LARRY R. HICKS, UNITED STATES DISTRICT JUDGE.
Before the court is defendants Rimini Street, Inc. ("Rimini") and Seth Ravin's ("Ravin") (collectively "defendants") renewed motion for judgment as a matter of law. ECF No. 913. Plaintiffs Oracle USA, Inc.; Oracle America, Inc.; and Oracle International Corporation (collectively "Oracle") filed an opposition (ECF No. 957) to which defendants replied (ECF No. 976).
I. Facts and Procedural History
This action has an extensive factual and procedural history.
On January 25, 2010, Oracle filed a complaint for copyright infringement against defendants alleging that Rimini copied several of Oracle's copyright-protected software programs onto its own computer systems in order to provide software support services to customers. ECF No. 1. In June 2011, Oracle filed a second amended complaint alleging thirteen causes of action against Rimini: (1) copyright infringement; (2) violation of the Federal Computer Fraud and Abuse Act ("CFAA"), 18 U.S.C. §§ 1030(a)(2)(C), (a)(4), & (a)(5); (3) violation of the California Computer Data Access and Fraud Act, Cal. Penal Code § 502; (4) violation of the Nevada Computer Crimes Law, NRS § 205.4765; (5) breach of contract; (6) inducement of breach of contract; (7) intentional interference with prospective economic advantage; (8) negligent interference with prospective economic advantage; (9) unfair competition; (10) trespass to chattels; (11) unjust enrichment; (12) unfair practices; and (13) accounting. ECF No. 146.
A jury trial was held on Oracle's claims from September 14, 2015, through October 13, 2015. On October 13, 2015, the jury returned a verdict on Oracle's claims and found that defendant Rimini engaged in copyright infringement of Oracle's copyrighted PeopleSoft, J.D. Edwards, and Siebel-branded Enterprise Software products. ECF No. 896. The jury also found that both defendant Rimini and Ravin violated the California Computer Data Access and Fraud Act ("CDAFA") and the Nevada Computer Crimes Law ("NCCL"). Id. After the jury verdict, defendants filed the present Rule 50(b) motion for judgment as a matter of law on the CDAFA and NCCL claims. ECF No. 913.
II. Legal Standard
Under Rule 50(b), after the court enters judgment, a party may file a renewed motion for judgment as a matter of law. Rule 50 provides that judgment as a matter of law is appropriate if "a reasonable jury would not have a legally sufficient evidentiary basis to find for the party on that issue." FED. R. CIV. P. 50(a)(1). In other words, Rule 50 "allows the trial court to remove cases or issues from the jury's consideration when the facts are sufficiently clear that the law requires a particular result." Weisgram v. Marley Co., 528 U.S. 440, 448, 120 S.Ct. 1011, 145 L.Ed.2d 958 (2000).
Under Rule 50, the court reviews whether "substantial evidence" supports the jury verdict. See Hagen v. City of Eugene, 736 F.3d 1251, 1256 (9th Cir. 2013). "A jury's verdict must be upheld if it is supported by substantial evidence, which is evidence adequate to support the jury's conclusion, even if it is also possible to draw a contrary conclusion." Pavao v. Pagay, 307 F.3d 915, 918 (9th Cir.2002) (emphasis added). A verdict is not supported by substantial evidence "when the evidence, construed in the light most favorable to the nonmoving party, permits only one reasonable conclusion, which is contrary to the jury's verdict." Hagen, 736 F.3d at 1256. In reviewing a Rule 50 motion, the court "must disregard evidence favorable to the moving party that the jury is not required to believe," "must view the evidence in the light most favorable to the nonmoving party," and must "draw all reasonable inferences in [the non-moving] party's favor." Pavao, 307 F.3d at 918.
In their present Rule 50(b) motion, defendants argue that the jury's findings of liability on the CDAFA and NCCL claims are unsupported by the evidence at trial and invalid as a matter of law. See ECF No. 913. In particular, defendants raise five separate challenges to the jury's verdict on the CDAFA and NCCL claims. First, defendants contend that neither California nor Nevada's computer access statute applies in this action under general choice-of-law principles. Second, defendants argue that plaintiff Oracle International Corporation ("OIC") lacked standing to allege a claim under either statute, and as such, the court must set aside both the jury's verdict and the $5.6 million in damages the jury awarded to OIC under both statutes. Third, defendants argue that their conduct, as established by the evidence at trial, did not violate either statute as a matter of law. Fourth, defendants contend that Oracle is not entitled to recover economic damages, including lost profits damages, under either statute. Finally, defendants argue that both the CDAFA and the NCCL are facially unconstitutional and unconstitutional as applied in this action. The court shall address each challenge below.
A. Facts Relevant to the Computer Law Claims
Plaintiff Oracle America, Inc. ("Oracle America") owns and operates a website that operates as an online database for Oracle's software customers. This database contains millions of technical support files for Oracle's copyrighted Enterprise Software programs, including its PeopleSoft, J.D. Edwards, and Siebel branded software. During the relevant time period of the CDAFA and NCCL claims — late 2006 through early 2009 — this online database was accessible through a website that required both the customer's unique login identification
Oracle America's online database did not have a built-in mechanism to allow Oracle's software customers to download large numbers of files at one time; rather, Oracle's customers had to individually search for, identify, and download any files and/or documentation that they desired from the vast catalog of available files. With hundreds of thousands, or even millions, of files available for each software product, this could be a time consuming process if the licensee required extensive support files to use the licensed Enterprise Software. Recognizing the need for customers to quickly find and download desired files, Oracle America encouraged its customers to use automated downloading tools as a means to obtain the requested files in a timely manner. During the time from early 2006 until February 2007, defendant Rimini accessed Oracle America's website using a client's unique login and used permitted automated downloading tools to download technical files for that client's software from the Oracle America website onto its own computer systems and servers.
B. Computer Law Claims
As part of this lawsuit, plaintiff Oracle brought claims against defendants under both the CDAFA and the NCCL. See ECF No. 146. The CDAFA provides in relevant part that any person who "[k]nowingly accesses and without authorization takes, copies, or makes use of any data from a computer, computer system, or computer network, or takes or copies any supporting documentation, whether existing or residing internal or external to a computer, computer system, or computer network" or "[k]nowingly and without permission uses or causes to be used computer services" is guilty of a public offense. CAL. PENAL CODE § 502(c)(2)-(3). Pursuant to the CDAFA, a private party who is "the owner or lessee of the computer, computer system, computer network, computer program, or data who suffers damage or loss by reason of a violation of any of the provisions of subdivision (c) may bring a civil action against the violator for compensatory damages and injunctive relief or other equitable relief. Compensatory damages shall include any expenditure reasonably and necessarily incurred by the owner or lessee to verify that a computer system, computer network, computer program, or data was or was not altered, damaged, or deleted by the access." CAL. PENAL CODE § 502(e)(1).
After a four week jury trial and several days of deliberation, the jury returned a verdict in favor of plaintiffs Oracle America and OIC and against defendants Rimini and Ravin on both state computer law claims. ECF No. 896. In the verdict, the jury awarded Oracle America damages in the amount of $8,827,000 and OIC damages in the amount of $5,600,000 under the CDAFA. The jury also awarded Oracle America damages in the amount of $8,827,000 and OIC damages in the amount of $5,600,000 under the NCCL. Thereafter, defendants filed the present Rule 50(b) motion. ECF No. 913.
C. Choice-of-Law Challenges
Initially, defendants raise three separate "choice-of-law" challenges to the jury's verdict under general choice-of-law principles, the Commerce Clause, and the extraterritoriality doctrine. See ECF No. 913. In these challenges, defendants argue that the jury should not have been allowed to reach a verdict on either the CDAFA or NCCL claims because Oracle failed to introduce into evidence any predicate facts identifying where the alleged violating conduct occurred or where Oracle America's affected servers were located. Without this evidence, defendants contend there was no basis for the jury to conclude that either the California or Nevada statute applied to defendants' conduct.
The court has reviewed the documents and pleadings on file in this matter and finds that defendants' choice-of-law challenges are without merit. "A Rule 50(b) motion for judgment as a matter of law is not a freestanding motion. Rather, it is a renewed Rule 50(a) motion." E.E.O.C. v. Go Daddy Software, Inc., 581 F.3d 951, 961 (9th Cir.2009). As such, a Rule 50(b) motion is limited to the grounds asserted in the pre-deliberation Rule 50(a) motion, and a party cannot "raise arguments in its post-trial motion for judgment as a matter of law under Rule 50(b) that it did not raise in its preverdict Rule 50(a) motion." Freund v. Nycomed Amersham, 347 F.3d 752, 761 (9th Cir.2003); see also, Murphy v. City of Long Beach, 914 F.2d 183, 186 (9th Cir.1990) (judgment notwithstanding the verdict is "improper if based upon grounds not alleged in a directed verdict" motion). Here, defendants failed to raise these challenges in their initial Rule 50(a) motion, and as such, they are precluded from raising these challenges in the present Rule 50(b) motion. Therefore, the court shall deny defendants' motion as to these challenges.
D. Lack of Standing
Defendants' second challenge to the jury verdict is that plaintiff OIC lacked
Initially, the court notes that defendants failed to properly raise this argument in their Rule 50(a) motion.
E. Defendants' Conduct
As addressed in subsection B, the CDAFA and NCCL prohibit the unauthorized access of a computer system. See CAL. PENAL CODE § 502(c); NRS § 205.4761. As both the CDAFA and NCCL are criminal statutes that authorize civil claims, the court must construe the statutes strictly in determining whether either statute prohibits defendants' conduct. See e.g., LVRC Holdings LLC v. Brekka, 581 F.3d 1127, 1134-35 (9th Cir. 2009); United States v. Nosal, 642 F.3d 781, 783 (9th Cir.2011). However, as the CDAFA and NCCL use the term "knowingly" in describing the proscribed conduct, there is no requirement that the jury find that defendants acted with the specific intent to violate either statute when they used, or caused to be used, automated downloading tools on Oracle America's website. See The People v. Hawkins, 98 Cal.App.4th 1428, 1438, 99 Cal.App.4th 1333A, 121 Cal.Rptr.2d 627 (2002) ("A requirement of knowledge is not a requirement that the act be done with any specific intent ... the word `knowing' as used in a criminal statute imports only an awareness of the facts which bring the proscribed act within the terms of the statute.").
As to defendants' first argument, defendants contend that nothing in the plain language of either statute prohibits the use of automated downloading tools when accessing or using a computer system. However, the CDAFA is not limited to "using" a computer. In fact, the CDAFA specifically covers the knowing, unauthorized "taking" and "copying" of data. CAL. PENAL CODE § 502(c)(2). In United States v. Christensen, the Ninth Circuit expressly held that simply "logging into a database with a valid password and subsequently taking, copying, or using the information in the database improperly" constitutes a violation of the CDAFA. United States v. Christensen, 801 F.3d 970, 994 (9th Cir. 2015).
As to defendants' second argument, defendants argue that the testimony and documents at trial established that Rimini was specifically authorized by its clients (who had software licenses for Oracle software) to access Oracle America's website. Defendants contend that it is undisputed that they had permission from their clients to access the website in order to download support materials for those clients and that defendants did not exceed the scope of that authorization. Therefore, because they had authority to access the website, defendants argue that the jury verdict is not supported by the evidence.
Defendants' argument is without merit. First, defendants' contention that the key inquiry under the CDAFA and the NCCL is whether or not they had authority to access the website is misplaced. "[The CDAFA] does not require unauthorized
The jury instructions on both the CDAFA claim and the NCCL claim further support the jury's liability verdict because the jury instructions specifically required the jury to find that defendants either did not have authorization to take files from Oracle America's website or that defendants exceeded whatever authorization that they believed they had. See ECF No. 888, JI No. 47, ("If you find that Rimini Street and/or Seth Ravin believed it had authorization to access Oracle America's and/or Oracle International Corporation's computer, and did not exceed that authorized access, then you must find that Rimini Street and/or Seth Ravin did not violate the California Computer Data Access and Fraud Act."); see also, JI No. 53 ("If you find that Rimini Street and/or Seth Ravin believed it had authorization to access Oracle America's and/or Oracle International Corporation's computer, and did not exceed that authorized access, then you must find that Rimini Street and/or Seth Ravin did not violate the Nevada Computer Crimes Law."). The jury heard all the evidence in this case and based on the straight forward language of the jury instructions, must have either concluded that defendants believed that they did not have authorization to take the support documents in the manner that they did, which was through the use of automated downloading tools that they specifically agreed not to use when they accessed the database website, or exceeded any perceived authorization by using automated downloading tools in such an aggressive and continuous manner so that their use of the website was higher than all other Oracle software customers combined during the period from November 2008 through January 2009.
Finally, defendants' entire argument boils down to the nonsensical assertion that their clients granted them the right to do something the clients themselves did not have the right to do, namely, log on to Oracle America's website and take material from the website with prohibited automated tools. This argument is completely
F. Damages Award
Defendants' fourth challenge to the jury verdict is that neither the CDAFA or the NCCL permit for the jury's multi-million dollar damages award. See ECF No. 913. In addition to the $27,000 in investigation and repair damages incurred by Oracle for investigating the website's shutdown and resetting the database servers, the jury awarded Oracle $14.4 million in additional damages as a result of defendants' conduct under both the CDAFA and the NCC; split between Oracle America ($8.8 million) and OIC ($5.6 million). Defendants, outside of their other challenges in this motion, do not separately challenge the propriety of the $27,000 in investigation and repair damages award by the jury. ECF No. 913. However, defendants contend that neither statute authorizes the recovery of the additional $14.4 million in damages awarded by the jury. Further, defendants argue that even if these damages were recoverable under either statute, the jury's award of $14.4 million is completely unsupported by the evidence at trial.
1. Available Damages
Under the CDAFA, a plaintiff who suffers "damage or loss" by reason of a violation of the CDAFA is entitled to "[c]ompensatory damages and injunctive relief or other equitable relief." CAL. PENAL CODE § 502(e)(1). "Compensatory damages shall include any expenditure reasonably and necessarily incurred by the owner or lessee to verify that a computer system, computer network, computer program, or data was or was not altered, damaged, or deleted by the access." Id. Similarly, the NCCL allows for recovery of "damages for any response costs, loss or injury suffered as a result of the crime." NRS § 205.511 "Response costs" are defined as "reasonable costs" that relate to investigating, determining the amount of damage, remedying or preventing future damage, and testing or restoring a computer system.
In their motion, defendants argue that the plain language of these statutes limits the jury award of compensatory damages to only those specified in the statute, namely the $27,000 in reasonable investigation and repair damages awarded by the jury. Defendants contend that the structure of these statutes support a limitation on recoverable damages, because both the CDAFA and the NCCL only specifically mention response and repair costs when defining damages. Further, defendants argue that federal courts, interpreting similar language in the federal computer crimes law statute, have held that a company's lost profits and other corporate economic damages are too far removed from the harm that the statute was designed to protect against to be recoverable under that statute. See e.g., Farmers Ins. Exchange v. Steele Ins. Agency, Inc., 2013 WL 3872950, at *21, 2013 U.S. Dist LEXIS 104606, at *59 (E.D.Cal. July 25, 2013) (holding that damages under the federal computer crimes law are limited to those
The plain, unambiguous language of the CDAFA provides a victim a full range of traditional remedies including "compensatory damages and injunctive relief or other equitable relief." CAL. PENAL CODE § 502(e)(1). Defendants' entire argument is based on a separate sentence which states that "[c]ompensatory damages shall include any expenditures reasonably and necessarily incurred by the owner or lessee to verify" system integrity after a violation. Id. (emphasis added). Defendants want to limit a plaintiff's "compensatory damages" to only the verification and repair damages specifically mentioned by the CDAFA. In doing so they misconstrue the phrase "shall include" as a limitation to damages under the CDAFA. Defendants' interpretation of the statute is directly contrary to the statute's plain language which allows for the recovery of "compensatory damages and injunctive or other equitable relief." See CAL. PENAL CODE § 502(e)(1). Further, under the rules of statutory construction, the word "includes" is a word of enlargement, not limitation. Patton v. Sherwood, 152 Call. App. 4th 339, 346 (2007). Thus, the court finds that the plain terms of the CDAFA allows for the recovery of all compensatory damages, including economic damages. The court's interpretation of the CDAFA is supported by other courts that have examined the statute. See At-Pac, Inc. v. Aptitude Solutions, 730 F.Supp.2d 1174, 1184 (E.D.Cal.2010) (holding that loss under the CDAFA includes both the reasonable costs incurred by the victim as well as lost revenue or other damages incurred as a result of the defendants' conduct).
Similarly, the court finds that the NCCL similarly permits recovery of a company's economic damages. Under the NCCL, a civil plaintiff has a private right of action to recover "[d]amages for any response costs, loss or injury suffered as a result of the crime." NRS § 205.511(1). Damages for "loss" or "injury" under the statute clearly include economic damages that are a result of a defendant's violating conduct.
2. Evidence at Trial
Defendants next argue that even if economic damages are recoverable under the CDAFA and the NCCL, the jury's $14.4 million damages award cannot be sustained because there was no evidence to support Oracle's claim that it lost customers or company profits because of their use of automated downloading tools during a three month period from November 2008 through January 2009. Defendants contend that at trial Oracle offered nothing but a conclusory and demonstrably illogical theory for lost profits, and failed to identify a single customer it lost solely as a result of defendants' automated downloading. Thus, defendants argue that there is no evidence supporting an award of $14.4 million in lost profits, especially in light of the fact that the jury found that Oracle was not entitled to any lost profits damages on its claim for copyright infringement.
The court has reviewed the documents and pleadings on file in this matter and finds that the jury had sufficient evidence from which to infer that defendants' unauthorized taking of technical and support files caused Oracle to suffer economic damages including losing clients to defendants' services. At trial, Oracle proffered evidence from its damages expert Elizabeth Dean ("Dean") that Oracle America
Other evidence presented at trial supported and corroborated Dean's expert testimony. For example, the evidence presented at trial established that Rimini's clients needed a library of support materials in order to properly utilize the software licensed from Oracle. If was further established at trial that it was critical that Rimini be able to offer its new customers the entirety of Oracle's library of support materials, particularly in the 2008-09 period when Rimini was still trying to establish itself as a serious third-party support competitor. At that time, Rimini was under intense pressure to complete the downloading of all support materials — even those not needed or requested by the clients whose login Rimini used to access Oracle America's website — before its newest customers' software support service contracts with Oracle ended. Further, defendants advertised to prospective clients Rimini's ability to completely service all Oracle Enterprise software programs by explaining that Rimini had the full library of support and technical materials for all software programs on its own systems and without a need to access Oracle America's website. Because of defendants' conduct in taking entire libraries of support materials, prior Oracle clients were able to have their Oracle software serviced by defendants at a 50% discount from Oracle's services. Further, Dean testified that the ability for defendants to offer clients full software support services by having complete access to Oracle's technical and support services on their own systems without having to access Oracle America's website before servicing that client caused tangible economic loss and injury to Oracle. Taking all of the evidence in the light most favorable to Oracle as the non-moving party, the court finds that there was sufficient evidence for the jury to conclude that Oracle suffered $14.4 million in economic damages as a result of defendants' conduct. See Pavao, 307 F.3d at 918.
G. Constitutionality Challenges
Defendants' last challenge to the jury verdict relates to the constitutionality of both the CDAFA and the NCCL. In particular, defendants contend that the statutes are unconstitutional on their face, and are also unconstitutional as applied in this action. The court shall address both challenges to the constitutionality of the statutes below.
1. Facial Challenge
"The void-for-vagueness doctrine requires that a penal statute define the criminal offense with sufficient definiteness that ordinary people can understand what conduct is prohibited and in a manner that does not encourage arbitrary and discriminatory enforcement." Kolender v. Lawson, 461 U.S. 352, 357, 103 S.Ct. 1855, 75 L.Ed.2d 903 (1983). If a statute does not meet both of these requirements, then it "fails to meet the requirements of the Due Process Clause," and is unconstitutional on its face. City of Chicago v. Morales, 527 U.S. 41, 56, 119 S.Ct. 1849, 144 L.Ed.2d 67 (1999).
In their Rule 50(b) motion, defendants argue that both the CDAFA and NCCL are unconstitutionally vague because they do not define the underlying
2. As-applied Challenge
Defendants also contend that the CDAFA and NCCL are unconstitutional as applied in this action, and thus, the court should overturn the jury's verdict on these claims.
An as-applied challenge to the constitutionality of a statute is a challenge "under which the [party] argues that a statute, even though generally constitutional, operates unconstitutionally as to him or her because of the [party's] particular circumstance." Tex. Workers' Comp. Comm'n v. Garcia, 893 S.W.2d 504, 518 (Tex.1995). The relevant inquiry in an as-applied challenge is whether the challenged statute is unconstitutionally vague "as applied to the particular facts at issue" such that the challenging party did not have sufficient notice that his or her conduct would be a violation of the statute. Holder v. Humanitarian Law Project, 561 U.S. 1, 18, 130 S.Ct. 2705, 177 L.Ed.2d 355 (2010). Thus, the question for the court to determine in an as-applied challenge is whether defendant had notice that his or her particular conduct could be a violation of the statute. See United States v. Nosal, 676 F.3d 854 (9th Cir.2012) (identifying notice as the key issue for a court in determining whether to extend liability to private computer and company policies).
Defendants' argument effectively asks the court whether they can be found liable under a criminal statute that allows for civil penalties for taking information from a website without authorization when the power to grant, restrict, change, or revoke that authorization is solely within the control of the plaintiff seeking damages under the statute. The short answer is yes. See Craigslist Inc. v. 3Taps Inc., 964 F.Supp.2d 1178, 1184 (N.D.Cal.2013). The long answer, and the inquiry for the court in this action, involves an examination of the notice Oracle communicated to defendants that using automated downloading tools on the website was not authorized.
The Ninth Circuit's interpretation of the phrase "without authorization" in the federal
IT IS THEREFORE ORDERED that defendants' renewed motion for judgment as a matter of law (ECF No. 913) is DENIED.
IT IS SO ORDERED.