ORDER GRANTING IN PART AND DENYING IN PART DEFENDANT'S MOTION TO DISMISS [REDACTED]

LUCY H. KOH, District Judge.

In this consolidated multi-district litigation, Plaintiffs Keith Dunbar, Brad Scott, Todd Harrington, Matthew Knowles, A.K. (next of friend to Minor J.K.), Brent Matthew Scott, Kristen Brinkman, Robert Fread, and Rafael Carrillo, individually and on behalf of those similarly situated (collectively, "Plaintiffs"), allege that Defendant Google, Inc., has violated state and federal anti-wiretapping laws in its operation of Gmail, an email service. See ECF No. 38-2. Before the Court is Google's Motion to Dismiss Plaintiffs' Consolidated Complaint. See ECF No. 44. For the reasons stated below, the Court DENIES in part and GRANTS in part Google's Motion to Dismiss with leave to amend.

BACKGROUND

A. Factual Allegations

Plaintiffs challenge Googles operation of Gmail under state and federal anti-wiretapping laws. The Consolidated Complaint seeks damages on behalf of a number of classes of Gmail users and non-Gmail users for &ogles; interception of emails over a period of several years. All the class periods span from two years prior to the filing of the actions to the date of class certification, if any. Because the first of these consolidated actions was filed in 2010, the Consolidated Complaint taken as a whole challenges the operation of Gmail from 2008 to the present.

1. Google's Processing of Emails

Google's processing of emails to and from its users has evolved over the putative class periods. Plaintiffs allege, however, that in all iterations of Google's email routing processes since 2008, Google has intercepted, read, and acquired the content of mails that were sent or received by Gmail users while the entails were in transit. Plaintiffs allege that before [REDACTED] 20[REDACTED], a Gmail device intercepted, read, and acquired the content of each email for the purposes of sending an advertisement relevant to that email communication to the recipient, sender, or both. ECF No. 38-2 ¶¶ 26-27.33. According to the Consolidated Complaint, this interception and reading of the email was separate from Google's other processes, including spam and vines filtering. Id. ¶ 5.

After [REDACTED] 20[REDACTED], Plaintiffs allege that Google continued to intercept, read, and acquire content from emails that were in transit even as Google changed the way it transmits mails. Plaintiffs allege that after [REDACTED] 20[REDACTED], Google continued to intercept. read, and acquire content from mails to provide targeted advertising. Id. ¶¶ 62-63. Moreover, Plaintiffs allege that post-[REDACTED] 20[REDACTED]. targeted advertising was not the sole purpose of the interception. Rather, during this time period, Plaintiffs allege that a number of Google devices intercepted the emits, read and collected content as well as affiliated data, and [REDACTED] these cmails and data. Id. ¶¶ 47-56. Plaintiffs further allege that Google used these [REDACTED] data to create user profiles and models. Id.. ¶¶ 74-79. Google then allegedly used the emails, affiliated data, and user profiles to serve their profit interests that were unrelated to providing email services to particular users. Id. ¶¶ 97-98. Accordingly, Plaintiffs allege that Google has, since 20[REDACTED], intercepted emails for the dual purposes of providing advertisements and creating user profiles to advance Google's profit interests.

2. Types of Gmail Services

Gmail implicates several different, but related, systems of email delivery, three of which are at issue here. The first is a free service, which allows any user to register for an account with Google to use Gmail. Id. ¶ 99. This system is supported by advertisements, though users can opt-out of such advertising or access Gmail accounts in ways that do not generate advertising, such as accessing email on a smartphone. Id. ¶ 70.

The second is Google's operation of email on behalf of Internet Service Providers ("ISPs"). Id. ¶ 100. Google, through its Google Apps Partner program, enters into contracts with ISPs, such as Cable One, to provide an email service branded by the ISP. Id. The ISP's customers can register for email addresses from their ISP (such as "@mycableone.com"), but their email is nevertheless powered by Google through Gmail.

Third, Google operates Google Apps for Education, through which Google provides email on behalf of educational organizations for students, faculty, staff, and alumni. Id. ¶ 101. These users receive "@name.institution.edu" email addresses, but their accounts are also powered by Google using Gmail. Id. Universities that are part of Google Apps for Education require their students to use the Gmail-provided service. Id.

Google Apps users, whether through the educational program or the partner program, do not receive content-based ads but can opt in to receiving such advertising. Google processes emails sent and received from all Gmail users,^[1] including Google Apps users, in the same way except that emails of users who do not receive advertisements are not processed through Google's advertising infrastructure, which attaches targeted advertisements to emails. Id. ¶¶ 57, 72-73. This means that users who do not receive advertisements would not have been subject to the pre-[REDACTED] 20[REDACTED] interceptions, as during that period, interceptions were for the sole purpose of attaching targeted advertisements to emails. After [REDACTED] 20[REDACTED], Google separated its interception of emails for targeted advertising from its interception of emails for creating user profiles. Id. ¶ 72. As a result, after [REDACTED] 20[REDACTED], emails to and from users who did not receive advertisements are nevertheless intercepted to create user profiles. Id. ¶¶ 73, 85. Accordingly, these post-[REDACTED] 20[REDACTED] interceptions impacted all Gmail and Google Apps users, regardless of whether they received advertisements.

3. Google's Agreements with Users

The operation of the Gmail service implicates several legal agreements. Gmail users were required to agree to one of two sets of Terms of Service during the class periods. The first Terms of Service was in effect from April 16, 2007, to March 1, 2012, and the second has been in effect since March 1, 2012. Id. ¶ 102. The 2007 Terms of Service stated that:

Google reserves the right (but shall have no obligation) to pre-screen, review, flag, filter, modify, refuse or remove any or all Content from any Service. For some Services, Google may provide tools to filter out explicit sexual content. These tools include the SafeSearch preference settings. ... In addition, there are commercially available services and software to limit access to material that you may find objectionable.

Id. ¶ 104. A subsequent section of the 2007 Terms of Service provided that "[s]ome of the Services are supported by advertising revenue and may display advertisements and promotions" and that "[t]hese advertisements may be content-based to the content information stored on the Services, queries made through the Service or other information." Id. ¶¶ 107-08.

The 2012 Terms of Service deleted the above language and stated that users "give Google (and those [Google] work[s] with) a worldwide license to use ..., create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), ... and distribute such content." See ECF No. 46-6 at 3.

Both Terms of Service reference Google's Privacy Policies, which have been amended three times thus far during the putative class periods. See ECF Nos. 46-7, 46-8, 46-9, 46-10. These Policies, which were largely similar, stated that Google could collect information that users provided to Google, cookies, log information, user communications to Google, information that users provide to affiliated sites, and the links that a user follows. See ECF No. 46-7. The Policies listed Google's provision of "services to users, including the display of customized content and advertising" as one of the reasons for the collection of this information. Id.

Google also had in place Legal Notices, which stated that "Google does not claim any ownership in any of the content, including any text, data, information, images, photographs, music, sound, video, or other material, that [users] upload, transmit or store in [their] Gmail account." ECF No. 38-2 ¶ 118. The Notices further stated that Google "will not use any of [users'] content for any purpose except to provide [users] with the service." Id. ¶ 121.

In addition, Google entered into contractual agreements with ISPs and educational institutions as part of its Google Apps Partner and Google Apps for Education programs. These agreements require Google to "protect against unauthorized access to or use of Customer data." Id. ¶¶ 137, 161. In turn, "Customer data" is defined as "data, including email, provided, generated, transmitted, or displayed via the Services by Customers or End Users." Id. ¶¶ 138, 162. Further, the Terms of Service applicable to Google Apps Cable One users states that "Google may access, preserve, and disclose your account information and any Content associated with that account if required to do so by law or in a good faith belief that such access preservation or disclosure is reasonably necessary" to satisfy applicable law, enforce the Terms of Service, detect or prevent fraud, or protect against imminent harm to the rights of Google, its users, or the public. ECF No. 46-2 at 2-3.

Importantly, Plaintiffs who are not Gmail or Google Apps users are not subject to any of Google's express agreements. Because non-Gmail users exchange emails with Gmail users, however, their communications are nevertheless subject to the alleged interceptions at issue in this case.

4. Relief Sought and Class Allegations

Plaintiffs bring these cases alleging that Google, in the operation of its Gmail system, violated federal and state anti-wiretapping laws. ECF No. 38-2 ¶ 216 (federal law), ¶ 288 (California law), ¶ 328 (Maryland law), ¶ 349 (Florida law), ¶ 370 (Pennsylvania law). Plaintiffs seek the certification of several classes, preliminary and permanent injunctive relief, declaratory relief, statutory damages, punitive damages, and attorneys' fees. Plaintiffs seek relief on behalf of the following classes, all of which have a class period starting two years before the relevant complaint was filed and running through the date of class certification, if any:

(1) all Cable One users who sent a message to a Gmail user and received a reply or received an email;

(2) all Google Apps for Education users who have sent a message to a Gmail user and received a reply or received an email;

(3) all U.S. citizen non-Gmail users (except California residents) who have sent a message to a Gmail user and received a reply or received an email from a Gmail user;

(4) all U.S. citizen non-Gmail users who have sent a message to a Gmail user and received a reply or received an email from a Gmail user;

(5) all Pennsylvania non-Gmail users who have sent a message to a Gmail user and received a reply or received an email from a Gmail user;

(6) all Florida non-Gmail users who have sent a message to a Gmail user and received a reply or received an email from a Gmail user;

(7) all Maryland non-Gmail users who have sent a message to a Gmail user and received a reply or received an email from a Gmail user; and

(8) all Gmail users who were under the age of majority and who used Gmail to send an email to or received an email from a non-Gmail user or a Gmail user under the age of majority. Id. ¶¶ 388-92.

B. Procedural History

This case is a consolidated multi-district litigation involving seven individual and class action lawsuits. See ECF No. 38-2. The first of these consolidated actions was filed on November 17, 2010, and transferred from the Eastern District of Texas to the Northern District of California on June 27, 2012. See Dunbar v. Google, Inc., 12-CV-03305 (N.D. Cal.); ECF No. 179. Five other actions involving substantially similar allegations against Google followed in this District and throughout the country. See Scott, et al. v. Google, Inc., No. 12-CV-03413 (N.D. Cal.); Scott v. Google, Inc., No. 12-CV-00614 (N.D. Fla.); A.K. v. Google, Inc., No. 12-CV-01179 (S.D. Ill.); Knowles v. Google, Inc., 12-CV-02022 (D. Md.); Brinkman v. Google, Inc., 12-CV-06699 (E.D. Pa.). On April 1, 2013, the Judicial Panel on Multidistrict Litigation issued a Transfer Order, centralizing these six actions in the Northern District of California before the undersigned judge. See ECF No. 1. On May 6, 2013, this Court related a seventh action, Fread v. Google, Inc., 13-CV-01961 (N.D. Cal.), as part of this multi-district litigation. See ECF No. 29.

Plaintiffs filed an Administrative Motion to file their Consolidated Complaint under seal on May 16, 2013.^[2]See ECF No. 38. The Complaint contained five claims alleging violations of: (1) the Wiretap Act, as amended by the Electronic Communications Privacy Act ("ECPA"), 18 U.S.C. §§ 2510, et seq.; (2) the California Invasion of Privacy Act ("CIPA"), Cal. Penal Code §§ 630, et seq.; (3) the Maryland Courts and Judicial Proceedings Code Ann. §§ 10-402, et seq.; (4) Florida Statute §§ 934.03, et seq.; and (5) 18 Pa. Const. Stat. §§ 5701, et seq. See ECF No. 38-2.

Google filed a Motion to Dismiss the Consolidated Complaint on June 13, 2013. See ECF No. 44. On the same day, Google filed two declarations and a request for judicial notice in support of its Motion. See ECF Nos. 45-47. Plaintiffs filed an opposition to Google's request for judicial notice and separate objections to Google's declarations on July 11, 2013. See ECF Nos. 49-50. Google filed a reply in support of its request for judicial notice and Motion to Strike Plaintiffs' objections to Google's declarations on July 29, 2013. ECF No. 58.

Plaintiffs filed their opposition to Google's Motion to Dismiss on July 11, 2013. See ECF No. 53. That same day, Plaintiffs filed a request for judicial notice in support of their opposition. See ECF No. 51. Google filed a reply along with a declaration in support of the reply on July 29, 2013. See ECF No. 56-57. This Court held a hearing on the Motion to Dismiss on September 5, 2013. See ECF No. 64.

II. LEGAL STANDARDS

A. Motion to Dismiss

Pursuant to Federal Rule of Civil Procedure 12(b)(6), a defendant may move to dismiss an action for failure to allege "enough facts to state a claim to relief that is plausible on its face." Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007). "A claim has facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged. The plausibility standard is not akin to a `probability requirement,' but it asks for more than a sheer possibility that a defendant has acted unlawfully." Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (internal citations omitted). For purposes of ruling on a Rule 12(b)(6) motion, the Court "accept[s] factual allegations in the complaint as true and construe[s] the pleadings in the light most favorable to the non-moving party." Manzarek v. St. Paul Fire & Marine Ins. Co., 519 F.3d 1025, 1031 (9th Cir. 2008).

However, a court need not accept as true allegations contradicted by judicially noticeable facts, Shwarz v. United States, 234 F.3d 428, 435 (9th Cir. 2000), and a "court may look beyond the plaintiff's complaint to matters of public record" without converting the Rule 12(b)(6) motion into a motion for summary judgment, Shaw v. Hahn, 56 F.3d 1128, 1129 n.1 (9th Cir. 1995). A court is also not required to "`assume the truth of legal conclusions merely because they are cast in the form of factual allegations.'" Fayer v. Vaughn, 649 F.3d 1061, 1064 (9th Cir. 2011) (per curiam) (quoting W. Min. Council v. Watt, 643 F.2d 618, 624 (9th Cir. 1981)). Mere "conclusory allegations of law and unwarranted inferences are insufficient to defeat a motion to dismiss." Adams v. Johnson, 355 F.3d 1179, 1183 (9th Cir. 2004); accord Iqbal, 556 U.S. at 678. Furthermore, "a plaintiff may plead herself out of court" if she "plead[s] facts which establish that [s]he cannot prevail on h[er] ... claim." Weisbuch v. Cnty. of L.A., 119 F.3d 778, 783 n.1 (9th Cir. 1997) (internal quotation marks and citation omitted).

B. Request for Judicial Notice

The Court generally may not look beyond the four corners of a complaint in ruling on a Rule 12(b)(6) motion, with the exception of documents incorporated into the complaint by reference, and any relevant matters subject to judicial notice. See Swartz v. KPMG LLP, 476 F.3d 756, 763 (9th Cir. 2007); Lee v. City of Los Angeles, 250 F.3d 668, 688-89 (9th Cir. 2001). Under the doctrine of incorporation by reference, the Court may consider on a Rule 12(b)(6) motion not only documents attached to the complaint, but also documents whose contents are alleged in the complaint, provided the complaint "necessarily relies" on the documents or contents thereof, the document's authenticity is uncontested, and the document's relevance is uncontested. Coto Settlement v. Eisenberg, 593 F.3d 1031, 1038 (9th Cir. 2010); see Lee, 250 F.3d at 688-89. The purpose of this rule is to "prevent plaintiffs from surviving a Rule 12(b)(6) motion by deliberately omitting documents upon which their claims are based." Swartz, 476 F.3d at 763 (internal quotation marks omitted).

The Court also may take judicial notice of matters that are either (1) generally known within the trial court's territorial jurisdiction or (2) capable of accurate and ready determination by resort to sources whose accuracy cannot reasonably be questioned. Fed. R. Evid. 201(b). Proper subjects of judicial notice when ruling on a motion to dismiss include legislative history reports, see Anderson v. Holder, 673 F.3d 1089, 1094, n.1 (9th Cir. 2012); court documents already in the public record and documents filed in other courts, see Holder v. Holder, 305 F.3d 854, 866 (9th Cir. 2002); and publically accessible websites, see Caldwell v. Caldwell, 2006 WL 618511, at *4 (N.D. Cal. Mar. 13, 2006); Wible v. Aetna Life Ins. Co., 375 F. Supp. 2d 956, 965-66 (C.D. Cal. 2005).

C. Leave to Amend

If the Court determines that the complaint should be dismissed, it must then decide whether to grant leave to amend. Under Rule 15(a) of the Federal Rules of Civil Procedure, leave to amend "shall be freely given when justice so requires," bearing in mind "the underlying purpose of Rule 15 ... [is] to facilitate decision on the merits, rather than on the pleadings or technicalities." Lopez v. Smith, 203 F.3d 1122, 1127 (9th Cir. 2000) (en banc) (internal quotation marks and citation omitted). Nonetheless, a court "may exercise its discretion to deny leave to amend due to `undue delay, bad faith or dilatory motive on part of the movant, repeated failure to cure deficiencies by amendments previously allowed, undue prejudice to the opposing party ..., [and] futility of amendment.'" Carvalho v. Equifax Info. Servs., LLC, 629 F.3d 876, 892-93 (9th Cir. 2010) (quoting Foman v. Davis, 371 U.S. 178, 182 (1962)) (alterations in original).

III. REQUESTS FOR JUDICIAL NOTICE

In support of their opposition to Google's Motion to Dismiss, Plaintiffs request the Court take judicial notice of (A) a declaration and a motion filed in Sheppard v. Google, Inc., et al, 12-CV-4022 (W.D. Ark.); (B) an excerpt of a November 30, 1985 Senate Judiciary Committee hearing regarding the ECPA; (C) an April 29, 1968 Senate Report; and (D) an order on Google's motion to dismiss in Marquis v. Google, Inc., No. 11-2808, in the Superior Court of Suffolk County, Commonwealth of Massachusetts. See ECF No. 51. Plaintiffs' Exhibits B and C are legislative history reports, and Plaintiffs' Exhibits A and D are documents filed in other courts, already part of the public record. See Anderson, 673 F.3d at 1094, n.1; Holder, 305 F.3d at 866. Google does not oppose any of these requests. The Court takes judicial notice of all four.

Google requests that the Court take judicial notice of (A) a copy of Google's Terms of Service applicable to Google Apps services provided through Cable One, Inc.; (B) a copy of the Google Apps Education Edition Agreement between Google and the University of Hawaii; (C) a copy of the Google Apps Education Edition Agreement between Google and the University of the Pacific; (D) copies of Google's Terms of Service dated April 16, 2007 and March 1, 2012; (E) copies of Google's Privacy Policies dated August 7, 2008, March 11, 2009, October 3, 2010, and March 1, 2012; (F) a copy of the Yahoo! Mail Privacy Policy from June 2013; (G) an excerpt of an October 17, 1986 Senate Report regarding the ECPA; (H) a copy of a May 9, 1995 California Senate Judiciary Committee analysis; and (I) a copy of an April 13, 2010 California Senate Public Safety Committee analysis. See ECF No. 47. Plaintiffs oppose the request for judicial notice with respect to items F, G, H, and I. See ECF No. 49.

The Court takes judicial notice of items A, B, C, D, and E as requested by Google and to which Plaintiffs do not object because Plaintiffs rely upon and reference these documents in the Complaint. See ECF No. 38-2 ¶¶ 102, 144, 185-86, 189, 227-28, 237-38; Coto, 593 F.3d at 1038. The Court further takes judicial notice of items H and I because Plaintiffs "do[] not contest that these are readily available public documents or challenge their authenticity." Zephyr v. Saxon Mortg. Servs., Inc., 873 F. Supp. 2d 1223, 1226 (E.D. Cal. 2012). The Court takes judicial notice of item G because it is a legislative history report for the statute at the heart of Plaintiffs' principal claim. See id.; Anderson, 673 F.3d at 1094, n.1. Finally, the Court denies Google's request for judicial notice of item F, the Yahoo! Mail Privacy Policy. The Policy is not a document "on which the Complaint necessarily relies nor ... whose relevance and authenticity are uncontested" because Plaintiffs contend that the effective dates of the Yahoo! Privacy Policy are unknown. See ECF No. 49 at 2-3; Fraley v. Facebook, Inc., 830 F. Supp. 2d 785, 795 (N.D. Cal. 2011).

Plaintiffs further raise objections to various paragraphs in the declarations supporting Google's Motion to Dismiss and to the requests for judicial notice with respect to some of the exhibits attached to the declarations. See ECF No. 50. The Court strikes these objections pursuant to Civil Local Rule 7-3(a). The Rule requires that any evidentiary objections to a motion be contained within the opposition to the motion itself, but Plaintiffs filed their objections separately from their opposition. See Apple, Inc. v. Samsung Elecs. Co., Ltd., 2011 WL 7036077, at *3 (N.D. Cal. Dec. 2, 2011).

IV. MOTION TO DISMISS

A. The Wiretap Act

The Wiretap Act, as amended by the ECPA, generally prohibits the interception of "wire, oral, or electronic communications." 18 U.S.C. § 2511(1); see also Joffe v. Google, Inc., No. 11-17483, 2013 WL 4793247, at *3 (9th Cir. Sept. 10, 2013). More specifically, the Wiretap Act provides a private right of action against any person who "intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication." 18 U.S.C. § 2511(1)(a); see id. § 2520 (providing a private right of action for violations of § 2511). The Act further defines "intercept" as "the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device." Id. § 2510(4).

Plaintiffs contend that Google violated the Wiretap Act in its operation of the Gmail system by intentionally intercepting the content of emails that were in transit to create profiles of Gmail users and to provide targeted advertising. Google contends that Plaintiffs have not stated a claim with respect to the Wiretap Act for two reasons. First, Google contends that there was no interception because there was no "device." Specifically, Google argues that its reading of any emails would fall within the "ordinary course of business" exception to the definition of device. ECF No. 44 at 6-13. Under that exception, "any telephone or telegraph instrument, equipment or facility, or any component thereof ... being used by a provider of wire or electronic communication service in the ordinary course of its business" is not a "device," and the use of such an instrument accordingly falls outside of the definition of "intercept." 18 U.S.C. § 2510(5)(a)(ii). Second, Google contends that all Plaintiffs have consented to any interception. ECF No. 44 at 13-20. Under the statute, it is not unlawful "to intercept a wire, oral, or electronic communication ... where one of the parties to the communication has given prior consent to such interception." 18 U.S.C. § 2511(2)(d).

1. "Ordinary Course of Business" Exception

Google first contends that it did not engage in an interception because its reading of users' emails occurred in the ordinary course of its business. ECF No. 44 at 6-13. Conversely, Plaintiffs contend that the ordinary course of business exception is narrow and applies only when an electronic communication service provider's actions are "necessary for the routing, termination, or management of the message." See ECF No. 53 at 7. The Court finds that the ordinary course of business exception is narrow. The exception offers protection from liability only where an electronic communication service provider's interception facilitates the transmission of the communication at issue or is incidental to the transmission of such communication. Specifically, the exception would apply here only if the alleged interceptions were an instrumental part of the transmission of email. Plaintiffs have alleged, however, that Google's interception is not an instrumental component of Google's operation of a functioning email system. ECF No. 38-2 ¶ 97. In fact, Google's alleged interception of email content is primarily used to create user profiles and to provide targeted advertising — neither of which is related to the transmission of emails. See id. ¶¶ 26-27, 33, 57, 65, 84, 95. The Court further finds that Plaintiffs' allegations that Google violated Google's own agreements and internal policies with regard to privacy also preclude application of the ordinary course of business exception.

The plain language of the Wiretap Act, 18 U.S.C. § 2510(5)(a), exempts from the definition of "device":

any telephone or telegraph instrument, equipment or facility, or any component thereof,

(i) furnished to the subscriber or user by a provider of wire or electronic communication service in the ordinary course of its business and being used by the subscriber or user in the ordinary course of its business or furnished by such subscriber or user for connection to the facilities of such service and used in the ordinary course of its business; or

(ii) being used by a provider of wire or electronic communication service in the ordinary course of its business, or by an investigative or law enforcement officer in the ordinary course of his duties;

This section includes two "ordinary course of business" exceptions. The first, under subsection (a)(i), is for users or subscribers of electronic communication services, while the second, subsection (a)(ii), applies to the providers of electronic communication services themselves. This case implicates the latter, as Google provides the electronic communication service at issue here, Gmail.

The Sixth Circuit has found that the text of "[t]he two exceptions [is] not altogether clear." Adams v. City of Battle Creek, 250 F.3d 980, 982 (6th Cir. 2001). There is no dispute that Google's interception of Plaintiffs' emails and subsequent use of the information to create user profiles or to provide targeted advertising advanced Google's business interests. But this does not end the inquiry. The Court must give effect to the word "ordinary," which limits "course of business" under both exceptions. The presence of the modifier "ordinary" must mean that not everything Google does in the course of its business would fall within the exception. The task the Court faces at this stage is to determine whether Plaintiffs have adequately alleged that the purported interceptions were not an "ordinary" part of Google's business.

In the context of section 2510(5)(a)(i), courts have held, consistent with the textual limitation that "ordinary" imposes on "course of business," that not everything that a company may want to do falls within the "ordinary course of business" exception. See e.g., Watkins v. L.M. Berry & Co., 704 F.2d 577, 582 (11th Cir. 1983) ("The phrase `in the ordinary course of business' cannot be expanded to mean anything that interests a company."). Rather, the business reasons must be "legitimate." See Arias v. Mut. Cent. Alarm Serv., Inc., 202 F.3d 553, 559 (2d Cir. 2000); see also Berry v. Funk, 146 F.3d 1003, 1009 (D.C. Cir. 1998) (finding that actions are in the ordinary course of business if they are "justified by a valid business purpose" or "shown to be undertaken normally").

This limitation, applied to electronic communication service providers in the context of section 2510(5)(a)(ii), means that the electronic communication service provider engaged in the alleged interception must demonstrate the interception facilitated the communication service or was incidental to the functioning of the provided communication service. For example, in Kirch v. Embarq Management Co., 702 F.3d 1245 (10th Cir. 2012), which Google cites, ECF No. 44 at 9, the Tenth Circuit affirmed a grant of summary judgment in favor of Embarq, an ISP, where Embarq had intercepted only data incidental to its provision of the internet service. In that case, Embarq had granted a third party, NebuAd, permission to conduct a technology test by acquiring information about Embarq's users so that NebuAd could provide targeted advertising to those users. 702 F.3d at 1247. The Tenth Circuit held that Embarq had not violated the ECPA because the ISP could not be liable for NebuAd's interceptions. Id. at 1249. Further, Embarq itself did not review any of the raw data that NebuAd collected. Id. at 1250. Rather, Embarq had no more access than it otherwise would have had as an ISP. Id. Embarq's ordinary course of business as an ISP necessarily required that it would have access to data that was transmitted over its equipment. Id. at 1249. The relationship between Embarq and NebuAd's technology test did not expand the universe of data to which Embarq had access beyond the data Embarq could access in its provision of internet services. Id. at 1250. Accordingly, Embarq's actions fell within its ordinary course of business. Unlike this case, the only information to which Embarq had access was collected by Embarq's devices that provided internet services. Id. In contrast, here, Plaintiffs allege that there are separate devices — aside from the devices related to delivery of email — that intercept users' emails. ECF No. 38-2 ¶ 259(e). Considered practically, Google is more akin to NebuAd, which intercepted data for the purpose of providing targeted advertising — a purpose separate and apart from Embarq's provision of internet service. Cf. Kirch, 702 F.3d at 1248. However, because NebuAd settled with the Plaintiffs in Kirch, the Tenth Circuit's opinion does not deal with NebuAd's liability. Id. at 1248 n. 2, 1249 ("[W]e need not address whether NebuAd intercepted any of the Kirches' electronic communications."). The Court therefore finds that Kirch's discussion of Embarq's liability cuts in favor of a narrow reading of the section 2510(5)(a)(ii) exception and that Kirch stands only for the narrow proposition that interceptions incidental to the provision of the alleged interceptor's internet service fall within the "ordinary course of business" exception.

Hall v. Earthlink Network, Inc., 396 F.3d 500 (2d Cir. 2005), which also addresses the section 2510(5)(a)(ii) exception, further suggests that this Court should narrowly read the "ordinary course of business" exception. There, the Second Circuit affirmed a grant of summary judgment and concluded that Earthlink did not violate the ECPA when Earthlink continued to receive and store emails sent to an address that had been closed. The Second Circuit found that the plaintiff in that case did not present any evidence that Earthlink's continued receipt of emails was outside its ordinary course of business. Id. at 505. The Court noted that Earthlink presented testimony that Earthlink routinely continued to receive and store emails after an account was canceled and more critically that Earthlink "did not have the ability to bounce e-mail back to senders after the termination of an account." Id. Accordingly, in Hall, the email provider's alleged interceptions were a necessary part of its ability to provide email services. In the instant case, by contrast, Plaintiffs have alleged that Google could operate its Gmail system without reading the emails for the purposes of targeted advertising or the creation of user profiles. ECF No. 38-2 ¶ 97. Therefore, unlike Earthlink, the alleged interception in the instant case is not incidental to the operation of the service.^[3]

In addition to the text and the case law, the statutory scheme and legislative history also weigh in favor of a narrow reading of the section 2510(5)(a)(ii) exception. Specifically, a separate exception to the Wiretap Act related to electronic service providers states that:

It shall not be unlawful under this chapter for an operator of a switchboard, or an officer, employee, or agent of a provider of wire or electronic communication service, whose facilities are used in the transmission of a wire or electronic communication, to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service, except that a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks.

18 U.S.C. § 2511(2)(a)(i) (emphasis added). The statute explicitly limits the use of service observing or random monitoring by electronic communication service providers to mechanical and service quality control checks. Id. Accordingly, the statutory scheme suggests that Congress did not intend to allow electronic communication service providers unlimited leeway to engage in any interception that would benefit their business models, as Google contends. In fact, this statutory provision would be superfluous if the ordinary course of business exception were as broad as Google suggests. See Duncan v. Walker, 533 U.S. 167, 174 (2001) (stating that in statutory interpretation, courts should "give effect, if possible, to every clause and word of a statute").

The legislative history of section 2511(2)(a)(i), which Google cites, ECF No. 44 at 7, also supports reading the ordinary course of business exception to require that the interception be instrumental to the provision of the service. A U.S. Senate Report regarding the ECPA states that "[t]he provider of electronic communications services may have to monitor a stream of transmissions in order to properly route, terminate, and otherwise manage the individual messages they contain. These monitoring functions, which may be necessary to the provision of an electronic communication service, do not involve humans listening in on voice conversations. Accordingly, they are not prohibited." ECF No. 45-2 at 20. This suggests that Congress intended to protect electronic communication service providers from liability when the providers were monitoring communications for the purposes of ensuring that the providers could appropriately route, terminate, and manage messages. Accordingly, the Court concludes that the legislative history supports a narrow reading of the section 2510(5)(a)(ii) exception, under which an electronic communication service provider must show some link between the alleged interceptions at issue and its ability to operate the communication system. Google's broader reading of the exception would conflict with Congressional intent.

The case law applying the "ordinary course of business" exception in the 2510(5)(a)(i) context also suggests that courts have narrowly construed that phrase. For example, in Arias v. Mutual Central Alarm Service, Inc., the Second Circuit found that it was within an alarm company's ordinary course of business to record all incoming and outgoing calls because maintaining records of the calls was instrumental "to ensure that [the alarm company's] personnel are not divulging sensitive customer information, that events are reported quickly to emergency services, that customer claims regarding events are verifiable, and that the police and other authorities may rely on these records in conducting any investigations." 202 F.3d at 559 (internal quotation marks and alterations omitted). Similarly, the Tenth Circuit found that an employer's installation of a telephone monitoring device on the phone lines in departments where employees interacted with the public was within the employer's ordinary course of business because of "concern by management over abusive language used by irate customers when called upon to pay their bills, coupled with the possible need to give further training and supervision to employees dealing with the public." James v. Newspaper Agency Corp., 591 F.2d 579, 581 (10th Cir. 1979).

The narrow construction of "ordinary course of business" is most evident in section 2510(5)(a)(i) cases where an employer has listened in on employees' phone calls in the workplace. See United States v. Murdock, 63 F.3d 1391, 1396 (6th Cir. 1995) (noting that "[a] substantial body of law has developed on the subject of ordinary course of business in the employment field where employees have sued their employers" and that "[t]hese cases have narrowly construed the phrase `ordinary course of business'"); Watkins, 704 F.2d at 582. These cases suggest that an employer's eavesdropping on an employee's phone call is only permissible where the employer has given notice to the employee. See Adams, 250 F.3d at 984 (finding that the exception generally requires that the use be "(1) for a legitimate business purpose, (2) routine, and (3) with notice"). Further, these cases have suggested that an employer may only listen to an employee's phone call for the narrow purpose of determining whether a call is for personal or business purposes. In Watkins, for example, the court held that an employer "was obliged to cease listening as soon as she had determined that the call was personal, regardless of the contents of the legitimately heard conversation." 704 F.2d at 584. Watkins concerned a situation in which an employer listened in on an employee's personal phone call wherein the employee discussed a job interview. The Eleventh Circuit reversed a grant of summary judgment in favor of the employer notwithstanding the fact that the interception concerned a conversation that was "obviously of interest to the employer." Id. at 583-84.

These cases suggest a narrow reading of "ordinary course of business" under which there must be some nexus between the need to engage in the alleged interception and the subscriber's ultimate business, that is, the ability to provide the underlying service or good. In the instant matter, Plaintiffs explicitly allege that there is no comparable nexus between Google's interceptions and its ability to provide the electronic communication service at issue in this case, email. Specifically, in their Complaint, Plaintiffs state that Google's interceptions are "for [Google's] own benefit in other Google services unrelated to the service of email or the particular user." ECF No. 38-2 ¶ 97.

In light of the statutory text, case law, statutory scheme, and legislative history concerning the ordinary course of business exception, the Court finds that the section 2510(5)(a)(ii) exception is narrow and designed only to protect electronic communication service providers against a finding of liability under the Wiretap Act where the interception facilitated or was incidental to provision of the electronic communication service at issue.^[4] Plaintiffs have plausibly alleged that Google's reading of their emails was not within this narrow ordinary course of its business. Specifically, Plaintiffs allege that Google intercepts emails for the purposes of creating user profiles and delivering targeted advertising, which are not instrumental to Google's ability to transmit emails. The Consolidated Complaint alleges that "Google uses the content of the email messages [Google intercepts] and the derivative data it creates for its own benefit in other Google services unrelated to the service of email or the particular user." ECF No. 38-2 ¶¶ 97, 259(g). Plaintiffs support their assertion by suggesting that Google's interceptions of emails for targeting advertising and creating user profiles occurred independently from the rest of the email-delivery system. In fact, according to the Consolidated Complaint, the Gmail system has always had separate processes for spam filtering, antivirus protections, spell checking, language detection, and sorting than the devices that perform alleged interceptions that are challenged in this case. Id. ¶¶ 5, 200, 259(e). As such, the alleged interception of emails at issue here is both physically and purposively unrelated to Google's provision of email services. Id. ¶¶ 74, 259(g). Google's alleged interceptions are neither instrumental to the provision of email services, nor are they an incidental effect of providing these services. The Court therefore finds that Plaintiffs have plausibly alleged that the interceptions fall outside Google's ordinary course of business.

Furthermore, the D.C. Circuit has held in a section 2510(5)(a)(i) case that a defendant's actions may fall outside the "ordinary course of business" exception when the defendant violates its own internal policies. See Berry, 146 F.3d at 1010. In Berry, the court reversed a district court's grant of summary judgment in favor of the government on "ordinary course of business" grounds in part because the interception violated internal policies. That case concerned a Wiretap Act claim brought by a senior State Department officer against State Department Operations Center Watch Officers for monitoring the officer's phone call with another high-ranking officer. Id. at 1005. The D.C. Circuit noted that the "Operations Center Manual in effect at the time of these conversations cautioned that calls between Senior Department Officials ... `should not be monitored unless they so request.'" Id. at 1006. The court held that the "government's position [that this monitoring was within its ordinary course of business] is fatally undermined by the Operations Center guidelines which clearly indicate the norm of behavior the Watch Officers were to follow and which must be regarded as the ordinary course of business for the Center." Id. at 1009-10.

The Court finds that the reasoning of the D.C. Circuit applies equally in the section 2510(5)(a)(ii) context. Here, Plaintiffs allege that Google has violated its own policies and therefore is acting outside the ordinary course of business. Specifically, Plaintiffs allege that Google's Privacy Policies explicitly limit the information that Google may collect to an enumerated list of items, and that this list does not include content of emails. ECF No. 38-2 ¶¶ 187-91. Plaintiffs point to the language of the Privacy Policy that states that Google "may collect the following types of information" and then lists (1) information provided by the user (such as personal information submitted on the sign-up page), (2) information derived from cookies, (3) log information, (4) user communications to Google, (5) personal information provided by affiliated Google services and sites, (6) information from third party applications, (7) location data, and (8) unique application numbers from Google's toolbar. Id. ¶ 187; ECF No. 46-7. Plaintiffs further note that the updated Privacy Policy also stated that Google "collected information in two ways": "(1) information the user gives to Google—the user's personal information; and, (2) information Google obtains from the user's use of Google services, wherein Google lists: (a) the user's device information; (b) the user's log information; (c) the user's location information; (d) the user's unique application number; (e) information stored locally on the user's device; and, (e) [sic] information derived from cookies placed on a user's device." ECF No. 38-2 ¶ 189; ECF No. 46-10. Because content of emails between users or between users and non-users was not part of either list, Plaintiffs allege that Google "violates the express limitations of its Privacy Policies." Id. ¶¶ 191, 195. The Court need not determine at this stage whether Plaintiffs will ultimately be able to prove that the Privacy Policies were intended to comprehensively list the information Google may collect. Rather, Plaintiffs' plausible allegations that the Privacy Policies were exhaustive are sufficient. Because Plaintiffs have alleged that Google exceeded the scope of its own Privacy Policy, the section 2510(5)(a)(ii) exception cannot apply.

Accordingly, the Court DENIES Google's Motion to Dismiss based on the section 2510(5)(a)(ii) exception.^[5]

2. Consent

Google's second contention with respect to Plaintiffs' Wiretap Act claim is that all Plaintiffs consented to any interception of emails in question in the instant case. Specifically, Google contends that by agreeing to its Terms of Service and Privacy Policies, all Gmail users have consented to Google reading their emails. ECF No. 44 at 14-16. Google further suggests that even though non-Gmail users have not agreed to Google's Terms of Service or Privacy Policies, all non-Gmail users impliedly consent to Google's interception when non-Gmail users send an email to or receive an email from a Gmail user. Id. at 19-21.

If either party to a communication consents to its interception, then there is no violation of the Wiretap Act. 18 U.S.C. § 2511(2)(d).^[6] Consent to an interception can be explicit or implied, but any consent must be actual. See United States v. Van Poyck, 77 F.3d 285, 292 (9th Cir. 1996); U.S. v. Amen, 831 F.2d 373, 378 (2d Cir. 1987); U.S. v. Corona-Chavez. 328 F.3d 974, 978 (8th Cir. 2003). Courts have cautioned that implied consent applies only in a narrow set of cases. See Watkins, 704 F.2d at 581 (holding that consent should not be "cavalierly implied"); In re Pharmatak, 329 F.3d at 20. The critical question with respect to implied consent is whether the parties whose communications were intercepted had adequate notice of the interception. Berry, 146 F.3d at 1011. That the person communicating knows that the interceptor has the capacity to monitor the communication is insufficient to establish implied consent. Id. Moreover, consent is not an all-or-nothing proposition. Rather, "[a] party may consent to the interception of only part of a communication or to the interception of only a subset of its communications." In re Pharmatrack, Inc., 329 F.3d at 19.

In its Motion to Dismiss, Google marshals both explicit and implied theories of consent. Google contends that by agreeing to Google's Terms of Service and Privacy Policies, Plaintiffs who are Gmail users expressly consented to the interception of their emails. ECF No. 44 at 14-16. Google further contends that because of the way that email operates, even non-Gmail users knew that their emails would be intercepted, and accordingly that non-Gmail users impliedly consented to the interception. Id. at 19-20. Therefore, Google argues that in all communications, both parties — regardless of whether they are Gmail users — have consented to the reading of emails. Id. at 13-14. The Court rejects Google's contentions with respect to both explicit and implied consent. Rather, the Court finds that it cannot conclude that any party — Gmail users or non-Gmail users — has consented to Google's reading of email for the purposes of creating user profiles or providing targeted advertising.

Google points to its Terms of Service and Privacy Policies, to which all Gmail and Google Apps users agreed, to contend that these users explicitly consented to the interceptions at issue. The Court finds, however, that those policies did not explicitly notify Plaintiffs that Google would intercept users' emails for the purposes of creating user profiles or providing targeted advertising.

Section 8 of the Terms of Service that were in effect from April 16, 2007, to March 1, 2012, stated that "Google reserves the right (but shall have no obligation) to pre-screen, review, flag, filter, modify, refuse or remove any or all Content from any Service."^[7] ECF No. 46-5 at 4. This sentence was followed by a description of steps users could take to avoid sexual and objectionable material. Id. ("For some of the Services, Google may provide tools to filter out explicit sexual content."). Later, section 17 of the Terms of Service stated that "advertisements may be targeted to the content of information stored on the Services, queries made through the Services or other information." Id. at 8.

The Court finds that Gmail users' acceptance of these statements does not establish explicit consent. Section 8 of the Terms of Service suggests that content may be intercepted under a different set of circumstances for a different purpose — to exclude objectionable content, such as sexual material. This does not suggest to the user that Google would intercept emails for the purposes of creating user profiles or providing targeted advertising. Watkins, 704 F.2d at 582 ("[C]onsent within the meaning of section 2511(2)(d) is not necessarily an all or nothing proposition; it can be limited. It is the task of the trier of fact to determine the scope of the consent and to decide whether and to what extent the interception exceeded that consent."); In re Pharmatrack, Inc., 329 F.3d at 19 ("Thus, a reviewing court must inquire into the dimensions of the consent and then ascertain whether the interception exceeded those boundaries.") (internal quotation marks omitted). Therefore, to the extent that section 8 of the Terms of Service establishes consent, it does so only for the purpose of interceptions to eliminate objectionable content. The Consolidated Complaint suggests, however, that Gmail's interceptions for the purposes of targeted advertising and creation of user profiles was separate from screening for any objectionable content. See ECF No. 38-2 ¶¶ 5, 200. Because the two processes were allegedly separate, consent to one does not equate to consent to the other.

Section 17 of the Terms of Service — which states that Google's "advertisements may be targeted to the content of information stored on the Services, queries made through the Services or other information" — is defective in demonstrating consent for a different reason: it demonstrates only that Google has the capacity to intercept communications, not that it will. Berry, 146 F.3d at 1011 (holding that knowledge of defendant's capacity to monitor is insufficient to establish consent). Moreover, the language suggests only that Google's advertisements were based on information "stored on the Services" or "queries made through the Services" — not information in transit via email. Plaintiffs here allege that Google violates the Wiretap Act, which explicitly protects communications in transit, as distinguished from communications that are stored. Furthermore, providing targeted advertising is only one of the alleged reasons for the interceptions at issue in this case. Plaintiffs also allege that Google intercepted emails for the purposes of creating user profiles. See ECF No. 38-2 ¶ 95. Section 17, to the extent that it suggests interceptions, only does so for the purposes of providing advertising, not creating user profiles. Accordingly, the Court finds that neither section of the Terms of Service establishes consent.

The Privacy Policies in effect from August 8, 2008, to October 3, 2010, to which all Gmail users agreed and upon which Google now relies, do not clarify Google's role in intercepting communications between its users. The Policies stated that Google may collect "[i]nformation you provide, [c]ookies[,] [l]og information[,] [u]ser communications to Google[,] [a]ffiliated sites, [l]inks[,] [and] [o]ther sites." See ECF No. 46-7 at 2-3. Google described that it used such information for the purposes of "[p]roviding our services to users, including the display of customized content and advertising." Id. at 3. In 2010, Google later updated the Policy to state that the collected information would be used to "[p]rovide, maintain, protect, and improve our services (including advertising services) and develop new services." See ECF No. 46-9 at 3. Nothing in the Policies suggests that Google intercepts email communication in transit between users, and in fact, the policies obscure Google's intent to engage in such interceptions. The Privacy Policies explicitly state that Google collects "user communications ... to Google." See ECF No. 46-7 at 3 (emphasis added). This could mislead users into believing that user communications to each other or to nonusers were not intercepted and used to target advertising or create user profiles. As such, these Privacy Policies do not demonstrate explicit consent, and in fact suggest the opposite.

After March 1, 2012, Google modified its Terms of Service and Privacy Policy. The new policies are no clearer than their predecessors in establishing consent. The relevant part of the new Terms of Service state that when users upload content to Google, they "give Google (and those [Google] work[s] with) a worldwide license to use ..., create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), ... and distribute such content." See ECF No. 46-6 at 3. The Terms of Service cite the new Privacy Policy, in which Google states to users that Google "may collect information about the services that you use and how you use them, like when you visit a website that uses our advertising services or you view and interact with our ads and content. This information includes: [d]evice information[,] [l]og information[,] [l]ocation information[,] [u]nique application numbers[,] [l]ocal storage[,] [c]ookies[,] and anonymous identifiers." ECF No. 46-10 at 3. The Privacy Policy further states that Google "use[s] the information [it] collect[s] from all [its] services to provide, maintain, protect and improve them, to develop new ones, and to protect Google and [its] users. [Google] also use[s] this information to offer you tailored content — like giving you more relevant search results and ads." See ECF No. 46-10 at 3. These new policies do not specifically mention the content of users' emails to each other or to or from non-users; these new policies are not broad enough to encompass such interceptions. Furthermore, the policies do not put users on notice that their emails are intercepted to create user profiles. The Court therefore finds that a reasonable Gmail user who read the Privacy Policies would not have necessarily understood that her emails were being intercepted to create user profiles or to provide targeted advertisements. Accordingly, the Court finds that it cannot conclude at this phase that the new policies demonstrate that Gmail user Plaintiffs consented to the interceptions.

Finally, Google contends that non-Gmail users — email users who do not have a Gmail account and who did not accept Gmail's Terms of Service or Privacy Policies — nevertheless impliedly consented to Google's interception of their emails to and from Gmail users, and to Google's use of such emails to create user profiles and to provide targeted advertising. ECF No. 44 at 19-20. Google's theory is that all email users understand and accept the fact that email is automatically processed. Id. However, the cases Google cites for this far-reaching proposition hold only that the sender of an email consents to the intended recipients' recording of the email — not, as has been alleged here, interception by a third-party service provider. See State v. Townsend, 57 P.3d 255, 260 (Wash. 2002) (finding consent and therefore no violation of Washington's privacy act when email and instant message communications sent to an undercover police officer were used against criminal defendant); State v. Lott, 879 A.2d 1167, 1172 (N.H. 2005) (same under New Hampshire law); Commonwealth v. Proetto, 771 A.2d 823, 829 (Pa. Super. Ct. 2001) (holding that the Pennsylvania anti-wiretapping law was not violated when the recipient forwarded emails and chat messages to the police). Google has cited no case that stands for the proposition that users who send emails impliedly consent to interceptions and use of their communications by third parties other than the intended recipient of the email. Nor has Google cited anything that suggests that by doing nothing more than receiving emails from a Gmail user, non-Gmail users have consented to the interception of those communications. Accepting Google's theory of implied consent — that by merely sending emails to or receiving emails from a Gmail user, a non-Gmail user has consented to Google's interception of such emails for any purposes — would eviscerate the rule against interception. See Watkins, 704 F.2d at 581 ("It would thwart th[e] policy [of protecting privacy] if consent could routinely be implied from circumstances.").^[8] The Court does not find that non-Gmail users who are not subject to Google's Privacy Policies or Terms of Service have impliedly consented to Google's interception of their emails to Gmail users.

Because Plaintiffs have adequately alleged that they have not explicitly or implicitly consented to Google's interceptions, the Court DENIES Google's Motion to Dismiss on the basis of consent.^[9]

B. CIPA

CIPA, Cal. Penal Code § 630, et seq., California's anti-wiretapping and anti-eavesdropping statute, prohibits unauthorized interceptions of communications in order "to protect the right of privacy." Cal. Penal Code § 630. The California Legislature enacted CIPA in 1967 in response to "advances in science and technology [that] have led to the development of new devices and techniques for the purpose of eavesdropping upon private communications." Id.

Section 631 prohibits wiretapping or "any other unauthorized connection" with a "wire, line, cable, or instrument." See Cal. Penal Code § 631(a). The California Supreme Court has held that section 631 protects against three distinct types of harms: "intentional wiretapping, willfully attempting to learn the contents or meaning of a communication in transit over a wire, and attempting to use or communicate information obtained as a result of engaging in either of the previous two activities." Tavernetti v. Superior Court, 583 P.2d 737, 741 (Cal. 1978). Section 632 prohibits unauthorized electronic eavesdropping on confidential conversations. See Cal. Penal Code § 632(a). To state a claim under section 632, a plaintiff must allege an electronic recording of or eavesdropping on a confidential communication, and that not all parties consented to the eavesdropping. Flanagan v. Flanagan, 41 P.3d 575, 577 (Cal. 2002).

CIPA also contains a public utility exemption, which applies to claims under both sections 631 and 632. Cal. Penal Code §§ 631(b), 632(e). Neither section applies "to any public utility engaged in the business of providing communications services and facilities, or to the officers, employees, or agents thereof, where the acts otherwise prohibited by this section are for the purpose of construction, maintenance, conduct or operation of the services and facilities of the public utility." Cal. Penal Code §§ 631(b), 632(e).

Plaintiffs allege violations of both section 631 and section 632. See ECF No. 38-2 ¶ 321. Google moves to dismiss on five bases. See ECF No. 44 at 23-24, 27-28. Google contends that Plaintiffs lack standing to allege such violations and that the California law should not apply due to choice of law principles. See id. Google also moves to dismiss Plaintiffs' claims on substantive bases, contending that neither section 631 nor section 632 applies to email and that the public utility exemption applies. See ECF No. 44 at 21-23, ECF No. 56 at 14-15. Finally, Google moves to dismiss Plaintiffs' section 632 claim because the communications at issue in this case were not confidential as defined by that section and because that section is preempted by the ECPA. See ECF No. 44 at 25-27.

1. Standing

Google first contends that Plaintiffs lack standing under Article III to assert a CIPA claim. A federal court must ask whether a plaintiff has suffered sufficient injury to satisfy the "case or controversy" requirement of Article III of the U.S. Constitution. ECF No. 44 at 23-24. To satisfy Article III standing, a plaintiff must allege: (1) injury-in-fact that is concrete and particularized, as well as actual or imminent; (2) wherein injury is fairly traceable to the challenged action of the defendant; and (3) it is likely (not merely speculative) that injury will be redressed by a favorable decision. Friends of the Earth, Inc. v. Laidlaw Envtl. Servs. (TOC), Inc., 528 U.S. 167, 180-81 (2000); Lujan v. Defenders of Wildlife, 504 U.S. 555, 560-61 (1992). A suit brought by a plaintiff without Article III standing is not a "case or controversy," and an Article III federal court therefore lacks subject matter jurisdiction over the suit.

Google's contention is that Plaintiffs have not suffered the "injury" required by Article III to confer standing. ECF No. 44 at 24. Under Ninth Circuit precedent, the injury required by Article III may exist by virtue of "statutes creating legal rights, the invasion of which creates standing." See Edwards v. First Am. Fin. Corp., 610 F.3d 514, 517 (9th Cir. 2010) (quoting Warth v. Seldin, 422 U.S. 490, 500 (1975)). In such cases, the "standing question ... is whether the constitutional or statutory provision on which the claim rests properly can be understood as granting persons in the plaintiff's position a right to judicial relief." Id. (quoting Warth, 422 U.S. at 500). In Edwards, the Ninth Circuit has held that the Real Estate Settlement Procedures Act ("RESPA") conferred standing to a homeowner who sought to challenge the kickback relationship between the title insurer and title agency despite the fact that the homeowner suffered no independent injury, through, for example, overpayment. Id. The court there held that the structure of RESPA was such that independent injury was not needed; a plaintiff's showing that the defendant's conduct violated the statute was sufficient to confer standing. Id.^[10]

Applying the Ninth Circuit's decision in Edwards, courts in this district have found that allegations of a Wiretap Act violation are sufficient to establish standing. In In re Facebook Privacy Litigation, 791 F. Supp. 2d 705, 712 (N.D. Cal. 2011), for example, the court held that the "Wiretap Act provides that any person whose electronic communication is `intercepted, disclosed, or intentionally used' in violation of the Act may in a civil action recover from the entity which engaged in that violation." Accordingly, the court found that where the plaintiffs had alleged that their communications had been intercepted, they "alleged facts sufficient to establish that they have suffered the injury required for standing under Article III." Id. at 712; see also In re iPhone Application Litig., 844 F. Supp. 2d 1040, 1055 (N.D. Cal. 2012) ("[A] violation of the Wiretap Act... may serve as a concrete injury for the purposes of Article III injury analysis."); In re Google, Inc. Privacy Policy Litig., 2012 WL 6738343 (N.D. Cal. Dec. 28, 2012) ("[If viable], Plaintiffs' Wiretap Act claim might help [show standing], [because] a violation of the rights provided under the statute may be sufficient by itself to confer standing.")

The reasoning of these cases that find standing when there is an allegation of a Wiretap Act violation applies equally to CIPA. Like the Wiretap Act, CIPA creates a private right of action when a defendant engages in wiretapping or eavesdropping. Compare 18 U.S.C. § 2520(a) ("[A]ny person whose wire, oral, or electronic communication is intercepted, disclosed, or intentionally used in violation of this chapter may in a civil action recover from the person or entity, other than the United States, which engaged in that violation), with Cal. Penal Code § 637.2(a) ("Any person who has been injured by a violation of this chapter may bring an action against the person who committed the violation."). Further, like the Wiretap Act, CIPA authorizes an award of statutory damages any time a defendant violates the provisions of the statute without any need to show actual damages. Compare 18 U.S.C. § 2520(c) (authorizing statutory damages), with Cal. Penal Code § 637.2(a)(1) (same) and Cal. Penal Code § 637.2(c) ("It is not a necessary prerequisite to an action pursuant to this section that the plaintiff has suffered, or be threatened with, actual damages."). Therefore, the Court finds that the allegation of a violation of CIPA, like an allegation of the violation of the Wiretap Act, is sufficient to confer standing without any independent allegation of injury. Like both RESPA and the Wiretap Act, therefore, CIPA creates a statutory right the violation of which confers standing on a plaintiff.

Google relies exclusively on the differences in statutory text between CIPA and the Wiretap Act to contend that CIPA requires an independent allegation of injury even where the Wiretap Act does not. Specifically, Google notes that the provision of CIPA that creates a cause of action states that, "[a]ny person who has been injured by a violation of this chapter may bring an action against the person who committed the violation." Cal. Penal Code § 637.2(a) (emphasis added). Google's contention is that the word "injured" means that Plaintiffs must show some injury independent of the invasion of their statutory rights under CIPA. Google cites no authority for the proposition that section 637.2 requires independent injury or the proposition that the word "injured" triggers an obligation to demonstrate independent injury for the purposes of Article III standing. The California case law on CIPA cuts against Google's contention that "injured" requires independent injury. As the California Court of Appeals has stated, "Section 637.2 is fairly read as establishing that no violation of the Privacy Act [CIPA] is to go unpunished. Any invasion of privacy involves an affront to human dignity which the Legislature could conclude is worth at least $3,000. The right to recover this statutory minimum accrued at the moment the Privacy Act [CIPA] was violated." Friddle v. Epstein, 21 Cal. Rptr. 85, 92 (Cal Ct. App. 1993); see also id. ("Plaintiff invaded defendants' privacy and violated the Privacy Act [CIPA] at the moment he began making his secret recording. No subsequent action or inaction is of consequence to this conclusion."); accord Ribas v. Clark, 38 Cal. 3d 355, 365 (Cal. 1985) ("In view of the manifest legislative purpose to accord every citizen's privacy the utmost sanctity, section 637.2 was intended to provide those who suffer an infringement of this aspect of their personal liberty a means of vindicating their right.").

Accordingly, the Court finds that CIPA and the Wiretap Act are not distinguishable for the purposes of standing. Because courts have, under existing Ninth Circuit authority, consistently held that the invasion of rights under the Wiretap Act is sufficient for Article III standing, this Court concludes that the same is true of CIPA. All Plaintiffs need allege is an invasion of statutory CIPA rights to survive a motion to dismiss on standing grounds. There is no dispute that they have done so here. The Court therefore DENIES Google's Motion to Dismiss the CIPA claims on standing grounds.

2. Choice of Law

Google contends that under choice of law principles, California law should not apply and that the Court should accordingly dismiss Plaintiffs' California claims. ECF No. 44 at 27-30. Plaintiffs contend that the choice of law analysis should wait for later stages of the proceedings. ECF No. 53 at 28. As set forth below, the choice of law inquiry raises complicated, fact-intensive questions better answered at later stages of the litigation. Therefore, the Court DENIES the Motion to Dismiss on choice of law grounds.

To determine which state's law should apply, "[a] federal court ... must look to the forum state's choice of law rules to determine the controlling substantive law." Mazza v. American Honda Motor Co., Inc., 666 F.3d 581, 589 (9th Cir. 2012) (internal quotation marks omitted). Under California law, class action plaintiffs have the burden to "show that California has sufficient contact or sufficient aggregation of contacts to the claims of each class member." Id. at 589-90 (internal quotation marks omitted). If this showing is made, "the burden shifts to the other side to demonstrate that foreign law, rather than California law, should apply to class claims." Id. at 590.

"California courts apply the so-called governmental interest analysis" to determine whether California law should be applied on a class-wide basis." Kearney v. Salomon Smith Barney, Inc., 137 P.3d 914, 917 (Cal. 2006). Under this three-part test: "[1] the court determines whether the relevant law of each of the potentially affected jurisdictions with regard to the particular issue in question is the same or different ... [; 2] if there is a difference, the court examines each jurisdiction's interest in the application of its own law under the circumstances of the particular case to determine whether a true conflict exists ... [; and 3] if the court finds there is a true conflict, it carefully evaluates and compares the nature and strength of the interest of each jurisdiction in the application of its own law ... and then ultimately applies the law of the state whose interest would be more impaired if its law were not applied." Mazza, 666 F.3d at 590 (quoting McCann v. Foster Wheeler, LLC, 225 P.3d 517, 527 (Cal. 2010)).

The Court finds that Plaintiffs have established that their claims are sufficiently related to California to trigger application of the three-part test. The Ninth Circuit has held that sufficient aggregate contacts with California are established in a class action when a defendant's corporate headquarters is located in the state, advertising materials pertaining to representations the company made to class members are created in the state, and one fifth of the class is located in California. Mazza, 666 F.3d at 590. In this case, as Plaintiffs allege, Google is located in California, it developed and implemented the practices at issue in this action in California, and one or more of the physical interceptions at the heart of Plaintiffs' claims occurred in California. ECF No. 38-2 ¶ 290 ("Google's acts in violation of CIPA occurred in the State of California ... . Google's implementation of its business decisions, practices, and standard ongoing policies which violate CIPA took place in the State of California. Google profited in the State of California"); ECF No. 53 at 29. In short, California is the epicenter of the practices at issue in this case for all Plaintiffs. Therefore, the Court finds that Plaintiffs have shown that "California has a constitutionally sufficient aggregation of contacts to the claims of each putative class member." Mazza, 666 F.3d at 590.

Because the Court finds sufficient aggregate contacts, it turns to the first of the three-part inquiry to determine whether California law or the law of another state should apply to the class claims. The Court must determine whether there is a material conflict between the laws of California and those of the Plaintiffs' home states. Google contends that there is a conflict because Alabama and Maryland law are narrower with respect to scope of liability, enforcement mechanisms, and available remedies. ECF No. 44 at 28.

The Court cannot, at this stage, determine whether there are differences with respect to the scope of liability. Google correctly contends that under Alabama and Maryland's law, one party's consent is sufficient to negate an interception, while under California law, both parties must consent. Id. Yet, it is not clear whether this difference in the scope of liability is material, that is whether, it "make[s] a difference in this litigation." Mazza, 666 F.3d at 590. This is because Plaintiffs contend that neither party has consented, while Google contends that all parties have consented. ECF No. 38-2 ¶ 102-97, ECF No. 44 at 13-14. Accordingly, on either party's theory of liability, the difference in state law with respect to the consent standard would not be a material difference.

Therefore, the Court finds that it cannot conduct a meaningful choice of law analysis, such as that contemplated by Mazza, at this early stage of the litigation where the issues of contention are still in flux.^[11] As other courts have noted, the rigorous choice of law analysis required by Mazza cannot be conducted at the motion to dismiss stage. See Clancy v. The Bromley Tea Co., 2013 WL 4081632 (N.D. Cal. Aug. 9, 2013) ("Such a detailed choice-of-law analysis is not appropriate at [the motion for judgment on the pleadings] stage of the litigation. Rather, such a fact-heavy inquiry should occur during the class certification stage, after discovery."); In re Clorox Consumer Litig., 894 F. Supp. 2d 1224, 1237 (N.D. Cal. 2012) ("Significantly, Mazza was decided on a motion for class certification, not a motion to strike. At [the motion to dismiss] stage of the instant litigation, a detailed choice-of-law analysis would be inappropriate. Since the parties have yet to develop a factual record, it is unclear whether applying different state consumer protection statutes could have a material impact on the viability of Plaintiffs' claims.") (citation omitted); Donohue v. Apple, Inc., 871 F. Supp. 2d 913, 923 (N.D. Cal. 2012) ("Although Mazza may influence the decision whether to certify the proposed class and subclass, such a determination is premature. At [the motion to dismiss] stage in the litigation—before the parties have submitted briefing regarding either choice-of-law or class certification—plaintiff is permitted to assert claims under the laws of different states in the alternative."); In re Sony Grand Wega KDF-E A10/A20 Series Rear Projection HDTV Television Litig., 758 F. Supp. 2d 1077, 1096 (S.D. Cal. 2010) ("In a putative class action, the Court will not conduct a detailed choice-of-law analysis during the pleading stage.").

Accordingly, the Court defers resolution of the choice of law issues until the class certification phase and DENIES Google's Motion to Dismiss on the basis of choice of law without prejudice to Google raising this argument at a later stage.

3. Section 631

Google contends that even if Plaintiffs' section 631 challenge is not procedurally barred, it is substantively deficient because that section does not apply to emails. ECF No. 44 at 21-23. Further, in its reply brief, Google contends that the public utility exemption applies. ECF No. 56 at 14-15.

a. Application to Email

The Court finds that there is no binding authority with respect to whether section 631 applies to email.^[12] The only authority from the California courts is a Superior Court ruling. See Diamond v. Google, Inc., CIV-1202715 (Cal. Super. Ct., Marin Cnty. Aug. 14, 2013) (finding, without providing analysis, that allegations of interception of email communication are sufficient to state a claim under Cal. Penal Code § 631). While two federal courts have been confronted with the application of CIPA to Internet browsing history and emails, those matters were resolved on other grounds before reaching the question of CIPA's application to digital technologies generally or email specifically. Valentine v. NebuAd, Inc., 804 F. Supp. 2d 1022 (N.D. Cal. 2011); Bradley v. Google, 2006 WL 3798134, at *5-6 (N.D. Cal. Dec. 22, 2006).

In the absence of binding authority, this Court must predict what the California Supreme Court would do if confronted with this issue. See Valentine, 804 F. Supp. 2d at 1027. The Court begins by looking to the text. Section 631 establishes liability for:

[a]ny person who, by means of any machine, instrument, or contrivance, or in any other manner, intentionally taps, or makes any unauthorized connection, whether physically, electrically, acoustically, inductively, or otherwise, with any telegraphic or telephone wire, line cable, or instrument, including the wire, line, cable, or instrument of any internal telephonic communication system, or who willfully or without the consent of all parties to the communication, or in any unauthorized manner, reads or attempts to read, or to learn the contents or meaning of any message, report, or communication while the same is in transit or passing over any wire, line or cable, or is being sent from, or received at any place within this state.

Cal. Penal Code § 631. Google contends that the language "reads or attempts to read, or to learn the contents or meaning of any message, report, or communication while the same is in transit or passing over any wire, line or cable" applies only to interception of content on telephone and telegraphic wires, lines, or cables, as the first clause of the statute describes. ECF No. 44 at 21. As a result, Google contends that the second clause, upon which Plaintiffs rely, cannot apply to email since emails are not messages, reports or communications that pass over telephone or telegraphic wires. Id.

The Court rejects Google's reading of the statute. As a threshold matter, the second clause of the statute, which creates liability for individuals who "read[] or attempt[] to read, or to learn the contents or meaning of any message, report, or communication while the same is in transit or passing over any wire, line or cable, or is being sent from, or received at any place within this state[,]" is not limited to communications passing over "telegraphic or telephone" wires, lines, or cables. See Cal. Penal Code § 631 (emphasis added). Furthermore, the Court finds no reason to conclude that the limitation of "telegraphic or telephone" on "wire, line, cable, or instrument" in the first clause of the statute should be imported to the second clause of the statute. The second clause applies only to "wire[s], line[s], or cable[s]" — not "instrument[s,]" which are included in the first clause. The Court finds that this difference in coverage between the first and second clauses suggests that the Legislature intended the two clauses to apply to different types of communications. Accordingly, the Court rejects Google's contention that the limitations in the first clause must also apply to the second clause. The Court therefore finds that the plain language of the statute is broad enough to encompass email.

Further, the California Supreme Court's repeated finding that the California legislature intended for CIPA to establish broad privacy protections supports an expansive reading of the statute. See Flanagan, 41 P.3d at 581 ("In enacting [CIPA], the Legislature declared in broad terms its intent to protect the right of privacy of the people of this state from what it perceived as a serious threat to the free exercise of personal liberties. This philosophy appears to lie at the heart of virtually all the decisions construing [CIPA].") (internal quotation marks and citations omitted); Ribas v. Clark, 696 P.2d 637, 641 (Cal. 1985) (finding it is "probable" that the legislature designed Section 631 as a catch all to "proscrib[e] attempts to circumvent other aspects of the Privacy Act, e.g., by requesting a secretary to secretly transcribe a conversation over an extension, rather than tape recording it in violation of section 632"); Tavernetti v. Superior Court, 583 P.2d 737, 742 (Cal. 1978) ("Th[e] forceful expression of the constitutional stature of privacy rights [in California] reflects a concern previously evinced by the Legislature in enacting the invasion of privacy provisions of the Penal Code.").

Moreover, the California Supreme Court regularly reads statutes to apply to new technologies where such a reading would not conflict with the statutory scheme. For example, in a previous evolution in communications technology, the California Supreme Court interpreted "telegraph" functionally, based on the type of communication it enabled. In Davis v. Pacific Telephone & Telegraph, the Supreme Court held that "telegraph lines" in a criminal law proscribing the cutting of lines included telephone lines because "[t]he idea conveyed by each term is the sending of intelligence to a distance ... [thus] the term `telegraph' means any apparatus for transmitting messages by means of electric currents and signals." Davis v. Pacific Telephone & Telegraph Co., 59 P. 698, 699 (Cal. 1899); see also Apple v. Superior Court, 292 P.2d 883, 887 (Cal. 2013) ("Fidelity to legislative intent does not make it impossible to apply a legal text to technologies that did not exist when the text was created." (internal quotation marks omitted)).

In line with the plain language of the statute, the California Supreme Court's pronouncements regarding the broad legislative intent underlying CIPA to protect privacy, and the California courts' approach to updating obsolete statutes in light of emerging technologies, the Court finds that section 631 of CIPA applies to emails.

b. Public Utility Exemption

Google contends that even if CIPA applies to emails, it is a "public utility" that is exempt from the statute. ECF No. 56 at 14-15. The Court declines to reach this conclusion. California's Constitution defines "public utilities" as "[p]rivate corporations and persons that own, operate, control, or manage a line, plant, or system for ... the transmission of telephone and telegraph messages ... directly or indirectly to or for the public." Cal. Const., art. XII, § 3. The California Public Utility Code further defines this definition of "public utility" as "every common carrier..., telephone corporation [or] telegraph corporation ..., where the service is performed for, or the commodity is delivered to, the public or any portion thereof." Cal. Pub. Util. Code § 216(a). The Public Utility Code further specifies that a "telegraph corporation" is "every corporation or person owning, controlling, operating, or managing any telegraph line for compensation within this State." Id. § 236 (emphasis added). "Telegraph line" is defined as "all conduits, ducts, poles, wires, cables, instruments, and appliances, and all other real estate, fixtures, and personal property owned, controlled, operated, or managed in connection with or to facilitate communication by telegraph, whether such communication is had with or without the use of transmission wires." Id. § 235. The code uses analogous definitions for "telephone corporations" and "telephone lines." Id. §§ 233, 234.

In short, in California, a "public utility" is a precisely defined entity subject to an expansive and exacting regulatory regime. Under the plain language of the statutes, merely operating a service over a telephone or telegraph line does not render a company a public utility. Rather, the critical question is whether the company owns, controls, operates or manages a telephone or telegraph line. Cal. Pub. Util. Code § 236. Nothing in the record suggests that Google owns, controls, operates, or manages a telephone or telegraph lines in California. Accordingly, the Court finds that Google is not a "public utility" and thus does not qualify for the public utility exemption of Cal. Penal Code §§ 631(b). The Court therefore DENIES Google's Motion to Dismiss Plaintiffs' section 631 claims.

4. Section 632

To state a claim under California Penal Code § 632, a plaintiff must prove (1) an electronic recording of or eavesdropping on (2) a "confidential communication" (3) to which all parties did not consent. Flanagan, 41 P.3d at 577. As set forth below, Plaintiffs have not established that the communications at issue are confidential pursuant to section 632. Accordingly, the Court GRANTS without prejudice Google's Motion to Dismiss Plaintiffs' section 632 claim. Because this second element of a section 632 claim is not met, the Court need not address whether email constitutes an electronic recording under the statute nor need it address whether there was consent under California law.^[13]

A conversation is "confidential" under section 632 "if a party to that conversation has an objectively reasonable expectation that the conversation is not being overheard or recorded. ... The standard of confidentiality is an objective one defined in terms of reasonableness." Faulkner v. ADT Sec. Servs., Inc., 706 F.3d 1017, 1019 (9th Cir. 2013). "To prevail against a 12(b)(6) motion, then, [the plaintiff] would have to allege facts that would lead to the plausible inference that his was a confidential communication — that is, a communication that he had an objectively reasonable expectation was not being recorded." Id. at 1020.

There is no authority from the California courts addressing whether emails can be confidential communication. Some decisions from the California appellate courts, however, suggest that internet-based communication cannot be confidential. These courts rely on the theory that individuals cannot have a reasonable expectation that their online communications will not be recorded. In People v. Nakai, 107 Cal. Rptr. 3d 402 (Cal. Ct. App. 2010), for example, the California Court of Appeals found that section 632 did not protect instant message communications of a criminal defendant charged with attempting to send harmful matter to a minor with intent to arouse and seduce. There, the defendant, an adult man, had sent sexually explicit material via instant message to a 35-year-old decoy, who was posing as a 12-year-old girl. Id. at 405-07. The appellate court found that while the defendant intended that the communication be kept confidential between himself and the recipient, he could not reasonably expect that the communications would not be recorded. Id. at 418. Specifically, the court found that the fact that the intended recipient could easily forward the information to others militated against finding that there was a reasonable expectation that the instant message would be kept confidential. Id. As the court stated, "it was not reasonable for defendant to expect the communications to be confidential because the circumstances reflect that the communications could have easily been shared or viewed by ... any computer user with whom [the intended recipient] wanted to share the communication." Id.; see also People v. Cho, 2010 WL 4380113 (Cal. Ct. App. Nov. 5, 2010) (holding chat conversations are not confidential under section 632); People v. Griffitt, 2010 WL 5006815 (Cal. Ct. App. Dec. 9, 2010) ("Everyone who uses a computer knows that the recipient of e-mails and participants in chat rooms can print the e-mails and chat logs and share them with whoever they please, forward them or otherwise send them to others.").

The Court finds that Plaintiffs have not alleged facts that lead to the plausible inference that the communication was not being recorded because email by its very nature is more similar to internet chats. Unlike phone conversations, email services are by their very nature recorded on the computer of at least the recipient, who may then easily transmit the communication to anyone else who has access to the internet or print the communications. Thus, Plaintiffs have not plausibly alleged that they had an objectively reasonable expectation that their email communications were "confidential" under the terms of section 632.^[14]

Therefore, the Court GRANTS Google's Motion to Dismiss Plaintiffs' section 632 claims. In a case concerning whether a communication was confidential under section 632, the Ninth Circuit affirmed a district court's grant of a defendant's motion to dismiss, but "[i]n an abundance — perhaps an overabundance — of caution" remanded "to the district court for it to consider allowing the plaintiff to amend his complaint in a manner that would satisfy federal pleading standards." Faulkner, 706 F.3d at 1021. Here too this Court in "an abundance of caution" grants Plaintiffs' leave to amend their Consolidated Complaint. Id.; Fed. R. Civ. Proc. 15(a).

C. Other State Law Claims

Plaintiffs also allege that Google violated Pennsylvania, Maryland, and Florida law. With respect to Maryland and Florida law, Google's sole contention in its Motion to Dismiss is that these claims are derivative of Plaintiffs' federal causes of action. See ECF No. 44 at 5. Google expressly acknowledges that the Maryland and Florida anti-wiretapping statutes mirror the ECPA. See id. Therefore, Google's Motion to Dismiss these claims is based on its Motion to Dismiss Plaintiffs' federal claims. Because the Court denies Google's Motion to Dismiss Plaintiffs' federal causes of action, the Court also DENIES Google's Motion to Dismiss Plaintiffs' Maryland and Florida claims.

Google offers an independent basis for dismissing part of Plaintiff's Pennsylvania law cause of action. Specifically, Google contends that Pennsylvania law protects only the sender of communication from wiretapping, not the recipient of that communication. See ECF No. 44 at 13. As a result, Google moves to dismiss Plaintiffs' Pennsylvania law claim brought by those who received emails from Gmail addresses. Id.

Google relies on Klump v. Nazareth Area Sch. Dist., 425 F. Supp. 2d 622, 633 (E.D. Pa. 2006), where the court held that "[a] claimant must demonstrate `that he engaged in [a] communication'. The intended recipient of an intercepted communication, therefore, has no standing to raise claim [sic] under section 5725." See ECF No. 44 at 13. Plaintiffs do not contest that Klump limits the scope of their Pennsylvania cause of action to those who sent emails to Gmail recipients and eliminates their cause of action against those who received emails from Gmail senders. Rather, Plaintiffs contend only that this Court should not follow Klump because that case was wrongly decided. See ECF No. 53 at 11. However, Plaintiffs do not point to any authority from the state or federal courts in Pennsylvania that is contrary to the court's holding in Klump. In the absence of contrary authority, this Court will follow the decision in Klump. Accordingly, the Court GRANTS Google's Motion to Dismiss with respect to the claims under Pennsylvania law raised by Plaintiffs who received emails from Gmail users. In an abundance of caution, however, the Court grants Plaintiffs leave to amend the Consolidated Complaint.

V. CONCLUSION

For the foregoing reasons, the Court hereby GRANTS Google's Motion to Dismiss with leave to amend with respect to Plaintiffs' CIPA section 632 claims and Plaintiffs' Pennsylvania law claim as it relates those who received emails from Gmail users. The Court DENIES Google's Motion to Dismiss with respect to all other claims. Plaintiffs shall file any amended complaint within 21 days of this order. Plaintiffs may not add new causes of action or parties without a stipulation or order of the Court under Rule 15 of the Federal Rules of Civil Procedure. Failure to cure deficiencies will result in dismissal with prejudice.

IT IS SO ORDERED.

[1] In this Order, the Court uses "Gmail users" to refer to individuals who send or receive emails using the free Gmail service or Google apps. "Non-Gmail users" refers to email users who do not themselves use Gmail (through the free service or Google Apps). "Google Apps users" refers to the subset of Gmail users who access Gmail through either the Google Apps Partner Program or Google Apps for Education.

[2] The Court resolves this Administrative Motion through a separate order.

[3] The Court finds that In re Google, Inc. Privacy Policy Litigation, 2012 WL 6738343 (N.D. Cal. Dec. 28, 2012), does not suggest a broader reading of the exception. Google relies on that case for the proposition that as long as Google is using its own devices, Google cannot be intercepting users' information. ECF No. 44 at 9-10. Yet, the court in Privacy Policy explicitly noted that the use of the device must be in the ordinary course of business. See In re Google, Inc. Privacy Policy Litigation, 2012 WL 6738343 at *5-6. Further, unlike that case, the alleged interception in the instant case occurred while the email was in transit, rather than when the material was already in possession of the intended recipient. See id. at *6 (dismissing plaintiffs' cause of action on the basis that they "utterly fail ... to cite any authority that supports either the notion that a provider can intercept information already in its possession by violating limitations imposed by a privacy policy or the inescapably plain language of the Wiretap Act that excludes from the definition of a `device' a provider's own equipment used in the ordinary course of business."). The difference between communications stored in the recipient's possession and those in transit is significant for the purposes of the statutory scheme as discussed infra.

[4] The Court does not find persuasive Google's slippery slope contention that a narrow interpretation of the ordinary course of business exception will make it impossible for electronic communication service providers to provide basic features, such as email searches or spam control. ECF No. 44 at 12-13. Some of these may fall within a narrow definition of "ordinary course of business" because they are instrumental to the provision of email service. Further, a service provider can seek consent to provide features beyond those linked to the provision of the service.

[5] The Court notes that it is not the first court to reject Google's ordinary course of business exception theory on a motion to dismiss a challenge to the operation of Gmail. A federal district court in Texas ruled that it could not decide the question of ordinary course of business at the motion to dismiss phase. See Dunbar v. Google, Inc., No. 10-CV-00194-MHS, ECF No. 61 (E.D. Tex. May 23, 2011). A state court in Massachusetts also rejected a similar claim under state law. Marquis v. Google, Inc., No. 11-2808-BLSI (Mass Super. Ct. Jan. 17, 2012).

[6] However, to establish a consent defense under the state laws at issue in this case, both parties — the sender and the recipient of the communication — must consent to the alleged interception. See Fla. Stat. § 934.03(2)(d); Md. Code, Cts. & Jud. Proc. § 10-402(c)(3); 18 Pa. Cons. Stat. § 5704(4). Because the Court finds that no party has consented to any of the interceptions at issue in this case, the difference between the federal law's one-party consent regime and the state laws' two-party consent regimes is not relevant at this stage.

[7] It is undisputed that the term "Service" throughout Google's Terms of Service includes Gmail.

[8] In their briefs, the parties dispute whether members of the putative class of Gmail users who are minors consented to the interceptions. Google contends that minors are bound by the Terms of Service and Privacy Policies. ECF No. 44 at 16-17. Google argues that the Children's Online Privacy Protection Act, 15 U.S.C. §§ 6501-08, preempts any state law that would have rendered the minors' consent ineffective. The Court need not reach the issue of whether minors are bound by the Terms of Service or the Privacy Policies because the Court concludes that even if the minors are subject to these agreements, the agreements did not establish consent. Similarly, Google contends that Google Apps users are also bound by the Terms of Service and Privacy Policies even though they were required by their educational institutions or ISPs to use Gmail. ECF No. 44 at 17-18. Again, because the Court concludes that the agreements did not establish consent, the Court need not reach the issue of whether Google Apps users are bound by the agreements.

[9] Other courts have also rejected Google's consent defense against state and federal anti-wiretapping challenges to the operation of Gmail. See Dunbar v. Google, Inc., No. 10-cv-00194-MHS, ECF No. 61 (E.D. Tex. May 23, 2011); Marquis v. Google, Inc., No. 11-2808-BLSI (Mass Super. Ct. Jan. 17, 2012).

[10] The United States Supreme Court granted a petition for a writ of certiorari in Edwards on the question of whether statutory injury alone could confer standing under Article III even though the Courts of Appeal that had considered the question had unanimously concluded that allegations of RESPA violations alone sufficed for standing. See First Am. Fin. Corp. v. Edwards, 131 S. Ct. 3022 (2011). After oral argument, however, the Supreme Court dismissed the writ as improvidently granted. See First Am. Fin. Corp. v. Edwards, 132 S. Ct. 2536 (2012). This left in place the Ninth Circuit's decision in Edwards, which remains binding authority that this Court must apply, as it does here.

[11] The Court recognizes that additional conflicts may arise out of California's acknowledgement of a private right of action and/or the remedies California allows under CIPA. However, under California choice of law analysis, differences in remedies alone are not dispositive. The Court may resolve the conflict between California and foreign law by "apply[ing] California law in a restrained manner" with regard to monetary damages. Kearney, 39 Cal. 4th at 100-01. In any case, the Court will resolve all conflict of law questions at the class certification stage.

[12] California courts have, however, applied section 632 to internet communication technologies. See People v. Nakai, 183 Cal. App. 4th 499 (2010); People v. Cho, 2010 WL 4380113 (Cal. Ct. App. Nov. 5, 2010); People v. Griffitt, 2010 WL 5006815 (Cal. Ct. App. Dec. 9, 2010).

[13] The Court also need not address whether the ECPA preempts section 632 of CIPA, as Google contends. See ECF No. 44 at 26-27.

[14] The Court's holding that the emails are not "confidential" under section 632 is consistent with the conclusion that Plaintiffs have nevertheless not consented to Google's interceptions under the Wiretap Act and state analogues. See supra section III.A.2. Determining whether a communication is confidential under section 632 requires the Court to look to whether the intended recipient of the communication is likely to share the communication. In contrast, the question of consent turns on whether Plaintiffs have authorized the third-party interceptor's interference in the communication. In the instant matter, the Court concludes that emails are not likely to be kept confidential by the intended recipients under section 632. Nevertheless, individuals do not consent to third parties' interception of their emails.

[575] Laura L. Kulhanjian, Robert B. Chickering, Lisa Marie Schull, Flehr, Hohbach, Test, Albritton & Herbert, San Francisco, CA, for Columbia Insurance.

ORDER

JENSEN, District Judge.

On February 22, 1999, plaintiff Columbia Insurance Company filed an motion for a temporary restraining order and an order to show cause why a preliminary injunction should not issue. On March 4, 1999, plaintiff withdrew the motion with respect to defendants the Web Service Provider, Sidney Trayham, and Peter Jackson. The Court hereby denies the motion without prejudice to refiling and orders plaintiff to submit a brief with the Court within 14 days addressing the issue of whether the Court should authorize discovery to establish defendant's identity sufficiently such that he may be served in compliance with the Federal Rules of Civil Procedure.

I. BACKGROUND

A. Factual–Background and Procedural History

On February 22, 1999, plaintiff Columbia Insurance Company ("Columbia") filed this action seeking injunctive relief, damages, and an accounting of profits. Columbia is the assignee of various trademarks related to the operation of See's Candy Shops, Inc. ("See's"). See's is the predecessor in interest to the trademarks at issue in this case and holds a license from Columbia to use the marks.

The domain names "seescandy.com" and "seecandys.com" have been registered with Network Solutions, Inc. ("NSI") by someone other than plaintiff. On the Internet, computers find each other by reference to Internet Protocol (IP) addresses, which are a series of numbers that are used to specify the address of a particular machine connected to the Internet. Domain names are alphanumeric strings that are associated with particular IP addresses. Thus to find the computer at 129.99.135.66, a user might type in uscourts.gov, and would never need to know the actual IP address.

This two-tiered system for locating a particular place on the Internet exists for two reasons: first, alphanumeric strings, such uscourts.gov are easier to remember than, for example, 129.99.135.66; second, domain names can be reassigned to different machines simply. To change the machine with which a domain name is associated, the domain name owner need only change the records on file with the Domain Name System (DNS). The DNS is a database that links domain names to IP addresses. Thus when a user types in a domain name, a message is sent to a name server which accesses the DNS, looks up the domain name, associates it with an IP address, and takes the user to that IP address.

Domain names themselves have at least two parts, usually at least three. For example www.uscourts.gov would be typical. The last part consists of the top level domain. This is the equivalent of a neighborhood in which the domain name owner has chosen to reside. Some of the most common neighborhoods [576] are .gov, for the government, .edu, for educational institutions, .net and . com, both of which are used for commercial and personal domains, and .org, for organizations.

The next portion of the domain name, moving from right to left, is the second level domain name. This is the part of the domain name that is chosen by the domain name registrant when a domain is registered with NSI, which runs the DNS. The ownership information for any given domain name can be looked up in a public database using a "WHOIS" query. Thus in this case the offending act was the registration of seescandy and seescandys as domains within the .com top level domain space. The "WHOIS" records for these two domains reveal the following.

As of September 24, 1998, the seescandy domain name was registered to seescandy.com. The address was given only as "CA, 90706," which is for Bellflower, California. The administrative and billing contacts were listed as Salu Kalu, who could be contacted by e-mail at hostmaster@fluctuate.com. The telephone number given, 408–555–1212, is the local number for information in the San Jose area. The fluctuate.com domain, as of February 21, 1999 is registered to a Ravi Kumar of Artesia, California.

On December 22, 1998, the record was changed to show the owner as R, L of Artesia, California; however, the zip code given, 90706 is for Cerritos, California. The phone number was again given as the number for information, but the area code had been changed from 408 to 714. The contact e-mail address had been changed to RL@fluctuate.com. In addition, the domain was now shown as being hosted by websp.com.

On February 13, 1999, the record was modified again to list the address as P.O. Box 1300, Artesia, California, with the zip code changed from 90706 to 90702, which is an actual zip code for Artesia, California. The telephone number was also changed to (562) 807–0297.

As of January 22, 1999, the domain name seecandys.com was registered to Sees Candys and had the contact listed as Robby Kumar. The address was given as Tustin, California 92782; the e-mail address as dns@fluctuate.com; and the telephone number as (310) 860–0229.

On February 25, 1999, both the seescandy.com and seescandys.com domains were changed from the web host of websp.com to simplenet.net. Simplenet.net is a San Diego, California company.

Plaintiff has sued defendants for (1) infringement of federally registered service and trademarks, in particular "SEE'S," "SEE'S CANDIES," and "FAMOUS OLD TIME"; (2) federal unfair competition; (3) federal trademark dilution; (4) California State dilution under California Business and Professions Code § 14330; (5) unfair and deceptive trade practices under California Business and Professions Code § 17200; (6) California common law trade name, trademark, and service mark infringement and unfair competition; and (7) unjust enrichment.

Plaintiff seeks as relief a temporary, preliminary, and thereafter permanent injunction enjoining defendants from using any of See's marks, for goods or services or as metatags, directory names, other computer addresses, metatags, invisible data, or otherwise engaging in acts or conduct that would cause confusion to the source, sponsorship or affiliation of See's Candies with defendants.

Plaintiff also asks the Court to cancel defendant's registration of the two domains and require NSI to make those domains available for registration by plaintiff. Plaintiff also seeks delivery by defendants to plaintiff for destruction all materials bearing plaintiff's marks. Finally plaintiffs seek an accounting of profits, trebling of damages, punitive damages, costs, and attorney's fees.

B. Legal Standard

1. Temporary Restraining Order

Under Federal Rule of Civil Procedure 65(b)

A temporary restraining order may be granted without written or oral notice to the adverse party or to that party's attorney if (1) it clearly appears from specific facts shown by affidavit or by the verified complaint that immediate an irreparable [577] injury, loss, or damage will result to the applicant before the adverse party or that party's attorney can be heard in opposition, and (2) the applicant's attorney certifies to the court in writing the efforts, if any, which have been made to give the notice and the reasons supporting the claim that notice should not be required.

A party seeking injunctive relief must show either (1) a combination of probable success on the merits and the possibility of irreparable harm, or (2) that serious questions are raised and the balance of hardships tips sharply in the moving party's favor. See Miss World (UK) Ltd. v. Mrs. America Pageants, Inc., 856 F.2d 1445, 1448 (9th Cir.1988); Rodeo Collection, Ltd. v. West Seventh, 812 F.2d 1215, 1217 (9th Cir.1987). "These are not two distinct tests, but rather the opposite ends of a single 'continuum in which the required showing of harm varies inversely with the required showing of meritoriousness.' " Miss World, 856 F.2d at 1448 (quoting Rodeo Collection, 812 F.2d at 1217). However, in any situation, the Court must find that there is some threat of an immediate irreparable injury, even if that injury is not of great magnitude. See Big Country, 868 F.2d at 1088 (citing cases); Oakland Tribune, Inc. v. Chronicle Publishing Co., Inc., 762 F.2d 1374, 1376 (9th Cir.1985) (citing cases).

II. DISCUSSION

The Court will not grant a temporary restraining order against defendants at this time because such a ruling would be futile. Plaintiff has not been able to collect the information necessary to serve the complaint on defendants. As a result any temporary restraining order issued could only be in effect for a limited time and would be unlikely to have any effect on defendant whom plaintiff has not yet located. Once the order expired plaintiff would be unable to obtain a preliminary injunction because such relief cannot be imposed ex parte.

Service of process can pose a special dilemma for plaintiffs in cases like this in which the tortious activity occurred entirely on-line. The dilemma arises because the defendant may have used a fictitious name and address in the commission of the tortious acts. Traditionally, the default requirement in federal court is that the plaintiff must be able to identify the defendant sufficiently that a summons can be served on the defendant. See Fed.R.Civ.P. 4. This requires that the plaintiff be able to ascertain the defendant's name and address.

As a general rule, discovery proceedings take place only after the defendant has been served; however, in rare cases, courts have made exceptions, permitting limited discovery to ensue after filing of the complaint to permit the plaintiff to learn the identifying facts necessary to permit service on the defendant. See e.g., Gillespie v. Civiletti, 629 F.2d 637, 642 (9th Cir.1980) (finding the district court abused its discretion in dismissing the case with respect to the John Doe defendants without requiring the named defendants to answer interrogatories seeking the names and addresses of the supervisors in charge of the relevant facilities during the relevant time period); Estate of Rosenberg by Rosenberg v. Crandell, 56 F.3d 35, 37 (8th Cir.1995) (permitting a suit naming fictitious parties as defendants to go forward because the allegations in the complaint were "specific enough to permit the identity of the party to be ascertained after reasonable discovery"); Maclin v. Paulson, 627 F.2d 83, 87 (7th Cir.1980) (approving of fictitious name pleadings until such time as the identity of the plaintiffs "can be learned through discovery or through the aid of the trial court"). In the even rarer case, a district court has sua sponte issued an order directing revelation of facts necessary to determine the true name of a John Doe defendant. See Bivens v. Six Unknown Named Agents of Fed. Bureau of Narcotics, 403 U.S. 388, 390 n. 2, 91 S.Ct. 1999, 29 L.Ed.2d 619 (1971) (noting that the trial court had ordered the United States attorney to identify "those federal agents who it is indicated by the records of the United States Attorney participated in the ... arrest of the [petitioner]") (quoting the district court's order).

In the Ninth Circuit such exceptions to the general rule have been generally disfavored. See Gillespie, 629 F.2d at 642.[578] However, a district court does have jurisdiction to determine the facts relevant to whether or not it has in personam jurisdiction in a given case. See Wells Fargo & Co. v. Wells Fargo Express Co., 556 F.2d 406, 430 n. 24 (9th Cir.1977). A district court's decision to grant discovery to determine jurisdictional facts is a matter of discretion. See id.

With the rise of the Internet has come the ability to commit certain tortious acts, such as defamation, copyright infringement, and trademark infringement, entirely on-line. The tortfeasor can act pseudonymously or anonymously and may give fictitious or incomplete identifying information. Parties who have been injured by these acts are likely to find themselves chasing the tortfeasor from Internet Service Provider (ISP) to ISP,^[1] with little or no hope of actually discovering the identity of the tortfeasor.

In such cases the traditional reluctance for permitting filings against John Doe defendants or fictitious names and the traditional enforcement of strict compliance with service requirements should be tempered by the need to provide injured parties with an forum in which they may seek redress for grievances. However, this need must be balanced against the legitimate and valuable right to participate in online forums anonymously or pseudonymously. People are permitted to interact pseudonymously and anonymously with each other so long as those acts are not in violation of the law. This ability to speak one's mind without the burden of the other party knowing all the facts about one's identity can foster open communication and robust debate. Furthermore, it permits persons to obtain information relevant to a sensitive or intimate condition without fear of embarrassment. People who have committed no wrong should be able to participate online without fear that someone who wishes to harass or embarrass them can file a frivolous lawsuit and thereby gain the power of the court's order to discover their identity.

Thus some limiting principals should apply to the determination of whether discovery to uncover the identity of a defendant is warranted. The following safeguards will ensure that this unusual procedure will only be employed in cases where the plaintiff has in good faith exhausted traditional avenues for identifying a civil defendant pre-service, and will prevent use of this method to harass or intimidate.

First, the plaintiff should identify the missing party with sufficient specificity such that the Court can determine that defendant is a real person or entity who could be sued in federal court. See e.g., Wells Fargo, 556 F.2d at 430 n. 24 (stating that plaintiffs bear the burden of establishing jurisdictional facts). This requirement is necessary to ensure that federal requirements of jurisdiction and justiciability can be satisfied. See Plant v. Does, 19 F.Supp.2d 1316 (S.D.Fla.1998) (refusing to issue a temporary restraining order against unnamed and unserved bootleggers who had not yet committed an offense on the theory that plaintiffs have failed to establish that the Court had jurisdiction over defendants, to provide defendants with due process, and to demonstrate that an actual controversy existed).

[579] Plaintiff's papers establish that the listed defendants who remain in the case after March 4, 1999 appear to be aliases for a person known as Ravi or Robby Kumar of Artesia, California ("the Kumar defendants"). Most of the addresses listed by aliases associated with the Kumar defendants show a California domicile, which indicates that the Court likely has jurisdiction over defendants. Plaintiffs are suing the following aliases, all of which are alleged to be owners or operators of the domain names seescandy.com and seescandys.com: Seescandy.com, Sees Candys, hostmaster dns, fluctuate, foolio, x2, ticker talk, RL, and Salu Kalu. Salu Kalu was listed as the contact for seescandy.com in September of 1998. RL is a person who was listed as the contact person for seescandy.com as of January 16, 1999. Hostmaster DNS is the name of the contact person listed for seescandy.com as of February 8, 1999. It is important to note that Hostmaster DNS is a common generic term used to describe the system operator in charge of running a domain name server. It is thus highly problematic as an identifier of a defendant. However, Hostmaster's e-mail address is dns@foolio.com, which ties this alias to the Kumar defendants. Fluctuate is the second level domain of fluctuate.com, which is listed in the WHOIS as registered to tickertalk, for whom the contact is Robby Kumar. Fluctuate.com is the domain that provides all the mailboxes for the e-mail addresses listed as contacts for the seescandy.com and seescandys.com domains. X2 is the listed registrant of the domain name x2.org, for whom the contact is listed as Ticker Talk with the E-mail address of dns@foolio.com. Foolio is the listed registrant for foolio.com, for whom the contact is Salu Kalu, and which is the domain hosting the E-mail address of the contact, Ticker Talk, for the x2.org domain. Most convincing of all, See's has been in contact by e-mail with a person who goes by the name "Ravi." In his e-mail message, Ravi has indicated a desire to sell the subject domain names to See's and has provided See's with evidence that consumers have been actually confused by these web sites, for which Ravi claims to hold registration rights. The Court finds that there appears to be only one person behind all these registrations, a Ravi or Robby Kumar, who may also be known as Salu Kalu. The Court finds that plaintiff has made a satisfactory showing that there is an actual person behind these acts who would be amenable to suit in federal court.

Second, the party should identify all previous steps taken to locate the elusive defendant. This element is aimed at ensuring that plaintiffs make a good faith effort to comply with the requirements of service of process and specifically identifying defendants. See Plant, 19 F.Supp.2d at 1320 (noting that plaintiffs had failed to explain why they were unable to identify the defendants). Plaintiff's counsel has certified that the following efforts were made to contact defendants: (1) calls were made to the two non-directory information services telephone numbers. One was a non-working number and nobody answered the other one. Simultaneous with the filing of the motion for a temporary restraining order and preliminary injunction plaintiff served its complaint, brief, and all accompanying papers to the official addresses provided to NSI, only one of which was a complete mailing address. Plaintiff also served these documents, sans exhibits, by electronic mail to the e-mail addresses associated with the domains registered by Ravi Kumar, Robby Kumar, RL, Salu Kalu, and Hostmaster DNS. Although such service is not sufficient to comply with the Federal Rules of Civil Procedure, the Court finds that such acts do show that plaintiff has made a good faith effort to specifically identify defendant and to serve notice on defendant.

Third, plaintiff should establish to the Court's satisfaction that plaintiff's suit against defendant could withstand a motion to dismiss. See Gillespie, 629 F.2d at 642. A conclusory pleading will never be sufficient to satisfy this element. Pre-service discovery is akin to the process used during criminal investigations to obtain warrants. The requirement that the government show probable cause is, in part, a protection against the misuse of ex parte procedures to invade the privacy of one who has done no wrong. A similar requirement is necessary here to prevent abuse of this extraordinary application of the discovery process and to ensure that [580]plaintiff has standing to pursue an action against defendant. See e.g., Plant, 19 F.Supp.2d at 1321 n. 2 (commenting that standing was likely absent because defendants were alleging only future acts of infringement, not past acts or patterns of infringement). Thus, plaintiff must make some showing that an act giving rise to civil liability actually occurred and that the discovery is aimed at revealing specific identifying features of the person or entity who committed that act.

Plaintiff has demonstrated that their trademark infringement claim could survive a motion to dismiss and therefore have satisfied this element. The test for infringement of a federally registered trademark (Count I) and for false designation of origin (Count II) under the Lanham Act is whether the alleged infringing act creates a likelihood of confusion. In determining whether or not there is a likelihood of confusion, the Court should consider the following factors: (1) the strength of the mark, (2) proximity of the goods; (3) similarity of the marks; (4) evidence of actual confusion; (5) marketing channels used; (6) type of goods and the degree of care likely to be exercised by the purchaser; (7) defendant's intent in selecting the mark; and (8) likelihood of expansion of the product lines. See AMF, Inc. v. Sleekcraft Boats, 599 F.2d 341 (9th Cir.1979).

Defendants marks, See's Candy and See's Candies, are descriptive. However, it appears that these marks have developed substantial secondary meaning such that the mark has become a strong mark. Both defendants and plaintiff are using the same marketing channel, the World Wide Web, to offer the same apparent service, See's Candy's products. The marks employed by defendants on the web page itself are identical to plaintiff's, not only textually, but in complete figuration, copying the stylized text and pictorial representations of the registered See's marks.

Although plaintiff contends that candy is by definition the type of product on which customers spend little time and care, the Court finds that the premium candy product at issue here is of a type that would result in an enhanced level of care. Where a product is a premium product in its class, purchasers at the premium level are more likely to exercise additional care to ensure that they get the premium product they desire.

However, and most importantly, plaintiff can show actual confusion, courtesy of the 31 e-mails provided by defendant. "[E]vidence of actual confusion is strong proof of the fact of likelihood of confusion." 3 J. Thomas McCarthy, McCarthy on Trademarks and Unfair Competition, § 23:13 at 23–35. Defendant Ravi has informed plaintiff by e-mail that people have requested catalogs and have tried to order candy from the web sites located at seescandy.com and seescandys.com.

Defendants desire to sell the two domains back to See's Candy combined with the use of See's trademark logos, complete down to style and figuration, is a sign that defendants intended to trade on the goodwill associated with the See's marks. The Court also can infer intentional copying and bad faith simply from the similarity of the marks. See The Earth Technology Corp. v. Environmental Research & Tech., Inc., 222 U.S.P.Q. 585, 588–89, 1984 WL 877 (C.D.Cal.1983). Plaintiffs showing is sufficient to demonstrate that the Kumar defendants have committed an unlawful act for which a federal cause of action can subsist.

Lastly, the plaintiff should file a request for discovery with the Court, along with a statement of reasons justifying the specific discovery requested as well as identification of a limited number of persons or entities on whom discovery process might be served and for which there is a reasonable likelihood that the discovery process will lead to identifying information about defendant that would make service of process possible. See Gillespie, 629 F.2d at 642 (stating that discovery should not be permitted if it is not likely to uncover the identity of the defendant). As ordered below, plaintiff has 14 days to make a filing with the Court with respect to the process the Court should consider ordering.

II. CONCLUSION AND ORDER

Plaintiff shall have 14 days from the date of this order to submit a brief with the Court [581] setting forth specifically the forms of discovery process, the justification for such process, and the persons or entities on whom they are to be served that plaintiff expects will achieve the end of providing the missing identifying information necessary for service of process. If plaintiff does not yet have sufficient information to satisfy the Court that such process should be ordered, plaintiff may so indicate and later reapply for such discovery once the facts necessary to make the required showing have been uncovered.

IT IS SO ORDERED.

[1] ISPs provide two basic services to their clients: access and presence. Access services consist of an account through which the client can access the Internet and send e-mail. A presence account generally includes hard drive space that permits the client to have a web page or file transfer site. Persons who wish to run a site at their own domain, rather than at the domain of their service provider, can either make the significant investment in computer hardware, networking hardware, and high-speed access necessary to make their domains available on the Internet or can rent space and services from a service provider. This latter alternative, which is analogous to renting from a landlord who makes available offices in an office complex, is called domain hosting.

Suing the ISP in these case is most often not productive, either because the ISP lacks the knowledge requisite to be held liable for contributory infringement, or is immune pursuant to section 230(c) of the Communications Decency Act. See e.g., Zeran v. America Online, Inc., 129 F.3d 327 (1997) (finding that failure to remove defamatory statements was an act shielded from liability by section 230(c)); Lockheed Martin Corp. v. Network Solutions, Inc.,985 F.Supp. 949 (1997) (finding that the defendant did not have the knowledge necessary to be held liable for contributory trademark infringement); Religious Technology Center v. Netcom On–Line Communication, 907 F.Supp. 1361 (1995) (finding knowledge is required to hold an ISP liable for contributory infringement of a copyright).

542 F.Supp.2d 153

LONDON-SIRE RECORDS, INC., et al., Plaintiffs,
v.
DOE 1 et al., Defendants.

No. 04cv12434-NG.

United States District Court, D. Massachusetts.

March 31, 2008.

[156] John R. Bauer, Nancy M. Cremins, Robinson & Cole LLP, Boston, MA, Katheryn Jarvis, Moshe D. Rothman, Coggon Holme [157] Roberts & Owen LLP, Denver, CO, Emily A. Berger, San Francisco, CA, for Plaintiffs.

Raymond Sayeg, Jr. Law Office of Raymond Sayeg, Boston, MA, for Defendants.

ORDER ON MOTIONS TO QUASH

GERTNER, District Judge. 

This case consists of numerous actions consolidated under London-Sire Records, Inc. v. Does 1-4, Civil Action No. 04-cv-12434. The plaintiffs include several of the country's largest record companies. The defendants,^[1] the plaintiffs claim, are individual computer users — mainly college students — who use "peer-to-peer" filesharing software to download and disseminate music without paying for it, infringing the plaintiffs' copyrights.

In these cases, the plaintiffs have been able to infer some infringing file-sharing activity from their investigations, but have not been able to discover the file-sharer's identity. They have an Internet Protocol [158] number ("IP number" or "IP address") identifying the file-sharer's computer, but no more. Consequently, the plaintiffs — with the Court's permission — have served subpoenas on a number of internet service providers ("ISPs"), largely colleges and universities, seeking a name to go with the number. To preserve the rights of those whose identities are sought, the Court has required the ISPs to delay responding to the subpoena until the individual defendants have had an opportunity to move to quash it before their identities are disclosed.^[2] Several defendants have done so; those are the motions presently before the Court.

After briefing, argument, and amicus participation, the Court concludes that it has insufficient information to allow the plaintiffs to take expedited discovery under these circumstances. First, the movants are entitled to some First Amendment protection of their anonymity — albeit limited. Second, the defendants may have expectations of privacy with regard to their identity, but that depends on the terms of the internet service agreement they have with Boston University, which has not been provided to the Court. Third, the movants have raised an issue of fact with respect to the number of identities disclosed to the plaintiffs by the expedited discovery. As it currently exists, the plaintiffs' subpoena may invade the anonymity of many non-infringing internet users — anonymity that deserves protection by the Court. Under these circumstances, the best solution is in camera review of the terms of service agreement and the ISP's list of individuals who match the information supplied by the plaintiffs.

The Court will therefore GRANT two of the motions to quash (documents ##104 and 115), at least until the relevant information is obtained.^[3] The plaintiffs may renew their motion for expedited discovery, addressing the Court's concerns by modifying the subpoena they seek to serve on Boston University, as discussed below.

I. BACKGROUND

A. Facts

In each of these cases, the facts are substantially identical. Since the defendants' motions are effectively motions to dismiss — there is almost no evidence in the case, and the movants argue, among other things, that the plaintiffs have failed to state a claim upon which relief can be granted — the Court will apply that standard of review to the pleadings. The plaintiffs' pleadings are taken as true, and the Court will draw all reasonable inferences in their favor. See, e.g., Rivera v. Rhode Island, 402 F.3d 27, 33 (1st Cir. 2005) (stating standard for motion to dismiss). To survive a motion to dismiss, the plaintiffs' pleaded facts must "possess enough heft to sho[w] that [they are] entitled to relief." Clark v. Boscher, 514 F.3d 107, 112 (1st Cir.2008) (internal quotation marks omitted) (quoting Bell Atlantic Corp. v. Twombly, ___ U.S. ___, 127 S.Ct. 1955, 1959, 167 L.Ed.2d 929 (2007)) (first alteration in Twombly). 

[159] The plaintiffs allege that the defendants used peer-to-peer software to "download and/or distribute to the public certain of the [plaintiffs'] Copyrighted Recordings.... Through his or her continuous and ongoing acts of downloading and/or distributing to the public the Copyrighted Recordings, each Defendant has violated Plaintiffs' exclusive rights of reproduction and distribution." E.g., Compl. at 5 (docket no. 07-cv-10834, document #1). To clarify the issues on which this case turns, the Court will briefly explain the nature of peer-to-peer software and its use.

Peer-to-peer software primarily exists to create decentralized networks of individual computer users. The software allows the users to communicate directly with one another, rather than routing their transmissions through a central server — thus the term "peer-to-peer" architecture, as opposed to "client-server." See, e.g., Metro-Goldwyn-Mayer Studios, Inc. v. Grokster, Ltd., 545 U.S. 913, 919-920 & n. 1, 125 S.Ct. 2764, 162 L.Ed.2d 781 (2005). Each type of architecture has distinct advantages and disadvantages, most of which are not relevant to this case.

What is relevant is that users in a peerto-peer network can remain relatively anonymous or pseudonymous. Because communications between two computers on a peer-to-peer network can take place directly, without passing through a central network server,^[4] such transactions are not easily observable by a third party. By the nature of the network and software, then, peer-to-peer users can control what information they display to the world. See Linares Decl. at 4, Ex. A to PI. Mot. Leave to Take Immediate Discovery (docket no. 07-cv-10834, document #5). Moreover, generally speaking, anyone who has the requisite software and internet connection can participate in open peer-to-peer networks, such as the ones the defendants are alleged to have used in this case.

Peer-to-peer users can also transfer files over the network. Many such files are entirely legitimate. See Grokster, 545 U.S. at 920, 125 S.Ct. 2764. However, other files transferred are electronic versions of copyrighted music or video files. Notably, because the files on each user's computer are digital, another computer can make a precise copy of them with no attendant loss in quality. See Linares Decl. at 3-4, Ex. A to PI. Mot. Leave to Take Immediate Discovery (docket no. 07-cv-10834, document #5).

In this case, the plaintiffs allege that each of the defendants has taken part in just such a file transfer. To discover potentially infringing transfers, the plaintiffs (acting through their trade association, the Recording Industry Association of America, or "RIAA") have retained a third-party investigator, MediaSentry, Inc. [160] ("MediaSentry"). Id. at 4-5. MediaSentry essentially functions as an undercover user of the peer-to-peer networks. It connects to the network and searches for the plaintiff record companies' copyrighted files. Upon finding the files, it downloads them. See id. at 5-6. MediaSentry gathers what information it can about the computer from which the files were downloaded (the "sending computer.") Most crucially, that information includes the date and time at which the files were downloaded and the IP number of the sending computer. It can also include the user's name, but if given, the names are usually pseudonymous. See id. After the files are downloaded, the RIAA verifies that they can form the basis for a suit. It reviews a listing of the music files that the user has offered for download in order to determine whether they appear to be copyrighted sound recordings. The RIAA also listens to the downloaded music files from these users in order to confirm that they are, indeed, illegal copies of sound recordings whose copyrights are owned by RIAA members. Id. at 6.^[5]

At this point, assuming the plaintiffs wish to sue, they cannot do so; they have only the IP number of the sending computer. An IP number is sometimes called an IP address because it is just that: an address. It serves as a locator declaring the place of a particular piece of electronic equipment so that electronic data may be sent to it, and is usually represented as a series of four numbers between 0 and 255. See, e.g., America Online v. Huang, 106 F.Supp.2d 848, 851 (E.D.Va.2000). (For example, 168.122.128.38 is one of the IP addresses allegedly used by a defendant in this case. See Doe List, Ex. A to Compl. (docket no. 07-cv-10834, document #1).)

But relatively few personal computer users have a specific, set IP address, called a "static" address. Instead, many use their computers to connect to a network provided by their ISP, which uses a certain range of IP addresses — say, all of the numbers between 168.122.1.x to 168.122.100.x. The ISP assigns an address within its range to the user's computer for the user's session, allocating the numbers within its range on an as-needed basis. This process is known as "dynamic" addressing. See, e.g., H. Brian Holland, Tempest in a Teapot or Tidal Wave? Cybersquatting Rights & Remedies Run Amok, 10 J. Tech. L. & Pol'y 301, 305 & nn. 13-18 (2005). This makes the plaintiffs' task of discovering the identity of a particular infringer more difficult. The IP address that they have noted as belonging to a particular user's computer may be assigned to a different user's computer in short order. See id.

However, the plaintiffs are not without leads. The range in which the IP address is assigned may reveal the user's ISP. See Linares Decl. at 7, Ex. A to PI. Mot. Leave to Take Immediate Discovery (docket no. 07-cv-10834, document #5); see also, e.g., Network-Tools.com, http://network-tools. com/default.asp (last visited Mar. 31, 2008) (providing such a service). And ISPs generally keep logs of which IP address is assigned to which user — although it may purge those logs after a certain period of time, which was one of the key facts relied [161] upon by the Court in granting expedited discovery. See Linares Decl. at 9, Ex. A to PI. Mot. Leave to Take Immediate Discovery (docket no. 07-cv-10834, document #5). Thus, the plaintiffs seek, though their subpoena, the opportunity to place their list of IP addresses side-by-side with the ISP's user logs to determine who was using the IP address at the moment of the alleged infringement. The ISPs, particularly colleges and universities, appropriately decline to reveal the identities of their users without a court order. Therefore, the plaintiffs bring "John Doe" lawsuits and seek discovery in order to determine the real identities of the defendants.

B. Procedural History

The plaintiff record companies have brought approximately forty "John Doe" cases in this Court, many-perhaps mostdesignating more than one defendant, grouped by ISP.^[6] In each case, the Court has granted expedited discovery and leave to subpoena the ISP, recognizing that the plaintiffs' rights may be irreparably and unfairly prejudiced unless they are allowed to seek the defendants' identities. See, e.g., Order re: Expedited Discovery (Dec. 9, 2004) (document #7). Simultaneously, however, the Court has recognized that the defendants should have the opportunity to combat the subpoena if they desire to do so. Therefore, the Court has ordered that the ISP provide the individual users with notice of the lawsuit and a short statement of some of their rights before revealing their identities to the plaintiffs. Furthermore, the ISP may not respond to the subpoena for 14 days after each defendant has received notice. See id.; see also Appendix A (Court-Directed Notice).

Simultaneous with the grant of expedited discovery, the Court has consolidated each "John Doe" case with the first, London-Sire, No. 04-cv-12434. The cases involve similar, even virtually identical, issues of law and fact: the alleged use of peer-to-peer software to share copyrighted sound recordings and the discovery of defendants' identities through the use of a Rule 45 subpoena to their internet service provider. Consolidating the cases ensures administrative efficiency for the Court, the plaintiffs, and the ISP, and allows the defendants to see the defenses, if any, that other John Does have raised.^[7]

In view of the $750 statutory minimum damages per song, 17 U.S.C. § 504(c)(2), most defendants choose to settle. The approximate settlement range appears to be $3,000 to $6,000 per defendant, a considerable amount of money, particularly to the college students who have been caught in the plaintiffs' nets.

Only three of the defendants have elected to fight the subpoena. Two are Doe defendants from the case originally titled Arista Records LLC v. Does 1-21, No. 07cv-10834 (consolidated on May 8, 2007). In that case, the plaintiffs sought discovery from Boston University as the defendants' ISP, and the two Does^[8] separately moved [162] to quash the subpoena. Each primarily asserts that the plaintiffs have failed to state a sufficient claim for copyright infringement. See Mem. Supp. Mot. Quash (document #104); Mot. Quash (document #115). Because the two motions are substantively similar, the Court will address them together.

The third defendant to move to quash the subpoena is Doe no. 12 from Warner Brothers Records, Inc. v. Does 1-17, No. 07-cv-10924 (consolidated on May 18, 2007). The Internet Service Provider at issue is the University of Massachusetts. Doe no. 12 argues that she is not subject to personal jurisdiction in Massachusetts. See Mot. Quash (document #113).

The Court held a hearing on the Motions to Quash on January 28, 2008. Shortly thereafter, the Court granted the Electronic Frontier Foundation ("EFF") leave to file an amicus brief supporting the Motion to Quash. See Electronic Order (Feb. 6, 2008). Its brief principally treats the First Amendment implications of the subpoena^[9] and the proper sweep of the copyright laws. The Court thanks the amicus for its participation.

The Court will examine first the motions of the two Does in the Boston University case, which argue that the subpoena ought to be denied on substantive grounds. It will then turn to the University of Massachusetts Doe's argument that the subpoena should be quashed for lack of personal jurisdiction.

II. LEGAL STANDARDS

This case is still at a preliminary stage: The plaintiffs seek to learn the identities of the defendants so that, the issue may be properly joined on the merits. Under Federal Rule 45, the Court "shall quash or modify the subpoena if it ... requires disclosure of privileged or other protected matter and no exception or' waiver applies." Fed.R.Civ.P. 45(c)(3)(A)(iii). The substantive inquiry is similar to the one necessary for issuing a protective order. See Micro Motion, Inc. v. Kane Steel Co., 894 F.2d 1318, 1322-23 (Fed.Cir.1990). The party requesting that the subpoena be quashed must show good cause for protection by specifically demonstrating that disclosure will cause a clearly defined and serious harm. See Anderson v. Cryovac, Inc., 805 F.2d 1, 7-8 (1st Cir. 1986); Glenmede Trust Co. v. Thompson, 56 F.3d 476, 483 (3d Cir.1995). The Court balances the harm of disclosure against the harm to the other party of restricting discovery.

The Court must therefore first consider whether the defendants' anonymity is entitled to privilege or other protection. If so, it will turn to the balancing test necessary under Rule 45(c)(3).

III. THE DEFENDANTS' ANONYMITY IS ENTITLED TO SOME FIRST AMENDMENT PROTECTION

The motion to quash raises two First Amendment issues-the right to anonymous speech and the right to whatever creative activity is involved in the defendants' acts. While the Court recognizes some limited First Amendment protection here, that protection only goes so far as to subject the plaintiffs' subpoenas to somewhat heightened scrutiny. Other courts have [163] reached the same conclusion. See, e.g., Sony Music Entm't v. Does 1-40, 326 F.Supp.2d 556, 564 (S.D.N.Y.2004).

As the Supreme Court has repeatedly held, the First Amendment protects anonymous speech. The right to anonymity is an important foundation of the right to speak freely. Indeed, "[a]nonymity is a shield from the tyranny of the majority. It ... exemplifies the purpose behind the Bill of Rights, and of the First Amendment in particular: to protect unpopular individuals from retaliation — and their ideas from suppression — at the hand of an intolerant society." Mclntyre v. Ohio Elections Comm'n, 514 U.S. 334, 357, 115 S.Ct. 1511, 131 L.Ed.2d 426 (1995). See also NAACP v. Alabama ex rel. Patterson, 357 U.S. 449, 460-62, 78 S.Ct. 1163, 2 L.Ed.2d 1488 (1958) (discussing generally the importance of anonymity). Still, the anonymous activity that is being protected must be "speech."

Copyright infringement, per se, is clearly not speech entitled to First Amendment protection. See Harper & Row Publishers, Inc. v. Nation Enters., 471 U.S. 539, 555-57, 560, 105 S.Ct. 2218, 85 L.Ed.2d 588 (1985) (discussing the First Amendment and copyright, and examining whether fair use doctrine applied to alleged act of copyright infringement). But there are some creative aspects of downloading music or making it available to others to copy: the value judgment of what is worthy of being copied; the association of one recording with another by placing them together in the same library; the self-expressive act of identification with a particular recording; the affirmation of joining others listening to the same recording or expressing the same idea. See Rebecca Tushnet, Copy This Essay: How Fair Use Doctrine Harms Free Speech and How Copying Serves It, 114 Yale L.J. 535, 545-47, 562-81 (2004); Jack M. Balkin, Digital Speech and Democratic Culture: A Theory of Freedom of Expression for the Information Society, 79 N.Y.U. L.Rev. 1, 45-46 (2004); cf. Harper & Row, 471 U.S. at 547, 105 S.Ct. 2218 (noting that compilation of pure fact "entails originality" in selection and ordering of the facts). Thus, while the aspect of a file-sharer's act that is infringing is not entitled to First Amendment protection, other aspects of it are. Cf, e.g., Schad v. Mount Ephraim, 452 U.S. 61, 66, 101 S.Ct. 2176, 68 L.Ed.2d 671 (1981) ("[N]ude dancing is not without its First Amendment protections from official regulation."); Eugene Volokh, Crime-Facilitating Speech, 57 Stan. L.Rev. 1095 (2005) (arguing that crime-facilitating speech has "some First Amendment value").

Nevertheless, the fact that there is First Amendment value associated with sharing music over a peer-to-peer network does not insulate the defendants from liability. Rather, the minimal First Amendment protection their activity garners^[10] entitles them to some scrutiny of a discovery request that uses the power of the Court to threaten the privilege.^[11]

[164] IV. APPLICATION OF THE BALANCING TEST

As to how to balance the harms, the Court finds persuasive the approach of the Southern District of New York in Sony Music, 326 F.Supp.2d 556. In that case, the court reviewed the leading cases on subpoenas seeking disclosure of defendants' identities from their ISP. It isolated five important factors:^[12]

(1) a concrete showing of a prima facie claim of actionable harm, (2) specificity of the discovery request, (3) the absence of alternative means to obtain the subpoenaed information, (4) a central need for the subpoenaed information to advance the claim, and (5) the party's expectation of privacy.

Id. at 564-65 (citations omitted).^[13] The first factor ensures that the defendants cannot pierce the defendants' anonymity based on an unsupported or legally insufficient pleading. The second, third, and fourth factors ensure that the subpoena is narrowly tailored to reveal no more information about the defendants than necessary, and to ensure that third parties who are not accused of infringement remain anonymous. The fifth factor considers the defendants' expectations of privacy, including whatever service arrangement they might have with their ISP.

The Court considers each factor in turn.

A. Factor One: Prima Facie Claim of Actionable Harm

This factor has three parts. First, the plaintiffs must assert an "actionable harm," a claim upon which relief can be granted. Second, the claim must be supported by prima facie evidence. That standard does not require the plaintiffs to prove their claim. They need only proffer sufficient evidence that, if credited, would support findings in their favor on all facts essential to their claim. See Adelson v. Hananel, 510 F.3d 43, 48 (1st Cir.2007) (discussing prima facie standard for personal jurisdiction). Finally, both the claim and the prima facie evidence supporting it must be "concrete." That is, they must be [165] reasonably grounded in allegations of a specific act of infringement.

The movants and the EFF argue that the plaintiffs have failed to meet their burden under each part of the test. See Mot. Quash at 3-7 (document #104); Mot. Quash at 4-10 (document #115); EFF Br. at 9-24 (document #152). Their arguments involve important and difficult questions of copyright law. Ultimately, however, the Court finds that the plaintiffs have satisfied this factor. Considering as true the facts they have pleaded, and drawing all reasonable inferences in their favor, the plaintiffs have made a concrete showing of a prima facie case of an actionable harm.

1. Whether the Plaintiffs Have Asserted a Claim Upon Which Relief Can Be Granted

A claim for copyright infringement has two elements. First, the plaintiffs must demonstrate that they hold a valid copyright (an issue the defendants do not contest.) Second, the plaintiff must show that the defendant violated of one of the exclusive rights held by a copyright owner. See T-Peg, Inc. v. Vermont Timber Works, Inc., 459 F.3d 97, 108 (1st Cir.2006); see also Feist Publ'ns, Inc. v. Rural Tel. Serv. Co., 499 U.S. 340, 360-61, 111 S.Ct. 1282, 113 L.Ed.2d 358 (1991); 17 U.S.C. § 501(a). The plaintiffs claim that "each [defendant, without the permission or consent of [p]laintiffs, has ... downloaded] or distribut[ed] to the public" music files to which the plaintiff holds the copyright. Compl. at 5 (docket no. 07-cv-10834, document #1). Two rights reserved to the copyright holder are at issue in this case: the right "to reproduce the copyrighted work in copies or phonorecords," 17 U.S.C. § 106(1), and the right "to distribute copies or phonorecords of the copyrighted work to the public by sale or other transfer of ownership, or by rental, lease, or lending," id. § 106(3).

The movants and the amicus present two broad arguments, each of which requires the Court to consider the scope of a copyright holder's exclusive rights under the statutes quoted above. First, they contend that the copyright laws require an actual dissemination of copyrighted material; merely making copyrighted material available for another person to copy, they argue, is only an attempt at infringement — which is not actionable. Mem. Supp. Mot. Quash at 4-6 (document #104); Mot. Quash at 7 (document #115); EFF Br. at 10-15 (document #152). Second, they contend that the scope of the rights given to copyright owners by § 106 is limited by the definition of "phonorecords" as "material objects" in 17 U.S.C. § 101.^[14] In their view, the copyright owner's rights are limited to tangible, physical objects, and purely electronic transmissions over the internet fall outside those rights.^[15] Suppl. Mem. L. Supp. Mot. Quash at 4-6 (document #149); Mot. Quash at 7 (document #115); EFF Br. at 15-24 (document #152). Both of these broad arguments question whether the plaintiffs have alleged a legally cognizable [166] harm under the copyright statutes. If they have not, then the subpoena must be quashed.

a. Whether the Copyright Holder's Right Extends Only to Actual Distributions

The first question the Court must address is whether the distribution right under 17 U.S.C. § 106(3) requires an actual dissemination to constitute an infringement.^[16] It is an important issue, determining in part how to evaluate the proffered evidence in this case. MediaSentry, posing as just another peer-to-peer user, can easily verify that copyrighted material has been made available for download from a certain IP address. Arguably, though, MediaSentry's own downloads are not themselves copyright infringements because it is acting as an agent of the copyright holder, and copyright holders cannot infringe their own rights.^[17] If that argument is accepted, MediaSentry's evidence cannot alone demonstrate an infringement.

The plaintiffs suggest two reasons why an actual distribution might not be required. First, the statute reserves to the copyright owner the right "to do and to authorize ... [the distribution of] copies or phonorecords of the copyrighted work to the public." § 106(3) (emphasis added). The language appears to grant two distinct rights: "doing" and "authorizing" a distribution. Making the copyrighted material available over the internet might constitute an actionable "authorization" of a distribution. Second, if mere authorization is not enough, the plaintiffs argue that in appropriate circumstances — including these — "making available" copyrighted material is sufficient to constitute an act of actual distribution. Neither argument has merit.

The First Circuit has squarely considered and rejected the proposition that copyright liability arises where the defendant authorized an infringement, but no actual infringement occurred. See Venegas-Hernandez v. Ass'n De Compositores & Editores de Musica Latinoamericana, 424 F.3d 50, 57-58 (1st Cir.2005). It noted that Congress' intent in adding "authorize" to the statute was to "avoid any questions as to the liability of contributory infringers." Id. at 58 (internal quotation marks omitted) (quoting H.R. Rep. 94-1476 ("House Report") at 52 (1976), reprinted in 1976 U.S.C.C.A.N. 5659, 5674). Authorization is sufficient to give rise to liability, but only if an infringing act occurs after the authorization. See id. at 59; see also Latin Am. Music Co. v. The Archdiocese of San Juan of the Roman Catholic & Apostolic Church, 499 F.3d 32, 46 (1st Cir.2007) (citing and applying Venegas-Hernandez).

Thus, to constitute a violation of the distribution right under § 106(3), the defendants' actions must do more than "authorize" a distribution; they must actually "do" it. The Court therefore moves to [167] the plaintiffs' second argument: Merely making copyrighted works available to the public is enough where, as in this case, the alleged distributor does not need to take any more affirmative steps before an unauthorized copy of the work changes hands. Other courts have split over whether that is a valid reading of the statute. Compare Hotaling v. Church of Jesus Christ of Latter-Day Saints, 118 F.3d 199 (4th Cir. 1997) (holding that making copyrighted material available is sufficient to constitute a distribution), and Arista Records LLC v. Greubel, 453 F.Supp.2d 961, 969-70 (N.D.Tex.2006) (citing and following Hotaling), and Warner Bros. Records, Inc. v. Payne, No. W-06-CA051, 2006 WL 2844415, at *3-*4 (W.D.Tex. July 17, 2006) (same), with In re Napster, Inc. Copyright Litig., 377 F.Supp.2d 796, 802-05 (N.D.Cal.2005) (criticizing Hotaling as being "contrary to the weight of [other] authorities" and "inconsistent with the text and legislative history of the Copyright Act of 1976"), and Natl Car Rental Sys., Inc. v. Computer Assocs. Int'l, Inc., 991 F.2d 426, 434 (8th Cir.1993) (stating that infringement of the distribution right requires the actual dissemination of copies or phonorecords).

To suggest that "making available" may be enough, the plaintiffs rely primarily on the Fourth Circuit's decision in Hotaling.^[18] In that case, a library had an unauthorized copy of a book, which it "made available" to the public; the defendant argued that without a showing that any member of the public actually read the book, it could not be liable for "distribution." See id. at 201-02, 203. The district court agreed and granted summary judgment to the defendant. The Fourth Circuit reversed:

When a public library adds a work to its collection, lists the work in its index or catalog system, and makes the work available to the borrowing or browsing public, it has completed all the steps necessary for distribution to the public. At that point, members of the public can visit the library and use the work. Were this not to be considered distribution within the meaning of § 106(3), a copyright holder would be prejudiced by a library that does not keep records of public use, and the library would unjustly profit by its own omission.

Id.; see also id. at 204.

The plaintiffs contend that this case is analogous to Hotaling,^[19] and suggest [168] that the Court should reach the same conclusion as the Fourth Circuit. But the EFF correctly points out a lacuna in the Fourth Circuit's reasoning. See EFF Br. at 15 (citing William F. Patry, 4 Patry on Copyright §§ 13:9, 13:11 (2007)). Merely because the defendant has "completed all the steps necessary for distribution" does not necessarily mean that a distribution has actually occurred.^[20] It is a "distribution" that the statute plainly requires. See 17 U.S.C. § 106(3).

The plaintiffs encourage the Court to adopt a much more capacious definition of "distribution." They argue that the Supreme Court has held that the "terms `distribution' and `publication' ... [are] synonymous in the Copyright Act." Pls.' Resp. Opp. Amicus Curiae Br. at 2-3 (document #157) (citing Harper & Row, 471 U.S. at 552, 105 S.Ct. 2218).^[21] They further note, correctly, that the statutory definition of publication can include offers to distribute. See 17 U.S.C. § 101. And sharing music files on a peer-to-peer network does, at least arguably, constitute an offer to distribute them.

While some lower courts have accepted the equation of publication and distribution, see Greubel, 453 F.Supp.2d at 969; In re Napster, 377 F.Supp.2d at 803, the plaintiffs' argument mischaracterizes the Supreme Court's decision in Harper & Row. The Supreme Court stated only that § 106(3) "recognized for the first time a distinct statutory right of first publication," and quoted the legislative history as establishing that § 106(3) gives a copyright holder "the right to control the first public distribution of an authorized copy ... of his work." Harper & Row, 471 U.S. at 552, 105 S.Ct. 2218 (internal quotation marks omitted) (quoting House Report at 62, reprinted in 1976 U.S.C.C.A.N. at 5675) (alteration in Harper & Row). That is a far cry from squarely holding that publication and distribution are congruent.

To the contrary, even a cursory examination of the statute suggests that the terms are not synonymous. "Distribution" is undefined in the copyright statutes. "Publication," however, is defined, and incorporates "distribution" as part of its definition:

'Publication' is the distribution of copies or phonorecords of a work to the public by sale or other transfer of ownership, or by rental, lease, or lending. The offering to distribute copies or phonorecords to a group of persons for purposes of further distribution, public performance, or public display, constitutes publication. A public performance or display [169] of a work does not of itself constitute publication.

17 U.S.C. § 101. By the plain meaning of the statute, all "distributions ... to the public" are publications. But not all publications are distributions to the public — the statute explicitly creates an additional category of publications that are not themselves distributions. For example, suppose an author has a copy of her (as yet unpublished) novel. If she sells that copy to a member of the public, it constitutes both distribution and publication. If she merely offers to sell it to the same member of the public, that is neither a distribution nor a publication. And if the author offers to sell the manuscript to a publishing house "for purposes of further distribution," but does not actually do so, that is a publication but not a distribution.

Plainly, "publication" and "distribution" are not identical. And Congress' decision to use the latter term when defining the copyright holder's rights in 17 U.S.C. § 106(3) must be given consequence. In this context, that means that the defendants cannot be liable for violating the plaintiffs' distribution right unless a "distribution" actually occurred.

But that does not mean that the plaintiffs' pleadings and evidence are insufficient. The Court can draw from the Complaint and the current record a reasonable inference in the plaintiffs' favor — that where the defendant has completed all the necessary steps for a public distribution, a reasonable fact-finder may infer that the distribution actually took place. As in Hotaling, the defendants have completed the necessary steps for distribution, albeit electronic: Per the plaintiffs' pleadings, each individual Doe defendant connected to the peer-to-peer network in such a way as to allow the public to make copies of the plaintiffs' copyrighted recordings. See Compl. at 5 (docket no. 07-cv-10834, document #1). Through their investigator, the plaintiffs have produced evidence that the files were, in fact, available for download. They have also alleged that sound recordings are illegally copied on a large scale, supporting the inference that the defendants participated in the peer-topeer network with the intent that other users could download from the defendants copies of the plaintiffs' copyrighted material. See Linares Decl. at 3-4, Ex. A to PI. Mot. Leave to Take Immediate Discovery (docket no. 07-cv-10834, document #5). At least at this stage of the proceedings, that is enough. The plaintiffs have pled an actual distribution and provided some concrete evidence to support their allegation.

b. Whether the Distribution Right Is Limited to Physical, Tangible Objects

Next, the movants and the EFF contend that the distribution right under 17 U.S.C. § 106(3) is limited to physical, tangible objects. By its terms, the distribution right only extends to distributions of "phonorecords of the copyrighted work to the public by sale or other transfer of ownership, or by rental, lease or lending." In turn, 17 U.S.C. § 101 defined "phonorecords" as "material objects in which sounds ... are fixed." The movants and the EFF focus on the phrase "material object," as well as the meaning of "sale or other transfer," and conclude that purely electronic file sharing does not fall within the scope of the right. If their argument is accepted, it would mean that the plaintiffs' Complaint is legally insufficient to allege a violation of the distribution right protected by§ 106(3).

The movants' argument is sweeping, carrying substantial implications for a great deal of internet commerce — any involving computer-to-computer electronic transfers of information. Indeed, this case is an exemplar. The plaintiffs have not [170] alleged a physical distribution. To the contrary, it is clear that their harm comes from the purely electronic copying of music files. See Linares Decl. at 3-4, Ex. A to PL Mot. Leave to Take Immediate Discovery (docket no. 07-cv-10834, document #5). After carefully considering the parties' and the EFF's arguments, the Court concludes that § 106(3) confers on copyright owners the right to control purely electronic distributions of their work.

As noted above, 17 U.S.C. § 106(3) applies to the distribution of "phonorecords." And "phonorecords" are defined in full as follows:

'Phonorecords' are material objects in which sounds, other than those accompanying a motion picture or other audiovisual work, are fixed by any method now known or later developed, and from which the sounds can be perceived, reproduced, or otherwise communicated, either directly or with the aid of a machine or device. The term`phonorecords' includes the material object in which the sounds are first fixed.

17 U.S.C. § 101. The movants and the EFF contend that the electronic distribution, if it occurred, did not involve the "distribution" of a material object "by sale or other transfer of ownership, or by rental, lease or lending," as §§ 106(3) and 101 require. The argument has two closely related prongs-first, that no material object actually changed hands, and second, that even if it did, it was not through one of the methods of transfer enumerated in the statute.

Each of those arguments relies on an overly literal definition of "material object," and one that ignores the phrase's purpose in the copyright statutes. Congress intended for the copyright owner to be able to control the public distribution of items that can reproduce the artist's sound recording. It makes no difference that the distribution occurs electronically, or that the items are electronic sequences of data rather than physical objects.

Before squarely addressing the parties' arguments, however, the Court briefly revisits an important foundational issue — whether the electronic files at issue here can constitute "material objects" within the meaning of the copyright statutes. Doing so will help the Court explain the scope of the distribution right and frame the application of the Copyright Act to an electronic world.

(1) Electronic Files Are Material Objects

Understanding Congress' use of "material object" requires returning to a fundamental principle of the Copyright Act of 1976, Pub.L. No. 94-553, 90 Stat. 2541 (codified as amended in 17 U.S.C). Congress drew "a fundamental distinction between the`original work' which is the product of`authorship' and the multitude of material objects in which it can be embodied. Thus, in the sense of the [Copyright Act], a`book' is not a work of authorship, but is a particular kind of`copy.'" House Report at 53, reprinted in 1976 U.S.C.C.A.N. at 5666.^[22]

The Copyright Act thus does not use materiality in its most obvious sense — to mean a tangible object with a certain heft, like a book or compact disc. Rather, [171] it refers to materiality as a medium in which a copyrighted work can be "fixed." See 17 U.S.C. § 101 ("A work is`fixed' in a tangible medium of expression when its embodiment in a copy or phonorecord, ... is sufficiently permanent or stable to permit it to be perceived, reproduced, or otherwise communicated for a period of more than transitory duration."). As the Second Circuit cogently explained, "[t]he sole purpose of § 101`s definitions of the words `copies' and`fixed' is to ... define the material objects in which copyrightable and infringing works may be embedded and to describe the requisite fixed nature of that work within the material object." Matthew Bender & Co., Inc. v. West Pub. Co., 158 F.3d 693, 702 (2d Cir.1998). The opposite is true as well. The sole purpose of the term "material object" is to provide a reference point for the terms "phonorecords" and "fixed."^[23]

This analysis is borne out in other aspects of the Copyright Act — for example, the Act's abrogation of a common-law presumption regarding the sale of copyrights. At common-law, if an author sold her manuscript, the sale included the author's copyrights in the original work unless the sale agreement specifically excepted them. See, e.g., Yardley v. Houghton Mifflin Co., 108 F.2d 28, 30-31 (2d Cir.1939); Pushman v. New York Graphic Soc'y, Inc., 287 N.Y. 302, 306-07, 39 N.E.2d 249 (1942). Congress specifically abolished that presumption by distinguishing between the abstract, original work on the one hand, which is the source of the copyrights, and its material incarnation on the other, which is protected by the copyrights. See 17 U.S.C. § 202; House Report at 53, 123, reprinted in 1976 U.S.C.C.A.N. at 5666, 5739-40. Because the two are different, the author can freely sell a copy without disturbing the copyrights.

Thus, any object in which a sound recording can be fixed is a "material object." That includes the electronic files at issue here. When a user on a peer-to-peer network downloads a song from another user, he receives into his computer a digital sequence representing the sound recording. That sequence is magnetically encoded on a segment of his hard disk (or likewise written on other media.) With the right hardware and software, the downloader can use the magnetic sequence to reproduce the sound recording. The electronic file (or, perhaps more accurately, the appropriate segment of the hard disk) is therefore a "phonorecord" within the meaning of the statute. See § 101 (defining "fixed" and "phonorecords"); Matthew Bender & Co., 158 F.3d at 703-04. See also New York Times Co. v. Tasini 533 U.S. 483, 490-91, 121 S.Ct. 2381, 150 L.Ed.2d 500 (2001) (appearing to assume that electronic-only distributions constitute material objects); Stenograph LLC v. Bossard Assocs., Inc., 144 F.3d 96, 100 (D.C.Cir.1998) (holding that installation [172] of software onto a computer results in "copying"); Working Group on Intellectual Property Rights, Intellectual Property and the National Information Infrastructure 213 (1995), available at http://www. uspto.gov/go/com/doc/ipnii/ipnii.pdf (noting that electronic transmissions implicate copyright holders' rights and strongly implying that electronic files constitute "material objects").

With that background, the Court turns to the movants' and the EFF's arguments.

(2) The Transmission of an Electronic File Constitutes a "Distribution" Within the Meaning of § 106(3)

The movants and the EFF present two reasons why the Court should decline to find that purely electronic transmissions are a violation of the distribution right. First, they note that the distribution right is limited to "phonorecords of the copyrighted work," 17 U.S.C. § 106(3), and that part of the definition of "phonorecords" is that they are "material objects," id. § 101. They focus on the phrase "material objects" to suggest that a copyright owner's distribution right only extends to "tangible" objects. See EFF Br. at 15-16. Because there was no exchange of tangible objects in this case — no "hand-to-hand" exchange of physical things — they argue that the plaintiffs' distribution right was not infringed by the defendants' actions.

The movants' second argument focuses on a different phrase in § 106(3): "distribution" is limited to exchanges "by sale or other transfer of ownership, or by rental, lease, or lending." They note, correctly, that an electronic download does not divest the sending computer of its file, and therefore does not implicate any ownership rights over the sound file held by the transferor. Therefore, they conclude, an electronic file does not fit within the defined limits of the distribution right.

The movants' two arguments appear to be analytically distinct, but in fact each is the obverse of the other: Any time the transfer of copyrighted material takes place electronically, both contentions at least potentially come into play. Electronic transfers generally involve the reading of data at point A and the replication of that data at point B. Whenever that is true, one person might be stationed at point A and another at point B, obviating the need for a "hand-to-hand" transfer. Similarly, because the data at point A is not necessarily destroyed by the process of reading it, the person at point A might retain ownership over the original, forestalling the need for a "sale or other transfer of ownership," as stated in § 106(3).

Clearly, that description accurately characterizes electronic file transfers. The internet makes it possible for a sending computer in Boston and a downloader in California to communicate quickly and easily; the physical distance between the two, as well as the purely electronic nature of the transfer, makes the movants' argument attractive. But the "point A-to-point B" characterization is no less apt for an older technology, such as a fax transfer over a phone line. And it also applies to cases in which point A and point B are very close together — even in the same room.^[24] The movants' argument thus pivots on the nature of the transfer, in which the copyrighted work is read by a machine, translated into data, transmitted (in data form), and re-translated elsewhere.

[173] After carefully considering the parties' and the EFF's arguments, the Court concludes that 17 U.S.C. § 106(3) does reach this kind of transaction. First, while the statute requires that distribution be of "material objects," there is no reason to limit "distribution" to processes in which a material object exists throughout the entire transaction — as opposed to a transaction in which a material object is created elsewhere at its finish. Second, while the statute addresses ownership, it is the newly minted ownership rights held by the transferee that concern it, not whether the transferor gives up his own.

The first point requires that the Court closely examine the scope of the distribution right under § 106(3). The statute provides copyright owners with the exclusive right "to distribute ... phonorecords of the copyrighted work to the public by sale or other transfer of ownership, or by rental, lease, or lending." 17 U.S.C. § 106(3). In turn, phonorecords are defined in part as "material objects in which sounds ... are fixed by any method." Id. § 101. And as discussed above, in the sense of the Copyright Act, "material objects" should not be understood as separating tangible copies from non-tangible copies. Rather, it separates a copy from the abstract original work and from a performance of the work. See supra Section IV.A.l.b.(1).

Read contextually, it is clear that this right was intended to allow the author to control the rate and terms at which copies or phonorecords of the work become available to the public. In that sense, it is closely related to the reproduction right under § 106(1), but it is not the same. As Congress noted, "a printer [who] reproduces copies without selling them [and] a retailer [who] sells copies without having anything to do with their reproduction" invade different rights. House Report at 61, reprinted in 1976 U.S.C.C.A.N. at 5675. Under § 106(3),

[T]he copyright owner [has] the right to control the first public distribution of an authorized copy or phonorecord of his work, whether by sale, gift, loan, or some rental or lease arrangement. Likewise, any unauthorized public distribution of copies or phonorecords that were unlawfully made [is] an infringement. As section 109 makes clear, however, the copyright owner's rights under section 106(3) cease with respect to a particular copy or phonorecord once he has parted with ownership of it.

House Report at 62, reprinted in 1976 U.S.C.C.A.N. at 5675-76. Clearly, § 106(3) addresses concerns for the market for copies or phonorecords of the copyrighted work, and does so more explicitly and directly than the other provisions of § 106.^[25]

An electronic file transfer is plainly within the sort of transaction that § 106(3) was intended to reach. Indeed, electronic transfers comprise a growing part of the legitimate market for copyrighted sound recordings. See, e.g., Verne Kopytoff & [174] Ellen Lee, Tech Chronicles, S.F. Chron., Feb. 27, 2008, at CI (reporting that through its iTunes Store, which operates exclusively via electronic file transfer, Apple has sold more than 4 billion songs to 50 million customers).^[26] What matters in the marketplace is not whether a material object "changes hands," but whether, when the transaction is completed, the distributee has a material object. The Court therefore concludes that electronic file transfers fit within the definition of "distribution" of a phonorecord.^[27]

For similar reasons, the Court concludes that an electronic file transfer can constitute a "transfer of ownership" as that term is used in § 106(3). As noted above, Congress wrote § 106(3) to reach the "unauthorized public distribution of copies or phonorecords that were unlawfully made." House Report at 62, reprinted in 1976 U.S.C.C.A.N. at 5676. That certainly includes situations where, as here, an "original copy" is read at point A and duplicated elsewhere at point B.^[28] Since the focus of § 106(3) is the ability of the author to control the market, it is concerned with the ability of a transferor to create ownership in someone else — not the transferor's ability simultaneously to retain his own ownership.

This conclusion is supported by a comparison to the "first sale" doctrine, codified at 17 U.S.C. § 109. The "first sale" doctrine provides that once an author has released an authorized copy or phonorecord of her work, she has relinquished all control over that particular copy or phonorecord. See id. § 109(a); House Report at 79-80, reprinted in 1976 U.S.C.C.A.N. at 5693-94. The person who bought the copy — the "secondary" purchaser — may sell it to whomever she pleases, and at the terms she directs. The market implications are clear. The author controls the volume of copies entering the market, but once there, he has no right to control their secondary and successive redistribution. To be sure, the author retains a certain degree of control over the secondary sale, at least to the extent that he can control that redistributions through the terms in the original sales contract. But he must bring a contract suit, not an infringement action. See id. at 79, reprinted in 1976 U.S.C.C.A.N. at 5693. See also, e.g., Am. Int'l Pictures, Inc. v. Foreman, 576 F.2d 661, 664 (5th Cir.1978) (holding that where copyrighted material is resold subject to restrictions, and the secondary buyer violates those restrictions, no copyright infringement action lies). More often and more practically, however, the author will simply price the new copies or phonorecords to reflect the work's value in a secondary market. See, e.g., Vincent v. City Colleges of Chicago, 485 F.3d 919 (7th Cir.2007) (citing Stanley M. Besen & Sheila N. Kirby, Private Copying, Appropriability & Optimal, Copyright Royalties, 32 J.L. & Econ. 255 (1989)).

Conversely, where ownership is created through an illegal copy, the first [175] sale doctrine does not provide a defense to a distribution suit. See Quality King Distrib.. Inc. v. L'anza Research Int'l, Inc., 523 U.S. 135, 148, 118 S.Ct. 1125, 140 L.Ed.2d 254 (1998). The distinction makes sense: where ownership is created through an illegal copy, the copyright holder has never had the chance to exercise his market rights over the copy. That is precisely the situation here.^[29]

2. Whether the Plaintiffs Have Adduced Prima Facie Evidence of Infringement

The second sub-element of the Sony Music test's first factor asks whether the plaintiffs have presented prima facie evidence of infringement. See 326 F.Supp.2d at 564. Just as police cannot invade the privacy of a home without some concrete evidence of wrongdoing inside, plaintiffs should not be able to use the Court to invade others' anonymity on mere allegation. By requiring plaintiffs to make out a prima facie case of infringement, the standard requires plaintiffs to adduce evidence showing that their complaint and subpoena are more than a mere fishing expedition. The plaintiffs need not actually prove their case at this stage; they need only present evidence adequate to allow a reasonable fact-finder to find that each element of their claim is supported. See Adelson, 510 F.3d at 48.' They have done so.

The first element of a copyright infringement suit is a valid copyright. See T-Peg, 459 F.3d at 108. The plaintiffs have asserted, and the defendants have not challenged, that they hold the copyright to each of the sound recordings incorporated into the complaint. See Compl. at 4-5 (docket no. 07-cv-10834, document #1).

The second element is violation of one of the copyright holder's exclusive rights. See T-Peg, 459 F.3d at 108. The movants and the EFF argue that because the plaintiffs have not demonstrated an actual infringement, they have not asserted an actual violation.^[30] They reason that the [176] investigator downloading the files from the defendants' computers was an agent of the plaintiffs, and plaintiffs cannot infringe their own copyrights. See Mem. Supp. Mot. Quash at 4-6 (document #149); EFF Br. at 12 n. 8 (document #152).

The Court need not now decide the precise nature of the evidence Media-Sentry gathered. While the parties dispute whether an investigator's download can be a perfected infringement, the downloads are also relevant, as described above, for another purpose: demonstrating that such infringement was technically feasible, thereby demonstrating that distributions could occur.

The plaintiffs have alleged that each defendant shared many, many music files — at least 100, and sometimes almost 700. See Ex. A to Compl. (docket no. 07-cv-10834, document #1) (providing information for each Doe, including number of copyrighted music files shared); Linares Decl. at 4, Ex. A to PI. Mot. Leave to Take Immediate Discovery (docket no. 07-cv-10834, document #5) (attesting to the veracity of the information contained in Exhibit A to the Complaint).^[31] As noted above, that evidence supports an inference that the defendants participated in the peer-to-peer network precisely to share copyrighted files. The evidence and allegations, taken together, are sufficient to allow a statistically reasonable inference that at least one copyrighted work was downloaded at least once. That is sufficient to make out a prima facie case for present purposes.^[32] Discovery may well reveal other factors relevant to the statistical inference, such as the length of time the defendant used peer-to-peer networks.

The plaintiffs have satisfied their burden for a prima facie case. As noted above, merely exposing music files to the internet is not copyright infringement. The defendants may still argue that they did not know that logging onto the peer-topeer network would allow others to access these particular files, or contest the nature of the files, or present affirmative evidence rebutting the statistical inference that downloads occurred. But these are substantive defenses for a later stage. Plaintiffs need not prove knowledge or intent in order to make out a prima facie case of infringement. See Feist, 499 U.S. at 361, [177] 111 S.Ct. 1282; Data Gen. Corp. v. Grumman Sys. Support Corp., 36 F.3d 1147, 1160 n. 19 (1st Cir.1994). As noted above, they are not required to win their case in order to serve the defendants with process.

3. Whether the Plaintiffs Have Tied Their Allegations and Evidence to Specific Acts of Infringement

The third sub-element of the first Sony Music factor is that the allegations be "concrete" — that they be tied to specific acts of infringement. See 326 F.Supp.2d at 564. The movants argue that the plaintiffs have failed to do so. Mot. Quash at 7-10 (document #115). In considering this question, the Court must keep in mind that transfers on a peer-to-peer network are not observable by outside users. To show infringement,^[33] the plaintiffs are obliged to build a chain of inferences. The Court finds that, on this record, the chain is adequately anchored to specific allegations to satisfy this sub-element.

The plaintiffs have alleged that each of the defendants used the peer-to-peer network to distribute copies of specific sound recordings, detailed in Exhibit A to the Complaint. For instance, Doe no. 21, one of the movants here, is alleged to have distributed the song "Clocks," by the artist Coldplay. Capitol Records holds the copyright to that song. See Ex. A to Compl. (docket no. 07-cv-10834, document #1). The plaintiffs allege that the downloading creates a precise copy of the song. And Doe no. 21 is alleged to have "continuously used, and [to] continue[] to use," a peerto-peer network. Compl. at 5 (docket no. 07-cv10834, document #1). Finally, the fact of MediaSentry's download shows that it was, in fact, possible to download "Clocks" from Doe no. 21's computer as of 6:56 a.m. on January 25, 2007. Thus, the plaintiffs have alleged the specific content at issue; the essential nature of the infringement of that content; a rough time period in which the infringement took place; and that at a certain time, the defendant had taken every step necessary for an infringement of Capitol Records's rights in "Clocks" to occur.

While the plaintiffs must eventually prove that an actual infringement of those rights occurred, they may certainly do so through circumstantial proof and inference. And drawing a reasonable inference in the plaintiffs' favor, one did occur. The plaintiffs' current showing is adequate to satisfy both Federal Rule of Civil Procedure 8 and the more exacting standard of Sony Music — even if they could not directly observe, and thus allege, an infringing act. See, e.g., 5 Patry, Patry on Copyright, §§ 19:3 (listing necessary elements to plead a copyright claim), 19:10 (discussing pleading acts of infringement with specificity).

B. Factors Two, Three, and Four: Need and Narrow Tailoring

The second, third, and fourth factors in the Sony Music test are designed to ensure that the subpoena is appropriate to the plaintiffs' needs, their allegations, and' the preliminary evidence they have presented. The Court weighs "(2) specificity of the discovery request, (3) the absence of alternative means to obtain the subpoenaed information, [and] (4) a central need for the subpoenaed information to advance the claim." Sony Music, 326 F.Supp.2d at 565. Thus, the second factor prevents the subpoena from being so overbroad that it unreasonably invades the anonymity of users who are not alleged to have infringed copyright. The third cuts against the subpoena if there is another [178] reasonable and less-intrusive means to gather the same information. And the fourth tests whether the plaintiffs must have the information to proceed. On the circumstances of this case, the third and fourth factors support the disclosure of the defendants' identities. However, the Court is unable to determine on this record whether the plaintiffs' request is adequately specific to satisfy the second factor.

1. Specificity of the Discovery Request

The second Sony Music factor examines the breadth of the information sought by the plaintiffs. It has two aspects: first, the breadth of the information the plaintiffs seek, and second, whether the subpoena requires the ISP to reveal identifying information for numerous non-infringing parties, piercing the First Amendment anonymity to which they are entitled.

Under the Court's Order permitting expedited discovery, the plaintiffs are limited to identifying information: "name, address, telephone number, e-mail address, and Media Access Control addresses for each defendant." Amended Order re: Expedited Discovery at 1 (May 9, 2007) (docket no. 07-cv-10834, document #8).^[34] The Court further ordered that "[n]o further information about the Doe defendants shall be revealed." Id. These limits are appropriate because they allow the plaintiffs to discover whom they are suing — the purpose of the expedited discovery — but no more. It does not, for example, permit disclosure of any information regarding the defendant's internet use.

Second, the Court must consider whether the information sought can be reasonably traced to a particular defendant. Generally speaking, according to the plaintiffs, the combination of IP address and date and time of access is sufficient to allow identification of the defendant. See Mem. Supp. Ex Parte Application for Leave To Take Immediate Discovery at 2 (docket no. 07-cv-10834, document #5).

That claim may not always be true. More than one computer may be placed under a single IP number. Thus, it is possible that the ISP may not be able to identify with any specificity which of numerous users is the one in question. See Stengel Decl. at 3 (document #118). If that is the case, giving the plaintiffs a long list of possible infringers would permit precisely the sort of fishing expedition the Sony Music test is designed to avoid. On the other hand, the ISP may frequently be able to narrow the list to a handful of possible users. In that situation, the plaintiffs should be entitled to use discovery to determine the identity of the alleged infringer. While it still might be possible that an unauthorized user was the actual infringer, see id., that is a matter better left for further discovery and presentation of the plaintiffs' claims on their merits.

The problem calls for a pragmatic solution that carefully respects the anonymity [179] of potentially innocent parties. Therefore, the Court will undertake to review particular cases as they come up, based on the number of users at issue and the degree of particularity with which the plaintiffs would be able to pick out the alleged infringer from a list. The subpoena to be served on Boston University shall be modified as discussed below in Section IV.D.

2. Absence of Alternative Means to Obtain Information

The third Sony Music factor requires that the plaintiffs have no other, less-intrusive way of obtaining the information they seek. This factor appears to be met in this case. Only the ISP has any record of which IP addresses were assigned to which users. To other entities online, those users would appear only as their IP addresses. The movants have not suggested any other method of obtaining the defendants' information; nor is the Court aware of any.

3. Central Need to Litigation

Finally, it is evident that the plaintiffs need the information in order to further the litigation. Without names and addresses, the plaintiffs cannot serve process, and the litigation can never progress. Therefore, the plaintiffs do have a central need for this information.

C. Factor Five: The Defendants' Expectations of Privacy

The final Sony Music factor regards the expectation of privacy held by the Doe defendants, as well as other innocent users who may be dragged into the case (for example, because they shared an IP address with an alleged infringer.) See 326 F.Supp.2d at 565.

As discussed above, see Section III, the alleged infringers have only a thin First Amendment protection. See Harper & Row, 471 U.S. at 559-60, 105 S.Ct. 2218.^[35] Moreover, many internet service providers require their users to acknowledge as a condition of service that they are forbidden from infringing copyright owners' rights, and that the ISP may be required to disclose their identity in litigation. See, e.g., Sony Music, 326 F.Supp.2d at 559.

The record is unfortunately silent as to Boston University's terms of service agreement, if one exists. That agreement could conceivably make a substantial difference to the expectation of privacy a student has in his or her internet use. The process through which the plaintiffs determine whether a particular user actually used a peer-to-peer network to distribute music files may be much more intrusive than merely obtaining identities. In one case before the Court,^[36] the plaintiffs have sought to obtain an image of a defendant's hard disk,^[37] allowing a forensic computer [180] expert to inspect it to determine whether the defendant possessed an electronic copy of the plaintiffs' copyrighted material. See Pls.' Mot. Compel Discovery (docket no. 03-cv-11661, document #527).^[38]

The Court finds that the terms of service arrangement, if one exists, would be extremely helpful in analyzing the privacy interests at issue. As this is an important factor for the Sony Music test, the Court will require that the subpoena served on Boston University be modified to require that it submit to the Court its terms of service arrangement.

D. Required Modifications to the Subpoenas

For the reasons explained above in Sections IV.B.1 and IV.C, the Court lacks the information to adjudicate whether the plaintiffs have carried their burden in demonstrating a need for expedited discovery under the Sony Music test. Therefore, the Motions to Quash that assert privacy interests (documents ##104 and 115) are GRANTED. The plaintiffs may renew their motion for expedited discovery, but must attach to such motion a copy of the Rule 45 subpoena to be served on Boston University. The subpoena must include the following language or language substantially similar:

The ISP shall submit to the Court, under seal, the information requested by the plaintiffs for its consideration in camera. For any IP address provided by the plaintiffs for which the ISP is unable to determine, to a reasonable degree of technical certainty, the identity of the user, it shall submit a list of all such users and a brief statement explaining the difficulty in selecting among them the alleged infringer.

The ISP shall simultaneously submit to the Court its terms of service agreement with its users, or, if it does not have a terms of service agreement, a statement to that effect.

The submissions by the ISP shall be made no later than 14 days after service of the subpoena.

The ISP shall not disclose to the plaintiffs any information regarding the identities of the defendants unless ordered to do so by this Court.

The Court, with the Sony Music framework thus in place, will consider the plaintiffs' request for expedited discovery as made in their renewed motion.

V. THE MOTION TO QUASH FOR LACK OF PERSONAL JURISDICTION

In addition to the Motions to Quash filed by the Boston University Does, one other Doe has filed a Motion to Quash. She claims that the Court lacks personal jurisdiction over her. She asserts, among other things, that she has never lived in Massachusetts and that "none of [her] visits to the State of Massachusetts had any relationship to the matter for which [she is] being sued, namely [her] alleged use of filesharing systems from [her] home in Maryland." Doe Aff. at 1, Ex. A to Mot. Quash Due to Lack of Personal Jurisdiction (document #113). The Court has the discretion to permit jurisdictional discovery. See, e.g., United States v. Swiss Am. Bank, Ltd., 274 F.3d [181] 610, 626 (1st Cir.2001). It is appropriate to do so in this case.

The only information the Court has before it is Jane Doe's affidavit — signed as Jane Doe — attesting that she is not a Massachusetts resident. On the facts of this case, that is an insufficient basis to disallow jurisdictional discovery. Even taking all of the facts in her affidavit as true, it is possible that the Court properly has personal jurisdiction. The Massachusetts long-arm statute permits jurisdiction to the extent allowed by constitutional limits. Daynard v. Ness, Motley, Loadholt, Richardson & Poole, P.A., 290 F.3d 42, 52 (1st Cir.2002) (quoting 'Automatic' Sprinkler Corp. of Am. v. Seneca Foods Corp., 361 Mass. 441, 280 N.E.2d 423 (1972)). It is a broad license. For example, Jane Doe might well be subject to jurisdiction if she infringed the plaintiffs' copyrights on a trip into Massachusetts. See Mass. Gen. Laws ch. 223A, § 3(c)-(d). It would be premature to adjudicate personal jurisdiction on this record.

The Motion to Quash Due to Lack of Personal Jurisdiction (document #113) is DENIED without prejudice.

VI. CONCLUSION

For the foregoing reasons, the Motions to Quash (document ##103 and 115) are GRANTED. The plaintiffs' Motion for Expedited Discovery may be renewed subject to the requirements on the subpoena set forth above in Section IV.D. Boston University is ORDERED not to destroy the information sought by plaintiffs unless the subpoena is not renewed by April 16, 2008. Furthermore, the Motion to Quash Due to Lack of Personal Jurisdiction (document #113) is DENIED without prejudice.

SO ORDERED.

APPENDIX A

COURT — DIRECTED NOTICE REGARDING ISSUANCE OF SUBPOENA

A subpoena has been issued directing Boston University, your Internet Service Provider ("ISP"), to disclose your name. The subpoena has been issued because you have been sued in the United States District Court for the District of Massachusetts in Boston, Massachusetts, as a "John Doe" by several major record companies. You have been sued for infringing copyrights on the Internet by uploading and/or downloading music. The record companies have identified you only as a "John Doe" and have served a subpoena on your ISP to learn your identity. This notice is intended to inform you of some of your rights and options.

YOUR NAME HAS NOT YET BEEN DISCLOSED. YOUR NAME WILL BE DISCLOSED IN 14 DAYS IF YOU DO NOT CHALLENGE THE SUBPOENA.

Your name has not yet been disclosed. The record companies have given the Court enough information about your alleged infringement to obtain a subpoena to identify you, but the Court has not yet decided whether you are liable for infringement. You can challenge the subpoena in Court. You have 14 days from the date that you receive this notice to file a motion to quash or vacate the subpoena. If you file a motion to quash the subpoena, your identity will not be disclosed until the motion is resolved (and the companies cannot proceed against you until you are identified). The second page of this notice can assist you in locating an attorney, and lists other resources to help you determine how to respond to the subpoena. If you do not file a motion to quash, at the end of the 14 day period, your ISP will send the record [182] company plaintiffs your identification information.

OTHER ISSUES REGARDING THE LAWSUIT AGAINST YOU

To maintain a lawsuit against you in the District Court of Massachusetts, the record companies must establish jurisdiction over you in Massachusetts. If you do not live or work in Massachusetts, or visit the state regularly, you may be able to challenge the Massachusetts court's jurisdiction over you. If your challenge is successful, the case in Massachusetts will be dismissed, but the record companies may be able to file against you in another state where there is jurisdiction.

The record companies may be willing to discuss the possible settlement of their claims against you. The parties may be able to reach a settlement agreement without your name appearing on the public record. You may be asked to disclose your identity to the record companies if you seek to pursue settlement. If a settlement is reached, the case against you will be dismissed. It is possible that defendants who seek to settle at the beginning of a case will be offered more favorable settlement terms by the record companies. You may contact the record companies' representatives by phone at (206) 973-4145, by fax at (206) 242-0905, or by email at infosettlementsupportcenter.com.

You may also wish to find your own lawyer (see resource list below) to help you evaluate whether it is in your interest to try to reach a settlement or to defend against the lawsuit.

RESOURCE LIST

The organizations listed below provide guidance on how to find an attorney. If you live in or near Massachusetts or Boston, the second and third listings below provide referrals for local attorneys.

American Bar Association

http://www.abanet/org/legalservices/ findlegalhelp/home.htm

Massachusetts Bar Association

http://www.massbar.org

Lawyer referral service — (617) 338-0610

Boston Bar Association

http://www.bostonbar.org

Lawyer referral service — (617) 742-0625

The organizations listed below have appeared before other courts around the country in similar lawsuits as "friends of the court" to attempt to protect what they believe to be the due process and First Amendment rights of Doe defendants.

Electronic Frontier Foundation

454 Shotwell Street

San Francisco, California 94110-1914

email: RIAAcases@eff.org

Public Citizen

1600 20th Street, NW

Washington, DC 20009

phone: (202)588-7721

email: litigation@citizen.org

[1] The defendants in this case have not yet been named; the Court simply refers to them as "the defendants." Those who contest the subpoena are "the movants."

[2] Specifically, the Court requires that the plaintiffs attach a "Court-Directed Notice Regarding Issuance of Subpoena," which the ISPs distribute to the individuals in question. The Notice informs the putative defendants that they have the opportunity to move to quash the subpoena, as these defendants have done. See Appendix A (Court-Directed Notice).

[3] Document #115 is styled "Reply Memorandum of Law of Defendant`Doe,' "but the Court has no other related documents. The Court takes the filing as a pro se Motion to Quash, and for clarity's sake, refers to it as such.

[4] This is a small oversimplification. Many popular peer-to-peer networks use a "supernode" architecture. A supernode is a semicentralized computer that operates only to relay search queries and responses within the peer-to-peer network. Once the desired file is located, however, it may be transferred directly from one computer to another. See, e.g., Peter S. Menell & David Nimmer, Legal Realism in Action: Indirect Copyright Liability's Continuing Tort Framework and Sony's De Facto Demise, 55 UCLA L.Rev. 143, 183-84 (2007).

The history of peer-to-peer networks has been one of increasing decentralization, and thus, increasing anonymity. See id. at 179-85 (tracing history of peer-to-peer network technologies through lawsuits asserting contributory copyright liability). Some newer peer-topeer technologies even dispense with supernodes. See, e.g., Grokster, 545 U.S. at 922, 125 S.Ct. 2764; Matthew Helton, Secondary Liability for Copyright Infringement: BitTorrent as a Vehicle for Establishing a New Copyright Definition for Staple Articles of Commerce, 40 Colum. J.L. & Soc. Probs. 1, 20-21 (2006) (discussing new version of software that permits direct peer-to-peer connection without the need for a proxy computer).

[5] At the hearing, the defendants protested that it is impossible to determine whether a sound recording is "illegal" merely by listening to it. See Bestavros Decl. at 2-3 (document #110). True enough. Indeed, one of the key features of digital copyright infringement is that an nth-generation copy is more or less identical to a non-infringing first-generation copy, so there is no drop in sound quality over time. But listening to the files is still important. The defendants must ascertain that what is labeled as a sound recording to which they hold the copyright actually is such a recording (and not, say, a misnamed file or fair use that would not infringe the copyright.)

[6] According to the amicus brief of the Electronic Frontier Foundation, more than 20,000 individuals have been sued nationwide. Amicus Curiae Br. of the Electronic Frontier Foundation ("EFF Br.") at 5-9 (document #152).

[7] For these reasons, insofar as one of the movant Does requests severance, see Mot. Quash at 1-3 (document #115), the motion is DENIED without prejudice. The case against each Doe will be individually considered for purposes of any rulings on the merits, and the movant may renew the severance request before trial if the case proceeds to that stage.

[8] It is not clear which Does are the two movants. The Doe filing one Motion to Quash (document #115) identifies him or herself as Doe no. 21; the Doe filing the other Motion to Quash (document #103) called himself Doe no. 1. Doe no. 1 has been dismissed, however. See Notice of Dismissal (document #122) (dismissing Doe no. 1 from the civil action originally docketed with number 07-cv-10834); Notice of Dismissal (document #136) (same).

[9] The EFF's First Amendment arguments are taken on their merits, contrary to the plaintiffs' contention that no party has raised them. See Pls.' Resp. Opp. Amicus Curiae Br. at 2-3 (document #157). At least one of the motions to quash raises the same issues, albeit in less detail. See Mem. L. Supp. Mot. Quash at 7-8 (document #104).

[10] See Sony Music, 326 F.Supp.2d at 564 (finding file-sharers' activity "qualifies as speech, but only to a degree," because the "real purpose is to obtain music for free"); In re Verizon Internet Svcs., Inc., 257 F.Supp.2d 244, 260 (D.D.C.2003), rev'd on other grounds, Recording Indus. Ass'n of Am., Inc. v. Verizon Internet Svcs., Inc., 351 F.3d 1229 (D.C.Cir. 2003) (holding that file-sharers were entitled to some anonymity on First Amendment grounds, "even though the degree of protection is minimal where alleged copyright infringement is the expression at issue").

[11] Other forms of speech also receive such intermediate valuation. See Florida Bar v. Went For It, Inc., 515 U.S. 618, 623, 115 S.Ct. 2371, 132 L.Ed.2d 541 (noting that commercial speech is entitled to "a limited measure of protection, commensurate with its subordinate position in the scale of First Amendment values" (internal quotation omitted)). The Court need not, and does not, express a view as to the proper place of file-sharing in the speech hierarchy; it is enough for present purposes to determine that it has some First Amendment value.

[12] In doing so, the court subsumed the analysis a number of other leading cases, including, for example, Dendrite International, Inc. v. Doe, 342 N.J.Super. 134, 775 A.2d 756, 760, 772 (2001), a case relied upon by the EFF. See Sony Music, 326 F.Supp.2d at 563-64. Dendrite, like many other cases involving internet speech, is not directly applicable to these facts. In that case, the plaintiff asserted that the anonymous defendant had defamed it on an internet bulletin board — an act much more clearly in the wheelhouse of the First Amendment's protections. See 342 N.J.Super. at 140-41, 775 A.2d at 760. The court in that case therefore sensibly elected to apply a more stringent standard than the one appropriate here. See id., 342 N.J.Super. at 149 — 59, 775 A.2d at 765-72.

[13] A number of other courts have also found the Sony Music approach persuasive, some on substantially different facts. See Best Western Int'l, No. CV-06-1537-DGC, 2006 WL 2091695, at *3-*5 (D.Ariz. July 25, 2006) (posting to internet bulletin boards); Gen. Bd. of Global Ministries of the United Methodist Church v. Cablevision Lightpath, Inc., No. C06-3669-ETB, 2006 WL 3479332, at *4-*5 (E.D.N.Y. Nov.30, 2006) (unauthorized access to email); Elektra Entm't Group v. Does 1-9, No. 04CV2289-RWS, 2004 WL 2095581, at *2-*5 (S.D.N.Y. Sept.8, 2004) (file-sharing and copyright infringement). But see Mobilisa, Inc. v. Doe, 217 Ariz. 103, 170 P.3d 712, 720 (Ariz.App.2007) (declining to apply Sony Music standard in case involving alleged unlawful access to plaintiffs' computer server by anonymous user, and applying a more stringent standard).

[14] The parties refer to "copies." The statute makes clear that where sound recordings are at issue, "phonorecords" is a more precise term. See 17 U.S.C. § 101. The two terms appear to be functionally interchangeable, however, differing only in the nature of the copyrighted work. See H.R. Rep. 94-1476 at 53 (1976), reprinted in 1976 U.S.C.C.A.N. at 5666 (noting that under the copyright statutes, "`copies' and `phonorecords' together will comprise all of the material objects in which copyrightable works are capable of being fixed").

[15] Strictly speaking, much of the parties' briefing on this issue is directed toward the scope of the distribution right under § 106(3), not the reproduction right under § 106(1). But both refer to "copies or phonorecords," so the arguments implicate both rights, though to different degrees.

[16] The plaintiffs have also alleged a violation of their reproduction rights under § 106(1). Under that statute, a copyright owner's rights are infringed whenever an unauthorized person "reproduce[s] the copyrighted work in copies or phonorecords." The plaintiffs have alleged that the defendants downloaded music, as well as distributed it, and that they did not have authorization to do so. See Compl. at 5 (docket no. 07-cv-10834, document #1). At least subject to arguments over the definition of "phonorecords," discussed below, the plaintiffs thus appear to have alleged a legally sufficient harm under § 106(1). It is still appropriate to address briefly the distribution right under § 106(3), however; it was the focus of the parties' briefing and arguably constitutes the crux of the alleged infringement in this case. The Court's analysis may also inform later arguments, such as summary judgment or request for further data from the ISP not authorized by the current scope of the subpoena.

[17] See Mem. Supp. Mot. Quash at 4-6 (document #149); EFF Br. at 12 n. 8 (document #152). The Court need not reach this issue now.

[18] The plaintiffs also cite A & M Records, Inc. v. Napster, Inc., 239 F.3d 1004 (9th Cir.2001). In A & M v. Napster, the Ninth Circuit considered a suit against a provider of peer-to-peer services. The court stated that "Napster users who upload file names to the search index for others to copy violate plaintiffs' distribution rights." Id. at 1014. As the EFF argues, the Ninth Circuit's reasoning is not persuasive here. First, as the district court noted in that case, "it is pretty much acknowledged" that infringement had occurred. Id. (internal quotation marks omitted). Second, because the plaintiffs were suing the peer-topeer network provider rather than any particular user, they did not need to show that any particular copyright was infringed. It was enough to show that approximately 70% of the available material infringed the plaintiffs' copyrights. See id. at 1013. Finally, the court's very statement may betray a slight misunderstanding about the way the technology worked — it was not the "file names" that were copied, as the court's statement seems to imply, but the actual files themselves. Indeed, merely "upload[ing] file names" does not even constitute making the files themselves available. But see Motown Record Co., LP v. DePietro, No. 04-CV-2246, 2007 WL 576284, at *3 & n. 38 (E.D.Pa. Feb. 16, 2007) (finding A & M v. Napster persuasive on facts similar to those in the case at bar).

[19] Indeed, this case is closer to the facts of Hotaling than were the facts in the Napster litigation. In In re Napster, the court considered an "indexing" system in which central computer servers kept a record of which peerto-peer users had which files, somewhat analogous to the supernodes used by the peer-topeer system at issue here. See supra note 4. In rejecting the plaintiffs' theory, the court noted that the index was only an index-not the actual file containing the sound recording. See In re Napster, 377 F.Supp.2d at 803. In this case, the individual peer-to-peer users are alleged to have had the electronic files on their hard disks, not merely a reference. See also Perfect 10, Inc. v. Amazon.com, Inc., 508 F.3d 1146, 1162-63 (9th Cir.2007) (distinguishing Google's process of indexing images and providing thumbnails to users on similar grounds).

[20] The First Circuit's decisions in Venegas-Hernandez, 424 F.3d at 57-59, and Latin American Music Co., 499 F.3d at 46, appear to support this distinction.

[21] Before the Copyright Act was passed in 1976, "publication" determined the date on which statutory protection of the copyright began. See 17 U.S.C. § 24 (1970), repealed by Copyrights Act of 1976, ch. 3, § 302, 90 Stat. 2541. It occurred when "`the original or tangible copies of a work [were] ... made available to the general public'" Bartok v. Boosey & Hawkes, Inc., 523 F.2d 941, 945 (2d Cir.1975) (quoting Melville B. Nimmer, Nimmer on Copyright § 49 at 194-95 (1974)). It did not include the mere public performance of a work. See Ferris v. Frohman, 223 U.S. 424, 435-36, 32 S.Ct. 263, 56 L.Ed. 492 (1912).

[22] The term "material object" also distinguishes a tangible copy of a work from its performance. Compare 17 U.S.C. § 101 (defining "copies"), with id. (defining "perform"). Clearly, different copyrights are implicated by the ownership of a phonorecord and by a public performance of the sound recording physically embodied in that phonorecord. Compare 17 U.S.C. § 106(1), with id. § 106(3), and with id. §§ 106(4), 106(6). While this seems an elementary distinction, it is important to the scope of the distribution right, discussed more extensively below.

[23] This point of view is supported by Congress' abrogation of one judicial doctrine concerning the nature of a "copy." In White-Smith Music Publishing Co. v. Apollo Co., 209 U.S. 1, 28 S.Ct. 319, 52 L.Ed. 655 (1908), the Supreme Court rejected the argument that the copyright for a piece of music applied to the perforated sheets used to instruct a player piano, holding that it was limited to sheet music from which a person could read and reproduce the music. Because the perforated sheets were not intelligible to a person, the Court held, they were not "copies." Id. at 17, 28 S.Ct. 319. Congress rightly rejected this "artificial and largely unjustifiable distinction[]," House Report at 52, reprinted in 1976 U.S.C.C.A.N. at 5665, by expanding the definition of "fixed" to include methods that required machines. Concurrently, Congress sought to broaden the definition of the medium in which copyrighted material could be fixed. See id. at 52-53, reprinted in 1976 U.S.C.C.A.N. at 5665-66. A "material object" is thus largely, if not entirely, a vehicle for the fixation requirement.

[24] Suppose someone has a copy of a copyrighted poem on a single sheet of paper. He announces, "I'm going to be at the copy machine with the poem pressing the`Copy' button, but I'm not going to touch the new copies that come out in the tray." If another person takes one of the new copies, no hand-to-hand transfer of a tangible object has occurred, and the person who presses the copy button has not been divested of ownership in his original.

[25] The House Report does not specifically address the distribution right as a protection of the copyright owner's right to control the market, but it is an inescapable inference from the nature of the right. See, e.g., Harper & Row, 471 U.S. at 558, 105 S.Ct. 2218 ("By establishing a marketable right to the use of one's expression, copyright supplies the economic incentive to create and disseminate ideas."); cf. House Report at 62-63, reprinted in 1976 U.S.C.C.A.N. at 5676 (noting that too broad an exception to performance rights for non-profit users could allow free displays and performances to "supplant markets for printed copies"); id. at 80, reprinted in 1976 U.S.C.C.A.N. at 5694 (expressing concern that illegitimate fair use could affect the copyright owner's market for distribution of copies). The Court does not express a view as to the extent to which peer-to-peer file sharing actually does cause economic damage to copyright owners.

[26] It is perhaps in recognition of this fact of internet-era life — and in recognition of the fact that copyrighted material can be "distributed" electronically — that Congress has made available compulsory licenses "to distribute [phonorecords] to the public for private use, including by means of a digital phonorecord delivery." 17 U.S.C. § 115.

[27] The reading is not a stretch. The dictionary definition of "to distribute" includes, inter alia, "to disperse through a space ...; spread; scatter[;] to promote, sell, and ship or deliver ... to individual customers ... [;] to pass out or deliver ... to intended recipients." Random House Unabridged Dictionary 572 (2d ed.1993). An electronic file transfer fits comfortably within each.

[28] It is irrelevant that such an action may also infringe the reproduction right secured to the copyright holder under 17 U.S.C. § 106(1). A single action can infringe more than one right held under § 106.

[29] The EFF's reliance on Age v. Paramount Communications, 59 F.3d 317, 325 (2d Cir. 1995), is misplaced. The plaintiff in Agee claimed the violation of several different rights after Paramount used his music as a soundtrack to a video without authorization; most relevantly, the plaintiff claimed violation of the distribution right protected by § 106(3). The video traveled from Paramount to local affiliate television stations, and from there to the public. The court concluded that the broadcast, as it traveled from the affiliate stations to the public, was a public performance, not the distribution of a copy. The affiliates were only the intermediaries through which Paramount's right to perform was exercised. See Agee, 59 F.3d at 325; see also 17 U.S.C. § 112(e)(1) (permitting retention of "ephemeral recordings" for retransmission). A key fact was that the transmission was designed to be transitory. Electronic files, such as those transferred here, are not.

The Court recognizes that electronic copies can be of varying permanence, see MAI Sys. Corp. v. Peak Computer, Inc., 991 F.2d 511, 518-19 (9th Cir. 1993) (discussing whether loading copyrighted software into temporary random access memory constitutes a "copy" under the Copyright Act), and it is not clear that all of them should be treated equally under the copyright statutes. But this is a clear case, at one end of the spectrum. The files at issue here were downloaded precisely to be copies, indefinitely replayable and transferable. The Court has no need to consider modes of electronic transmission beyond transfers over peer-to-peer networks.

[30] Counsel for one movant also represents that none of the movant's music files were unlicensed. See Suppl. Mem. Supp. Mot. Quash at 9-10 (document #149). While that may be the case, it is not clear why it is relevant to allegations of unlicensed distribution under 17 U.S.C. § 106(3). And insofar as it is relevant to allegations of unlicensed copying under 17 U.S.C. § 106(1), it is a matter better left for after discovery, when counsel's representation can be supported by evidence.

The same movant further contends that the Linares affidavit, which forms the basis of some of the plaintiffs' prima facie case, should be stricken. The movant claims that MediaSentry, the private investigator who downloaded the files from the Does and recorded their IP addresses, see Linares Decl. at 4-6, Ex. A to PL Mot. Leave to Take Immediate Discovery (docket no. 07-cv 10834, document #5), does not have the license to undertake private investigations required by Massachusetts General Laws ch. 147, §§ 23-25. The Court has no evidence properly before it as to whether or not MediaSentry has a license, how MediaSentry gathers its information, or whether that information is publicly available. It therefore declines to reach the issue on this record; the movant may refile a motion to strike.

[31] From the Linares Declaration, it is easily inferred how this information is gained. MediaSentry, on finding an alleged infringer, requests through the peer-to-peer software a list of all the files available to be shared on the sending computer. It then culls through the resulting list of files to isolate (and count) the plaintiffs' copyrighted sound recordings. See Linares Decl. at 5-6, Ex. A to PI. Mot. Leave to Take Immediate Discovery (docket no. 07-cv-10834, document #5).

[32] This general inference of infringement is not inconsistent with the "concrete" criterion discussed below. It bears re-emphasis that this is a preliminary stage of the litigation; the plaintiffs need only show that some infringement was likely and that they have specifically identified at least some of the copyrighted material at issue. This protects the defendants from a fishing expedition in which plaintiffs only wish to investigate specific behavior — for example, the large use of bandwidth by a single user continuously over a long period of time or the mere use of a peerto-peer network.

[33] At least, absent MediaSentry's downloads — again, the Court does not decide whether those downloads can constitute direct evidence of actual infringements.

[34] The Media Access Control ("MAC") number is a unique identifier embedded in most network adaptors — the physical piece of hardware that permits a user to connect to a network, and thus to the internet. The MAC address is used by the ISP in routing information through the network and is specific to the user's computer; it is therefore uniquely relevant in allowing a fact-finder to determine whether the defendant was, in fact, infringing the plaintiff's copyright. Although sophisticated users can use software to make MAC addresses appear otherwise than they actually are — a process called "spoofing" — the addresses are still highly probative evidence in this litigation. See, e.g., Daniel Kamitaki, Note, Beyond E-Mail: Threats to Network Security and Privileged Information for the Modem Law Firm, 15 S. Cal. Interdisc. L.J. 307, 312 & nn. 30-34 (2006) (discussing MAC addresses generally); United States v. Carter, No. 07-CR-00184-RLH, 2008 WL 623600, at *12 (D.Nev. Mar.6, 2008) (noting possibility of spoofing).

[35] Insofar as the defendants wish to assert a more substantial First Amendment value — fair use, for example — that is a matter better left for later in the litigation.

[36] The Court may take judicial notice of related proceedings. See, e.g., Anderson v. Rochester-Genesee Reg'l Transp. Auth., 337 F.3d 201, 205 n. 4 (2d Cir.2003).

[37] That is, a precise copy of the hard drive, exactly as it is in the defendant's computer. This allows the plaintiffs not only to see what is obviously present on the user's computer, but also deleted or concealed files. "`Deleting a file does not actually erase that data from the computer's storage devices. Rather, it simply finds the data's entry in the disk directory and changes it to a`not used' status — thus permitting the computer to write over the`deleted' data. Until the computer writes over the`deleted' data, however, it may be recovered by searching the disk itself rather than the disk's directory. Accordingly, many files are recoverable long after they have been deleted' — even if neither the computer user nor the computer itself is aware of their existence." Shira A. Scheindlin & Jeffrey Rabkin, Electronic Discovery in Federal Civil Litigation: Is Rule 34 Up to the Task?, 41 B.C. L.Rev. 327, 337 (2000) (footnotes omitted).

[38] Of course, even an infringer's non-infringing information is entitled to some protection. But the situation is more serious where the defendant asked to permit an image of her computer may not be an infringer at all.