362 F. Supp. 3d 558
E.D. Ill.2019Background
- Authenticom sued CDK and Reynolds alleging anticompetitive refusals to let it access dealer management systems (DMS); a district court granted preliminary injunctions that the Seventh Circuit later vacated.
- Litigation was consolidated in the N.D. Ill.; CDK and Reynolds filed counterclaims against Authenticom asserting unauthorized access, data extraction, and resulting harms.
- Counter-Plaintiffs allege Authenticom obtained dealer login credentials (sometimes by misrepresenting itself), used automated scripts and tools to re-enable disabled accounts and bypass CAPTCHAs, and extracted proprietary DMS data.
- CDK and Reynolds assert causes of action including CFAA and parallel state computer-crime statutes, DMCA circumvention, DTSA/WUTSA trade-secret misappropriation, torts (trespass to chattels, conversion, interference, fraud), unjust enrichment, and California UCL claims.
- Authenticom moved to dismiss many counterclaims under Rule 12(b)(6); the court addressed authorization, statutory elements for computer/DMCA claims, trade-secret pleading, and tort remedies.
Issues
| Issue | Authenticom's Argument | CDK/Reynolds' Argument | Held |
|---|---|---|---|
| Whether Authenticom lacked authorization to access CDK's DMS (predicate for many claims) | MSA language authorizes dealers' agents to access DMS; Authenticom acted as dealers' agent | CDK alleges facts showing no CDK authorization, dealers’ contracts disavow agency, and Authenticom circumvented security and was told to stop | CDK alleged lack of authorization plausibly; agency is a fact question not resolved at dismissal |
| CFAA and parallel state computer-crime claims | Access was authorized via dealers; CDK cannot show "without authorization" | Even if dealers initially authorized access, CDK revoked authorization and put Authenticom on notice; continued access violated statutes | Denied dismissal: allegations support unauthorized access and revocation doctrine under CFAA and state laws |
| DMCA circumvention (§1201) | Using dealer credentials or built-in features doesn't show circumvention; §1201(f)(2) reverse-engineering/interoperability defense applies | Allegations that Authenticom re-enabled disabled IDs, modified scripts to defeat CAPTCHA, and copied data support circumvention and go beyond interoperability | Denied dismissal: pleaded circumvention (bypassing CAPTCHA and re-enabling disabled accounts); §1201(f)(2) is an affirmative defense not pleaded away |
| Trade-secret claims (DTSA/WUTSA) | Alleged information is dealer data or insufficiently specific to be CDK trade secrets | CDK alleges specific categories (forms, accounting rules, tax tables, proprietary tools), secrecy efforts, and misappropriation | Denied dismissal: pleaded trade secrets and misappropriation with sufficient factual particularity for pleading stage |
| Conversion claim (CDK & Reynolds) | Electronic data access and system burdens suffice for conversion | Counter-Plaintiffs allege interference, diminished performance, and costs | Dismissed without prejudice: alleged interference insufficiently serious to require payment of full value of chattel under Wisconsin law; court questions expansion of conversion to electronic records |
| Other torts and remedies (trespass, tortious interference, fraud, unjust enrichment, CA UCL) | Various: lack of authorization negates these claims or shows no conferral of benefit | Counter-Plaintiffs pleaded unauthorized access, inducement to breach, misrepresentations, and economic harms | Most non-conversion claims survive: trespass, interference, fraud, unjust enrichment, and CA UCL claims withstand dismissal (subject to further development) |
Key Cases Cited
- Verizon Commc'ns Inc. v. Law Offices of Curtis V. Trinko, 540 U.S. 398 (2004) (antitrust: no general duty to deal with rivals)
- Pacific Bell Tel. Co. v. Linkline Commc'ns, Inc., 555 U.S. 438 (2009) (antitrust remedy: set agreement aside, not impose duty to deal)
- Authenticom, Inc. v. CDK Global, LLC, 874 F.3d 1019 (7th Cir. 2017) (vacating preliminary injunction; cautioning against imposing duty to deal)
- Facebook, Inc. v. Power Ventures, Inc., 844 F.3d 1058 (9th Cir. 2016) (CFAA: authorization can be revoked; continued access after revocation unlawful)
- LVRC Holdings LLC v. Brekka, 581 F.3d 1127 (9th Cir. 2009) (CFAA authorization principles)
- Craigslist Inc. v. 3Taps Inc., 964 F. Supp. 2d 1178 (N.D. Cal. 2013) (CFAA: owner can revoke permission; scraping after revocation violates CFAA)
- Ticketmaster L.L.C. v. Prestige Entm't, Inc., 306 F. Supp. 3d 1164 (C.D. Cal. 2018) (DMCA/CAPTCHA and bot-bypassing constitute circumvention)
- In re Dealer Mgmt. Sys. Antitrust Litig., 313 F. Supp. 3d 931 (N.D. Ill. 2018) (prior Rule 12(b)(6) rulings in consolidated litigation)