Action Brought Under DMCA and CFAA Dismissed (Part I)

In LivePerson, Inc. v. 24/7 Customer Inc., 2015 U.S. Dist. LEXIS 3688, No. 1:2014cv01559 (Jan. 16, 2015), the Southern District of New York dismissed a complaint alleging copyright infringement, a violation of the Digital Millennium Copyright Act (DMCA), and the Computer Fraud and Abuse Act (CFAA) for failure of the pleadings under F.R.C.P. 12(b)(6). This case thus provides good guideposts for drafting sufficient pleadings alleging both DMCA and CFAA violations.  Here in Part I, we will discuss the copyright infringement and DMCA claims, while in Part II, we will discuss the CFAA claim.

Plaintiff LivePerson provides customers with live-interaction and customer engagement technology for e-commerce websites, allowing real-time interaction with customers. Defendant 24/7 is a customer service technology company that historically provided human call-center operators to answer phones in customers’ call centers. In 2006 and 2007, Plaintiff and Defendant entered into a license agreement, wherein Defendant received a license to “access, operate, and use” Plaintiff’s intellectual property. As Defendant has developed its own competing software, Plaintiff alleged that Defendant misappropriated their technology to sell as Defendant’s own; notably, the alleged conduct includes improperly accessing Plaintiff’s systems to allow Defendant’s software to mimic Plaintiff’s software.

A copyright infringement claim requires four allegations: (1) which specific original works are the subject of the claim; (2) Plaintiff’s ownership of the copyrights in the copyrights in those works; (3) proper registration of the copyrights; and (4) the specific acts and timing that Defendant infringed the copyright. The first three elements were adequately pled, but the Court held that Plaintiff had not adequately pled the crucial fourth element. While Plaintiff alleged that Defendant copied Plaintiff’s copyrighted code, Plaintiff gave no reference to the time that the alleged infringement took place. The First Amended Complaint (FAC) stated, at best, that the period of infringement was “between 2006 when the parties began their contractual relationship and May 2014 when [Plaintiff] filed the FAC.” LivePerson, 2015 U.S. Dist. LEXIS 3688 at *9. The court held that “the FAC does not specify time of infringement, nor can a period of infringement fairly be implied from the various allegations in the FAC.” Id. The FAC does allege that the contractual relationship started in 2006, but “this allegation does not place Defendant on notice that the alleged copyright infringement started then as well.” Id. In short, Plaintiff failed to clearly specify when the alleged infringement occurred, and “failure to plead a time period of infringement renders the claim inadequate.” Id. at *10-*11.

Plaintiff also alleged that Defendant violated the DMCA, notably that “no person shall circumvent a technological measure that effectively controls access to a work.” 17 U.S.C. § 1201(a) (2012). Plaintiff’s allegations were confusing at best and contradictory at worst. Plaintiff alleged that Defendant already had access to the back-end system pursuant to their licensing agreement, and that Defendant misused this access to reverse engineer Plaintiff’s software. But Plaintiff also alleged that Defendant improperly used its knowledge of Plaintiff’s software to mimic Plaintiff, gaining unauthorized access to Plaintiff’s secure internal computer system, installing spyware and introducing code to degrade Plaintiff’s software. While reverse engineering software to bypass a security measure is a circumvention, Plaintiff here alleged that the reverse engineering occurred after the alleged breach into Plaintiff’s systems; the court thus held that the reverse engineering allegations were not a “circumvention” under the DMCA. Furthermore, Plaintiff never actually alleged what technological measure Defendants supposedly circumvented. The FAC merely stated that Defendant “circumvented [Plaintiff’s] security measures” without specifying what those measures were. LivePerson at *15. Because the technological measures were not specified, the FAC was insufficient to give notice to Defendant, and the DMCA claim was dismissed as inadequately pled.

In short, DMCA claims require a relatively high degree of specificity.  In Part II, we will discuss the CFAA claim and the Second Circuit’s new approach to analyzing CFAA claims.