MEMORANDUM & ORDER
This is an action for injunctive relief and monetary damages for the alleged violation of the Lanham Act and misappropriation and misuse of confidential business information and trade secrets. The defendants have moved to dismiss three counts of the complaint.
I. Factual Background
The plaintiffs in this сase, Guesb-Tek Interactive Entertainment Inc. and GuestTek Interactive Entertainment Ltd. (collectively, “Guesb-Tek”) have brought suit against their former employee Thomas Pullen (“Pullen”) and his new company, PureHD Inc. (“PureHD”). According to the plaintiffs’ Verified Complaint (“the Complaint”), Pullen was emplоyed by Guesb-Tek for over two years as its Vice President of North American Sales. By virtue of his position, Pullen was involved in all aspects of Guesb-Tek’s sales and marketing efforts and had access to its confidential and proprietary information and trade secrets. Guest-Tek alleges that prior to Pullen’s resignation on May 3, 2009, for a period of approximately eight months, Pullen surreptitiously transposed thousands of Guest-Tek computer files onto his personal USB device and conspired with one of Guest-Tek’s largest competitors to launch PureHD, a comрany which now competes with Guesb-Tek.
According to the Complaint, Pullen, as the President and founder of PureHD, has made a series of false and misleading statements designed to deceive the hospitality industry. PureHD purportedly asserts that it is the only company which can provide cеrtain services despite the fact that Guesb-Tek contends that it offers those same services as well.
Guest-Tek’s complaint alleges six counts against Pullen: 1) Violation of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (Count II), 2) Breach of the duty of loyalty (Count IV), 3) Misrepresentation (Count V), 4) Breach of the implied covenant of good faith and fair dealing (Count VI), 5) Unjust enrichment (Count XIII) and 6) Violation of the Massachusetts Consumer Protection Act, M.G.L. c. 93A, § 11 (“Chapter 93A”) (Count X). The Complaint also alleges two counts against Pu *44 reHD: Violation of the Lanham Act (Count I) and Violation of Chapter 93A (Count IX). Finally, the Complaint alleges two counts against both defendants: Misappropriation of Trade Secrets in violation of M.G.L. c. 93, § 42 and 42A (Count III) and Conversion (Count VII). The defendants have moved to dismiss Counts II, IX and X of the Complaint.
II. Legal Analysis
A. Standard of Review
To survive a motion to dismiss, a complaint must contain sufficient factual mаtter, accepted as true, to “state a claim to relief that is plausible on its face.”
Bell Atlantic Corp. v. Twombly,
Although a court must accept as true all of the factual allegations contained in a complaint, that doctrine is not, however, applicable to legal conclusions.
Ashcroft v. Iqbal,
— U.S. —,
B. Application
1. Computer Fraud and Abuse Act (Count II)
An individual is liable under the Computer Fraud and Abuse Act (“the CFAA”) if he
knowingly and with the intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value.
18 U.S.C. § 1030(a)(4). Accordingly, a prerequisite to a claim under the CFAA is proof that the accused party either accessed a protected computer “without authorization” or “exceeded” his “authorized access.” The defendants challenge whether the allegations in Guest-Tek’s complaint establish either of those elements.
The phrase “without authorization” is not defined in the CFAA. To “exceed authorized access” is defined as “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.” 18 U.S.C. § 1030(e)(6). The defendants contend that accessing a computer “without authorization” occurs only when initial authorization is not permitted and “exceeding] authorized access” occurs only when general access is permitted but access of certain information is restricted.
The defendants argue that the factual allegations in the Complaint contradict any conclusion that Pullen’s access was “without authorization” or that he “exceeded] authorized access.” As the Vice President of North American Sales, Pullen had full and unrestricted access to all of the information at issue in the case, including *45 Guest-Tek’s customer account information, pricing, terms, customer preferences, internal financial information, marketing plans and strategies, business plans, pending proposals, contract documents and technical capabilities.
In response, Guest-Tek asserts that Pullen’s alleged breach of his fiduciary duty of loyalty to Guest-Tek (by copying files and secretly planning a competitive venture while still employed) effectively extinguished his authorization to access Guest-Tek computers. See International Airport Centers v. Citrin, 440 F.8d 418, 419-21 (7th Cir.2006) (Posner, J.) (holding that an employee acted “without authorization” when he accessed a computer with the intent to destroy company information because his brеach of his duty of loyalty terminated his authority to access the laptop). Relying on Citrin, Guest-Tek contends that, because Pullen’s initial authorization to access Guest-Tek’s confidential information was premised on the agency relationship between the parties, breaching his duty of loyalty ended that relationship and constructively terminated his authorization to access Guest-Tek’s files.
The parties’ dispute reflects two lines of cases interpreting the meaning of “authorization.” The first position, advocated by the defendants, espouses a narrоw interpretation of the CFAA, holding that the phrase “without authorization” only reaches conduct by outsiders who do not have permission to access the plaintiffs’ computer in the first place.
See, e.g., Shamrock Foods v. Gast,
The defendants contend that the plain language of the CFAA and its legislative history support the more narrow view that the CFAA applies only to those lacking initial authorization and not those who subsequently misuse or misappropriate information. Although the First Cirсuit Court of Appeals has not directly addressed the meaning of “without authorization” or “exceeded authorization,” it has favored a broader reading of the CFAA than that which the defendants now urge.
See EF Cultural Travel BV v. Explorica, Inc.,
Moreover, as the plaintiffs urge, а narrow reading of the CFAA ignores the consistent amendments that Congress has enacted to broaden its application. Although the majority of CFAA cases still involve “classic hacking activities,” the CFAA’s reach has been expanded in the past two decades by the enactment of a private cause of action and a more liberal judicial interpretation of the statutory provisions. As the Third Circuit has noted,
*46 Employers ... are increasingly taking advantage of the CFAA’s civil remedies to sue former employees and their new companies who seek a competitive edge through wrongful use of information from the former employer’s computer system.
P.C. Yonkers, Inc. v. Celebrations the Party and Seasonal Superstore, LLC,
Accordingly, the Court concludes that Guest-Tek has alleged sufficient facts to state a claim that Pullen’s use and abuse of Guest-Tek’s proprietary information was “without authorization” or in excess of his “authorized access.” Defendants’ motion to dismiss will, thereforе, be denied.
2. Violation of Chapter 93A
a. Pullen (Count X)
Chapter 93A provides a private cause of action to
any person who engages in the conduct of any trade or commerce and who suffers any loss of money or property ... as a result of the use or employment by another person who engages in any trade or commerce of an unfair method of cоmpetition or an unfair or deceptive act or practice.
M.G.L. c. 93A, § 11. The defendants maintain that conduct arising from an employment relationship cannot form the basis for a claim under Chapter 93A because 1) the relationship between employee and employer is purely private in nature and does not occur in “trade or commerce,”
see Manning v. Zuckerman,
There is ample evidence to support the defendants’ assertion.
See Manning,
388 Mass, at 11-12,
Next, the plaintiffs contend that not all disputes involving employers and employees fall outside the scope of Chapter 93A. In support of that proposition, they cite
Peggy Lawton Kitchens Inc. v. Hogan,
Finally, the plaintiffs argue that their claim does not fall under the “intra-enterprise exception” to Chapter 93A because it arose not from a private employment contract or nоn-compete agreement but from Pullen’s breach of his common law and statutory duties. The cases cited by the plaintiffs are unavailing, however, because in those cases, the former employees’ misconduct occurred post-employment, not during the course of the employment relationship. Moreover, although the dispute between Pullen and Guest-Tek did not originate from the breach of a private employment contract or non-compete agreement, the primary relationship between the parties was one of employee and employer. Accordingly, the plaintiffs’ Chapter 93A claim against the individual defendant will be dismissed.
b. PureHD (Count IX)
The defendants also contend that Guest-Tek has failed to allege sufficient facts to support its claim that PureHD, Pullen’s new employer, violated Chapter 93A. They assert that because Guest-Tek’s claim against PureHD stems from Pullen’s former employment relationship with Guest-Tek, it must fail for the same reasons that Guest-Tek’s Chapter 93 claim against Pullen is defective. In short, the defendants rely on the “intra-enterprise” exception again.
This time the argument falls short. Althоugh the plaintiffs’ claim against Pullen is precluded by the intra-enterprise exception, that exception does not apply to PureHD which never had an employment relationship with Guest-Tek.
See Peggy Lawton,
ORDER
In accordance with the foregoing, defendants’ motion to dismiss (Docket No. 13) is:
1) with respect to Count X, ALLOWED, but
2) with respect to Counts II and IX, DENIED.
So ordered.