Opinion
CV 20-2711 DSF (Ex)
2020-08-03
Caleb E. Mason, Werksman Jackson and Quinn LLP, Geoffrey A. Neri, Ethan J. Brown, Brown Neri Smith and Khan LLP, Los Angeles, CA, for Plaintiff. John K. Ly, Jason L. Liang, Liang Ly LLP, Los Angeles, CA, for Defendant Ocean Ronquillo-Morgan.
Caleb E. Mason, Werksman Jackson and Quinn LLP, Geoffrey A. Neri, Ethan J. Brown, Brown Neri Smith and Khan LLP, Los Angeles, CA, for Plaintiff.
John K. Ly, Jason L. Liang, Liang Ly LLP, Los Angeles, CA, for Defendant Ocean Ronquillo-Morgan.
Order GRANTING in Part and DENYING in Part Defendant's Motion to Dismiss (Dkt. 12)
Dale S. Fischer, United States District Judge
Defendant Ocean Ronquillo-Morgan moves to dismiss Plaintiff Amanda Rome West's complaint in its entirety. Dkt. 12 (Mot.). Plaintiff opposes. Dkt. 15 (Opp'n). The Court deems this matter appropriate for decision without oral argument. See Fed. R. Civ. P. 78 ; Local Rule 7-15. For the reasons stated below, the motion is GRANTED in part and DENIED in part.
I. BACKGROUND
Plaintiff and Defendant are students at the University of Southern California (USC) who were roommates in the fall of 2017. Dkt. 1 (Compl.) ¶¶ 2-3. In high school, Plaintiff "develop[ed] Internet fame and a huge social media presence ... based on her frequent postings on entertainment, fitness, and lifestyle-related issues." Id. ¶ 20. Shortly after moving in together, Defendant, a computer science major who was "proficient with computers and social media" helped edit Plaintiff's social media videos and other online postings. Id. ¶ 24. Plaintiff gave Defendant her log-in information, including passwords, for her phone, laptop, iPad, social media accounts, email accounts, and iCloud account so that Defendant could assist Plaintiff with her videos and social media. Id. ¶¶ 24, 26. Additionally, Plaintiff's computer and iPhone were always logged into those accounts. Id. ¶ 25.
In August 2017, Defendant told Plaintiff that she used Seeking Arrangement to earn money by having sex with older men and women. Id. ¶ 31. Plaintiff then confided in Defendant that in high school an acquaintance used Plaintiff's iPhone to create a fake message in Facebook Messenger – "I have everyone's addresses and have several poisons" – and sent that message from Plaintiff's iPhone to a group chat of Plaintiff's classmates (the 2015 Message). Id. ¶¶ 34-36. Her school was informed, "investigated the incident, concluded that it was a hoax, and cleared [Plaintiff] of any wrongdoing." Id. ¶ 37.
At some point afterwards, Defendant learned that Plaintiff had told her parents about Defendant's activities on Seeking Arrangement and "that they were upset about [Plaintiff] rooming with an individual engaged in prostitution." Id. ¶ 10. Defendant accessed a text message from Plaintiff's father stating that Defendant was engaged in prostitution and responded that "it was none of [his] business." Id. ¶ 53. Defendant accessed Plaintiff's iPhone on other occasions and "fabricated" additional text messages, including text messages to herself "for purposes of fabricating claims against [Plaintiff]." Id. Additionally, in December 2017, Defendant allegedly accessed Plaintiff's Facebook page and posted "profane language and gibberish." Id. ¶ 52. Further, Defendant had posted photos of Plaintiff without her knowledge on Defendant's Seeking Arrangement profile page. Id. ¶ 33.
On or around November 21, 2017, Defendant filed a complaint with USC alleging that Plaintiff had threatened to poison Defendant's food and plant drugs in her dorm room after Defendant contacted a resident assistant to witness Plaintiff having sex on Defendant's bed a few nights earlier. Id. ¶¶ 42-43. Defendant provided as evidence an iPhone text message sent to her by Plaintiff; Plaintiff alleges Defendant fabricated the text message by accessing the 2015 Message from Plaintiff's computer and altering it. Id. ¶¶ 6-7, 46, 51. On viewing the evidence, Plaintiff noticed that the version of the text message provided to the Department of Public Safety (DPS) had the word "Messenger" below Plaintiff's name, but the version of the text message provided to the Student and Judicial Affairs and Community Standards Office (SJACS) did not have the word "Messenger" under Plaintiff's name. Id. ¶¶ 46-48. This complaint led to an investigation and disciplinary proceedings that have yet to be resolved. Id. ¶ 44.
Plaintiff alleges that Defendant's conduct violated the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030, and the Computer Data Access and Fraud Act (CDAFA), Cal. Pen. Code § 502.
II. LEGAL STANDARD
Rule 12(b)(6) allows an attack on the pleadings for failure to state a claim on which relief can be granted. "[W]hen ruling on a defendant's motion to dismiss, a judge must accept as true all of the factual allegations contained in the complaint." Erickson v. Pardus, 551 U.S. 89, 94, 127 S.Ct. 2197, 167 L.Ed.2d 1081 (2007) (per curiam). However, a court is "not bound to accept as true a legal conclusion couched as a factual allegation." Ashcroft v. Iqbal, 556 U.S. 662, 678, 129 S.Ct. 1937, 173 L.Ed.2d 868 (2009) (quoting Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007) ). "Nor does a complaint suffice if it tenders ‘naked assertion[s]’ devoid of ‘further factual enhancement.’ " Id. (quoting Twombly, 550 U.S. at 557, 127 S.Ct. 1955 ) (alteration in original) (citation omitted). A complaint must "state a claim to relief that is plausible on its face." Twombly, 550 U.S. at 570, 127 S.Ct. 1955. This means that the complaint must plead "factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged." Iqbal, 556 U.S. at 678, 129 S.Ct. 1937. There must be "sufficient allegations of underlying facts to give fair notice and to enable the opposing party to defend itself effectively ... and factual allegations that are taken as true must plausibly suggest an entitlement to relief, such that it is not unfair to require the opposing party to be subjected to the expense of discovery and continued litigation." Starr v. Baca, 652 F.3d 1202, 1216 (9th Cir. 2011).
Ruling on a motion to dismiss will be "a context-specific task that requires the reviewing court to draw on its judicial experience and common sense. But where the well-pleaded facts do not permit the court to infer more than the mere possibility of misconduct, the complaint has alleged – but it has not ‘show[n]’ – ‘that the pleader is entitled to relief.’ " Iqbal, 556 U.S. at 679, 129 S.Ct. 1937 (alteration in original) (citation omitted) (quoting Fed. R. Civ. P. 8(a)(2) ).
As a general rule, leave to amend a complaint that has been dismissed should be freely granted. Fed. R. Civ. P. 15(a).
III. DISCUSSION
Defendant contends Plaintiff's CFAA claim is barred by the statute of limitations and that both the CFAA and CDAFA claims fail to state a claim.
A. CFAA
1. Statute of Limitations
The CFAA provides that "[n]o action may be brought under this subsection unless such action is begun within 2 years of the date of the act complained of or the date of the discovery of the damage." 18 U.S.C. § 1030(g). When "legislators have written the word ‘discovery’ directly into the statute ... state and federal courts have typically interpreted the word to refer not only to actual discovery, but also to the hypothetical discovery of facts a reasonably diligent plaintiff would know." Merck & Co. v. Reynolds, 559 U.S. 633, 645, 130 S.Ct. 1784, 176 L.Ed.2d 582 (2010). Defendant contends that Plaintiff's CFAA claim is barred by a two-year statute of limitations because Plaintiff "had actual knowledge of the alleged CFAA violation in late 2017" and this action was not filed until March 2020. Mot. at 9. "A claim may be dismissed as untimely pursuant to a 12(b)(6) motion ‘only when the running of the statute [of limitations] is apparent on the face of the complaint.’ " U.S. ex rel. Air Control Techs., Inc. v. Pre Con Indus., Inc., 720 F.3d 1174, 1178 (9th Cir. 2013) (alteration in original) (quoting Von Saher v. Norton Simon Museum of Art at Pasadena, 592 F.3d 954, 969 (9th Cir. 2010) ); see also Jablon v. Dean Witter & Co., 614 F.2d 677, 682 (9th Cir. 1980) ("When a motion to dismiss is based on the running of the statute of limitations, it can be granted only if the assertions of the complaint, read with the required liberality, would not permit the plaintiff to prove that the statute was tolled.").
Defendant insists "it is clear from the face of the Complaint that West had ‘reasonable notice to discover’ the CFAA violation shortly after [Defendant] made her report ... to USC in November 2017." Mot. at 10. Specifically, Plaintiff knew Defendant had her passwords, was a computer science major and self-proclaimed "hacker," and did not know the name of the sender of the 2015 Message and therefore could only have discovered the message by accessing Plaintiff's Facebook messages. Id. (citing Compl. ¶¶ 24, 28, 36-38). While these allegations support knowledge that Defendant had the means to commit the alleged acts, it provides no indication that Plaintiff was aware, prior to March 2018, that Defendant had hacked Plaintiff's computer and fabricated messages and posts.
The remaining allegations in the Complaint either do not refer to specific dates, or otherwise refer to dates within the limitations period. For example, Plaintiff alleges that "[a]fter SJACS charged [her], she and her attorneys theorized that [Defendant] could only have first obtained the Poison Message by using [Plaintiff's] devices without authorization and wrongfully accessing [Plaintiff's] private Facebook Messenger account but did not yet have any proof." Compl. ¶ 41. At some point, SJACS showed Plaintiff the evidence against her, but "some of its content [was] partially and intentionally obscured by SJACS," Plaintiff "was never allowed to touch the original ‘evidence’ against her (or have copies thereof)," and "sometimes SJACS even showed such ‘evidence’ upside down." Id. ¶ 44. Neither of these allegations refer to any dates and therefore cannot establish when Plaintiff knew or should have known she was injured. Plaintiff further alleges that it was not until August 30, 2019 that SJACS sent Plaintiff a link permitting her to review Defendant's evidence, although it was only for one hour and Plaintiff was not allowed to keep any copies. Id. ¶ 45. Plaintiff did not obtain hard copies of the evidence until October 22, 2019, through discovery in a related state court action. Id. ¶ 51. From these allegations, which all occurred during the limitations period, the Court cannot conclude as a matter of law that Plaintiff discovered, or should have discovered, that Defendant illegally logged into Plaintiff's Facebook page without permission or exceeded her permission, obtained the 2015 Message, and altered it more than two years before filing this action.
Defendant also requests judicial notice of certain facts she believes show Plaintiff's claim is barred by the statute of limitations. On June 28, 2018, Plaintiff filed an action in state court containing allegations that Defendant obtained the 2015 Message from Plaintiff's computer or phone without permission. Dkt. 13-6 (State Court Compl.). This was within the limitations period and therefore does not help Defendant. In another complaint purportedly filed by Plaintiff in state court, Plaintiff alleged that she "learned that the roommate had made the earlier report to DPS" in late November 2017 or December 2017 and that "[o]ver the next four months, [Plaintiff] ... provided witnesses and evidence." Dkt. 13-14 (Doe Compl.) ¶¶ 15-17. Even if the Court were to take judicial notice of the truth of the allegations within this complaint (which it does not), these facts would not be enough to show that Plaintiff's claims are barred by the statute of limitations. That Plaintiff knew about the report against her and worked to provide a defense does not demonstrate that Plaintiff knew about Defendant's purported use of the 2015 Message. In fact, Defendant describes this only as " more evidence that [Plaintiff] was on notice of the CFAA claim in 2017." Reply at 4 (emphasis added). That is insufficient to demonstrate Plaintiff's claims are barred by the statute of limitations on a motion to dismiss.
The Court GRANTS Defendant's request for judicial notice (Dkt. 13 (RJN)) of the complaint filed in the related state court case (State Court Compl.), as well as other state court filings (Dkts. 13-7 through 13-14). Fed. R. Evid. 201(b). Defendant also requests judicial notice of the incident report, police report, summary administrative review, and an email and report prepared by Plaintiff on the grounds that these documents are "records and reports of administrative bodies." See RJN at 1-2. However, documents prepared by USC as part of an internal investigation and Plaintiff in response to that investigation are not records of "administrative bodies." The caselaw cited by Defendant refers to government administrative bodies, not a private university's "administrative proceeding[s]" against its students. Moreover, the purported fact that Plaintiff told USC on December 5, 2017 that she believed Defendant "hacked" into her computer, Mot. at 9-10, is not properly subject to judicial notice. See M/V Am. Queen v. San Diego Marine Const. Corp., 708 F.2d 1483, 1491 (9th Cir. 1983) ("a court may not take judicial notice of proceedings or records in another cause so as to supply, without formal introduction of evidence, facts essential to support a contention in a cause then before it"); cf. Von Saher, 592 F.3d at 960 ("Courts may take judicial notice of publications introduced to ‘indicate what was in the public realm at the time, not whether the contents of those articles were in fact true.’ " (quoting Benak ex rel. All. Premier Growth Fund v. All. Capital Mgmt. L.P., 435 F.3d 396, 401 n.15 (3d Cir. 2006) )). Defendant contends that she is "not asking the Court to take judicial notice of the truth of the statements in the documents produced by USC" but rather "of the existence of these documents to show that West was on notice of the alleged unauthorized access in 2017." Dkt. 17 (Reply) at 4. This is simply untrue. For example, the existence of the summary administrative review dated August 7, 2019 has no bearing on any statute of limitations question. Rather, Defendant hopes the Court will accept as true the statements from the report that Plaintiff admitted in December 2017 that she believed Defendant had hacked her computer. Except as stated above, Defendant's Request for Judicial Notice is DENIED.
Maddalena v. Toole, No. 2:13-CV-4873-ODW, 2013 WL 5491869 (C.D. Cal. Oct. 1, 2013) is distinguishable. There, the plaintiffs had alleged that they actually discovered the illegally installed spyware and one plaintiff had actually discovered that the defendant was responsible for its installation outside of the limitations period. Id. at *4. The court held that this was sufficient for the claim to accrue, even though the plaintiff had not "discover[ed] every technological mechanism used to spy on them" or the extent of the infiltration. Id. Here, it is not clear from the face of the complaint that Plaintiff actually discovered that Defendant had logged onto her computer and used the 2015 Message to fabricate a text message outside of the limitations period. To the contrary, the complaint does not indicate at what time Plaintiff became aware that the evidence supporting Defendant's report was an allegedly fabricated message. Therefore, the Court cannot conclude at the motion to dismiss stage that Plaintiff's CFAA claim is barred by the statute of limitations.
In her reply brief Defendant shifts gears, focusing on the alleged text message sent to Plaintiff's father and the phony Facebook post, both of which Defendant claims Plaintiff must have been aware of shortly after they were sent or posted in 2017 because "[a]ny notion that [Plaintiff] did not know that another person was posing as her on social media would make no sense." Reply at 1-2. The Court declines to consider this argument as Plaintiff had no opportunity to address it. Zamani v. Carnes, 491 F.3d 990, 997 (9th Cir. 2007) ("The district court need not consider arguments raised for the first time in a reply brief.").
2. Access to Plaintiff's Computer
Defendant contends Plaintiff has failed to adequately allege a CFAA violation under subsections (a)(2) and (a)(4) because she has failed to allege that Defendant accessed her computer "without authorization" or "exceeded authorized access." Mot. at 11 (citing LVRC Holdings LLC v. Brekka, 581 F.3d 1127, 1132 (9th Cir. 2009) ). The Ninth Circuit has concluded that the phrase "without authorization" applies to a person who "accesses a computer without any permission at all," while the phrase "exceeds authorized access" applies to a person who "has permission to access the computer, but accesses information on the computer that the person is not entitled to access." LVRC Holdings, 581 F.3d at 1133 ; see also 18 U.S.C.A. § 1030(e)(6) (defining the phrase "exceeds authorized access" as "access[ing] a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter."). The Ninth Circuit has further clarified that the phrase "exceed authorized access" extends only to "violations of restrictions on access to information, and not restrictions on its use. " United States v. Nosal, 676 F.3d 854, 864 (9th Cir. 2012) ( Nosal I ).
There is no dispute that Defendant had authorization to access Plaintiff's computer and phone. Compl. ¶¶ 24-25. However, the parties disagree whether Plaintiff sufficiently alleges that Defendant exceeded her authorized access. Plaintiff alleges she provided her account information to Defendant "only for the purposes of allowing [Defendant] to assist her video and social media productions" and "never provided [Defendant] with carte blanche access to [Plaintiff's] computer and iPhone and social media accounts and [Defendant's] work with [Plaintiff] never involved West's private Facebook Messenger messages." Id. ¶¶ 26-27. Defendant contends Plaintiff asserts only that Defendant "misused the information," not that she exceeded authorization. Mot. at 12; see also Reply at 5 ("The ‘purpose’ of the access is irrelevant" where "there were no restrictions to [Defendant's] ‘access’ to [Plaintiff's] phone and social media accounts."). The Court disagrees.
For this reason, Plaintiff's claims based on subsection (a)(5), which addresses only access "without authorization," fail. See United States v. Nosal, 844 F.3d 1024, 1033 (9th Cir. 2016) (Nosal II ) ("Subsection 1030(a)(5)" "pertain[s] only to access ‘without authorization.’ "). While the Court believes it is unlikely Plaintiff could cure this deficiency consistent with Rule 11, the Court will nevertheless DISMISS Plaintiff's CFAA claim to the extent based on subsection (a)(5) with leave to amend.
In Nosal I, the Ninth Circuit described the situation where "an employee is permitted to access only product information on the company's computer but accesses customer data." 676 F.3d at 857. In that case, the employee would exceed authorized access by "looking at the customer lists." Id. That is what Plaintiff alleges occurred here. Defendant was permitted to access only the portions of Plaintiff's social media accounts to the extent necessary to edit and post Plaintiff's videos, which did not include access to private Facebook messages. Defendant therefore exceeded her authorized access by viewing and obtaining Plaintiff's Facebook messages. This is not a situation where Defendant had unrestricted access to Plaintiff's computer and simply used the information she was authorized to access in an unauthorized way. Rather, contrary to Defendant's position, Defendant's access was restricted to the pages, websites, and applications necessary to perform her authorized work. Defendant was not authorized to access Plaintiff's private Facebook messages. Therefore, this case is distinguishable from Nosal I, where the defendants "were authorized to access the database, but [the company] had a policy that forbade disclosing confidential information," 676 F.3d at 856, and United States v. Christensen, 828 F.3d 763 (9th Cir. 2015), where the government failed to provide evidence that the defendant's co-worker "was not authorized to access the database," even if the way in which the defendant's co-worker reported her use of that database violated company policy, id. at 787.
Defendant seems to assume that if one has the password or if there is no password to access certain information, that person necessarily has "authorization" to access it, see Reply at 5-6, but she cites no case law in support of this position.
3. Damage
To violate CFAA subsections (a)(5)(A) and (a)(5)(B) the perpetrator must have caused "damage" and to violate subsection (a)(5)(C) the perpetrator must have caused "damage and loss." Damage is defined as "any impairment to the integrity or availability of data, a program, a system, or information." Id. § 1030(e)(8). The only "damage" alleged in Plaintiff's complaint is to her, not to her computer's data or system. See, e.g., Compl. ¶¶ 61-62. For this additional reason Plaintiff's CFAA claim to the extent based on subsection (a)(5) is DISMISSED with leave to amend.
Plaintiff does not dispute that she has failed to allege damage as required for a claim based on violations of subsection (a)(5). Rather, Plaintiff contends only that she has adequately alleged "loss," which is all that is required for violations of subsections (a)(2) and (a)(4). Opp'n at 23; Compl. ¶ 65 (alleging Plaintiff incurred more than $5,000 in costs for hiring forensic experts to investigate whether Defendant's evidence was an alteration of the 2015 Message); see also 18 U.S.C. § 1030(g) (A person who "suffers damage or loss" may maintain a civil action against someone who violates the CFAA).
Defendant's motion to dismiss the First Cause of Action is DENIED to the extent it relies on violations of 18 U.S.C. §§ 1030(a)(2) and (a)(4), but is GRANTED to the extent it relies on violations of §§ 1030(a)(5)(A)-(C).
B. CDAFA
As is relevant here, to violate the CDAFA, a person must "knowingly" and "without permission" alter, destroy, take, copy, or otherwise use data from a computer, see Cal. Penal Code § 502(c)(1)-(2), (4), use or disrupt computer services (such as the internet), id. § 502(b)(4), (c)(3), (c)(5), or access or assist someone else in accessing a computer or computer network, id. § 502(c)(6)-(7). The "owner or lessee of the computer, computer system, computer network, computer program, or data who suffers damage or loss by reason of a violation of [the CDAFA] may bring a civil action against the violator." Id. § 502(e)(1).
First, Defendant contends Plaintiff "cannot establish" Defendant acted "without permission" because, "as in the CFAA claim, the allegations in the Complaint show that [Plaintiff] gave [Defendant] complete access to [Plaintiff's] Facebook account and her iPhone in which the supposed violations of the CDAFA occurred." Mot. at 14. Not only has the Court found this to be contrary to the Complaint's allegations, the Ninth Circuit has explicitly held that the CDAFA is different from the CFAA and therefore should be interpreted differently. Christensen, 828 F.3d at 789 (because "[t]he statutes are different" courts need not interpret the CDAFA and the CFAA consistently). Unlike the CFAA, the CDAFA "does not require unauthorized access," only "knowing access" that is made unlawful if "the person ‘without permission takes, copies, or makes use of’ data on the computer." Id. (citing Cal. Penal Code § 502(c)(2) ). The CDAFA, therefore, is focused on the "unauthorized taking or use of information." Id. Defendant's suggestion that allegations that Defendant "accessed [Plaintiff's] social media and misused the conten[t]s for the purpose of framing [Plaintiff] do[ ] not state a claim under the CDAFA," Mot. at 14, is wrong.
Defendant asks the Court to adopt the reasoning of a district court that held that "[a] party acts ‘without permission’ under the CDAFA when it ‘circumvents technical or code-based barriers in place to restrict or bar a user's access.’ " Williams v. Facebook, Inc., 384 F. Supp. 3d 1043, 1053 (N.D. Cal. 2018) (quoting NovelPoster v. Javitch Canfield Grp., 140 F. Supp. 3d 938, 950 (N.D. Cal. 2014) ). Circumventing technical barriers may be sufficient to show that a person acted "without permission," but that does not mean it is necessary for a person to circumvent technical barriers to act "without permission." Christensen makes this clear. In that case, the people who accessed the databases at issue used their authorized passwords to do so. One of the defendants, a telephone company technician, did not have access to the company's databases; other employees accessed the databases and gave him information. 828 F.3d at 777. Another defendant, a police officer, accessed federal law enforcement databases in his official capacity to obtain information for third-parties in exchange for bribes. 828 F.3d at 783. He did so using "LAPD computer terminals and LAPD-issued passwords." Id. In both situations, the person who accessed the databases at issue had the authority to do so and did so without circumventing any technical or code-based barriers. Defendant contends that Christensen is distinguishable because "the defendants did not have permission to access the computer databases in question." Reply at 7. That is wrong. The defendants and their accomplices "logg[ed] into a database with a valid password and subsequently t[ook], cop[ied], or us[ed] the information in the database improperly." Id. at 789. That is very similar to what is alleged to have happened here.
In fact, this case is even stronger than Christensen because in Christensen "accessing police databases was within the general scope of [defendant's] duties," 828 F.3d at 783, while here accessing Plaintiff's private Facebook messages was not within the general scope of Defendant's video editing and posting duties.
Defendant next contends that Plaintiff has not alleged she is the "owner" of the "data" – the hoax perpetrator's name (and the content of the 2015 Message) – that Defendant allegedly took, copied, or made use of. Mot. at 13; Cal. Penal Code § 502(e)(1) (Any "owner or lessee of the computer, computer system, computer network, computer program, or data who suffers damage or loss by reason of a violation the" CDAFA may bring a civil action). Defendant reads the statute too narrowly. It is undisputed that the data was obtained from Plaintiff's computer and therefore the data was "hers." Plaintiff need not additionally allege that she is somehow the "owner" of someone else's name or the "owner" of a message that someone else wrote pretending to be her.
The Court rejects Defendant's additional argument that the hoax perpetrator's name is not "data" because data is defined as "a representation of information, knowledge, facts, concepts, computer software, or computer programs or instructions," Cal. Penal Code § 502(b)(8), and the perpetrator's name "is just information." Mot. at 14.
Additionally, Defendant contends that Plaintiff fails to allege an act to "defraud, deceive or extort" as is required under Penal Code Section 502(c)(1)(A). Mot. at 15. Defendant contends that the only allegation that might potentially qualify – that Defendant "altered the Poison Message to mislead USC into thinking that it was a message between her and [Plaintiff][ ] to bolster her claims that [Plaintiff] had threatened her" – is privileged. Id. The state court held in the related case that Plaintiff's claims against Defendant for intentional infliction of emotional distress, defamation, and inducing breach of contract were barred by the litigation privilege. Dkt. 13-8 (State Court Order). Defendant does not explain why the state court's ruling prevents Plaintiff from alleging that the reason Defendant allegedly violated the CDAFA was to bolster her claim to USC that Plaintiff threatened her. There is no res judicata analysis or any explanation as to how the state court's ruling applies here.
Defendant contends that "this Court has already found that the litigation privilege bars any of Plaintiff's allegations that relate to USC's investigation into West's conduct." Mot. at 15 (citing RJN ¶ 9 & Ex. [H]). However, "this Court" has not so held. This Court does, however, caution Defendant's counsel to ensure statements made in briefs, particularly representations about "this Court," are accurate in the future.
Finally, Defendant challenges Plaintiff's allegations as to subsections (c)(1)(B), (c)(5), and (c)(6). Defendant contends Plaintiff has failed to allege Defendant "took money or property from [Plaintiff's] computer" and therefore failed to state a claim under Section 502(c)(1)(B). Mot. at 14. But that section permits claims where the defendant wrongfully ... obtain[ed] ... data," not just property or money. Defendant also contends that Section 502(c)(5) requires "denial ... or disruption" of service and Section 502(c)(6) requires the provision of "the means for accessing a computer," neither of which Plaintiff has alleged. Mot. at 14. Plaintiff does not address these arguments and the Court agrees with Defendant.
Defendant's motion to dismiss the Second Cause of Action is DENIED to the extent it relies on violations of Cal. Penal Code §§ 502(c)(1)-(4), (7), but is GRANTED to the extent it relies on violations of §§ 502(c)(5)-(6).
IV. CONCLUSION
Defendant's motion is GRANTED in part and DENIED in part. The First Cause of Action, to the extent it relies on violations of 18 U.S.C §§ 1030(a)(5)(A)-(C), and the Second Cause of Action, to the extent it relies on violations of Cal. Penal Code §§ 502(c)(5)-(6), are DISMISSED with leave to amend. An amended complaint must be filed no later than August 30, 2020. Failure to file by that date will waive the right to do so. The Court does not grant leave to add new defendants or new claims. Leave to add new defendants or new claims must be sought by a properly-noticed motion.
IT IS SO ORDERED.