Snap-On Bus. Solutions Inc. v. O'Neil & Associates, Inc.
SNAP-ON BUSINESS SOLUTIONS INC., Plaintiff,
v.
O'NEIL & ASSOCIATES, INC., Defendant.
Case No. 5:09-CV-1547.
United States District Court,
N.D. Ohio.
April 16, 2010.
In this computer trespass and copyright case, Defendant O'Neil & Associates, Inc. (“O'Neil”), moves this Court for summary judgment. Defendant O'Neil and Plaintiff Snap-on Business Solutions, Inc. (“Snap-on”), compete with one another in the electronic database market. Plaintiff Snap-On claims that the Defendant unlawfully accessed its servers and copied a database Snap-on had created for its client Mitsubishi Caterpillar Forklift (“Mitsubishi”). In response, O'Neil says that Mitsubishi owned the copied data and Mitsubishi had given O'Neil the right to access the database.
For the following reasons, this Court GRANTS IN PART and DENIES IN PART the Defendant's Motion for Summary Judgment.
I. Background
Plaintiff Snap-on provides electronic parts catalogs for clients in the automotive and heavy equipment industries. Customers give Snap-on raw data, such as parts catalogues, and Snap-on creates a searchable database with linked data and images. In 2007, one of Snap-on's clients, Mitsubishi, began considering whether to move its on-line parts catalog from Snap-on to Defendant O'Neil. When Mitsubishi and Snap-on disagreed about Mitsubishi's rights to the information in the Snap-on database, however, Mitsubishi directed Defendant O'Neil to run a data retrieval program to recover data and images on Snap-on's servers. Although the parties dispute the nature and ownership of the data O'Neil took from Snap-on's computers, the parties agree that O'Neil took data in April, May, and June 2009. Snap-on filed this lawsuit on July 7, 2009.
Although the two companies had already been doing business with one another for several years, Snap-on and Mitsubishi entered into their most recent contract in June 2005.1 [Doc. 44-1.] Under the contract, Snap-on licensed use of its Net-Compass software to Mitsubishi, and Mitsubishi agreed to supply Snap-on with catalog data to upload into the software. [ Id.] After incorporating Mitsubishi's data into its software, Snap-on would then license the finished “system” to Mitsubishi. [ Id.]
The License Agreement contained a specific provision setting out the scope of the license:
[Mitsubishi] may use the Software internally and may permit Dealers to use the Software only in connection with their authorized use of [Mitsubishi]'s Data. [Mitsubishi] shall require all access to the Software to be limited to individuals associated with Dealers who are registered to use the System and to whom a user ID and password have been assigned. [Mitsubishi] shall require its personnel who use the System and all Dealers to maintain the confidentiality of their respective user IDs and passwords and to use the Software only for its intended purpose as part of the System.
In addition to the License Agreement, the parties executed a Web Hosting Agreement. [Doc. 44-3.] Under this agreement, Snap-on would “host” the software and Mitsubishi's content on Snap-on's servers and make the system available to Mitsubishi via a website.2 [ Id. at 1.] Mitsubishi, however, would retain sole responsibility for securing the website domain name and maintaining the website content. [ Id. at 1-2.]
This Web Hosting Agreement also established security responsibilities between the parties. While Snap-on agreed to provide “host network security,” Mitsubishi would be “solely responsible for authorization security.” [Doc. 44-3 at 8.] Accordingly, the parties gave Mitsubishi sole responsibility “for assigning user names and passwords to authorized users.” [ Id.] Nevertheless, Snap-on would grant Mitsubishi “limited rights to access the Customer Web Site using an administrator user name and password for the purpose of administering the user names and passwords of authorized users ....” [ Id.] Mitsubishi correspondingly agreed “not to use the access granted to the Customer Web Site for any other purpose without the express prior written consent of [Snap-on].” [ Id.]
Given that both parties contributed data and proprietary information to the system, the various agreements also set out ownership rights between the parties. For example, the Web Hosting Agreement stated that:
All materials, including, but not limited to any computer software, data or information developed or provided by [Snap-on] or its affiliates, suppliers or agents pursuant to this Agreement, and any know-how, methodologies, equipment or processes used by [Snap-on] to provide the Hosting Services to Customer ... shall remain the sole and exclusive property of [Snap-on] or its suppliers.
[Doc. 44-3 at 4.] Conversely, Snap-on acknowledged that the “Data constitutes a Trade Secret of [Mitsubishi],” and agreed, “not to use, disclose, replicate, copy, transfer, market, sell or distribute” that data unless permitted under the Agreement. [Doc. 44-1 at 6.]
Under these agreements, Mitsubishi provided parts data to Snap-on, largely in the form of paper parts catalogs and services manuals for Mitsubishi's various products. [Doc. 47-2 at 2, 49-2 at 3.] According to Snap-on senior program manager Jewel Drass, Snap-on then converted the paper catalogs into digital information and created a “data tree” ordered by product lines, models, and other sub-categories. [Doc. 47-2 at 3.] Mitsubishi continued to provide new data to Snap-on whenever the company updated its parts catalogs or published service bulletins. [Doc. 41-6 at 17-21.]
After uploading the data, Snap-on also manually created “hot spots” for any images stored in the database and “NodeID” links that connect data from level to level in the data tree. [ Id.] According to Mitsubishi's Director of Parts Jay Gusler, the hot spots are “relationships between spots on the picture and specific part numbers on the parts list.” [Doc. 49-2 at 4.] Manger Drass says that both the hot spots and NodeID links are wholly original and proprietary to Snap-on. [Doc. 41-6 at 17-21.] Snap-on also provided connections between part numbers and services bulletins and created a notation when a part number had been superseded. [ Id. at 4-5.]
Sometime after the parties entered into the 2005 agreements, Mitsubishi approached Snap-on to request a copy of its parts data in electronic format. [Doc. 41-6 at 3-7, 49-10.] Then, as now, the parties disputed Mitsubishi's ownership in the information stored on Snap-On's database. Regardless, Snap-on offered to sell Mitsubishi the electronic information with minimal if any enhancements for one price and with full enhancements-hot spots, links, photographs-for a much larger sum. [Doc. 49-10.] Mitsubishi, believing it had already paid for the enhanced data as part of its licensing relationship with Snap-on, refused the offer. [Doc. 41-6 at 9-11, 13.]
In 2007 Mitsubishi began talks with Defendant O'Neil about putting “solutions and processes in place to help [Mitsubishi] better serve [its] dealer network end users.” [Doc. 47-13.] In October 2008, the two parties entered into a letter agreement under which O'Neil would provide an “electronic parts catalogue and parts content management” services to Mitsubishi, apparently to replace Snap-on. [Doc. 49-9.]
In order to create the new system and catalog, however, Defendant O'Neil needed electronic versions of Mitsubishi's parts manuals, price information, graphics, service information, and other content. [Doc. 49-1 at 4-5.] Although Mitsubishi apparently had some paper copies of this data, akin to what it had originally provided to Snap-on, [Doc. 49-1 at 5 ], Mitsubishi concluded that “it was not economical to provide data” in that manner because “the paper did not have ... any tangible information behind it. It was one-basically one big image.” [Doc. 49-1 at 5-6.]
As a solution, Defendant O'Neil suggested that it could use a scraper tool to retrieve the electronic data from the Mitsubishi/Snap-on system. [Doc. 41-3 at 4-6.] This automated tool, designed by O'Neil, would access Snap-on's database, copy information stored on the system, and save it onto O'Neil's database where O'Neil could then analyze and manipulate it. [Doc. 41-5 at 12-20.] According to O'Neil employee David Stackhouse, the scraper tool would generally:
simulate what a user could do interactively with the website by pointing and clicking, only it's automated, and, therefore, able to point, click and do other things that the user would do in an automated manner, making it able to run unattended in a much more efficient way .... And then when it interacts with the site, then it then copies what data it can via that interaction and stores it.
According to O'Neil employee Armando Monzon, O'Neil only wanted to gather “raw data” from Snap-on.3 [Doc. 41-5 at 19.] After copying this raw data, O'Neil would then “enrich” it by creating various associations and hyperlinks, standardizing it, and consolidating it to work in the O'Neil-designed system. [Doc. 41-7 at 8.]
Ultimately, Mitsubishi agreed to have Defendant O'Neil run the scraping program. Mitsubishi provided O'Neil with a spreadsheet “checklist” so that O'Neil could ensure it had obtained all of the data needed. [Doc. 49-12, 49-3 at 11.] Because the scraper tool mimicked a user accessing the password-protected website, Mitsubishi also gave O'Neil approximately thirty existing logon credentials. [Doc. 49-4 at 8-9.] Mitsubishi's parts manager Samuel Herrick testified that O'Neil used existing credentials-ones Mitsubishi had also assigned to several of Mitsubishi's dealers-to avoid detection by Snap-on. [Doc. 49-4 at 8-9.] O'Neil also confirmed that Mitsubishi's dealers would still be able to access the site even while O'Neil used their credentials to log on and run the scraping tool. [Doc. 49-12 at 2.]
After finalizing the program and obtaining the necessary logon credentials from Mitsubishi, O'Neil began running the scraper program in February 2009. [Doc. 49-3 at 17.] In early March 2009, O'Neil made a few adjustments to the program-enabling it to process text and images separately-and then continued scraping data. [Doc. 49-6 at 2.]
According to Plaintiff Snap-on's director of security Gregory Freezel, the Snap-on website crashed in April 2009 during one of O'Neil's scraping sessions. [Doc. 47-3 at 2.] Snap-on determined that “enormous spikes in website traffic” caused the crash. [ Id.] On May 7, 2009, the website again crashed because of a traffic spike on Snap-on's servers. [ Id.] Plaintiff Snap-on traced the source of the spike to an IP address registered to Defendant O'Neil and used its firewall to block that address. [ Id. at 2-4.]
In response to the server problems, Mitsubishi employee Herrick emailed O'Neil senior application engineer Dean Schuler to confirm whether O'Neil's scraper program could be causing the issues. [Doc. 49-14.] Schuler responded that he could not tell if the scraper caused the error but that “normal server traffic does not include a user loading and requesting images in the numbers that we are.” [Doc. 49-14 at 1.] O'Neil employee Schuler also told Herrick that O'Neil would stop running the program while Snap-on looked into the server problems. [ Id.]
On May 15, 2009, Defendant O'Neil alerted Mitsubishi that Plaintiff Snap-on had blocked O'Neil's IP address but that it could still access the servers from an external IP address. [Doc. 49-15.] Before resuming the scraping program, however, O'Neil required Mitsubishi to enter into an indemnity agreement with it [Doc. 49-6 at 4, 49-16.] After Mitsubishi agreed to indemnify O'Neil for its activities, O'Neil modified the scraping program to randomize the time between data requests and then re-enabled the scraper. [ Id.]
In June 2009, Snap-on discovered that O'Neil was again scraping data from its servers, allegedly causing more problems for users of the website. [Doc. 47-3 at 4.] Snap-on eventually blocked O'Neil's new IP address. [ Id.] Shortly thereafter, Defendant O'Neil decided to stop running the scraping program.
On July 7, 2009, Plaintiff Snap-on filed suit in this Court, claiming that Defendant O'Neil violated the Computer Fraud and Abuse Act and other state and federal laws. [Doc. 1.] After the parties conducted discovery, Defendant O'Neil filed the instant motion for summary judgment. [Doc. 41.] Plaintiff Snap-on opposed the motion, [Doc. 47 ], and the Defendant replied. [Doc. 57.] The motion is now ripe for ruling.
II. Legal Standards
Summary judgment is appropriate where the evidence submitted shows “that there is no genuine issue as to any material fact and that the movant is entitled to judgment as a matter of law.” Fed. R. Civ. P. 56(c).
The moving party has the initial burden of showing the absence of a genuine issue of material fact as to an essential element of the non-moving party's case. See Celotex Corp. v. Catrett, 477 U.S. 317, 323, 106 S.Ct. 2548, 91 L.Ed.2d 265 (1986). “A fact is material if its resolution will affect the outcome of the lawsuit.” Martingale, LLC v. City of Louisville, 361 F.3d 297, 301 (6th Cir.2004) (citing Daughenbaugh v. City of Tiffin, 150 F.3d 594, 597 (6th Cir.1998) (quoting Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 248, 106 S.Ct. 2505, 91 L.Ed.2d 202 (1986))).
The moving party meets its burden by “informing the district court of the basis for its motion, and identifying those portions of ‘the pleadings, depositions, answers to interrogatories, and admissions on file, together with the affidavits, if any,’ which it believes demonstrate the absence of a genuine issue of material fact.” Celotex Corp., 477 U.S. at 323, 106 S.Ct. 2548 (quoting Fed. R. Civ. P. 56(c)). However, the moving party is under no “express or implied” duty to “support its motion with affidavits or other similar materials negating the opponent's claim.” Id.
Once the moving party satisfies its burden, the burden shifts to the nonmoving party to set forth specific facts showing a triable issue. See Matsushita Elec. Indus. Co. v. Zenith Radio Corp., 475 U.S. 574, 587, 106 S.Ct. 1348, 89 L.Ed.2d 538 (1986). It is not sufficient for the nonmoving party merely to show that there is some existence of doubt as to the material facts. See id. at 586, 106 S.Ct. 1348. Nor can the nonmoving party rely upon the mere allegations or denials of its pleadings. Fed. R. Civ. P. 56(e).
In deciding a motion for summary judgment, the Court views the factual evidence and draws all reasonable inferences in favor of the nonmoving party. Thomas v. Cohen, 453 F.3d 657, 660 (6th Cir.2006) (citations omitted). “The disputed issue does not have to be resolved conclusively in favor of the non-moving party, but that party is required to present some significant probative evidence that makes it necessary to resolve the parties' differing versions of the dispute at trial.” 60 Ivy Street Corp. v. Alexander, 822 F.2d 1432, 1435 (6th Cir.1987) (citing First Nat'l Bank of Ariz. v. Cities Serv. Co., 391 U.S. 253, 288-89, 88 S.Ct. 1575, 20 L.Ed.2d 569 (1968)). Ultimately the Court must decide “whether the evidence presents sufficient disagreement to require submission to a jury or whether it is so one-sided that one party must prevail as a matter of law.” Martingale, 361 F.3d at 301 (citing Terry Barr Sales Agency, Inc. v. All-Lock Co., Inc., 96 F.3d 174, 178 (6th Cir.1996 )) (internal quotations omitted).
III. Analysis
In its Complaint, Plaintiff Snap-on brings claims arising from both the nature of the data Defendant O'Neil allegedly copied and the manner in which O'Neil copied that data. Although the claims rely largely on the same facts, each presents unique questions of law. Accordingly, the Court addresses each claim separately below.
A. Computer Fraud & Abuse Act
Plaintiff Snap-on claims that Defendant O'Neil violated two provisions of the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030. Although primarily a criminal statute, § 1030(g) of the CFAA provides a civil action for persons “who suffer damage or loss by reason of a violation of this section ....” 4 Id. § 1030(g). Both relevant provisions of the CFAA generally prohibit unlawful access to a protected computer and require that the access be unauthorized or exceed authorized access. Id. § 1030(a)(2)(C) & (a)(5). Defendant O'Neil moves for summary judgment on Plaintiff Snap-on's two CFAA claims, arguing that no material dispute exists that Mitsubishi authorized its access.
Beginning with the text of the CFAA, § 1030(a)(5) makes liable anyone who:
(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
(B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or
(C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss.5
Id. Although Snap-on does not specify in its Complaint which subsection supports O'Neil's liability in the case, no evidence indicates that O'Neil intentionally caused damage to Snap-on's computers, as required by subsection (A). Regardless of whether subsection (B) or (C) applies, each requires that O'Neil's access be “without authorization.”
Similarly, under § 1030(a)(2)(C), the CFAA holds liable any person who: “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains ... information from any protected computer.” Id. Thus, if Defendant O'Neil can show that no genuine dispute of material fact exists as to whether it acted with authorization, summary judgment is proper on at least one if not both of Plaintiff Snap-on's CFAA claims.
The CFAA does not define the phrase “without authorization” and courts have reached conflicting interpretations.6 Compare SecureInfo Corp. v. Telos Corp., 387 F.Supp.2d 593 (E.D.Va.2005) (dismissing CFAA claims against non-party to licensing agreement where licensee of software permitted non-party to access licensee's server and copy licensor's proprietary information because licensee “authorized” non-party's access to its own computers), with Int'l Airport Ctrs., LLC v. Citrin, 440 F.3d 418 (7th Cir.2006) (holding that employee who scrubbed incriminating files from company-owned computer acted “without authorization” from moment he breached his duty of loyalty to company by resolving to destroy files); see also Am. Family Mut. Ins. Co. v. Rickman, 554 F.Supp.2d 766, 768-70 (N.D.Ohio 2008) (recognizing split of authority as to meaning of “without authorization”).
This split of authority, however, does not address the precise issue presented in this case. In the cases cited above and by the parties, the courts largely dealt with the question of whether authorization, once given, could be lost based on subsequent bad conduct. See e.g., Citrin, 440 F.3d 418; Shurgard Storage Ctrs., Inc. v. Safeguard Self Storage, Inc., 119 F.Supp.2d 1121, 1125 (W.D.Wash.2000) (holding that employees' authority to access company computers ended when those employees surreptitiously became agents of defendant competitor and sent company's proprietary information to competitor via email). Moreover, even under the most narrow definition of the term “without authorization”-one that ignores the subjective intent of the accesser 7-the issue would remain whether adequate permission had been given or whether the accesser could reasonably believe he had adequate permission. Otherwise, an admittedly unwelcome computer hacker could escape liability under the CFAA by pointing to some third party who had theoretically given him permission to hack the plaintiff's computer.
In this case, the parties dispute whether Mitsubishi had authority to grant any access to Defendant O'Neil, not whether O'Neil somehow lost its access rights because of its actions. On this question, O'Neil argues simply that it “was authorized by [Mitsubishi] to access the web sites containing [Mitsubishi] data.” [Doc. 41-1 at 8.] In contrast, Plaintiff Snap-on says that its license agreement with Mitsubishi forbids Mitsubishi from giving a third party authorization to log into the system.
Looking to Snap-on's contracts with Mitsubishi, a genuine dispute of material fact exists as to Mitsubishi's actual ability to authorize O'Neil's activities as well as to the reasonableness of O'Neil's belief that Mitsubishi could authorize it. Although the Web Hosting Agreement made Mitsubishi solely responsible for “authorization security,” and for “assigning user names and passwords to authorized users,” [Doc. 44-3 at 8 ], this language alone does not indicate that Mitsubishi had the power to authorize any person or entity it desired to access the website and Snap-on's servers.
For example, the 2005 license agreement called for Mitsubishi to “require all access to the Software to be limited to individuals associated with Dealers who are registered to use the System and to whom a user ID and password have been assigned.” [Doc. 44-1 at 3.] Similarly, Exhibit A to the 2005 License Agreement notes that the annual licensing fee covers a “Software license, including use by an unlimited number of individual users at Dealers and within MCFA, MCFE, MCFS.” [Doc. 44-4 at 3 ] (emphasis added).
Given the lack of extrinsic evidence before the Court on the scope of Mitsubishi's ability to authorize O'Neil's access to the website and servers as well as the fact-intensive reasonableness inquiry required, a genuine dispute of material fact exists precluding summary judgment on the CFAA claims.
B. Trespass to Chattels
In its Amended Complaint, Plaintiff Snap-on further claims that Defendant O'Neil committed common law trespass to chattels when it accessed the database on Snap-on's servers, caused the servers to crash, and took proprietary information. [Doc. 34 at 7.] Moving for summary judgment, Defendant O'Neil contends that Snap-on's trespass claim fails as a matter of Ohio law and that federal copyright law preempts the claim.
1. Common Law Trespass
To make a claim for trespass, Snap-on must show it had a possessory interest in the chattel and that O'Neil (1) dispossessed Snap-on of the chattel; (2) impaired the chattel's condition, quality, or value; (3) deprived Snap-on of the chattel's use for a substantial time; or (4) caused bodily harm to Snap-on or to some person or thing in which Snap-on had a legally protected interest. CompuServe, Inc. v. Cyber Promotions, 962 F.Supp. 1015, 1021-22 (S.D.Ohio 1997); see also Universal Tube & Rollform Equip. Corp. v. YouTube, Inc., 504 F.Supp.2d 260, 269 (N.D.Ohio 2007).
As one Ohio court has noted, “[T]he interference has to amount to more than intermeddling.” Dryden v. Cincinnati Bell Tel. Co., 135 Ohio App.3d 394, 734 N.E.2d 409, 416 (Ohio Ct.App.1999) (citing Restatement (Second) of Torts § 218 cmt. e (1965)). Moreover, even an electronic trespass to chattels claim must be based on some link to a physical object. YouTube, Inc., 504 F.Supp.2d at 268 (finding that computers hosting website would be sufficient physical object); see also CompuServe, 962 F.Supp. at 1021 (same as to computer system).
In this case, Plaintiff Snap-on asserts that the scraping program contacted Snap-on's physical computer servers, that Snap-on had a possessory interest in those servers, and that the scraper damaged the servers and temporarily deprived Snap-on of their use. Defendant O'Neil argues that it had permission to access the servers and that no evidence exists to show the degree of damage or deprivation necessary to support a claim.
In regard to O'Neil's right to access the Snap-on servers via the Mitsubishi website, the parties do not dispute that Snap-on never gave O'Neil permission to do so. Moreover, this Court has already found a genuine dispute of material of fact as to Mitsubishi's authority to grant database access to O'Neil. Accordingly, the Court analyzes whether Snap-on has shown adequate impairment or depravation.
Several courts have held that even intangible damage to computer servers can constitute a trespass to chattels. See, e.g., Register.com, Inc. v. Verio, Inc., 356 F.3d 393, 404 (2d Cir.2004) (affirming grant of preliminary injunction based partially on trespass claim where defendant's use of “search robots” to perform automated queries of plaintiff's database “deplete[d] the sever capacity available at a given time for authorized end-users,” and posed “risks to the integrity of [plaintiff]'s systems due to potential congestion and overload problems”); eBay, Inc. v. Bidder's Edge, Inc., 100 F.Supp.2d 1058, 1071 (N.D.Cal.2000) (granting preliminary injunction on trespass claim where defendant's automated program accessed and searched plaintiff's auction database at such heavy volume that it “compromis[ed] eBay's ability to use that [server] capacity for its own purposes”); Am. Online, Inc. v. LCGM, Inc., 46 F.Supp.2d 444, 451-52 (E.D.Va.1998) (transmission of bulk email across plaintiff's computer network constituted trespass); CompuServe, 962 F.Supp. at 1022-23 (holding that defendant's use of plaintiff's servers to store and send voluminous unsolicited email diminished value of plaintiff's computer equipment because those messages drained computers' processing power and harmed plaintiff's reputation with customers).
Although not explicitly disagreeing with these cases, other courts have been more reticent to find a trespass where the intangible damage is speculative or minimal. See, e.g., Intel Corp. v. Hamidi, 30 Cal.4th 1342, 1 Cal.Rptr.3d 32, 71 P.3d 296 (2003) (reversing summary judgment for plaintiff on trespass claim where plaintiff presented no evidence that defendant's mass emails prevented plaintiff “from using its computers for any measurable length of time” or that plaintiff's “system was slowed or otherwise impaired by the burden of delivering [defendant]'s electronic messages”); Ticketmaster Corp. v. Tickets.com, Inc., No. 99CV7654, 2000 WL 1887522, at *4 (C.D.Cal. Aug. 10, 2000) (denying preliminary injunction where defendant's automated search robots used “very small” percentage of plaintiff's server space and plaintiff made “no showing that the use interferes to any extent with [its] regular business”).
Although this case differs in some respects from the cases cited above, Plaintiff Snap-on has provided sufficient evidence to permit a reasonable trier of finder to conclude that O'Neil's potentially-unauthorized access to Snap-on's servers either impaired the servers' condition, quality, or value or deprived Snap-on of their use for a substantial time. Specifically, Snap-on says that “enormous spikes in website traffic” caused two separate crashes in April and May 2009. [Doc. 47-3 at 2.] Snap-on claims that it traced the source of these spikes to Defendant O'Neil's IP address. [ Id. at 2-4.]
According to Snap-on, not only did the scraper program cause the website to crash, it also caused slow run times, generating customer complaints. [Doc. 47-3 at 4.] In fact, as O'Neil's own employee advised Mitsubishi after the first crash, “[N]ormal server traffic does not include a user loading and requesting images in the numbers that we are.” [Doc. 49-14 at 1.] Ultimately, Snap-on says that it spent 200 hours diagnosing and repairing damage to its servers by the scraping program. [ Id.]
This evidence precludes summary judgment for O'Neil on the trespass to chattels claim.
2. Preemption by Copyright Law
Defendant O'Neil nevertheless argues that copyright law preempts the Plaintiff's trespass claim. The Copyright Act, 17 U.S.C. § 101 et seq., preempts state law claims based on rights that are “equivalent to any of the exclusive rights within the general scope of copyright as specified by section 106 in works of authorship that are fixed in a tangible medium of expression and come within the subject matter of copyright as specified by sections 102 and 103 ....” Id. § 301(a). In applying this preemption provision, the Sixth Circuit has noted that the scope of the Copyright Act's subject matter, and therefore its preemptive reach, is broader than the scope of the Act's protections. Wrench LLC v. Taco Bell Corp., 256 F.3d 446, 455 (6th Cir.2001) (holding that Copyright Act did not preempt state law implied-in-fact contract claim because such a claim seeks to enforce promise to pay-a subject matter not covered by copyright).
To the extent Snap-on claims that O'Neil trespassed upon its possessory interest in the Net-Compass software or accompanying database, O'Neil's preemption argument may have merit. See, e.g., Healthcare Advocates, Inc. v. Harding, Earley, Follmer & Frailey, 497 F.Supp.2d 627, 650 (E.D.Pa.2007) (holding that Copyright Acts preempted trespass to chattels claim where plaintiff claimed that defendant interfered with its possessory rights in archived website screen shots and website content).
As discussed above, however, Snap-on also asserts that Defendant O'Neil trespassed upon its physical computer servers. This claim seeks relief outside the scope of the Copyright Act. See Lynn v. Sure-Fire Music Co., 237 Fed.Appx. 49, 54 (6th Cir.2007) (holding that Copyright Act did not preempt state law claims for replevin and conversion because those claims were “concerned with tangible personal property”); see also eBay, Inc., 100 F.Supp.2d at 1072 (“The right to exclude others from using physical personal property is not equivalent to any rights protected by copyright and therefore constitutes an extra element that makes trespass qualitatively different from a copyright infringement claim.”)
Accordingly, the Copyright Act does not preempt Plaintiff Snap-on's trespass to chattels claim.
C. Unjust Enrichment
In its Complaint, Snap-on claims that O'Neil unjustly obtained “business-related benefits” at the expense of Snap-on and seeks compensation for “the value of the information [Snap-on] unwillingly provided” to O'Neil. [Doc. 34 at ¶¶ 35-36.] Defendant O'Neil moves for summary judgment, arguing that copyright law again preempts this claim. This Court agrees.
Under the two-prong analysis provided in 17 U.S.C. § 301(a), copyright law preempts an unjust enrichment claim whenever: “(1) the work is within the scope of the ‘subject matter of copyright,’ as specified in 17 U.S.C. §§ 102, 103; and, (2) the rights granted under state law are equivalent to any exclusive rights within the scope of federal copyright as set out in 17 U.S.C. § 106.” Wrench LLC, 256 F.3d at 453.
Snap-on cites three cases holding that the Copyright Act did not preempt certain unjust enrichment claims. See Tastefully Simple, Inc. v. Two Sisters Gourmet, LLC, 134 Fed.Appx. 1, 6 n. 3 (6th Cir.2005) (holding that Copyright Act preempted unjust enrichment claim to extent it relied on alleged copying of several printed forms but did not preempt claim based on copying of “blank forms”-materials designed merely for recording information); Perfect 10, Inc. v. Google, Inc., No. CV04-9484, 2008 WL 4217837, at *9 (C.D.Cal. July 16, 2008) (finding unjust enrichment claims not preempted where plaintiff based those claims on rights of publicity and trademark only); Automated Solutions Corp. v. Paragon Data Sys., No. 05CV1519, 2006 WL 5803366, at *17 (N.D. Ohio June 30, 2006) (Hemann, M.J.) (holding that copyright law did not preempt unjust enrichment claim where plaintiff alleged injury from defendant's false statements, not from act of infringement), adopted by 2008 WL 2404972 (N.D.Ohio June 11, 2008).
Although these cases correctly illustrate that the Copyright Act does not preempt all unjust enrichment claims, Snap-on does not provide the Court with any factual statement or record evidence indicating why its unjust enrichment claim falls into this category. Instead, Snap-on's Complaint merely claims that O'Neil took “information.” In addition, Snap-on has asserted a copyright claim against O'Neil for alleged copying of the database. Thus, this Court cannot determine what other “information” O'Neil allegedly acquired or why that related information would not fall within the subject matter of copyright.
Accordingly, the Court GRANTS the Defendant's motion for summary judgment on Snap-on's unjust enrichment claim.
D. Breach of Contract
Although O'Neil is not a party to any of the licensing and web hosting agreements between Plaintiff Snap-on and Mitsubishi, Snap-on claims that O'Neil entered into and breached an End User License Agreement (“EULA”) with Snap-on each time O'Neil accessed the website. O'Neil argues that Snap-on has not established any facts to support this claim.
The Mitsubishi/Snap-on website contained an EULA. Because the website did not require the user to affirmatively click and accept the EULA before logging on (a clickwrap agreement), the EULA that Snap-on seeks to enforce here is a type of browsewrap agreement. See Doe v. SexSearch, 502 F.Supp.2d 719, 729 n. 1 (N.D.Ohio 2007) (“A browsewrap agreement allows the user to view the terms of the agreement, but does not require the user to take any affirmative action before the Web site performs its end of the contract.”) (internal quotations and alterations omitted).
Although Ohio courts have not specifically discussed the enforceability of browsewrap agreements as contracts, other courts have focused on whether the website user “has actual or constructive knowledge of a site's terms and conditions prior to using the site.” Sw. Airlines Co. v. BoardFirst, LLC, No. 06CV891, 2007 WL 4823761, at *5 (N.D.Tex. Sept. 12, 2007); see also Burcham v. Expedia, Inc., No. 4:07CV1963, 2009 WL 586513, at *3 (E.D.Mo. Mar. 6, 2009) (“Courts ... apply traditional principles of contract law and focus on whether the plaintiff had reasonable notice of and manifested assent to the online agreement.”); Ticketmaster Corp. v. Tickets.Com, Inc., No. CV997654, 2003 WL 21406289, at *2 (C.D.Cal. Mar. 7, 2003) (“[A] contract can be formed by proceeding into the interior web pages after knowledge (or, in some cases, presumptive knowledge) of the conditions accepted when doing so.”)
Most cases discussing browsewrap agreements involve facts similar to the instant case. See, e.g., BoardFirst, 2007 WL 4823761, at *5 (holding browsewrap agreement enforceable against defendant corporation that earned profit by accessing plaintiff airline's website and securing priority boarding passes on behalf of customers); Cairo, Inc. v. Crossmedia Servs., Inc., No. C04-4825, 2005 WL 756610, at *4-6 (N.D. Cal. April 1, 2005) (enforcing forum selection clause in website's terms of use where user's automated computer program accessed site, recorded information, and returned information to user's database); Register.com, Inc., 356 F.3d at 427-30 (holding plaintiff likely to succeed on breach of contract claim based on browsewrap agreement where defendant daily accessed plaintiff's website, downloaded customer data, and used that data to market its own products); Ticketmaster, 2003 WL 21406289, at *2 (denying summary judgment on breach of browsewrap contract claim where defendant used “spider” program to extract information from plaintiff's website and then posted that information on its own website to attract customers); Pollstar v. Gigmania, Ltd., 170 F.Supp.2d 974, 981-82 (E.D.Cal.2000) (refusing to dismiss contract claim based on browsewrap agreement where defendant copied concert information from plaintiff's website and posted it on its competing website).
In some cases, the courts found that the defendants had actual knowledge of the EULA. See, e.g., BoardFirst, 2007 WL 4823761, at *6 (“There is no dispute that BoardFirst has had actual knowledge of Southwest's Terms at least since [defendant's agent] received from Southwest the December 20, 2005, cease-and-desist letter in which Southwest informed [her] that the Terms forbid the use of the Southwest website for commercial purposes.”); Register.com, Inc., 356 F.3d at 402 (“Verio visited Register's computers daily to access WHOIS data and each day saw the terms of Register's offer; Verio admitted that, in entering Register's computers to get the data, it was fully aware of the terms on which Register offered the access.”).
Nevertheless, Courts have also found constructive knowledge alone sufficient so long as the website host placed notice of the EULA prominently and provided easy access to the full EULA terms. See, e.g., Cairo, Inc., 2005 WL 756610, at *2 (web page displayed defendant's logo and notice of “Terms of Use” in underlined, highlighted text that indicated hyperlink to actual terms); Major v. McCallister, 302 S.W.3d 227 (Mo.Ct.App.2009) (upholding browsewrap agreement where each web page contained “immediately visible notice of existence of license terms” and hyperlink to those terms); Ticketmaster, 2003 WL 21406289, at *2 (finding notice of terms posted on home page and visible to most users sufficient to impute knowledge of and assent to those terms); but see Specht v. Netscape Comms. Corp., 306 F.3d 17, 22 (2d Cir.2002) (refusing to enforce browsewrap agreement where users of web page would not see any notice of agreement unless they scrolled down to another screen).
In this case, Snap-on has presented sufficient evidence from which a reasonable jury could conclude that Defendant O'Neil had actual or constructive knowledge of the Snap-on EULA. O'Neil does not dispute that it accessed the Snap-on websites. [Doc. 41-1 at 1, 3-4.] Each website contains a single page access screen where users must input a user name and password and then click an “Enter” button to proceed. [Doc. 4 7-25.] Below the “Enter” button, the page states: “The use of and access to the information on this site is subject to the terms and conditions set out in our legal statement.” [Doc. 47-25 at 1.] Immediately following this text is a green box with an arrow that users may click to view the entire EULA. [ Id.]
Snap-on has also provided sufficient evidence to show that O'Neil's access and use of the website potentially violated the EULA. Relevant here, the EULA provided: “Authorized Dealer Your right to use the Software is conditioned upon your status as an authorized dealer or customer of a manufacturer or other organization that has licensed Net-Compass software from Snap-on.” [Doc. 47-25 at 3.] Because O'Neil does not dispute that it is not an authorized dealer or customer of Mitsubishi, this provision would give O'Neil no right to use the Software.
The EULA also states, however, that if the user “signed a written license agreement with Snap-on covering the Software, the written agreement will continue in effect and its terms will control over any inconsistent terms of this Agreement.” [Doc. 47-25 at 3.] Defendant O'Neil argues that this second clause exempts it from the EULA's coverage because Mitsubishi had a written contract with Snap-on and authorized O'Neil's activities. [Doc. 57 at 9-10.]
As this Court has already held, however, a genuine dispute of material fact exists as to whether Mitsubishi agreements permitted it to authorize O'Neil's conduct. Moreover, Defendant O'Neil has not provided evidence that it acted as Mitsubishi agent or employee, as opposed to an independent contractor, such that Mitsubishi's access rights could be delegated to O'Neil. See Abrams v. Toledo Auto. Dealers Ass'n, 145 Ohio App.3d 187, 762 N.E.2d 411, 414 (Ohio Ct.App.2001) (“An independent contractor is one who carries on an independent business, in the course of which he undertakes to accomplish some result or do some piece of work, for another, being left at liberty in general to choose his own means and methods, and being responsible to his employer only for the results which he has undertaken to bring about.”).
Because a genuine dispute of material fact exists as to whether the parties entered into the EULA and as to Defendant O'Neil's breach of that contract, the Court denies summary judgment on the contract claim.
E. Copyright Infringement
Defendant O'Neil also moves for summary judgment on Plaintiff Snap-on's claims for copyright infringement. Snap-on alleges that it has valid copyrights in its Net-Compass software, in its improvements to Mitsubishi's data, and in the creative aspects of the proprietary database used to run the software, and that O'Neil copied this information when it scraped the Snap-on database. O'Neil argues that copyright law does not protect any of the information it took.
A plaintiff may establish a claim of copyright infringement by showing that: (1) it owns a valid copyright in the work at issue, and (2) the defendant copied protectable elements of the work. Lexmark Int'l, Inc. v. Static Control Components, Inc., 387 F.3d 522, 534 (6th Cir.2004) (citing Feist Pub'lns, Inc. v. Rural Tel. Serv. Co., 499 U.S. 340, 361, 111 S.Ct. 1282, 113 L.Ed.2d 358 (1991)).
As the Sixth Circuit has explained, “The first prong tests the originality and non-functionality of the work, both of which are presumptively established by the copyright registration.” Lexmark, 387 F.3d at 534. “The second prong tests whether any copying occurred (a factual matter) and whether the portions of the work copied were entitled to copyright protection (a legal matter).” Id.
In this case, Defendant O'Neil makes two legal challenges to Snap-on's ability to claim copyright infringement. Under the first prong of the infringement elements, O'Neil argues that the database lacks the minimal degree of creativity required to support a valid copyright. Second, O'Neil contends that even if it copied certain enhancements to Mitsubishi's data, those enhancements are not entitled to copyright protection under the second infringement prong.
1. Valid Copyright
As an initial matter, Snap-on has produced a certificate of registration for its database. [Doc. 34-1.] Under 17 U.S.C. § 410(c), this registration constitutes prima facie evidence of the copyright's validity. Nevertheless, Defendant O'Neil may rebut this presumptive validity by presenting sufficient evidence that the database is not entitled to copyright protection. Lexmark, 387 F.3d at 534.
An entity may claim a valid copyright in a compilation, such as a computer database.8 See 17 U.S.C. §§ 102 & 103. As the Copyright Act indicates, however, “The copyright in a compilation or derivative work extends only to the material contributed by the author of such work, as distinguished from the preexisting material employed in the work, and does not imply any exclusive right in the preexisting material.” Id. § 103(b). In Feist, the Supreme Court held that a “factual compilation is eligible for copyright if it features an original selection or arrangement of facts, but the copyright is limited to the particular selection or arrangement. In no event may copyright extend to the facts themselves.” 499 U.S. at 350-51, 111 S.Ct. 1282.
Applying Feist, courts have given copyright protection to computer databases containing facts otherwise in the public domain. See, e.g., Assessment Techs. of Wis., LLC v. WIREdata, Inc., 350 F.3d 640, 643 (7th Cir.2003) (finding that developer of copyrighted software had valid copyright in database compilation of real estate information because “no other real estate assessment program arranges the data collected by the assessor in these 456 fields grouped into these 34 categories, and because this structure is not so obvious or inevitable as to lack the minimum originality required”); Madison River Mgmt. Co. v. Business Mgmt. Software Corp., 387 F.Supp.2d 521 (M.D.N.C.2005) (extending copyright protection to database containing telephone customer information where database imposed new structure on raw data and made “metadata enhancements”); but see Matthew Bender & Co. v. West Publ'g Co., 158 F.3d 674, 681 (2d Cir.1998) (finding uncopyrightable certain enhancements made to judicial opinions in database, including, “(i) arrangement of information specifying the parties, court, and date of decision; (ii) the selection and arrangement of the attorney information; (iii) the arrangement of information relating to subsequent procedural developments ...; and (iv) the selection of parallel and alternative citations”).
Against this background, Defendant O'Neil argues that Snap-on's database does not possess the minimal degree of creativity required for copyright protection because its structure is obvious. Snap-on claims, however, that it organizes Mitsubishi's data in an original data tree and creates relationships between the levels of the tree that would not otherwise exist. [Doc. 47-2 at 2-3.]
Given the presumptive validity of Snap-on's copyright and the significantly low standard of creativity required by Feist, Snap-on has provided sufficient evidence to defeat summary judgment on the issue of its owning valid copyright in the Mitsubishi database.
2. Copying of Protectable Elements
Snap-on's ownership of a valid copyright does not end the inquiry, however. Snap-on must also show that O'Neil copied protectable elements of the database-i.e., that copying occurred and that the copied portions are copyrightable. Lexmark, 387 F.3d at 534. On this first issue, at least some of Snap-on's evidence indicates that O'Neil's scraping program took:
the link structure, the navigational information that would be on the left-hand side of the site ... that would list the models and the media numbers and the different manuals .... the parts information and images, hotspot location information .... their bulletins, pdf files, and then whether or not an item had supersession information or not.
Although other O'Neil employees seem to provide more narrow descriptions of the scraper program's copying, [Doc. 49-3 at 13-15 ], O'Neil does not contest the scope of its copying on summary judgment. Instead, O'Neil argues that these elements are not protectable. See Feist, 499 U.S. at 361, 111 S.Ct. 1282 (“Not all copying, however, is copyright infringement.”).
In determining what aspects of the Mitsubishi database the Snap-on copyright protects, the Court must “filter out the unoriginal, unprotectible elements-elements that were not independently created by the inventor, and that possess no minimal degree of creativity.” Kohus v. Mariol, 328 F.3d 848, 855 (6th Cir.2003). The Court applies various doctrines of copyright law in this filtering process, including the doctrines of merger and scenes a faire. Id. at 855-56; Lexmark, 387 F.3d at 535.
Under the doctrine of merger,
Where the “expression is essential to the statement of the idea,” ... or where there is only one way or very few ways of expressing the idea, ... the idea and expression are said to have “merged.” In these instances, copyright protection does not exist because granting protection to the expressive component of the work necessarily would extend protection to the work's uncopyrightable ideas as well....
Lexmark, 387 F.3d at 535 (citations omitted). Similarly, the Court must filter out scenes a faire, “elements that are dictated by external factors such as particular business practices.” Id. In the computer context: “[T]he doctrine means that the elements of a program dictated by practical realities ... may not obtain protection.” Lexmark, 387 F.3d at 535-36.
Applying these doctrines, the Court holds that O'Neil has not shown that copyright law fails to protect the allegedly-copied elements. Although the hot spots are likely beyond the scope of the copyright because they show no minimal creativity, see Ross, Brovins & Oehmke, PC v. Lexis Nexis Group, 463 F.3d 478, 487 (6th Cir.2006) (holding uncopyrightable forms showing interrelation of information where that interrelation was plain on face of form), the link structure and navigational information are potentially protected because they represent an unique organization Snap-on imposed on Mitsubishi's data.
In fact, O'Neil's own evidence belies its argument that efficiency and function dictate the database's structure. For instance, O'Neil believed it could provide a better database for Mitsubishi precisely because it would alter the arrangement of the data. [Doc. 41-7 at 8-9.] As summarized in the motion for summary judgment, “O'Neil proposed a content management system that was more flexible, efficient, customizable, and responsive ....” [Doc. 41-1 at 3.] Given that O'Neil proposes to entirely restructure the Mitsubishi data, O'Neil has not shown that Snap-on's link structure is necessarily dictated by the nature of underlying data.
Nor does WIREdata support O'Neil's argument here. In that case, the Seventh Circuit found a database of real estate tax assessment information copyrighted but nevertheless reversed the finding of copyright infringement against an organization that copied the database in order to use the underlying data to create a database for real estate brokers. 350 F.3d 640. The court noted, however, that had the organization copied the database wholesale, the plaintiff would have a claim for infringement. 350 F.3d at 643. Moreover, in cautioning the plaintiff against holding the noncopyrightable data hostage in its database, the court relied largely on the fact that the plaintiff and defendant were not competitors, noting:
But WIREdata doesn't want the Market Drive compilation. It isn't in the business of making tax assessments, which is the business for which Market Drive is designed. It only wants the raw data, the data the assessors inputted into Market Drive. Once it gets those data it will sort them in accordance with its own needs, which have to do with providing the information about properties that is useful to real estate brokers as opposed to taxing authorities.
...
[WIREdata] would be privileged to make such a copy, and likewise the municipalities. For the only purpose of the copying would be to extract noncopyrighted material, and not to go into competition with AT by selling copies of Market Drive.
In this case, Snap-on and O'Neil are direct competitors and the parties do not dispute that whatever copying O'Neil did, it did as a first step in creating a new database for Snap-on's client. These facts call into question WIREdata' s application here.
Ultimately, O'Neil has not shown the Snap-on database's data tree, link structure, and other associational relationships unprotected as a matter of law. Moreover, given the somewhat conflicting evidence of what information O'Neil actually copied, the Court denies summary judgment on the copyright claim.
F. Trade Secrets
Finally, Defendant O'Neil moves for summary judgment on Plaintiff Snap-on's misappropriation of trade secrets claim by stating: “The plaintiff has alleged a claim for misappropriation of trade secrets, but no material facts supporting such a claim have been presented.” [Doc. 41-1 at 14.] Snap-on responds by arguing that O'Neil's motion is “woefully insufficient under Rule 56” because O'Neil fails to make at least some affirmative showing as to how the record or law entitles it to summary judgment.
Because Defendant O'Neil fails to support its motion for summary judgment on the trade secrets claim with any citation to the evidence or argument under the applicable law, see Celotex, 477 U.S. at 328, 106 S.Ct. 2548 (White, J., concurring) (“[T]he movant must discharge the burden the Rules place upon him: It is not enough to move for summary judgment without supporting the motion in any way or with a conclusory assertion that the plaintiff has no evidence to prove his case.”), the Court denies the motion for summary judgment on that claim.
IV. Conclusion
For the foregoing reasons, this Court this Court GRANTS IN PART and DENIES IN PART the Defendant's Motion for Summary Judgment.
IT IS SO ORDERED.
--------
Notes:
1. Some of the documents refer to “ProQuest Business Solutions Inc.” Snap-on is the corporate successor to ProQuest.
2. In reality, Mitsubishi maintained separate websites for its various global regions (North America, Europe, and Asia). Because the websites apparently function in the same way and O'Neil accessed all of the websites using largely the same program, the Court simply refers to one website as encompassing all of the approximately six Mitsubishi and Snap-on maintained.
3. Monzon defined “raw data” as:
Literally, the text it describes, the illustrated parts list and the illustrations and information and data for those illustrations that help support it, kit number information embedded within the illustrated parts list, notes that are embedded in the illustrated parts list, the text that helps supplement the illustrated parts list, and any data that helps supplement the illustrated parts.
[Doc. 41-5 at 19.]
4. The CFAA also requires a civil plaintiff to show that the violation involved one of the factors listed in § (a)(5)(B). O'Neil does not contest that Snap-on can show it suffered adequate loss under subsection (a)(5)(B)(i).
5. Section 1030(e)(2)(B) defines “protected computer” as a computer “which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States.” The parties do not dispute that Snap-on's computers meet this definition.
6. The CFAA defines “exceeds authorized access” as “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.” Id. § 1030(e)(6).
7. The Ninth Circuit holds: “[A] person uses a computer ‘without authorization’ under § 1030(a)(2) and (4) when the person has not received permission to use the computer for any purpose (such as when a hacker accesses someone's computer without any permission), or when the employer has rescinded permission to access the computer and the defendant uses the computer anyway.” LVRC Holdings LLC v. Brekka, 581 F.3d 1127, 1135 (9th Cir.2009).
8. “A ‘compilation’ is a work formed by the collection and assembling of preexisting materials or of data that are selected, coordinated, or arranged in such a way that the resulting work as a whole constitutes an original work of authorship.” 17 U.S.C. § 101.