Cloudpath Networks, Inc. v. SecureW2 B.V.

• Decision Date: 13 January 2016
• Docket Number: Civil Action No. 15-cv-0485-WJM-KLM
• Citation: 157 F.Supp.3d 961
• Court: U.S. District Court — District of Colorado
• Parties: Cloudpath Networks, Inc., a Colorado corporation, Plaintiff, v. SecureW2 B.V., a Dutch corporation, SecureW2, Inc., a Washington corporation, Jeffrey Grimm, Roger “Lynn” Haney, Bharat Ram “Bert” Kashyap, and Basz Universal, LLC, a Washington limited liability company, Defendants.

157 F.Supp.3d 961

Cloudpath Networks, Inc., a Colorado corporation, Plaintiff,

v.SecureW2 B.V., a Dutch corporation, SecureW2, Inc., a Washington corporation, Jeffrey Grimm, Roger “Lynn” Haney, Bharat Ram “Bert” Kashyap, and Basz Universal, LLC, a Washington limited liability company, Defendants.

Civil Action No. 15-cv-0485-WJM-KLM

United States District Court, D. Colorado.

Signed January 13, 2016

Blair Elizabeth Kanis, Chad Takashi Nitta, Kutak Rock, LLP, R. Livingston Keithley, Shannon Marie Bell, William James Kelly, III, Kelly & Walker, LLC, Denver, CO, for Plaintiff.

Chuan Cheng, Holland & Hart, LLP, K.C. Groves, James Robert Silvestro, Ireland Stapleton Pryor & Pascoe, P.C., Denver, CO, Christopher Hulbert Toll, Holland & Hart, LLP, Greenwood Village, CO, for Defendants.

ORDER DENYING SECUREW2 B.V.'S RULE 12(b)(2) MOTION TO DISMISS AMENDED COMPLAINT, AND GRANTING IN PART AND DENYING IN PART ALL DEFENDANTS' RULE 12(b)(6) MOTION TO DISMISS AMENDED COMPLAINT

William J. Martínez, United States District Judge

Plaintiff Cloudpath Networks, Inc. (“Cloudpath”) sues various parties (collectively, “Defendants”) for numerous causes of action related to alleged theft and misuse of Cloudpath's trade secrets. (See ECF No. 37 (First Amended Complaint) (“FAC”).) Currently before the Court is Defendant SecureW2 B.V.'s Motion to Dismiss Amended Complaint, arguing that this Court lacks personal jurisdiction over it (“Rule 12(b)(2) Motion”). (ECF No. 58.) Also before the Court is the remaining Defendants' Motion to Dismiss Amended Complaint, arguing that Cloudpath has failed to state a claim against them (“Rule 12(b)(6) Motion”). (ECF No. 40.) SecureW2 B.V. joins this motion to the extent its Rule 12(b)(2) Motion fails. (ECF No. 58 at 15.)¹

For the reasons explained below, the Court denies SecureW2 B.V.'s Rule 12(b)(2) Motion, finding that factual questions preclude a personal jurisdiction determination at this stage. The Court grants in part and denies in part the Rule 12(b)(6) Motion, dismissing with prejudice Cloudpath's claims under the Electronic Communications Privacy Act and Stored Communications Act, and dismissing with prejudice in part Cloudpath's claims under the Computer Fraud and Abuse Act.

I. FACTS

Unless otherwise noted, the Court assumes the following allegations to be true for present purposes.

Cloudpath is a Colorado company that develops software permitting “users with mobile computing devices to connect seamlessly to secure networks via Wi-Fi or wired connections.” (ECF No. 37 ¶¶ 6, 21–22.) In essence, Cloudpath is in the business of assisting organizations to enable secure network access on devices brought from outside the organization (such as an employee's smartphone or a student's laptop).

Beginning in October 2008, Defendant Kashyap and/or his wholly owned LLC, Defendant Basz Universal (collectively, “Kashyap”), became an independent sales representative for Cloudpath (i.e. , a non-employee sales agent). (Id. ¶ 36.) In exchange for contractual agreements to maintain the confidential and proprietary nature of Cloudpath's trade secrets and to work exclusively on Cloudpath's behalf when it comes to selling and marketing software of the kind Cloudpath creates, Cloudpath granted Kashyap access to its trade secrets, including through login credentials to Cloudpath's secure servers. (Id. ¶¶ 37–40, 54.)

Kashyap was also an independent sales representative for SecureW2 B.V. (“SecureW2”), a Dutch company that did not, at that time, have a competing product. (Id. ¶¶ 7, 51–52.) SecureW2 was, rather, “a co-marketing and co-sales partner” with Cloudpath, and had executed a non-disclosure agreement, agreeing to protect Cloudpath's confidential information. (Id. ¶ 49.)

As discussed further in Part II.B.1, below, the parties dispute the scope of this non-disclosure agreement. In any event, as early as January 2012, Kashyap and SecureW2 allegedly began conspiring to steal Cloudpath's trade secrets and thereby develop a competing product. (Id. ¶¶ 53, 56.) SecureW2 indeed launched a competing product in June 2012. (Id. ¶ 61.) Kashyap then notified Cloudpath that he was no longer associated with SecureW2, but he surreptitiously continued the conspiracy, including through allowing SecureW2 to use his Cloudpath login credentials to access Cloudpath's proprietary information.

(Id. ¶¶ 54–63.) Kashyap also began promoting SecureW2's product when approached by potential customers interested in Cloudpath's product. (Id. ¶¶ 64–66.)

Kashyap ended his relationship with Cloudpath in March 2013. (Id. ¶ 67.) Just before his departure, he tried to erase his Cloudpath e-mail account, although he was only partially successful. (Id. ) In May 2014, Kashyap caused the incorporation of Defendant SecureW2, Inc. (“SecureW2-USA”), a Washington corporation and a wholly-owned subsidiary of SecureW2. (Id. ¶¶ 3, 50, 71.)

Also in 2014, Kashyap and the SecureW2 entities managed to convince two Cloudpath employees, Defendants Grimm and Haney, to assist SecureW2 in its efforts to compete with Cloudpath. (Id. ¶ 73.) In September 2014 or thereabouts, Grimm began preparing to leave Cloudpath for SecureW2-USA. (Id. ¶ 75.) As part of his preparations, he downloaded substantial amounts of proprietary information and software code, deleted and corrupted sales leads and customer information, and deleted his Cloudpath e-mail account. (Id. ¶¶ 77–78, 80–81.) He resigned abruptly on January 5, 2015, explaining that “he was starting employment at an oil and gas software company” the next day. (Id. ¶ 82.) Instead, he began working for SecureW2-USA the next day (January 6), but continued to use his Cloudpath login credentials to access Cloudpath proprietary information on January 6 and 7. (Id. ¶¶ 84–86.)

Haney was pursuing a similar course at this time. According to the FAC, he intentionally sabotaged Cloudpath's software bug reporting system and “launched a software program within the Cloudpath computer system for the express purpose of creating an unauthorized rogue wireless network that would allow surreptitious and unauthorized access.” (Id. ¶¶ 87–91.) He also gathered “all of Cloudpath's customer account information” from which he could “generate contact lists.” (Id. ¶ 92.) Like Grimm, Haney resigned on January 5, 2015, and then went to work for SecureW2-USA. (Id. ¶¶ 87, 97.)

Cloudpath has lost at least twenty-six customers to SecureW2 or its affiliates on account of Defendants' conduct. (Id. ¶ 161.) It has also incurred expenses “to investigate the activities of Grimm and Haney prior to their resignation [s], and to analyze their computer systems revealing the activities [described] above.” (Id. ¶ 101.)

II. RULE 12(b)(2) ANALYSIS

A. Legal Standard

The purpose of a motion to dismiss pursuant to Federal Rule of Civil Procedure 12(b)(2) is to test whether the Court has personal jurisdiction over the named parties. The Tenth Circuit has established a two-part test for personal jurisdiction: “First, we ask whether any applicable statute authorizes service of process on defendants. Second, we examine whether the exercise of statutory jurisdiction comports with constitutional due process demands.” Dudnikov v. Chalk & Vermilion Fine Arts, Inc. , 514 F.3d 1063, 1070 (10th Cir.2008). “In a federal question case...[where] the federal statute at issue does not authorize nationwide service, personal jurisdiction is determined according to the law of the forum state.” Impact Prods., Inc. v. Impact Prods., LLC , 341 F.Supp.2d 1186, 1189 (D.Colo.2004).

Colorado's long-arm statute “confers the maximum jurisdiction permissible consistent with the Due Process Clause.” Archangel Diamond Corp. v. Lukoil , 123 P.3d 1187, 1193 (Colo.2005) (citing Colo. Rev. Stat. § 13-1-124 ). Thus, the Court need only address the constitutional question of whether the exercise of personal jurisdiction over the relevant defendant comports with due process. Dudnikov , 514 F.3d at 1070 (noting that the inquiry into whether any statute authorizes service of process “effectively collapses into the second, constitutional, analysis” in Colorado).

The plaintiff bears the burden of establishing personal jurisdiction over a defendant. Behagen v. Amateur Basketball Ass'n , 744 F.2d 731, 733 (10th Cir.1984). When the district court does not hold an evidentiary hearing before ruling on jurisdiction, “the plaintiff need only make a prima facie showing” of personal jurisdiction to defeat a motion to dismiss. Id. A prima facie showing is made where the plaintiff has demonstrated facts that, if true, would support jurisdiction over the defendant. OMI Holdings, Inc. v. Royal Ins. Co. of Can. , 149 F.3d 1086, 1091 (10th Cir.1998). To defeat the plaintiff's prima facie case, a defendant “must present a compelling case demonstrating that the presence of some other considerations would render jurisdiction unreasonable.” Id. (internal quotation marks omitted).

The Court will accept the well-pleaded allegations (namely, the plausible, nonconclusory, and nonspeculative facts) of the complaint as true to determine whether the plaintiff has made a prima facie showing that personal jurisdiction exists. Dudnikov , 514 F.3d at 1070. Any factual conflicts must be resolved in the plaintiff's favor. Wenz v. Memery Crystal , 55 F.3d 1503, 1505 (10th Cir.1995).

B. Personal Jurisdiction Analysis²

As noted, SecureW2 is a Dutch company. (ECF No. 37 ¶ 2.) Cloudpath's primary argument for personal jurisdiction over SecureW2 is that it contractually agreed to personal jurisdiction in Colorado. (ECF No. 64 at 3–7.) “[A] valid consent or a stipulation that the court has jurisdiction prevents the successful assertion of a Rule 12(b)(2) defense.” 5B Charles Alan Wright et al., Federal Practice & Procedure § 1351 (3d ed., Apr. 2015 update) (“Wright & Miller ”). The Court will therefore analyze the two contracts through which SecureW2 allegedly consented to personal jurisdiction in Colorado.

1. The MNDA

Cloudpath argues that SecureW2 “expressly submitted” ...