Opinion
No. CV-19-04849-PHX-GMS
07-24-2020
CDK Global LLC, et al., Plaintiffs, v. Mark Brnovich, et al., Defendants, and Arizona Automobile Dealers Association, Intervenor Defendant.
ORDER
Pending before the Court is Plaintiff CDK Global LLC, et al. ("Plaintiffs")' Motion for Preliminary Injunction. (Doc. 20.) The Motion is denied.
BACKGROUND
Plaintiffs develop, own, and operate proprietary computer systems known as dealer management systems ("DMSs") that process vast amounts of data sourced from various parties. Automotive dealerships hold licenses to DMSs to help manage their business operations, including handling confidential consumer and proprietary data, processing transactions, and managing data communications between dealers, customers, car manufacturers, credit bureaus, and other third parties. Plaintiffs employ multiple technological measures—such as secure login credentials, CAPTCHA prompts, and comprehensive cybersecurity infrastructure, hardware, and software—to safeguard their DMSs from unauthorized access or breach. Historically, Plaintiffs permitted dealers to share their DMS login information with the dealers' chosen data integration provider or providers. (Doc. 44-1 at 12); Transcript of Preliminary Injunction Hearing June 2, 2020, Volume A at 75. However, more recently, Plaintiffs have contractually prohibited dealers from granting third parties access to their DMSs without Plaintiffs' authorization.
A CAPTCHA is a type of test used in computing to determine whether a user is human. For example, one form of CAPTCHA requires users to correctly enter a sequence of letters or numbers from a distorted image displayed on their screen.
"In 2005-2006, Reynolds announced its intention to block dealers from using the primary method of data access at that time." (Doc. 44-1 at 12.) "Q. And . . . you're aware that beginning in 2006 and 2007, Reynolds took a public position that dealers should not be able to provide their log-in credentials to third-party integrators to access the DMS; correct? A. Reynolds did, yes." Transcript of Preliminary Injunction Hearing June 2, 2020, Volume A at 75. "Up until 2015 - as demonstrated by the public statements made by CDK's leaders . . . - CDK permitted and publicly endorsed dealer-controlled and dealer-authorized access to dealer data. I understand that CDK changed its position in 2015 and 2016 and joined Reynolds in using technological methods to block dealer-authorized and dealer-controlled access to dealer data." (Doc. 44-1 at 12.) "Q. . . . At what point did CDK begin restricting the ability of data integrators . . . to pull data from its DMS? A. . . . I learned [about] it . . . in 2015." Transcript of Preliminary Injunction Hearing June 3, 2020, Volume B at 47.
In March 2019, the Arizona Legislature passed the Dealer Data Security Law ("the Dealer Law"), A.R.S. §§ 28-4651-28-4655. The Dealer Law went into effect on August 27, 2019. The Dealer Law regulates the relationship between DMS licensers like Plaintiffs and the dealerships they service as it relates to what the statute defines as "dealer protected data." Under the Dealer Law, DMS providers may no longer "[p]rohibit[] a third party [that has been authorized by the Dealer and] that has satisfied or is compliant with . . . current, applicable security standards published by the standards for technology in automotive retail [(STAR standards)] . . . from integrating into the dealer's dealer data system or plac[e] an unreasonable restriction on integration . . . ." A.R.S. §§ 28-4653(A)(3)(b), 28-4651(9). The Dealer Law also requires that DMS providers "[a]dopt and make available a standardized framework for the exchange, integration and sharing of data from [a DMS]" that is compatible with STAR standards and that they "[p]rovide access to open application programming interfaces to authorized integrators." A.R.S. § 28-4654(A). Finally, a DMS provider may only use data to the extent permitted in the DMS provider's agreement with the dealer, must permit dealer termination of such agreement, and "must work to ensure a secure transition of all protected dealer data to a successor dealer data vendor or authorized integrator" upon termination. A.R.S. §§ 28-4654(B)(1)-(3).
However, Defendants stipulated on September 4, 2019 that they would "take no action to enforce Arizona House Bill 2418 (2019) for the pendency of Plaintiffs' Motion for Preliminary Injunction in this Court." (Doc. 28 at 2.)
At the preliminary injunction hearing on June 2 and 3, 2020, Defendants agreed that "there is no argument by the State that the 90-day termination provision applies to existing contracts." Transcript of Preliminary Injunction Hearing June 3, 2020, Volume B at 112.
On July 29, 2019, Plaintiffs filed the underlying complaint against Mark Brnovich, Attorney General of the State of Arizona, and John S. Halikowski, Director of the Arizona Department of Transportation, seeking declaratory and injunctive relief from the Dealer Law. This Motion for a Preliminary Injunction followed on August 23, 2019. On September 5, 2019, the Arizona Automobile Dealers Association (AADA) (collectively with Defendant Brnovich, "Defendants") filed a Motion to Intervene which was granted on September 12, 2019.
Pursuant to a motion to dismiss for lack of jurisdiction, all claims against Defendant Halikowski were dismissed on April 2, 2020.
DISCUSSION
I. Standard of Review
A preliminary injunction is "an extraordinary and drastic remedy, one that should not be granted unless the movant, by a clear showing, carries the burden of persuasion." Lopez v. Brewer, 680 F.3d 1068, 1072 (9th Cir. 2012). A plaintiff seeking a preliminary injunction must show that (1) it is likely to succeed on the merits; (2) it is likely to suffer irreparable harm without an injunction; (3) the balance of equities tips in its favor; and (4) an injunction is in the public interest. Winter v. Natural Res. Def. Council, Inc., 555 U.S. 7, 20 (2008).
II. Analysis
A. Likelihood of Success on the Merits
Likelihood of success on the merits is "the most important" of the four Winter factors. Garcia v. Google, Inc., 786 F.3d 733, 740 (9th Cir. 2015). Because it is a "threshold inquiry," when a plaintiff has failed to show the likelihood of success on the merits, courts need not consider the remaining factors. Id. Plaintiffs argue that they have "at least a fair chance of prevailing on the merits," Republic of the Philippines v. Marcos, 862 F.2d 1355, 1362 (9th Cir. 1988), of three claims: preemption under the Copyright Act and violations of their constitutional rights under the Contracts and Takings Clauses.
Plaintiffs alleged ten claims in their complaint—five preemption claims and five constitutional violation claims. Seven of those claims were dismissed pursuant to a motion to dismiss. (Doc. 91.)
1. Copyright Act
The Copyright Act affords copyright protection, including the "exclusive right[]" to "reproduce," "distribute copies" of, and "prepare derivative works based upon" the owner's "copyrighted work," 17 U.S.C. § 106(1)-(3), to "original works of authorship fixed in any tangible medium of expression," 17 U.S.C. § 102(a). Plaintiffs assert that their DMSs are protected under the Copyright Act because they include copyrightable elements, such as "source and object code; distinctive screen layouts; graphical content; text; arrangement, organization, and display of information; and the dynamic user experience." (Doc. 20 at 17.) At the preliminary injunction hearing, Plaintiffs more explicitly described the "three categor[ies] of works at issue here. Number one would be our DMS software; number two would be the actual API specifications; and number three is the data compilations that we have put together." Transcript of Preliminary Injunction Hearing 6/3, Volume B at 102.
Under the Dealer Law, DMS providers like Plaintiffs may not prohibit other parties that have "satisfied or [are] compliant with the star standards or other generally accepted standards that are at least as comprehensive as the star standards and that the dealer has identified as one of its authorized integrators from integrating into the dealer's dealer data system." A.R.S. § 28-4653. Additionally, DMS providers must "[p]rovide access to open application programming interfaces [or similar open access integration methods] to authorized integrators." A.R.S. § 28-4654. Citing A.R.S. § 28-4653.A.3 only, Plaintiffs assert that the Dealer Law is preempted by the Copyright Act because "each time an integrator accesses Plaintiffs' copyrighted software programs without Plaintiffs' consent, an unauthorized copy of the software is loaded into the memory of the integrator's computer," (Doc. 20 at 17), and a copy is made within Plaintiffs' own systems, Transcript of Preliminary Injunction Hearing June 3, 2020, Volume B at 104. Plaintiffs also argue that "automated access" provided by application programming interfaces (APIs) "results in the unauthorized use and copying of Plaintiffs' copyrighted DMS software." (Doc. 51 at 14.) Finally, Plaintiffs assert that the Dealer Law violates the Copyright Act because "Plaintiffs' DMSs . . . include . . . distinctive screen layouts; graphical content; text; arrangement, organization, and display of information; and the dynamic user experience." (Doc. 20 at 17.)
A. A third party may not . . . [t]ake any action by contract, technical means or otherwise to prohibit or limit a dealer's ability to protect, store, copy, share or use protected dealer data, including all of the following:
(a) Imposing any fee or other restriction on the dealer or an authorized integrator for accessing or sharing protected dealer data or for writing data to a dealer data system, including any fee on a dealer that chooses to submit or push data or information to the third party as prescribed in § 28-4652. A third party must disclose a charge to the dealer and justify the charge by documentary evidence of the costs associated with access or the charge will be deemed to be a fee pursuant to this subdivision.
(b) Prohibiting a third party that has satisfied or is compliant with the star standards or other generally accepted standards that are at least as comprehensive as the star standards and that the dealer has identified as one of its authorized integrators from integrating into the dealer's dealer data system or placing an unreasonable restriction on integration by an authorized integrator or other third party that the dealer wishes to be an authorized integrator. For the purposes of this subdivision, "unreasonable restriction" includes:
(i) An unreasonable limitation or condition on the scope or nature of the data that is shared with an authorized integrator.
(ii) An unreasonable limitation or condition on the ability of the authorized integrator to write data to a dealer data system.
(iii) An unreasonable limitation or condition on a third party that accesses or shares protected dealer data or that writes data to a dealer data system.
(iv) Requiring unreasonable access to a third party's sensitive, competitive or other confidential business information as a condition for accessing protected dealer data or sharing protected dealer data with an authorized integrator.
(v) Prohibiting or limiting a dealer's ability to store, copy, securely share or use protected dealer data outside of the dealer data system in any manner and for any reason.
(vi) Allowing access to or accessing protected dealer data without prior express written consent.
Plaintiffs assert this in their briefing; however, their witness's testimony at the June 2, 2020 hearing does not sufficiently support this point:
Q. Mr. Hall, you testified in your deposition and you said in your declaration that vendors that send or receive data through the RCI program do not need to directly access the Reynolds DMS, correct?Transcript of Preliminary Injunction Hearing June 2, 2020, Volume B at 26.
A. They access it only through those defined APIs, the services that we provide.
Q. So the vendor never needs to actually access the DMS itself directly, correct?
A. They access the Reynolds Integration Hub, which provides that interface into the DMS. The Reynolds Integration Hub is part of the DMS.
Q. When a vendor sends or receives data through the RCI program, the vendor does not need to run any software on the Reynolds DMS, correct?
A. They do . . . .
Q. But the execution of that software is run by Reynolds on Reynolds' own servers, correct?
A. Generated, originated from that third-party provider's request.
Q. . . . [M]y question . . . is[] whether or not you know whether users in the RCI program have to copy Reynolds' actual source code in order to send requests through the API?Transcript of Preliminary Injunction Hearing June 2, 2020, Volume B at 29-30.
A. Not source code.
Q. Okay.
. . .
Q. And when a vendor requested to write back data through the RCI program, it is Reynolds' software, not the vendor's software, that performs the function of actually updating the data on the DMS, correct?
A. This is somewhere to your earlier question, they make the request that causes our software to be executed. We write that software, but it would not be executed without their request.
On a facial preemption challenge, a plaintiff must show that "no set of circumstances exists under which the Act would be valid." United States v. Salerno, 481 U.S. 739, 746 (1987). However, the proper inquiry is not simply "whether state and local law enforcement officials can apply the statute in a constitutional way," because "there can be no constitutional application of a statute that, on its face, conflicts with Congressional intent and therefore is preempted by the Supremacy Clause." United States v. Arizona, 641 F.3d 339, 345-46 (9th Cir. 2011), aff'd in part, rev'd in part and remanded, 567 U.S. 387 (2012). Nevertheless, "courts should assume that 'the historic police powers of the States' are not superseded 'unless that was the clear and manifest purpose of Congress.'" Id. at 400 (quoting Rice v. Santa Fe Elevator Corp., 331 U.S. 218, 230 (1947)). And, as this preemption challenge has been brought prior to enforcement and thus "without the benefit of a definitive interpretation [of the Dealer Law] from the state courts," the timing of this case "counsel[s] caution in evaluating [the Dealer Law's] validity" because "it would be inappropriate to assume [the Dealer Law] will be construed in a way that creates a conflict with federal law." Arizona, 567 U.S. at 415.
"Salerno's applicability in preemption cases is not entirely clear, however . . . . [w]ithout more direction, we have chosen to continue applying Salerno." Puente Arizona v. Arpaio, 821 F.3d 1098, 1104 (9th Cir. 2016).
Plaintiffs have not shown that this facial challenge has "at least a fair chance of prevailing on the merits." Marcos, 862 F.2d at 1362. The Dealer Law does not, on its face, conflict with the Copyright Act. Nor must § 28-4653.A.3 be construed in a way that will conflict with Plaintiffs' rights under the Copyright Act, especially when interpreted in context with the rest of the statute. The definition of "authorized integrator" under the Dealer Law is a third party "with whom a dealer enters into a contractual relationship to perform a specific function for a dealer that allows the third party to access protected dealer data or to write data to a dealer data system, or both, to carry out the specified function." A.R.S. § 28-4651. This definition affords the reasonable interpretation that the statutory prohibition on DMS providers preventing third parties from "integrating into the dealer's dealer data system," A.R.S. § 28-4653, could be satisfied by allowing third parties to access an API as mandated by § 28-4654. As Defendants' expert Allan Andreu testified, APIs allow DMS providers "to control which data elements are transmitted and shared with third parties"; APIs do not "put a[] [DMS provider's] intellectual property at risk of being accessed or copied" because they "do[] not copy software from [the DMS provider's] DMS at all." (Doc. 44-5 at 3.) Using an API means the Dealer Law can be satisfied without "exposure of the [DMS providers'] . . . copyrighted code" or "direct[] access" to DMSs by third parties (Doc. 43-1 at 5); according to Plaintiffs' experts, users do not "have to copy [Plaintiffs'] actual source code in order to send requests through the API," nor does an "open API mandate . . . an open data set," Transcript of Preliminary Injunction Hearing June 3, 2020, Volume A at 83, 20. "[T]he reason, the rationale of an API, is that requesters can ask for things to be done without knowing how the responding system accomplishes it." Transcript of Preliminary Injunction Hearing June 2, 2020, Volume B at 29.
Oracle America, Inc. v. Google Inc., 750 F.3d 1339 (Fed. Cir. 2014), is not to the contrary. The court in that case held that "the declaring code and the structure, sequence, and organization of the . . . API packages at issue are entitled to copyright protection." Id. at 1381. But unlike the defendant in Oracle, third party integrators under the Dealer Law would not necessarily be "cop[ying] the declaring source code from [DMS providers'] . . . API packages verbatim, inserting that code into parts of [their own] software," and "cop[ying DMS providers'] . . . elaborately organized taxonomy of all the names of methods, classes, interfaces, and packages." Id. at 1350-51. APIs can be structured such that API users are "[a]bsolutely, positively, not . . . able to obtain a copy of any of [the API provider's] source code or executable code." Transcript of Preliminary Injunction Hearing June 3, 2020, Volume B at 53. "[A]ll [requesters will] see is the data that they asked for that they were permitted to get. We don't share with them our source code." Id. at 54. Moreover, the Dealer Law need not be construed in a way that violates Plaintiffs' "IP rights" to "the structure and organization of the very data that this law requires CDK and Reynolds to permit third-party access to." Transcript of Preliminary Injunction Hearing June 2, 2020, Volume A at 20-21. A.R.S. § 28-4653.A, the only portion of the Dealer Law Plaintiffs cite in their briefing, never mentions the "structure" or "organization" of Plaintiffs' data. Rather, it prohibits Plaintiffs from placing an "unreasonable limitation or condition" on the "scope or nature of the data that is shared with an authorized integrator," on "the ability of the authorized integrator to write data to a dealer data system," or "on a third party that accesses or shares protected dealer data or that writes data to a dealer data system." A.R.S. § 28-4653.A.3. Indeed, § 28-4654's requirement that dealer data vendors shall "[a]dopt and make available a standardized framework for the exchange, integration and sharing of data from dealer data systems with authorized integrators and the retrieval of data by authorized integrators" indicates that, to comply with the Dealer Law, Plaintiffs will not use their own organization and structure at all, but rather a "standardized" structure used by all dealer data vendors who want to do business in Arizona.
The Dealer Law is susceptible to an interpretation that would allow all parties to comply with the law without violating Plaintiffs' Copyright Act rights, and that is the interpretation that it must be given. See Arizona, 567 U.S. at 415 ("[I]t would be inappropriate to assume [the Dealer Law] will be construed in a way that creates a conflict with federal law."). Plaintiffs have therefore failed to establish that this claim is likely to succeed on the merits.
2. Contracts Clause
The Contracts Clause restricts the power of States to disrupt contractual arrangements, mandating that "[n]o state shall . . . pass any . . . Law impairing the Obligation of Contracts." U.S. Const., Art. I, § 10, cl. 1. However, not all laws affecting pre-existing contracts are unconstitutional under the Contracts Clause:
To determine when such a law crosses the constitutional line, this Court has long applied a two-step test. The threshold issue is whether the state law has "operated as a substantial impairment of a contractual relationship." Allied Structural Steel Co. [v. Spannaus, 438 U.S. 234, 244 (1978).] In answering that question, the Court has considered the extent to which the law undermines the contractual bargain, interferes with a party's reasonable expectations, and prevents the party from safeguarding or reinstating his rights. . . . If such factors show a substantial impairment, the inquiry turns to the means and ends of the legislation. In particular, the Court has asked whether the state law is drawn in an "appropriate" and "reasonable" way to advance "a significant and legitimate public purpose." Energy Reserves Group, Inc. v. Kansas Power & Light Co., 459 U.S. 400, 411-412 . . . (1983).Sveen v. Melin, 138 S. Ct. 1815, 1821-22 (2018). The test for substantial impairment examines "whether there is a contractual relationship, whether a change in law impairs that contractual relationship, and whether the impairment is substantial." LL Liquor, Inc. v. Montana, 912 F.3d 533, 537 (9th Cir. 2018).
The standard contract between Reynolds and its dealer customers prevents such customers from "disclos[ing] or otherwise permit[ting] any person, firm or entity [from] access[ing] . . . or us[ing] the Licensed Matter" that is the subject of the contract. (Doc. 35-4 at 21.) It also prevents dealers from assigning, transferring, or sublicensing their rights to the "Licensed Matter" under the contract. (Doc. 35-3 at 1.) CDK's Master Services Agreement requires that, except as otherwise permitted by CDK in writing, customers will use CDK's "Products and Services" only for their "own internal business purposes and will not sell or otherwise provide, directly or indirectly, any of the Products or Services, or any portion thereof, to any third party"; nor may customers "cause or permit any third party software to access the products and services except as otherwise permitted by this agreement." (Doc. 35-1 at 3.) Plaintiffs assert that the Dealer Law "eviscerates" these "contractual bargain[s]" because the statute "bars Plaintiffs from prohibiting a dealer-designated third party from 'integrating' into Plaintiffs' DMSs" and "nullifies Plaintiffs' contractual right to control, and charge proper fees for, access to their DMSs." (Doc. 20 at 23.) But as addressed in the Copyright Act analysis above, the Dealer Law permits the reasonable interpretation that it does not require direct access to Plaintiffs' DMSs, but rather access to an API as mandated by § 28-4654. Using an API means the Dealer Law can be satisfied without violating Plaintiffs' dealer contracts through "direct[] access" to DMSs by third parties. (Doc. 43-1 at 5.) See also FN 8, supra. Plaintiffs assert that third parties using APIs "still access Plaintiffs' systems, including the data stores and databases they house." (Doc. 51 at 13.) But as addressed in the Copyright Act analysis, A.R.S. § 28-4653.A, the only portion of the Dealer Law Plaintiffs cite in their briefing, never mentions the "structure" or "organization" of Plaintiffs' data. Rather, it prohibits Plaintiffs from placing an "unreasonable limitation or condition" on the "scope or nature of the data that is shared with an authorized integrator," on "the ability of the authorized integrator to write data to a dealer data system," or "on a third party that accesses or shares protected dealer data or that writes data to a dealer data system." A.R.S. § 28-4653.A.3. Indeed, § 28-4654's requirement that dealer data vendors shall "[a]dopt and make available a standardized framework for the exchange, integration and sharing of data from dealer data systems with authorized integrators and the retrieval of data by authorized integrators" indicates that, in order to comply with the Dealer Law, Plaintiffs will not use their own organization and structure, but rather a "standardized" structure used by all dealer data vendors who want to do business in Arizona. Plaintiffs make no ownership claim about most of the underlying information in their databases defined as "dealer protected data" to which the statute grants access. Nor will this Court assume that "dealer protected data" as defined in the statute must be interpreted to provide access to or use of information belonging to the DMS operator.
During their preliminary injunction hearing, Plaintiffs asserted that the Dealer Law "substantial[ly] impair[s] . . . our licensing agreements, both with respect to dealers and with respect to third parties . . ." Transcript of Preliminary Injunction Hearing June 3, 2020, Volume B at 93 (emphasis added). However, Plaintiffs did not allege an impairment of their contracts with third parties in their complaint or in any of their filings for their Motion for Preliminary Injunction. "Normally, arguments raised for the first time in a reply brief or at the hearing on a motion are disregarded" because such tactics "deprive [the other party] of an opportunity to support their arguments." Schultz v. Ichimoto, No. 1:08-CV-526-OwW-SMS, 2010 WL 3210764, at *1 (E.D. Cal. Aug. 10, 2010); see also United States v. Bohn, 956 F.2d 208, 209 (9th Cir. 1992) ("[W]e ordinarily decline to consider arguments raised for the first time in a reply brief."). The Court therefore declines to address this argument.
Plaintiffs also argue that the Dealer Law impairs their "ability to comply with their contractual data-security obligations" because of the "open access" it requires. (Doc. 20 at 19-20.) But the Dealer Law does not require Plaintiffs to eliminate or reduce security for their systems. Indeed, the Dealer Law allows a DMS provider to reject a third-party integrator if it is not "compliant with the star standards or other generally accepted standards that are at least as comprehensive as the star standards and that the dealer has identified as one of its authorized integrators." A.R.S. § 28-4653. Moreover, the statute explicitly provides that it "does not prevent a dealer, manufacturer or third party from discharging its obligations as a service provider or otherwise under federal, state or local law to protect and secure protected dealer data or to otherwise limit those responsibilities." Id. Under a reasonable interpretation of the Dealer Law, Plaintiffs could still fulfill their data-security obligations while complying with the statute's mandate to provide access to protected dealer data through an API or similar facility.
Even if the law "substantially impaired" Plaintiffs' contractual rights, Plaintiffs have not shown a likelihood of success on the merits of their Contracts Clause claim. Once a statute is found to substantially impair contracts, the next determination is whether the law is "drawn in an 'appropriate' and 'reasonable' way to advance 'a significant and legitimate public purpose.'" Sveen, 138 S. Ct. at 1822 (quoting Energy Reserves Group, Inc., 459 U.S. at 411-412). The standard of review is less stringent "in the context of impairment of a private agreement" than when "the State itself is a contracting party." S. California Gas Co., 336 F.3d at 894. Where, as here, the "party asserting the benefit of the statute" is not the state, "the objecting party" must "carry the burden" of "demonstrat[ing] that legitimate governmental interests do not justify the impairment." Seltzer v. Cochrane, 104 F.3d 234, 236 (9th Cir. 1996) (emphasis added). "[T]he severity of the impairment measures the height of the hurdle the state legislation must clear." Ross v. City of Berkeley, 655 F. Supp. 820, 832 (N.D. Cal. 1987).
During their preliminary injunction hearing (but not in their briefing), Plaintiffs asserted that demonstrating a significant and legitimate public purpose "[is] actually the State's burden of proof," Transcript of Preliminary Injunction Hearing June 3, 2020, Volume B at 94, citing Association of Equipment Manufacturers v. Burgum, 932 F.3d 727 (8th Cir. 2019). Association of Equipment Manufacturers, in which the Association of Equipment Manufacturers and four farm equipment manufacturers sought to enjoin a North Dakota law regulating relationships between manufacturers and farm equipment dealers, the Eighth Circuit stated that, "in evaluating the present North Dakota law governing contracts between manufacturers and dealers, the State 'bears the burden of proof in showing a significant and legitimate public purpose underlying the Act.'" 932 F.3d at 733 (quoting Equip. Mfrs. Inst. v. Janklow, 300 F.3d 842, 859 (8th Cir. 2002)). To the extent that this analysis conflicts with Seltzer's view that the burden of proof is on the objecting party rather than the state, the Court declines to follow Association of Equipment Manufacturers.
Defendants assert that the Dealer Law serves several legitimate purposes. Among them, they argue, is the protection of Arizona consumers from serious market problems caused by the potentially anti-competitive behavior of the Plaintiffs. Further, the law "serves a legitimate and significant public interest . . . related to legitimate areas of local concern—namely as a 'cybersecurity measure to protect consumers'" and by "placing limits on Plaintiffs' ability to abuse their market position to monetize the private data of unwitting consumers." (Doc. 43 at 14.) "[W]hether the legislation is wise or unwise as a matter of policy is a question with which we are not concerned." Ross, 655 F. Supp. at 832 (quoting Home Bldg. & Loan Ass'n v. Blaisdell, 290 U.S. 398, 447-448 (1934)). "The legislation upheld in Blaisdell responded to a wave of foreclosures dispossessing citizens of their homes during the Depression; the legislation upheld in Energy Reserves and Eagerton protected consumers from escalating prices of oil and gas; and the legislation found valid by the Third Circuit in Troy, Ltd. v. Renna . . . extended the residential leases of elderly citizens . . ." Ross, 655 F. Supp. at 832. But even if the public purpose of the Dealer Law is "vastly less compelling" than these public purposes, "in light of the deference with which this court must scrutinize the legislation in question and its obligation to refrain from evaluating the wisdom of the enactment as a matter of policy," the Dealer Law does not "sufficiently exceed[] the [State's] police power that it facially fails to justify the enactment's impairment of contract." Id. (in which the ordinance at issue was motivated by the city's "desire to preserve the ambience and character of the Telegraph Avenue shopping district").
Plaintiffs argue that even if the Dealer Law fulfills plausible public purposes, the statute is not drawn in a "reasonable and necessary" way because it "compels DMS providers to give third parties no-fee, unfettered access to their systems—without regard to intellectual property rights or the sensitivity of the data on the DMSs, and despite the history of data corruption and performance degradation caused by unauthorized third-party access." (Doc. 20 at 25.) Yet the purpose of the statute is to allow a dealer to grant third-party access to that data in the system that can be considered the dealer's protected data. Thus, the statute seems principally designed to prevent the DMS provider from monopolizing data that is not its own to its great financial advantage. Further, the dealer can authorize access to its "dealer protected data" only to the extent necessary to "carry out the specified function" for which the dealer has granted the third-party access. A.R.S. § 28-4651(1). If that access is granted only through an API, it does not allow a third party to access protected aspects of the Plaintiffs' DMS systems, nor does it allow the third party to corrupt the operations of those systems.
Moreover, the impairment of Plaintiffs' contracts under the Dealer Law is reasonable and appropriate. In determining appropriateness and reasonableness, courts generally consider "the extent of the impairment," S. California Gas Co., 336 F.3d at 894; "the severity of the impairment measures the height of the hurdle the state legislation must clear," Ross, 655 F. Supp. at 832. Plaintiffs' contracts with third parties are not at issue here; thus, the Dealer Law affects only Plaintiffs' ability to prohibit dealers from allowing third parties to access their data through Plaintiffs' software. The "percentage of the income stream that CDK now has com[ing] from charging those who seek third-party access to the system . . . [is] probably about five percent," with "actual earnings" comprising only "36 percent of the five percent." Transcript of Preliminary Injunction Hearing June 2, 2020, Volume B at 82. It therefore cannot "seriously be contended that [Plaintiffs were] substantially induced to enter into these contracts on the basis of" their profits from third-party integrators. S. California Gas Co., 336 F.3d at 895. Plaintiffs' claims are further undermined by evidence that their own leadership "was very much in favor of the dealer being able to make their own choices around what providers they were using for data integration and what third-party companies they used to provide software services in addition to the DMS" as recently as the "2006, 2007 time period." Transcript of Preliminary Injunction Hearing June 3, 2020, Volume B at 78. It was not until "2015, roughly in that time period" that CDK "started to raise prices to the third parties who were providing services" to dealers. Transcript of Preliminary Injunction Hearing June 3, 2020, Volume B at 79. Thus, there is no customary practice of charging authorized third-party integrators significant fees to access a dealer's protected data. Moreover, as addressed above, the Dealer Law can be implemented without violating Plaintiffs' intellectual property rights or breaching data security norms. As Defendants' expert testified, "dealers take data security . . . . [v]ery, very seriously," Transcript of Preliminary Injunction Hearing June 3, 2020, Volume B at 87, and Plaintiffs have not pointed to a single instance of a data breach by a third-party integrator. The "history of data corruption and performance degradation caused by unauthorized third-party access" that Plaintiffs describe (Doc. 20 at 25) is not substantiated by Plaintiffs' evidence.
See FN 8, supra. --------
A statute substantially impairing contracts must be based "upon reasonable conditions" and "of a character appropriate to the public purpose justifying its adoption" to overcome Contracts Clause scrutiny. Ross, 655 F. Supp. at 834. In their briefing and in the preliminary injunction hearing, Plaintiffs failed to demonstrate that this is unlikely to be so.
3. Takings Clause
"The paradigmatic taking requiring just compensation is a direct government appropriation or physical invasion of private property." Lingle v. Chevron U.S.A. Inc., 544 U.S. 528, 537 (2005). "[W]here government requires an owner to suffer a permanent physical invasion of her property—however minor—it must provide just compensation." Id. at 538; see also, e.g., Loretto v. Teleprompter Manhattan CATV Corp., 458 U.S. 419 (1982) (cable installation occupying portions of plaintiff's roof and the side of her building was a physical occupation of property amounting to a taking); Horne v. Dep't of Ag., 576 U.S. 350 (2015) (order requiring growers to give a percentage of their raisin crop to the federal government, free of charge, constituted a physical taking). Regulations that completely deprive an owner of "all economically beneficial us[e]" of her property are also considered "per se" takings. Id. at 538. "Outside these two relatively narrow categories . . . regulatory takings challenges are governed by the standards set forth in Penn Central Transp. Co. v. New York City, 438 U.S. 104 . . . (1978)." Id. at 539. Under the Penn Central factors, "intangible interests" can be "property for purposes of the Fifth Amendment's Taking Clause." Ruckelshaus v. Monsanto Co., 467 U.S. 986, 1003 (1984) (health, safety, and environmental data cognizable as a trade secret property right under state law protected by Takings Clause).
Plaintiffs assert that the Dealer Law "permits any dealer-authorized third party to enter the DMSs, use Plaintiffs' intellectual property, extract data configured according to Plaintiffs' proprietary methods, and write data to Plaintiffs' systems." (Doc. 20 at 28.) This, they argue, involves third parties "occupying Plaintiffs' hardware and using [Plaintiffs'] copyrighted intellectual property," (Doc. 51 at 21), and constitutes both a per se and a regulatory taking. Plaintiffs have cited no authority for the provision that "occupation" of an intangible interest like their DMS can constitute a physical taking. Moreover, even if Plaintiffs could cite such authority, as addressed in the above Copyright Act analysis, under a reasonable interpretation of the Dealer Law, Plaintiffs could meet their obligations through an API and thus without "direct[] access" to Plaintiffs' DMSs by third parties. (Doc. 43-1 at 5.) To the extent that the hardware is occupied with information provided by the dealers or their authorized third parties, that is one of the benefits of the bargain the dealer receives from contracting with Plaintiffs. It does not amount to a taking by the state. Nor does the Dealer Law deprive Plaintiffs of all economically beneficial use of their property. See Transcript of Preliminary Injunction Hearing June 2, 2020, Volume B at 82, (The "percentage of the income stream that CDK now has com[ing] from charging those who seek third party access to the system . . . [is] probably about five percent," with "actual earnings" comprising only "36 percent of the five percent."). Thus, as in Ruckelshaus, Plaintiffs' takings claim must be evaluated under the Penn Central factors, including "the character of the governmental action, its economic impact, and its interference with reasonable investment-backed expectations." Ruckelshaus, 467 U.S. at 1005.
The character of the Dealer Law plausibly serves a public purpose, as addressed in the above Contracts Clause analysis; it is more akin to "interference aris[ing] from some public program adjusting the benefits and burdens of economic life to promote the common good" than it is to "interference with property [that] can be characterized as a physical invasion by government." Penn Cent., 438 U.S. at 124. The economic impact of the Dealer Law is minimal. Building an API is, "relative to the cost of building a CRM, . . .a drop in the bucket. It's very inexpensive—to stand up an API is very, very small in comparison to building a DMS." Transcript of Preliminary Injunction Hearing June 3, 2020, Volume B at 51. Moreover, the Dealer Law does not prohibit DMS providers from recouping "any direct costs incurred . . . in providing protected dealer data access to an authorized integrator or allowing an authorized integrator to write data to a dealer data system." A.R.S. § 28-4651.
As to the last of the three factors, unlike in Ruckelshaus, Plaintiffs were not "on notice," 467 U.S. at 1006, that they would be regulated in the manner required by the Dealer Law. As in their Contracts Clause argument, Defendants have cited no history (prior to 2019) of states regulating the relationship between DMS providers and dealers in their discussion of the Takings Clause. But Plaintiffs' claim that they "have spent millions of dollars developing and maintaining their systems," (Doc. 20 at 29), does not necessarily mean that the Dealer Law is interfering with those investments. As Defendants' expert testified, "dealers take data security . . . . [v]ery, very seriously," Transcript of Preliminary Injunction Hearing June 3, 2020, Volume B at 87, and Plaintiffs have not pointed to a single instance of a data breach by a third-party integrator. The "history of data corruption and performance degradation caused by unauthorized third-party access" that Plaintiffs describe, (Doc. 20 at 25), is not substantiated by Plaintiffs' evidence. Moreover, with their income from charging nationwide third party providers comprising only 1.8 percent of their total profits, Transcript of Preliminary Injunction Hearing June 2, 2020, Volume B at 82, Plaintiffs could not have "reasonably expected" that income from charging third party integrators in Arizona alone would be a major source of their profit such that the Dealer Law poses a significant interference.
As with their Copyright Act and Contracts Clause arguments, Plaintiffs have not demonstrated a likelihood of success on the merits of their Takings Clause claim. Their request for a preliminary injunction is therefore denied.
CONCLUSION
A preliminary injunction is "an extraordinary and drastic remedy, one that should not be granted unless the movant, by a clear showing, carries the burden of persuasion." Lopez, 680 F.3d at 1072. Plaintiffs have failed to carry that burden because they have not proven a likelihood of success on the merits of their claims.
IT IS THEREFORE ORDERED that Plaintiffs' Motion for Preliminary Injunction (Doc. 20) is DENIED.
Dated this 24th day of July, 2020.
/s/_________
G. Murray Snow
Chief United States District Judge