United States District Court, D. Alaska
TD AMERITRADE, INC., TD AMERITRADE HOLDING CORPORATION, INC., TD AMERITRADE IP COMPANY, INC., and TD AMERITRADE SERVICES COMPANY, INC., Plaintiffs,
v.
JAMES RICHARD MATTHEWS, Defendant.
ORDER RE MOTION TO DISMISS
SHARON
L. GLEASON UNITED STATES DISTRICT JUDGE.
Before
the Court at Docket 100 is Plaintiffs' (collectively,
“TD Ameritrade”) Motion to Dismiss
Defendant's Third Amended Counterclaims. Defendant James
Matthews filed an opposition to the motion at Docket 103 and
TD Ameritrade filed a reply at Docket 106. Oral argument was
not requested and was not necessary to the Court's
decision. For the reasons set forth below, the Motion to
Dismiss will be denied.
BACKGROUND
This is
TD Ameritrade's third motion to dismiss. The underlying
facts of this case are set forth in the Court's orders on
TD Ameritrade's first and second motions to dismiss; they
are not repeated here.[1] The pertinent facts as alleged in Mr.
Matthews' Third Amended Answer and Counterclaims
(“TAAC”) are briefly summarized as follows:
In
early 2012, Mr. Matthews became aware of TD Ameritrade's
thinkorswim applications program interface
(“API”).[2] On or about April 11, 2012, Mr. Matthews
opened a live, unfunded, user-modifiable investment account
with TD Ameritrade.[3] This allowed him access to TD
Ameritrade's thinkorswim API, which enabled him to create
a self-directed trading environment.[4] Mr. Matthews alleges he
created analytical tools using the API, as expressly
permitted by thinkorswim.[5] He alleges users such as him were
encouraged to practice with the API and were encouraged to
devise their own software programs and modify software
routines that were not locked.[6] Mr. Matthews alleges that he has
never “claimed that any of the source code created by
him . . . was based upon a modification of any code or
software from any TD Ameritrade website or trading platform,
nor was it in any manner derived from any of TD
Ameritrade's software.”[7] Mr. Matthews obtained a
copyright registration for certain computer code effective
June 28, 2012.[8]
Attached
to the TAAC is an unsigned licensing agreement that Mr.
Matthews maintains he downloaded from TD Ameritrade's
website in March 2017; he asserts that it “is
substantially the same” as the one in effect in May
2012.[9] He alleges that he did not have any
agreement with TD Ameritrade that precluded him from filing
for copyright protection for software created by him
“in connection with the TD Ameritrade website and
software.”[10] He alleges that the primary purpose of
the Client Agreement he admits that he did have with TD
Ameritrade was to govern stock trading activity and that the
Court must determine “what, if any licensing agreement
existed between the parties” and then the Court
“must reconcile all such agreements - which cannot be
done as a matter of a pleading.”[11]
The
TAAC alleges that on May 27, 2012, TD Ameritrade perpetrated
a “cyber attack” against Mr. Matthews'
computer, destroying his hard drive controller.[12] The TAAC
further alleges that prior to destroying Mr. Matthews'
hardware, TD Ameritrade copied the routines that Matthews had
created.[13] Mr. Matthews maintains that he had
certain specified “protective devices . . . enabled[]
in [his] hardware and software” when his routines were
copied, including encryption and anti-virus and firewall
software.[14] He further maintains that “[a]ll
or most of the software stolen by thinkorswim had a copyright
notice imbedded by Matthews that clearly identified Matthews,
and his claim to copyright.”[15] Mr. Matthews alleges that
TD Ameritrade continues to use, provide, and permit others to
use Mr. Matthews' copyrighted code.[16]
On June
27, 2016, TD Ameritrade filed its Complaint, alleging causes
of action for declaratory judgment, cancellation and release
of claimed nonconsensual common law lien, and injunctive
relief.[17] On September 9, 2016, TD Ameritrade
filed a First Amended Complaint, alleging the same causes of
action as the original complaint.[18]
Mr.
Matthews filed an answer to the First Amended Complaint on
January 4, 2017. He asserted counterclaims and sought
injunctive relief for copyright infringement.[19] On March 20,
2017, Mr. Matthews filed a First Amended Answer to the First
Amended Complaint, which also included eight counterclaims:
three claims for copyright infringement; an alleged violation
to Alaska's Unfair Trade Practices Act; two claims for
breach of contract and breach of the implied covenant of good
faith and fair dealing; trespass on real property; and a
demand for accounting.[20] TD Ameritrade filed a Motion to
Dismiss Mr. Matthews' counterclaims.[21] On October
25, 2017, the Court granted TD Ameritrade's Motion to
Dismiss, allowing Mr. Matthews to file an amended answer with
counterclaims only as to the copyright infringement claims
and the breach of an unspecified contract and an associated
implied covenant of good faith and fair dealing
claim.[22] All other counterclaims were dismissed
with prejudice.[23]
On
November 29, 2017, Mr. Matthews filed a Second Amended Answer
and Counterclaims that alleged four counterclaims: a
copyright infringement claim in violation of 17 U.S.C. §
101 et seq.; a claimed violation of 17 U.S.C.
§§ 1201 and 1202; a claim seeking injunctive relief
on claims one and two; and a claim for breach of contract and
the implied covenant of good faith and fair
dealing.[24] TD Ameritrade again moved to dismiss
each counterclaim.[25] On July 16, 2018, this Court denied TD
Ameritrade's Motion to Dismiss as to Mr. Matthews'
counterclaims for copyright infringement under 17 U.S.C.
§ 101 et seq., violation of 17 U.S.C. §
1202, and injunctive relief related to those claims. This
Court granted TD Ameritrade's Motion to Dismiss as to Mr.
Matthews' counterclaims for violation of 17 U.S.C. §
1201 and injunctive relief related to that claim, but allowed
Mr. Matthews to file an amended answer as to these
counterclaims. His remaining counterclaim for breach of
contract and the implied covenant of good faith and fair
dealing was dismissed with prejudice.[26] On July 30,
2018, Mr. Matthews filed his TAAC, which now enumerates
specific technological measures protecting his hard drive at
the time of the alleged hacking attack.[27]
LEGAL
STANDARD
The
legal standard for a motion to dismiss under Rule 12(b)(6) is
set out in the Court's prior orders and is not fully
restated here.[28] However, the Ninth Circuit recently
addressed two topics relevant to TD Ameritrade's motion
to dismiss: the incorporation-by-reference doctrine, and
judicial notice under Federal Rule of Evidence
201.[29] Both topics are discussed below.
“Generally,
district courts may not consider material outside the
pleadings when assessing the sufficiency of a complaint under
Rule 12(b)(6).”[30] However, there are two exceptions to
this rule: the incorporation-by-reference doctrine, and
judicial notice under Federal Rule of Evidence
201.[31] Judicial notice permits a court to
notice adjudicative facts that are “not subject to
reasonable dispute.”[32] “A fact is ‘not
subject to reasonable dispute' if it is ‘generally
known,' or ‘can be accurately and readily
determined from sources whose accuracy cannot reasonably be
questioned.'”[33] Thus, “‘[a] court may
take judicial notice of matters of public record without
converting a motion to dismiss into a motion for summary
judgment.' But a court cannot take judicial notice of
disputed facts contained in such public
records.”[34]
Unlike
judicial notice, “incorporation-by-reference is a
judicially created doctrine that treats certain documents as
though they are part of the complaint
itself.”[35] A defendant may incorporate a document
into a complaint “if the plaintiff refers extensively
to the document or the document forms the basis of the
plaintiff's claim.”[36] Unlike judicial notice, a
court “may assume [an incorporated document's]
contents are true for purposes of a motion to dismiss under
Rule 12(b)(6).”[37] However, “it is improper to
assume the truth of an incorporated document if such
assumptions only serve to dispute facts stated in a
well-pleaded complaint.”[38]
DISCUSSION
Mr.
Matthews' TAAC alleges three counterclaims: a copyright
infringement claim in violation of 17 U.S.C. § 101
et seq.; a claimed violation of 17 U.S.C.
§§ 1201 and 1202; and a claim seeking injunctive
relief on claims one and two.[39] TD Ameritrade moves to dismiss
each counterclaim for failure to state a claim pursuant to
Federal Rule of Civil Procedure 12(b)(6).[40]
1.
Digital Millennium Copyright Act
Mr.
Matthews' second counterclaim alleges violations under 17
U.S.C. §§ 1201 and 1202 of the Digital Millennium
Copyright Act (“DMCA”).[41] Section 1201(a) provides
that “[n]o person shall circumvent a technological
measure that effectively controls access to work protected
under this title.” The Court's prior order stated
that Mr. Matthews had “fail[ed] to specifically allege
what technological measure(s), if any Mr. Matthews had on his
hard drive at the time of the alleged cyber attack, ”
and granted TD Ameritrade's motion to dismiss the §
1201 counterclaim in Mr. Matthews' SAAC on this
basis.[42] Mr. Matthews' TAAC maintains that
Mr. Matthews had “protective devices . . . enabled[] in
[his] hardware and software” when his routines were
copied, including encryption and anti-virus and firewall
software.[43] The TAAC also enumerates specific
technological measures that were allegedly protecting Mr.
Matthews' hard drive at the time of the alleged hacking
attack.[44] These additions remedy the deficiency in
Mr. Matthews' prior § 1201 counterclaim identified
in the Court's prior order.
2.
The Plausibility of Mr. Matthews' Hacking
Allegation
TD
Ameritrade does not contend that Mr. Matthews has failed to
allege facts showing “circumvent[ion] [of] a
technological measure” in violation of 17 U.S.C. §
1201(a).[45] Instead, TD Ameritrade contends that Mr.
Matthews' allegation that TD Ameritrade
“perpetrated a cyber-attack” that destroyed his
hard drive is implausible and conclusory.[46] It further
contends that Mr. Matthews' allegation of a cyber-attack
would need to be plausible in order for each of his
counterclaims to survive a Rule 12(b)(6) motion to
dismiss.[47] TD Ameritrade contends the counterclaims
are implausible in three respects: First, it contends that
Mr. Matthews' § 1201 claim requires him to allege
that TD Ameritrade gained access to his software after
bypassing a security feature, and that Mr. Matthews does not
explain how TD Ameritrade “could have bypassed the
newly alleged protective devices.”[48] Second, with
respect to Mr. Matthews' § 1202 claim, TD Ameritrade
contends that TD Ameritrade would have needed access to Mr.
Matthews' software in order to “remove
Matthews' [copyright] notice” and
“substitute[] their own copyright notice and date in
the software” - and that the TAAC suggests that TD
Ameritrade obtained that access by perpetrating the alleged
cyber-attack.[49] Third, TD Ameritrade notes that Mr.
Matthews' copyright infringement claim would also require
him to show that TD Ameritrade had “access to his
work.”[50]
“To
establish infringement, two elements must be proven: (1)
ownership of a valid copyright, and (2) copying of
constituent elements of the work that are
original.”[51] “Copying may be established by
showing that the infringer had access to plaintiff's
copyrighted work and that the works at issue are
substantially similar in their protected
elements.”[52] “A party may establish access
‘either by demonstrating that (1) the infringed work
has been widely disseminated, or (2) a particular chain of
events exists by which the alleged infringer might have
gained access to the copyrighted
work.'”[53]
Mr.
Matthews' TAAC does not allege facts demonstrating that
his work was widely disseminated. However, it does allege
facts plausibly showing “a particular chain of events
by which [TD Ameritrade] might have gained access to the
copyrighted work.” Mr. Matthews alleges that he
“opened a . . . user modifiable TD Ameritrade
investment account, in which the user could use the API to
create a self-directed trading
environment.”[54] He further alleges that he created
analytical tools “using the API” which he
subsequently “tested.”[55] And he alleges that TD
Ameritrade ultimately cancelled his account.[56] Accordingly,
it is plausible that Mr. Matthews will be able to establish
that TD Ameritrade might have gained “access” to
copyrighted material as required to demonstrate copyright
infringement. These same facts plausibly allege that TD
Ameritrade had the opportunity to “remove Matthews'
[copyright] notice” and “substitute[] their own
copyright notice and date in the
software.”[57] Mr. Matthews' opening of an account
with TD Ameritrade and use of the API to create analytical
tools also support his § 1201 claim; it is plausible
that during the interactions between Mr. Matthews and TD
Ameritrade, TD Ameritrade gained access to Mr. Matthews'
work in a manner that violated the statute. Finally, Mr.
Matthews does not merely speculate that a cyber-attack may
have occurred; rather, he specifies a date on which the
alleged cyber-attack occurred, and provides information about
the effects of the alleged hacking and TD Ameritrade's
alleged use of materials obtained as a result of the
hacking.[58]
TD
Ameritrade contends that “district courts have granted
motions to dismiss similar claims based on a failure to plead
plausible facts relating to access.”[59] The cases TD
Ameritrade cites are distinguishable, however. In
Schkeiban v. Cameron, the Central District of
California granted a motion to dismiss a copyright
infringement claim because “Plaintiff ha[d] pled no
facts indicating that it was reasonably possible that
defendants had access to the work but rather merely
speculate[d] that it occurred without
foundation.”[60]Schkeiban did not involve
allegations of hacking; rather, the court considered whether
it was plausible that the defendant may have gained access to
the materials in question through interactions with a third
party, which has not been alleged here.[61] In
Feldman v. Twentieth Century Fox Film Corp., the
Massachusetts district court granted a motion to dismiss a
copyright infringement claim in part because
“Plaintiff's theories of access involving computer
hacking, eavesdropping, and her ex-boyfriend [were]
essentially ‘speculation and conjecture, '”
and were thus “insufficient to show that defendants had
a reasonable opportunity of access.”[62] The
Feldman plaintiff did not contend that she had any
direct interaction with the defendants; instead, she advanced
“several theories” regarding how defendants may
have obtained copies of her work.[63] In contrast, Mr. Matthews
alleges the existence of a business relationship between the
parties in which he developed his works in conjunction with
TD Ameritrade's thinkorswim API. Finally, Metabyte,
Inc. v. NVIDIA Corp. involved an alleged violation of
the Computer Fraud and Abuse Act
(“CFAA”).[64] Mr. Matthews has not alleged that TD
Ameritrade violated the CFAA. Furthermore, the
Metabyte court granted the defendants' motion to
dismiss because the plaintiff's pleadings suggested that
the defendants were authorized to access the information at
issue at the times they did so.[65] This reasoning has no
bearing on Mr. Matthews' copyright infringement and
§ 1202 claims; additionally, the TAAC does not suggest
that TD Ameritrade was authorized to access Mr. Matthews'
computer when it allegedly circumvented technological
measures in violation of § 1201.
CONCLUSION
Therefore,
IT IS ORDERED that TD Ameritrade's Motion to Dismiss at
Docket 100 is DENIED. TD Ameritrade shall file an answer
responsive to the remaining claims within 14 days of the date
of this order.[66]
---------
Notes:
[1]
See Docket 62 (Order re
Motion to Dismiss); Docket 97 (Order re Pending
...