In re Dealer Mgmt. Sys. Antitrust Litig., Case No. 18-cv-864
| Decision Date | 03 September 2019 |
| Docket Number | Case No. 18-cv-864 |
| Parties | IN RE DEALER MANAGEMENT SYSTEMS ANTITRUST LITIGATION, MDL 2817 This document relates to: THE DEALERSHIP CLASS ACTION |
| Court | U.S. District Court — Northern District of Illinois |
MEMORANDUM OPINION AND ORDER
Before the Court is the motion to dismiss the counterclaims of Defendant/Counter-Plaintiff CDK Global, LLC ("Counter-Plaintiff" or "CDK") [593] filed by Plaintiffs/Counter-Defendants ACA Motors, Inc.; Continental Classic Motors, Inc.; 5800 Countryside, LLC; HDA Motors, Inc.; H & H Continental Motors, Inc.; Continental Autos, Inc.; Naperville Zoom Cars, Inc.; NV Autos, Inc.; Baystate Ford Inc.; Cliff Harris Ford, LLC; Marshall Chrysler Jeep Dodge, L.L.C.; Warrensburg Chrysler Dodge Jeep, L.L.C.; Cherry Hill Jaguar; JCF Autos LLC; Jericho Turnpike Sales LLC; Patchogue 112 Motors LLC; and Waconia Dodge, Inc. (collectively, "Counter-Defendants"). For the reasons set forth below, the motion to dismiss [593] CDK's counterclaims is granted in part and denied in part. CDK is given until September 30, 2019 to file amended counterclaims consistent with this opinion.
Given that this case already has been extensively litigated before multiple courts, the Court assumes some familiarity with the background of this case and thus will limit its recitation of the facts essential to the motion now before it. CDK brings counterclaims against the Counter-Defendants under the Computer Fraud and Abuse Act, the Digital Millennium Copyright Act, and for breach of contract. The counterclaims focus on Counter-Defendants' purported unauthorized access—along with data integrator Authenticom, Inc.—of CDK's enterprise software and computing platform for automotive dealerships and dealership groups known as its Dealer Management System or, more commonly, its DMS.
The automotive data system that CDK supports is massive—with tens of thousands of installations of approved vendor applications and millions of transactions every day—supporting hundreds of billions of dollars in commerce each year. [522 (Counterclaims), at ¶ 5.] CDK has made tremendous investments to build out and support its network of product and service offerings. [Id.] Over the last four years alone, CDK has spent more than $480 million researching, developing, and deploying new and enhanced product solutions for its customers. [Id.] CDK's DMS includes (and is largely comprised of) valuable pieces of intellectual property, including patented technologies, proprietary software elements and programs that it has created (including software programs protected by the copyright laws), and proprietary data collections, which are accessible through the DMS. [Id. at ¶ 32.] Dealers that purchase DMS services from CDK are granted a personal, non-transferable license to use CDK's DMS in accordance with the terms and conditions of their agreements. [Id.]
CDK's DMS offering consists of software and hardware components residing at both the dealership and at CDK's data centers ("CDK's network"). [Id. at ¶ 33.] CDK uses state-of-the-art technology to secure the connections between the dealerships and CDK's network, including through specialized hardware at each dealership site. [Id.] That hardware creates a "virtual private network" or "Leased-Line Multiprotocol Label Switching network" between the dealership and CDK's network, which accepts direct communications only from computers on the corresponding dealership's network. [Id.]
CDK's DMS is password protected. [Id. at ¶ 37.] To access the DMS, each dealership employee must use his or her individual login credentials. [Id.] CDK has implemented security features in addition to password protection. [Id. at ¶ 40.] In early 2016, CDK created a login prompt requiring users to certify that they were an "authorized dealer employee" before they could access CDK's DMS. [Id.] Further, in November 2017, CDK began introducing a CAPTCHA2 control for particular login credentials that it suspected were being used to facilitate unauthorized access to its DMS by third parties. [Id. at ¶ 41.] Humans can easily pass CAPTCHA tests, but automated scripts—like those used by Authenticom and other third-party data extractors—often encounter difficulty. [Id.] The CAPTCHA controls are specifically designed to prevent access to computers through automated means. [Id.]
CDK has entered into a Master Service Agreement ("MSA") with each Counter-Defendant (collectively, the "MSAs"). [Id. at ¶ 43.] The MSAs expressly prohibit Counter-Defendants from supplying DMS login credentials to third parties or otherwise granting third parties access to CDK's DMS. [Id.] Specifically, Section 6(D) of the MSAs provides that the "Client shall not allow access to [CDK's DMS] by any third parties except as otherwise permitted by this agreement." [Id. at ¶ 44.] In addition, each Counter-Defendant expressly agrees that it will only use CDK's software "for its own internal business purposes and will not sell or otherwise provide, directly or indirectly, any of the Services or Software, or any portion thereof, to any third party" and that it will "treat as confidential and will not disclose or otherwise make available any of the [CDK's] Products (including, without limitation, screen displays or user documentation) or any * * * proprietary data, information, or documentation related thereto * * * in any form, to any person other than employees and agents of [the dealer.]" [Id. at ¶ 45.] Each dealer acknowledges that—notwithstanding its license to use CDK's DMS—the DMS remains at all times "the exclusive and confidential property of [CDK]." [Id.] Additionally, the MSAs independently prohibit "ANY THIRD PARTY SOFTWARE TO ACCESS [CDK'S] DEALER MANAGEMENT SYSTEM EXCEPT AS OTHERWISE PERMITTED BY THIS AGREEMENT." [Id. at ¶ 46.]
CDK contends that third party hostile data extractors like Authenticom are not "agents" of the Counter-Defendants. [Id. at ¶ 49.] Authenticom's own contract with dealers makes clear that Authenticom is not the dealer's "agent," and in fact refers to "agents" of the dealer repeatedly as third parties to the agreement. [Id.] Similarly, the standard End-User License Agreement ("EULA") offered by Superior Integrated Solutions ("SIS"), another third party data extractor, states that "[t]he parties shall be independent contractors under this Agreement, and nothing herein will constitute either party as the employer, employee, agent or representative of the other party, or both parties as joint ventures or partners for any purpose." [Id.]
CDK submits that Counter-Defendants have repeatedly breached their contracts with CDK by handing out their DMS login credentials (directly or through their software vendors) to third party data extractors for the express purpose of enabling those third parties to use those credentials to repeatedly and relentlessly access CDK's DMS using sophisticated computer software that extracts (or scrapes) large volumes of data from the system. [Id. at ¶ 2.] Many of these data extractors—including Authenticom—then resell that data to other third-party application providers, paying nothing to CDK. [Id.] According to CDK, this unauthorized access not only threatens the security of the data in CDK's DMS, but also threatens the integrity of that data because ungoverned extraction and insertion of data into the DMS may corrupt the DMS databases. [Id.] Moreover, the thousands of unauthorized extractions and the high volume of data in many of those extractions degrade the performance of the DMS, impairing its value for all of CDK's DMS customers. [Id.]
CDK brings counterclaims against Counter-Defendants based on this alleged unauthorized access. Before the Court is Counter-Defendants' motion to dismiss the breach of contract, Computer Fraud and Abase Act, and Digital Millennium Copyright Act counterclaims brought against them.
To survive a Federal Rule of Civil Procedure ("Rule") 12(b)(6) motion to dismiss for failure to state a claim upon which relief can be granted, the complaint first must comply with Rule 8(a) by providing "a short and plain statement of the claim showing that the pleader is entitled to relief," Fed. R. Civ. P. 8(a)(2), such that the defendant is given "fair notice of what the * * * claim is and the grounds upon which it rests." Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555 (2007) (quoting Conley v. Gibson, 355 U.S. 41, 47 (1957)) (alteration in original). Second, the factual allegations in the complaint must be sufficient to raise the possibility of relief above the "speculative level." E.E.O.C. v. Concentra Health Servs., Inc., 496 F.3d 773, 776 (7th Cir. 2007) (quoting Twombly, 550 U.S. at 555). "A pleading that offers 'labels and conclusions' or a 'formulaic recitation of the elements of a cause of action will not do.'" Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (quoting Twombly, 550 U.S. at 555). Dismissal for failure to state a claim under Rule 12(b)(6) is proper "when the allegations in a complaint, however true, could not raise a claim of entitlement to relief." Twombly, 550 U.S. at 558. In reviewing a motion to dismiss pursuant to Rule 12(b)(6), the Court accepts as true all of Counter-Plaintiff's well-pleaded factual allegations and draws all reasonable inferences in Counter-Plaintiff's favor. Killingsworth v. HSBC Bank Nev., N.A., 507 F.3d 614, 618 (7th Cir. 2007).
CDK's first cause of action alleges that the Counter-Defendants violated the terms of their respective MSAs by sharing login credentials with Authenticom and other third parties. CDK further contends that Counter-Defendants have "repeatedly violated the express contractual prohibitions" in their respective MSAs by "actively facilitating hostile, unauthorized access to CDK's DMS." [522 (Counterclaims), at ¶ 103, 104-32.] The MSAs "expressly prohibit the Counter-Defendants from allowing third-partie...
To continue reading
Request your trial