By Thomas Long, J.D.
The Copyright Act preempted Virginia state-law computer fraud claims based on allegations that cloud computing services provider MicroStrategy Services Corp. copied and transferred data owned by software company OpenRisk, LLC, to a cloud environment created for a new company formed by former OpenRisk employees, the U.S. Court of Appeals in Richmond has held. At their core, OpenRisk’s computer fraud claims sought to impose liability for the unauthorized copying and distribution of data on OpenRisk’s cloud environment. Thus, they were not qualitatively different from copyright infringement claims, in the court’s view. MicroStrategy also was granted summary judgment on OpenRisk’s other tort claims because OpenRisk failed to come forward with evidence that it had sustained injury (OpenRisk, LLC v. MicroStrategy Services Corp., November 13, 2017, Harris, P.).
OpenRisk used MicroStrategy-licensed cloud software to develop a computer program that would allow insurance companies to analyze exposure to natural disasters. Pursuant to a cloud services contract, MicroStrategy agreed to provide OpenRisk with cloud environment space on MicroStrategy’s servers on which OpenRisk would store data and run the software it was licensing. OpenRisk soon ran into financial difficulty, and its president, chief technology officer, and chief scientist left the company to form a new business, called Spectant Group LLC. OpenRisk alleged that, although it had sent a cease-and-desist letter requesting MicroStrategy not to continue to do any work with the three former employees, MicroStrategy copied data from the OpenRisk cloud environment and transferred it to a new environment created for Spectant. After OpenRisk failed to make a payment under its contract with MicroStrategy, MicroStrategy deleted the entire OpenRisk environment and its content, without first providing OpenRisk with notice of contract termination for nonpayment.
OpenRisk filed suit against MicroStrategy, asserting Virginia state-law claims of conversion of intellectual property; computer fraud by embezzlement, larceny, and conversion under the Virginia Computer Crimes Act (VCCA); and misappropriation of trade secrets. (The parties later stipulated to dismissal of the trade secrets claim with prejudice.) OpenRisk also claimed that MicroStrategy tortiously interfered with the post-employment contractual duties owed to OpenRisk by its former employees, and engaged in unlawful business and civil conspiracies under Virginia law. MicroStrategy moved for summary judgment, contending that the federal Copyright Act preempted OpenRisk’s state-law claims for conversion and computer fraud, and that OpenRisk had failed to put forward sufficient evidence to support a favorable verdict on its other claims. The district court granted MicroStrategy’s motion for summary judgment, and OpenRisk appealed to the Fourth Circuit.
Computer fraud—Copyright Act preemption. OpenRisk’s computer fraud claims under the VCCA were preempted because, at their core, they sought to impose liability for the unauthorized copying and distribution of data on OpenRisk’s cloud environment, and thus were not qualitatively different from copyright infringement claims. Copyright Act preemption is "broad and absolute," the court noted. Section 301 of the Act provided that state common law or statutory causes of action were preempted if they addressed rights that were equivalent to any of the exclusive rights within the general scope of copyright and came within the subject matter of copyright as specified by the Act. The parties did not dispute that the software and data from the OpenRisk cloud environment was within the scope of the subject matter of copyright.
The rights OpenRisk sought to protect under state law were equivalent to the Copyright Act’s exclusive rights of copyright owners to reproduce and to distribute copies of the copyrighted works, to the extent that OpenRisk’s state claims turned on the allegation that MicroStrategy made unauthorized copies of the data on the OpenRisk cloud environment and then transferred that data to Spectant. The VCCA—a criminal statute with a private right of action—provided that "[a]ny person who uses a computer or computer network, without authority and … [e]mbezzles or commits larceny … is guilty of the crime of computer fraud." When a VCCA claim was predicated on the copying of computer data, the statutory requirement of "use of a computer" did not change the nature of the claim so that it was no longer preempted, because use of the computer was a necessary condition to the copying, the court said. Likewise, the requirement that the copying be done "without authority" also was a necessary condition to copyright infringement.
The court rejected OpenRisk’s argument that the VCCA’s predicate acts of embezzlement and larceny contained "extra elements" that distinguished VCCA computer fraud claims from copyright infringement claims. OpenRisk argued that embezzlement under Virginia law required a showing that a defendant was "entrusted" with property that he or she then wrongfully appropriated, and that that extra element of "entrustment" saved its claim from Copyright Act preemption. The court disagreed because, in fact, an embezzlement claim under Virginia law did not include as an "extra element" a special relationship of trust or confidence that might qualitatively distinguish it from a claim for copyright infringement. Virginia courts had made it clear that the existence of a fiduciary relationship was not necessary for liability under the state’s embezzlement statute. The substance of OpenRisk’s embezzlement claim was based on the same underlying conduct—the unauthorized copying and transfer of material from the OpenRisk cloud environment—that would support a copyright infringement claim. Application of the "extra element" standard to larceny was even more straightforward, the court said. Larceny involved the taking of property without the owner’s consent; the lack of consent was not "extra" at all, because copyright infringement necessarily involved unauthorized reproduction.
Computer trespass, tortious interference. The Fourth Circuit also affirmed the district court’s grant of summary judgment in factor of MicroStrategy on OpenRisk’s claims for computer trespass and tortious interference. By the time MicroStrategy stopped maintaining the OpenRisk cloud environment, effectively erasing the contents, OpenRisk was, by its own admission, out of business. OpenRisk had informed MicroStrategy that MicroStrategy should cease providing services to OpenRisk, and OpenRisk never asked MicroStrategy to preserve or return the information stored on its servers. OpenRisk presented no evidence that it had any need or use for the data; therefore, it failed to raise a factual issue as to whether it was injured by MicroStrategy’s conduct. The tortious interference claim failed because there was no evidence that MicroStrategy’s conduct induced the former employees to violate a contractual duty to OpenRisk.
The case is Nos. 16-1852 and 16-1906.
Attorneys: Francis Gilbert Gleason, Jr. (Gleason & Gleason, PC) for OpenRisk, LLC. Mark Thomas Stancil (Robbins, Russell, Englert, Orseck, Untereiner & Sauber LLP) for MicroStrategy Services Corp.
Companies: OpenRisk, LLC; MicroStrategy Services Corp.
MainStory: TopStory Copyright TechnologyInternet MarylandNews NorthCarolinaNews SouthCarolinaNews VirginiaNews WestVirginiaNews
Interested in submitting an article?
Submit your information to us today!Learn More