Ispot.TV, Inc. v. Nadya Teyfukova

• Court: District Court, C.D. California
• Decided: May 22, 2023
• Docket: 2:21-cv-06815
• Status: Unknown

Opinion

1 O 2

4 UNITED STATES DISTRICT COURT 5 CENTRAL DISTRICT OF CALIFORNIA 6

7 ISPOT.TV, INC., Case No.: 2:21-cv-06815-MEMF(MARx) 8 Plaintiff, 9 v. ORDER GRANTING DEFENDANTS NADYA TEYFUKOVA AND 10 ENTERTAINMENT DATA ORACLE, INC.’S 11 MOTION TO DISMISS [ECF NO. 75] AND NADEZHDA TEYFUKOVA a/k/a NADYA DENYING PLAINTIFF ISPOT.TV, INC’S 12 TEYFUKOVA, AND ENTERTAINMENT REQUEST FOR CERTIFICATION FOR DATA ORACLE, INC., INTERLOCTORY APPEAL [ECF NO. 79] 13 Defendants.

16 17 18 19 Before the Court is the Motion to Dismiss Plaintiff’s Digital Millennium Copyright claim 20 filed by Defendants Nadezhda Teyfukova and Entertainment Data Oracle, Inc. ECF No. 75. Also 21 before the Court is the Request for Certification for Interlocutory Appeal, filed by Plaintiff iSpot.TV, 22 Inc. ECF No. 79. For the reasons stated herein, the Motion to Dismiss is GRANTED. The Request 23 for Certification for Interlocutory Appeal is DENIED. 24 25 26 27 / / / 28 / / / 1 I. Factual and Procedural Background1 2 The Court previously summarized the case background in its Order Granting in Part and 3 Denying in Part Defendants’ Motions to Dismiss. ECF No. 71 (“Order”). As such, the Court only 4 recites the factual and procedural background as it is relevant to the instant Motion. 5 A. Factual Background 6 Plaintiff iSpot.tv, Inc. (“iSpot”) is a data and analytics company which provides its clients 7 with real-time television advertising data and analytics. SAC ¶ 2. iSpot stores its data in a database 8 (the “Database”) that is only accessible to customers that have entered into a subscription agreement 9 (“Agreement”) and pay a subscription fee. Id. The Agreement binds all customers to iSpot’s terms of 10 service. Id. Customers can only access the Database with a “unique account login and security 11 credentials associated with a specific customer and that customer’s subscription.” Id. 12 Defendant Entertainment Data Oracle, Inc. (“EDO”) is a “data, measurement, and analytics 13 company that advances the success of marketing, research, and creative professionals.” Id. EDO 14 provides companies with “insights” into the efficacy of TV ads, specifically as the data relates to 15 consumer engagement and purchase activity. Id. ¶ 24. 16 From 2014 to 2017, EDO and iSpot entered into three Agreements, granting EDO access to 17 the Database. See id. ¶¶ 3–5. However, EDO—in violation of the Agreements—downloaded tens of 18 thousands of iSpot’s ads and data. Id. ¶ 7. In 2018, upon expiration of iSpot and EDO’s final 19 Agreement, EDO launched two new products: the “TV Ad Database” and the “TV Ad Engagement” 20 platforms. Id. ¶ 8. Both products appear to compete with the Database. Id. 21 Defendant Nadezhda Teyfukova a/k/a Nadya Teyfukova (“Teyfukova”), is an EDO 22 employee. Id. ¶ 9. Prior to joining EDO in 2019, Teyfukova was an employee of Horizon Media 23 (“Horizon”), a media services agency that provided services to an iSpot customer. Id. ¶¶ 51–52. As 24 part of her role at Horizon, Teyfukova was granted login credentials (the “Horizon credentials”) to 25 the Database, including a username linked specifically to her Horizon email address, 26 nteyfukova@horizonmedia.com. Id. ¶¶ 51–52. 27 28 1 Unless otherwise indicated, the following facts are derived from the Second Amended Complaint. ECF No. 1 Teyfukova was “only permitted to use these login credentials” for the explicit purpose of 2 accessing iSpot’s database in the course of her work for Horizon’s customer. Id. ¶ 52. In September 3 2019, Teyfukova left Horizon for her current role at EDO. Id. ¶ 54. At EDO, she continued to use the 4 Horizon credentials during typical work hours, to access the iSpot database, doing so over 150 times 5 including many times from EDO’s Culver City location and her personal home in Los Angeles. Id. 6 ¶¶ 9, 54–55. She accessed and downloaded over 40 reports related to the movie industry. Id. ¶¶ 55– 7 56. 8 B. Procedural Background 9 On August 24, 2021, iSpot filed its initial complaint against Teyfukova pleading the 10 following: (1) violation of the Defend Trade Secrets Act, 18 U.S.C. § 1836, et seq.; (2) 11 misappropriation of trade secrets, CAL. CIV. CODE § 3426.1, et seq.; and (2) violation of the Digital 12 Millennium Copyright Act, 17 U.S.C. § 1201, et seq. (“DMCA”) ECF No. 1. On February 7, 2022, 13 see ECF Nos. 23, 28, Teyfukova filed a motion to dismiss. ECF No. 34. 14 On April 15, 2022, the EDO Defendants filed a motion to dismiss all four claims for failure 15 to state a claim. ECF No. 55. On October 3, 2022, EDO filed an additional motion to dismiss 16 pursuant to Federal Rule of Civil Procedure 12(b)(1) seeking dismissal of iSpot’s breach of contract 17 claim for lack of subject matter jurisdiction. ECF No. 62. On January 25, 2023, the Court issued an 18 order granting in part and denying in part the EDO Defendants’ Motion to Dismiss for failure to 19 state a claim, and denied EDO’s Motion to Dismiss for lack of subject matter jurisdiction. See 20 generally Order. The Court granted the Motion to Dismiss as to iSpot’s DMCA claim with leave to 21 amend. Id. at 17–22. 22 On February 24, 2023, iSpot filed a timely SAC. See SAC. On March 20, 2023, the EDO 23 Defendants filed a Motion to Dismiss the DMCA claim. ECF No. 75 (“Motion” or “Mot.”). The 24 Motion was fully briefed as of April 14, 2023. ECF Nos. 79 (“Opposition” or “Opp’n”); 81 25 (“Reply”). The Court heard oral argument on May 4, 2023. 26 27 / / / 28 / / / 1 II. Applicable Law 2 A. Motion to Dismiss pursuant to Rule 12(b)(6) 3 Under Federal Rule of Civil Procedure Rule 12(b)(6), a party may file a motion to dismiss 4 for “failure to state a claim upon which relief can be granted.” FED. R. CIV. P. 12(b)(6). The purpose 5 of Rule 12(b)(6) is to “enable defendants to challenge the legal sufficiency of claims asserted in a 6 complaint.” Rutman Wine Co. v. E. & J. Gallo Winery, 829 F.2d 729, 738 (9th Cir. 1987). A district 7 court may properly dismiss a claim under Rule 12(b)(6) if the complaint fails to allege sufficient 8 facts to support a cognizable legal theory. Caltex Plastics, Inc. v. Lockheed Martin Corp., 824 F.3d 9 1156, 1159 (9th Cir. 2016). 10 “To survive a motion to dismiss, a complaint must contain sufficient factual matter . . . to 11 ‘state a claim for relief that is plausible on its face.’” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) 12 (quoting Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007)). “The plausibility standard is not 13 akin to a ‘probability requirement,’ but it asks for more than a sheer possibility that a defendant has 14 acted unlawfully.” Id. While a complaint does not need detailed factual allegations, a plaintiff’s 15 obligation to provide the grounds of his entitlement to relief requires more than “threadbare recitals 16 of the elements of a cause of action.” Id. at 678. “Determining whether a complaint states a plausible 17 claim for relief is ‘a context-specific task that requires the reviewing court to draw on its judicial 18 experience and common sense.’” Ebner v. Fresh, Inc., 838 F.3d 958, 963 (9th Cir. 2016) (quoting 19 Iqbal, 556 U.S. at 679). 20 When evaluating a complaint under Rule 12(b)(6), the court “must accept all well-pleaded 21 material facts as true and draw all reasonable inferences in favor of the plaintiff.” Caltex, 824 F.3d at 22 1159; Manzarek v. St. Paul Fire & Marine Ins. Co., 519 F.3d 1025, 1031 (9th Cir. 2008) (“We 23 accept factual allegations in the complaint as true and construe the pleadings in the light most 24 favorable to the nonmoving party.”). This tenet, however, is “inapplicable to legal conclusions.” 25 Iqbal, 556 U.S. at 678. 26 While the Court is required to “take all allegations of material fact as true and construe them 27 in the light most favorable to the nonmoving party” on a Rule 12(b)(6) motion to dismiss, In re Nat’l 28 Football League’s Sunday Ticket Antitrust Litig., 933 F.3d 1136, 1149 (9th Cir. 2019), the plaintiff 1 is required to plead sufficient facts showing “more than a sheer possibility that a defendant has acted 2 unlawfully.” Iqbal, 556 U.S. at 678. However, when the plaintiff has met the possibility threshold 3 and, in response, the defendant has advanced an alternative explanation that is also more than 4 possible, the Ninth Circuit requires that the plaintiff’s complaint survive motion to dismiss. Starr v. 5 Baca, 652 F.3d 1202, 1216 (9th Cir. 2011). Put differently, “[i]f there are two alternative 6 explanations, one advanced by defendant and the other advanced by plaintiff, both of which are 7 plausible, plaintiff’s complaint survives a motion to dismiss under Rule 12(b)(6).” Id. 8 Plausibility is more than mere possibility. Plausibility requires that the plaintiff “do more 9 than allege facts that are merely consistent with both their explanation and defendants’ competing 10 explanation.” In re Century Aluminum Co. Sec. Litig., 729 F.3d 1104, 1108 (9th Cir. 2013) (citing 11 Iqbal, 556 U.S. at 678). Thus, when both parties have advanced “possible explanations,” where only 12 one is true and “only one of which results in liability,” a plaintiff must offer allegations that are more 13 than “merely consistent” with their advanced explanation. Id. Instead, “[s]omething more is needed, 14 such as facts tending to exclude the possibility that the alternative explanation is true in order to 15 render plaintiffs’ allegations plausible within the meaning of [Iqbal] and [Twombly].” Id. (internal 16 citations omitted) (citing Iqbal, 556 U.S. at 678 and Twombly, 550 U.S. at 554). 17 III. Discussion 18 The EDO Defendants seek to dismiss the DMCA claim ag on the grounds that the SAC fails 19 to cure the defects identified in the Court’s Order as it does not allege conduct that rises to 20 circumvention under the meaning of DMCA. Mot. at 1, 4–8. 21 A. Summary of new allegations 22 The Court begins by recounting the new allegations raised in the SAC as to the DMCA 23 claim. iSpot alleges as follows: 24

25  Through her employment with Horizon, Ms. Teyfukova was provided confidential 26 password and account login credentials allowing her to access iSpot’s secure database. Ms. Teyfukova’s user ID for access to iSpot’s database was 27 “nteyfukova@horizonmedia.com”, an email address reflecting that she was employed at Horizon and was conducting work on behalf of Horizon’s specific 28 iSpot customer. Ms. Teyfukova knew that she was only permitted to use these 1 cfuornthfiedreanntciael oflo hgeirn wcorrekd eant tHiaolsr izaonnd onac bceehssa lfi Sopf otht’ast sdiantgalbea isSep oint cuthseto mcoeur.r sSeA aCn d¶ 2 52;

3  In September 2019, Ms. Teyfukova left Horizon and began working for EDO as a Media Analytics Manager servicing EDO’s movie studio clients. At the time, EDO 4 had over 100 employees. Ms. Teyfukova reported to a direct supervisor at EDO and was also under the direction and control of other EDO employees and officers 5 during her employment. Id. ¶ 54; 6  Even though she was only authorized to use the iSpot services while at Horizon and 7 in the course of her work on behalf of the single iSpot client Horizon was assisting, Ms. Teyfukova took her confidential iSpot access credentials with her when she 8 left Horizon and joined EDO in early September 2019. She then used those stolen 9 credentials for the benefit of EDO, and at the knowing direction and control of EDO, with the purpose of evading and bypassing the technological security barriers that 10 restricted access to the iSpot database and services to only authorized users in order to continue logging into the iSpot database and using the iSpot services after leaving 11 Horizon when she was no longer authorized to do so. Ms. Teyfukova was aware of these technological security barriers from her prior work at Horizon and knew they 12 were intended to prevent unauthorized access to the iSpot database and services, 13 but she intentionally used the stolen Horizon credentials at EDO’s knowing direction and control to benefit EDO in violation of her duty of loyalty to Horizon 14 and with the primary purpose of evading those barriers in order to gain access to iSpot’s system. Each time that Ms. Teyfukova logged into the iSpot database, she 15 committed at least two separate wrongful acts. First, she intentionally and falsely misrepresented that she was still an employee of Horizon, acting within the course 16 of scope of such employment and on the behalf of iSpot’s customer that Horizon 17 was assisting, by entering the username nteyfukova@horizonmedia.com. Second, with knowledge that she was not authorized to do so, she utilized the password that 18 had been authorized for her use solely for work in the course and scope of her employment at Horizon on behalf of the iSpot customer that Horizon was assisting. 19 Ms. Teyfukova repeated these separate wrongful acts over 150 times to access iSpot’s database after joining EDO, viewing thousands of pages of information in 20 iSpot’s database and generating and downloading hundreds of reports that 21 contained proprietary information from iSpot’s database. Id. ¶ 55;

22  Ms. Teyfukova accessed iSpot’s database and stole its data in the course of her employment with EDO, at the knowing direction and control of her direct 23 supervisor and others at EDO, and for EDO’s benefit, using the confidential login 24 credentials provided to her by Horizon and in violation of her duty of loyalty to Horizon. Once Ms. Teyfukova joined EDO, the IP addresses used to login to iSpot’s 25 database with her credentials almost immediately shifted to Culver City, where EDO is headquartered. When COVID shelter-in-place orders were issued and Ms. 26 Teyfukova began working from home full time for EDO, the IP addresses used for many logins with her credentials shifted to the zip code where she resides. For 27 example, during a two-day stretch in November 2019, the Teyfukova credentials 28 were used to access the iSpot database multiple times from both Culver City and 1 atankde nd odwunrilnoga dtehdo sree llaotgedin tso. Tthhee m moavjioer iitnyd uosf tlroyg (iEnDs uOs’isn gan tdh eM Tse. yTfeuykfouvkao vcare’sd efnotciuasls) 2 also occurred during normal business hours on weekdays, at times when Ms. Teyfukova would be at work for EDO. Id. ¶ 56; 3  Additionally, iSpot is informed and believes, and based on such information and 4 belief alleges, that EDO knowingly and intentionally induced Ms. Teyfukova, as a condition of her employment at EDO, to further violate her duty of loyalty to 5 Horizon, her former employer, by also turning over to EDO the sensitive and 6 confidential iSpot password and username given to her solely for her use as an employee of Horizon to enable other employees of EDO, including Ms. 7 Teyfukova’s direct supervisor at EDO and other additional employees of EDO, as well as automated software and information technology systems of EDO under 8 EDO’s control, to access iSpot’s proprietary database by bypassing its password protection gating system to view and download valuable information under the 9 knowingly false pretext of supposedly being “nteyfukova@horizonmedia.com” – 10 an employee of Horizon. The primary purpose of the actions of Ms. Teyfukova, EDO, and other EDO employees, including Ms. Teyfukova’s supervisor, was to 11 knowingly evade iSpot’s technological database protections and break into its database by bypassing the iSpot’s credential gating system restricting access to the 12 database to only properly authorized users, including certain employees of Horizon. 13 Id. ¶ 57.

14 B. iSpot fails to state a claim under the Digital Millennium Copyright Act. 15 iSpot brings a claim against the EDO Defendants under the anticircumvention provision of 16 the DMCA on two grounds: (1) Teyfukova’s use of the Horizon credentials during her time at EDO 17 and (2) the use of the Horizon credentials by EDO employees other than Teyfukova. See SAC ¶¶ 54, 18 56–57. 19 To state a claim under the anticircumvention provision of the DMCA, iSpot must allege that 20 (i) the work at issue was protected under the Copyright Act, (ii) the copyrighted work was protected 21 by a “technological measure,” and (iii) the technological measure was “circumvented” in order to 22 obtain access to the copyrighted work.” 17 U.S.C. § 1201(a)(1)(A); see also MDY Indus., LLC v. 23 Blizzard Ent., Inc., 629 F.3d 928, 944 (9th Cir. 2010) (noting that 17 U.S.C. § 1201(a) “prohibits the 24 circumvention of any technological measure that effectively controls access to a protected work and 25 grants copyright owners the right to enforce that prohibition.”). 26 A technological measure “effectively controls access to a work if the measure, in the 27 ordinary course of its operation, requires the application of information, or a process or a treatment, 28 with the authority of the copyright owner, to gain access to the work.” Id. (a)(3)(B) (internal 1 quotation marks omitted). “Circumvention” is “to descramble a scrambled work, to decrypt an 2 encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological 3 measure, without the authority of the copyright owner.” 17 U.S.C. § 1201(a)(3)(A).

4 1. Teyfukova’s use of the Horizon credentials does not qualify as circumvention. 5 The EDO Defendants argue that the SAC “presents no new allegations” as to whether 6 Teyfukova’s individual use of the Horizon credentials qualifies as circumvention. Mot. at 5. iSpot’s 7 DMCA claim now appears to proceed on three theories: (1) that Teyfukova’s use of the Horizon 8 credentials after the end of her tenure at Horizon qualifies as a violation of the DMCA; (2) that 9 Teyfukova engaged in circumvention by sharing the Horizon credentials with other EDO employees; 10 and (3) that the other EDO employees’ use of the Horizon credentials qualifies as circumvention. See 11 Opp’n at 7–16; SAC ¶¶ 51–52, 55–57. 12 However, before the Court turns to its substantive analysis, it reiterates2 that as the Ninth 13 Circuit has yet to rule on circumvention in this particular context, the Court’s analysis must begin 14 with the text of the DMCA. See Texaco Inc. v. United States, 528 F.3d 703, 707 (9th Cir. 2008) 15 (“The first step in interpreting a statute ‘is to determine whether the language at issue has a plain and 16 unambiguous meaning with regard to the particular dispute in the case.’” (citing Robinson v. Shell 17 Oil Co., 519 U.S. 337, 340 (1997))).3 The statute provides the following definition of circumvention: 18 “to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, 19 remove, deactivate, or impair a technological measure, without the authority of the copyright 20 owner.” 17 U.S.C. § 1201(a)(3)(A). To determine whether iSpot has properly pleaded 21 circumvention, therefore, this Court must consider whether iSpot has properly alleged that 22 Teyfukova “avoid[ed], bypass[ed], remove[d], deactivate[d], or impair[ed]” the technological 23 measure at issue—namely the password and username system. Id. 24 / / / 25

26 2 See Order at 19–21. 27 3 See also Food Mktg. Inst. v. Argus Leader Media, 139 S. Ct. 2356, 2364 (2019) (“In statutory interpretation 28 disputes, a court’s proper starting point lies in a careful examination of the ordinary meaning and structure of 1 2 The Court previously found that “[t]he allegations in the FAC indicate that, rather than 3 avoiding or bypassing the system, Teyfukova simply used the Horizon credentials as they were 4 intended to be used.” Order at 19. The new allegations in the SAC do not lead the Court to a 5 different conclusion. 6 The SAC now appears to advance the theory that EDO utilized Teyfukova—as the possessor 7 of the Horizon credentials—as a tool by which EDO gained access to the system. SAC ¶¶ 55 8 (Teyfukova used the “stolen credentials for the benefit of EDO, and at the knowing direction and 9 control of EDO, with the purpose of evading and bypassing the technological security barriers that 10 restricted access to the iSpot database and services to only authorized users in order to continue 11 logging into the iSpot database and using the iSpot services after leaving Horizon when she was no 12 longer authorized to do so”); 56 (“at the knowing direction and control of her direct supervisor and 13 others at EDO, and for EDO’s benefit, using the confidential login credentials provided to her by 14 Horizon and in violation of her duty of loyalty to Horizon.”); 57 (“EDO knowingly and intentionally 15 induced Ms. Teyfukova, as a condition of her employment at EDO, to further violate her duty of 16 loyalty to Horizon, her former employer, by also turning over to EDO the sensitive and confidential 17 iSpot password and username given to her solely for her use as an employee of Horizon.”). 18 iSpot relies heavily on section 2860 of the California Labor Code, which provides that 19 “[e]verything which an employee acquires by virtue of his employment, except the compensation 20 which is due to him from his employer, belongs to the employer, whether acquired lawfully or 21 unlawfully, or during or after the expiration of the term of his employment.” CAL. LAB. CODE § 22 2860. iSpot argues that this provision indicates that Horizon retained ownership of the credentials 23 upon Teyfukova’s departure from Horizon, and that Teyfukova “violated her duty of loyalty to 24 Horizon” when she knowingly used the credentials outside the scope of her employment at Horizon. 25 Opp’n at 13. The EDO Defendants argue that the legitimacy of the login credentials is the 26 dispositive factor because it forecloses the possibility that Teyfukova personally took any steps to 27 qualify as circumvention under the plain meaning of the statute. Mot. at 4–7. 28 1 The Court finds iSpot’s argument unavailing. Even if EDO directed Teyfukova to utilize the 2 Horizon credentials to access the Database, it does not change the fact that Teyfukova did not take 3 any steps that qualify as circumvention within the plain meaning of the statute. The SAC still only 4 alleges that Teyfukova individually used the credentials in the technological manner by which she 5 was authorized to do so—albeit without authorization. Indeed, the SAC still does not allege that 6 Teyfukova took any steps to avoid, bypass, remove, deactivate, or impair the Horizon credentials. 7 Adding that the purpose of her actions was to bypass the technological security barriers is not 8 enough given what is alleged to be “bypassing.” Put another way, she simply did not evade the 9 protections of the database in the means prohibited by the statute. Accordingly, the SAC has not 10 addressed the flaw identified in the Court’s Order.4 11 Similarly, whether Horizon maintained ownership over the credentials has no bearing on 12 whether Teyfukova’s use of the credentials qualifies as circumvention. The SAC still only indicates 13 that “Teyfukova utilized a username and password that was duly provided to her long after she was 14 authorized to use it.” Order at 20. Whether Teyfukova violated any loyalty to Horizon or whether 15 Horizon retained ownership of the credentials is irrelevant to the question of whether she 16 “avoid[ed],” “bypass[ed],” or “impair[ed]” the Horizon credentials. See Order at 19–20. 17 As such, Teyfukova’s individual use of the Horizon credentials does not constitute 18 circumvention within the meaning of the DMCA. 19 b. That Teyfukova shared the Horizon credentials with other EDO employees, or that other EDO employees used the credentials to access the Database, does not qualify as 20 circumvention. 21 The SAC is not any more successful with respect to Teyfukova’s sharing of the Horizon 22 credentials with other EDO employees. The SAC alleges that 23 24

25 4 iSpot makes much of this Court’s prior statement that “There are no allegations that the primary 26 purpose of Teyfukova’s actions was to evade iSpot’s database protections. In the absence of such allegations, the Court finds that Teyfukova’s actions—as alleged in the FAC—do not qualify as 27 circumvention within the meaning of the DMCA.” Order at 21. Taken in context, it is clear that the Court did not hold that pleading such a purpose would be sufficient. The purpose obviously cannot 28 1 that EDO . . . induced Ms. Teyfukova . . . to further violate her duty of loyalty to 2 Horizon, her former employer, by also turning over to EDO the sensitive and 3 confidential iSpot password and username given to her solely for her use as an employee of Horizon to enable other employees of EDO, including Ms. 4 Teyfukova’s direct supervisor at EDO and other additional employees of EDO, as well as automated software and information technology systems of EDO under 5 EDO’s control, to access iSpot’s proprietary database by bypassing its password protection gating system to view and download valuable information under the 6 knowingly false pretext of supposedly being “nteyfukova@horizonmedia.com” – 7 an employee of Horizon.

8 SAC ¶ 57 (emphasis added).

9 iSpot argues that these allegations are sufficient as they indicate that individuals other than 10 Teyfukova, used the Horizon credentials to access the Database. Opp’n at 15–16. The EDO 11 Defendants, however, contend these allegations are insufficient as they incorrectly focus on the 12 individuals who used the technological measure rather than the “manner” by which the measure was 13 used. Reply at 6. Thus, according to the EDO Defendants, iSpot has failed to state a claim as the 14 SAC fails to “differentiat[e] the means by which other EDO employees allegedly accessed iSpot’s 15 database from the means by which Ms. Teyfukova allegedly accessed iSpot’s database.” Mot. at 7. 16 The Court agrees. 17 Even upon amendment, the SAC solely relies on the EDO Defendants’ “intent” and “primary 18 purpose” of utilizing the Horizon credentials. Opp’n at 15–16. iSpot argues that Teyfukova acted as 19 a “housekeeper who [did] not return the door key of her former employer and then [was] induced to 20 give the key to a burglar,” and thus used the key outside of the scope of its intended use. Id. at 11. 21 But this argument still fails to show that Teyfukova, or any other EDO employee, made any material 22 changes to the proverbial key itself—or the lock or the door. 23 To reiterate, “circumvention” is “to descramble a scrambled work, to decrypt an encrypted 24 work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without 25 the authority of the copyright owner.” 17 U.S.C. § 1201(a)(3)(A) (emphasis added). Most relevant 26 here is the statute’s relationship between “circumvention” and “technological measure.” The 27 wording of the statute indicates that “circumvention” requires some manipulation of the 28 1 technological measure at hand and certainly more than that a username and password was simply 2 transferred into the hands of another. 3 As such, the accessing of the Database with unaltered Horizon credentials by EDO 4 employees, see SAC ¶ 57, does not constitute circumvention. 5 5 The SAC appears to suffer from the same deficiencies that existed in the previous complaint. 6 iSpot still fails to allege that the Horizon credentials were “descramble[d] . . . decrypt[ed] . . . or 7 otherwise to avoid[ed], bypass[ed], remove[d], deactivate[d], or impair[ed].” Absent such 8 allegations, the SAC again fails to plausibly allege a violation the DMCA. Thus, the Court GRANTS 9 Motion to Dismiss with respect to iSpot’s third cause of action for violation of the DMCA. 10 As a general rule, leave to amend a dismissed complaint should be freely granted unless it is 11 clear the complaint could not be saved by any amendment. Fed. R. Civ. P. 15(a); Manzarek v. St. 12 Paul Fire & Marine Ins. Co., 519 F.3d 1025, 1031 (9th Cir. 2008). In this instance, in light of the 13 theory advanced by iSpot to date, it appears that iSpot cannot save this claim by amendment. It is 14 therefore dismissed WITHOUT LEAVE TO AMEND. 15 C. The Court grants iSpot’s request for certification for interlocutory appeal. 16 Finally, iSpot requests that, in the event the Court grants the instant Motion to Dismiss, the 17 Court certify the instant order for interlocutory appeal. Opp’n at 16. This request is premised on the 18 “split of authority in the case law” and lack of circuit authority “as to whether the unauthorized use 19 of a password and username qualify as circumvention under the DMCA.” Id.6 20 21 22

23 5 iSpot focuses heavily on the Court’s statement that “In the absence of facts indicating that an EDO employee other than Teyfukova used the Horizon credentials, the Court finds that its analysis as to 24 Teyfukova’s use of the credentials stands.” Order at 22. But merely alleging that others used the credentials in 25 the manner they were designed and intended to and with permission of Teyfukova—as opposed to a hypothetical scenario where a third-party managed to steal the credentials—does not transform these actions 26 into circumvention. (To be clear, this hypothetical scenario is not considered here and itself might not constitute circumvention.) 27 6 The EDO Defendants contend that the request is premature and thus must be denied. Reply at 7. But as this Order includes a final determination on the EDO Defendants’ Motion to Dismiss, and as iSpot’s request is 28 1 A district judge may certify for immediate appeal an otherwise unappealable interlocutory 2 order if (1) “such order involves a controlling question of law”; (2) “there is substantial ground for 3 difference of opinion” on the issue; and (3) “an immediate appeal from the order may materially 4 advance the ultimate termination of the litigation.” 28 U.S.C. § 1292(b). 5 Because Section 1292(b) “is a departure from the normal rule that only final judgments are 6 appealable,” it “must be construed narrowly” and invoked only in “rare circumstances.” James v. 7 Price Stern Sloan, Inc., 283 F.3d 1064, 1067 n.6 (9th Cir. 2002); see also U.S. Rubber Co. v. Wright, 8 359 F.2d 784, 785 (9th Cir. 1966) (per curiam) (explaining that the interlocutory appeal procedure is 9 intended for relief “only in extraordinary cases where decision of an interlocutory appeal might 10 avoid protracted and expensive litigation” and not “merely to provide review of difficult rulings in 11 hard cases”). Section 1292(b) certification “requires the district court to expressly find in writing that 12 all three § 1292(b) requirements are met.” Couch v. Telescope Inc., 611 F.3d 629, 633 (9th Cir. 13 2010).

14 1. This issue is not a “controlling question of law.” 15 “A controlling question of law must be one of law—not fact—and its resolution must 16 ‘materially affect the outcome of litigation in the district court.’” ICTSI Oregon, Inc. v. Int'l 17 Longshore & Warehouse Union, 22 F.4th 1125, 1130 (9th Cir. 2022) (citing In re Cement Antitrust 18 Litig. (MDL No. 296), 673 F.2d 1020, 1026 (9th Cir. 1981)). 19 Given the early stage of this litigation, it is not clear that this requirement has been met. 20 Although resolution of the motion to dismiss iSpot’s DMCA claim turns on whether the alleged use 21 of the Horizon credentials by the EDO Defendants would qualify a circumvention under the meaning 22 of the statute, it has not yet been determined factually whether the EDO Defendants did indeed even 23 use the Horizon credentials in the manner alleged. Should a dispositive motion or trial determine that 24 the allegations cannot be proven, the question presented about the interpretation of the DMCA 25 would be moot and not be a controlling question at all. 26 / / / 27 / / / 28 1 2. There is not a “substantial ground for difference of opinion.” 2 “Courts traditionally will find that a substantial ground for difference of opinion exists where 3 the circuits are in dispute on the question and the court of appeals of the circuit has not spoken on the 4 point, if complicated questions arise under foreign law, or if novel and difficult questions of first 5 impression are presented. However, just because a court is the first to rule on a particular question or 6 just because counsel contends that one precedent rather than another is controlling does not mean 7 there is such a substantial difference of opinion as will support an interlocutory appeal.” Couch, 611 8 F.3d at 633 (internal citations and question marks omitted). 9 This case does not meet the traditional definition of substantial ground for difference. 10 Contrary to iSpot’s assertions, there is not a “split of authority in the case law.” Opp’n at 16. It is 11 merely the case that there is not yet any binding authority on this question. 12 3. It does not appear that an “immediate appeal would materially advance the ultimate 13 termination of the litigation.” 14 This case appears to be a rather straightforward trade secrets case, and two other claims 15 remain besides the DMCA claim. There is therefore no indication that an appeal would “decision of 16 an interlocutory appeal might avoid protracted and expensive litigation.” At best, it would “merely 17 provide review of [a] difficult ruling[] in [a] hard case[].” See U.S. Rubber Co. v. Wright, 359 F.2d 18 784, 785 (9th Cir. 1966) (per curiam) This is insufficient to justify interlocutory appeal. 19

20 *** 21 Thus, none of the three interlocutory appeal requirements are not met. As the Court may only 22 grant a request for certification for an interlocutory appeal “in extraordinary cases” and when “all 23 three § 1292(b) requirements are met,” Couch, 611 F.3d at 633, iSpot’s request is DENIED. 24

25 / / / 26 / / / 27 / / / 28 1 2 The Court GRANTS the EDO Defendants’ Motion to Dismiss as to the Digital Millennium 3 Copyright Act WITHOUT LEAVE TO AMEND. The Court further DENIES iSpot’s Request for 4 Certification for Interlocutory Appeal. 5 6 IT IS SO ORDERED. 7 8 Dated: May 22, 2023 ___________________________________ 9 MAAME EWUSI-MENSAH FRIMPONG 10 United States District Judge 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28