Opinion
No. 11 C 327.
July 18, 2011
MEMORANDUM OPINION AND ORDER
Plaintiff Deloitte Touche LLP sues two of their former employees, Lyle Carlson and David A. Deckter, for actions they allegedly took in the late stages of their employment with Deloitte, and continuing into their employment with another entity, Edgile, Inc.
Counts I, III, IV, VII, and X are leveled at Carlson. Respectively, they allege a violation of the Computer Fraud and Abuse Act, breach of the non-solicitation provision of an employment contract, breach of a right-to-inspect provision of the contract concerning access to personal computers, breach of the fiduciary duty of loyalty, and tortious interference with prospective economic relations. Count II, V, VI, VIII, and IX are aimed at Deckter. They allege violations of the Computer Fraud and Abuse Act, breach of a provision of his Senior Management Agreement concerning the right to inspect, breach of another provision concerning return of computer hardware and data, tortious inducement to breach the fiduciary duty of loyalty, and tortious interference with contract.
Defendants jointly move to dismiss all claims under Rule 12(b)(6). For the reasons that follow, the motion is denied as to each of the numbered counts but is granted for an additional, implied claim of breach of contract for client solicitation.
BACKGROUND
The alleged facts, which I take as true for purposes of this motion, are as follows.
Deloitte Touche LLP ("Deloitte" or "Plaintiff") is a consulting and professional services firm. It is organized as a Delaware limited liability partnership and has its principal place of business in New York City. Deloitte also operates an office in Chicago, where most of the alleged conduct was centered.
Carlson, an Indianapolis resident, worked for Deloitte but now works for Edgile, Inc. Carlson had started his most recent stint with Deloitte in 2002 as a Senior Manager in Deloitte's Security and Privacy Practice. Senior Manager is the third-highest position level at Deloitte. He eventually rose to the position of Director, the second-highest position level within the firm. As a Director, Carlson had access to a large volume of confidential and proprietary information, ranging from client lists to internal security protocols. Carlson's specific duties in the Security and Privacy group meant that he was well-acquainted with computer hardware and software and with technological security.
Carlson's and Deckter's Employment Agreements
Carlson signed an employment contract — a "Director Agreement" — on August 18, 2006. One provision of the agreement is that during his employment and for one year after his employment ends, he would not "directly or indirectly . . . solicit or attempt to solicit, or participate in the solicitation of or any attempt to solicit any partner, principal, member, officer, or employee of [Deloitte] to leave [Deloitte] . . . or to join any firm or business with which [he] may be or become affiliated."
An additional provision stated that Carlson "agree[d] to allow [Deloitte] to inspect any of [Carlson's] personal or home computers to determine whether any Proprietary Information or Property belonging to the Employer or a Connected Entity resides on such computers and to permit [Deloitte] to remove such Proprietary Information or Property from such computers."
Deckter signed a "Senior Manager Agreement" on September 20, 2004. Deckter's agreement had an identical inspection provision to Carlson's Director Agreement. Also relevant here, Deckter's Senior Manager Agreement had a provision stating that upon the termination of his employment he would "immediately deliver to [Deloitte] any Proprietary Information of [Deloitte] in a tangible form that [Deckter] may then or thereafter hold or control."
The Carlson and Deckter Departures
Carlson voluntarily resigned from Deloitte on October 29, 2010 to work for Edgile, Inc. Like the group Carlson worked for at Deloitte, Edgile provides computer network security and privacy services. On August 15, 2010 — two and a half months prior to Carlson's departure — Deckter sent an email to Carlson with the subject line "ddeckter@gmail.com" and no body text other than Deckter's electronic signature. Plaintiff alleges that this email was sent from Deckter to Carlson to facilitate Carlson's solicitation of Deckter to work at Edgile. Plaintiff avers on information and belief that Deckter and Carlson thereafter engaged in email exchanges and video conferencing, the goal of which was for Carlson to solicit Deckter and ultimately for both of them to coordinate their departures to Edgile. Deckter in fact did leave Deloitte for Edgile, on November 26, 2010 — less than one month after Carlson.
Additionally, Plaintiff claims that Carlson told other Deloitte employees to "Sit tight . . . I'll be in touch," which Plaintiff claims was a loaded statement implying that Carlson would reach back to solicit them to join him at Edgile along with Deckter.
The Hardware and Data Destruction
When Carlson resigned from Deloitte, he returned his company-issued laptop computer but did not return the hard drive originally issued with that computer, despite an exit checklist commanding him to return all computer hardware and data. Rather than return the originally issued hard drive, he destroyed that hard drive by physically shattering it. The computer he returned had a new, blank hard drive.
A letter from Carlson's attorney is attached as an exhibit to the complaint. In it, counsel explained that Carlson destroyed the hard drive because he had personal data stored on it, including such personal documents as tax returns and private account information. The letter represents that Carlson uploaded all Deloitte documents from the hard drive onto Deloitte's servers prior to destroying it, but Deloitte disputes this fact. Additionally, Deloitte claims that even for data which was downloaded, they were only able to restore it to a usable form at some effort and cost. Further, Deloitte notes that Carlson's lawyer's letter expressly does not say that he no longer also has the Deloitte data himself — it merely says that he uploaded Deloitte files onto Deloitte's servers.
Using what Deloitte describes as "a more contemporary approach" than physically smashing his computer hardware, Deckter downloaded a commercially available software program called "Eraser" from the Internet. Running the program had the effect of permanently deleting substantial volumes of Deloitte data.
Client Solicitation
Plaintiff claims that Carlson has "contacted" several of his clients from Deloitte, in violation of a client non-solicitation provision in his Director Agreement.
STANDARD OF REVIEW
With exceptions not relevant here, complaints asserting claims for relief in the federal courts are governed by the notice pleading standard of Rule 8. See Tamayo v. Blagojevich, 526 F.3d 1074, 1081 (7th Cir. 2008). A motion under rule 12(b)(6) requests dismissal of a complaint, or a claim within a complaint, for "failure to state a claim upon which relief can be granted." Fed.R.Civ.P 12(b)(6). Such motions test the legal sufficiency of the complaint, not the underlying factual merits. Christensen v. County of Boone, 483 F.3d 454, 458 (7th Cir. 2007).
I must take all facts alleged in a plaintiff's complaint as true and draw all reasonable inferences from those facts in favor of that plaintiff. Pisciotta v. Old Nat. Bancorp, 499 F.3d 629, 633 (7th Cir. 2007). Plaintiffs need not plead particularized facts, but the factual allegations in the complaint must be enough to raise a right to relief above the speculative level. Bell Atl. Corp. v. Twombly, 550 U.S. 544, 569 n. 14 (2007). Plaintiffs must plead their facts so that, when accepted as true, they show the plausibility of their claim for relief. Ashcroft v. Iqbal, 129 S.Ct. 1937, 1949 (2009). In short, a complaint governed by Rule 8 "demands more than an unadorned, the-defendant-unlawfully-harmed-me accusation." Id.
DISCUSSION A. Client Solicitation
Before considering the numbered counts in the complaint I consider the allegations of illicit client solicitation by Carlson. Plaintiff devotes three short paragraphs in its complaint to Carlson's alleged "contact" with Deloitte clients. Seeing this allegation, Defendants moved to dismiss any claim insofar as it relies on client (as opposed to employee) solicitation. Plaintiff asserts that they have not made "any such claim, and the Court should not dismiss the breach of contract claim based on this argument."
On the one hand, it is true that none of the numbered counts in the complaint appear to directly base a claim on client solicitation. But on the other hand, certain relief in the complaint is targeted at client solicitation. For example, paragraph 17 of the complaint (a background paragraph that comes before the counts) says that "[b]y this action . . . [Deloitte] seeks, among other things . . . injunctive relief enjoining Carlson and Deckter from any solicitation of [Deloitte's] clients." Further, paragraph 78(e), which is part of Count III, requests that I "enter a preliminary and permanent injunction prohibiting Carlson . . . from directly or indirectly soliciting any [Deloitte] client or prospective client."
Therefore, over Deloitte's protestations, I do interpret their complaint as making a claim rooted in wrongful client solicitation. Because all Plaintiff alleges on that front is "contact" with the client — and nothing more — the claim falls short of an allegation of solicitation. The implied claim is therefore dismissed, without prejudice.
B. Claims Against Carlson i. Count I — Computer Fraud and Abuse Act
Under the Computer Fraud and Abuse Act ("CFAA"), it is a crime to:
(A) knowingly cause the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
(B) intentionally access a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or
(C) intentionally access a protected computer without authorization, and as a result of such conduct, causes damage and loss.18 U.S.C. § 1030(a)(5). The CFAA also provides for a civil action:
Any person who suffers damage or loss by reason of a violation of this section may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief. A civil action for a violation of this section may be brought only if the conduct involves 1 of the factors set forth in subclauses (I), (II), (III), (IV), or (V) of subsection (c)(4)(A)(i). Damages for a violation involving only conduct described in subsection (c)(4)(A)(i)(I) are limited to economic damages.Id. at § 1030(g). Deloitte argues for liability based on subclause (I), which requires "loss to 1 or more persons during any 1-year period (and, for purposes of an investigation, prosecution, or other proceeding brought by the United States only, loss resulting from a related course of conduct affecting 1 or more other protected computers) aggregating at least $5,000 in value." Id. at § 1030(c)(4)(A)(i)(I).
Defendants argue first that there is no allegation that Carlson acted "without authorization," as required by the statute. Defendants highlight that Carlson was an employee of Deloitte when the alleged data destruction occurred, and therefore not acting "without authorization." Defendants do acknowledge that an employee may be acting without authorization if he has breached a duty of loyalty to his employer prior to the alleged data destruction. See Int'l Airport Centers LLC v. Citrin, 440 F.3d 418, 420-21 (7th Cir. 2006). In Defendants' words, Citrin does not apply because in that case "the employee had been undertaking a pattern of activity adverse to his employers' interests" prior to the official end of his employment.
This is exactly what is alleged in this case. Here, Carlson is claimed to have begun his solicitation of Deckter before departing Deloitte. The data destruction was done, in part, to cover his tracks in wrongfully soliciting Deckter. If, as claimed, Carlson was so nakedly violating his Director Agreement, he would have been acting contrary to his employer's interests, thereby ending his agency relationship with Deloitte and making his conduct "without authorization." See id.
Incidentally, Citrin's holding has even more force in this case. In Citrin, the former employee's employment contract allowed him to "return or destroy" data in his laptop. Id. (emphasis in original). The Seventh Circuit still found the employee to have acted without authorization, because in that case the data destruction was intended to deprive the employer of important data. Here, Carlson's agreement expressly compels him to return all hardware and data — there isn't even the option of data destruction as there was in Citrin.
Aside from the "without authorization" argument, Defendants argue that Deloitte has not adequately pled "damage or loss" required by § 1030(g).
Deloitte's allegations are sufficient. Plaintiff claims first that they have not restored all of Carlson's data, despite his counsel's assurances to the contrary. This data included, among other things, potentially valuable client information and proprietary Deloitte processes. Plaintiff also claims that to the extent such data was restored, it came at great time and expense. The "damage or loss" allegations are sufficient.
Defendants argue that Deloitte cannot challenge Carlson's assurances that he returned all of the Deloitte data and only destroyed his own personal information. This is so, say Defendants, because Deloitte has adopted Carlson's statements by attaching his lawyer's letter as an exhibit to its own complaint. This might be true if the exhibit were a contract or a loan and that document itself was the subject of the complaint. When the exhibit, however, is not the subject of a claim, "Rule 10(c) does not require a plaintiff to adopt every word within the exhibits as true for purposes of pleading simply because the documents were attached to the complaint to support an alleged fact." N. Ind. Gun Outdoor Shows, Inc. V. City of South Bend, 163 F.3d 449, 454 (7th Cir. 1998). That's what Deloitte was doing here. They attached Carlson's counsel's letter simply to point out that Carlson had admitted destroying the hard drive. Deloitte did not intend to adopt everything their adversary was claiming in that letter.
ii. Count III — Breach of Contract
This count alleges that Carlson breached the non-solicitation of his Director Agreement by soliciting Deckter to follow him to Edgile. Defendants claim this count fails the sufficiency standards of Rule 8 as interpreted in Twombly and Iqbal.
Plaintiffs have asserted sufficient facts to state a viable claim. Defendants argue that all is shown by the complaint is that Deckter sent Carlson his personal email address. Everything beyond that, say Defendants, are the sorts of "naked assertion[s]" without "further factual enhancement" that run afoul of Rule 8. Iqbal, 129 S.Ct. at 1949. Without more, this might be so. But Defendant overlooks a key fact that is not only alleged but undisputed — Deckter left Deloitte for Edgile less than one month after Carlson. Linking the email with Deckter's actually having left for Carlson's new firm, Deloitte asserts (albeit only on information and belief) that Carlson and Deckter must have been using their personal email accounts to coordinate the move to Edgile. This is a plausible allegation given the circumstances and timing.
iii. Count IV — Breach of Contract (Specific Performance)
Through Count IV, Plaintiff seeks specific performance of the provision of Carlson's Director Agreement allowing Deloitte "to inspect any of [Carlson's] personal or home computers to determine whether any Proprietary Information or Property belonging to the Employer or a Connected Entity resides on such computers and to permit [Deloitte] to remove such Proprietary Information or Property from such computers."
Defendants claim this count should fail because the term it purports to enforce is indefinite and incomplete. They cite the basic axiom of contract law that specific performance requires not only a "definite" and "complete" agreement, but an even greater degree of specificity regarding the "essential terms" for which a party seeks specific performance. White Hen Pantry, Inc. v. Cha, 574 N.E.2d 104, 108 (Ill. App. Ct. 1991); see also Cinman v. Reliance Fed. Sav. Loan Assoc., 508 N.E.2d 239, 244 (Ill. App. Ct. 1987) ("Specific performance requires as a prerequisite a clear and precise understanding of the terms of the contract.").
The essential term at issue here is sufficiently clear and precise. It states that Defendant can inspect "any of [Carlson's] personal or home computers" to check for any Deloitte information or property. While this term may be expansive, even invasive, there is nothing unclear about it.
Defendant also argues that the term contains no time limitation, so it must fail for uncertainty on that basis. Not so. First, with regards to timing of a post-termination inspection, the clause is not inherently unlimited. It states that such event take place "upon termination of your employment." While this is a triggering clause, by its context it is also meant as a limitation provision because it prompts the employee to swiftly return hardware, software, and data. More fundamentally, though, while the clause is not perfectly precise, it is also not an essential term. Specific performance requires heightened specificity only of the "essential" terms, not any and all terms sought to be enforced. See Cha, 574 N.E.2d at 108 (Ill. App. Ct. 1991) (discussing "essential" terms); see also Cinman, 508 N.E.2d at 244 (same). When, precisely, after employment such an inspection takes place is not so essential as to allow this clause to fail.
The motion as to Count IV is denied.
iv. Count VII — Breach of Fiduciary Duty of Loyalty
In this count, Plaintiff reframes the conduct supporting their CFAA and breach of contract claims as breaches of the fiduciary duty of loyalty. Specifically, they assert that the destruction and/or theft of Deloitte property and data as well as the solicitation of Deckter are breaches of that duty.
Mirroring Plaintiff's incorporations, Defendants incorporate by reference their arguments supporting dismissal of those claims. Defendants conclude that the failure to adequately plead the destruction of Deloitte property or the solicitation of Deckter means that a breach of fiduciary duty claim fails as well. As explained above, Plaintiff's claims under the CFAA and for breach of contract are well pled. Therefore, the breach of fiduciary duty claim survives, too.
The motion to dismiss Count VII is denied.
v. Count X — Intentional Interference with Prospective Economic Relations
Under Illinois law, the elements of a claim of tortious interference with prospective economic relations are 1) reasonable expectancy of entering into a valid business relationship; 2) defendant's knowledge of that expectancy; 3) an intentional and unjustified interference by the defendant that caused or induced a breach of the expectancy; and 4) damages resulting from the interference. Fellhauer v. Geneva, 568 N.E.2d 870, 878 (Ill. 1991).
Defendants urge dismissal because Plaintiffs have not pled facts sufficient to support a "reasonable expectancy" that Deckter would have stayed on at Deloitte. A reasonable expectancy means something more than a "mere hope" that a relationship will continue. MJ Partners Restaurant Ltd. Pshp. v. Zadikoff, 126 F. Supp. 2d 1130, 1138 (N.D. Ill. 1999) (citing Illinois law).
Defendants also incorporate their arguments regarding solicitation. That argument has been duly addressed.
Plaintiffs have alleged sufficient facts to support an inference of more than a "mere hope." David Deckter had worked for Deloitte for over twelve years at the time he left for Edgile. He was promoted in 2004 and signed an agreement which, though at-will, had significant non-compete and non-solicitation provisions tending to encourage an employee in a client-centric business to stay on board.
The motion to dismiss Count X is denied.
B. Claims Against Deckter i. Count II — CFAA
The reasons provided above in Count I as to Carlson's physical destruction of his hard drive are equally applicable to Deckter's download and use of the program "Eraser" to void his hard drive. The motion to dismiss this count is denied.
ii. Count V — Breach of Contract (Specific Performance)
The explanation as to Count IV applies equally here. Defendants' motion to dismiss this count is similarly denied.
iii. Count VI — Breach of Contract
Count VI alleges that Deckter breached his Senior Manager Agreement when he failed to return Deloitte property and instead deleted large quantities of data using the "Eraser" program. Defendants claim that no facts are alleged to describe what "property" was not returned. But paragraph 38, which was incorporated into Count VI, describes that property as, among other things, capable of being stored on a computer's hard drive, "research, analysis, research materials, marketing plans, economic forecasts, [and] proprietary computer software." This intellectual property is plainly contemplated in several provisions of the Director Agreement and its return was mandated in that agreement in paragraphs 10 and 21.
The motion to dismiss Count VI is denied.
iv. Count VIII — Tortious Inducement to Breach a Fiduciary Duty
Under Illinois law, this tort requires a plaintiff to prove that: 1) the defendant colluded with a fiduciary in committing a breach; 2) the defendant knowingly participated in or induced the breach of duty; and 3) the defendant knowingly accepted the benefits resulting from that breach. Borsellino v. Goldman Sachs Group, Inc., 477 F.3d 502, 508-09 (7th Cir. 2007) (citing Regnery v. Meyers, 679 N.E.2d 74, 80 (Ill. App. Ct. 1997).
Defendants first contend that there is insufficient support for the bare allegation that Deckter participated in or induced Carlson to hire Deckter at Edgile.
There is enough here. As explained above, Deckter had been at Deloitte since 1998 yet left for Edgile less than one month after Carlson went there. Further, there is the email passing along Deckter's private Google email account, which Deloitte claims facilitated collusive discussion between the two about their moves to Edgile. As discussed above, in context this allegation is plausible and it need not be proven at the pleading stage.
Defendants also contend that no allegations support the fact the Deckter could have known of Carlson's non-solicitation provision. Not only is it plausible that Deckter would have known of such a provision being attached to a Director — the second highest position in the company — it is highly likely. But as plausibility is all that is required, the pleading is sufficient.
The motion to dismiss Count VIII is denied.
v. Count IX — Tortious Interference with Contract
Defendants reiterate their arguments respecting Count VIII in regards to Count IX. For the same reasons, the motion to dismiss this count is denied.
CONCLUSION
The motions to dismiss each of the numbered counts are DENIED.
The motion to dismiss the implied count of breach of contract based on client solicitation is GRANTED, without prejudice.