Searching over 5,500,000 cases.


searching
Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

Tamlyn v. Bluestone Advisors LLC

United States District Court, N.D. Illinois, Eastern Division

April 24, 2018

KEVIN TAMLYN, Plaintiff,
v.
BLUESTONE ADVISORS, LLC, an Illinois Limited Liability Company; ANDREW ROYCE, Individually; and TRACIE RASMUSSEN, Individually, Defendants.

          MEMORANDUM OPINION AND ORDER

          Harry D. Leinenweber, Judge United States District Court

         Defendants BlueStone Advisors and Andrew Royce (collectively, “BlueStone”) move to dismiss Counts III and IV of the Complaint for failure to state a claim [ECF No. 12]. For the reasons stated herein, the Court grants the Motion in full and dismisses both Counts without prejudice.

         I. BACKGROUND

         Kevin Tamlyn (“Tamlyn”) sold commercial insurance for BlueStone from July 2016 to June 2017. According to the parties' shared employment agreement, Tamlyn generated new clients for BlueStone and also renewed existing ones. For those services, BlueStone paid Tamlyn a base salary plus commissions. At some point, Tamlyn began to suspect that BlueStone was not paying him all of the commissions he had earned. He asked BlueStone for an accounting but did not receive one. Toward the end of his employment with BlueStone, Tamlyn courted a company called Framarx Corp. to become a new BlueStone client. But Tamlyn alleges that on June 19, 2017, before he could put a bow on the Framarx negotiations, BlueStone advised him that he would not receive any commission for the Framarx account nor for “any other clients [he] had already acquired.” (Compl., Dkt. 1-1 ¶ 12.) On June 23, 2017, Tamlyn's employment with BlueStone terminated. The details of this termination are not clear from the complaint; Tamlyn simply states that his employment terminated “as a result of BlueStone's breach of the [employment] Agreement.” (Id. ¶ 15.) Regardless, Tamlyn explains that BlueStone did not pay him any commission for the Framarx account nor for several other accounts Tamlyn either generated or renewed.

         In a July 9, 2017 letter confirming Tamlyn's termination, BlueStone asked that Tamlyn turn over his username and password to his SHOP Marketplace account. According to the Complaint, such accounts are hosted by Healthcare.gov and are used by licensed insurance brokers to maintain corporate insurance accounts, manage client relationships, conduct renewals, vet plan options, and provide quotes. At the time of Tamlyn's termination, he was the only BlueStone employee with a SHOP account. Yet BlueStone ostensibly needed to access the SHOP Marketplace even after Tamlyn's termination, however, so on July 7, 2017, a BlueStone employee allegedly phoned the Marketplace Call Center and pretended to be Tamlyn to secure the Call Center's assistance in changing Tamlyn's log-in credentials, thus transitioning the client information stored there into BlueStone's hands. As a result of these behaviors, Tamlyn sued BlueStone in Illinois state court. BlueStone removed that action and now moves to dismiss two of the Complaint's five counts for failure to state a claim.

         II. DISCUSSION

         Specifically, BlueStone moves to dismiss Count III, for violations of the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030 et seq., and Count IV, for tortious interference with prospective economic advantage. On this Motion to Dismiss, the Court accepts all well-pleaded allegations as true and draws all reasonable inferences in favor of the plaintiff. Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009).

         A. The CFAA (Count III)

         To state a claim under the CFAA, a plaintiff must allege (1) damage or loss; (2) caused by (3) a violation of one of the substantive provisions set forth in § 1030(a), and (4) conduct involving one of the factors of harm set forth in § 1030(c)(4)(A)(i)(I)-(VI). Maximum Indep. Brokerage, LLC v. Smith, 218 F.Supp.3d 630, 636 (N.D. Ill. 2016) (citations omitted). In this case, Tamlyn alleges BlueStone violated § 1030(a)(3), which prohibits:

intentionally, without authorization to access any nonpublic computer of a department or agency of the United States, access[ing] such a computer of that department or agency that is exclusively for the use of the Government of the United States or, in the case of a computer not exclusively for such use, is used by or for the Government of the United States and such conduct affects that use by or for the Government of the United States[.]

18 U.S.C. § 1030(a)(3). Finally, of the six possible “factors of harm” required in the fourth CFAA element, only one could possibly be present here based on the current allegations. That is “loss to 1 or more persons during any 1-year period . . .aggregating at least $5, 000 in value” in economic damages. 18 U.S.C. § 1030(c)(4)(A)(i)(I), (g).

         Tamlyn argues that when BlueStone accessed the SHOP Marketplace using Tamlyn's wrongly-begotten log-in credentials, BlueStone intentionally and without authorization accessed a nonpublic, governmental computer and that said access harmed Tamlyn by depriving him of his valuable access to the Marketplace. There are several problems with this allegation.As a threshold matter, however, Tamlyn is correct that BlueStone's access of the Marketplace through Healthcare. gov, which is allegedly hosted on U.S. government servers, constituted accessing a government computer. See, 18 U.S.C. § 1030(a)(3). As the Eighth Circuit summarized: “The language of 18 U.S.C. § 1030(e)(1) [(which defines “computer”)] is exceedingly broad. If a device is ‘an electronic . . . or other high speed data processing device performing logical, arithmetic, or storage functions, ' it is a computer. This definition captures any device that makes use of a[n] electronic data processor, examples of which are legion.” United States v. Kramer, 631 F.3d 900, 902-03 (8th Cir. 2011) (citations omitted) (noting that coffeemakers, microwave ovens, watches, telephones, children's toys, MP3 players, refrigerators, heating and air-conditioning units, radios, alarm clocks, televisions, and DVD players fit within the statutory definition of “computer”). The Kramer court further recognized that while this definition might have a broad sweep, possible over-breadth is a matter for Congress, not the courts, to correct: “As more devices come to have built-in intelligence, the effective scope of [§ 1030(e)(1)] grows. This might prompt Congress to amend the statute but does not authorize the judiciary to give the existing version less coverage than its language portends.” Id. at 904 (quoting United States v. Mitra, 405 F.3d 492, 495 (7th Cir. 2005)). BlueStone's alleged access of a government server fits within that expansive definition. Accord, United States v. Drew, 259 F.R.D. 449, 461 (C.D. Cal. 2009) (treating access of a private company's server through use of that company's website as accessing a computer under the CFAA); but cf. Fidlar Techs. v. LPS Real Estate Data Sols., Inc., 810 F.3d 1075, 1084 (7th Cir. 2016) (finding that a three-tiered system comprising county databases, a user-interface, and a “middle tier” that facilitated communication between the databases and the interface did not meet the definition of “computer”).

         Beyond this, however, Tamlyn's CFAA allegations largely fall short. He maintains that BlueStone accessed the government server “without authorization” because BlueStone secured that access only by recovering Tamlyn's log-in credentials through misrepresentation. On this score, the parties argue over whether, notwithstanding BlueStone's telephonic misrepresentations, Tamlyn's employment agreement vested in BlueStone a right to all of the data Tamlyn created in his SHOP account and thus, by definition, BlueStone was authorized to access the account irrespective of Tamlyn's consent. But Tamlyn's “without authorization” argument is hamstrung by his failure to allege plausibly that the server in question is “nonpublic.” These two elements-“without authorization” and “nonpublic”-are related, because if a computer is public, the public is de facto authorized to access it. See, Int'l Airport Centers, L.L.C. v. Citrin, 440 F.3d 418, 420 (7th Cir. 2006) (remarking in dicta that the public is authorized to access websites open to the public). Here, neither party cites any authority defining “nonpublic” in the CFAA context, and the Court's own efforts have turned up little. However, the DOJ's Office of Legal Education has explained that “nonpublic” includes “most government computers, but not [government] Internet servers that, by design, offer services to members of the general public.” U.S. Dep't of Justice Office of Legal Education, Prosecuting Computer Crimes (2015), https://www.justice.gov/ sites/default/files/criminal- cips/legacy/2015/01/14/ccmanual.pdf. Here, Tamlyn alleges that any member of the public with a broker's license can create a SHOP account and use it to access the government server. It is not clear, however, that a mere licensure requirement renders a computer “nonpublic” under subsection (a)(3), and absent any guiding authority, the Court is doubtful that it would. Ultimately, though, the Court need not decide whether Tamlyn has plausibly alleged that the accessed server was nonpublic; his CFAA claim fails for another reason.

         Simply enough, Tamlyn stumbles in alleging the requisite damages. Because none of the other “factors of harm” set forth in § 1030(c)(4)(A)(i) could plausibly fit the facts here, Tamlyn must allege that he suffered at least $5, 000 in economic damages within one year. Id.; 18 U.S.C. § 1030(g). He does not do so. Tamlyn argues the Court should simply infer that the loss of access to his SHOP account “meet[s] the requirements for a damages claim under [the] CFAA.” (Compl., Dkt. 22 at 2.) But the Twombly/Iqbal pleading standard is not so forgiving. See, Iqbal, 556 U.S. at 678; Bell Atl. Corp. v. Twombly,550 U.S. 544, 570 (2007). Tamlyn must specifically allege damages as well as an explanation for how BlueStone's conduct caused them. He cannot hope to limp into court on inference alone. See, e.g., Modrowski v. Pigatto, No. 09 C 7002, 2010 ...


Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.