TD Ameritrade, Inc. v. Matthews

          ORDER RE MOTION TO DISMISS

          SHARON L. GLEASON UNITED STATES DISTRICT JUDGE.

         Before the Court at Docket 100 is Plaintiffs' (collectively, “TD Ameritrade”) Motion to Dismiss Defendant's Third Amended Counterclaims. Defendant James Matthews filed an opposition to the motion at Docket 103 and TD Ameritrade filed a reply at Docket 106. Oral argument was not requested and was not necessary to the Court's decision. For the reasons set forth below, the Motion to Dismiss will be denied.

         BACKGROUND

         This is TD Ameritrade's third motion to dismiss. The underlying facts of this case are set forth in the Court's orders on TD Ameritrade's first and second motions to dismiss; they are not repeated here.^[1] The pertinent facts as alleged in Mr. Matthews' Third Amended Answer and Counterclaims (“TAAC”) are briefly summarized as follows:

         In early 2012, Mr. Matthews became aware of TD Ameritrade's thinkorswim applications program interface (“API”).^[2] On or about April 11, 2012, Mr. Matthews opened a live, unfunded, user-modifiable investment account with TD Ameritrade.^[3] This allowed him access to TD Ameritrade's thinkorswim API, which enabled him to create a self-directed trading environment.^[4] Mr. Matthews alleges he created analytical tools using the API, as expressly permitted by thinkorswim.^[5] He alleges users such as him were encouraged to practice with the API and were encouraged to devise their own software programs and modify software routines that were not locked.^[6] Mr. Matthews alleges that he has never “claimed that any of the source code created by him . . . was based upon a modification of any code or software from any TD Ameritrade website or trading platform, nor was it in any manner derived from any of TD Ameritrade's software.”^[7] Mr. Matthews obtained a copyright registration for certain computer code effective June 28, 2012.^[8]

         Attached to the TAAC is an unsigned licensing agreement that Mr. Matthews maintains he downloaded from TD Ameritrade's website in March 2017; he asserts that it “is substantially the same” as the one in effect in May 2012.^[9] He alleges that he did not have any agreement with TD Ameritrade that precluded him from filing for copyright protection for software created by him “in connection with the TD Ameritrade website and software.”^[10] He alleges that the primary purpose of the Client Agreement he admits that he did have with TD Ameritrade was to govern stock trading activity and that the Court must determine “what, if any licensing agreement existed between the parties” and then the Court “must reconcile all such agreements - which cannot be done as a matter of a pleading.”^[11]

         The TAAC alleges that on May 27, 2012, TD Ameritrade perpetrated a “cyber attack” against Mr. Matthews' computer, destroying his hard drive controller.^[12] The TAAC further alleges that prior to destroying Mr. Matthews' hardware, TD Ameritrade copied the routines that Matthews had created.^[13] Mr. Matthews maintains that he had certain specified “protective devices . . . enabled[] in [his] hardware and software” when his routines were copied, including encryption and anti-virus and firewall software.^[14] He further maintains that “[a]ll or most of the software stolen by thinkorswim had a copyright notice imbedded by Matthews that clearly identified Matthews, and his claim to copyright.”^[15] Mr. Matthews alleges that TD Ameritrade continues to use, provide, and permit others to use Mr. Matthews' copyrighted code.^[16]

         On June 27, 2016, TD Ameritrade filed its Complaint, alleging causes of action for declaratory judgment, cancellation and release of claimed nonconsensual common law lien, and injunctive relief.^[17] On September 9, 2016, TD Ameritrade filed a First Amended Complaint, alleging the same causes of action as the original complaint.^[18]

         Mr. Matthews filed an answer to the First Amended Complaint on January 4, 2017. He asserted counterclaims and sought injunctive relief for copyright infringement.^[19] On March 20, 2017, Mr. Matthews filed a First Amended Answer to the First Amended Complaint, which also included eight counterclaims: three claims for copyright infringement; an alleged violation to Alaska's Unfair Trade Practices Act; two claims for breach of contract and breach of the implied covenant of good faith and fair dealing; trespass on real property; and a demand for accounting.^[20] TD Ameritrade filed a Motion to Dismiss Mr. Matthews' counterclaims.^[21] On October 25, 2017, the Court granted TD Ameritrade's Motion to Dismiss, allowing Mr. Matthews to file an amended answer with counterclaims only as to the copyright infringement claims and the breach of an unspecified contract and an associated implied covenant of good faith and fair dealing claim.^[22] All other counterclaims were dismissed with prejudice.^[23]

         On November 29, 2017, Mr. Matthews filed a Second Amended Answer and Counterclaims that alleged four counterclaims: a copyright infringement claim in violation of 17 U.S.C. § 101 et seq.; a claimed violation of 17 U.S.C. §§ 1201 and 1202; a claim seeking injunctive relief on claims one and two; and a claim for breach of contract and the implied covenant of good faith and fair dealing.^[24] TD Ameritrade again moved to dismiss each counterclaim.^[25] On July 16, 2018, this Court denied TD Ameritrade's Motion to Dismiss as to Mr. Matthews' counterclaims for copyright infringement under 17 U.S.C. § 101 et seq., violation of 17 U.S.C. § 1202, and injunctive relief related to those claims. This Court granted TD Ameritrade's Motion to Dismiss as to Mr. Matthews' counterclaims for violation of 17 U.S.C. § 1201 and injunctive relief related to that claim, but allowed Mr. Matthews to file an amended answer as to these counterclaims. His remaining counterclaim for breach of contract and the implied covenant of good faith and fair dealing was dismissed with prejudice.^[26] On July 30, 2018, Mr. Matthews filed his TAAC, which now enumerates specific technological measures protecting his hard drive at the time of the alleged hacking attack.^[27]

         LEGAL STANDARD

         The legal standard for a motion to dismiss under Rule 12(b)(6) is set out in the Court's prior orders and is not fully restated here.^[28] However, the Ninth Circuit recently addressed two topics relevant to TD Ameritrade's motion to dismiss: the incorporation-by-reference doctrine, and judicial notice under Federal Rule of Evidence 201.^[29] Both topics are discussed below.

         “Generally, district courts may not consider material outside the pleadings when assessing the sufficiency of a complaint under Rule 12(b)(6).”^[30] However, there are two exceptions to this rule: the incorporation-by-reference doctrine, and judicial notice under Federal Rule of Evidence 201.^[31] Judicial notice permits a court to notice adjudicative facts that are “not subject to reasonable dispute.”^[32] “A fact is ‘not subject to reasonable dispute' if it is ‘generally known,' or ‘can be accurately and readily determined from sources whose accuracy cannot reasonably be questioned.'”^[33] Thus, “‘[a] court may take judicial notice of matters of public record without converting a motion to dismiss into a motion for summary judgment.' But a court cannot take judicial notice of disputed facts contained in such public records.”^[34]

         Unlike judicial notice, “incorporation-by-reference is a judicially created doctrine that treats certain documents as though they are part of the complaint itself.”^[35] A defendant may incorporate a document into a complaint “if the plaintiff refers extensively to the document or the document forms the basis of the plaintiff's claim.”^[36] Unlike judicial notice, a court “may assume [an incorporated document's] contents are true for purposes of a motion to dismiss under Rule 12(b)(6).”^[37] However, “it is improper to assume the truth of an incorporated document if such assumptions only serve to dispute facts stated in a well-pleaded complaint.”^[38]

         DISCUSSION

         Mr. Matthews' TAAC alleges three counterclaims: a copyright infringement claim in violation of 17 U.S.C. § 101 et seq.; a claimed violation of 17 U.S.C. §§ 1201 and 1202; and a claim seeking injunctive relief on claims one and two.^[39] TD Ameritrade moves to dismiss each counterclaim for failure to state a claim pursuant to Federal Rule of Civil Procedure 12(b)(6).^[40]

         1. Digital Millennium Copyright Act

         Mr. Matthews' second counterclaim alleges violations under 17 U.S.C. §§ 1201 and 1202 of the Digital Millennium Copyright Act (“DMCA”).^[41] Section 1201(a) provides that “[n]o person shall circumvent a technological measure that effectively controls access to work protected under this title.” The Court's prior order stated that Mr. Matthews had “fail[ed] to specifically allege what technological measure(s), if any Mr. Matthews had on his hard drive at the time of the alleged cyber attack, ” and granted TD Ameritrade's motion to dismiss the § 1201 counterclaim in Mr. Matthews' SAAC on this basis.^[42] Mr. Matthews' TAAC maintains that Mr. Matthews had “protective devices . . . enabled[] in [his] hardware and software” when his routines were copied, including encryption and anti-virus and firewall software.^[43] The TAAC also enumerates specific technological measures that were allegedly protecting Mr. Matthews' hard drive at the time of the alleged hacking attack.^[44] These additions remedy the deficiency in Mr. Matthews' prior § 1201 counterclaim identified in the Court's prior order.

         2. The Plausibility of Mr. Matthews' Hacking Allegation

         TD Ameritrade does not contend that Mr. Matthews has failed to allege facts showing “circumvent[ion] [of] a technological measure” in violation of 17 U.S.C. § 1201(a).^[45] Instead, TD Ameritrade contends that Mr. Matthews' allegation that TD Ameritrade “perpetrated a cyber-attack” that destroyed his hard drive is implausible and conclusory.^[46] It further contends that Mr. Matthews' allegation of a cyber-attack would need to be plausible in order for each of his counterclaims to survive a Rule 12(b)(6) motion to dismiss.^[47] TD Ameritrade contends the counterclaims are implausible in three respects: First, it contends that Mr. Matthews' § 1201 claim requires him to allege that TD Ameritrade gained access to his software after bypassing a security feature, and that Mr. Matthews does not explain how TD Ameritrade “could have bypassed the newly alleged protective devices.”^[48] Second, with respect to Mr. Matthews' § 1202 claim, TD Ameritrade contends that TD Ameritrade would have needed access to Mr. Matthews' software in order to “remove Matthews' [copyright] notice” and “substitute[] their own copyright notice and date in the software” - and that the TAAC suggests that TD Ameritrade obtained that access by perpetrating the alleged cyber-attack.^[49] Third, TD Ameritrade notes that Mr. Matthews' copyright infringement claim would also require him to show that TD Ameritrade had “access to his work.”^[50]

         “To establish infringement, two elements must be proven: (1) ownership of a valid copyright, and (2) copying of constituent elements of the work that are original.”^[51] “Copying may be established by showing that the infringer had access to plaintiff's copyrighted work and that the works at issue are substantially similar in their protected elements.”^[52] “A party may establish access ‘either by demonstrating that (1) the infringed work has been widely disseminated, or (2) a particular chain of events exists by which the alleged infringer might have gained access to the copyrighted work.'”^[53]

         Mr. Matthews' TAAC does not allege facts demonstrating that his work was widely disseminated. However, it does allege facts plausibly showing “a particular chain of events by which [TD Ameritrade] might have gained access to the copyrighted work.” Mr. Matthews alleges that he “opened a . . . user modifiable TD Ameritrade investment account, in which the user could use the API to create a self-directed trading environment.”^[54] He further alleges that he created analytical tools “using the API” which he subsequently “tested.”^[55] And he alleges that TD Ameritrade ultimately cancelled his account.^[56] Accordingly, it is plausible that Mr. Matthews will be able to establish that TD Ameritrade might have gained “access” to copyrighted material as required to demonstrate copyright infringement. These same facts plausibly allege that TD Ameritrade had the opportunity to “remove Matthews' [copyright] notice” and “substitute[] their own copyright notice and date in the software.”^[57] Mr. Matthews' opening of an account with TD Ameritrade and use of the API to create analytical tools also support his § 1201 claim; it is plausible that during the interactions between Mr. Matthews and TD Ameritrade, TD Ameritrade gained access to Mr. Matthews' work in a manner that violated the statute. Finally, Mr. Matthews does not merely speculate that a cyber-attack may have occurred; rather, he specifies a date on which the alleged cyber-attack occurred, and provides information about the effects of the alleged hacking and TD Ameritrade's alleged use of materials obtained as a result of the hacking.^[58]

         TD Ameritrade contends that “district courts have granted motions to dismiss similar claims based on a failure to plead plausible facts relating to access.”^[59] The cases TD Ameritrade cites are distinguishable, however. In Schkeiban v. Cameron, the Central District of California granted a motion to dismiss a copyright infringement claim because “Plaintiff ha[d] pled no facts indicating that it was reasonably possible that defendants had access to the work but rather merely speculate[d] that it occurred without foundation.”^[60]Schkeiban did not involve allegations of hacking; rather, the court considered whether it was plausible that the defendant may have gained access to the materials in question through interactions with a third party, which has not been alleged here.^[61] In Feldman v. Twentieth Century Fox Film Corp., the Massachusetts district court granted a motion to dismiss a copyright infringement claim in part because “Plaintiff's theories of access involving computer hacking, eavesdropping, and her ex-boyfriend [were] essentially ‘speculation and conjecture, '” and were thus “insufficient to show that defendants had a reasonable opportunity of access.”^[62] The Feldman plaintiff did not contend that she had any direct interaction with the defendants; instead, she advanced “several theories” regarding how defendants may have obtained copies of her work.^[63] In contrast, Mr. Matthews alleges the existence of a business relationship between the parties in which he developed his works in conjunction with TD Ameritrade's thinkorswim API. Finally, Metabyte, Inc. v. NVIDIA Corp. involved an alleged violation of the Computer Fraud and Abuse Act (“CFAA”).^[64] Mr. Matthews has not alleged that TD Ameritrade violated the CFAA. Furthermore, the Metabyte court granted the defendants' motion to dismiss because the plaintiff's pleadings suggested that the defendants were authorized to access the information at issue at the times they did so.^[65] This reasoning has no bearing on Mr. Matthews' copyright infringement and § 1202 claims; additionally, the TAAC does not suggest that TD Ameritrade was authorized to access Mr. Matthews' computer when it allegedly circumvented technological measures in violation of § 1201.

         CONCLUSION

         Therefore, IT IS ORDERED that TD Ameritrade's Motion to Dismiss at Docket 100 is DENIED. TD Ameritrade shall file an answer responsive to the remaining claims within 14 days of the date of this order.^[66]

---------

Notes:

^[1] See Docket 62 (Order re Motion to Dismiss); Docket 97 (Order re Pending ...