From Casetext: Smarter Legal Research

QVC, Inc. v. Resultly, LLC

United States District Court, E.D. Pennsylvania.
Feb 10, 2016
159 F. Supp. 3d 576 (E.D. Pa. 2016)

Summary

observing that the question of whether a website can be construed as a "chattel" under Pennsylvania law is "one which no Pennsylvania court has yet to shine a light on"

Summary of this case from Exeter Twp. v. Gardecki

Opinion

CIVIL ACTION NO. 14-6714

02-10-2016

QVC, Inc., Plaintiff, v. Resultly, LLC, et al., Defendants.

Chad A. Rutkowski, Erich Michael Falke, Lesley M. Grossberg, Matthew Mitchell Oates, Baker & Hostetler LLP, Philadelphia, PA, Randal Lee Gainer, Baker Hostetler, Seattle, WA, Theodore J. Kobus, III, Baker & Hostetler LLP, New York, NY, for Plaintiff. Andrew Grosso, Andrew Grosso & Associates, Washington, DC, David A. Cohen The Basil Law Group PC, Arnon D. Siegel, New York, NY, David Leit, Jamie Gottlieb Furia, Lowenstein Sandler PC, Roseland, NJ, for Defendants.


Chad A. Rutkowski, Erich Michael Falke, Lesley M. Grossberg, Matthew Mitchell Oates, Baker & Hostetler LLP, Philadelphia, PA, Randal Lee Gainer, Baker Hostetler, Seattle, WA, Theodore J. Kobus, III, Baker & Hostetler LLP, New York, NY, for Plaintiff.

Andrew Grosso, Andrew Grosso & Associates, Washington, DC, David A. Cohen The Basil Law Group PC, Arnon D. Siegel, New York, NY, David Leit, Jamie Gottlieb Furia, Lowenstein Sandler PC, Roseland, NJ, for Defendants.

OPINION

WENDY BEETLESTONE, J.

This action arises out of incidents in May 2014, when Defendant Resultly, LLC (“Resultly”), in its efforts to earn commissions through Defendant VigLink, Inc.'s (“VigLink”) participation in QVC's marketing affiliate program, crawled QVC's website in a manner that QVC alleges overloaded its servers and rendered its customers unable to access and use the website. Am. Compl. ¶¶ 1-3. QVC now seeks by this lawsuit to recover damages for the substantial losses it says were caused by Resultly's actions. It has sued three defendants: (1) Resultly; (2) Resultly's founder and Chief Executive Officer, Ilya Beyrak (“Beyrak”); and, (3) VigLink, an approved participant in QVC's affiliate marketing program that allegedly sublicensed (contrary to its agreement with QVC) its rights under the program to Resultly. Each of the Defendants has filed a motion to dismiss. QVC's claims are for breach of contract, violations of the Computer Fraud and Abuse Act, and various state law claims.

I. BACKGROUND

A. The Parties

QVC is a television and online retailer that markets and sells a wide variety of consumer products through live televised shopping programs, its websites, and other interactive media, including QVC.com. Am. Compl. ¶ 9. Defendant Resultly is a company that operates an online shopping application that utilizes a web crawling program to continuously crawl Internet shopping websites for the real-time prices of the websites' products. Id. ¶ 11. Defendant Beyrak was the person chiefly responsible for Resultly's operation, including the creation, selection, use, incorporation and/or modification of Resultly's web-crawling software, and was chiefly responsible for Resultly's affiliate marketing relationships. Id. ¶ 22. Defendant VigLink is a corporation engaged in online affiliate marketing. Id. ¶ 14.

B. QVC's Affiliate Marketing Program

1. Affiliate Marketing Programs Overview

QVC alleges that Resultly crawled QVC's web server as a secondary participant in QVC's “affiliate marketing program.” Under this program, websites and mobile applications operators (“Publishers”) such as VigLink earn commissions when a buyer makes a purchase on QVC.com if the buyer arrived at the site through an advertisement or other link on VigLink's website. Id. ¶ 38. Although Resultly was not a direct participant in the program, QVC alleges that VigLink, in violation of the terms of its agreement with QVC, sublicensed to Resultly its right to participate in QVC's program. These relationships were developed as described below.

2. Commission Junction

On June 26, 2002, QVC and non-party Commission Junction, Inc. (“Commission Junction”) entered into an Advertiser Service Agreement (“CJ Advertiser Agreement”) pursuant to which Commission Junction agreed to facilitate marketing programs sponsored by QVC by, among other things, helping Publishers enroll in those programs. Id . ¶¶ 38,39. Thereafter, to participate in QVC's affiliate marketing program, publishers were required to submit an application to Commission Junction, which VigLink did in or around May 2010. Id. ¶¶ 42-43. It was accepted into the program and signed on to the Commission Junction Affiliate Publisher Service Agreement (“CJ Publisher Agreement”) which outlines VigLink's obligations to Commission Junction, including that it “shall be responsible for all usage and activity on [its] account” and that it “shall remain solely responsible for any and all Web sites owned and/or operated by [it] and all of [its] promotional methods.” Id. ¶¶ 41, 56.

3. QVC's Marketing Affiliate Program

After being accepted as a member of the Commission Junction network, VigLink was required, as a condition of approval as a participant in QVC's marketing affiliate program, to agree to QVC's Publisher Agreement Terms and Conditions (“QVC Publisher Agreement”), which it did on May 19, 2010. Id. ¶¶ 41, 44. As a party to that agreement, VigLink was granted a non-transferable right to “access QVC's Website through links solely in accordance with the terms of this Agreement and the [CJ Publisher Agreement].” Id. ¶ 49. The QVC Publisher Agreement prohibited VigLink from using any promotional materials other than those provided by QVC without first receiving written authorization from QVC. Id. ¶ 53. Specifically, VigLink was required to “only use the banner advertisements, button links, product information, QVC logos and text links to the QVC.com website (or any mirror or successor site)...and/or other advertisements promoting QVC products and events...that are provided to you by QVC through Commission Junction.” Id.

4. VigLink Participates in QVC's Marketing Affiliate Program and Sublicenses Rights to Resultly

VigLink was expressly prohibited by the terms of the QVC Publisher Agreement from sublicensing the right to access QVC's website. Id. ¶ 49. Nevertheless, QVC alleges that VigLink entered into an agreement with Resultly that allowed Resultly to post links to QVC's website under VigLink's account. As alleged by QVC in its Amended Complaint, the relationship between VigLink and Resultly was governed by VigLink's Terms of Service, pursuant to which VigLink was the “publisher of record” for all retail affiliate programs in which Resultly participated. Id. ¶¶ 60, 80. Moreover, Resultly agreed that it would “comply with all rules, regulations and guidelines, as well as any applicable [affiliate program's] terms and conditions and policies....” Id. ¶ 81.

QVC alleges that it was not informed by VigLink that VigLink had enrolled Resultly as a sub-publisher. It further alleges that VigLink allowed and, indeed, encouraged Resultly to use a web-crawling program to crawl QVC's website by offering Resultly an opportunity to share the commissions that VigLink receives from Commission Junction through QVC's affiliate marketing program for qualifying transactions. Id. ¶¶ 65,66.

C. May 2014 Events

On May 9 and 11, 2014, QVC's servers experienced an overload that impaired QVC's ability to provide services to its customers through its website. Id. ¶ 21. QVC alleges that Resultly “overloaded” QVC's servers by “bombard[ing its] website with search requests at rates ranging from 200-300 requests per minute up to 36,000 requests per minute.” Id. ¶ 28. QVC alleges that “[a]t one point the [Resultly] Program's crawling activity alone accounted for approximately 30% of the overall worldwide traffic being experienced by QVC.” Id. According to QVC, the rates of search requests from “typical search engines” are significantly lower than the rates at which Resultly's Program made requests to QVC's website. Id. ¶ 29. As for Defendant Beyrak, QVC alleges that he “specifically directed, participated in, and/or cooperated in Resultly's configuration of its Program” and was thus also responsible for causing QVC's website, network, and web servers to become overloaded. Id. ¶ 23. QVC customers were unable to view or make purchases on QVC's website for “many hours” because of the disruption, which meant that QVC lost sales and revenue. Id. ¶ 35.

II. STANDARD OF REVIEW

“To survive a motion to dismiss, a complaint must contain sufficient factual matter, accepted as true, to ‘state a claim to relief that is plausible on its face.’ ” Ashcroft v. Iqbal , 556 U.S. 662, 678, 129 S.Ct. 1937, 173 L.Ed.2d 868 (2009) (quoting Bell Atl. Corp. v. Twombly , 550 U.S. 544, 570, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007) ). “In light of Twombly, ‘it is no longer sufficient to allege mere elements of a cause of action; instead a complaint must allege facts suggestive of [the proscribed] conduct.’ ” Great W. Mining & Mineral Co. v. Fox Rothschild LLP , 615 F.3d 159, 177 (3d Cir.2010) (quoting Phillips v. County of Allegheny , 515 F.3d 224, 233 (3d Cir.2008) ). Consistent with the Supreme Court's rulings in Twombly and Iqbal, the Third Circuit requires a two-step analysis when reviewing a Rule 12(b)(6) motion. Edwards v. A.H. Cornell & Son, Inc. , 610 F.3d 217, 219 (3d Cir.2010). First, separate the factual and legal elements of a claim, accepting the facts and disregarding the legal conclusions. Fowler v. UPMC Shadyside , 578 F.3d 203, 210–11 (3d Cir.2009). Second, determine whether the remaining well-pled facts sufficiently show that the plaintiff “has a ‘plausible claim for relief.’ ” Id. at 211 (quoting Iqbal , 556 U.S. at 679, 129 S.Ct. 1937 ). Then construe those facts and draw inferences in the light most favorable to the plaintiff. Santomenno ex rel. John Hancock Trust v. John Hancock Life Ins. Co. (U.S.A.) , 768 F.3d 284, 290 (3d Cir.2014). However, “[w]here a complaint pleads facts that are ‘merely consistent with’ a defendant's liability, it ‘stops short of the line between possibility and plausibility of entitlement to relief.’ ” Great W. Mining , 615 F.3d at 177 (quoting Twombly , 550 U.S. at 556–57, 127 S.Ct. 1955 (internal quotation marks omitted)). At bottom, the question is not whether the claimant “will ultimately prevail...but whether his complaint [is] sufficient to cross the federal court's threshold.” Skinner v. Switzer , 562 U.S. 521, 529–30, 131 S.Ct. 1289, 179 L.Ed.2d 233 (2011).

III. DISCUSSION

A. Breach of Contract (Counts Ten Through Sixteen)—Resultly, VigLink

1. Claims Against Resultly

The Amended Complaint includes various counts against Resultly for breach of the QVC Publisher Agreement (Counts 10 & 12) and the CJ Publisher Agreement (Counts 13 & 15), which Resultly seeks to dismiss. Am. Compl. ¶¶ 131-42, 147-52, 153-67, 174-81. Although the Amended Complaint alleges that VigLink was accepted as a Publisher in QVC's program, it does not contain any allegations that Resultly ever applied to become a QVC Publisher or expressly agreed to the terms in either the CJ Publisher Agreement or the QVC Publisher Agreement. Given that Resultly was not a party to either contract, and that “[i]t is fundamental contract law that one cannot be liable for a breach of contract unless one is a party to that contract,” Electron Energy Corp. v. Short , 408 Pa.Super. 563, 597 A.2d 175, 177 (1991) (citing Viso v. Werner , 471 Pa. 42, 369 A.2d 1185 (1977) ), QVC's contract claims against Resultly must fail unless they can survive on another theory.

During oral argument on the motions to dismiss, QVC identified the operative QVC Publisher Agreement as the document attached as Exhibit 2 to Beyrak's Motion to Dismiss. QVC further identified the operative CJ Publisher Agreement as the document attached as Exhibit 6 to Beyrak's Motion to Dismiss, each of which are referenced in the Amended Complaint. None of the Defendants dispute the authenticity of these documents. Accordingly, the Court will consider them in evaluating the motions. Pension Ben. Guar. Corp. v. White Consol. Indus., Inc. , 998 F.2d 1192 (3d Cir.1993).

QVF offers one—to wit, “it was an intended beneficiary of Resultly's promise to comply with QVC's terms and conditions as VigLink's sub-publisher in QVC's affiliate marketing program, because the services provided under the applicable agreements—promoting QVC and its products—were expressly intended for the benefit of QVC and other advertisers.” Opp'n to Resultly Mot. at 25. It identifies a number of paragraphs in the Amended Complaint in support of this theory. Some of those paragraphs suggest that QVC's argument is that it is an intended beneficiary of the Terms of Service between VigLink and Resultly. Am. Compl. ¶¶ 79-81. Others suggest that it premises its intended beneficiary argument on the CJ Publisher Agreement because “VigLink and Resultly intended to give QVC the benefit of their promotional efforts under the CJ Publisher Agreement.” Id. ¶¶ 164-66, 170-71,178-80. Neither theory is viable on an intended beneficiary theory given the allegations set forth in the Amended Complaint.

As a preliminary matter, the headings for the contract counts in the Amended Complaint state specifically that QVC's claims are for breach of the QVC Publisher Agreement and of the CJ Publisher Agreement. None of the counts state that they are for breach of Viglink's Terms of Service. Having not asserted a claim for breach of this agreement in its Amended Complaint, regardless of whether such a claim would be viable on any theory, QVC cannot now seek to add such a claim in its motion to dismiss briefing. See Gueson v. Feldman, No. 00–1117, 2002 WL 32308678, at *4 (E.D.Pa. Aug. 22, 2002), aff'd sub nom. , Gueson v. Sheppard , 85 Fed.Appx. 870 (3d Cir.2003) (“A plaintiff may not raise new claims in response to a motion to dismiss”).

Neither is QVC's argument that it is an intended beneficiary of the CJ Publisher Agreement tenable. Under Pennsylvania law, a non-party to a contract may bring a breach of contract claim if it is an intended third party beneficiary, i.e. , if the contract expresses both parties' intent to benefit it or “the circumstances are so compelling that recognition of the beneficiary's right is appropriate to effectuate the intention of the parties....” Am. Stores Props., Inc. v. Spotts, Stevens & McCoy, Inc. , 651 F.Supp.2d 349, 352–53 (E.D.Pa.2009) (quoting Scarpitti v. Weborg , 530 Pa. 366, 609 A.2d 147, 150–51 (1992) ). Thus, to recover as a third party beneficiary QVC must allege at a minimum that it was not a party to the contract, that the entity which it is suing for breach of contract is, and that the parties to the contract intended to benefit QVC. While QVC is not a party to the CJ Publisher Agreement, neither is Resultly; thus this theory of liability must fail. Nevertheless, QVC argues that Resultly is bound to the CJ Publisher Agreement because it agreed to VigLink's Terms of Service. The argument is as follows: The Terms of Service, argue QVC, require sub-publishers to “comply with all rules, regulations and guidelines, as well as any applicable Merchant terms and conditions and policies.” Am. Compl. ¶¶ 79-81. A “Merchant” is defined as “a party that supplies goods and/or service to [web users] and which has an affiliate program.” Because QVC identifies itself as one such “Merchant,” by agreeing to the Terms of Service, QVC concludes that Resultly thereby agreed to comply with QVC's terms and conditions as set forth in the CJ Publisher Agreement. While QVC has alleged that there is some level of connectivity between the contracts that are at issue in this matter, the fact that Resultly was not a party to the CJ Publisher Agreement is dispositive. Spires v. Hanover Fire Ins. Co ., 364 Pa. 52, 70 A.2d 828 (1950) (“To be a third party beneficiary entitled to recover on a contract it is not enough that it be intended by one of the parties to the contract and the third person that the latter should be a beneficiary, but both parties to the contract must so intend and must indicate that intention in the contract.”) (emphasis in original).

2. Claims Against VigLink

QVC also claims that VigLink breached the QVC Publisher Agreement and the CJ Publisher Agreement. Unlike Resultly, VigLink was a signatory to both agreements. VigLink seeks to dismiss each one of those counts.

a. Breach of the QVC Publisher Agreement

In Count Ten, QVC alleges that VigLink breached its obligations under the QVC Publisher Agreement when Resultly accessed QVC's server using its web-crawling program. Am. Compl. ¶¶ 131-42. Specifically, QVC describes how, under the terms of the QVC Publisher Agreement and CJ Publisher Agreement, VigLink agreed to be responsible for all usage and activity on or through its account and to be responsible for all of its promotional methods. Id. ¶ 134. VigLink failed in that responsibility, argues QVC, because although the QVC Publisher Agreement prohibited Resultly's use of its web-crawling program, Id. ¶ 35, VigLink recruited, encouraged or permitted Resultly to use methods to access QVC's server that violated that agreement. Id. ¶¶ 136-40. In its motion to dismiss, VigLink argues that these allegations fail to state a claim for two reasons: (1) the Amended Complaint does not contain allegations from which the Court could plausibly infer that the QVC Publisher Agreement prohibited Resultly's web-crawling; and, (2) even if Resultly could and did violate the QVC Publisher Agreement, VigLink could not be responsible for Resultly's conduct because Resultly was not its agent and the Amended Complaint contains no allegations that could plausibly support a finding that VigLink was “recruiting, encouraging, and permitting” Resultly to do anything. VigLink Mot. at 17.

VigLink's first argument, that the QVC Publisher Agreement does not prohibit web-crawling, is undermined on this motion to dismiss by Section I(B) of that agreement, which is referred to in Paragraph 53 of the Amended Complaint and which provides in relevant part:

You may only use the banner advertisements, button links, product information , QVC logos and text links to the QVC.com website (or any mirror or successor site) (‘QVC Site’) and/or other advertisements promoting QVC products and events (‘Advertisements') that are provided to you by QVC through Commission Junction . You may not modify the Advertisements without QVC's prior written consent. You may not include price information in your descriptions unless provided to you and approved by QVC. Each link connecting users of your Site to the QVC Site shall not alter the look, feel or functionality of the QVC site.

This provision of the QVC Publisher Agreement directly addresses what information a Publisher can and cannot use to create links to QVC's website. Specifically, it provides that a Publisher may only use the product information provided to it by QVC through Commission Junction. Interpreted in the light most favorable to QVC, the QVC Publisher Agreement thus prohibits any action to obtain “product information” that QVC did not provide to Commission Junction, including product information obtained by crawling QVC's website. See Opp'n to Resultly Mot. at 4.

Resultly further argues that even if the relevant contracts did prohibit web-crawling, QVC is judicially estopped from asserting such an argument because it took an inconsistent position during the course of its Preliminary Injunction motion. See Beyrak Reply at 7-8 (citing G –I Holdings, Inc. v. Reliance Ins. Co ., 586 F.3d 247, 253 (3d Cir.2009) (setting forth the elements of judicial estoppel, including, inter alia , the presence of “irreconcilably inconsistent positions”)). Specifically, Resultly points to the following language in a declaration submitted for the purposes of the Preliminary Injunction by QVC employee David Garozzo:

It is my understanding that Resultly, through its CEO, advised QVC that the harm to QVC's website could have been avoided if QVC had utilized a “crawl-delay” feature utilizing the “robots.txt” script protocol. However, such a “crawl-delay” feature is too limited for QVC, as it would limit the number of pages to index to just 86,400 a day, using the shortest delay time possible. In contrast, the QVC.com website supports without any issue millions of pages of page crawls per day from sites like Google that crawl at reasonable rates standard within the industry.

Garozzo Decl. ¶ 13. Resultly/Beyrak construe this language as an admission that QVC allowed anyone, including Resultly, to crawl its webpage, which they argue directly contradicts QVC's position that it did not grant Resultly such access. In response, QVC argues that the fact that QVC did not impose a crawl delay feature in its robots.txt file does not mean that QVC allowed Resultly to crawl its website. See, e.g., Sur-Reply to Resultly Mot. at 4-5. Rather, QVC asserts that it is entitled to restrict access for some but not all entities using other methods. Id. Such methods include the express instructions in its publisher agreements not to crawl its webpage as well as measures such as load-balancing firewalls to protect webservers from undue stress.
At this stage in the litigation, QVC's allegations in the Amended Complaint do not present an “irreconcilably inconsistent position” with the statement in Mr. Garozzo's declaration that QVC did not impose a crawl-delay via a robots.txt file. The fact that QVC allows some publishers to crawl its webpage does not prohibit it from restricting the methods by which participants in QVC's marketing affiliate program gather information from QVC's website. See Craigslist, Inc. v. 3Taps Inc., 964 F.Supp.2d 1178, 1183–84 (N.D.Cal.2013).

As for VigLink's arguments that it cannot be held responsible for Resultly's conduct, QVC points out that its contract claims against VigLink are not based on a theory of vicarious liability. Opp'n to VigLink Mot. at 20. Rather, QVC alleges that VigLink directly breached its promise to be “responsible for all usage and activity on or through its account” and to be “solely responsible for...all of [its] promotional methods” under the CJ Publisher Agreement. Taking these allegations as true, the Amended Complaint contains factual allegation sufficient to infer that VigLink breached the QVC Publisher Agreement when Resultly crawled QVC's web server in an effort to earn payouts through VigLink's account because VigLink “recruited, encouraged, or permitted” Resultly to crawl QVC's website and was contractually responsible for all activity on or through its account with VigLink. Accordingly, the motion to dismiss Count Ten shall be denied.

In Count Eleven, QVC alleges that VigLink breached the QVC Publisher Agreement because it “granted Resultly an actual or de facto sublicense of its rights to use and access the QVC website.” Am. Compl. ¶ 144. In its motion, VigLink argues that “beyond this legal conclusion, the claim does not offer any factual allegations” to support such a claim. VigLink Mot. at 18. QVC responds that it has alleged that the QVC Publisher Agreement prohibits sublicensing, that VigLink granted a sublicense to Resultly, and that Resultly has admitted that it was VigLink's sub-publisher under the Terms of Service between VigLink and Resultly. Opp'n to VigLink Mot. at 21. Paragraph IV(A) of the QVC Publisher Agreement specifically provides that the right to “access the QVC Site through links” is “without the right to sublicense.” Although the Terms of Service VigLink attached to its motion to dismiss does not specifically grant Resultly a sub-license, the provision that “VigLink will be the ‘publisher of record’ for all Merchant affiliate programs” does provide a factual basis from which to plausibly infer, for purposes of a motion to dismiss, that VigLink granted Resultly either an actual or de facto sublicense to use VigLink's account with QVC. See Leit Decl. Ex. A. Accordingly, VigLink's motion to dismiss Count Eleven shall be denied.

In Count Twelve, QVC alleges that VigLink breached the QVC Publisher Agreement by failing to provide QVC with complete information regarding the promotional methods used on VigLink's account. See Am. Compl. ¶¶ 147-52. In support of its claim, QVC relies upon Paragraph 58 of the Amended Complaint, which QVC represents in its opposition brief as stating that “the QVC Publisher Agreement required VigLink to designate its account as “special” if it used [certain promotional methods].” See Opp'n to VigLink Mot. at 21 (citing Am. Compl. ¶ 58). Contrary to QVC's assertion, however, Paragraph 58 of the Amended Complaint relates to a provision in the CJ Publisher Agreement, not the QVC Publisher Agreement. See Am. Compl. ¶ 58. Accordingly, the Court shall grant VigLink's motion to dismiss Count Twelve.

Finally, in Count Sixteen, QVC alleges breach of the provision in the QVC Publisher Agreement requiring VigLink to indemnify QVC for “any and all losses, liabilities, actions, claims, expenses, and costs...which result or arise from or [are] related to the development, operation, and contents of your website or your negligence or breach of this Agreement.” Am. Compl. ¶ 183. QVC alleges that Resultly has filed counterclaims against it premised on rights Resultly alleges it obtained from VigLink to crawl QVC's website. Id. ¶ 184. QVC argues that because VigLink did not have the right to crawl QVC's website under its agreement with QVC, granting Resultly such a right would be a breach of the QVC Publisher Agreement, thus triggering the indemnification provision. Id. ¶ 185.

In response, VigLink argues only that “[w]hether or not VigLink was granted such permission is irrelevant, because VigLink did not use any type of robot software.” VigLink Mot. at 18. However, QVC's claim for indemnification is not based on whether or not VigLink used software to crawl QVC's server. Rather, the claim is premised on QVC's allegation that VigLink allowed Resultly to crawl QVC's website on its behalf despite the fact that VigLink was prohibited from such conduct by the QVC Publisher Agreement. This claim is plausible on the facts alleged. Accordingly, VigLink's motion to dismiss Count Sixteen is denied.

b. Breach of the CJ Publisher Agreement

In Counts Thirteen, Fourteen, and Fifteen, QVC asserts a breach by VigLink of the CJ Publisher Agreement. VigLink argues that these claims must be dismissed because QVC is not a party to the contract between it and Commission Junction. VigLink Mot. at 18 n.15 (citing Presbyterian Med. Ctr. v. Budd , 832 A.2d 1066, 1071–72 (Pa.Super.2003) ). In response, QVC argues that it is a third-party beneficiary to the CJ Publisher Agreement and therefore may enforce that agreement against VigLink. Opp'n to VigLink Mot. at 20 n.13. Although the CJ Publisher Agreement does not expressly indicate that it is intended to benefit Advertisers such as QVC, the agreement clearly defines certain duties and prohibitions in the context of a Publisher's relationship with both Commission Junction and Advertisers. For example, Paragraph 2(a) of the CJ Publisher Agreement provides that a Publisher must “provide CJ and Advertiser with accurate information about You and Your promotional methods.” Beyrak Mot. Ex. 6 at ¶ 2(a) (emphasis added). Moreover, the Amended Complaint alleges that the Advertiser Agreement between QVC and Commission Junction “expressly provides that QVC is ‘intended to benefit under each...Publisher's Publisher Service Agreement’ with CJ.” Am. Compl. ¶ 48. The allegation, given the reference to a specific term of the CJ Publisher Agreement, is sufficient to plausibly infer that QVC is an intended third-party beneficiary. See eBay Inc. v. Digital Point Sols., Inc. , No. 08–4052, 2009 WL 2523733, at *3 (N.D.Cal. Aug. 17, 2009) (finding that plaintiff advertiser was third-party beneficiary to publisher agreement with Commission Junction).

In Count Thirteen, which contains nearly identical allegations to Count Ten, QVC alleges that VigLink breached the CJ Publisher Agreement by, inter alia , “recruiting, encouraging, and permitting Resultly to transmit malicious and unsolicited software...[and] us[e] a device, program, or robot... purportedly under rights granted to VigLink under the...CJ Publisher Agreement.” Am. Compl. ¶ 159-60. As in Count Ten, QVC's claim is premised on the allegation that under “the terms of the CJ Publisher Agreement, VigLink was responsible for Resultly's promotional methods and for Resultly's usage and activity on VigLink's account.” Id. ¶ 156. The Amended Complaint further alleges that, in violation of the Publisher Agreements, Resultly crawled QVC's webpage in order to gain commissions through VigLink's account. Id. ¶ 157. As in Count Ten, these allegations are sufficient to allege a breach of contract. Accordingly, the motion to dismiss Count Thirteen is denied.

In Count Fourteen, which contains nearly identical allegations to Count Eleven, QVC alleges that VigLink breached the CJ Publisher Agreement by granting Resultly an “actual or de facto sublicense of its rights to use and access the QVC website, in breach of the CJ Publisher Agreement.” Am. Compl. ¶ 169. QVC does not specify which provision of the CJ Publisher Agreement prohibits VigLink from granting a sublicense, and a review of the agreement indicates that no such prohibition exists. Accordingly, the Court shall grant the motion to dismiss Count Fourteen.

Finally, in Count Fifteen, which contains allegations nearly identical to Count Twelve, QVC alleges that VigLink violated the CJ Publisher Agreement by “failing to provide QVC with clear, accurate, or complete information about the promotional methods used by...Resultly.” Am. Compl. ¶ 176. As discussed above, Paragraph 2(a) of the CJ Publisher Agreement provides:

You agree to provide CJ and Advertiser with accurate information about [VigLink] and [VigLink's] promotional methods, and to maintain up-to-date ‘Account’ information (such as contact information, Web sites used, etc.). In Your Account, You must accurately, clearly and competently describe all promotional methods by selecting the appropriate descriptions and providing additional information when necessary. Some promotional methods will be designated by the system as “special.” Special programs are linked to promotional methods

and practices considered unique and require manual approval and acceptance by the Advertiser. CJ reserves the right to define any program as special.

QVC argues that VigLink breached these provisions because “it did not designate its account as ‘special’ and did not provide QVC with any information regarding Resultly's unapproved promotional methods (such as Resultly's use of a robot web crawling program).” Opp'n to VigLink Mot. at 21-22. Although the precise meaning of paragraph 2(a) remains unclear, these allegations are sufficient to survive VigLink's motion to dismiss.

B. Vicarious Liability—VigLink

Before turning to the viability of QVC's CFAA and state law claims, it is necessary to address, as a threshold issue, whether any such claims are viable against VigLink given that QVC premises them on a theory that VigLink is vicariously liable for Resultly's conduct.

1. Vicarious Liability Under CFAA

In determining whether QVC can use vicarious liability as a means to allege a violation under the CFAA, the Court first looks to the language of the statute. Scafar Contracting, Inc. v. Sec'y of Labor , 325 F.3d 422, 425 (3d Cir.2003). In Section 1030(g) of the CFAA, Congress created a civil remedy for any violation of the section. Specifically, Section 1030(g) provides that “[a]ny person who suffers damage or loss by reason of a violation of this section may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other applicable relief.” 18 U.S.C. § 1030(g). The CFAA defines the term “person” to mean “any individual, firm, corporation, educational institution, financial institution, governmental entity, or legal or other entity.” 18 U.S.C. § 1030(e)(12). The CFAA does not define the term “violator” or make reference to vicarious liability.

QVC cites to Meyer v. Holley, in which the Supreme Court considered whether vicarious liability was available under the Fair Housing Act (FHA) given that the act “says nothing about vicarious liability.” 537 U.S. 280, 285, 123 S.Ct. 824, 154 L.Ed.2d 753 (2003). In holding that ordinary vicarious liability principles apply to the FHA, the Supreme Court reasoned that when a statute contains a private right of action sounding in tort, Congress “legislate[d] against a legal background of ordinary tort-related vicarious liability rules and consequently intends its legislation to incorporate those rules.” Id. at 286, 123 S.Ct. 824. QVC further directs the Court to Charles Schwab Co. v. Carter, in which the Northern District of Illinois applied the principles outlined in Meyer to the CFAA and concluded “that Congress drafted the CFAA with an intent to permit vicarious liability.” No. 04–7071, 2005 WL 2369815, at *6 (N.D.Ill. Sept. 27, 2005). Although the District Court in Charles Schwab noted that “[a]ny presumption of vicarious liability...cannot apply when doing so would conflict with clear congressional intent,” 2005 WL 2369815, at *5 (citing Liquid Air Corp. v. Rogers , 834 F.2d 1297, 1306 (7th Cir.1987) ), it concluded that—in the context of the specific facts at issue in the case before it—allowing the plaintiff to proceed on a theory of vicarious liability would further the CFAA's purpose, i.e. , to “punish those who intentionally access computer files and systems without authority and cause harm,” because the alleged principal “affirmatively urged [the agent] to access [plaintiff's] computer system beyond his authorization for their benefit.” Id. at *7.

The Third Circuit has not yet addressed the question of whether a party can sustain a CFAA action on a vicarious liability theory. Any analysis of the question must be driven by the purpose of the CFAA, which was enacted as a criminal statute to penalize computer hackers as “the centerpiece of federal enforcement efforts against computer based crimes.” Healthcare Advocates, Inc. v. Harding, Earley, Follmer & Frailey , 497 F.Supp.2d 627, 646 (E.D.Pa.2007). Moreover, “[t]he general purpose of the CFAA was to create a cause of action against computer hackers (e.g ., electronic trespassers).” Dresser Rand Co. v. Jones , 957 F.Supp.2d 610, 614 (E.D.Pa.2013) (citations omitted); see also P.C. Yonkers, Inc. v. Celebrations the Party and Seasonal Superstore, LLC , 428 F.3d 504, 510 (3d Cir.2005) (CFAA enacted to address “classic” computer “hacking”). Although the statute was amended in 1994 to add a civil provision, it “remains primarily a criminal statute designed to combat hacking,” and, as such, jurisprudential care should be taken not to “contravene Congress's intent by transforming a statute meant to target hackers into a vehicle for imputing liability to [defendants] who access computers or information in bad faith.” WEC Carolina Energy Solutions LLC v. Miller , 687 F.3d 199, 201, 207 (4th Cir.2012) ; accord United States v. Nosal , 676 F.3d 854, 857–58 (9th Cir.2012) (en banc) (refusing to “transform the CFAA from an anti-hacking statute into an expansive misappropriation statute” and construing CFAA to “maintain[ ] the CFAA's focus on hacking rather than turning it into a sweeping Internet-policing mandate”).

It is not necessary to decide the question here, however, because even assuming that Congress intended to allow vicarious liability for CFAA claims, QVC's CFAA claims against VigLink would nevertheless fail because the Amended Complaint does not contain facts from which the Court could plausibly infer, as QVC contends it should, that VigLink and Resultly were engaged in a master-servant relationship.

2. Master-Servant Relationship

Applying the principles set forth in Meyer, the relevant inquiry in determining vicarious liability is whether the relationship between principal and agent is that of master-servant or independent contractor. See Restatement (Second) of Agency § 2. A “master” is a “principal who employs an agent to perform service in his affairs and who controls or has the right to control the physical conduct of the other in the performance of the service.” Id. By contrast, an “independent contractor” is a “person who contracts with another to do something for him but who is not controlled by the other nor subject to the other's right to control with respect to his physical conduct in the performance of the undertaking.” Id. A principal is not ordinarily liable for an independent contractor's conduct.

Here, VigLink can be held vicariously liable for Resultly's conduct only if it could be found to have had the “right to control the manner and means” by which Resultly's work for VigLink was accomplished. Cmty. for Creative Non Violence v. Reid , 490 U.S. 730, 751, 109 S.Ct. 2166, 104 L.Ed.2d 811 (1989). QVC's only argument that it has sufficiently alleged a “right to control” is that VigLink's Terms of Service required Resultly to comply with QVC's terms and conditions. Opp'n to VigLink Mot. at 5. This provision of the Terms of Service, QVC argues, restricts the method by which Resultly could earn commissions through VigLink's account, which—contends QVC—sufficiently alleges that VigLink asserted the necessary control over the manner in which Resultly performed its work. Id. at 6 n.3. The Court finds, however, that this allegation, alone, is insufficient to plausibly infer that VigLink had control over the methods in which Resultly conducted its business. Rather than dictating a method by which Resultly must conduct its business, VigLink's Terms of Service merely aim to ensure a result that complies with QVC's policies. In other words, Resultly is free to conduct its business in any manner it chooses, so long as it does not violate QVC's terms and conditions. The most significant “control” VigLink appears to possess was the ability to “cancel service for any site at its discretion,” which is insufficient to establish agency. See, e.g. , Myszkowski v. Penn Stroud Hotel, Inc. , 430 Pa.Super. 315, 634 A.2d 622 (1993). In Myszkowski, the Pennsylvania Superior Court considered whether a master-servant relationship existed in the context of a franchisor/franchisee relationship as a result of conditions in a marketing agreement that were alleged to have dictated the method by which the franchisee conducted its business. In examining the issue of vicarious liability, the Pennsylvania appellate court held that that “the focus of [the] inquiry should be whether the alleged master has day-to-day control over the manner of the alleged servant's performance .” Id. (emphasis added). The court concluded that although the marketing agreement set certain quality control standards, those provisions in the marketing agreement were insufficient to allege a master-servant relationship because they “only addresse[d] the result of the work and not the manner in which it is conducted.” Id. Moreover, the court was not persuaded that the franchisor had control over the day-to-day operations of the inn simply because it had the right under the agreement to terminate the franchisee's use of the franchisor's trade name. Id. at 628. “Such a sanction,” the court explained, “does not indicate that there is a continuous subjection to the will of the alleged master so as to constitute a master-servant relationship” as required to impose vicarious liability. Accordingly, QVC's CFAA claims against VigLink which are premised on a theory of vicarious liability must fail.

QVC further argues, under several different theories, that VigLink is still vicariously liable for Resultly's actions regardless as to whether the Court deems Resultly an independent contractor. Specifically, QVC argues that:

(1) VigLink is contractually liable for Resultly's behavior because it agreed as part of the Publisher Agreements that it was responsible for Resultly's activity conducted through the VigLink account, Opp'n to VigLink Mot. at 6 n.3; (2) VigLink is ostensibly liable for Resultly's act because it induced QVC to approve its application to participate in the marketing affiliate program through its promise that the contracted-for services would be rendered by VigLink, and only VigLink, id. ; and (3) VigLink is “estopped from denying that it bears responsibility for Resultly's crawling conduct” under Section 2.05 of the Restatement (Third) of Agency (2006). Id. at 8. These arguments are precluded by Meyer, in which the Supreme Court declined to read into a statute vicarious liability in situations beyond the traditional master-servant relationship, including “the kind of liability that, for example, the law might impose in certain special circumstances upon a principal or employer that hires an independent contractor.” See 537 U.S. at 290, 123 S.Ct. 824 (citing Restatement § 214).

C. CFAA Violations (Counts One Through Five)—Resultly, Beyrak, VigLink

Turning next to the viability of QVC's CFAA claims against Resultly and Beyrak, which are set forth in Counts One through Five of QVC's Amended Complaint.

1. Count One

Count 1 of QVC's Amended Complaint alleges a violation of CFAA, 18 U.S.C. §§ 1030(a)(5)(A), which prohibits: “ knowingly caus[ing] the transmission of a program, information, code, or command, and as a result of such conduct, intentionally caus[ing] damage without authorization, to a protected computer.” 18 U.S.C. § 1030(a)(5)(A) (2012) (emphases added). Resultly argues that Count One should be dismissed because the Amended Complaint fails to allege that either Resultly or Beyrak “intentionally caused damage” to QVC's computer system. Resultly Mot. at 7.

In his motion to dismiss, Beyrak adopts all of Resultly's arguments, see Resultly Mot. at 1, and VigLink offers many of the same arguments. For the sake of efficiency, the Court shall only address Resultly's motion unless it is necessary to examine Beyrak's or VigLink's specific arguments in order to address the claims against them.

As this Court explained in its opinion on QVC's preliminary injunction motion, the plain language of the statute clearly requires that a Section 1030(a)(5)(A) claim must sufficiently allege that the defendant both knowingly transmit a code and intend to cause damage to the plaintiff's computer. QVC, Inc. v. Resultly, LLC , 99 F.Supp.3d 525, 533 (E.D.Pa.2015). “Damage” is defined as “any impairment to the integrity or availability of data, a program, a system, or information.” 18 U.S.C. § 1030(e)(8).

The Third Circuit has defined “intentionally” in the criminal context as performing an act “deliberately and not by accident.” United States v. Barbosa , 271 F.3d 438 (3d Cir.2001). In United States v. Carlson, a panel of the Third Circuit applied this definition to a Section 1030(a)(5)(A) case and held that a violation occurs if it was “the defendant's conscious objective ” to cause harm to a protected computer. 209 Fed.Appx. 181, 184–85 (3d Cir.2006) (emphasis added). In other words, a plaintiff alleging a Section 1030(a)(5)(A) violation is “required to prove at trial that [the defendant] deliberately caused an impairment to the integrity or availability of data, a program, a system, or information.” Id. (emphasis added).

In Carlson, the defendant was alleged to have sent thousands of emails to specific email addresses, typically belonging to journalists or members of the Philadelphia Phillies, as an attempt to draw attention to issues he considered important. For example, the defendant sent 5,000 emails to a member of the Phillies with the subject line “Sign JASON GIAMBI.” The defendant denied any intent to cause damage to the individual e-mail accounts. However, at trial, Carlson admitted that when he sent thousands of e-mails to a single address, “the targeted inbox would flood with e-mails and thus impair the user's ability to access his other ‘good’ emails.” Id. at 183. Moreover, Carlson conceded that he “believed the targeted e-mail user's ability to access his email would be impaired,” albeit only for “a few minutes.” Id. at 185. The court concluded that “Carlson's level of internet savvy, combined with his actions, could rationally be used to conclude that Carlson intended the consequences of his actions.” Id. at 185.

In United States v. Prugar, another case addressing the intent requirement under Section 1030(a)(5)(A), the defendant gained unauthorized access to his previous employer's servers in order to retrieve certain data. No. 12–267, 2014 WL 4716382 (M.D.Pa. Sept. 22, 2014), reconsidered on other grounds , United States v. Prugar , No. 12–0267, 2015 WL 5602886 (M.D.Pa. Sept. 23, 2015). After locating the data, the defendant created a script to delete log files showing his actions. Although the defendant stated he did not intend to harm the employer's computer, his act of deleting log files squarely caused “damage” under the CFAA because it “impair[ed]the integrity or availability of...information” on the employer's network. Thus, the court found that the evidence established defendant's intent to harm even if “his deliberate deletion of [the logs] was done with the purpose of concealing his access rather than causing the system to malfunction or pecuniary harm.” Id. at *10.

Carlson and Prugar teach that although a plaintiff seeking to state a Section 1030(a)(5)(A) claim need not allege that the defendant acted with malice or that it was the defendant's primary purpose to cause damage to the protected computer, the allegations must suggest the defendant knew his actions would cause damage and that it was his conscious desire to take those actions. Significantly, however, the damage plaintiff must allege is not “damage” in the general sense, but rather “damage” as defined by the CFAA, i.e ., “any impairment to the integrity or availability of data, a program, a system or information.” 18 U.S.C. § 1030(e)(8)(A). Thus, like in Carlson and Prugar , it would be sufficient to allege facts showing that the plaintiff specifically intended to delete a discrete file in a protected computer, even if the defendant believed that his actions would go unnoticed and would not disrupt the long-term functionality or availability of any other data on the computer. Similarly, it would be sufficient to allege that the defendant intended to engage in activity that he knew would impair the functionality of a protected computer, even if the primary purpose of the defendant's conduct was not to cause a lack of functionality and the defendant believed that the loss of functionality would be temporary.

QVC argues that the Resultly Defendants' intent can be inferred from the allegations in the Amended Complaint that Resultly disguised its web crawler as individual online users, disguised its source IP address, and sent excessive requests to overload QVC's website and network. Am. Compl. ¶ 83. Turning first to the allegations concerning Resultly's efforts to disguise its IP address, QVC specifically points to the allegation in the Amended Complaint that:

Defendant Resultly also configured its Program to cause several different [IP] addresses to be shown as the Program's source when network technicians attempted to trace the source of the Program, as opposed to the actual IP address from which the Program requests originated. This configuration further obscured that the Program's search requests were coming from a web crawling program as opposed to individual users.

Id. ¶ 25. Although the Court could plausibly infer from these facts that Resultly wished to disguise its identity, they do not, on their own, suggest that it was Resultly's conscious objective to cause an “impairment to the integrity or availability of” QVC's website or servers.

Regarding the allegations concerning the speed of Resultly's requests, the Amended Complaint further alleges that:

28. [Resultly's] Program bombarded QVC's website with search requests at rates ranging from 200-300 requests per minute to up to 36,000 requests per minute , which overloaded QVC's website and prevented QVC from being able to serve its customers. At one point the Program's crawling activity alone accounted for approximately 30% of the overall world wide web traffic being experienced by QVC.

29. The rates of search requests from typical search engines are significantly lower than the rates at which Resultly's Program made requests on QVC's website, and the search requests themselves are configured in such a way as to interface with common load balancing techniques to reduce or eliminate stress on origin webservers.

30. Resultly knew or should have known that its Program crawled at a rate per minute that was thousands of times more than standard industry practices .

31. Resultly knew or should have known that the configuration of its Program did not follow commonly accepted web crawling protocols and practices in that it bypassed normal load balancing techniques and put stress on origin webservers.

32. Upon information and belief, Resultly received error messages from the QVC site during the early stages of the Program's crawl, and otherwise knew or should have known that the Program was causing stress on the QVC network. Resultly could have and should have modified its crawl to reduce the stress its Program was causing, but instead increased and/or maintained the intensity of the Program's crawl.

At oral argument, counsel for Resultly/Beyrak conceded that the allegations that Resultly's program was consistently sending 36,000 requests per minute would be consistent with a deliberate attack on QVC's server. See Hr'g Tr. at 75:23-24. However, as counsel for Resultly/Beyrak pointed out, the Amended Complaint also contains the allegation that at some points in time, Resultly's Program was sending 200-300 requests per minute, which would not be “thousands of times more than the standard industry practice” and would be consistent with a program error or malfunction. These allegations regarding the speed at which Resultly's program crawled QVC's server must be considered in conjunction with other allegations in the Amended Complaint regarding the financial incentives which led Resultly to crawl QVC's website. Among other things, QVC alleges that “Defendant VigLink participated in QVC's affiliate marketing program, under which VigLink could receive compensation for facilitating sales on QVC's website,” and that “Resultly crawled the QVC website for the purpose of earning compensation through VigLink's account with CJ and enrollment in the QVC marketing program.” Am. Compl. ¶¶ 6, 68. Taking these into account, it is evident that the Resultly Defendants' incentives were aligned with QVC's insofar as they could not hope to earn any percentage of commissions to VigLink if the QVC website were nonfunctional, and, thus, it is not plausible to infer that Resultly intended to damage QVC's website or servers. Thus, the Court shall grant the Resultly Defendants' motions to dismiss Count One.

Resultly also argues that because the Court found, in the context of QVC's preliminary injunction motion, that Resultly did not intend to damage QVC's server, the “law of the case doctrine” would apply to preclude QVC from alleging in its Amended Complaint that Resultly had such intent. Here, application of the law of the case doctrine is inappropriate. Under Rule 12(b)(6), a plaintiff need only state a plausible claim for relief. To obtain a preliminary injunction, however, a plaintiff must go further and establish a likelihood of succeeding on its claim. The failure to so establish does not necessarily imply on a motion to dismiss that the plaintiff alleging the same facts has failed to state a claim. See Jurista v. Amerinox Processing, Inc. , 492 B.R. 707, 778 (D.N.J. 2013) (“[T]he standard for obtaining injunctive relief is considerably higher than the standard for surviving dismissal.”).

2. Counts Two through Five

a. “Without Authorization”

Each of Counts Two through Four of QVC's Amended Complaint, allege sufficient facts to plausibly state violations of CFAA Section 1030(a)(5)(B), Section 1030(a)(5)(C), and Section 1030(a)(2)(C), all of which require Resultly and Beyrak to have accessed QVC's computer system “without authorization.” “Authorization” is not defined by the CFAA, and the Third Circuit has not yet addressed the meaning of “authorization” in the context of the statute. Where a statutory term is undefined, courts generally give it its ordinary meaning, which can be gleaned from a dictionary. Cadapan v. Attorney Gen. of United States , 749 F.3d 157, 161 (3d Cir.2014) (“[G]enerally when a statutory term is left undefined, we give it its ‘ordinary meaning’ or common usage.”) (citing United States v. Santos , 553 U.S. 507, 511, 128 S.Ct. 2020, 170 L.Ed.2d 912 (2008) ). The Oxford English Dictionary defines “Authorization” as “the action of authorizing a person or thing” or “formal permission or approval.” Authorization , oed.com, http://www.oed.com/view/Entry/13351?redirectedFrom=authorization (last visited Nov. 24, 2015). The term, “to authorize,” in turn, ordinarily means “to give official permission for or formal approval to (an action, undertaking, etc .).” Authorize , oed.com, http://www.oed.com/view/Entry/13352?redirectedFrom=authorize#eid (last visited Nov. 24, 2015). Therefore, based on the ordinary meaning of the word, to act “without authorization” is to act without formal permission or approval. A question still remains, however, as to what precisely is required to show that a defendant web user acted without permission in crawling a retailer's website given that many retailer websites, including qvc.com, are publicly accessible.

CFAA, 18 U.S.C. §§ 1030(a)(5)(B) prohibits “ intentionally access[ing] a protected computer without authorization , and as a result of such conduct, recklessly caus[ing] damage” (emphases added).

CFAA, 18 U.S.C. §§ 1030(a)(5)(C) prohibits “ intentionally access[ing] a protected computer without authorization , and as a result of such conduct, caus[ing] damage and loss”) (emphases added).

CFAA, 18 U.S.C. § 1030(a)(2)(C) prohibits “ intentionally access[ing] a computer without authorization or exceed[ing] authorized access , and thereby obtain[ing]...information from any protected computer” (emphases added).

Guidance as to the meaning of “without authorization” in the context of the CFAA can be found in civil cases that arise in the context of an employer/employee relationship. In those cases, the relevant issue is whether an employee who has permission to access a computer can ever act “without authorization.” This Court is persuaded by the reasoning of those opinions that have concluded that those who have permission to access a computer for any purpose, such as employees, cannot act “without authorization” unless and until their authorization to access the computer is specifically rescinded or revoked. See LVRC Holdings LLC v. Brekka , 581 F.3d 1127, 1133–34 (9th Cir.2009) (“[A] person uses a computer ‘without authorization'...when the person has not received permission to use the computer for any purpose (such as when a hacker accesses someone's computer without any permission), or when the employer has rescinded permission to access someone's computer and the defendant uses the computer anyway.”). This interpretation of “without authorization” aligns with the few CFAA cases that have analyzed whether a web-user acts without “authorization” when it crawls a public website. See EF Cultural Travel BV v. Zefer Corp. , 318 F.3d 58, 62–63 (1st Cir.2003) ; Craigslist Inc. v. 3Taps Inc. et al . , 964 F.Supp.2d 1178 (N.D.Cal.2013) ; Sw. Airlines Co. v. Farechase, Inc. , 318 F.Supp.2d 435, 439 (N.D.Tex.2004). In Southwest Airlines, the Northern District of Texas found that the plaintiff had plausibly alleged the “without authorization” element of its CFAA claim where the complaint contained allegations that the plaintiff “directly informed” the defendant that its web-crawling activity was prohibited via Southwest.com's Use Agreement, which was “accessible from all pages on the website,” as well as via “direct ‘repeated warnings and requests to stop scraping [i.e. , web-crawling].’ ” 318 F.Supp.2d at 439. The district court specifically noted that even if the defendant did not read the Use Agreement, these allegations were sufficient to show that the defendant “knew that Southwest prohibited [the alleged activity].” Id.

Other courts have held that an employee loses authorization to access a computer as soon as he breaches a duty of loyalty to his employer, or even if he accesses a computer for a purpose that is contrary to his employer's interests. See, e.g. , United States v. John , 597 F.3d 263, 271 (5th Cir.2010) ; Int'l Airport Ctrs., LLC v. Citrin , 440 F.3d 418, 420–21 (7th Cir.2006). The Third Circuit has not yet taken a position on whether “without authorization” should be construed in the narrow sense, i.e. , that an employee who has access to a computer cannot act “without authorization” unless it is specifically revoked, or in the broad sense, i.e. , that an employee acts without authorization if he breaches his duty of loyalty or accesses the employer's computer for a purpose that is against the employer's interest.

In EF Cultural, the First Circuit determined that a “lack of authorization may be implicit, rather than explicit” (e.g ., a password protected site implicitly indicates lack of authorization) and went on to identify a number of ways in which a website owner could explicitly limit access to its website in order to provide “fair warning” that certain conduct is prohibited. 318 F.3d at 63. As an example, the court stated that the plaintiff could include an “explicit statement” of what is forbidden such as “a sentence on its home page or in its terms of use stating that ‘no scrapers may be used.’ ” Id. (“If [plaintiff] wants to ban scrapers, let it say so on the webpage or a link clearly marked as containing restrictions.”).

Finally, in Craigslist, the Northern District of California specifically held that a website owner could restrict or revoke access to a particular web user, even if information on the website is generally accessible to the public. 964 F.Supp.2d at 1182–83. In that case, the defendant continued to scrape the plaintiff's website even after the plaintiff sent it cease-and-desist letters and blocked the defendant's IP addresses. Id. In finding that the element of “without authorization” had been met, the court explained: “[Plaintiff] gave the world permission (i.e ., ‘authorization’) to access the public information on its public website. Then...it rescinded that permission for [defendant]. Further access by [defendant] after that rescission was ‘without authorization.’ ” Id.

Here, Resultly (and any other web user) had permission to access information on QVC.com, a publicly available website. The fact that QVC allowed certain entities, such as Google, to crawl its website does not preclude and is not inconsistent with an argument that QVC specifically prohibited participants in its marketing affiliate program from crawling its webpage. The relevant question is not whether Resultly was granted permission to access the information on QVC.com, but whether that authorization was ever rescinded or limited in a way that would put Resultly on notice that it was not authorized to access information it was otherwise entitled to access. QVC does not allege that QVC.com or QVC's Terms of Use provided an explicit prohibition on Resultly's conduct, or that QVC sent Resultly a cease and desist letter. Instead, QVC argues that Resultly had notice that it could not crawl QVC's website because the QVC Publisher Agreement and CJ Publisher Agreement contractually prohibited such action. Opp'n to Resultly at 4. As discussed in connection with QVC's breach of contract claims against VigLink in Section III(A)(2) above, the Amended Complaint does contain factual allegations from which the Court can plausibly infer that the QVC Publisher Agreement prohibits web-crawling and that Resultly was alerted to that prohibition. To reiterate, the Amended Complaint alleges that, as VigLink's sub-publisher, Resultly agreed to VigLink's Terms of Service, which required Resultly to comply with QVC's terms and conditions. The QVC Publisher Agreement, in turn, contained language stating that the only acceptable methods of advertising QVC's products involved using product information that QVC provided via Commission Junction. Interpreted in the light most favorable to QVC, this provision would necessarily imply a prohibition on obtaining information about QVC's products via any alternate means, including web crawling. Although Resultly may not be a party to those agreements, the allegations in the Amended Complaint plausibly allege that, just as a cease-and-desist letter would put a publisher on notice that its actions were prohibited, VigLink's Terms of Service—which required Resultly to comply with QVC's terms and conditions—put Resultly on notice that QVC prohibited web-crawling. Accordingly, the Amended Complaint contains factual allegations from which the Court can plausibly infer that Resultly acted “without authorization” when it crawled QVC's website. Because both Resultly and Beyrak's motions to dismiss Counts Two through Four rely exclusively on failure to allege the “lack of authorization” element, their motions to dismiss those counts are denied.

QVC also argues that the fact that Resultly circumvented QVC's load balancing techniques in order to crawl QVC.com shows that Resultly knew it did not have permission to do so. Id. at 13-14. Because the Court finds that the allegations concerning the QVC Publisher agreement are sufficient to allege that Resultly was put on notice that it was not allowed to crawl QVC.com, the Court need not analyze the viability of QVC's arguments with respect to the load-balancing techniques.

With respect to Count Four, the Resultly Defendants further argue that Count Four as well as Count Five should be dismissed because QVC has failed to allege that Defendants “exceeded Authorized Access” by crawling QVC's server. However, because Section 1030(a)(2)(A) provides for liability if the defendant acted either “without authorization” or “exceeding authorized access” and the Court finds that QVC has adequately alleged that Resultly lacked authorization to crawl QVC's webpage, there is no need to address the “exceeding authorized access” argument at this stage of the proceedings.

3. Count Five (“Intent to Defraud”)

Resultly argues that Count Five, which alleges a violation of CFAA Section 1030(a)(4), separately fails because QVC has not alleged that Resultly acted with intent to defraud. A claim under Section 1030(a)(4) has four elements: “(1) defendant has accessed a ‘protected computer’; (2) has done so without authorization or by exceeding such authorization as was granted; (3) has done so ‘knowingly’ and ‘with intent to defraud’; and (4) as a result has ‘further[ed] the intended fraud and obtain [ed] anything of value.” P.C. Yonkers , 428 F.3d at 508. The Amended Complaint does not contain an allegation that Resultly crawled QVC's website with an intent to defraud QVC. Instead, QVC argues only that by crawling QVC's server in violation of the Publisher Agreements and by disguising its robot to appear to reflect the activity of individual users, Resultly engaged in “wrongdoing” to obtain something of value, which QVC argues is sufficient to allege a claim under Section 1030(a)(4). Opp'n to Resultly Mot. at 17-18 (quoting Sprint Nextel Corp. v. Simple Cell, Inc., No. 13–617, 2013 WL 3776933, at *6 (D.Md. July 17, 2013) ); see also Hanger Prosthetics & Orthotics, Inc. v. Capstone Orthopedic, Inc. , 556 F.Supp.2d 1122, 1131 (E.D.Cal.2008). These cases—Sprint Nextel and Hanger —did not, however, read “intent to defraud” out of the statute as QVC suggests here. Rather, the issue in Sprint and Hanger was whether a plaintiff alleging a violation of Section 1030(a)(4) must plead fraud with particularity as required by Federal Rule of Civil Procedure 9(b). In both those cases, the plaintiff had alleged that the defendant acted with “intent to defraud,” but, according to the defendant, had not alleged specific facts that would satisfy Rule 9(b). In ruling that Rule 9(b) did not apply, the Sprint court specifically noted that its decision “should not be read to definitively establish a broad, general ‘wrongdoing’ standard for liability under § 1030(a)(4).” Id. at *6 n. 4. Here, the Court need not decide whether “intent to defraud” must be pled with particularity under Rule 9(b) because QVC fails to allege any “intent to defraud” whatsoever. Accordingly, the Court grants Defendants' motions to dismiss Count Five.

In Count 5, QVC alleges violations of CFAA, 18 U.S.C. § 1030(a)(4) which prohibits “ knowingly and with intent to defraud , access [ing] a protected computer without authorization , or exceed[ing] authorized access , and by means of such conduct further[ing] the intended fraud and obtain[ing] anything of value ...more than $5,000 in any 1-year period” (emphases added).

--------

D. Count Six (Negligence)—Resultly, Beyrak, Viglink

Turning finally to QVC's state law claims: to state a claim for negligence against Resultly, Beyrak, and VigLink under Pennsylvania law, QVC must plausibly allege, as a threshold matter, that each of the Defendants owed it a duty of care. See Althaus v. Cohen , 562 Pa. 547, 756 A.2d 1166, 1168 (2000). In negligence cases, a duty consists of one party's obligation to conform to a particular standard of care for the protection of another. Id. (citation omitted). This concept is rooted in public policy. Id. (citation omitted). In Althaus, the Pennsylvania Supreme Court adopted a five-factor test to determine the existence of a duty, specifically: (1) the relationship between the parties; (2) the social utility of the defendant's conduct; (3) the nature and foreseeability of the risk in question; (4) the consequences of imposing the duty; and (5) the overall public interest in the proposed solution. Id. (citing Althaus , 756 A.2d at 1168–69 ).

Regarding the first factor, i.e ., the relationship between the parties, QVC argues that Resultly owed it a duty because it “intentionally targeted QVC to be crawled by its robot.” Opp'n to Resultly Mot. at 20. Because QVC has cited no case law or other authority indicating that publishers like Resultly generally owe a duty of care to the companies whose websites they crawl, this factor does not support finding a duty. Turning to the second factor, i.e. , the social utility of the actor's conduct, QVC contends that “crawling the QVC website in violation of the Publisher Agreements” serves no social utility. Id. However, the Amended Complaint alleges that Resultly crawled QVC's website in order to participate, albeit indirectly, in QVC's marketing affiliate program, which has the social utility of directing web-users to products they seek on QVC's website. As for the third factor—the nature and foreseeability of the risk in question—QVC argues that “the risk that a robot web crawler would overload a website was significant and foreseeable.” Id. Taking the allegations in the Amended Complaint as true, this factor could favor finding a duty. However, the fourth and fifth factors, i.e. , the consequences of imposing a duty upon the defendant and the overall public interest in the proposed solution, both counsel against finding a duty. Imposing a duty on publishers not to crawl websites by robot would threaten the public's interest in the robust development of the Internet. Publishers' ability to use their functionality to provide web users with access to information may be thwarted for fear that accessing websites that have failed to specify whether and at what rate web-crawling is allowed will expose them to liability. Weighed against the relatively low burden on a website owner to specify a crawl-rate or publicly ban the use of web-crawlers, these final two factors do not favor imposing a duty. As the First Circuit noted in EF Cultural : “If [a website owner] wants to ban scrapers, let it say so on the webpage or a link clearly marked as containing restrictions.” 318 F.3d at 63.

For the reasons described above, QVC has failed to state a claim for negligence under Pennsylvania law against Resultly. Moreover, because QVC has not advanced any additional arguments that would impose a duty on Beyrak, QVC's claim for negligence also fails with respect to him. Finally, because QVC's claim for negligence against VigLink is premised on Resultly's liability, QVC's claim against VigLink is also dismissed.

E. Count Seven (Tortious Interference with Prospective Economic Advantage)—Resultly, Beyrak, Viglink

In Count Seven, QVC alleges a claim for tortious interference with prospective contractual relations. Am. Compl. ¶¶ 107-14. To establish the existence of a prospective contract, QVC must identify a specific prospective contract that is “something less than a contractual right, something more than a mere hope.” Phillips v. Selig , 959 A.2d 420, 428 (Pa.Super.Ct.2008) (quoting Thompson Coal Co. v. Pike Coal Co. , 488 Pa. 198, 412 A.2d 466, 471 (1979) ). Although QVC asserts that it has pled that it had “a reasonable expectation of prospective contractual relationships with the customers who visit QVC's website and purchase products,” it has not identified a single past, present or prospective customer with whom it had a prospective contract that was undermined by Resultly's actions. Resultly Mot. at 11. Accordingly, this claim cannot survive. See Winer v. Senior Living Guide, Inc. , No. 12–934, 2013 WL 1217582 (W.D.Pa. Jan. 17, 2013) (dismissing tortious interference with prospective contract claim that defendant interfered with “the online potential customers, including repeat customers, looking to purchase products from Plaintiff” for failure to identify any specific prospective contract).

F. Counts Eight and Nine (Conversion and Trespass to Chattels)—Resultly, Beyrak, Viglink

In Count Eight, QVC alleges that Defendants are liable for conversion because Resultly “deprived QVC of the ability to access and use its website to service and provide products to QVC's customers when Resultly transmitted its Program and overloaded QVC's website and network.” Am. Compl. ¶ 121. In Count Nine, QVC alleges a claim for trespass to chattels alleging similar facts. Id. ¶ 130. In their motions to dismiss, Defendants argue that QVC has failed to allege any of the elements of either of these claims. See Resultly Mot. at 12-13.

The elements of trespass to chattels and conversion—both intentional torts—are essentially the same. “The difference is that conversion entails a more serious deprivation of the owner's rights such that an award of the full value of the property is appropriate.” Creative Dimensions in Mgmt., Inc. v. Thomas Grp., Inc ., No. 96–6318, 1999 WL 225887, at *3 (E.D.Pa. Apr. 16, 1999) (citing Restatement (Second) of Torts § 217 (trespass to chattels requires intentional dispossession or use or intermeddling with a chattel of another)); § 222 (the actor is subject to liability for conversion where the dispossession “seriously interferes with the right of the other”)). Conversion is defined under Pennsylvania law as “the deprivation of another's right of property in, or use or possession of, a chattel, without the owner's consent and without lawful justification.” Premier Payments Online, Inc. v. Payment Sys. Worldwide , 848 F.Supp.2d 513, 529 (E.D.Pa.2012) (quoting Francis J. Bernhardt, III, P.C. v. Needleman , 705 A.2d 875, 879 (Pa.Super.Ct.1997) ). Although Pennsylvania law does not require specific intent to commit a wrong, “the exercise of control of the chattel must be intentional.” L.B. Foster Co. v. Charles Caracciolo Steel & Metal Yard, Inc. , 777 A.2d 1090, 1095 (Pa.Super.2001) ; see also Montgomery v. Fed. Ins. Co. , 836 F.Supp. 292, 300 (E.D.Pa.1993) (conversion requires facts that showing “intent to assert dominion or control over the chattel that is inconsistent with the owner's right”). The tort of trespass to chattels is governed by the Restatement (Second) of Torts § 217, which provides: “A trespass to a chattel may be committed by intentionally: (a) dispossessing another of the chattel, or (b) using or intermeddling with a chattel in the possession of another.” Pestco, Inc. v. Associated Prods., Inc. , 880 A.2d 700, 708 (Pa.Super.2005).

Putting aside whether a website can be construed as a “chattel” under Pennsylvania law, an interesting question but one which no Pennsylvania court has yet to shine a light on, both the conversion and trespass to chattels claims fail because the Amended Complaint does not allege facts from which the court can infer that any of the Defendants intended to exercise control of QVC's servers. There is no allegation, for example, that Resultly refused to stop using its web-crawler once QVC asked it to do so. Consequently, QVC's conversion and trespass to chattels claims are not cognizable under Pennsylvania law and the motions to dismiss will be granted with respect to those claims.

IV. CONCLUSION

For the reasons set forth above, the Defendants' motions to dismiss are granted in part and denied in part. An order follows.


Summaries of

QVC, Inc. v. Resultly, LLC

United States District Court, E.D. Pennsylvania.
Feb 10, 2016
159 F. Supp. 3d 576 (E.D. Pa. 2016)

observing that the question of whether a website can be construed as a "chattel" under Pennsylvania law is "one which no Pennsylvania court has yet to shine a light on"

Summary of this case from Exeter Twp. v. Gardecki

noting that while "[t]he elements of trespass to chattels and conversion—both intentional torts—are essentially the same . . . '[t]he difference is that conversion entails a more serious deprivation of the owner's rights such that an award of the full value of the property is appropriate.'"

Summary of this case from Hyman v. Capital One Auto Fin.

noting that while "[t]he elements of trespass to chattels and conversion—both intentional torts—are essentially the same ... ‘[t]he difference is that conversion entails a more serious deprivation of the owner's rights such that an award of the full value of the property is appropriate.’ "

Summary of this case from Hyman v. Capital One Auto Fin.

noting that, in determining whether the defendant acted "without authorization," the "relevant question is not whether [the defendant] was granted permission to access the information on [website], but whether that authorization was ever rescinded or limited in a way that would put [the defendant] on notice that it was not authorized to access information it was otherwise entitled to access."

Summary of this case from Couponcabin LLC v. Savings.Com, Inc.

In QVC, Inc. v. Resultly, LLC, 159 F. Supp. 3d 576 (E.D. Pa. 2016), for example, Judge Beetlestone recently concluded that employees who have permission to access a computer for any purpose cannot act "without authorization" unless and until their authorization to access the computer is specifically rescinded or revoked.

Summary of this case from United Statesg Ins. Servs., Inc. v. Bacon
Case details for

QVC, Inc. v. Resultly, LLC

Case Details

Full title:QVC, Inc., Plaintiff, v. Resultly, LLC, et al., Defendants.

Court:United States District Court, E.D. Pennsylvania.

Date published: Feb 10, 2016

Citations

159 F. Supp. 3d 576 (E.D. Pa. 2016)

Citing Cases

United Statesg Ins. Servs., Inc. v. Bacon

The CFAA defines neither term, and the Third Circuit has not addressed the meaning of these terms in the…

Tactical Pers. Leasing, Inc. v. Hajduk

In other words, what one intends to do with information taken from a computer is irrelevant if the individual…