1 2 3 4 UNITED STATES DISTRICT COURT 5 NORTHERN DISTRICT OF CALIFORNIA 6 7 ANDREW G. WATTERS, Case No. 23-cv-03183-HSG
8 Plaintiff, ORDER GRANTING DEFENDANT BREJA’S MOTION TO DISMISS AND 9 v. TERMINATING AS MOOT DEFENDANT JP MORGAN CHASE’S 10 SIDDHARTH BREJA, et al., MOTION TO DISMISS 11 Defendants. Re: Dkt. Nos. 30, 33
12 13 Pending before the Court are motions to dismiss filed by Nominal Defendant JP Morgan 14 Chase, Inc. (Dkt. No. 30) and Defendant Siddharth Breja (Dkt. No. 33). The Court finds this 15 matter appropriate for disposition without oral argument and the matter is deemed submitted. See 16 Civil L.R. 7-1(b). For the reasons discussed below, the Court GRANTS Defendant Breja’s 17 motion, Dkt. No. 33, TERMINATES AS MOOT JP Morgan Chase Inc.’s motion, Dkt. No. 30, 18 and DISMISSES the complaint with leave to amend. 19 I. INTRODUCTION 20 On June 27, 2023, Plaintiff Andrew Watters (or “Plaintiff”) filed a complaint against 21 Siddharth Breja, also naming American Express (“AmEx”) and JP Morgan Chase Inc. (“Chase”) 22 as nominal defendants. See Dkt. No. 1 (“Compl.”). The lawsuit arises out of a dispute that 23 Watters, an attorney, had with Breja, his former client. Watters alleges that after briefly 24 representing Breja during his divorce proceedings, Breja terminated the representation and clawed 25 back money previously and properly paid to Watters by filing successful but fraudulent refund 26 requests with the nominal bank defendants. Compl. ¶¶ 14, 16, 21–24. He further alleges that 27 Breja’s requests also resulted in the closure of his Chase client trust account. Id. ¶ 21. 1 Fraud and Abuse Act, as well as various state law claims (for fraud, breach of contract, and Unfair 2 Competition Law violations) against Defendant Breja. Compl. ¶¶ 26-73. Plaintiff seeks 3 declaratory relief, an award of damages against Defendant Breja, and an injunction directing 4 Defendant Breja as well as the nominal defendant banks to return the funds at issue and reopen the 5 closed account. See generally Compl. Plaintiff alleges that the Court’s jurisdiction over his 6 federal claim is proper under 28 U.S.C. § 1331, and that the Court’s supplemental jurisdiction over 7 the transactionally related state claims is likewise permitted under 28 U.S.C. § 1367. Id. ¶ 10. 8 On August 16, 2023, nominal defendant AmEx timely filed an answer to the complaint. 9 The same day, nominal defendant Chase moved to dismiss the complaint, Dkt. No. 30, and on 10 August 28, 2023, Defendant Breja did the same. Dkt. No. 33. 11 II. STANDARD OF REVIEW 12 Federal Rule of Civil Procedure 8(a) requires that a complaint contain “a short and plain 13 statement of the claim showing that the pleader is entitled to relief.” Fed. R. Civ. P. 8(a)(2). A 14 defendant may move to dismiss a complaint for failing to state a claim upon which relief can be 15 granted under Rule 12(b)(6). “Dismissal under Rule 12(b)(6) is appropriate only where the 16 complaint lacks a cognizable legal theory or sufficient facts to support a cognizable legal theory.” 17 Mendiondo v. Centinela Hosp. Med. Ctr., 521 F.3d 1097, 1104 (9th Cir. 2008). To survive a Rule 18 12(b)(6) motion, a plaintiff need only plead “enough facts to state a claim to relief that is plausible 19 on its face.” Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007). A claim is facially plausible 20 when a plaintiff pleads “factual content that allows the court to draw the reasonable inference that 21 the defendant is liable for the misconduct alleged.” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009). 22 In reviewing the plausibility of a complaint, courts “accept factual allegations in the 23 complaint as true and construe the pleadings in the light most favorable to the nonmoving party.” 24 Manzarek v. St. Paul Fire & Marine Ins. Co., 519 F.3d 1025, 1031 (9th Cir. 2008). Nevertheless, 25 courts do not “accept as true allegations that are merely conclusory, unwarranted deductions of 26 fact, or unreasonable inferences.” In re Gilead Scis. Secs. Litig., 536 F.3d 1049, 1055 (9th Cir. 27 2008) (quoting Sprewell v. Golden State Warriors, 266 F.3d 979, 988 (9th Cir. 2001)). 1 A. Defendant Breja’s Motion to Dismiss 2 The Court first considers Defendant Breja’s motion to dismiss, which argues that 3 Plaintiff’s first cause of action – alleging computer fraud in violation 18 U.S.C. § 1030(a)(4) – is 4 “frivolous.” Dkt. No. 33 at 12. The Court construes this as a challenge under Rule 12(b)(6), and 5 agrees that Plaintiff fails to state a claim under the Computer Fraud and Abuse Act. 6 The Computer Fraud and Abuse Act (“CFAA”) prohibits, among other things, “acts of 7 computer trespass by those who are not authorized users or who exceed authorized use. It creates 8 criminal and civil liability for whoever intentionally accesses a computer without authorization or 9 exceeds authorized access, and thereby obtains information from any protected computer.” 10 Facebook, Inc. v. Power Ventures, Inc., 844 F.3d 1058, 1065–66 (9th Cir. 2016) (cleaned up), 11 cert. denied, 138 S. Ct. 313 (2017). In other words, it is an anti-hacking statute. See hiQ Labs, 12 Inc. v. LinkedIn Corp., 31 F.4th 1180, 1196 (9th Cir. 2022) (“The CFAA was enacted to prevent 13 intentional intrusion onto someone else’s computer—specifically, computer hacking.); United 14 States v. Nosal, 676 F.3d 854, 863 (9th Cir. 2012) (affirming that the statute’s “general purpose is 15 to punish hacking—the circumvention of technological access barriers”) (en banc) (“Nosal I”). 16 An individual is in violation of § 1030(a)(4) if they:
17 “knowingly and with intent to defraud, accesses a protected computer without 18 authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and 19 the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period . . . .” 20 21 18 U.S.C. § 1030(a)(4). “The statute thus provides two ways of committing the crime of 22 improperly accessing a protected computer: (1) obtaining access without authorization; and (2) 23 obtaining access with authorization but then using that access improperly.” Musacchio v. United 24 States, 577 U.S. 237, 240 (2016).
Free access — add to your briefcase to read the full text and ask questions with AI
1 2 3 4 UNITED STATES DISTRICT COURT 5 NORTHERN DISTRICT OF CALIFORNIA 6 7 ANDREW G. WATTERS, Case No. 23-cv-03183-HSG
8 Plaintiff, ORDER GRANTING DEFENDANT BREJA’S MOTION TO DISMISS AND 9 v. TERMINATING AS MOOT DEFENDANT JP MORGAN CHASE’S 10 SIDDHARTH BREJA, et al., MOTION TO DISMISS 11 Defendants. Re: Dkt. Nos. 30, 33
12 13 Pending before the Court are motions to dismiss filed by Nominal Defendant JP Morgan 14 Chase, Inc. (Dkt. No. 30) and Defendant Siddharth Breja (Dkt. No. 33). The Court finds this 15 matter appropriate for disposition without oral argument and the matter is deemed submitted. See 16 Civil L.R. 7-1(b). For the reasons discussed below, the Court GRANTS Defendant Breja’s 17 motion, Dkt. No. 33, TERMINATES AS MOOT JP Morgan Chase Inc.’s motion, Dkt. No. 30, 18 and DISMISSES the complaint with leave to amend. 19 I. INTRODUCTION 20 On June 27, 2023, Plaintiff Andrew Watters (or “Plaintiff”) filed a complaint against 21 Siddharth Breja, also naming American Express (“AmEx”) and JP Morgan Chase Inc. (“Chase”) 22 as nominal defendants. See Dkt. No. 1 (“Compl.”). The lawsuit arises out of a dispute that 23 Watters, an attorney, had with Breja, his former client. Watters alleges that after briefly 24 representing Breja during his divorce proceedings, Breja terminated the representation and clawed 25 back money previously and properly paid to Watters by filing successful but fraudulent refund 26 requests with the nominal bank defendants. Compl. ¶¶ 14, 16, 21–24. He further alleges that 27 Breja’s requests also resulted in the closure of his Chase client trust account. Id. ¶ 21. 1 Fraud and Abuse Act, as well as various state law claims (for fraud, breach of contract, and Unfair 2 Competition Law violations) against Defendant Breja. Compl. ¶¶ 26-73. Plaintiff seeks 3 declaratory relief, an award of damages against Defendant Breja, and an injunction directing 4 Defendant Breja as well as the nominal defendant banks to return the funds at issue and reopen the 5 closed account. See generally Compl. Plaintiff alleges that the Court’s jurisdiction over his 6 federal claim is proper under 28 U.S.C. § 1331, and that the Court’s supplemental jurisdiction over 7 the transactionally related state claims is likewise permitted under 28 U.S.C. § 1367. Id. ¶ 10. 8 On August 16, 2023, nominal defendant AmEx timely filed an answer to the complaint. 9 The same day, nominal defendant Chase moved to dismiss the complaint, Dkt. No. 30, and on 10 August 28, 2023, Defendant Breja did the same. Dkt. No. 33. 11 II. STANDARD OF REVIEW 12 Federal Rule of Civil Procedure 8(a) requires that a complaint contain “a short and plain 13 statement of the claim showing that the pleader is entitled to relief.” Fed. R. Civ. P. 8(a)(2). A 14 defendant may move to dismiss a complaint for failing to state a claim upon which relief can be 15 granted under Rule 12(b)(6). “Dismissal under Rule 12(b)(6) is appropriate only where the 16 complaint lacks a cognizable legal theory or sufficient facts to support a cognizable legal theory.” 17 Mendiondo v. Centinela Hosp. Med. Ctr., 521 F.3d 1097, 1104 (9th Cir. 2008). To survive a Rule 18 12(b)(6) motion, a plaintiff need only plead “enough facts to state a claim to relief that is plausible 19 on its face.” Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007). A claim is facially plausible 20 when a plaintiff pleads “factual content that allows the court to draw the reasonable inference that 21 the defendant is liable for the misconduct alleged.” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009). 22 In reviewing the plausibility of a complaint, courts “accept factual allegations in the 23 complaint as true and construe the pleadings in the light most favorable to the nonmoving party.” 24 Manzarek v. St. Paul Fire & Marine Ins. Co., 519 F.3d 1025, 1031 (9th Cir. 2008). Nevertheless, 25 courts do not “accept as true allegations that are merely conclusory, unwarranted deductions of 26 fact, or unreasonable inferences.” In re Gilead Scis. Secs. Litig., 536 F.3d 1049, 1055 (9th Cir. 27 2008) (quoting Sprewell v. Golden State Warriors, 266 F.3d 979, 988 (9th Cir. 2001)). 1 A. Defendant Breja’s Motion to Dismiss 2 The Court first considers Defendant Breja’s motion to dismiss, which argues that 3 Plaintiff’s first cause of action – alleging computer fraud in violation 18 U.S.C. § 1030(a)(4) – is 4 “frivolous.” Dkt. No. 33 at 12. The Court construes this as a challenge under Rule 12(b)(6), and 5 agrees that Plaintiff fails to state a claim under the Computer Fraud and Abuse Act. 6 The Computer Fraud and Abuse Act (“CFAA”) prohibits, among other things, “acts of 7 computer trespass by those who are not authorized users or who exceed authorized use. It creates 8 criminal and civil liability for whoever intentionally accesses a computer without authorization or 9 exceeds authorized access, and thereby obtains information from any protected computer.” 10 Facebook, Inc. v. Power Ventures, Inc., 844 F.3d 1058, 1065–66 (9th Cir. 2016) (cleaned up), 11 cert. denied, 138 S. Ct. 313 (2017). In other words, it is an anti-hacking statute. See hiQ Labs, 12 Inc. v. LinkedIn Corp., 31 F.4th 1180, 1196 (9th Cir. 2022) (“The CFAA was enacted to prevent 13 intentional intrusion onto someone else’s computer—specifically, computer hacking.); United 14 States v. Nosal, 676 F.3d 854, 863 (9th Cir. 2012) (affirming that the statute’s “general purpose is 15 to punish hacking—the circumvention of technological access barriers”) (en banc) (“Nosal I”). 16 An individual is in violation of § 1030(a)(4) if they:
17 “knowingly and with intent to defraud, accesses a protected computer without 18 authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and 19 the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period . . . .” 20 21 18 U.S.C. § 1030(a)(4). “The statute thus provides two ways of committing the crime of 22 improperly accessing a protected computer: (1) obtaining access without authorization; and (2) 23 obtaining access with authorization but then using that access improperly.” Musacchio v. United 24 States, 577 U.S. 237, 240 (2016). Because the term “protected computer” refers to any computer 25 “used in or affecting interstate or foreign commerce or communication” – which has been 26 interpreted to cover “effectively any computer connected to the Internet” – the “pivotal CFAA 27 question” in most cases is whether the alleged access was “without” or “exceed[ing]” authorized 1 Here, the answer to that “pivotal question” is plainly no. Plaintiff’s complaint does not 2 plausibly allege facts showing that in his attempt to get AmEx and Chase to return the money he 3 previously paid to Plaintiff, Defendant Breja accessed a protected computer “without 4 authorization” or while “exceed[ing his] authorized access” in violation of § 1030(a)(4). 5 First, Plaintiff does not allege that Defendant Breja logged into restricted (e.g. password- 6 protected) areas of the AmEx or Chase websites in order to “file a fraudulent complaint with 7 Chase Bank” or to “initiat[e] a fraudulent refund request [with AmEx],” as opposed to lodging his 8 requests through the public website interface.1 Compl. ¶¶ 21, 22. This distinction is significant 9 because Breja’s accessing of a public, unrestricted webpage cannot constitute “access without 10 authorization,” given that no threshold authorization is required. hiQ Labs, Inc., 31 F.4th at 1199 11 (noting that publicly available webpages have “erected no gates to lift or lower in the first place”). 12 But even assuming that Defendant Breja did submit his refund requests after logging into a 13 password-protected part of Chase and AmEx’s webpages, there are no factual allegations that 14 suggest he did so “without authorization” or while “exceed[ing his] authorized access.” For 15 example, there is no indication that in his effort to get the money refunded, Breja used false 16 credentials to improperly gain access to the nominal defendant bank’s websites (i.e. without 17 authorization), or that he gained access to those websites through proper credentials, but then 18 somehow accessed unauthorized portions of, or information within, those sites (i.e. exceeding 19 authorized access). See United States v. Nosal, 844 F.3d 1024 (9th Cir. 2016) (discussing the 20 standard for an “unauthorized access” violation) (“Nosal II”); Van Buren v. United States, 141 S. 21 Ct. 1648, 1654-62 (2021) (discussing the standard for an “exceeds authorized access” violation). 22 Instead, Plaintiff just pleads that Breja’s conduct violated AmEx’s terms of service, which 23 allegedly prohibit a user from accessing the AmEx website or online accounts for the purposes of 24
25 1 Plaintiff’s allegation regarding Defendant Breja’s contact with Chase does not even specify whether his refund request was made electronically (nor is it clear whether Breja himself even had 26 a Chase account). Plaintiff only states that Defendant Breja “submitted false information to Chase,” Compl. ¶ 24, which raises questions about whether a “protected computer” was even 27 involved. Nevertheless, the Court, construing the allegations in the light most favorable to 1 fraud. Compl. ¶ 23. But “a violation of the terms of use of a website – without more – cannot 2 establish liability under the CFAA.” Power Ventures, Inc., 844 F.3d at 1067; see also Nosal I, 676 3 F.3d at 861–63. And here, there was no “more” alleged, such as AmEx’s revocation of authorized 4 access followed by Breja’s continued access. See Power Ventures, Inc., 844 F.3d at 1067. 5 While Plaintiff may be disgruntled with Defendant’s successful efforts to get his prior 6 payments to Plaintiff refunded, Plaintiff has not pled facts showing that Defendant Breja did so in 7 violation of the CFAA. The conduct at issue is simply not analogous to “breaking and entering,” 8 which is the kind of computer misconduct the CFAA was designed to combat. hiQ Labs, Inc., 31 9 F.4th at 1197. As a result, the Court GRANTS Defendant’s motion to dismiss Plaintiff’s CFAA 10 claim under Rule 12(b)(6). 11 III. SUBJECT MATTER JURISDICTION 12 While Plaintiff asserts additional claims in his complaint, and Chase and Breja raise 13 additional arguments in their motions, the Court first considers the impact of the dismissal of the 14 CFAA claim on its ongoing subject matter jurisdiction. Courts have an “independent obligation to 15 determine whether subject-matter jurisdiction exists, even in the absence of a challenge from any 16 party.” Arbaugh v. Y & H Corp., 546 U.S. 500, 514 (2006). If a court determines that it lacks 17 subject matter jurisdiction at any time, it must sua sponte dismiss the case. See Fed. R. Civ. P. 18 12(h)(3). 19 After considering the issue, the Court concludes that the dismissal of Plaintiff’s CFAA 20 claim – his only federal cause of action – extinguishes the Court’s subject matter jurisdiction over 21 this matter. Federal courts are “courts of limited jurisdiction,” Kokkonen v. Guardian Life Ins. Co. 22 of Am., 511 U.S. 375, 377 (1994), and have original jurisdiction over all civil actions (1) “arising 23 under the Constitution, laws, or treaties of the United States,” or (2) where complete diversity of 24 citizenship exists and the matter in controversy exceeds $75,000. See 28 U.S.C. §§ 1331 25 (establishing “arising under” or “federal question” jurisdiction), 1332 (establishing “diversity 26 jurisdiction.) Without a viable CFAA claim, the Court has no basis on which to exercise original 27 jurisdiction over Plaintiff’s claims: it lacks federal question jurisdiction given that the dismissed 1 given that the amount in controversy (at most $20,000) is well below $75,000. And the Court 2 || declines to exercise supplemental jurisdiction over Plaintiff's transactionally related state law 3 claims, given that it dismissed the associated federal claim. See 28 U.S.C. § 1367(c)(3) 4 || (authorizing a district court to decline supplemental jurisdiction where the court “has dismissed all 5 claims over which it has original jurisdiction”). 6 Since it finds it lacks subject matter jurisdiction, the Court accordingly DISMISSES 7 || Plaintiff's complaint for lack of subject matter jurisdiction. See Fed. R. Civ. P. 12(h)(3). 8 || However, the Court grants Plaintiff leave to amend his complaint. 9 IV. CONCLUSION 10 The Court GRANTS Defendant Breja’s motion to dismiss Plaintiff's CFAA claim. Dkt. 11 No. 33. Given the implications of this ruling on its subject matter jurisdiction, the Court need not 12 reach the remainder of Breja’s motion, nor Chase’s motion to dismiss, which the Court 5 13. || TERMINATES AS MOOT. Dkt. No. 30. The complaint is accordingly DISMISSED, and 14 || Plaintiff is directed to file any amended complaint within 21 days of this order. Plaintiffs is 3 15 advised that he may assert only those causes of action for which he has a factual basis. a 16 IT IS SO ORDERED. 17 || Dated: 1/18/2024 Alaped 3 sdbl |) HAYWOOD S. GILLIAM, JR. 19 United States District Judge 20 21 22 23 24 25 26 27 28