MEMORANDUM OPINION
Plaintiff, David Egilman, brings this action against defendants, Keller and Heck-man LLP (“K & H”), Douglas J. Behr, and Jones Day, alleging violations of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030, the Digital Millennium Copyright Act of 1998, 17 U.S.C. §§ 1201 et seq., and various common law causes of action. Presently before the court are a motion to dismiss for failure to state a claim and improper venue [# 9], filed by Jones Day (“Jones Day Mot.”), and a motion for judgment on the pleadings [# 11], filed by K & H and Behr (“K & H Mot.”). Upon consideration of the motions, the oppositions thereto, and the record of the case, the court concludes that the motions should be granted'.
I. BACKGROUND
Egilman, a medical doctor with a clinical practice in Massachusetts and associate professor at Brown University, has testified as an expert in numerous toxic tort cases. His involvement in one of those cases, Ballinger v. Brush Wellman, Inc., in Colorado state court, sparked the present litigation. In Ballinger, Egilman was designated as a testifying expert on behalf of the plaintiff, and Jones Day represented the defendant. In the course of that litigation, the judge issued an order prohibiting extrajudicial statements. This order, dated May 30, 2001, precluded, inter alia, *108 anyone involved in the Ballinger litigation (including expert witnesses) “from publishing any statements on Internet websites over which they have control concerning the trial proceedings, concerning any opposing party or any opposing party’s counsel, or concerning any witnesses or evidence in the ease.” Jones Day Mot., Exh. A at 3. The court later found that Egilman “knowingly, deliberately, intentionally and wilfully” violated this order by posting “scurrilous and inflammatory statements” on his personal website 1 and sanctioned him accordingly. Jones Day Mot., Exh. B at l. 2
Egilman alleges the statements on his website that gave rise to the sanctions order were misappropriated by the defendants when they “without authorization, gained access to ... areas of Dr. Egil-man’s Computer and Website that were protected by a username/password combination.” Ver. Compl. ¶ 15. 3 Specifically, Egilman alleges that K & H and Behr, a partner at K & H, obtained the user-name/password combination 4 to Egilman’s website without authorization and later disclosed that information to a partner at Jones Day. Jones Day, according to Egil-man, later used the username/password combination to gain “improper and illegal” access to Egilman’s website. Id. Egilman alleges that the defendants “improperly and illegally reviewed and printed information” from his website and used that information “to besmirch [his] reputation and compromise the effectiveness of [his] testimony against their clients.” Id. ¶ 17.
On June 11, 2002, Egilman filed a complaint in Texas state court, claiming that Jones Day “engaged in conversion, trespass to personalty, and business disparagement” when its attorneys and their agents broke into his computer and accused Egilman of violating the Ballinger court’s order prohibiting extrajudicial statements. Jones Day Mot., Exh. D, at 4. On March 10, 2004 — after the case was transferred to another venue in Texas, after multiple discovery disputes, and after at least five amendments to the original complaint 5 — Egilman voluntarily dismissed the case without prejudice.
Almost three months later, on May 28, 2004, Egilman filed the present action in this court. The verified complaint, based on the same underlying factual background as the Texas suit, alleged that the defendants violated the Computer Fraud and Abuse Act, 18 U.S.C. § 1030, the Digi *109 tal Millennium Copyright Act of 1998, 17 U.S.C. §§ 1201 et seq., and various common law causes of action. Jones Day responded by filing a motion to dismiss under Fed.R.Civ.P. 12(b)(6) for failure to state a claim and under Fed.R.Civ.P. 12(b)(3) for improper venue. K & H and Behr answered the complaint and filed a motion for judgment on the pleadings pursuant to Fed.R.Civ.P. 12(c). Those motions are the subject of the present memorandum opinion.
II. ANALYSIS
A. Legal Standard
A motion to dismiss under Rule 12(b)(6) is appropriate “only if it is clear that no relief could be granted under any set of facts that could be proved consistent with the allegations.”
Martin v. Ezeagu,
The standard to be applied to K & H’s Rule 12(c) motion for judgment on the pleadings is the same as that under Rule 12(b)(6).
Dale v. Exec. Office of the President,
While the standard of review under Rule 12 is important for our purposes, equally relevant is the scope of such a determination. In evaluating both a Rule 12(b)(6) motion to dismiss and a Rule 12(c) motion for judgment on the pleadings, the court is limited to considering facts alleged in the complaint, any documents either attached to or incorporated in the complaint, matters of which the court may take judicial notice,
St. Francis Xavier Parochial Sch.,
B. Egilman’s Computer Fraud and Abuse Act Claim
Count One of Egilman’s complaint alleges that defendants “knowingly and with intent to defraud, obtained, used and transferred an unauthorized user-name/password combination” in violation of the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030. Ver. Compl. ¶¶ 25-28. Congress passed the CFAA in 1984 to address the problem of computer crime. As originally enacted, the CFAA provided solely for criminal penalties against the violators of its provisions. It was not until enactment of the Computer Abuse Amendments Act of 1994 that Congress created a civil cause of action, and then only when certain prerequisites were met. See 18 U.S.C. § 1030(g). Subsection (g) of the CFAA, the section providing for a civil cause of action, states that “[n]o action may be brought ... unless such action is begun within 2 years of the date of the act complained of or the date of discovery of the damage.” 18 U.S.C. § 1030(g). Defendants claim that Egilman failed to file his complaint within this two-year period, and, therefore, his CFAA claim should be dismissed. Jones Day Mot. at 8; K & H Mot. at 7-9. The court agrees. 6
The face of Egilman’s complaint indicates that the “act complained of’ occurred in June 2001, when defendants assertedly accessed Egilman’s website without his authorization. Ver. Compl. ¶ 15. Egilman discovered the damage caused by this act by, at the latest, June 22, 2001, when the Ballinger court imposed sanctions against him. Id. ¶26; Jones Day Mot. Exh. B. Because his complaint was not filed in this court until May 28, 2004, almost three years after both the date of the act complained of and the date of the discovery of the damage, Egilman’s CFAA claim is untimely.
In his opposition to defendants’ motions, Egilman does not dispute that the statute of limitations began to run in June 2001. Rather, he asserts that he is entitled to equitable tolling of the statutory deadline because “despite his due diligence, Dr. Eg-ilman’s efforts to obtain vital information bearing on the existence of his claim were repeatedly thwarted.” Pl.’s Opp’n at 18. While Egilman admits that he “knew as of June 2001 that Jones Day had obtained access to his website,” id. at 19, he claims that he “did not become aware of the essential facts of his CFAA claim” until November 20, 2002, when, during the' course of a deposition,, he was informed of the means by which Jones Day obtained access to his website, as well as K & H’s and Behr’s involvement in that allegedly *111 illegal scheme. Id. at 21. Accordingly, Egilman contends that by filing his complaint within eighteen months of his discovery of this information, his complaint was “well within the limitations period.” Id.
The doctrine of equitable tolling, which permits a plaintiff to avoid the bar of the statute of limitations period in situations where the plaintiff is unable to discover the existence of a claim despite the use of due diligence, should “be exercised only in extraordinary and carefully circumscribed instances.”
Smith-Haynie v. District of Columbia,
Moreover, equitable tolling “does not bring about an automatic extension of the statute of limitations by the length of the tolling period.”
Phillips v. Heine,
Applying these principles, the D.C. Circuit has held that a plaintiff is not entitled to the benefit of the equitable tolling doctrine when the limitations period has not run by the time the plaintiff discovers all the facts necessary to support her claim. For example, in
Phillips,
the plaintiff discovered the necessary facts on February 26, 1990, and the statute of limitations, without any tolling, expired on March 21, 1990.
Id.
Because nothing had prevented the plaintiff “from gathering information in the preceding years,” and because “more than three weeks remained” in the limitations period after all the necessary facts were discovered, the D.C. Circuit concluded there was not “any need to extend the statute at all.”
Id.
Accordingly, the D.C. Circuit affirmed the district court’s decision to dismiss the case on the ground that it was time-barred.
Id.; see also Cada,
Even assuming that Egilman has met his high burden of establishing that circumstances justifying tolling are present in this case, the holding in Phillips would preclude its application under the facts of this case. Egilman states that he learned by November 2002 all additional facts necessary to file his claim. By that date, the statute of limitations period still had over seven months before it expired. Egilman failed to file his complaint within those seven months; rather, he waited a year and a half. Under these facts and D.C. Circuit precedent, the court concludes *112 that equitable tolling is not merited and Egilman’s CFAA claim is barred by the statute of limitations.
C. Egilman’s Digital Millennium Copyright Act Claim
In Count Two of his complaint, Egilman alleges that defendants violated the Digital Millennium Copyright Act of 1978 (“DMCA”), 17 U.S.C. §§ 1201,
et seq.,
by “circumventing] the technical measures Dr. Egilman installed on his website to restrict access to his copyright protected work.” Ver. Compl. ¶ 31. Congress enacted the DMCA in 1998 “to strengthen copyright protection in the digital age.”
Universal City Studios, Inc. v. Corley,
[T]o “circumvent a technological measure” means to descramble a scrambled work, to decrypt a encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner.
Id. •§ 1201(a)(3)(A).
In his Verified Complaint, Egilman alleges that he restricted access to the copyright-protected work on his website by using. a username/password combination. Ver. Compl. .¶ 11. He further alleges that, by gaining access to his website using an unauthorized but valid password, defendants circumvented the technological measures in place on his computer, thereby violating Section 1201(a)(1) of the DMCA.
Id.
¶¶ 23, 31. The precise issue raised by these allegations — whether accessing a computer system through the unauthorized use of a valid password constitutes circumvention of a technological measure in violation of the DMCA — has only been addressed by one other federal court, which held that doing so did not violate the anti-circumvention provision of the DMCA.
I.M.S. Inquiry Mgmt. Sys., Ltd. v. Berkshire Info. Sys., Inc.,
In I.M.S., the plaintiff was a company that .collected advertising tracking information, primarily for publishers and advertisers. Id. at 523. One of the services provided by the plaintiff was a web-based service allowing its customers to track magazine subscriptions on the internet. Id. This service was available only to the plaintiffs clients, who were required to enter an authorized username and password combination before they could access the website. Id. According to the I.M.S. plaintiff, the defendant, a competitor that provided similar advertising tracking services, accessed'its website and copied information for the defendant’s own business. Id. The plaintiff alleged that the defendant had obtained the username and password from a third party that had been authorized by the plaintiff to access the website. This action, according to the plaintiff, violated the DMCA’s prohibition on circumventing technological measures to protect a copyrighted work.
In determining whether this access constituted a violation of § 1201 of the DMCA, the I.M.S. court held that the plaintiffs password system was within the definition of “ ‘technological measure’ ” as the term is defined in the DMCA. Id. at 531-32. Nonetheless, the court concluded that the plaintiffs allegations did not constitute circumvention under the DMCA because, although the defendant’s actions bypassed permission to access plaintiffs copyrighted works, they were not a circumvention of the technological means to protect the copyrighted material. Id. at *113 532. In reaching this holding, the I.M.S. court stated:
Circumvention requires either deseram-bling, decrypting, avoiding, bypassing, removing, deactivating or impairing a technological measure qua technological measure. In the instant matter, defendant is not said to have avoided or bypassed the deployed technological measure in the measure’s gatekeeping capacity. The Amended Complaint never accuses defendant of accessing the [website] without first entering a plaintiff-generated password.
More precisely and accurately, what defendant avoided and bypassed was permission to engage and move through the technological measure from the measure’s author. Unlike the CFAA, a cause of action under the DMCA does not accrue upon unauthorized and injurious access alone; rather, the DMCA targets the circumvention of digital walls guarding copyrighted material.
Id. (emphases in original, citations omitted).
The court further noted that the “[defendant did not surmount or puncture or evade any technological measure [when accessing the plaintiffs website]; instead, it used a password intentionally issued by plaintiff to another entity.” Id. at 532-33. In such situations, the court concluded that “[w]hatever the impropriety of defendant’s conduct, the DMCA and the anti-circumvention provision at issue do not target this sort of activity.” Accordingly, the court dismissed the plaintiffs DMCA claim. Id. at 533.
Defendants cite I.M.S. to support their contention that Egilman’s DMCA claim should be dismissed, arguing that accessing Egilman’s website without authorization, but with a valid user-name/password combination, does not constitute circumvention for purposes of imposing DMCA liability. In his opposition, Egilman argues that reliance on I.M.S. is inappropriate because it was both wrongly decided and is factually distinguishable. The court disagrees with both arguments and will dismiss Egil-man’s DMCA claim.
First, I.M.S. was correctly decided. Circumvention, as defined in the DMCA, is limited to actions that “descramble,” “decrypt,” “avoid, bypass, remove, deactivate or impair a technological measure.” 17 U.S.C. § 1201(a)(3). What is missing from this statutory definition is any reference to “use” of a technological measure without the authority of the copyright owner, and the court declines to manufacture such language now. As such, the court concludes that using a username/password combination as intended — by entering a valid username and password, albeit without authorization — does not constitute circumvention under the DMCA.
Second, I.M.S. is not factually distinguishable so as to preclude its application to this case. Egilman contends that the holding in I.M.S. does not apply here because the username/password combination in I.M.S. was legitimately issued by the plaintiff to a third party, whereas in this case no such allegation exists. Simply put, this is a distinction without a difference. The important aspect of the holding in I.M.S. was that the authorized use of a technological measure does not constitute circumvention for purposes of the DMCA. It was irrelevant who provided the user-name/password combination to the defendant, or, given that the combination itself was legitimate, how it was obtained.
Moreover, there is no dispute in this case that the username/password combination used by defendants to enter Egil-man’s website without authorization was validly created by Egilman himself.
See
*114
Ver. Compl. ¶ 11 (“an authorized user-name/password” was created to restrict access to his website);
id.
¶¶ 15-16 (defendant used a “username/password combination” to “gain access” to Egilman’s website). Further, Egilman admitted that he “created the user name ‘brown’ and the password ‘student’ to allow access to my computer,” K & H Mot., Exh. E at 2, and that this password was used by defendants to access his website.
Id.
at 3. Accordingly, because Egilman’s allegations demonstrate that “an otherwise legitimate, owner-issued password,”
I.M.S.,
Because Egilman’s complaint and the matters of which the court may take judicial notice make clear that the user-name/password combination used to access Egilman’s website itself was authorized, the “technological measure” employed by Egilman to control access to his computer was not “circumvented” by defendants. Accordingly, the court will dismiss Egil-man’s DMCA claim.
D. Egilman’s State Law Claims
In Count Three, Egilman alleges that the defendants violated the laws of the District of Columbia and the states of Massachusetts and Texas when they allegedly gained access and removed the confidential information from Egilman’s computer. Ver. Compl. ¶¶ 33-35. The jurisdictional basis for this claim is conferred by 28 U.S.C. § 1367 — the supplemental jurisdiction statute. Ver. Compl. ¶ 1. In
United Mine Workers v. Gibbs,
As Egilman’s claims based on federal law have been dismissed, there is no reason for the court to exercise pendant jurisdiction over the remaining state law claims. Accordingly, the Court declines to exercise pendent jurisdiction over Egilman’s state law claims and dismisses them without prejudice. 7
III. CONCLUSION
Accordingly, the motion to dismiss, filed by Jones Day, is GRANTED, and the motion for judgment on the pleadings, filed by Keller and Heckman LLP and Douglas J. Behr, is GRANTED. An appropriate order accompanies this memorandum opinion.
ORDER
For the reasons stated in the court’s memorandum opinion docketed this same day, it is this 10th day of November, 2005,' hereby
*115 ORDERED that judgment is entered for defendants and against plaintiff.
Notes
. According to Egilman's affidavit from the Texas state court proceedings, Egilman’s website was accessible by himself, members of his staff, dues-paying subscribers (including corporations, companies, law firms, lawyers, and other individuals), and his students. K & H Mot., Exh. E at 2.
. The portion of the order that barred Egil-man from future appearances at that court was vacated on appeal. However, the remainder of the sanctions order was affirmed, including the orders striking Egilman's testimony and instructing the jury to disregard his testimony in its entirety. Jones Day Mot., Exh. C.
. Egilman also alleges that the statements were "demonstrably false” and were entered "to enable him to know, if the documents ever appeared in the public domain, that the Website security has been compromised." Ver. Compl. ¶ 14.
. The username used to access Egilman’s website was "brown”; the password was "student.” K & H Mot., Exh. E at 2. This combination was created by Egilman in 1998 or 1999 "to allow access to [his] computer to approximately 15 students” that he "taught at Brown University.” Id.
. The original complaint in the Texas state court action did not name K & H or Behr as defendants. However, they were added as defendants December 16, 2002, when Egil-man filed his Second Amended Petition.
. A defendant may raise the affirmative defense of statute of limitations by a Rule 12(b)(6) motion when the facts that give rise to the defense-are clear from the face of the complaint.
Smith-Haynie v. District of Columbia,
. Because the court dismisses all of plaintiff’s claims under Rules 12(b)(6) and 12(c), it need not consider Jones Day’s improper venue argument.