Ticketmaster L.L.C. v. Prestige Entm't, Inc., 306 F. Supp. 3d 1164 (2018)

Jan. 31, 2018 · United States District Court for the Central District of California · Case No. 2:17–CV–07232–ODW (JCx)

306 F. Supp. 3d 1164

TICKETMASTER L.L.C., Plaintiff,
v.
PRESTIGE ENTERTAINMENT, INC. ; Prestige Entertainment West, Inc.; Renaissance Ventures LLC; Nicholas Lombardi, an individual; Steven K. Lichtman, an individual; and Does 1 through 10, inclusive, Defendants.

Case No. 2:17-CV-07232-ODW (JCx)

United States District Court, C.D. California.

Signed January 31, 2018

Alexandra Hill, Donald R. Brown, Mark Steven Lee, Robert H. Platt, Manatt Phelps and Phillips LLP, Los Angeles, CA, for Plaintiff.

Thomas H. Vidal, Benjamin S. Akley, Pryor Cashman LLP, Los Angeles, CA, Benjamin K. Semel, Pro Hac Vice, Pryor Cashman LLP, New York, NY, for Defendants.

ORDER GRANTING IN PART AND DENYING IN PART DEFENDANTS' MOTION TO DISMISS [24]

OTIS D. WRIGHT, II, UNITED STATES DISTRICT JUDGE

I. INTRODUCTION

Plaintiff Ticketmaster LLC ("Ticketmaster") brings this action against Defendants Prestige Entertainment, Inc. ("Prestige"), Prestige Entertainment West, Inc. ("Prestige West"), Renaissance Ventures LLC ("Renaissance"), Nicholas Lombardi, and Steven K. Lichtman. (See generally Compl., ECF No. 1.) Ticketmaster alleges claims against Defendants for: (1) breach of contract; (2) copyright infringement in violation of 17 U.S.C. § 101 et seq. ; (3) violation of the Digital Millennium Copyright Act ("DMCA"), 17 U.S.C. § 1201 et seq. ; (4) fraud; (5) aiding and abetting fraud; (6) inducing breach of contract; (7) intentional interference with contractual relations; (8) violation of the Computer Fraud and Abuse Act ("CFAA"), 18 U.S.C. § 1030 et seq. ; (9) violation of the Computer Data Access and Fraud Act ("CDAFA"), Cal. Pen. Code § 502 et seq. ; and (10) violation of the Anti-Scalping Law, N.Y. Arts & Cult. Aff. Law § 25.01 et seq.

Defendants Prestige West, Renaissance, Lombardi, and Lichtman¹ now move to dismiss the following claims: (1) copyright infringement; (2) violation of the DMCA; (3) violation of the CFAA; (4) violation of the CDAFA; (5) breach of contract; (6) fraud; and (7) the state law claims.

II. FACTUAL BACKGROUND²

Ticketmaster sells tickets for live entertainment events on behalf of its clients through its website, mobile app, and telephone call centers. (Compl. ¶ 18.) Demand often exceeds the supply of tickets available through Ticketmaster, which can result in intense competition among consumers to purchase tickets for events the moment they are available for sale. (Id. ¶ 19.) In order to make the ticket-buying process fair and equitable for its consumers, Ticketmaster employs various countermeasures. (Id. ¶ 20.) For instance, Ticketmaster limits the number of tickets that may be purchased in a single transaction and regulates the speed with which users may refresh purchase requests. (Id. ) Ticketmaster also utilizes various security measures like CAPTCHA to prevent and discourage the use of automated programs-called "bots"-that give an unfair advantage over other consumers in the ticket purchasing process. (Id. ¶ 21.)

Users must agree to Ticketmaster's Terms of Use ("TOU") before they can view and use Ticketmaster's website and mobile app. (Id. ¶¶ 24-27; see also Compl., Ex. A.) The TOU grants users a "limited, conditional, no-cost, non-exclusive, non-transferable, non-sub-licensable license to view [Ticketmaster's] Site and its Content to purchase tickets as permitted by these Terms for non-commercial purposes only if" the user agrees not to conduct certain activities. (Compl. ¶ 30.) Those prohibited activities include:

• Modify, adapt, sub-license, translate, sell, reverse engineer, decompile, or disassemble any portion of the Site ...;

• Use any robot, spider, offline reader, site search/retrieval application or other manual or automatic device, tool, or process to retrieve, index, data mine or in any way reproduce or circumvent the navigational structure or presentation of the Content or the Site, including with respect to any CAPTCHA displayed on the Site ...;

• Use any automated software or computer system to search for, reserve, buy or otherwise obtain tickets ...;

• Take any action that imposes or may impose (in [Ticketmaster's] sole discretion) an unreasonable or disproportionately large load on our infrastructure;

• Access, reload or refresh transactional event or ticketing pages, or make any other request to transactional servers, more than once during any three-second interval;

• Request more than 1,000 pages of the Site in any 24-hour period, whether alone or with a group of individuals;

• Reproduce, modify, display, publicly perform, distribute or create derivative works of the Site or the Content;

• Reproduce or scan tickets in a format or medium different from that provided by the Site;

• Decode, decrypt, modify, or reverse engineer any tickets ...;

• Use the Site or the Content in an attempt to, or in conjunction with, any device, program or service designed to circumvent any technological measure that effectively controls access to ... the Site and/or Content ... for any purpose.

(Id. ) The TOU further states that non-compliance with the TOU "constitutes unauthorized reproduction, display, or creation of unauthorized derivative versions of the Site and Content, and infringes [Ticketmaster's] copyright, trademarks, patents and other rights in the Site and Content." (Id. ¶ 31.) Ticketmaster has registered copyrights in various aspects of its website and pending applications for copyrights in its mobile apps. (See id. ¶ 28.) Users are also required to agree to a "Code of Conduct" in the TOU and abide by purchasing limits. (Id. ¶¶ 35, 37.)

For the past two years, Defendants have been using bots and dummy accounts to navigate Ticketmaster's website and mobile app to purchase large quantities of tickets. (Id. ¶¶ 40-42.) Defendants used colocation facilities with high speed bandwidth, random number and letter generators, and other evasive methods in order to avoid detection by Ticketmaster. (Id. ¶¶ 43-44, 48, 51-54.) Through the use of bots, Defendants are able to purchase and reserve large amounts of tickets in a manner impossible for a human consumer to match. (Id. ¶¶ 45, 46.) Defendants would then reproduce and resell the tickets on third-party platforms, such as StubHub.com, for profit. (Id. ¶¶ 47, 49.) Ticketmaster estimates that over the period from January 2015 to September 2016, Defendants made at least 313,528 orders using 9,047 different accounts. (Id. ¶ 55.)

In May 2015, Ticketmaster sent Lombardi, who is affiliated with Prestige, a cease-and-desist letter. (Id. ¶ 56; see also Compl., Ex. E.) Lombardi acknowledged receipt of the letter, but Defendants continued their enterprise. (Compl. ¶ 57.) Ticketmaster estimates that, for certain shows, Defendants bought between 30-40% of Ticketmaster's available inventory. (Id. )

Ticketmaster alleges that Defendants' conduct has deprived them of revenue and revenue opportunities. (Id. ¶ 67.) Defendants' use of bots have also required Ticketmaster to divert resources from servicing of other consumers and to continually escalate its anti-bot security measures, costing Ticketmaster thousands of dollars in damages. (Id. ¶¶ 70, 71.)

III. LEGAL STANDARD

A motion to dismiss under either Rule 12(c) or 12(b)(6) is proper where the plaintiff fails to allege a cognizable legal theory or where there is an absence of sufficient facts alleged under a cognizable legal theory. Bell Atl. Corp. v. Twombly , 550 U.S. 544, 555, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007) ; see also Shroyer v. New Cingular Wireless Serv., Inc. , 622 F.3d 1035, 1041 (9th Cir. 2010). That is, the complaint must "contain sufficient factual matter, accepted as true, to state a claim to relief that is plausible on its face." Ashcroft v. Iqbal , 556 U.S. 662, 678, 129 S.Ct. 1937, 173 L.Ed.2d 868 (2009) (internal quotation marks omitted).

Generally, a court should freely give leave to amend a complaint that has been dismissed, even if not requested by the party. See Fed. R. Civ. P. 15(a) ; Lopez v. Smith , 203 F.3d 1122, 1130 (9th Cir. 2000) (en banc). However, a court may deny leave to amend when it "determines that the allegation of other facts consistent with the challenged pleading could not possibly cure the deficiency." Schreiber Distrib. Co. v. Serv-Well Furniture Co. , 806 F.2d 1393, 1401 (9th Cir. 1986).

IV. DISCUSSION

A. Copyright Infringement

Defendants contend that Ticketmaster's copyright infringement claim should be dismissed because (1) Ticketmaster fails to identify registered or pending copyrights that were infringed and (2) Ticketmaster's theory of copyright infringement was rejected by the Ninth Circuit in MDY Industries, LLC v. Blizzard Entertainment, Inc. , 629 F.3d 928 (9th Cir. 2010).

1. Copyright Infringement Pleading Requirements

To establish copyright infringement, a plaintiff must allege: (1) ownership of a valid copyright; and (2) copying of the original elements of the work. L.A. Printex Indus., Inc. v. Aeropostale, Inc. , 676 F.3d 841, 846 (9th Cir. 2012).

Ticketmaster alleges that it owns registered or pending copyrights in various aspects of its website and mobile apps. Cf. Cosmetic Ideas, Inc. v. IAC/InterActiveCorp , 606 F.3d 612, 621 (9th Cir. 2010) (receipt of a completed application satisfies the registration prerequisite for an action for copyright infringement). Among those copyrights are Ticketmaster's website ticket purchase pages and its mobile apps. (See Compl. ¶ 28.) Ticketmaster also alleges that, by navigating the pages to purchase tickets, Defendants have viewed and therefore copied the entirety of thousands of pages from the Ticketmaster website and mobile apps. (See id. ¶¶ 40, 48, 65, 88.)

These allegations are not sufficient to meet the second requirement to plead copyright infringement. In Perfect 10, Inc. v. Amazon, Inc. , 508 F.3d 1146, 1169 (9th Cir. 2007), the Ninth Circuit recognized that the automatic copies created from viewing webpages are likely fair use. "The copying function performed automatically by a user's computer to assist in accessing the Internet is a transformative use ... Such automatic background copying has no more than a minimal effect on [plaintiff's] rights, but a considerable public benefit." Id. Ticketmaster has not alleged sufficient facts showing that Defendants' copying was anything more than the automatic background copying that occurs when users browse the internet.

Ticketmaster's cited cases do not advance its argument. The Ninth Circuit has recognized that loading "software into a computer constitutes the creation of a copy under the Copyright Act." MAI Systems Corp. v. Peak Computer, Inc. , 991 F.2d 511, 519 (9th Cir. 1993). MAI Systems , however, addressed computer software, not websites. Indeed, the court in MAI Systems noted that not all copies made onto a computer constitute copying for the purposes of the Copyright Act. 991 F.2d at 519 ("We recognize that these authorities are somewhat troubling since they do not specify that a copy is created regardless of whether the software is loaded into the RAM, the hard disk or the read only memory ('ROM')."). Ticketmaster also cites to Ticketmaster L.L.C. v. RMG Techs., Inc. , 507 F.Supp.2d 1096, 1105-06 (C.D. Cal. 2007). RMG , however, was decided before Perfect 10 .

A court must determine whether to grant leave to amend when dismiss a claim. Schreiber , 806 F.2d at 1401 (9th Cir. 1986). Leave to amend may be denied when "allegation of other facts consistent with the challenged pleading could not possibly cure the deficiency." Id. The Court will therefore consider whether infringement of Ticketmaster's TOU could constitute copyright infringement.

2. Copyright Infringement and Terms of Use

A "copyright owner who grants a nonexclusive, limited license ordinarily waives the right to sue licensees for copyright infringement, and it may sue only for breach of contract." Sun Microsystems, Inc. v. Microsoft Corp. , 188 F.3d 1115, 1121 (9th Cir. 1999) (citations and quotations omitted). "However, if the licensee acts outside the scope of the license, the licensor may sue for copyright infringement." MDY , 629 F.3d at 939. But "the potential for copyright infringement exists only where the licensee's action (1) exceeds the license's scope (2) in a manner that implicates one of the licensor's exclusive statutory rights." Id. at 940. "[F]or a licensee's violation of a contract to constitute copyright infringement, there must be a nexus between the condition and the licensor's exclusive rights of copyright." Id. at 941. Otherwise, a copyright holder "could designate any disfavored conduct during [use] as copyright infringement." Id.

Contractual terms that limit a license's scope are conditions, while all other license terms are covenants. See id. at 939. Breaches of conditions constitute copyright infringement, while breaches of covenants are only actionable under contract law. Id. "[C]onditions and covenants are distinguished according to state contract law, to the extent consistent with federal copyright law and policy." Id. Under California law, "[a] covenant is a promise to do or refrain from doing a specific act. A condition is a qualification to the parties' obligations; if it occurs, the interest is terminated or enlarged."

San Mateo Cmty. Coll. Dist. v. Half Moon Bay Ltd. P'ship , 65 Cal. App. 4th 401, 411, 76 Cal.Rptr.2d 287 (1998). "A condition is created by the mutual assent of the parties and is binding on both, while a covenant is binding on the covenantor only." Id.

Ticketmaster contends that the following restrictions and protocols in the TOU are conditions:

• Copying from the Site or Apps for "non-commercial purposes";

• Copying fewer than 1,000 pages of the Site in any 24-hour period;

• Making fewer than 800 reserve requests on the Site in any 24-hour period;

• Copying transactional event or ticketing pages no more than once during any three-second interval;

• Reproducing tickets in the same format or medium as provided by the Site;

• Not modifying any portion of the Site to create derivative works;

• Not using any robot, spider, or other device, tool, or process to reproduce the Site or its Content, and thereby violate the reproduction limits of the license;

• Not using any automated software or computer system to obtain tickets or other items available on the Site for the same reasons;

• Not taking any action that may impose an unreasonably large load on Ticketmaster's computer infrastructure;

• Not decoding or reverse engineering any tickets or underlying algorithms or barcodes used on or in the production of tickets on the Site; and

• Not trying to circumvent any technological measure that effectively controls access to, or the rights in, the Site or Content.

(See Opp'n 7, ECF No. 25; see also Compl. ¶ 30.) Although Ticketmaster's TOU asserts that these terms are "conditions," whether a term is a condition depends on "the whole contract, its purpose, and the intention of the parties ..." JMR Constr. Corp. v. Envtl. Assessment & Remediation Mgmt., Inc. , 243 Cal. App. 4th 571, 596, 198 Cal.Rptr.3d 47 (2015) (citations and quotations omitted); see also Pac. Allied v. Century Steel Prods. , 162 Cal. App. 2d 70, 79-80, 327 P.2d 547 (1958) (conditions are disfavored by the law). In the "Violation of these Terms" section, the TOU states: "[Ticketmaster] may investigate any violation of these Terms [and] [i]f that happens, [the user] may no longer use the Site or any Content." (Compl., Ex. A 5.) The use of "may" demonstrates that the TOU only imposes covenants, not conditions. Neither party's obligations are "terminated or enlarged" if a violation occurs because the parties' interests do not change unless and until Ticketmaster chooses to act. Half Moon Bay , 65 Cal. App. 4th at 411, 76 Cal.Rptr.2d 287. Such promises are not conditions. Ticketmaster fails to satisfy the first prong of MDY .

In addition, some of the terms of Ticketmaster's TOU do not satisfy the second prong of MDY -whether the breach implicates an exclusive right of copyright. Use of bots or automatic software, for instance, does not implicate an exclusive right of copyright and cannot constitute the basis of copyright infringement. MDY , 629 F.3d at 941. Similarly, Ticketmaster's limitations on the amount of times Defendants may request pages of the Website, send ticket reservation requests, or refresh transactions also do not implicate any exclusive right of copyright. These limitations serve to limit the number of transactions or to reduce server load. Cf. Perfect 10 , 508 F.3d at 1169-70 (automatic cache copies decreases network latency and minimize unnecessary bandwidth usage).

Accordingly, the Court GRANTS Defendants' Motion to Dismiss Plaintiff's claim for copyright infringement. Dismissal is without leave to amend to the extent that Plaintiff's copyright infringement claim is based on Defendants' use of bots, by exceeding the TOU limitations on the number of page refreshes or ticket requests, or by placing imposing a large load on Ticketmaster's servers.

B. Digital Millennium Copyright Act

The DMCA provides that: "[n]o person shall circumvent a technological measure that effectively controls access to a [copyrighted] work." 17 U.S.C. § 1201(a)(1). Circumvention means to "descramble a scrambled work, decrypt an encrypted work, or otherwise avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner.' " 17 U.S.C. § 1201(a)(3)(A) ; see also Disney Enters. v. VidAngel, Inc. , 869 F.3d 848, 863 (9th Cir. 2017). Copyright infringement is not required to state a claim under 17 U.S.C. § 1201(a)(1). MDY , 629 F.3d at 950.

As stated above, Ticketmaster alleged that it has a copyright in various aspects of its website and mobile apps. (Compl. ¶ 28.) In order to access those copyrighted pages, Defendants must bypass security measures, including CAPTCHA and "splunk," unique identifiers for ticket purchasers used to determine if users are exceeding purchase limits. (Id. ¶¶ 21, 22.) According to Ticketmaster, Defendants circumvent these security measures by using bots or "CAPTCHA farm" laborers. (Id. ¶¶ 51-53, 103.) These allegations are sufficient to state a claim under the DMCA.

Defendants first argue that Ticketmaster's allegations are too vague to state a claim. However, there are no heightened pleading requirements for a DMCA circumvention claim. Ticketmaster only needs to allege facts that, accepted as true, "state a claim to relief that is plausible on its face." Iqbal , 556 U.S. at 678, 129 S.Ct. 1937.

Defendants also argue that CAPTCHA and splunk are not "technological measures" as defined under the DMCA. This argument is unpersuasive. As Defendants acknowledge, a CAPTCHA prevents a user from proceeding further to gain access to copyrighted pages. CAPTCHA is therefore a "technological measure that effectively controls access to a [copyrighted] work." 17 U.S.C. § 1201(a)(1). By using bots or CAPTCHA farms, Defendants are "avoiding" CAPTCHA without the authority of Ticketmaster. The fact that legitimate users can complete a CAPTCHA in an identical manner is irrelevant-legitimate users do so with "the authority of [Ticketmaster]" and thus do not violate the DMCA. 17 U.S.C. § 1201(a)(3)(A). Whether a method of circumvention has innocent uses is irrelevant-the DMCA is concerned with the circumvention itself, not the method. Defendants' use of colocation facilities and other methods, such as deleting tracking tools like "cookies," are also actionable under the DMCA if used to circumvent Ticketmaster's technological measures. Accordingly, the Court DENIES Defendants' Motion to Dismiss Ticketmaster's DMCA claim.

C. Computer Fraud and Abuse Act

The CFAA prohibits computer trespass by those who are not authorized users or who exceed authorized use. Facebook, Inc. v. Power Ventures , 844 F.3d 1058, 1065-66 (9th Cir. 2016) (citing 18 U.S.C. § 1030(a)(2)(C) ). "The statute thus provides two ways of committing the crime of improperly accessing a protected computer: (1) obtaining access without authorization; and (2) obtaining access with authorization but then using that access improperly." Musacchio v. United States , --- U.S. ----, 136 S.Ct. 709, 713, 193 L.Ed.2d 639 (2016). "Any person who suffers damage or loss by reason of a violation of this section" has a private right of action. 18 U.S.C. § 1030(g).

"Congress enacted the CFAA in 1984 primarily to address the growing problem of computer hacking ..." United States v. Nosal , 676 F.3d 854, 858 (9th Cir. 2012). In order to avoid criminalizing a wide range of innocent conduct, the Ninth Circuit narrowly interpreted the CFAA's prohibitions against computer access "without authorization" to apply to "outside hackers (individuals who have no authorized access to the computer at all)" and "exceeds authorized access" to "inside hackers (individuals whose initial access to a computer is authorized but who access unauthorized information or files)." Id. (emphasis in original). Recognizing that terms of use are often "vague and generally unknown [and] website owners retain the right to change the terms at any time and without notice," the CFAA's prohibition against "exceed[ing] authorized access ... does not extend to violations of use restrictions." Id. at 863. Rather, " 'exceeds authorized access' in the CFAA is limited to violations of restrictions on access to information, and not restrictions on its use. " Id. at 864 (emphasis in original).

In Facebook, Inc. v. Power Ventures, Inc. , 844 F.3d 1058, 1067 (9th Cir. 2016), the Ninth Circuit reiterated that "a violation of the terms of use of a website-without more-cannot establish liability under the CFAA." However, "a defendant can run afoul of the CFAA when he or she has no permission to access a computer or when such permission has been revoked explicitly." Id. For example, the plaintiff in Facebook expressly rescinded permission by sending a cease-and-desist letter demanding that the defendant stop using its website and by imposing blocks on the defendant's IP addresses. Id. at 1068.

In this case, the issue is whether Defendants lacked authorization or exceeded their authorization when using Ticketmaster's website or mobile apps. Ticketmaster contends that Defendants lacked or exceeded their authorization by violating its TOU, even after it sent Defendants a cease-and-desist letter outlining the alleged violations. However, "[t]he mention of the terms of use in the cease and desist letter is not dispositive." Facebook , 844 F.3d at 1067 n.3. Ticketmaster must show that Defendants either lacked authorization to access its website, or that Defendants exceeded such authorization.

Ticketmaster has not shown that it rescinded permission from Defendants to use its website. In its cease-and-desist letter, Ticketmaster outlined Defendants' TOU violations, including Defendants' use of bots or automated software, imposing a large load on Ticketmaster's infrastructure, requesting more than 1,000 pages in a 24-hour period, making more than 800 ticket reservation requests in a 24-hour period, and circumventing CAPTCHA. (See Compl., Ex. E 3.) Ticketmaster then demanded that "[Lombardi], Prestige, and any other companies or individuals under [Lombardi's] direction or control cease and desist from any further violations of Ticketmaster's rights." (Id. at 4.) These demands admonish Defendants for violating the TOU, but do not actually revoke access authority. Cf. Facebook , 844 F.3d at 1067 ; Craigslist, Inc. v. 3Taps, Inc. , 964 F.Supp.2d 1178, 1184 (N.D. Cal. 2013). Indeed, Ticketmaster's Complaint is wholly devoid of any allegations suggesting that Ticketmaster took steps to prevent Defendants from future access. For example, Ticketmaster did not allege that they shut down Defendants' accounts or attempted to block their IP addresses. See Facebook , 844 F.3d at 1067. Rather, Ticketmaster's cease-and-desist letter appears to imply that Defendants could continue to use Ticketmaster's website so long as they abide by the TOU.

Therefore, Ticketmaster must base its CFAA claim on the second prong-that Defendants exceeded their authorization to use its website. In the Ninth Circuit, "exceed authorization" claims require some showing that defendants are "inside hackers" who accessed unauthorized information or files. Nosal , 676 F.3d at 863. However, Ticketmaster's allegations are limited to Defendants' TOU violations. Nosal precludes such claims.

Ticketmaster relies on United States v. Lowson , No. 10-114, 2010 WL 9552416 (D.N.J. Oct. 12, 2010), for the proposition that violating code-based restrictions satisfies the requirement that CFAA claims based on terms of use violations must plead "more." See Facebook , 844 F.3d at 1067 ("violation of the terms of use of a website-without more-cannot establish liability under the CFAA.") Lowson , however, has little persuasive weight as an out-of-circuit case decided before Nosal and Facebook . Moreover, Lowson is distinguishable. In Lowson , the defendants accessed unauthorized information when they "allegedly acquired source code the vendors used to protect their website." 2010 WL 9552416, at *2. The Lowson defendants were also charged with "implementing 'hacks' and 'backdoors' to enable automated programs to purchase tickets." Id. at *5. By contrast, Ticketmaster's allegations in this case are limited to bot and automated software use. Ticketmaster does not allege that Defendants gained access to unauthorized information.

For these reasons, the Court GRANTS Defendants' Motion to Dismiss Ticketmaster's CFAA claim with leave to amend.³

D. California's Computer Data Access and Fraud Act

The CDAFA is California's state-law analogue to the CFAA. Under the CDAFA, "any person who commits any of the following acts is guilty of a public offense ... knowingly and without permission uses or causes to be used computer services ..." Cal. Pen. Code § 502(c)(3). "In contrast to the CFAA, the [CDAFA] does not require unauthorized access." U.S. v. Christensen , 828 F.3d 763, 789 (9th Cir. 2016) (emphasis in original). "A plain reading of the statute demonstrates that its focus is on unauthorized taking or use of information." Id. The parties appear to agree that, in this case, there is no distinction between the CFAA's prohibition against unauthorized access and the CDAFA's prohibition against unauthorized use. (See Mot. 21; Opp'n 20-21.)

Oracle USA, Inc. v. Rimini St., Inc. , 879 F.3d 948 (9th Cir. 2018), is directly on point. In Oracle , the Ninth Circuit held "that taking data using a method prohibited by the applicable terms of use, when the taking itself generally is permitted, does not violate the CDAFA." Id. at 962. "[Plaintiff] obviously disapproved of the method-automated downloading-by which [defendant] took [plaintiff's] proprietary information," but defendant is only liable if it was not authorized to take and use the information that it downloaded. Id.

Here, as explained above, Ticketmaster never withdrew authorization to use its website. Ticketmaster's cease-and-desist letter only expressed its disapproval of the method by which Defendants accessed the website. This is insufficient to state a claim under the CDAFA. For these reasons, the Court GRANTS Defendants' Motion to Dismiss Ticketmaster's CDAFA claim with leave to amend.⁴

E. Breach of Contract

Defendants argue that Ticketmaster's breach of contract claim should be dismissed because it fails to adequately plead damages. Specifically, Defendants argue that Ticketmaster's liquidated damages provision is unenforceable and Ticketmaster does not adequately allege compensatory damages.

1. Liquidated Damages

California law applies a two-part test to determine whether liquidated damages provisions are valid: (1) fixing the amount of actual damages must be impracticable or extremely difficult; and (2) the amount selected must "represent a reasonable endeavor by the parties to estimate a fair compensation for the loss sustained." Util. Consumers' Action Network, Inc. v. AT & T Broadband of S. Cal. , 135 Cal. App. 4th 1023, 1029, 37 Cal.Rptr.3d 827 (2006) (quoting Rice v. Schmid , 18 Cal. 2d 382, 385-86, 115 P.2d 498 (1941) ). Whether a "reasonable endeavor was made depends on both (1) the motivation and purpose in imposing the charges, and (2) their effect." Id. Liquidated damages provisions in standard form contracts are not presumptively unenforceable. Id. at 1038, 37 Cal.Rptr.3d 827.

Here, the damages associated with Defendants' alleged activity include costs that can be readily fixed, as well as costs that are difficult to determine. Infrastructure costs, such as additional security measures and monitoring costs, are easily calculable. But Ticketmaster also alleged costs associated with loss of consumer goodwill and deterrence. (Compl. ¶¶ 65, 71.) These costs are impracticable or extremely difficult to fix. Therefore, Ticketmaster has satisfied the first element.

The second element is similarly satisfied. Ticketmaster's liquidated damages provision sets liquidated damages at $0.25 per page request or reserve request made in excess of 1,000 pages or 800 reserve requests per 24-hour period. The high threshold before the liquidated damages provision applies suggests that there is no improper motive or purpose behind the provision.⁵ At this stage of the proceedings, Ticketmaster's liquidated damages provision appears enforceable.

2. Compensatory Damages

As explained above, Ticketmaster has alleged that it suffered damages in the form of infrastructure costs, loss of consumer goodwill, and costs associated with deterrence. These costs are sufficient to allege compensatory damages. See Rent-a-Center, Inc. v. Canyon Television & Appliance Rental, Inc. , 944 F.2d 597, 603 (9th Cir. 1991) (loss of goodwill is a compensable injury).

Defendants contend that Ticketmaster's compensatory damages are speculative because Ticketmaster profits off of Defendants' activity. (See Mot. 28.) According to Defendants, Ticketmaster only cancels orders when it is clear that those tickets can be resold. Otherwise, Ticketmaster simply pockets the proceeds of Defendants' purchases. (Id. ) Defendants' theory, however, is itself speculative. On a motion to dismiss, the Court can only consider the facts alleged in Ticketmaster's Complaint. See Iqbal , 556 U.S. at 678, 129 S.Ct. 1937 (2009). For these reasons, the Court DENIES Defendants' Motion to Dismiss Ticketmaster's breach of contract claim.

F. Fraud

Defendants contend that Ticketmaster failed to satisfy the requirements of Federal Rule of Civil Procedure 9(b) and plead the elements of promissory fraud.

Where the plaintiff's claim sounds in fraud, the complaint must comply with Federal Rule of Civil Procedure 9(b)'s heightened pleading standard. Mendiondo v. Centinela Hosp. Med. Ctr. , 521 F.3d 1097, 1103 (9th Cir. 2008) ; Bly-Magee v. Cal. , 236 F.3d 1014, 1018 (9th Cir. 2001). Rule 9(b) requires the party alleging fraud to "state with particularity the circumstances constituting fraud," Fed. R. Civ. P. 9(b), including "the who, what, when, where, and how of the misconduct charged." Ebeid ex rel. United States v. Lungwitz , 616 F.3d 993, 998 (9th Cir. 2010) (internal quotation marks omitted); Vess v. Ciba-Geigy Corp. USA , 317 F.3d 1097, 1106 (9th Cir. 2003). " Rule 9(b) serves to give defendants adequate notice to allow them to defend against the charge and to deter the filing of complaints as a pretext for the discovery of unknown wrongs, to protect professionals from the harm that comes from being subject to fraud charges, and to prohibit plaintiffs from unilaterally imposing upon the court, the parties and society enormous social and economic costs absent some factual basis." In re Stac Elecs. Sec. Litig. , 89 F.3d 1399, 1405 (9th Cir. 1996) (citations, brackets, and internal quotation marks omitted).

In California, promissory fraud consists of the following elements: (1) a promise without any intention of performing it; (2) intent to deceive or intent to induce the party to whom it was made to enter into the transaction; (3) reasonable reliance by the party to whom it was made; (4) the party making the promise did not perform; and (6) the party to whom the promise was made was injured. Regus v. Schartkoff , 156 Cal. App. 2d 382, 389, 319 P.2d 721 (1957).

Ticketmaster alleges that every time Defendants created an account, they assented to the TOU with the intent to breach the TOU by using bots and automated software to purchase large quantities of tickets. (See Compl. ¶¶ 113-23.) Ticketmaster also alleges that it relied on these representations and sold Defendants tickets, resulting in damage to its reputation, loss of advertising revenue, and increased infrastructure costs. (Id. ¶¶ 8, 23, 65, 67, 70, 71.) These allegations satisfy Rule 9(b) and California's pleading requirements for promissory fraud.

Defendants argue that Ticketmaster failed to adequately plead intent because Ticketmaster does not allege when it entered into a contract with Defendants. (Mot. 32.) This argument is unavailing. Ticketmaster alleged that Defendants had the requisite intent to defraud every time Defendants created an account. For these reasons, the Court DENIES Defendants' Motion to Dismiss Ticketmaster's fraud claims.

G. State Law Claims

Defendants contend that Ticketmaster's remaining state law claims should be dismissed for lack of subject matter jurisdiction and personal jurisdiction as to Renaissance, Lombardi, and Lichtman (collectively, "Foreign Defendants"). (Mot. 33-34.)

Defendants do not contest that Ticketmaster's state law claims arise out of the same case or controversy as its federal claims. Because Ticketmaster has stated a claim under the DMCA and its CFAA claim is capable of amendment, the Court will exercise supplemental jurisdiction over the state law claims pursuant to 28 U.S.C. § 1367.

A federal court may exercise personal jurisdiction over a defendant if he or she has "minimum contacts" with the relevant forum and if the exercise of jurisdiction does not offend "traditional notions of fair play and substantial justice." Int'l Shoe Co. v. Washington , 326 U.S. 310, 316, 66 S.Ct. 154, 90 L.Ed. 95 (1945). Specific personal jurisdiction is analyzed according to a three-prong test:

(1) The non-resident defendant must purposefully direct his activities or consummate some transaction with the forum or resident thereof; or perform some act by which he purposefully avails himself of the privilege of conducting activities in the forum, thereby invoking the benefits and protections of its laws;

(2) the claim must be one which arises out of or relates to the defendant's forum-related activities; and

(3) the exercise of jurisdiction must comport with fair play and substantial justice, i.e. it must be reasonable.

Schwarzenegger v. Fred Martin Motor Co. , 374 F.3d 797, 802 (9th Cir. 2004). Defendants only contest the first two prongs. (See Mot. 34.)

The Foreign Defendants have purposefully availed themselves of this forum by buying large amounts of tickets through Ticketmaster, which is headquartered in Los Angeles. (Compl. ¶ 10.) The Foreign Defendants' ticket purchases also form the basis of Ticketmaster's claims. Ticketmaster has sufficiently alleged that this Court has specific personal jurisdiction over the Foreign Defendants. Accordingly, the Court DENIES Defendants' Motion to Dismiss Ticketmaster's state law claims for lack of jurisdiction.

V. CONCLUSION

For the reasons discussed above, the Court GRANTS IN PART and DENIES IN PART Defendants' Motion to Dismiss. (ECF No. 24.) Dismissal is with leave to amend, except as to Ticketmaster's second claim for copyright infringement to the extent it relies on Defendants' TOU violations described in this Order. Should Ticketmaster wish to file an amended complaint, it must do so within twenty-one days of the date of this Order. Ticketmaster must also lodge with the Court, and serve on Defendants, a redlined copy of the amended pleading so that the Court can decipher the amendments to its complaint.

IT IS SO ORDERED.

1 There is no evidence on the docket that Defendant Prestige has been served with this lawsuit, and Prestige does not join in this Motion.

2 All factual references are allegations taken from Plaintiff's Complaint and accepted as true for purposes of this Motion. See Ashcroft v. Iqbal , 556 U.S. 662, 678, 129 S.Ct. 1937, 173 L.Ed.2d 868 (2009).

3 Because Ticketmaster's CFAA claim is dismissed and is capable of amendment, the Court declines to address Defendants' remaining arguments.

4 Ticketmaster also argues that circumventing technical barriers, like CAPTCHA, constitutes improper use. (See Opp'n 21 (citing In re Facebook Privacy Litig. , 791 F.Supp.2d 705, 715 (N.D. Cal. 2011) ).) However, the cases Ticketmaster cites for this propsition all predate the Ninth Circuit's recent decisions in Christensen and Oracle . Moreover, the technical barriers in cases that apply such a presumption do more than impede access-they attempt to prevent access entirely. See, e.g. , Facebook, Inc. v. Power Ventures, Inc. , No. C 08-05780, 2010 WL 3291750, at *11 (N.D. Cal. July 20, 2010) (plaintiff blocked IP addresses).

5 Defendants point out that in 2007, Ticketmaster set its liquidated damages rate to $10 per page request in excess of 1,000 per 24-hour period. (See Mot. 27 (citing Ticketmaster, LLC v. RMG Techs., Inc. , 2007 WL 3084480 (C.D. Cal. June 25, 2007) ).) Defendants contend that the large discrepancy between the current rate and the 2007 rate demonstrates that the liquidated damages provisions are not reasonably calculated. But the fact that the rate differs is not dispositive-liquidated damages provisions are permitted because damages are difficult to calculate. Furthermore, the fact that the current rate is now 40 times lower than the previous amount suggests that Ticketmaster made an effort to make the provision reasonable.