Giles Constr., LLC v. Tooele Inventory Solution, Inc.
Decision Date | 02 June 2015 |
Docket Number | Case No. 2:12-cv-37 |
Court | U.S. District Court — District of Utah |
Parties | GILES CONSTRUCTION, LLC, Plaintiff, v. TOOELE INVENTORY SOLUTION, INC., et al. Defendants. |
This case is about the alleged misuse of proprietary information. Plaintiff Giles Construction, LLC alleges that Defendants Tooele Inventory Solution, Inc., Roger Earl, Karla Domire, Brian Domire, Russell Stapleton, and ATI Titanium, Inc. improperly disclosed and used its trade secrets related to barrel processing and pricing. Giles Construction alleges that Defendants violated the Computer Fraud and Abuse Act (CFAA), the Lanham Act, and the Utah Uniform Trade Secret Act (UTSA). Further, Giles Construction alleges interference with contractual relations, unjust enrichment, and conversion. Before the court are Defendants' motions for summary judgment. For the reasons stated below, the court grants the motions and concludes that Giles Construction's claims fail as a matter of law.
ATI is a large company with operations throughout the world, including in Rowley, Utah. ATI manufactures and sells titanium. The company uses barrels to ship its product. Russell Stapleton is the purchasing manager at ATI's Rowley facility; Karla Domire is his assistant. For several months in 2011, Giles Construction supplied, refurbished, and shipped barrels for ATI. Ms. Domire's husband, Brian Domire, provided trucking and delivery services for Giles Construction. Tooele Inventory is a Utah company that currently provides barrel processing services to ATI. ATI hired Tooele Inventory after it submitted a lower bid than Giles Construction. Roger Earl is the owner of Tooele Inventory.
ATI began operations in its Rowley facility in 2007. Initially, the company's employees stored, cleaned, repainted, palletized, and shipped its barrels. In early 2011, Mr. Stapleton sought a vendor to take over the barrel processing. ATI eventually hired Giles Construction to provide barrel processing services, which required Giles Construction to obtain, clean, paint, stencil, palletize, shrink wrap, store, and deliver barrels to ATI's Rowley facility. ATI provided a sample barrel, along with the specifications for barrel dimensions. Giles Construction began using a company named Industrial Container Services as its barrel supplier. Industrial Container Services maintains a website that a Giles Construction employee found in a fifteen-minute internet search.
Giles Construction and Industrial Container Services had an open account, but not a binding contract. Similarly, there was no contractual agreement that required ATI to exclusively use Giles Construction for barrel processing. Rather, the companies had an open agreement that Giles Construction would fulfill any purchase orders ATI sent.
In Fall 2011, ATI began searching for a less expensive barrel processing service. ATI sought a vendor from which it could directly purchase barrels, as well as a separate vendor that could provide barrel processing. At the direction of Mr. Stapleton, Ms. Domire searched for both barrel suppliers and barrel processors. During Ms. Domire's inquiries, she was referred multiple times to Industrial Container Services. Ms. Domire also spoke with Mr. Domire's friend, Mr. Earl, regarding barrel processing. At the conclusion of Ms. Domire's search, only Giles Construction and Mr. Earl were interested in submitting bids to provide barrel processing. The parties provided price quotes to ATI. Mr. Earl's recently formed company, Tooele Inventory, provided a bid that was thirty percent lower than Giles Construction's bid. Based on the lower price, ATI hired Tooele Inventory.
Giles Construction sued three months after losing the bid, alleging that Mr. Stapleton, Ms. Domire, and Mr. Domire revealed trade secrets to Mr. Earl, which made it possible for Mr. Earl to anticipate Giles Construction's bid and submit a lower one.
Summary judgment is appropriate when "there is no genuine dispute as to any material fact and the movant is entitled to judgment as a matter of law."1 The court "view[s] the evidence and make[s] all reasonable inferences in the light most favorable to the nonmoving party."2 Importantly, "[o]nly disputes over facts that might affect the outcome of the suit under the governing law will properly preclude the entry of summary judgment."3
Giles Construction contends that each defendant violated Section 1030 of the CFAA by accessing and misusing proprietary information. The CFAA prohibits parties from accessing a computer without authorization or from exceeding authorized access.4 Giles Construction alleges that Mr. Stapleton and Ms. Domire exceeded authorized accessed by obtaining Giles Construction's proprietary information on ATI computers and then divulging that information to competitors in violation of ATI's corporate guidelines.
At the outset, it appears that at least some of the defendants did nothing to implicate the statute. There is no evidence that Mr. Domire, Mr. Earl, or Tooele Inventory accessed any information. Rather, Giles Construction alleges only that those parties received information from Mr. Stapleton and Ms. Domire. Because Mr. Domire, Mr. Earl, or Tooele Inventory did not access information, the statute does not apply to their conduct.
Next, the court must determine the meaning of unauthorized access under the statute. The CFAA prohibits individuals from "access[ing] a protected computer without authorization, or exceed[ing] authorized access." It is undisputed that Mr. Stapleton and Ms. Domire had authorization to access the information at issue. In fact, they accessed the information on their company's computers. The question presented by the parties is whether Mr. Stapleton's and Ms. Domire's alleged subsequent misuse of the information amounts to exceeding authorized accessed. There is a division among federal courts regarding this question and the Tenth Circuit has not squarely addressed it. The court provides an overview before reaching its own conclusion.
Federal courts are divided on the meaning of "exceeds authorized access." Some courts, including the Fourth and Ninth Circuits, have confined the clause to mean the procurement ofinformation from a computer, not the subsequent use of that information.5 In other words, "an employee given access to a work computer is authorized to access that computer regardless of his or her intent to misuse information and any policies that regulate the use of information."6 It appears that a majority of courts weighing in on the issue have adopted this narrow construction. And the trend among courts appears to be in this direction over time. Other courts, including the First, Seventh, and Eleventh Circuits, have given the statute a broad construction.7 Under the broad construction, "if an employee has access to information on a work computer to perform his or her job, the employee may exceed his or her access [by] misusing the information on thecomputer, either by severing the agency relationship through disloyal activity, or by violating employer policies and/or confidentiality agreements."8
After considering the relevant case law, the court concludes that the narrow construction is appropriate: an individual does not exceed authorized access by misusing information she had authority to access in the first place. The CFAA's plain language compels this conclusion. The statute defines "exceeds authorized access" as "to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter."9 This definition "speaks to access, not use."10 It does not encompass misappropriation or misuse of information obtained through permitted access.
Additionally, the statute as a whole supports a narrow construction.11 The statute defines "damage" as "any impairment to the integrity or availability of data, a program, a system, or information."12 "Loss" means "a reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service."13 These definitions confirm that the CFAA seeks to prevent hacking, "which compromises the integrity and availability of data and may cause an interruption of computer service."14 The statute does not provide damages for the subsequent misuse of information. In view of the unambiguous language of the statute, the court is hesitant to extend remedies under federal law when ample state law remedies exist for the complained-of conduct. Absent clear congressional guidance, the court is reticent toenlarge its traditionally limited jurisdiction by extending the CFAA's reach and thus providing a broader cause of action.
The court need not go beyond the statute's plain text. But even if the text were ambiguous, the rule of lenity would compel a narrow construction.15 The CFAA is primarily a criminal statute, though it provides a private right of action in civil cases for the same conduct.16 The rule of lenity dictates that an ambiguous criminal statute should "be interpreted in favor of the defendants subjected to them."17 Put simply, Congress must speak clearly if it intends to create a federal crime.18 In the CFAA, Congress has not clearly criminalized the misuse of lawfully obtained computer information. And if that conduct is not criminal under the statute, the conduct cannot provide a basis for a civil cause of action.
Here, it is undisputed that Mr. Stapleton and Ms. Domire had authorization to access the information at issue. Indeed, Mr. Stapleton and Ms. Domire accessed the information on their company's computers. Giles...
To continue reading
Request your trial