Opinion
Civil Action 22-40068-RGS
12-08-2022
MEMORANDUM AND ORDER ON DEFENDANT'S MOTION TO DISMISS
STEARNS, D. J.
Premier Shield Insurance, LLC is suing defendant Afternic Services, LLC for alleged damages arising out of the unauthorized sale of its primary website's domain name. Premier's First Amended Complaint (FAC) sets out four counts: (1) violation of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (CFAA) (Count I); (2) cybersquatting under the Anticybersquatting Consumer Protection Act, 15 U.S.C. § 1125(d) (ACPA) (Count II); (3) conversion (Count III); and (4) violation of the Massachusetts Fair Business Protection Act, Mass. Gen. Laws ch. 93A, § 11 (Chapter 93A) (Count IV). Afternic moves to dismiss the FAC for failure to state a claim under Fed.R.Civ.P. 12(b)(6). For the reasons explained below, the court will allow the motion as to Count II and deny the motion as to the remaining counts.
BACKGROUND
Premier is an independent insurance company based in Massachusetts and, until September of 2021, owned the domain PremierShieldInsurance.com (PSI Domain). The PSI Domain served as Premier's primary business identifier and website home. Premier registered the PSI Domain with GoDaddy.com, Inc. in 2016. Defendant Afternic is a domain marketplace and an affiliate of GoDaddy.
GoDaddy is a well-known domain registrar and is not a named party to this action.
On March 14, 2021, Premier listed another domain it owned, insurance-educators.com, for sale through GoDaddy. Premier received an “Opt-In Notification” email from Afternic, listing the domain for sale and Premier's asking price of $833.00. The email required Premier to confirm ownership of the domain and its acceptance of the terms and conditions of Afternic's “Premium Network” service. Between March 24, 2021, and May 17, 2021, Premier listed twenty-four additional domains through GoDaddy, nine of which were handled by Afternic. For each of the nine, Premier received either an Opt-In Notification from Afternic or a GoDaddy request that Premier authorize Afternic as the seller. Premier did not list the PSI Domain for sale and never received an Opt-In Notification from Afternic regarding its listing.
On September 24, 2021, Premier learned that the PSI Domain had been sold for $1,126.00 on Afternic's “Fast Transfer network” (FTN), a sale that Premier claims it never authorized. GoDaddy and Afternic maintain that Premier did list the PSI domain for sale, although giving conflicting approval dates. After losing the PSI Domain to an Indonesian gambling site, Premier filed complaints with GoDaddy, the FBI, and the Internet Corporation for Assigned Names and Numbers (ICANN). It also sought, unsuccessfully, to buy the PSI Domain.
DISCUSSION
“The sole inquiry under Rule 12(b)(6) is whether, construing the well-pleaded facts of the complaint in the light most favorable to the plaintiffs, the complaint states a claim for which relief can be granted.” Ocasio-Hernandez v. Fortuno-Burset, 640 F.3d 1, 7 (1st Cir. 2011). In most circumstances, a plaintiff need not demonstrate a “heightened fact pleading of specifics,” but rather must present “only enough facts to state a claim to relief that is plausible on its face.” Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007). “A claim has facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009). The mere recitation of the elements of a claim, “supported by mere conclusory statements,” however, is insufficient to establish facial plausibility. Id.
I. CFAA Violation
A party is liable under the CFAA if he or she: (1) accesses a computer “without authorization[] or exceeds authorized access;” (2) commits an act prohibited under the CFAA; and (3) causes a loss aggregating at least $5,000 in value during a 1-year period. 18 U.S.C. § 1030. Premier alleges that Afternic violated three provisions of the CFAA: (1) intentionally accessing a computer without authorization thereby obtaining protected information;(2) knowingly causing the unauthorized transmission of a program, information, code, or command, and thereby intentionally damaging a protected computer;and (3) intentionally accessing a protected computer without authorization, resulting in damage.
a. Intentional Access Without Authorization
In Van Buren v. United States, 141 S.Ct. 1648 (2021), the Supreme Court reversed a former police sergeant's conviction for violating the CFAA by accessing a license-plate database to research an individual on behalf of a private party. The Court read the statutory terms “without authorization” and “exceeds authorized access” as “gates-up-or-down” inquiries. Id. at 1658-1659 (“[O]ne either can or cannot access a computer system, and one either can or cannot access certain areas within the system.”). Because Van Buren was authorized to access the database, his misuse of the information he extracted did not meet the statutory definition of “exceeds authorization.” Id. at 1662. Under the CFAA, “an individual ‘exceeds authorized access' when he accesses a computer with authorization but then obtains information located in particular areas of the computer . . . that are off limits to him,” unlike Van Buren, who had permission to access the entire database. Id.
Afternic argues that Premier granted it a blanket authorization to access Premier's computer system to sell Premier's various domain names; therefore, as in Van Buren, it is alleged only to have misused its authorization in a “gates-up” scenario. The FAC, however, alleges that, under Afternic's FTN agreement, Afternic's authorized access was limited domain-by- domain, creating a “gates closed” scenario for the PSI Domain. This allegation is sufficient to survive a 12(b)(6) motion to dismiss.
b. Resulting in Damage or Loss
Under the CFAA, any person who suffered “damage or loss by reason of [18 U.S.C. § 1030] may maintain a civil action . . . to obtain compensatory damages and injunctive or other equitable relief.” 18 U.S.C § 1030(g). The statute defines damage as “any impairment to the integrity or availability of data, a program, a system, or information, that . . . causes loss aggregating at least $5,000 in value during any 1-year period to one or more individuals.” 18 U.S.C. 1030(e)(8)(A). Loss includes “any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or other information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages because of interruption of service.” 18 U.S.C. 1030(e)(11).
Premier alleges that the unauthorized sale destroyed its organic search engine optimization, undoing years of work. It estimates that the cost of building a comparable replacement website at just shy of $3,000,000. While a merely hypothetical cost cannot be the basis for a CFAA damages claim, Turner v. Hubbard Sys., Inc., 855 F.3d 10, 14 (1st Cir. 2017), Premier also alleges that Afternic's unauthorized sale of the PSI Domain interrupted its online insurance services, resulting in a $600,000 loss in revenue. This allegation is sufficient to satisfy a cognizable loss requirement under the CFAA. Thus, Count I of the Complaint survives.
II. Cybersquatting
Enacted in 1999, the ACPA amended the Lanham Act by adding a “cybersquatting” cause of action for trademark violations. Petroliam Nasional Berhad v. GoDaddy.com, Inc., 737 F.3d 546, 549 (9th Cir. 2013). Cybersquatting occurs when a non-trademark holder registers the domain name of a famous trademark and either demands a ransom payment or uses the domain to siphon business from the trademark's holder. See DaimlerChrysler v. The Net Inc., 388 F.3d 201, 204 (6th Cir. 2004). Under the ACPA, a person or entity is civilly liable if it “has a bad faith intent to profit from [a protected mark] . . . and registers, traffics, or uses a [protected] domain name. 15 U.S.C. § 1125(d)(1)(A). Premier argues that by selling the PSI Domain without authorization, Afternic “used” the PSI Domain with a bad faith intent to profit, or that it is guilty of “contributory cybersquatting.”
Originally passed in 1946, the Lanham Act “codified the then existing common law of trademarks which was in turn based on the tort of unfair competition.” Petroliam, 737 F.3d at 549, citing Moseley v. V Secret Catalogue, Inc., 537 U.S. 418, 428 (2003)
A. Registers, Traffics, or Uses
Premier first argues that Afternic trafficked the PSI Domain on the broader domain marketplace. The ACPA defines “traffics in” as “refer[ring] to transactions that include, but are not limited to, sales, purchases, loans, pledges, licenses, exchanges of currency, and any other transfer for consideration or receipt in exchange for consideration.” 15 U.S.C § 1125(d)(1)(E). The language “any other transfer . . . or receipt in exchange for consideration” denotes “some level of ownership or control passing between the person transferring and the person receiving.” See Ford Motor Co. v. Greatdomains.Com, Inc., 177 F.Supp.2d. 635, 644 (E.D. Mich. 2001). “Traffics in,” under the ACPA, “contemplates a direct transfer or receipt of ownership interest in a domain name to or from the defendant.” Id. at 645. Further, 15 U.S.C. 1125(d)(1)(D) provides that a person shall be liable for using a domain name “only if that person is the domain name registrant or that registrant's authorized licensee.”
Premier does not, however, allege that Afternic ever obtained an ownership interest or property rights in the PSI Domain. See FAC ¶ 81. Thus, even though the listing for sale may have been a mistake, Afternic did not “traffic in” the PSI Domain under the ACPA. Nor is it sufficiently alleged that Afternic ever registered the PSI Domain or acted as an authorized licensee, so it is not liable under the ACPA.
b. Contributory Cybersquatting
Premier's alternative theory is that the ACPA permits a cause of action based on contributory cybersquatting. However, this court agrees with the Ninth Circuit's rejection of that theory in Petroliam:
(1) [T]he text of the Act does not apply to the conduct that would be actionable under such a theory; (2) Congress did not intend to implicitly include common law doctrines applicable to trademark infringement because the ACPA created a new cause of action that is distinct from traditional trademark remedies; and (3) allowing suits against registrars for contributory cybersquatting would not advance the goals of the statute.737 F.3d at 550. As the Ninth Circuit stated, “Congress knew how to impose [secondary] liability when it chose to do so.” Id., quoting Cent. Bank of Denver, N.A. v. First Interstate Bank of Denver, N.A., 511 U.S. 164, 176 (1994). It did not do so with the ACPA.
Because there is no cause of action for contributory cybersquatting, and Afternic does not “traffic” in domain names under the ACPA, the court will dismiss Count II.
III. Conversion
Afternic argues Premier's conversion claim should be dismissed because Premier failed to allege (a) that the intangible PSI Domain merged with any physical device or (b) that Afternic exercised dominion or control over the PSI Domain. A conversion claim requires showing that a defendant “exercised dominion over the personal property of another, without right, and thereby deprived the rightful owner of its use and enjoyment, as in stealing.” Karter v. Pleasant View Gardens, Inc., 248 F.Supp.3d 299, 315 (D. Mass. 2017), quoting In re Hilson, 448 Mass. 603, 611 (2007). At common law, the only viable conversion claims involve tangible property. There is debate as to whether this convention holds force. See In re TJX Cos. Retail Sec. Breach Litig., 564 F.3d 489, 499 (1st Cir. 2009). In Kremen v. Cohen, 337 F.3d 1024, 1030 (9th Cir. 2002), the court noted nearly every jurisdiction had “discarded this rigid limitation to some degree.”
Here the court need not analyze whether a domain name itself is tangible or intangible because a reasonable inference can be drawn from the FAC that the PSI Domain merged with a physical device, be it with a server or a computer. This, however, involves factual considerations that cannot be resolved on a motion to dismiss. Thus, the court will deny the motion to dismiss on Count III.
IV. Unfair Business Practices (Chapter 93A)
To survive a 12(b)(6) motion to dismiss, “a chapter 93A claimant must show that the defendant's actions fell ‘within at least the penumbra of some common-law, statutory, or other established concept of unfairness,' or were ‘immoral, unethical, oppressive or unscrupulous,' and resulted in ‘substantial injury . . . to competitors or other business [persons].'” Quaker State Oil Ref. Corp. v. Garrity Oil Co., 844 F.2d 1510, 1513, (1st Cir. 1989) quoting PMP Assocs., Inc. v. Globe Newspaper Co., 366 Mass. 593, 595 (1975). “In the context of disputes among businesses, where both parties are sophisticated commercial players, the ‘objectionable conduct must attain a level of rascality that would raise an eyebrow to the rough and tumble of the world of commerce.'” Ora Catering, Inc. v. Northland Ins., 57 F.Supp.3d 102, 110 (D. Mass. 2014), quoting Levings v. Forbes & Wallace, Inc., 8 Mass.App.Ct. 498, 502 (1979). In other words, the conduct alleged must rise to the level of “extreme or egregious.” Anoush Cab, Inc. v. Uber Techs., Inc., 8 F.4th 1, 18 (1st Cir. 2021).
Although an issue for the court and not the jury, whether Afternic's alleged conduct rose to the “requisite, heightened standard of unfairness under § 11 of Chapter 93A,” id. at 22, involves factual issues that cannot be resolved as matter of law on the underdeveloped record. The court will deny the motion to dismiss on Count IV.
ORDER
For the foregoing reasons, Afternic's motion to dismiss is ALLOWED as to Count II and DENIED as to all other counts.