eLaws | Code of Federal Regulations | United States Code |
 All Courts
 Federal Courts
 US Federal District Court Cases
 District Court, D. Nevada
 2024-06

Boxabl Inc. v. Garman ( 2024 )


Menu:
  • 1 2 3 UNITED STATES DISTRICT COURT 4 DISTRICT OF NEVADA 5 * * * 6 BOXABL INC., Case No. 2:23-cv-01213-RFB-NJK 7 Plaintiff, ORDER 8 v. 9 JONATHAN GARMAN, 10 Defendant. 11 12 Before the Court is Defendant Jonathan Garman’s Motion to Dismiss (ECF No. 46). For 13 the reasons explained below, the motion is granted. 14 On July 3, 2023, Plaintiff Boxabl Inc. filed the Complaint in the Eighth Judicial District 15 Court of Nevada. ECF No. 1. The Complaint raised four claims: (1) Nevada Breach of Contract; 16 (2) Violation of the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030; (3) Violation 17 of the Defend Trade Secrets Act (“DTSA”), 18 U.S.C. § 1831; and (4) Demand for Injunctive 18 Relief. On August 2, 2023, Defendant Jonathan Garman filed a Petition for Removal in this 19 Court. Id. On August 9, 2023, Garman filed a Motion to Dismiss. ECF No. 6. On September 1, 20 2023, Garman filed a second Motion to Dismiss, raising an anti-SLAPP argument. ECF No. 11. 21 Both motions were fully briefed. ECF Nos. 18, 26, 27, 35. On February 23, 2024, the Court held 22 a hearing on both Motions to Dismiss and issued a ruling from the bench. ECF No. 42. 23 The Court denied Garman’s Anti-SLAPP motion. Id. However, the Court granted-in-part 24 the remaining Motion to Dismiss and dismissed Boxabl’s CFAA, DTSA, and Injunctive Relief 25 claims. Id. The Court granted Boxabl leave to file a First Amended Complaint (“FAC”) 26 including the surviving Breach of Contract claim and an amended CFAA claim. Id. The Court 27 further granted Garman leave to move to dismiss the renewed CFAA claim. Id. The Court 28 retained supplemental jurisdiction over the Breach of Contract Claim. Id. 1 On February 23, 2024, Boxabl filed a FAC raising two claims: (1) Nevada Breach of 2 Contract and (2) Violation of the CFFA. ECF No. 43. On March 1, 2024, Garman filed a Motion 3 to Dismiss the amended CFFA claim. ECF No. 46. The Motion to Dismiss was fully briefed. 4 ECF Nos. 47, 51. The Court’s Order follows. 5 An initial pleading must contain “a short and plain statement of the claim showing that 6 the pleader is entitled to relief.” Fed. R. Civ. P. 8(a). The court may dismiss a complaint for 7 “failure to state a claim upon which relief can be granted.” Fed. R. Civ. P. 12(b)(6). In ruling on 8 a motion to dismiss, “[a]ll well-pleaded allegations of material fact in the complaint are accepted 9 as true and are construed in the light most favorable to the non-moving party.” Faulkner v. ADT 10 Sec. Services, Inc., 706 F.3d 1017, 1019 (9th Cir. 2013) (citations omitted). 11 To survive a motion to dismiss, a complaint need not contain “detailed factual 12 allegations,” but it must do more than assert “labels and conclusions” or “a formulaic recitation 13 of the elements of a cause of action . . . .” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (quoting 14 Bell Atlantic Corp. v. Twombly, 550 U.S. 544, 555 (2007)). In other words, a claim will not be 15 dismissed if it contains “sufficient factual matter, accepted as true, to state a claim to relief that is 16 plausible on its face,” meaning that the court can reasonably infer “that the defendant is liable for 17 the misconduct alleged.” Id. at 678 (internal quotation and citation omitted). The Ninth Circuit, 18 in elaborating on the pleading standard described in Twombly and Iqbal, has held that for a 19 complaint to survive dismissal, the plaintiff must allege non-conclusory facts that, together with 20 reasonable inferences from those facts, are “plausibly suggestive of a claim entitling the plaintiff 21 to relief.” Moss v. U.S. Secret Service, 572 F.3d 962, 969 (9th Cir. 2009). 22 Defendant Garman moves the Court to dismiss Boxabl’s CFAA claim as insufficiently 23 pleaded. The CFAA was enacted to enhance the government’s ability to prosecute computer 24 crimes. LVRC Holdings LLC v. Brekka, 581 F.3d 1127, 1131 (9th Cir. 2009). Under the CFAA, 25 it is a crime to “intentionally access a computer without authorization or exceed authorized 26 access and thereby obtain[]” “information from any protected computer,” 18 U.S.C. § 27 1030(a)(2)(C), or “knowingly and with intent to defraud, accesses a protected computer without 28 authorization, or exceeds authorized access, and by means of such conduct furthers the intended 1 fraud and obtains anything of value[,]” 18 U.S.C. § 1030(a)(4). A violation of either criminal 2 provision can trigger a private right of action where there are plausible allegations of damage or 3 loss of $5,000. 18 U.S.C. §§ 1030(c)(4)(A)(i)(I), (g). Boxabl bases its CFAA civil claim on the 4 theory that Garman violated either or both criminal provisions. 5 Garman argues that Boxabl has not pleaded two essential elements: (1) that Garman 6 lacked authorization or exceeded his authorized access and (2) that there was loss to one or more 7 persons during any one-year period aggregating at least $5,000 in value. See Brekka, 581 F.3d at 8 1132 (explaining both elements are essential to (a)(2) and (a)(4) claims). 9 Boxabl’s lack of or exceeding authorization theory is premised on its Confidentiality 10 Agreement. Boxabl alleges that Garman signed the Confidentiality Agreement on September 27, 11 2022, when he accepted his offer of employment from Boxabl to work as a Controller. The 12 Confidentiality Agreement1 reads in the relevant part that: 13 “(a) [D]uring your employment with Boxabl . . . you will . . . use the Confidential 14 Information and Trade Secrets solely for the purpose of performing your duties of employment . . . . You are not permitted to access any Boxabl information, 15 including but not limited to Confidential Information and Trade Secrets, unless you have been authorized and directed to access such information by Boxabl, or 16 you have a direct business need to access such information in furtherance of your 17 job duties. . . .” 18 “(b) You shall be permitted to disclose Confidential Information or Trade Secrets to the extent, but only to the extent, (A) Boxabl provides its express prior written 19 consent to such disclosure, (B) necessary to perform the duties of your employment; or (C) required by law[.]” 20 21 Boxabl alleges that Garman’s employment with Boxabl ended on or about March 10, 2023, and, 22 23 1 Ordinarily, a 12(b)(6) motion confines the court to the four corners of the complaint, Lee v. City of Los Angeles, 250 F.3d 668, 688 (9th Cir. 2001), overruled on other grounds by 24 Galbraith v. Cty. of Santa Clara, 307 F.3d 1119, 1125-26 (9th Cir. 2002). One exception to this rule, is that the Court may consider extrinsic evidence “which is properly submitted as part of the 25 complaint” without converting a motion to dismiss into a motion for summary judgement. Branch v. Tunnell, 14 F.3d 449, 453 (9th Cir. 1994). The Confidentiality Agreement is attached 26 to the Amended Complaint and there is no question of its authenticity. See ECF No. 43-1. Therefore, the Court considers the Confidentiality Agreement as part of the pleadings for 27 purposes of this Motion to Dismiss. See also Durning v. First Boston Corp., 815 F.2d 1265, 1267 (9th Cir. 1987) (“If a complaint is accompanied by attached documents . . . [t]hese documents are 28 part of the complaint and may be considered in determining whether the plaintiff can prove any set of facts in support of the claim.”). 1 as part of that process, Garman signed a Separation Agreement agreeing that he had not 2 previously violated the Confidentiality Agreement and would continue to abide by the 3 Confidentiality Agreement. Boxabl alleges that prior to and since Garman leaving Boxabl, he 4 accessed and disclosed information that he was not authorized to access or disclose under the 5 Confidentiality Agreement. Boxabl provides no other allegations that Garman’s authorization 6 was otherwise limited. 7 Garman argues that he was given access to Boxabl’s computer system as part of his scope 8 of employment and, by being given access to its computer system, Boxabl authorized and 9 directed Garman to use the computer system under the terms of the Confidentiality Agreement. 10 Garman further argues that the FAC fails to identify the alleged confidential or sensitive 11 information beyond an allegation of “certain individual employee-level data and executive legal 12 data, which data was entirely irrelevant to Defendant’s prior scope of employment as a 13 Controller for Boxal.” Garman argues any such data would naturally fall into the scope of 14 employment of a Controller. Finally, Garman asserts that there is no allegation that he “hacked 15 or trespassed” into any system or filed or violated any computer policy or procedure. 16 Under the CFAA authorization means “permission or power granted by an authority.” 17 Brekka, 581 F.3d at 135. CFAA authorization can be based on either lacking authorization or 18 exceeding authorization. The Ninth Circuit has explained the distinction: “a person who 19 intentionally accesses a computer without authorization accesses a computer without any 20 permission at all, while a person who exceeds authorized access, has permission to access the 21 computer, but accesses information on the computer that the person is not entitled to access.” Id. 22 at 1133 (cleaned up). Because there is no dispute that Garman, at the relevant times, had some 23 authorization to use Boxabl’s computer system, the Court focuses its analysis on whether he 24 exceeded his authorization. 25 The CFAA itself defines “exceeds authorized access” as “to access a computer with 26 authorization and to use such access to obtain or alter information in the computer that the 27 accessor is not entitled so to obtain or alter.” 18 U.S.C. § 1030(e)(6). Because the CFAA is 28 primarily a criminal statute, the Ninth Circuit has held that the scope of civil liability under its 1 provisions is identical and still subject to resolving ambiguity concerning its ambit in favor of 2 lenity. Brekka, 581 F.3d at 1134. Following Brekka, the Ninth Circuit again interpreted the 3 meaning of “exceeds authorized access” in United States v. Nosal. 676 F.3d 854 (9th Cir. 2012). 4 In that case, the United States suggested that the language encompassed somebody with 5 unrestricted physical access to a computer but is limited in the use to which they can put the 6 information, for example “an employee may be authorized to access customer lists in order to do 7 his job but not send them to a computer.” Id. at 857. The Ninth Circuit rejected this definition. 8 Id. To do so would “transform the CFAA from an anti-hacking statute into an expansive 9 misappropriation statute,” id., and “make criminals of large groups of people who would have 10 little reasons to suspect they are committing a federal crime[,]” id. at 859. Rather, properly 11 understood, “‘[w]ithout authorization’ [applies] to outside hackers (individuals who have no 12 authorized access to the computer at all) and ‘exceeds authorized access’ [applies] to inside 13 hackers (individuals whose initial access to a computer is authorized but who access 14 unauthorized information or files).” Id. Subsequently, the Ninth Circuit has explained courts 15 should “look to whether the conduct at issue is analogous to ‘breaking and entering.” hiQ Labs, 16 Inc. v. LinkedIn Corp., 31 F.4th 1180, 1197 (9th Cir. 2022). 17 The Court finds that Boxabl’s bare allegations that Garman exceeded the Confidentiality 18 Agreement is insufficient to establish that he exceeded access within the meaning of the CFAA. 19 Rather, Boxabl’s claim sounds in contract. Id. (“[W]e rejected the contract-based interpretation 20 of the CFAA’s ‘without authorization’ provision adopted by some of our sister circuits.”); Nosal, 21 676 F.3d at 862 (“We remain unpersuaded . . . that interpretation of the CFAA broadly to cover 22 violations of a confidentiality agreement or other contractual restrain could give rise to a claim 23 for unauthorized access under the CFFA.”). To find otherwise in this case would “transform the 24 CFAA from an anti-hacking statute into an expansive misappropriation statute. Id. 25 Because the Court finds that Boxabl has failed to plead an essential element, it need not 26 consider whether Boxabl sufficiently pleaded that there was loss to one or more persons during 27 any one-year period aggregating at least $5,000 in value. 28 /// ] For the foregoing reasons, IT IS ORDERED that Defendant Jonathan Garman’s Motion 2| to Dismiss (ECF No. 46) is GRANTED. Plaintiff Boxabl Inc.’s Second Claim for Relief for 3 | Violation of the Computer Fraud and Abuse is DISMISSED without leave to amend. 4 5 | DATED: June 21, 2024. AS” 7 g RICHARD F. BOULWARE, II UNITED STATES DISTRICT JUDGE 9 10 1] 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 -6-
Leave a Comment

Document Info

Docket Number: 2:23-cv-01213

Filed Date: 6/21/2024

Precedential Status: Precedential

Modified Date: 11/2/2024