Media Entertainment NV v Sapar Karyagdyyev
| Jurisdiction | England & Wales |
| Judge | Master Dagnall |
| Judgment Date | 06 May 2020 |
| Neutral Citation | [2020] EWHC 1138 (QB) |
| Date | 06 May 2020 |
| Docket Number | Case No: QB-2019-001029 |
| Court | Queen's Bench Division |
[2020] EWHC 1138 (QB)
IN THE HIGH COURT OF JUSTICE
QUEEN'S BENCH DIVISION
Royal Courts of Justice
Strand, London, WC2A 2LL
Master Dagnall
Case No: QB-2019-001029
Paul Burton (instructed by Blake Morgan LLP) for the Claimant
Jonathan Cohen QC (instructed by Sherrards LLP) for the Defendants
Hearing dates: 16 April 2020
Introduction
This Judgement concerns parts of the Defendants' applications made by Application Notice date 2 March 2020, the relevant parts being to strike-out all or part of the Amended Particulars of Claim and/or for (reverse) summary judgment.
Essentially, the Defendants contend that the Claimant has failed to state (or, to use the old fashioned terminology and which I will use for convenience throughout, “plead”) sufficient facts to give rise to its asserted claim (being a claim for misuse of what was known to be the Claimant's confidential information) in law, although they have an alternative argument that the Claimant's necessary evidence is lacking.
The Defendants' primary submission, through their counsel Mr Jonathan Cohen QC, is that where a person in their position has been passed confidential information belonging to the Claimant by an employee of the Claimant, even though they know that the information is confidential in nature, they can only be liable for acts amounting to its “misuse”, in the sense of uses for which the employee has not permitted or had no authority from the Claimant to permit, if the Defendants had sufficient knowledge that those acts would be “misuse” (i.e. knowledge that the employee had not permitted or had no authority to permit those acts), and also that this knowledge (or facts said to justify it or its being inferred) must be pleaded, but here there is no pleading of any, let alone sufficient, knowledge.
The Claimant, by its counsel Mr Paul Burton, disputes this as a matter of law, but also asserts that there is sufficient pleading in any event both generally and so as to justify the grant of various particular heads of relief. There is also a further distinct pleading point regarding a statement of fact within Paragraph 41 of the Amended Particulars of Claim introduced by the words “so far as the Claimant is aware”.
Following circulation of my initial draft judgment, I received some further submissions from Mr Cohen (and to which Mr Burton objected). Although conscious that the court should be careful in permitting this (cf. Bonsor v Bio Collectors 2020 EWHC 918 at paragraphs 5 and 6), it seemed appropriate to me to raise some clarificatory questions (which were answered) of counsel, and have taken those submissions and answers into account in this final judgment.
The Amended Particulars of Claim (“the APC”)
The APC in its initial sections sets out a factual situation and a history which can be summarised for the purposes of this Judgment as follows.
The Claimant is and was a company incorporated under the laws of Curacao which conducts an online gambling business. Its sole registered shareholder (although the APC are silent as to whether it has directors and if so who they are) is and was Leonid Ponkratenko (“Mr Ponkratenko”) but who holds (or held) some of those shares on trust for Mr Sergei Samsonov (“Mr Samsonov”), Mr Egor Osipov, Mr Georgii Smoliar and Mr Sergei Kanaev (together “the Silent Investors”). The Claimant employed a Mr Dmitry Vereschaka (“Mr Vereschaka”) as a system administrator. Others involved with Mr Ponkratenko (and on his side) were a Mr Andrew Braitchouk (“Mr Braitchouk”) and a Mr Matt Jellicoe (“Mr Jellicoe”).
A Mr Rustam Gilfanov (“Mr Gilfanov”) was interested in acquiring some interest in or control over the Claimant.
The Defendants directly or indirectly had had some involvement with the Claimant until 2013 or 2015, and, at least in January 2019, a continuing and present involvement with Mr Gilfanov.
The Claimant's business, being conducted mainly or entirely online, had and has extensive computer systems and which, and the stored information and data, need to be kept secure. Those computer systems included email servers and accounts, and also an account (“the GitHub Account”) with a software development platform known as GitHub and upon which information and data was stored. Each of those system elements had their access protected and controlled by usernames and passwords (together “the Passwords”).
The Claimant had and has Confidential Information comprised, amongst other things, matters set out in the sub-paragraphs to paragraph 23 of the APC as follows:
“a. The usernames and/or passwords for the Email Accounts.
b. The identity of the sender, recipient and any other person copied to the emails sent and/or received by the Email Accounts.
c. The content of the emails sent and/or received by the Email Accounts.
d. Any attachments to the emails sent and/or received by the Email Accounts.
e. The Claimant's usernames and/or passwords for the GitHub Account.
f. All of the Claimant's information and data stored on the GitHub Account.
g. The way in which the Claimant deployed its information and data stored on the GitHub Account.
h. The passwords necessary for the Claimant to access services provided to it by third parties.”
I note that the Claimant asked the Defendants by a solicitors' letter of 4 November 2019 to confirm that all those items of information “were confidential to our client”; and, by response letter of 11 November 2019, the Defendants' solicitors confirmed that “there has never been any dispute that the information was and remains confidential to your client, and our clients… have admitted that”.
In paragraphs 24 to 27 of the APC it is stated that on 11 January 2019 Mr Braitchouk, Mr Jellicoe and Mr Ponkratenko, believing that Mr Gilfanov was wanting to discuss a purchase of shares in the Claimant, met with Mr Gilfanov in Latvia but that Mr Gilfanov had not revealed that he was seeking the support of the Silent Investors against Mr Ponkratenko.
In paragraphs 28 to 31 of the APC it is stated that:
i) Mr Gilfanov had persuaded Mr Samsonov to join him in instructing Mr Vereschaka to provide the Passwords to the First Defendant so that the Defendants could access the Claimant's computer systems
ii) The First Defendant then contacted Mr Vereschaka “for the purposes of obtaining his administrator's usernames and passwords
iii) By implication (although not expressly) that Mr Vereschaka's username and password enabled the Defendants to take complete control of the Claimant's computer systems.
Paragraph 32 of the APC states that “By their actions on 11 January 2019 the Defendants, and each of them, breached the Claimant's right to confidentiality in the Confidential Information.”
There then follows the words PARTICULARS OF BREACH. However, there does not then follow a set of sub-paragraphs but rather a set of full paragraphs albeit that Paragraph 33 states that these are the best particulars which can be given of breaches prior to disclosure.
Paragraphs 33 to 37, 34 and 35 of the APC provide that the Defendants took steps to remove all administrator privileges except for Mr Vereschaka, delete other administrator accounts, create two new email accounts (the “management account” and “the systemp account” and together “the New Accounts”), and to create aliases for certain e-mail accounts. Paragraphs 38 and 39 of the APC state that by this the Defendants took full control of the Claimant's infrastructure, prevented the legitimate users of various e-mail accounts accessing or learning about those e-mail accounts, and controlled passwords to or used by third parties providing services to the Claimant, and also ensured that incoming emails would be copied to the management account.
Paragraph 40 of the APC asserts that the Defendants executed a backup script in order to obtain copies of “an unknown quantity of emails” already in or that were subsequently sent to the email accounts, and Paragraph 41 of the APC states that by doing so “the First Defendant was able to and so far as the Claimant is aware did obtain a “backup copy of emails from one or more of the Claimant's email accounts…”. Paragraph 43 of the APC states that by so copying the Defendants obtained copies of emails amounting to 5,215,642 bytes of data; and which I note is slightly in excess of 5, but very much less than 6, megabytes of data.
Paragraph 44 of the APC states that the First Defendant opened 159 of the emails diverted to the management account; and the Second Defendant opened 51 of the emails diverted to the systemp account.
Paragraphs 45 to 47 of the APC state that the Second Defendant accessed and gained control of and then revoked various existing administrators' access to the GitHubs Account.
Paragraph 48 of the APC states that the Second Defendant then changed the Claimant's passwords so that it could not access various third party suppliers of services.
There is then a section of the APC headed Relief. Paragraph 49 of the APC states that “In the premises the Claimant is entitled to the following relief.”
Paragraph 50 of the APC claims “A declaration that the Confidential Information is confidential to the Claimant.” Paragraph 51 of the APC claims “A declaration that the Defendants, and each of them, were not entitled to use and/or access the Confidential Information in the way that they did and/or generally” I refer to these as “the Declarations”.
Paragraph 52 of the APC sets out a list of mandatory injunctions claimed. These mainly amount to injunctions to: disclose to what devices and to whom Passwords and emails were sent or copied and to deliver any such device for destruction; to disclose whether they made backups, or any copies (or notes of...
To continue reading
Request your trial