descrybe logo
You are viewing a free summary from Descrybe.ai. For citation and good law / bad law checking, legal issue analysis, and other advanced tools, explore our Legal Research Toolkit — not free, but close.

NetApp, Inc. v. Nimble Storage, Inc.

Citations: 41 F. Supp. 3d 816; 2014 WL 1903639; 2014 U.S. Dist. LEXIS 65818Docket: Case No.: 5:13-CV-05058-LHK (HRL)

Court: District Court, N.D. California; May 12, 2014; Federal District Court

EnglishEspañolSimplified EnglishEspañol Fácil
The court, presided over by Judge Lucy H. Koh, issued an order partially granting and partially denying motions to dismiss filed by defendants Nimble Storage, Inc., Michael Reynolds, and former NetApp employees Daniel Weber, Sandhya Klute, Timothy Binning, Neil Glick, and Christopher Alduino. Plaintiff NetApp, Inc. accused these defendants of unfair competition, alleging that Nimble targeted former NetApp employees and proprietary information to gain market advantage. The case stems from claims that Reynolds accessed confidential NetApp data while employed at Thomas Duryea Consulting before joining Nimble. NetApp alleges that the former employees breached their Proprietary Information and Inventions Agreements by taking or destroying confidential data prior to their departure to Nimble. The lawsuit was filed on October 29, 2013, alleging unauthorized access and theft of proprietary information. Defendants contested the claims based on insufficient factual pleading and jurisdictional issues, particularly concerning Reynolds. The court held a hearing on the motions on May 8, 2014, after which it ruled on the motions collectively.

On January 17, 2014, the Court issued an order allowing NetApp to withdraw its motion for jurisdictional discovery without prejudice, with the option to renew after amending its complaint. Following this, jurisdictional discovery disputes were renewed. On January 10, 2014, NetApp filed a First Amended Complaint, introducing individual defendants Binning, Glick, and Alduino, and asserting claims against multiple defendants for violations of the Computer Fraud and Abuse Act, trespass to chattel, trade secret misappropriation, breach of contract, intentional interference with contract, and unfair competition. On February 18, 2014, the defendants filed motions to dismiss all claims based on challenges to the sufficiency of NetApp’s pleadings, with Nimble arguing for dismissal of state law claims due to a lack of supplemental jurisdiction and seeking a more definite statement under Rule 12(e). Reynolds sought dismissal based on lack of personal jurisdiction and failure to state a claim. The former employee defendants collectively moved to dismiss on similar grounds and sought to incorporate motions filed by Nimble and Reynolds. On March 27, 2014, NetApp opposed these motions, providing supporting declarations and requesting judicial notice of facts related to Nimble’s operations. Defendants filed replies on April 10, 2014, and a hearing was held on May 8, 2014. The legal standards for a motion to dismiss under Rule 12(b)(6) require a complaint to provide a short and plain statement of the claim, showing that the pleader is entitled to relief. A complaint may be dismissed if it does not plead enough facts to make a claim plausible on its face, as established in case law.

The plausibility standard requires more than mere possibility for unlawful conduct by a defendant but does not equate to a probability threshold. In evaluating a Rule 12(b)(6) motion, courts accept factual allegations as true and view them favorably for the nonmoving party. The review scope is generally limited to the complaint's contents, although courts may disregard allegations contradicted by judicially noticeable facts and consider public records without converting the motion into one for summary judgment. Legal conclusions presented as factual allegations are not automatically accepted as true, and mere conclusory claims are insufficient to oppose a motion to dismiss. Additionally, a plaintiff may inadvertently dismiss their claim by pleading facts that demonstrate a lack of merit.

For a motion to dismiss under Rule 12(b)(2) concerning personal jurisdiction, the plaintiff bears the burden to establish jurisdiction, needing only to make a prima facie case if the motion is the defendant's initial response. While a plaintiff cannot solely rely on bare allegations, uncontroverted ones must be accepted as true, and factual disputes are resolved in the plaintiff's favor.

Supplemental jurisdiction allows federal courts to hear state-law claims closely related to federal claims. However, courts may decline to exercise this jurisdiction if the state claim significantly dominates the federal claim. Federal courts have discretion to dismiss state claims when all federal claims are dismissed, weighing factors like economy, convenience, fairness, and comity in their decision.

Leave to amend a dismissal with prejudice is only appropriate if it is evident that the complaint cannot be saved by any amendment. Courts are generally required to grant leave to amend when dismissing a complaint for failure to state a claim, even without a request to amend, unless the pleading is deemed incurable. However, courts may deny leave to amend if the proposed amendment would be futile. 

In the case at hand, the defendants raise various legal theories that may dispose of multiple claims. Supplemental jurisdiction over NetApp's state law claims relies on the viability of its Computer Fraud and Abuse Act (CFAA) claim, which is the only federal cause of action and targets only defendants Nimble and Reynolds. Both defendants challenge the sufficiency of the CFAA claims under Rule 12(b)(6), while Reynolds also contests personal jurisdiction. 

The court will first examine Reynolds’s argument regarding personal jurisdiction, followed by an assessment of the sufficiency of NetApp’s CFAA claims, the issue of supplemental jurisdiction, and the adequacy of NetApp’s other claims within the court's jurisdiction. 

The court also addresses NetApp’s Request for Judicial Notice, acknowledging that while it cannot consider materials beyond the pleadings in a Rule 12(b)(6) motion, it can take judicial notice of documents referenced in the complaint and public records. NetApp seeks to notice four Nimble webpages and SEC filing excerpts, which the court grants as the defendants have not opposed and the materials are relevant.

Regarding personal jurisdiction over Reynolds, who is an Australian resident, he argues that the court lacks jurisdiction. NetApp contends that specific personal jurisdiction is established due to Reynolds's attempts to access its computer systems in California. The court supports NetApp's position on specific jurisdiction, noting that in the absence of a governing federal statute, it applies state law, which aligns with federal due process standards.

For a court to assert personal jurisdiction over a nonresident defendant, the defendant must have 'minimum contacts' with the forum, ensuring that jurisdiction aligns with fair play and substantial justice. The Ninth Circuit applies a three-part test for specific jurisdiction: (1) the defendant must purposefully direct activities or engage in transactions with the forum, thereby availing themselves of its laws; (2) the claim must arise out of or relate to the defendant’s forum-related activities; and (3) the exercise of jurisdiction must be reasonable. The plaintiff bears the burden for the first two prongs, after which the burden shifts to the defendant to demonstrate that jurisdiction would be unreasonable.

The first prong is evaluated differently for tort and contract claims, with tort claims using the 'purposeful direction' standard and contract claims using the 'purposeful availment' standard. In this case, the plaintiff alleges both types of claims based on unauthorized access to their computers, necessitating an assessment under both standards. The court finds that the first prong is satisfied for all claims against the defendant.

To meet the 'purposeful direction' standard for tort claims, the defendant's conduct must satisfy an 'effects test' requiring: (1) an intentional act; (2) aimed at the forum state; and (3) causing harm that the defendant knew was likely to be suffered in the forum. The court evaluates all contacts with the forum, regardless of wrongful activity. The allegations indicate that the defendant intentionally accessed the plaintiff's computer systems without permission, supported by declarations and evidence documenting this access. These facts are sufficient to demonstrate intentional activities and satisfy the first prong of the jurisdictional test.

The second part of the effects test examines whether Reynolds "expressly aimed" his actions at California, with the analysis varying based on the type of tort involved. NetApp alleges that Reynolds improperly accessed its California-based computer systems after receiving password-protected access during his employment with TDC. Key points include that the relevant systems were located in California, Reynolds was informed of this location, and he accessed these systems multiple times between June and August 2013 after leaving TDC. He also accepted an end user license agreement (EULA) that was deemed executed in California and governed by its law. 

Reynolds contests the adequacy of these allegations, claiming that his actions occurred in Australia and he was unaware of the systems' location. However, the arguments do not negate jurisdiction as NetApp's allegations suggest Reynolds knew he was accessing systems in California. Jurisprudence supports that similar online activities can establish personal jurisdiction. The Ninth Circuit's decision in Panavision affirmed jurisdiction for an individual who registered domain names infringing on a California company's trademarks, despite the defendant's claims of not directing actions toward California. A recent case against out-of-state parties accessing Facebook also acknowledged jurisdiction based on deliberate actions toward a website, irrespective of the parties' knowledge of its physical location.

Reynolds's cited case, Jewish Defense Organization, is distinguishable as it involved passive online conduct without a clear connection to California, contrasting with the active targeting present in the Panavision case. Thus, the nature of Reynolds's actions, combined with NetApp's factual allegations, supports the assertion of personal jurisdiction in California.

Reynolds is accused of actively violating access restrictions by deliberately accessing NetApp’s proprietary databases after working for the company, despite receiving multiple warnings regarding access limitations. His reliance on *Pfister v. Selling Source, LLC* is noted, where the court found that merely having a highly interactive website does not establish personal jurisdiction. However, *Pfister* pertains to general jurisdiction and does not negate the possibility of specific jurisdiction based on Reynolds’s actions, which were directed at California. The court finds that Reynolds "expressly aimed" his activities at California, knowing that his actions would likely cause harm to NetApp, which is based in California. 

The analysis confirms that all three components of the effects test are satisfied, indicating "purposeful direction" concerning tort claims. Regarding contract claims, there is a dispute over whether Reynolds's acceptance and breach of the Synergy EULA demonstrate "purposeful availment." Nevertheless, the court notes that it can assert pendent personal jurisdiction over the contract claims since they share a common nucleus of facts with the tort claims, both stemming from Reynolds's unauthorized computer access.

The court also evaluates whether NetApp’s claims arise from Reynolds’s forum-related activities, concluding that NetApp’s injuries are directly linked to Reynolds's misconduct. For the reasonableness prong, Reynolds must show that asserting jurisdiction would violate "fair play and substantial justice," considering factors such as his involvement in the forum's affairs, the burden on him, conflicts of sovereignty, the forum state’s interest, judicial efficiency, the importance of the forum for the plaintiff, and the existence of alternative forums.

Reynolds claims that being subjected to California's jurisdiction is burdensome due to his residence in Australia and minimal contacts with the state. The Supreme Court acknowledges that foreign defendants may experience unique burdens but has upheld jurisdiction over foreign parties in past cases. California's significant interest in resolving local harm supports jurisdiction, and Reynolds has not identified any alternative forum. He argues that NetApp's assertion of jurisdiction is overly broad, as it could imply that anyone receiving materials from a California company could be summoned to court there. However, the court counters that Reynolds is accused of intentionally accessing a client’s databases for financial gain, not just passively receiving materials. Legislative history of the Computer Fraud and Abuse Act (CFAA) indicates an intent to address foreign activities, and Reynolds has not shown that jurisdiction is unreasonable for someone who intrudes on California's computer systems purposefully. Consequently, the court denies Reynolds's motion to dismiss for lack of personal jurisdiction and deems NetApp's motion for jurisdictional discovery moot. 

The court then focuses on the sufficiency of NetApp's CFAA claims against Reynolds and Nimble. The CFAA establishes civil liability for intentionally accessing a protected computer without authorization or exceeding authorized access, resulting in information theft or damage. NetApp alleges that Nimble, through Reynolds, violated various sections of the CFAA by accessing its computers unlawfully and obtaining secret information, as well as causing damage to its systems.

NetApp alleges that Nimble and Reynolds conspired to violate the Computer Fraud and Abuse Act (CFAA). The defendants challenge the sufficiency of NetApp's claims under Rule 12(b)(6). Reynolds contends that NetApp has not provided sufficient facts to suggest he accessed computers without authorization or exceeded authorized access, as required by the CFAA provisions. He argues that his access was never revoked after leaving TDC, implying he did not breach any technological barriers, which he claims is essential to prove lack of authorization.

NetApp counters that circumvention of technological barriers is not necessary for CFAA liability and asserts that Reynolds lost his permission to access its systems upon leaving TDC. The court agrees with NetApp, stating that the scope of authorized access under the CFAA does not solely depend on technological barriers. The Ninth Circuit has not definitively addressed the issue of whether access is unauthorized when a person retains access after changing jobs, but case law supports NetApp’s position. In LVRC Holdings LLC v. Brekka, the court clarified that 'without authorization' means accessing a computer without any permissions, while 'exceeds authorized access' refers to an individual who has permission but violates imposed limits. Thus, an employee can violate the CFAA by accessing information beyond their authorized scope even if they initially had permission to use the computer.

A person accessing a computer 'without authorization' lacks any rights regarding that access. In Brekka, the Ninth Circuit affirmed summary judgment, concluding that the worker's access during employment did not violate the Computer Fraud and Abuse Act (CFAA) as he had permission to access the computer. Post-employment access was also addressed, with the court noting that if Brekka accessed information after leaving the company, it would be considered 'without authorization' under the CFAA, despite no technological barrier being present. 

In the subsequent en banc decision of United States v. Nosal, the Ninth Circuit clarified the scope of 'authorization' under the CFAA. Nosal, a former employee, was charged for soliciting current employees to steal confidential information for a competing business. The court held that 'exceeds authorized access' does not encompass violations of use restrictions, thus a person permitted to access certain information does not exceed authorization by misappropriating that information, as it would unfairly broaden liability for common electronic activities.

The Nosal court interpreted 'exceeds authorized access' narrowly, focusing on hacking—circumventing technological barriers—rather than misappropriation of trade secrets, which is governed by separate statutes. An example provided indicated that accessing data outside one’s permission qualifies as exceeding authorization. The court concluded that while Nosal's accomplices had permission to access the database, the CFAA primarily targets hacking, leaving open the possibility of liability in cases similar to Reynolds, where unauthorized access could still be actionable under the CFAA.

Subsequent interpretations of Brekka and Nosal establish that non-technological barriers can revoke authorization under the Computer Fraud and Abuse Act (CFAA). In Weingand v. Harland Financial Solutions, Inc., the court allowed a CFAA counterclaim against a former employee who accessed 2,700 files post-termination, despite his credentials still functioning. The court ruled that accessing information without permission, even with operational login credentials, constitutes a CFAA violation. It dismissed the employee's argument that only technical authorization matters, emphasizing that the distinction between access and use is crucial, not the type of authorization. This reasoning was also supported in Hat World, Inc. v. Kelly, where a former employee's continued access after resignation was deemed unauthorized under the CFAA. The case of Reynolds was noted, where the defense claimed lack of employment with NetApp and prior authorization to access its databases. However, the allegations that Reynolds lost authorization upon leaving TDC and was aware of the restricted access sufficed to maintain CFAA liability. Reynolds's cited cases were found to be distinguishable from Weingand.

An employee with access to an employer's computers can act without authorization under certain circumstances, as demonstrated in previous cases. Enki dismissed CFAA claims when unauthorized access occurred during employment, specifically when Freedman and Zuora accessed Nimsoft servers without authorization prior to termination. Other cases, such as Integral Development Corp. v. Tolat and Quad Knopf, also dismissed CFAA claims when employees were still employed at the time of alleged unauthorized actions. Furthermore, Reynolds' argument that Synopsys supports a requirement for breaching a technical barrier is unfounded, as that case emphasized the need for clear allegations of unauthorized access, not just improper use. Nimble argues that California Penal Code section 502 requires breaching a technological barrier, but this statute differs from the CFAA, and no authority suggests they should align in terms of unauthorized access. Lastly, NetApp's analogy to a property crime counters Reynolds' position, underscoring that current CFAA doctrine does not support the notion that an ex-employee can access employer property without authorization simply by retaining access credentials. Regarding the pleading standard for CFAA claims, Nimble and Reynolds contend that specificity is necessary akin to fraud claims, which NetApp allegedly failed to provide.

Defendants assert that heightened pleading requirements under Rule 9(b) should apply to CFAA allegations based on the case Oracle America, Inc. v. Service Key, LLC. However, the prevailing authority indicates that these requirements do not apply to NetApp’s CFAA claims. NetApp contends that Nimble fails to distinguish between CFAA provisions 1030(a)(4) and 1030(a)(2)(C) and (a)(5), noting that 1030(a)(4) specifically involves fraudulent intent, while the latter provisions do not. Consequently, violations of 1030(a)(2) and (a)(5) do not require particularity in pleading, as established in Prop. Rights Law Grp. P.C. v. Lynch.

Furthermore, precedent in this district shows that Rule 9(b) has not been uniformly applied to CFAA claims; for instance, in eBay Inc. v. Digital Point Solutions, Inc., the court ruled that allegations of unauthorized access sufficed without needing to meet fraud’s common law elements. The term "defraud" under the CFAA is interpreted to mean wrongdoing without necessitating proof of common law fraud.

Though Service Key involved allegations of fraudulent inducement requiring heightened pleading, NetApp's claims do not hinge on such a pattern of fraudulent conduct. Thus, Rule 9(b) does not apply to NetApp's allegations under 1030(a)(4) in this case, as they do not rely on a broader fraudulent course of conduct as seen in Service Key.

Nimble and Reynolds contend that NetApp has not adequately pleaded "damage" under the Computer Fraud and Abuse Act (CFAA), specifically regarding 18 U.S.C. § 1030(a)(5). This section mandates proof of damage to a plaintiff's computer systems, which is defined in § 1030(e)(8) as any impairment to the integrity or availability of data, programs, or systems. Defendants cite case law establishing that "damage" refers to harm inflicted on computers or networks, rather than economic losses tied to the data's commercial value. Courts have held that costs unrelated to actual computer impairment are not compensable under the CFAA, and NetApp's allegations focus on unauthorized access rather than actual damage to systems or data. Consequently, NetApp's claims under § 1030(a)(5) are dismissed, with an opportunity to amend.

Regarding Nimble, NetApp alleges two theories of liability: vicarious liability for Reynolds' actions and conspiracy with him. NetApp claims that Nimble is liable under § 1030(a)(2)(C) for Reynolds’ unauthorized access, arguing that Reynolds acted as Nimble's agent during his employment. Courts have recognized that an employer may be vicariously liable for an employee's CFAA violations if those actions occur within the scope of employment or are directed by the employer.

Nimble successfully contests NetApp's claims regarding vicarious liability and conspiracy related to Reynolds' alleged actions. The court agrees that NetApp has not adequately demonstrated that Nimble directly employed or controlled Reynolds. Although NetApp identifies Reynolds as a Systems Engineer at Nimble Storage Australia Pty Limited (Nimble AUS), it inconsistently argues that he was a Nimble employee. The court notes that there are no allegations suggesting that Nimble AUS is an alter ego of Nimble or that Nimble directed Reynolds’ unauthorized access. NetApp’s assertion that Reynolds utilized stolen information on behalf of Nimble does not satisfy the requirements for establishing a violation of the Computer Fraud and Abuse Act (CFAA) under vicarious liability principles.

Regarding the conspiracy claim, the court cites precedents requiring specific allegations of an agreement and shared activities, which NetApp fails to provide. NetApp's vague assertion that "Reynolds and Nimble conspired to commit acts" does not meet the necessary factual particularity, leading the court to dismiss these claims with permission for NetApp to amend its complaint to address identified deficiencies.

On supplemental jurisdiction, the court notes that NetApp's CFAA claim is the sole basis for federal jurisdiction, as there is no complete diversity between the parties. The remaining state law claims can only be heard if they are sufficiently related to the federal claim. The court may decline to exercise this jurisdiction if the state law claims substantially predominate, considering factors like economy, convenience, fairness, and comity.

NetApp has filed several claims against former employees Klute and Weber, including trade secret misappropriation, breach of contract, intentional interference with contract, and unfair competition. Out of eleven causes of action, seven are state law claims directed solely at the former employees. The employees argue that these claims lack a common factual nexus with the CFAA claims against Nimble and Reynolds and, alternatively, that the state law claims are more significant than the CFAA allegations. The Court agrees that supplemental jurisdiction is inappropriate. It finds no common nucleus of facts, as NetApp's claims against Reynolds involve unauthorized access by a contractor in Australia, who did not sign an employment contract, unlike the former employees who allegedly misappropriated information while employed in the U.S. The Court emphasizes that the interpretation of NetApp's employment contracts is irrelevant to Reynolds. Additionally, the lack of a collaborative relationship between Reynolds and the former employees weakens NetApp's argument for a "common scheme." The Court notes distinctions from other cases regarding supplemental jurisdiction, indicating that while some courts have allowed it when state law claims share common defendants, others have declined it when state law claims involve broader issues than CFAA claims.

Courts have maintained state law claims alongside CFAA claims when both claim types are directed at the same defendants, as seen in cases like NovelPoster v. Javitch Canfield Group and Absolute Energy Solutions, LLC v. Trosclair. However, in this instance, NetApp’s claims against its employees are solely based on state law and lack a factual connection to the CFAA allegations. Even if these claims were related enough to establish a common case or controversy under 28 U.S.C. § 1367(a), the court opts to decline supplemental jurisdiction under § 1367(c)(2), citing its discretionary nature and the need for judicial economy, convenience, fairness, and comity. The case remains at the pleading stage, with no discovery conducted, and the differing conduct and legal theories involved in the claims against Reynolds and the employees suggest they would require distinct proof sources. The court also emphasizes the importance of allowing California courts to handle the state law matters presented by NetApp.

Regarding the claims against Reynolds, NetApp's allegations of trespass to chattel, breach of contract, and unfair competition are based on the same conduct as the CFAA claims—specifically, Reynolds’s unauthorized access to NetApp’s systems. Thus, these claims share a common nucleus of operative facts with the CFAA allegations, allowing the court to retain supplemental jurisdiction over them. In contrast, the claims against Nimble—trespass to chattel, trade secret misappropriation, intentional interference with contracts, and unfair competition—are primarily based on actions that do not relate to Reynolds’s CFAA violations. Since these claims stem from Nimble’s acquisition of proprietary information and interference with employee contracts, the court declines to exercise jurisdiction over them.

NetApp's unfair competition claim against Nimble is grounded in alleged unlawful conduct related to the Computer Fraud and Abuse Act (CFAA) and unfair business practices concerning NetApp's former employees and confidential information. The Court dismisses this claim with leave to amend, as well as NetApp's trespass to chattel claim, which also relates to Nimble's conduct under the CFAA. The Court does not address additional dismissal arguments from Nimble under Rule 12(b)(6) or Rule 12(e).

In contrast, the Court declines to assert jurisdiction over NetApp's unfair competition claim against Nimble based on alleged unfair business practices, paralleling its decision to decline supplemental jurisdiction over NetApp's state law claims against its former employees. Regarding Reynolds, the Court denies his motion to dismiss NetApp's CFAA claim and exercises supplemental jurisdiction over related state law claims. However, the Court agrees with Reynolds that NetApp's trespass to chattel and unfair competition claims are preempted by California's Uniform Trade Secrets Act (CUTSA), which supersedes other civil remedies for trade secret misappropriation. The Court highlights that CUTSA's comprehensive nature indicates a legislative intent to occupy the field, thus preempting common law claims that arise from the same facts as trade secret misappropriation claims. NetApp's allegations related to trespass to chattel and unfair competition are deemed to fundamentally stem from trade secret misappropriation, leading to their dismissal on the basis of CUTSA preemption.

NetApp asserts that its claims against Reynolds for unfair competition and trespass to chattels are based solely on the alleged theft of secret information, which does not qualify as a trade secret under California's Uniform Trade Secrets Act (CUTSA). The court notes that these claims are factually the same as a potential CUTSA claim, leading to the conclusion that they are preempted by CUTSA. NetApp's argument against preemption—claiming it did not plead a CUTSA claim—is rejected, as no authority supports the notion that preemption only applies when a CUTSA claim is explicitly made. The court cites multiple precedents affirming that CUTSA provides the exclusive civil remedy for trade secret misappropriation. Consequently, NetApp's claims for trespass to chattels and unfair competition are dismissed with leave to amend, although the court expresses skepticism about NetApp’s ability to avoid preemption in any amendment.

Regarding the breach of contract claim, Reynolds' motion to dismiss is denied. NetApp has alleged that Reynolds violated contractual restrictions related to the use of NetApp’s Synergy software by unauthorized reproduction and use of confidential information. Specific allegations include six unauthorized accesses to Synergy in June 2013, causing competitive harm through the dissemination of confidential information. Thus, the court finds that NetApp has sufficiently alleged breach of contract against Reynolds.

In conclusion, the court grants in part and denies in part the motions to dismiss, specifically denying Reynolds' motion concerning personal jurisdiction, granting the CFAA claim dismissal with leave to amend, and denying the motion on the breach of contract claim.

Reynolds's motion to dismiss NetApp’s claims for trespass to chattel and unfair competition is granted with leave to amend, while his motion to dismiss the breach of contract claim is denied. Nimble’s motion to dismiss all pleaded CFAA claims is granted with leave to amend, and claims for trespass to chattel and unfair competition related to CFAA allegations are also dismissed with leave to amend. The Court declines supplemental jurisdiction over NetApp’s state law claims against Nimble, including trade secret misappropriation and intentional interference with contract. The employees' motion to dismiss all claims for lack of supplemental jurisdiction is granted. NetApp’s Request for Judicial Notice is granted, but its motion for jurisdictional discovery is denied as moot. Previous motions to dismiss and jurisdictional discovery requests are also denied as moot. NetApp must file an amended complaint within 21 days or face dismissal with prejudice; it cannot add new claims or parties without court approval. The Court exercises supplemental jurisdiction over state law claims against Reynolds due to their connection with the CFAA claim. The Court acknowledges NetApp's prior lawsuits against former employees and notes that arguments regarding circumvention of page limits are addressed for completeness. NetApp's reliance on external correspondence is disregarded, and its counsel admits a lack of knowledge regarding connections between certain defendants, indicating insufficient investigation into an overarching scheme. The Court finds no reason why NetApp could not pursue all claims in California state court and concludes that the UTSA preempts claims of misappropriation of confidential information, regardless of whether it qualifies as a trade secret. The Court does not address Reynolds's arguments regarding trespass to chattel or CUTSA preemption for other causes of action at this time.