Secureinfo Corp. v. Telos Corp.

Page 593

387 F.Supp.2d 593

SECUREINFO CORPORATION, Plaintiff, v. TELOS CORPORATION, et al., Defendants.

No. Civ.A. 05-505.

United States District Court, E.D. Virginia, Alexandria Division.

September 9, 2005.

COPYRIGHT MATERIAL OMITTED

COPYRIGHT MATERIAL OMITTED

COPYRIGHT MATERIAL OMITTED

Aldo Noto, Andrews Kurth LLP, Washington, DC, for Plaintiff.

Joseph Dale Wilson, III, Glenn B. Manishin, Ira T. Kasdan, Stephen M. Arner, Kelley Drye & Warren LLP, Vienna, VA, Bernard Joseph DiMuro, DiMuro Ginsberg & Mook PC, John B. Connor, Alexandria, VA, for Defendants.

MEMORANDUM OPINION AND ORDER

LEE, District Judge.

THIS MATTER is before the Court on Defendants Telos Corporation ("Telos"), Xacta Corporation ("Xacta"), John B. Wood ("Mr.Wood"), Richard P. Tracy ("Mr.Tracy"), and David J. Wilson's ("Mr.Wilson") (collectively "Telos Defendants") Motion to Dismiss Counts I-IV and VI-XIII¹ of the Amended Complaint, as well as Defendant Lon J. Berman's ("Mr.Berman") Motion to Dismiss Counts IV-IX of Plaintiff's Amended Complaint. The mammoth Amended Complaint is 114 pages long and contains 619 paragraphs, hardly the model of brevity that the Federal Rules of Civil Procedure contemplate. See FED. R. CIV. P. 8(e) ("Each averment of a pleading shall be simple, concise, and direct."). Plaintiff SecureInfo Corporation ("SecureInfo," "Plantiff") alleges that the Telos Defendants, acting in concert with Mr. Berman, obtained a copy of SecureInfo's software in violation of licensing agreements entered into between Mr. Berman's company, BAI, and the plaintiff to conduct a competitive analysis of SecureInfo's product. The issues before the Court are

(1) whether to dismiss Plaintiff's claims under the Computer Fraud and Abuse Act, 18 U.S.C.A. § 1030 (West 2000 & Supp.2005) pursuant to Federal Rule of Civil Procedure 12(b)(6) because Plaintiff does not allege that Mr. Wilson, Xacta, and Telos had "unauthorized access" to the BAI server or that they "exceeded authorized access" within the meaning of the statute;

(2) whether to dismiss the plaintiff's claims under the Copyright Act, 17 U.S.C.A. § 501 (West 2005) because the forms allegedly copied by the Telos Defendants were not copyrightable elements of SecureInfo's Software or because the copied materials do not comprise a substantial part of SecureInfo's program considered as a whole;

(3) whether to dismiss the plaintiff's claims under the Racketeer Influenced Corrupt Practices Act, 18 U.S.C.A. § 1961 (West 2000 & Supp.2005) (hereinafter, "RICO," "RICO statute") because there is no pattern of racketeering activity within the meaning of the RICO statute, and the Telos Defendants did not control the alleged enterprise;

(4) whether to dismiss Plaintiff's fraud claim against Mr. Berman because the fraud claim flows out of a breach of the license agreements, not an independent tort, and is barred by Virginia law, or whether to dismiss Plaintiff's fraud claim because it alleges no damages resulting from Mr. Berman's alleged fraud;

(5) whether to dismiss Counts VI and IX of Plaintiff's Amended Complaint because an entity can neither conspire nor combine with an agent under Virginia law;

(6) whether to dismiss the common law tortious interference with contract or business relationship claim because an entity or person cannot interfere with its, his, or her own contract; and

(7) whether to dismiss (a) Counts X Virginia Computer Crimes Act, Va.Code Ann. § 18.2-152.3 (Michie 2004 & Supp.2005), (b) XII (common law trespass to chattels), and (c) XIII (common law detinue) of Plaintiff's Amended Complaint because they are preempted by the Copyright Act or patently without merit.

The Court

(1) grants Defendants' motion to dismiss the Computer Fraud and Abuse Act claims because Plaintiff does not properly allege that Defendants Mr. Wilson, Telos, and Xacta had "unauthorized access" to the BAI server or accessed the server in "excess of authority" within the meaning of the statute;

(2) denies Defendants' motion to dismiss the Copyright Act claim as to the QuickStart Guide because it is independently copyrighted and Plaintiff alleges that it was copied, satisfying the requirements to state a claim for copyright infringement pursuant to the Copyright Act, and the Court denies the defendants' motion to dismiss the copyright claim as to the other outputs of RMS because, taking the plaintiff's allegations as true, as required by Federal Rule of Civil Procedure 12(b)(6), the forms are protected by the Copyright Act;

(3) grants Defendants' motion to dismiss the RICO claim because Plaintiff does not establish a "pattern of racketeering activity" as required by RICO, 18 U.S.C.A. § 1962(c);

(4) grants Defendant Mr. Berman's motion to dismiss the fraud and deceit claim against him because, regardless of whether the claim sounds in tort or contract, SecureInfo failed to allege actual damages flowing from the fraud, as required by Virginia law, see, e.g., Community Bank v. Wright, 221 Va. 172, 267 S.E.2d 158, 160 (1980);

(5) grants Defendants' motion to dismiss Counts VI and IX of Plaintiff's Amended Complaint because an entity can neither conspire nor combine with an agent under Virginia law, and Plaintiff's factual allegations establish that Mr. Berman was an agent of the Telos Defendants, Lewin v. Cooke, 95 F.Supp.2d 513, 524-25 (E.D.Va.2000);

(6) grants Defendant's motion to dismiss the common law tortious interference claim because a person or entity cannot intentionally interfere with his, her, or its own contract, Fox v. Deese, 234 Va. 412, 362 S.E.2d 699, 708 (1987); (7)(a) grants Defendants' motion to dismiss the Virginia Computer Crimes Act claim because it is preempted by the Copyright Act, Rosciszewski v. Arete Assocs., Inc., 1 F.3d 225, 229 (4th Cir.1993);

(7)(b) grants Defendants' motion to dismiss the common law trespass to chattels claim because Plaintiff does not allege that the chattel itself was impaired by the trespass, America Online, Inc. v. IMS, 24 F.Supp.2d 548, 550 (E.D.Va.1998); and

(7)(c) denies Defendants' motion to dismiss the common law detinue claim because it is not preempted by the Copyright Act, and because Plaintiff states a claim for detinue under Virginia law, Talley v. Drumheller, 135 Va. 186, 115 S.E. 517 (1923).

I. BACKGROUND

Basic Information About The Risk Management System

Plaintiff SecureInfo Corporation ("SecureInfo," "Plaintiff") provides products and services to customers seeking to ensure information security compliance, managed cyber security operations, and risk management. SecureInfo created the "Risk Management System" ("RMS") to allow organizations to integrate information security compliance requirements and test plans, using a workflow tool tailored for the risk assessment process. RMS's source code, object code, data, database, content, input displays, output, and related works are protected by copyright and contain confidential information. RMS is created by a team of SecureInfo employees who analyze the appropriate industry best practices, government regulations and requirements and then extrapolate a database to systemize the compliance process into a relational framework that assesses an agency's regulatory requirements and the stringency with which an agency applies a regulation or requirement.

RMS contains content libraries tailored to each particular customer. Each content library contains particular regulations, laws or directives; requirements necessary to comply with the regulation, and tests to validate whether the customer has met the requirements and complied with the regulations. Once regulations are analyzed by SecureInfo's team of analysts, SecureInfo's subject matter experts create a requirements list based on each regulation and specific test to ensure compliance with the applicable regulation. The requirements and test plan within a content library are distinctive to SecureInfo as they are interpreted, authored, managed, and updated by SecureInfo. One example of a content library is "RMS: DITSCAP"; it concentrates on regulatory requirements for military agencies subject to the Department of Defense Information Technology Security Certification and Accreditation Process.

RMS generates documents and templates to lead a customer through the regulatory compliance process. These documents include the Requirements Traceability Matrix ("RTM"), the Certification and Accreditation Package ("C & A Package"), the Master Test Procedures or Plan ("MTP"), and the System Security Plan ("SSP"). The RTM contains a matrix of the regulations and requirements a customer is subject to and the test plan the customer must accomplish to achieve compliance. The MTP is a template for all the tests a customer must pass to comply with relevant regulations. The SSP is a template to assist the customer in securing its entire system network. Both the SSP and the MTP contain text.

Customers may not purchase RMS, but rather, SecureInfo sells licenses to use it under strict and restrictive terms and conditions. The licensing agreements require customers to agree to stringent requirements to maintain RMS as a trade secret.

Defendants Obtain Copies of SecureInfo's RMS

Defendant Mr. Wilson is employed by SecureInfo's largest competitor, Xacta, to develop and manage current and new products competing with SecureInfo's RMS product. Defendant Mr. Berman is an employee of Berman Associates, Inc ("BAI"), a consulting firm to individuals or corporations doing business with United States government agencies.

Plaintiff alleges that Mr. Wilson, on behalf of Xacta and Telos, hired Mr. Berman and BAI to perform a comparison between Xacta IA Manager and SecureInfo's RMS. Subsequently, Mr. Berman contacted SecureInfo's Vice President of Business Development and falsely told him he wished to license SecureInfo's RMS for a project he had with the General Services Administration in connection with BAI's consulting business customer compliance projects. Next,...