competing product available in the marketplace . . . ” Broadly speaking, IT systems may often be tailored to companies' individualized needs. Because Contour built the IT System for Gridforce, it may well be that there are no carbon copies of this particular system elsewhere in the marketplace. However, it does not follow that the IT System therefore derives value from not being fully known in the industry. Contour has presented no evidence that its programming methods, settings, source code, or firewall configurations were authored in a way that was not generally known to the industry. Nor has it put forth probative evidence showing how a competitor could obtain an economic advantage by accessing the system.
Contour, 2021 WL 5536266, at *11.
Contour's Resp. Opp'n [Doc. No. 353] at 43.
Contour cites cases from the Fifth Circuit and the New Hampshire Supreme Court for the proposition that the absence of a competing product in the marketplace is dispositive of whether there is IEV. Id. (citing Wellogix, Inc. v. Accenture, L.L.P., 716 F.3d 867, 875 (5th Cir. 2013); Vention Med. Advanced Components, Inc. v. Pappas, 188 A.3d 261, 276 (N.H. 2018)). However, in both of these cases, the plaintiffs specifically articulated how their equipment or software was unique and why competitors could not offer similar technology. Contour has failed to make a similar showing here.
Contour also alleges that the IT System has IEV because (1) it has been kept secret, and (2) it required a significant amount of time and resources to create. First, secrecy does not equal economic value. Systems may be kept secret for various reasons unrelated to preserving their value, such as information kept confidential by agreement or due to cybersecurity concerns.Second, the extensive work of Contour's engineering team, standing alone, cannot establish IEV. Contour argues that “two other companies said it would cost over $1 million to recreate” the IT System, but this is irrelevant. Indeed, the fact that such a system can be recreated only further indicates that there is nothing particularly secret about the IT System and its components. Contour states that it was “handsomely” compensated for its extensive efforts in building the IT System. However, this is indicative not of secrecy but of time and skill (akin to the work of a craftsperson). Particularly given the Court's exclusion of Contour's two expert opinions under Federal Rule of Evidence 702, Contour cannot demonstrate with the required precision and specificity how the IT System derives IEV from its secrecy. No reasonable fact finder could return a verdict for Contour on its misappropriation claims. Accordingly, the Court will grant summary judgment against Contour on its trade secret claims.
See Mintz v. Mktg. Cohorts, LLC, No. 18-4159, 2019 WL 3337896, at *6 (E.D.N.Y. July 25, 2019) (holding that cybersecurity secrets that “only have value to the extent a competitor could use them to cripple” the systems they exist to protect are not trade secrets, because their value “is not independent of the [systems] they are used to access”).
In evaluating Contour's Motion for a Preliminary Injunction, this Court previously acknowledged Contour's significant efforts in building the IT System. Contour, 2021 WL 5536266, at *12 n.135. The Court nevertheless denied the Motion because extensive work alone is insufficient to establish IEV.
Contour's Resp. Opp'n [Doc. No. 353] at 43.
Id. (arguing that “(a) the [IT System] was always kept secret, (b) that Gridforce paid Contour handsomely to create it, (c) that Contour spent thousands of expert person-hours over a year to create it, (d) that Gridforce could not create it or recreate it, [and] (e) that only two other companies approached by Gridforce said they might recreate such a system, but at over $1 million over many months.”).
C. Hacking Claims
Contour also asserts violations of the federal Computer Fraud and Abuse Act (“CFAA”), the federal Stored Communications Act (“SCA”), and the Texas Harmful Access by a Computer Act (“THACA”). Gridforce and Contour have each moved for summary judgment on these claims.
1. Computer Fraud and Abuse Act (“CFAA”)
The CFAA imposes criminal liability upon one who “‘intentionally accesses a computer without authorization or exceeds authorized access,' and thereby obtains computer information.” In addition to criminal penalties, the CFAA allows for a private cause of action for damages or equitable relief. To state a CFAA claim, a plaintiff must show that the defendant: (1) accessed a protected computer; (2) without authorization or exceeded authorized access; (3) knowingly and with an intent to defraud; (4) obtained something of value; and (5) caused damage or loss to the plaintiff in excess of $5,000 in a one-year period. Gridforce argues that it had authorization to access the IT System.
Van Buren v. United States, 593 U.S. 374, 379 (2021) (quoting 18 U.S.C. § 1030(a)(2)).
Id. (citing 18 U.S.C. § 1030(g)).
Gridforce also argues that Contour failed to establish the fifth element (cause of damage or loss to the plaintiff in excess of $5,000 in a one-year period). However, because Contour has failed to establish that Gridforce did not have authorized access, the Court need not discuss the fifth element.
Liability under both the “without authorization” clause and the “exceeds authorized access” clause “stems from a gates-up-or-down inquiry-one either can or cannot access a computer system, and one either can or cannot access certain areas within the system.” The CFAA defines “exceeds authorized access” as “access[ing] a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter[.]” In Van Buren v. United States, the Supreme Court held that “[t]his provision covers those who obtain information from particular areas in the computer-such as files, folders, or databases-to which their computer access does not extend.” The Court clarified that the provision “does not cover those who . . . have improper motives for obtaining information that is otherwise available to them,” and it explicitly rejected a broad interpretation of the “exceeds authorized access” clause that depends on the circumstances and purpose of access. Put simply, the CFAA does not apply to one who uses their access for an improper purpose.
Van Buren, 593 U.S. at 390 (footnote omitted) (articulating plaintiff's reading of the statute, with which the Supreme Court ultimately agreed).
Van Buren, 593 U.S. at 378.
Id.
Id. at 395-96.
Id.
Contour argues that Gridforce lacked authorization to access the IT System, or, in the alternative, lacked authorization to access “particular areas” of the IT System. That argument is contrary to the evidence. The parties entered into the MMSA to provide Gridforce with access to an IT System that Contour built for Gridforce. More specifically, the parties entered into the SIMA, the addendum to the MMSA that explicitly provided Gridforce with administrative-level credentials to access the IT System. In the SIMA, Contour agreed to “provide [Gridforce] with administrative access to the Devices and documentation, if available, relating to the configuration of such Devices” and the “ability to manage or configure[ ] the Devices,” while Gridforce agreed to be “solely responsible and liable for all actions taken on a Device using [Gridforce's] administrative-level credentials ....” The contractual language of the SIMA granted Gridforce complete access to the IT System that was created for its use.
Contour's Resp. Opp'n [Doc. No. 353] at 56.
Tillery Decl., Ex. 92, SIMA [Doc. No. 336-4]. Even Gridforce's Notice of Termination Letter outlines that Gridforce, not Contour, used the SIMA to adjust parts of the IT System that were deficient. See Tillery Decl., Ex. 93, Feb. 7, 2020 Termination Letter [Doc. No. 336-4] (“Gridforce used access to the firewalls that was granted under a Shared Infrastructure Management Addendum to the Agreement to correct these deficiencies and reduced the firewall rule count to 2,500.”).
Tillery Decl., Ex. 92, SIMA [Doc. No. 336-4] at 1.
In the alternative, Contour argues that Gridforce only had limited administrative authority to access the IT System, but did not have authorization to copy and remove the IT System, to grant CDW authorization to access the system, or “do anything” with the system. Similarly, Contour argues that any change to the Contour environment required a “Change Request” pursuant to the MMSA. The MMSA Change Request provision states:
Contour's Mem. Supp. Mot. Summ. J. [Doc. No. 335] at 38-39; Contour's Resp. Opp'n. [Doc. No. 353] at 56.
Contour's Mem. Supp. Mot. Summ. J. [Doc. No. 335] at 48.
Change Order Proposal. Customer may, from time to time, submit to Contour a request for changes to an existing Exhibit. If, in Contour's reasonable judgment, the requested changes can be implemented without requiring additional Contour time or resources and without affecting Contour's ability to maintain any respective project schedule, Contour will implement the change at no additional cost to Customer. Otherwise, Contour shall provide Customer with a written change order proposal for the additional work ....
Tillery Decl., Ex. 73, MMSA [Doc. No. 336-3] § 5.
However, the change-request procedures under the MMSA are irrelevant to the question of whether Gridforce had authorization to access the IT System. Change requests were for alterations to the existing IT System; they did not govern access to the IT System. By contrast, authorization under the CFAA concerns only whether one has access to information. Because Gridforce had contractual authorization to access the information contained in the IT System, any misuse of that information does not give rise to liability under the CFAA. Accordingly, summary judgment will be granted in favor of Gridforce on the CFAA claim.
The Court previously wrote that “Gridforce was not authorized to enter Contour's data center and system because it failed to submit the required formal ‘change request' to Contour, which was required under the MMSA.” Contour, 2021 WL 5536266, at *8. After a review of the complete record, the applicable statutes, and Van Buren, the Court determines that authorization to access the system is a distinct issue from the change-request provisions. The MMSA includes no requirement for a party to submit a change request and the purpose of the MMSA was for Gridforce to have constant access to an IT System. Contour provided Gridforce the option to request changes to Contour's exhibits, but this was never required for Gridforce to access to the system.
Van Buren, 593 U.S. at 396.
Similarly, because Gridforce was authorized to access the system, it cannot be liable under the CFAA for granting CDW access to the IT System. A recent decision in this District is illustrative. In KBS Pharmacy, Inc. v. Patel, No. 21-1339, 2021 WL 2351961 (E.D. Pa. June 9, 2021), a plaintiff pharmacy granted two employee defendants access to confidential patient information. While still employed at the pharmacy, the defendants extracted confidential information, including names and contact information of customers, from the pharmacy's computer system to be used for the operation and management of a competing pharmacy. One of the employees then shared the confidential information with his wife, with whom he planned to open the competing business. The court held that the employee did not violate the CFAA, reasoning that “[t]he CFAA simply does not encompass the employee's misuse of the information if the employee had authorized access to the information in the computer in the first place.” Id. at *3. Here, as in KBS Pharmacy, Gridforce's work with CDW does not constitute a CFAA violation.
2. Federal Stored Communications Act (“SCA”)
The SCA imposes liability on one who “(1) intentionally accesses without authorization a facility through which an electronic communication service is provided; or (2) intentionally exceeds an authorization to access that facility; and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system.” The SCA “does not apply with respect to conduct authorized . . . by a user of that service with respect to a communication of or intended for that user ....” Similar to the CFAA claim above, Gridforce argues that Contour cannot establish an SCA claim because Gridforce had authorization to access the IT System.
In re Google Inc. Cookie Placement Consumer Priv. Litig., 806 F.3d 125, 145-46 (3d Cir. 2015) (quoting 18 U.S.C. § 2701(a)).
Gridforce also argues that Contour cannot establish that: (1) Gridforce was not a “user” whose authorization exempts the conduct from an SCA violation; (2) any defendant took an “electronic communication”; or (3) Gridforce accessed “electronic storage” as the statute narrowly defines that term. Gridforce's Mem. Supp. Mot. Summ. J. [Doc. No. 339-1] at 32.
Courts in this district have applied Van Buren's more exacting interpretation of “exceeds authorization” in the context of claims under the SCA, given the similar language centered on “authorization” in both statutes. Even before Van Buren, “courts in the Eastern District of Pennsylvania [and elsewhere] have interpreted the [“authorization”] language [in the statute] to prohibit unauthorized access of stored communications, but not unauthorized use of the communications.” “[A] defendant who is authorized to access stored information is not liable under the SCA for misusing that information-even if he uses it in a malicious way.” Because Gridforce had administrative-level access credentials, Contour's SCA claim fails as a matter of law. Summary judgment will be granted in favor of Gridforce on this claim.
Exeter Township v. Gardecki, No. 18-1723, 2019 WL 3024740, at *3 (E.D. Pa. July 10, 2019) (citing cases) [hereinafter Exeter Township II].
Id. at 4 (footnote and citation omitted).
3. Texas Harmful Access by a Computer Act (“THACA”)
To establish a claim under the THACA, Contour must establish that Gridforce: (1) knowingly or intentionally accessed its computer, computer network, or computer system; (2) lacked effective consent to do so from the owner; and (3) caused Contour to suffer damages as a result. Neither party disputes that the IT System is a computer system. Gridforce argues that Contour's THACA claim fails because there is no material dispute that Gridforce was an “owner” of the IT System. The Texas statute defines an “owner” of a computer network or system as one who “(A) has title to the property, possession of the property, whether lawful or not, or a greater right to possession of the property than the actor; (B) has the right to restrict access to the property; or (C) is the licensee of data or computer software.”
Tex. Penal Code Ann. § 33.02(a); Tex. Civ. Prac. & Rem. Code Ann. § 143.001 (civil cause of action).
Gridforce's Mem. Supp. Mot. Summ. J. [Doc. No. 339-1] at 37-38. Gridforce also argues that the Texas Uniform Trade Secrets Act (“TUTSA”) expressly preempts THACA claims like Contour's that derive from allegations of trade secret misappropriation, whether or not the trade secret claims have merit. Id. at 37.
Contour argues that it was the sole owner of the IT System because it had a “greater right to possession” than Gridforce. However, Contour focuses only on the first part of the statutory definition of “owner” and ignores the fact that Gridforce indisputably had the ability to restrict access to the property. When three subcategories of a statute are separated in the disjunctive, a party need only show that it satisfies one of the three subparts. Contour's Director of IT Operations, Dominic Anzideo, agreed during his deposition that Gridforce (1) could “restrict both the logical and the physical access to the IT System,” (2) mandated Contour employees to take a security training before they had access to the IT System, and (3) had the ability to revoke a Contour employee's access to the IT System. Gridforce also controlled access to “the cage” which held all of the physical servers at the data center. Contour has failed to put forth or cite any evidence to the contrary in its briefings. Therefore, Gridforce was an “owner” of the IT System under the THACA, and summary judgment will be granted in Gridforce's favor on Contour's THACA claim.
Contour's Resp. Opp'n. [Doc. No. 353] at 83.
See Walsh v. Bank of Am., 320 Fed.Appx. 131, 132-33 (3d Cir. 2009); United States v. Siegel, 477 F.3d 87, 91-92 (3d Cir. 2007).
Chung Decl., Ex. 6, Anzideo Dep. Tr. [Doc. No. 339-2] at 34-35, 43, 105.
Id. at 103-104; Chung Decl., Ex. 14 [Doc. No. 339-2] (email chain between Contour and Gridforce regarding a Contour employee's access authorization); Chung Decl., Ex. 16 [Doc. No. 339-2] (email chain discussing audit procedures for Contour employees to be given “enough access to their jobs but not overly permissive access to expose Gridforce/Contour to security and compliance issues”).
D. Contour's Conversion Claim
Both Contour and Gridforce have moved for summary judgment on Contour's conversion claim. The parties agree that Pennsylvania law applies to the conversion claim because the alleged intrusion of the data center occurred in Pennsylvania. Under Pennsylvania law, conversion is defined as “the deprivation of another's right of property in, or use or possession of, a chattel, without the owner's consent and without lawful justification.” Contour alleges that Gridforce stole its IT System and in the process destroyed approximately 15% of Contour's confidential information (or virtual machines) during the theft.
QVC, Inc. v. Resultly, LLC, 159 F.Supp.3d 576, 600 (E.D. Pa. 2016). “The PUTSA [Pennsylvania Uniform Trade Secrets Act] explicitly pre-empts claims of conversion as they apply to trade secrets.” Hill v. Best Med. Int'l, Inc., Nos. 07-1709, 08-1404, 09-1194, 2011 WL 5082208, at *54-55 (W.D. Pa. Oct. 24, 2011) (citing 12 Pa. Cons. Stat. § 5308). As this Court has determined that Contour's trade secret claims fail as a matter of law, such preemption does not affect this Court's analysis.
Contour's Mem. Supp. Mot. Summ. J. [Doc. No. 335] at 74-75. Contour's claim does not clearly identify the list of VMs it believes were destroyed.
Contour's conversion claim fails because a virtual machine is not a chattel. “Pennsylvania courts have determined that intangible property, with limited exceptions, does not constitute a chattel” subject to the tort of conversion. “While courts in other states have expanded the tort of conversion to apply to intangible property, in Pennsylvania this expansion is limited ‘to the kind of intangible rights that are customarily merged in, or identified with, a particular document (for example, a deed or a stock certificate).'” Therefore, only intangible property that is linked to a specific physical document can be subject to conversion. Courts in this district have applied Pennsylvania law in determining that cloud-based servers are electronic files excluded from the tort of conversion.
Exeter Township v. Gardecki, No. 18-1723, 2018 WL 6616930, at *4 (E.D. Pa. Dec. 17, 2018) [hereinafter Exeter Township I].
Giordano v. Claudio, 714 F.Supp.2d 508, 524 (E.D. Pa. 2010) (quoting Apparel Bus. Sys., LLC v. Tom James Co., No. 06-1092, 2008 WL 858754, at *18 (E.D. Pa. Mar. 28, 2008)); see also Eagle v. Morgan, No. 11-4303, 2013 WL 943350, at *10 (E.D. Pa. Mar. 12, 2013) (“Numerous courts, however, have found that items such as software . . . are intangible property not subject to a conversion claim.” (citing cases)).
See Exeter Township I, 2018 WL 6616930, at *4 (addressing copies of a server and other electronic files).
Unlike an electronic file identified with a particular document, the VMs at issue here are intangible property that are entirely untethered to a physical document. The type of intangible property Contour identifies for its conversion claim, namely the VMs, aligns with intangibles that courts have held to be outside the scope of chattels subject to the tort of conversion.Therefore, the Court will grant summary judgment in Gridforce's favor on the conversion claim.
Compare id., with Fleming Steel Co. v. Jacobs Eng'g Grp., Inc., No. 16-727, 2016 WL 9409024, at *7 (W.D. Pa. Dec. 29, 2016) (considering a proprietary design that “ha[d] been merged in and/or . . . physically embodied in its drawings and specifications, whether in electronic or paper form”).
See, e.g., Exeter Township I, 2018 WL 6616930, at *4 (no conversion of “copies of [a] server”); Apparel Bus. Sys., 2008 WL 858754, at *54 (no conversion of software); Peruto v. Roc Nation, 386 F.Supp.3d 471, 475 (E.D. Pa. 2019) (“computer data and digital files” do not support replevin for same reason).
E. Gridforce's Affirmative Defenses
Contour moves for summary judgment on six of seven of Gridforce's affirmative defenses. Gridforce does not move for summary judgment on its affirmative defenses. First, Contour seeks summary judgment on Gridforce's second affirmative defense, which states, “Gridforce would own and have the right to use any allegedly misappropriated trade secrets and confidential information under Section 6(b) of the MMSA.” Because Contour has failed to articulate what confidential information Gridforce improperly claims to be its own, summary judgment on Gridforce's first affirmative defense will be denied. Second, Contour seeks summary judgment on Gridforce's third affirmative defense, which reads that “Contour consented to or authorized Gridforce's actions under the MMSA and its amendments.” As stated above, the SIMA provided Gridforce with authorization to access the IT System. Therefore, at least some of Gridforce's actions were authorized and summary judgment will be denied.
See Am. Answer [Doc. No. 236] at 66-67. Contour does not seek summary judgment on Gridforce's first defense, which states that “Contour's claims are barred, in whole or in part, because the Second Amended Complaint fails to state any claim upon which relief can be granted.” Id. at 66.
Id. at 66.
Id.
Gridforce's fourth affirmative defense states, “Gridforce is excused from performing under the MMSA because of Contour's material breach,” and Gridforce's fifth affirmative defense states, “Gridforce is entitled to set off against any amount that it is found to owe Contour.” Because both of these affirmative defenses revolve around the material factual dispute of whether Contour breached the MMSA, summary judgment will be denied. Gridforce's sixth affirmative defense states, “[t]he MMSA's renewal mechanism, as construed by Contour, is procedurally and substantively unconscionable.” As discussed in Section III.A.1, SOF 005 (which contained the autorenewal provision) is not the operative agreement, and Contour's recoverable damages will be limited to those incurred before August 2020. Therefore, this defense is moot. Gridforce's seventh affirmative defense states: “Contour has failed to mitigate any alleged damages that it may have suffered.” This defense is also moot because it applies to Contour's conversion and hacking claims, as to which the Court will grant summary judgment in favor of Gridforce.
Id.
Id.
Id. at 67.
IV. Conclusion
In this case, Contour attempts to expand a run-of-the-mill breach of contract action into a broader narrative of covert theft and illicit hacking of its systems. The evidence, even when viewed in the light most favorable to Contour, does not support such a contention. Despite four years of litigation and hundreds of pages of briefing, the only genuine disputes of material fact here center on the termination of a contract between a customer and its IT servicer.
For the reasons stated herein, Gridforce's partial Motion for Summary Judgment will be granted, and Contour's partial Motion for Summary Judgment will be denied. An order will be entered.