Andrew P. Gold and Dee Dee Fischer, with Akerman.
Andrew P. Gold and Dee Dee Fischer, with Akerman. (J. Albert Diaz)

“Borrowing” someone else’s login credentials for a website might not seem like a big deal if you have the password holder’s permission.

But for a Boca Raton-based company that used a client’s login to access a valuable database of investment fund information, password-sharing led to a $3.73 million verdict in federal court this month.

A jury found Compass iTech LLC had misappropriated trade secrets, interfered with a contract and breached the terms of service for Atlanta-based eVestment Alliance LLC, which provides analytics for institutional investors.

Clients pay an annual fee to access eVestment’s database, which contains reams of information uploaded by investment managers, said eVestment attorney Andrew Gold of Akerman in Fort Lauderdale. The uploading process is so labor-intensive that managers sometimes need an outside company to do it, a service Compass provides.

Compass was assigned upload-only login credentials for each of its clients, which did not allow the company to view the analytics database, Gold said. But in 2014, an eVestment employee noticed a marketing email from Compass sent to an outdated address for a company eVestment had acquired — an email address that only existed in the database.

An investigation showed Compass had accessed the database through a client’s login for three years, Gold said, so eVestment sent a letter to mutual clients of the two companies letting them know their login credentials were terminated and that federal authorities had been contacted.

That letter became the basis for a defamation lawsuit filed by Compass against eVestment, which was dismissed in a summary judgment order in June 2016. Counterclaims against Compass went to trial before U.S. District Judge Kenneth Marra in West Palm Beach.

Gold and his colleague Dee Dee Fischer argued Compass was profiting from eVestment’s proprietary information. Of the 39 clients Compass had during the three-year period, the company accessed information for 37 of them in the analytics database before they began a relationship, Gold said. The database gave Compass contact information for those tasked with uploading information at various funds.

“When they were able to get a meeting, they were able to learn everything there is to know about these clients … so that they could be incredibly well-prepared,” Gold said. “Also, they could view information in the analytics database to figure out whether the company they were meeting with [was] doing a good job populating the database.”

Compass’ attorneys, Robert Pershes and L.A. Perkins of Perkins Pershes in Boca Raton, argued the company was not liable because it used the password with its client’s knowledge.

They also argued the information in the database was “publicly available” and not valuable. Also, because eVestment knew that Compass was uploading information for clients, the attorneys argued eVestment knew or should have known Compass was accessing the analytics database as far back as 2005. Pershes did not respond to requests for comment by deadline.

Gold and Fischer successfully argued that even if Compass’ client had shared its password, only eVestment could authorize Compass to access the database. Representatives from the capital management company whose login Compass used testified they thought the company needed the password for uploading, Gold said.

The Akerman attorneys also argued the database was far more than publicly available analytics: “It’s a compilation of incredibly detailed information, as indicated by the fact that the most sophisticated investors in the world pay eVestment $65 million a year to access this information,” Gold said.

The jury found Compass liable for $630,000 for violating the Computer Fraud and Abuse Act, $841,000 for misappropriating trade secrets, $530,000 for breaching eVestment’s terms of service and $530,000 for tortious interference with a contract. Jurors tacked on $1.2 million in punitive damages after finding Compass was guilty of intentional misconduct or gross negligence. Final judgment has not yet been entered.

Fischer said she knew jurors might not understand why using someone else’s login is a problem.

“We were cognizant of the fact that a lot of people share their passwords to their Netflix account, their Spotify,” Fischer said. “[But] it’s one thing to take somebody’s Netflix password and use it to watch a television show. It’s another thing to use somebody’s login credentials and use the information you gained for commercial purposes.”

“Borrowing” someone else’s login credentials for a website might not seem like a big deal if you have the password holder’s permission.

But for a Boca Raton-based company that used a client’s login to access a valuable database of investment fund information, password-sharing led to a $3.73 million verdict in federal court this month.

A jury found Compass iTech LLC had misappropriated trade secrets, interfered with a contract and breached the terms of service for Atlanta-based eVestment Alliance LLC, which provides analytics for institutional investors.

Clients pay an annual fee to access eVestment’s database, which contains reams of information uploaded by investment managers, said eVestment attorney Andrew Gold of Akerman in Fort Lauderdale. The uploading process is so labor-intensive that managers sometimes need an outside company to do it, a service Compass provides.

Compass was assigned upload-only login credentials for each of its clients, which did not allow the company to view the analytics database, Gold said. But in 2014, an eVestment employee noticed a marketing email from Compass sent to an outdated address for a company eVestment had acquired — an email address that only existed in the database.

An investigation showed Compass had accessed the database through a client’s login for three years, Gold said, so eVestment sent a letter to mutual clients of the two companies letting them know their login credentials were terminated and that federal authorities had been contacted.

That letter became the basis for a defamation lawsuit filed by Compass against eVestment, which was dismissed in a summary judgment order in June 2016. Counterclaims against Compass went to trial before U.S. District Judge Kenneth Marra in West Palm Beach.

Gold and his colleague Dee Dee Fischer argued Compass was profiting from eVestment’s proprietary information. Of the 39 clients Compass had during the three-year period, the company accessed information for 37 of them in the analytics database before they began a relationship, Gold said. The database gave Compass contact information for those tasked with uploading information at various funds.

“When they were able to get a meeting, they were able to learn everything there is to know about these clients … so that they could be incredibly well-prepared,” Gold said. “Also, they could view information in the analytics database to figure out whether the company they were meeting with [was] doing a good job populating the database.”

Compass’ attorneys, Robert Pershes and L.A. Perkins of Perkins Pershes in Boca Raton, argued the company was not liable because it used the password with its client’s knowledge.

They also argued the information in the database was “publicly available” and not valuable. Also, because eVestment knew that Compass was uploading information for clients, the attorneys argued eVestment knew or should have known Compass was accessing the analytics database as far back as 2005. Pershes did not respond to requests for comment by deadline.

Gold and Fischer successfully argued that even if Compass’ client had shared its password, only eVestment could authorize Compass to access the database. Representatives from the capital management company whose login Compass used testified they thought the company needed the password for uploading, Gold said.

The Akerman attorneys also argued the database was far more than publicly available analytics: “It’s a compilation of incredibly detailed information, as indicated by the fact that the most sophisticated investors in the world pay eVestment $65 million a year to access this information,” Gold said.

The jury found Compass liable for $630,000 for violating the Computer Fraud and Abuse Act, $841,000 for misappropriating trade secrets, $530,000 for breaching eVestment’s terms of service and $530,000 for tortious interference with a contract. Jurors tacked on $1.2 million in punitive damages after finding Compass was guilty of intentional misconduct or gross negligence. Final judgment has not yet been entered.

Fischer said she knew jurors might not understand why using someone else’s login is a problem.

“We were cognizant of the fact that a lot of people share their passwords to their Netflix account, their Spotify,” Fischer said. “[But] it’s one thing to take somebody’s Netflix password and use it to watch a television show. It’s another thing to use somebody’s login credentials and use the information you gained for commercial purposes.”