Searching over 5,500,000 cases.


searching
Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

Space Systems/Loral, LLC v. Orbital Atk, Inc.

United States District Court, E.D. Virginia, Newport News Division

February 2, 2018

SPACE SYSTEMS/LORAL, LLC Plaintiff,
v.
ORBITAL ATK, INC., Defendant.

          MEMORANDUM OPINION AND ORDER

          Raymond A. Jackson, United states District Judge

         This matter is before the Court on Defendant's Motion to Dismiss pursuant to Federal Rule of Civil Procedure 12(b)(6). Both parties have filed memoranda supporting their respective positions. Having reviewed the parties' filings, this matter is ripe for judicial determination. For the reasons set forth below, Defendant's Motion is GRANTED IN PART AND DENIED IN PART.

         I. BACKGROUND

         Space Systems/Loral LLC, ("SSL" or '"Plaintiff"), is a limited liability company that specializes in the design and manufacturing of geostationary satellites, space systems, and robotics technology. ECF No1. Orbital ATK, Inc., ("Orbital" or "Defendant") is a Virginia based company that performs similar work. Id. at 6. In 2015, the National Aeronautics and Space Administration ("NASA") solicited project proposals through an RFP entitled "Utilizing Public Private Partnerships to Advance Tipping Point Strategies." Id. at 2. This project, commonly referred to as "Tipping Point, " was aimed at expanding opportunities and capabilities in the commercial space industry through public-private partnerships. Id; ECF No. 8 at 8. NASA awarded SSL a contract for its "Dragonfly" project and Orbital for its "CIRAS" project respectively. ECF No. 1 at 3; No. 8 at 8. To facilitate the sharing of information with the various contractors, NASA established the "NX" server. ECF No. 8 at 8.

         On December 6, 2016, NASA informed SSL that a data breach occurred that included proprietary data from SSL located on a NASA NX server at NASA's Langley Research Center. ECF No.1 at 3. NASA provided further updates and informed SSL that an Orbital employee committed the breach. Id. at 4. SSL also learned that at least four files containing its proprietary data had been opened/and or viewed by as many as six Orbital employees. Id. Following up on this information, SSL contacted Orbital regarding the details and scope of the breach, and Orbital provided a response. ECF No. 1 at 4-6; No. 8-2 at I. SSL filed this action seeking judicial intervention to protect its confidential and proprietary information and damages as a result of Orbital's alleged unauthorized access. ECF No. 1 at 5-6.

         II. LEGAL STANDARD

         Federal Rule of Civil Procedure 12(b)(6) provides for the dismissal of actions that fail to state a claim upon which relief can be granted. For purposes of a Rule 12(b)(6) motion, courts may only rely upon the complaint's allegations and those documents attached as exhibits or incorporated by reference. See Simons v. Montgomery Cty. Police Officers, 762 F.2d 30, 31 (4th Cir. 1985). Courts will favorably construe the allegations of the complainant and assume that the facts alleged in the complaint are true. See Erickson v. Pardus, 551 U.S. 89, 93-94 (2007); Mylan Laboratories, Inc. v. Matkari, 7F.3d 1130, 1134 (4th Cir. 1993). A court will only grant a motion to dismiss if "it appears to a certainty that the plaintiff would be entitled to no relief under any state of facts which could be proved in support of his claim." Johnson v. Mueller, 415 F.2d 354 (4th Cir. 1969).

         Although a complaint need not contain detailed factual allegations, "[f]actual allegations must be enough to raise a right to relief above the speculative level on the assumption that all the allegations in the complaint are true." Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555 (2007). If the factual allegations alleged by the plaintiff do not nudge the plaintiffs claims "across the line from conceivable to plausible, their complaint must be dismissed." Id. at 570. A plaintiff however is generally permitted to plead facts based on "information and belief if such plaintiff is in a position of uncertainty because the necessary evidence is controlled by the defendant. See Raub v. Bowen, 960 F. Supp, 2d 602, 615 (E.D. Va. 2013).

         III. DISCUSSION

         Count I: Violation of the Computer Fraud and Abuse Act

         The Computer Fraud and Abuse Act ("CFAA"), 18 U.S.C. § 1030 et seq. (2008), is primarily a criminal statute, see A. V. ex rel Vanderhye v. iParadigms, LLC, 562 F.3d 630, 645 (4th Cir. 2009), but a person who suffers damages or loss may bring a civil action for compensatory damages, injunctive or other equitable relief if the conducts involves one of the factors set forth in (I), (II), (III), (IV), or (V) of subsection (c)(4)(A)(i), [1] see 18 U.S.C. § 1030(g) (2008). Though SSL did not specify the CFAA provisions Orbital violated, SSL states in its Response to the Motion to Dismiss that Orbital violated §§§ 1030(a)(2)(B), (a)(2)(C), and (a)(5)(C).[2] See ECF No. 12 at 20.

         A cause of action under § 1030(a)(2)(B) requires SSL to show that Orbital: (1) intentionally; (2) accessed a computer; (3) without authorization or exceeded its authorized access; and (4) obtained information from a department or agency of the United States; (5) which resulted in a loss to one or more persons during any one-year period aggregating at least $5, 000 in value or damage affecting a computer used by or for an entity of the United States Government in furtherance of the administration of justice, national defense, or national security.

         Likewise, to state a cause of action under § 1030(a)(2)(C), the defendant must have: (1) intentionally; (2) accessed a computer; (3) without authorization or exceeded its authorized access; and (4) obtained information from any protected computer; (5) resulting in a loss to one or more persons during any one-year period aggregating at least $5, 000 in value or damage affecting a computer used by or for an entity of the United States Government in furtherance of the administration of justice, national defense, or national security.

         Lastly, to state a violation of § 1030(a)(5)(C), SSL must assert that Orbital: (1) intentionally (2) accessed a "protected computer" (3) without authorization, and, as a result of such conduct, (4) caused damage and loss (5) to one or more persons during any one-year period aggregating at least $5, 000 in value.

         In its Complaint, SSL alleges that Orbital, through at least one employee, intentionally accessed a computer at NASA Langley, an agency of the United States, without authorization. ECF No. 1 at 16-17. Further, SSL alleges it sustained losses that exceeded $5, 000 in value during a one-year period, and that a computer used by the United States in furtherance of national defense or security was damaged. Id. at 17-18. In opposition, Orbital argues it did not access the information "without authorization" and that SSL fails to sufficiently plead damages or loss. See generally ECF No. 8 at 11. Orbital does not appear to dispute the sufficiency of the other elements however. Accordingly, the Court having reviewed the allegations taken as true and in the light most favorable to the plaintiff, finds that SSL pled sufficient facts to satisfy these elements and will limit its analysis to the elements that Orbital disputes.

         i. "Without Authorization" and "Exceeds Authorized Access"

         The CFAA does not define "without authorization" but defines "exceeds authorized access." "Exceeds authorized access" means "to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter." 18 U.S.C. § 1030 (e)(6) (2008). The United States Court of Appeals for the Fourth Circuit ("Fourth Circuit") has held that these terms should be construed narrowly. See WEC Carolina Energy Sols. LLC v. Miller, 687 F.3d 199, 204 (4th Cir. 2012) (holding that because the statute's provisions apply to civil and criminal actions, the terms are to be construed narrowly). In WEC Carolina Energy Sols. LLC, the Fourth Circuit held that a person accesses a computer "without authorization" when he or she "accesses a computer without permission." 687 F.3d at 206. Moreover, a person "exceeds authorized access" within the meaning of the statute when he or she "has approval to access a computer, but uses his access to obtain or alter information that falls outside the bounds of his approved access." Id. at 204; see also Id. at 206 (holding that a person exceeds authorized access when he or she "obtains or alters information on a computer beyond that which he [or she] is authorized to access.").

         Here, SSL alleges that Orbital accessed its proprietary and confidential information via the NASA NX server, and that the breach occurred because "an employee of another contractor, Orbital ATK, accessed files on NASA's NX Server beyond the files the employee was authorized to view." ECF No. 1 at 3-4. Orbital does not deny the breach occurred, but argues that because the former employee was authorized to access certain files on NASA's NX Server as a part of its work on the CIRAS Tipping Point Project, SSL's propriety and confidential information was not accessed within the statute's meaning. See ECF No. 8 at 11-15; No. 15 at 11-12. In support of its position, Orbital cites State Analysis, Inc. v. American Fin. Servs. Assocs., 621 F.Supp.2d 309 (E.D. Va. 2009), and Securelnfo Corp. v. Telos Corp., 387 F.Supp.2d 593 (E.D. Va. 2005). The Court finds these cases distinguishable however.

         In State Analysis, the court held that the defendant did not "exceed authorization" within the meaning of the CFAA because the complaint did not allege that the defendant had obtained or altered information it was not entitled to: rather the allegation was that the defendant had used the information in an inappropriate way. 621 F. Supp, 2d at 317. In contrast, SSL alleges that an Orbital employee accessed files "beyond the files the employee was authorized to view." See ECF No. 1 at 3-4. Unlike the plaintiff in State Analysis, Inc., SSL alleges that Orbital never received authorization to view its files. For similar reasons, Orbital's reliance on Securelnfo Corp. v. Telos Corp., 387 F.Supp.2d 593 (E.D. Va. 2005) also fails.

         In Securelnfo, a licensee of the plaintiffs software was alleged to have shared the software with a competitor of the plaintiff and the plaintiff sued the competitor for violations of the CFAA. The court held that because the licensee had given the competitor permission to access the software using its license, the competitor could not have intentionally acted without authorization or in excess of its authority within the meaning of the statute. Securelnfo, 387 F.Supp.2d at 609-10. This case is distinguishable however. Unlike the defendant in Securelnfo, that accessed the software through a valid license which permitted authorization, SSL's pleading, that an "employee accessed files on NASA's NX Server beyond the files the employee was authorized to view, " essentially alleges that SSL never granted Orbital access to view its files. See ECF No. 1 at 3-4. Indeed, such an inference is supported by Orbital's own brief which explains that the NX server was set up "[i]n order for NASA to share information with the various contractors working with NASA on their respective Tipping Point projects - including Orbital ATK and SSL." ECF No. 8 at 8 (emphasis added).

         Moreover, Orbital's argument fails because it is contrary to the Fourth Circuit's holding in WEC Carolina Energy Sols. LLC. Indeed, that case was decided after the cases Orbital cites and clarifies the scope of the terms "without authorization" and "exceeds authorized access." The Fourth Circuit held that the terms "without authorization" and "exceeds authorized access" applies when an individual "accesses a computer without permission or obtains or alters information on a computer beyond that which he is authorized to access." WEC Carolina Energy Sols. LLC, 687 F.3d at 206. Here, SSL's allegation that another contractor "accessed files on NASA's NX server beyond the files the employee was authorized to view, " meets the statute's definition of "exceeds authorized access."

         ii. "Damage or ...


Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.