5 OIL Casebook Topic V: Privacy 5 OIL Casebook Topic V: Privacy
This section provides a brief survey of laws relating to privacy on the internet
5.1 In re Double Click Privacy Litigation, No. 00-CIV-0641 (S.D.N.Y. settlement approved May 21, 2002). 5.1 In re Double Click Privacy Litigation, No. 00-CIV-0641 (S.D.N.Y. settlement approved May 21, 2002).
This case note describes some of the data collection techniques used by companies
154 F. Supp. 2d 497; 2001 U.S. Dist. LEXIS 3498, *
In re DOUBLECLICK INC. PRIVACY LITIGATION, This Document Relates To: ALL ACTIONS.
Master File No. 00 Civ. 0641 (NRB)
UNITED STATES DISTRICT COURT FOR THE SOUTHERN DISTRICT OF NEW YORK
154 F. Supp. 2d 497; 2001 U.S. Dist. LEXIS 3498
March 28, 2001, Decided
March 29, 2001, Filed
�
OPINION: OPINION AND ORDER
NAOMI REICE BUCHWALD
UNITED STATES DISTRICT JUDGE
Plaintiffs bring this class action on behalf of themselves and all others similarly situated n1 against defendant DoubleClick, Inc. ("defendant" or "DoubleClick") seeking injunctive and monetary relief for injuries they have suffered as a result of DoubleClick's purported illegal conduct. Specifically, plaintiffs bring three claims under federal laws: (1) 18 U.S.C. � 2701, et seq.; (2) 18 U.S.C. � 2510, et seq.; (3) 18 U.S.C. � 1030, [*2] et seq.; and four claims under state laws: (1) common law invasion of privacy; (2) common law unjust enrichment; (3) common law trespass to property; and (4) Sections 349(a) and 350 of Article 22A of the New York General Business Law.
Now pending is DoubleClick's motion, pursuant to Fed. R. Civ. P. 12(b)(6), to dismiss Claims I, II and III of the Amended Complaint for failure to state a claim on which relief can be granted. For the reasons discussed below, DoubleClick's motion is granted and the Amended Complaint is dismissed with prejudice.
PROCEDURAL HISTORY
�
This case is a multidistrict consolidated class action. The initial complaint was filed in this Court on January 31, 2000. On May 10, 2000, this Court consolidated the set of related federal class actions against DoubleClick in the Southern and Eastern Districts of New York pursuant to Rule 42(a) of the Fed. R. Civ. P. and Local Rule 1.6 of the Southern and Eastern Districts of New York. n2 The consolidated class filed its Amended Complaint on May 26, 2000. Later, pursuant to 28 U.S.C. � 1407(a), the Judicial Panel on Multidistrict Litigation transferred two cases to this Court for pretrial proceedings: Steinbeck v. DoubleClick, 00 Civ. 5705, C.A, N.O. 8:00-98 (C.D. Cal) on July 31, 2000 and Freedman v. DoubleClick, 00 Civ. 7194, 2:00-1559 (E.D. La) on September 22, 2000.
BACKGROUND
DoubleClick, a Delaware corporation, is the largest provider of Internet advertising products and services in the world. Its Internet-based advertising network of over 11,000 Web publishers has enabled DoubleClick to become the market leader in delivering online advertising. DoubleClick specializes in collecting, compiling and analyzing information about Internet users through proprietary technologies and techniques, and using it to target online advertising. DoubleClick has placed billions of advertisements on its clients' behalf and its services reach the majority of Internet users in the United States.
�
THE INTERNET
Although a comprehensive description of the Internet is unnecessary to address the issues raised in this motion, a rudimentary grasp of its architecture and engineering is important. n4 The Internet is accurately described as a "network of networks. Computer networks are interconnected individual computers that share information. Anytime two or more computer networks connect, they form an "internet." The "Internet" is a shorthand name for the vast collection of interconnected computer networks that evolved from the Advanced Research Projects Agency Network ("ARPANet") developed by the United States Defense Department in the 1960's and 1970's. Today, the Internet spans the globe and connects hundreds of thousands of independent networks.
The World Wide Web ("the Web" or "WWW") is often mistakenly referred to as the Internet. However, the two are quite different. The Internet is the physical infrastructure of the online world: the servers, computers, fiber-optic cables and routers through which data is shared online. The Web is data: a vast collection of documents containing text, visual images, audio clips and other information [*6] media that is accessed through the Internet. Computers known as "servers" store these documents and make them available over the Internet through "TCP/IP" (Transmission Control Protocol/Internet Protocol), a set of standard operating and transmission protocols that structure the Web's operation. Every document has a unique "URL" (Universal Resource Locator) that identifies its physical location in the Internet's infrastructure. Users access documents by sending request messages to the servers that store the documents. When a server receives a user's request (for example, for Lycos.com's home page), it prepares the document and then transmits the information back to the user.
The Internet utilizes a technology called "packet switching" to carry data. Packet switching works as follows. The computer wishing to send a document ("originating computer"), such as a music file or digital image, cuts the document up into many small "packets" of information. Each packet contains the Internet Protocol ("IP") address of the destination Web site, a small portion of data from the original document, and an indication of the data's place in the original document. The originating computer then sends [*7] all of the packets through its local network to an external "router." A router is a device that contains continuously-updated directories of Internet addresses called "routing tables." The router takes each packet from the original document and sends it to the next available router in the direction of the destination Web site. Because each router is connected to many other routers and because the connection between any two given routers may be congested with traffic at a given moment, packets from the same document are often sent to different routers. Each of these routers, in turn, repeats this process, forwarding each packet it receives to the next available router in the direction of the destination Web site. Collectively, this process is called "dynamic routing."
The result is that packets of information from the originating computer may take entirely different routes over the Internet (i.e., traveling over different routers and cables) to their ultimate destination. Obviously, the packets arrive out of their original order because some have been forced to take much longer or slower routes between the originating and destination computers. n5 However, because each packet contains code that identifies its place in the original document, the destination computer is able to reassemble the original document from the disorganized packets. At that point, the destination computer sends a message back to the originating computer either reporting that it received the full message, or requesting that the originating computer re-send any packets that never arrived. This entire process typically occurs in a matter of seconds. Packet-switching technology and dynamic routing have helped to give the Internet's infrastructure its extraordinary efficiency and resiliency.
DOUBLECLICK'S TECHNOLOGY AND SERVICES
DoubleClick provides the Internet's largest advertising service. Commercial Web sites often rent-out online advertising "space" [*9] to other Web sites. In the simplest type of arrangement, the host Web site (e.g., Lycos.com) rents space on its webpages to another Web site (e.g., TheGlobe.com) to place a "hotlink" banner advertisement n6 ("banner advertisement"). When a user on the host Web site "clicks" on the banner advertisement, he is automatically connected to the advertiser's designated Web site.
DoubleClick acts as an intermediary between host Web sites and Web sites seeking to place banner advertisements. It promises client Web sites that it will place their banner advertisements in front of viewers who match their demographic target. For example, DoubleClick might try to place banner advertisements for a Web site that sells golfclubs in front of high-income people who follow golf and have a track [*10] record of making expensive online purchases. DoubleClick creates value for its customers in large part by building detailed profiles of Internet users n7 and using them to target clients' advertisements.
DoubleClick compiles user profiles utilizing its proprietary technologies and analyses in cooperation with its affiliated Web sites. DoubleClick is affiliated with over 11,000 Web sites for which and on which it provides targeted banner advertisements. A select group of over 1,500 of these Web sites form the "DoubleClick Network" and are among "the most highly trafficked and branded sites [*11] on the Web." In addition, DoubleClick owns and operates two Web sites through which it also collects user data: (1) the Internet Address Finder ("IAF"); and (2) NetDeals. com.
When users visit any of these DoubleClick-affiliated Web sites, a "cookie" is placed on their hard drives. n9 Cookies are computer programs commonly used by Web sites to store useful information such as usernames, passwords, and preferences, making it easier for users to access Web pages in an efficient manner. However, Plaintiffs allege that DoubleClick's cookies collect "information that Web users, including plaintiffs and the Class, consider to be personal and private, such as names, e-mail addresses, home and business addresses, telephone numbers, searches performed on the Internet, [*12] Web pages or sites visited on the Internet and other communications and information that users would not ordinarily expect advertisers to be able to collect." Amended Complaint at P38. DoubleClick's cookies store this personal information on users' hard drives until DoubleClick electronically accesses the cookies and uploads the data.
How DoubleClick targets banner advertisements and utilizes cookies to collect user information is crucial to our analysis under the three statutes. Therefore, we examine both processes in greater detail.
A. Targeting Banner Advertisements
DoubleClick's advertising targeting process involves three participants and four steps. The three participants are: (1) the user; (2) the DoubleClick-affiliated Web site; (3) the DoubleClick server. n10 For the purposes of this discussion, we assume that a DoubleClick cookie already sits on the user's computer with the identification number " # 0001."
In Step One, a user seeks to access a DoubleClick-affiliated Web site such as Lycos.com. The user's browser n11 sends a communication to Lycos.com (technically, to Lycos.com's server) saying, in essence, "Send me your homepage." U.S. Patent No. 5,948,061 (issued September 7, 1999) ("DoubleClick Patent"), col. 3, 11. 6-9. This communication may contain data submitted as part of the request, such as a query string or field information.
In Step Two, Lycos.com receives the request, processes it, and returns a communication to the user saying "Here is the Web page you requested." The communication has two parts. The first part is a copy of the Lycos.com homepage, essentially the collection article summaries, pictures and hotlinks a user sees on his screen when Lycos.com appears. The only objects missing are the banner advertisements; in their places lie blank spaces. Id. at col. 3, 11. 28-34. The second part of the communication is an IP-address link to the DoubleClick server. Id. at col. 3, 11. 35-38. This link instructs the user's computer to send a communication automatically to DoubleClick's server.
In Step Three, as per the IP-address instruction, the user's computer sends a communication to the DoubleClick server saying "I am cookie # 0001, send me banner advertisements to fill the blank spaces in the Lycos.com Web page." This communication contains information including the cookie identification number, the name of the DoubleClick-affilated Web site the user requested, and the user's browser-type. Id. at col. 3, 11. 41-52.
Finally, in Step Four, the DoubleClick server identifies the user's profile by the cookie identification number and runs a complex set of algorithms based, in part, on the user's profile, to determine which advertisements it will present to the user. Id. at [*15] col. 3, 11. 52-57, col. 5, 1. 11 - col. 6, 1. 59. It then sends a communication to the user with banner advertisements saying "Here are the targeted banner advertisements for the Lycos.com homepage." Meanwhile, it also updates the user's profile with the information from the request. Id. at col. 6, 1. 60 - col. 7, 1. 14.
DoubleClick' s targeted advertising process is invisible to the user. His experience consists simply of requesting the Lycos.com homepage and, several moments later, receiving it complete with banner advertisements.
B. Cookie Information Collection
DoubleClick's cookies only collect information from one step of the above process: Step One. The cookies capture certain parts of the communications that users send to DoubleClick-affiliated Web sites. They collect this information in three ways: (1) "GET" submissions, (2) "POST" submissions, and (3) "GIF" submissions.
GET information is submitted as part of a Web site's address or "URL," in what is known as a "query string." For example, a request for a hypothetical online record store's selection of Bon Jovi albums might read: http://recordstore.hypothetical.com/search?terms=bonjovi. The URL query string begins with the "?" character meaning the cookie would record that the user requested information about Bon Jovi.
Users submit POST information when they fill-in multiple blank fields on a webpage. For example, if a user signed-up for an online discussion group, he might have to fill-in fields with his name, address, email address, phone number and discussion group alias. The cookie would capture this submitted POST information.
Finally, DoubleClick places GIF tags on its affiliated Web sites. GIF tags are the size of a single pixel and are invisible to users. Unseen, they record the users' movements throughout the affiliated Web site, enabling DoubleClick to learn what information the user sought and viewed.
Although the information collected by DoubleClick's cookies is allegedly voluminous and detailed, it is important to note three clearly defined parameters. First, DoubleClick's cookies only collect information concerning users' activities on DoubleClick-affiliated Web sites. n12 Thus, if a user visits an unaffiliated Website, the DoubleClick cookie captures no information. Second, plaintiff does not allege that DoubleClick ever attempted to collect any information other than the GET, POST, and GIF information submitted by users. DoubleClick is never alleged to have accessed files, programs or other information on users' hard drives. Third, DoubleClick will not collect information from any user who takes simple steps to prevent DoubleClick's tracking. As plaintiffs' counsel demonstrated at oral argument, users can easily and at no cost prevent DoubleClick from collecting information from them. They may do this in two ways: (1) visiting the DoubleClick Web site and requesting an "opt-out" cookie; and (2) configuring their browsers to block any cookies from being deposited. Transcript of February 22, 2001 Oral Argument at 15-18.
Once DoubleClick collects information from the cookies on users' hard drives, it aggregates and compiles the information to build demographic profiles of users. Plaintiffs allege that DoubleClick has more than 100 million user profiles in its database. Exploiting its proprietary Dynamic Advertising Reporting & Targeting ("DART") technology, DoubleClick and its licensees" n13 target banner advertisements using these demographic profiles.
ABACUS ACQUISITION AND FTC INVESTIGATION
In June 1999, DoubleClick purchased Abacus Direct Corp. ("Abacus") for more than one billion dollars. Abacus was a direct-marketing services company that maintained a database of names, addresses, telephone numbers, retail purchasing habits and other personal information on approximately ninety percent of American households, which it sold to direct marketing companies. Plaintiffs allege that [*19] DoubleClick planned to combine its database of online profiles with Abacus' database of offline customer profiles in order to create a super-database capable of matching users' online activities with their names and addresses.
In furtherance of this effort, DoubleClick created the Abacus Online Alliance ("Abacus Alliance") and amended its privacy policy. The Abacus Alliance is purportedly a confidential group of online marketers and publishers who secretly contribute their compiled customer data to a cooperative database managed by DoubleClick. In return for their contributions, Abacus Alliance members gain access to exclusive DoubleClick products and services. In mid-1999, shortly after acquiring Abacus, DoubleClick amended its privacy policy by removing its assurance that information gathered from users online would not be associated with their personally identifiable information.
Not long after the Abacus acquisition, the Federal Trade Commission ("FTC") launched an investigation into whether DoubleClick's collection, compilation and use of consumer information constituted unfair or deceptive trade practices in violation of Section 5 of the Federal Trade Commission Act. n14 On March 2, 2000, Kevin O'Connor, DoubleClick's CEO and Chairman of the Board, announced that he had made a "mistake" by planning to merge DoubleClick's and Abacus' databases and stated that DoubleClick would undertake no such merger until it reached an agreement with the United States government and Internet industry regarding privacy standards. It is unclear whether DoubleClick had already merged any of the information. n15
�
The FTC concluded its investigation on January 22, 2001. In a letter to DoubleClick's outside counsel, the FTC announced that it was ending its investigation with no finding that DoubleClick had engaged in unfair or deceptive trade practices. It summarized its conclusions:
Based on this investigation, it appears to staff that DoubleClick never used or disclosed consumers' PII [personal identifiable information] for purposes other than those disclosed in its privacy policy. Specifically, it appears that DoubleClick did not combine PII from Abacus Direct with clickstream collected on client Web sites. In addition, it appears that DoubleClick has not used sensitive data for any online preference marketing product, in contravention of its stated online policy. We understand that DoubleClick's Boomerang product takes user data from one site to target advertising to the same user on other sites. However, the user profiles DoubleClick creates for its Boomerang clients for this targeting contains only non-PII. Furthermore, we understand that for all new Boomerang clients, DoubleClick requires by contract that the site disclose in its privacy policy that it uses DoubleClick's services to target advertising to consumers, and DoubleClick will not implement Boomerang on a site until such disclosures are posted. n16
The letter also noted several commitments DoubleClick made to modifying its privacy policy to "enhance its effectiveness," including allowing a user to request an "opt out" cookie that would prevent DoubleClick from collecting information from that user.
�
DISCUSSION
Defendants move to dismiss plaintiffs' claims, pursuant to Fed. R. Civ. P. 12(b)(6), for failure to state a claim upon which relief may be granted. In considering a motion to dismiss pursuant to Fed. R. Civ. P. 12(b) (6), we accept as true all material factual allegations in the Amended Complaint, Atlantic Mutual Ins. Co. v. Balfour Maclaine Int'l. Ltd., 968 F.2d 196, 198 (2d Cir. 1992), and may grant the motion only where "it appears beyond doubt that the plaintiff can prove no set of facts in support of his claim which would entitle him to relief." Still v. DeBuono, 101 F.3d 888, 891 (2d Cir. 1996); see Conley v. Gibson, 355 U.S. 41, 48, 2 L. Ed. 2d 80, 78 S. Ct. 99 (1957). "General, conclusory allegations need not be credited, however, when they are belied by more specific allegations of the complaint." Hirsch v. Arthur Andersen & Co., 72 F.3d 1085 (2d Cir. 1995) (citing Jenkins v. S & A Chaissan & Sons, Inc., 449 F. Supp. 216, 227 (S.D.N.Y. 1978); 5A Charles A. Wright & Arthur R. Miller, Federal Practice and Procedure � 1363, at 464-65 (2d ed. 1990). In addition to the facts set forth [*24] in the Amended Complaint, we may also consider documents attached thereto and incorporated by reference therein, Automated Salvage Transp., Inc. v. Wheelabrator Envtl. Sys., Inc., 155 F.3d 59, 67 (2d. Cir. 1998),matters of public record such as case law and statutes, Pani v. Empire Blue Cross Blue Shield, 152 F.3d 67, 75 (2d. Cir. 1998), and matters of judicial notice. See Brass v. American Film Technologies, Inc., 987 F.2d 142, 150 (2d Cir. 1993); Kramer v. Time Warner Inc., 937 F.2d 767, 774 (2d Cir. 1991).
Claim I. Title II of the ECPA
Title II ("Title II") of the Electronic Communications Privacy Act ("ECPA"), 18 U.S.C. � 2701 et. seq. (" � 2701"), aims to prevent hackers from obtaining, altering or destroying certain stored electronic communications. See Sherman & Co. v. Salton Maxim Housewares, Inc., 94 F. Supp. 2d 817, 820 (E.D. Mich. 2000) ("the ECPA was primarily designed to provide a cause of action against computer hackers") (quoting State Wide Photocopy Corp. v. Tokai Fin. Serv., Inc., 909 F. Supp. 137, 145 (S.D.N.Y. 1995)). It creates [*25] both criminal sanctions and a civil right of action n17 against persons who gain unauthorized access to communications facilities and thereby access electronic communications stored incident to their transmission. Title II specifically defines the relevant prohibited conduct as follows:
"(a) Offense. Except as provided in subsection (c) of this section whoever-- (1) intentionally accesses without authorization a facility through which an electronic information service is provided; or (2) intentionally exceeds an authorization to access that facility; and thereby obtains. . . access to a wire or electronic communication while it is in electronic storage in such system shall be punished. . . ."
Plaintiffs contend that DoubleClick's placement of cookies on plaintiffs' hard drives constitutes unauthorized access and, as a result, DoubleClick's collection of information from the cookies violates Title II. However, Title II contains an exception to its general prohibition.
"(c) Exceptions. - Subsection (a) of this section does not apply with respect to conduct authorized-... (2) by a user of that [wire or electronic communications] service with respect [*26] to a communication of or intended for that user;"
DoubleClick argues that its conduct falls under this exception. It contends that the DoubleClick-affiliated Web sites are "users" of the Internet and that all of plaintiffs' communications accessed by DoubleClick's cookies have been "of or intended for" these Web sites. Therefore, it asserts, the Web sites' authorization excepts DoubleClick's access from � 2701(a)'s general prohibition.
�
We must first address the threshold issue of whether DoubleClick's argument that its conduct falls under a statutory exception is resolvable on a motion to dismiss. Plaintiffs contend that the issue turns on whether exception � 2701(c)(2) is considered an affirmative defense or a statutory element of the offense. As a general matter, a plaintiff need not plead denials of affirmative defenses, see Harris v. City of New York, 186 F.3d 243, 251 (2d Cir. 1999) (citing 5 Charles Wright & Arthur Miller, Federal Practice and Procedure: Civil 2d � 1276 (2d ed. 1990 & 1999 pocket part)), whereas courts may dismiss a claim based on a statutory exception that appears on the face of the complaint. See Orton v. Pirro, Collier, et al., 1996 U.S. Dist. LEXIS 437, No. 95 Civ. 3056, 1996 WL 18831, at *2 (S.D.N.Y. Jan. 18, 1996) (dismissing ECPA Title III claim where statutory consent exception appeared in the complaint).
Examining the statute, it appears that � 2701(c) is a statutory exception. First, � 2701(c) is entitled "Exceptions" and states "Subsection (a) of this section does not apply with respect to conduct. . ." Second, � 2701(a) reinforces � 2701(c)'s function by carving our � 2701(c)'s exceptions in the very definition of the offense: "� 2701(a) Offense.-Except as provided in subsection (c) of this section. . ." Third, � 2707, the section that provides for a civil cause of action, subsection (e), [*28] is entitled "Defense" and specifies three affirmative defenses to civil claims under � 2707. Presumably, if Congress had intended � 2701(c)(1-3) to constitute affirmative defenses, it could have labeled them as such as it did in � 2707. Fourth, nothing in the legislative history suggests that � 2701(c) should be considered an affirmative defense instead of a statutory exception. Thus, if DoubleClick's conduct falls into one of � 2701(c)'s exceptions on the face of the pleadings, it is proper for us to dismiss the claim as one within a statutory exception. Furthermore, even if � 2701(c) was construed as an affirmative defense, the Second Circuit has held that a court may properly dismiss a claim on the pleadings when an affirmative defense appears on its face. See Day v. Moscow, 955 F.2d 807, 811 (2d Cir. 1992) ("When all relevant facts are shown by the court's own records, of which the court takes notice, the [affirmative] defense may be upheld on a Rule 12(b)(6) motion without requiring an answer"); see generally 2 James Wm. Moore et al., Moore's Federal Practice � 12.34[4][b] (3d ed. 2000).
Assuming that the communications are considered to be in "electronic storage," it appears that plaintiffs have adequately pled that DoubleClick's conduct constitutes an offense under � 2701(a), absent the exception under � 2701(c)(2). Therefore, the issue is whether DoubleClick's conduct falls under � 2701(c)(2)'s exception. This issue has three parts: (1) what is the relevant electronic communications service?; (2) were DoubleClick-affiliated Web sites "users" of this service?; and (3) did the DoubleClick-affiliated Web sites give DoubleClick sufficient authorization to access plaintiffs' stored communications "intended for" those Web sites?
A. "Internet Access" is the relevant electronic communications service.
Obviously, in a broad sense, the "Internet" is the relevant communications service. n18 However, for the purposes of this motion, it is important that we define Internet service with somewhat greater care and precision. Plaintiff, at turns, argues that the electronic communications service is "Internet access" and "the ISP [Internet Service Provider]." Plaintiffs' Opposition Brief at 8, 12. The difference is important. An ISP is an entity that provides access to the Internet; examples include America Online, UUNET and Juno. Access to the Internet is the service an ISP provides. Therefore, the "service which provides to users thereof the ability to send or receive wire or electronic communications" is "Internet access."
B. Web Sites are "users" under the ECPA.
The ECPA defines a "user" as "any person or entity who (A) uses an electronic communication service; and (B) is duly authorized by the provider of such service to engage in such use." 18 U.S.C. � 2510 (13). On first reading, the DoubleClick-affiliated Web sites appear to be users -- they are (1) "entities" that (2) use Internet access and (3) are authorized to use Internet access by the ISPs to which they subscribe. However, plaintiffs make two arguments that Web sites nevertheless are not users. Both are unpersuasive.
First, plaintiffs argue that "the most natural reading of 'user' is the person who has signed up for Internet access, which means the individual plaintiffs and Class members - not the Web servers." Plaintiffs' Opposition Brief at 12. Insofar as this argument implies that the statute meant to differentiate between human and non-human users, it is clearly contradicted by the statute's language that defines a "user" as "any person or entity. . ." (emphasis added). Furthermore, it rests on the erroneous assumption that only human users "sign[] up for Internet access," not Web sites or servers. This court takes judicial notice of the fact that all people and entities that utilize Internet access subscribe to ISPs or are ISPs. Although the vast majority of people who sign-up for Internet access from consumer-focused ISPs such as America Online and Juno are individuals, [*32] every Web site, company, university, and government agency that utilizes Internet access also subscribes to an ISP or is one. These larger entities generally purchase "Internet access" in bulk from ISPs, often with value-added services and technologically advanced hardware. Nevertheless, they purchase the same underlying Internet access as individual users. Therefore, plaintiffs fail to distinguish class members from Web sites and servers based on whether they subscribe to an ISP for Internet access.
Second, plaintiffs argue that "the individual plaintiff ('user') owns the personal computer ('facility'), while the Web sites she visits do not. [And that] under basic property and privacy notions, therefore, only she can authorize access to her own messages stored on that facility." Plaintiffs' Opposition Brief at 12. Again, plaintiffs seem to ignore the statute's plain language. The general rule under � 2701(a) embodies plaintiffs' position that only those authorized to use a "facility" may consent to its access. Nevertheless, Congress explicitly chose to make � 2701(a)'s general rule subject to � 2701(c)(2)'s exception for access authorized by authors and intended recipients of [*33] electronic communications. Thus, plaintiffs' argument is essentially that this Court should ignore � 2701(c)(2) because Congress failed to take adequate account of "basic property and privacy notions." However, it is not this Court's role to revisit Congress' legislative judgments.
One final point bears mention, even though plaintiffs did not raise it. One could imagine a facially sensible argument that Web sites are not "users" of Internet access because they are passive storage receptacles for information; the human is the "user" and the Web site is what is used. However, the Internet's engineering belies this description. Because the Internet functions through packet-switching and dynamic routing, human users do not in any sense connect to a passive receptacle and obtain information. Indeed, no direct connection ever exists between the human user and the Web site. Rather, the human user sends a request to which the Web site must actively respond: processing the request, deciding whether to provide the information sought, obtaining the document from the server, translating the document into TCP/IP protocol, sending the packets and awaiting confirmation of their arrival. Indeed, in a practical sense, Web sites are among the most active "users" of Internet access -- their existence and utility depend on it, unlike humans. Therefore, we find as a matter of law that the DoubleClick-affiliated Web sites are "users" of Internet access under the ECPA.
C. All of the communications DoubleClick has accessed through its cookies have been authorized or have fallen outside of Title II's scope.
Because plaintiffs only allege that DoubleClick accessed communications from plaintiffs to DoubleClick-affiliated Web sites, the issue becomes whether the Web sites gave DoubleClick adequate authorization under � 2701(c)(2) to access those communications. This issue, in turn, has two parts: (1) have the DoubleClick-affiliated Web sites authorized DoubleClick to access plaintiffs' communications to them?; and (2) is that authorization sufficient under � 2701(c)(2)?
1. The DoubleClick-affiliated Web sites have consented to DoubleClick's interception of plaintiffs' communications.
A plaintiff cannot survive a motion to dismiss a Title II claim based solely on the naked allegation that defendant's access was "unauthorized." A plaintiff must, "allege[] and proffer[] [*35] sufficient proofs to create a colorable claim that such access was 'unauthorized.'" See Sherman & Co. v. Salton Maxim Housewares, Inc., 94 F. Supp. 2d 817, 820-821 (E.D.Mich. 2000) (denying motion to amend complaint because "proposed claim under the ECPA does not state a claim," despite the fact plaintiff alleged access was unauthorized); cf. Hirsch v. Arthur Andersen & Co., 72 F.3d 1085 (2d Cir. 1995) ("General, conclusory allegations need not be credited, however, when they are belied by more specific allegations of the complaint.")(citation omitted). In the instant case, plaintiffs have proffered no proofs whatsoever to support their bare assertion that Doubleclick's access was unauthorized. What is more, every fact they do allege supports the inference that the DoubleClick-affiliated Web sites did authorize DoubleClick's access.
Examining DoubleClick's technological and commercial relationships with its affiliated Web sites, we find it implausible to infer that the Web sites have not authorized DoubleClick's access. In a practical sense, the very reason clients hire DoubleClick is to target advertisements based on users' demographic profiles. DoubleClick has trumpeted this fact in its advertising, patents and Securities and Exchange filings. See infra notes 28-29 and accompanying text. True, officers of certain Web sites might not understand precisely how DoubleClick collects demographic information through cookies and records plaintiffs' travels across the Web. However, that knowledge is irrelevant to the authorization at issue -- Title II in no way outlaws collecting personally identifiable information or placing cookies, qua such. All that the Web sites must authorize is that DoubleClick access plaintiffs' communications to them. As described in the earlier section "Targeting Banner Advertisements," the DoubleClick-affiliated Web sites actively notify DoubleClick each time a plaintiff sends them an electronic communication (whether through a page request, search, or GIF tag). The data in these notifications (such as the name of the Web site requested) often play an important role in determining which advertisements are presented to users. Plaintiffs have offered no explanation as to how, in anything other than a purely theoretical sense, the DoubleClick-affiliated Web sites could have played such a central role in the information [*37] collection and not have authorized DoubleClick's access. This purely theoretical possibility that a DoubleClick-affiliated Web site might have been so ignorant as to have been unaware of the defining characteristic of DoubleClick's advertising service -- the service the Web site knowingly and purposely purchased -- and its own role in facilitating that service, is too remote to be the basis for extensive and costly discovery of DoubleClick and its affiliates. Therefore, we find that the DoubleClick-affiliated Web sites consented to DoubleClick's access of plaintiffs' communications to them.
2. DoubleClick is authorized to access plaintiffs' GET, POST and GIF submissions to the DoubleClick-affiliated Web sites.
Plaintiffs' GET, POST and GIF submissions to DoubleClick-affiliated Web sites are all "intended for" those Web sites. In the case of the GET and POST submissions, users voluntarily type-in information they wish to submit to the Web sites, information such as queries, commercial orders, and personal information. GIF information is generated and collected when users use their computer "mouse" or other instruments to navigate through Web pages and access information. Although [*38] the users' requests for data come through clicks, not keystrokes, they nonetheless are voluntary and purposeful. Therefore, because plaintiffs' GET, POST and GIF submissions to DoubleClick-affiliated Web sites are all "intended for" those Web sites, the Web sites' authorization is sufficient to except DoubleClick's access under � 2701(c)(2).
3. To the extent that the DoubleClick cookies' identification numbers are electronic communications, (1) they fall outside of Title II's scope, and (2) DoubleClick's access to them is otherwise authorized.
Plaintiffs argue that even if DoubleClick's access to plaintiffs' GET, POST and GIF submissions is properly authorized under � 2701(c)(2), the cookie identification numbers that accompany these submissions n19 are not because they are never sent to, or through, the Web sites. However, this argument too is unavailing.
(a) The Cookies' identification [*39] numbers are not in "electronic storage" and therefore are outside Title II's scope.
Putting aside the issue of whether the cookie identification numbers are electronic communications at all, DoubleClick does not need anyone's authority to access them. The cookies' long-term residence on plaintiffs' hard drives places them outside of � 2510(17)'s definition of "electronic storage" and, hence, Title II's protection. Section 2510 (17) defines "electronic storage" as:
"(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and
(B) any storage of such communication by an electronic communication service for the purpose of backup protection of such communication." (emphasis added)
Clearly, the cookies' residence on plaintiffs' computers does not fall into � 2510(17)(B) because plaintiffs are not "electronic communication service" providers.
Section 2510(17)(A)'s language and legislative history make evident that "electronic storage" is not meant to include DoubleClick's cookies either. Rather, it appears that the section is specifically targeted at communications temporarily stored by electronic communications services incident to their transmission -- for example, when an email service stores a message until the addressee downloads it. The statute's language explicitly refers to "temporary, intermediate" storage. Webster's Dictionary defines "temporary" as "lasting for a limited time," and "intermediate" as "being or occurring at the middle place. . . ." Webster's Third New International Dictionary 2353, 1180 (1993). In other words, Title II only protects electronic communications stored "for a limited time" in the "middle" of a transmission, i.e. when an electronic communication service temporarily stores a communication while waiting to deliver it.
The legislative history reveals that Congress intended precisely this limited definition. In H. Rpt. 106-932 (2000), a House Report on a proposed amendment to Title II, the House Judiciary Committee explained that "'Any temporary, intermediate storage, [in � 2510 (17) (A)] describes an e-mail message that is being held by a third party Internet service provider until it is requested to be read." Id. at note 6 (emphasis added). This definition is consistent with Congress' statements in 1986, when it passed the ECPA. Sen. Rep. No. 99-541 (1986)'s entire discussion of Title II deals only with facilities operated by electronic communications services such as "electronic bulletin boards" and "computer mail facilities," and the risk that communications temporarily stored in these facilities could be accessed by hackers. It makes no mention of individual users' computers, the issue in the instant case. Finally, Senator Patrick Leahy, a sponsor of the ECPA in 1986, recently proposed an amendment to the definition of "electronic storage" meant to clarify its scope. He proposed amending 2510(17)(A) to read:
(17) ["interim storage"] means-
(A) any temporary, intermediate storage [by an electronic communication service] of a wire or electronic communication incidental to the electronic transmission thereof. . ." S. 106-3083, Sec. 3(a)(4)(2000).
This amendment lends further support to the conclusion that [*42] Congress' intent was to protect communications held in interim storage by electronic communication service providers.
Turning to the facts of this case, it is clear that DoubleClick's cookies fall outside � 2510(17)'s definition of electronic storage and, hence, � 2701's scope. Plaintiffs plead that in contrast to most cookies' ephemeral existence, DoubleClick cookies remain on plaintiffs' computers "for a virtually indefinite time period," and that their indefinite existence is critical to their function. n21 Amended Complaint at P68. In plain language,. "indefinite" existence is the opposite of "temporary," and the DoubleClick cookies's residence on plaintiffs' hard drives is certainly not an "intermediate" step in their transmission to another addressee. This plain language controls in the absence of any legislative history suggesting that Congress intended it to cover conduct like DoubleClick's. Indeed, if � 2510(17) were interpreted in the manner plaintiffs advocate, Web sites would commit federal felonies every time they accessed cookies on users' hard drives, regardless of whether those cookies contained any sensitive information. This expansive reading of a criminal statute [*43] runs contrary to the canons of statutory interpretation and Congress' evident intent. SeeJones v. United States, 529 U.S. 848, 120 S. Ct. 1904, 1907, 146 L. Ed. 2d 902 (2000) ("Ambiguity concerning the ambit of criminal statutes should be resolved in favor of lenity [citation omitted], and when choice must be made between two readings of what conduct Congress has made a crime, it is appropriate, before choosing the harsher alternative, to require that Congress should have spoken in language that is clear and definite. [citation omitted]"); Lurie v. Wittner, 228 F.3d 113, 125-6 (2nd Cir. 2000). Thus, because the cookies and their identification numbers are never in "electronic storage" under the ECPA, they are not protected by Title II and DoubleClick cannot be held liable for obtaining them.
(b) If the DoubleClick cookies' identification numbers are considered stored electronic communications, they are "of or intended for" DoubleClick and DoubleClick's acquisition of them does not violate Title II.
Even if we were to assume that cookies and their identification numbers were "electronic communication[s] . . . in electronic storage," DoubleClick's access is still authorized. Section 2701(c)(2) excepts from Title II's prohibition access, authorized by a "user," to communications (1) "of" (2) "or intended for" that user. In every practical sense, the cookies' identification numbers are internal DoubleClick communications -- both "of" and "intended for" DoubleClick. DoubleClick creates the cookies, assigns them identification numbers, and places them on plaintiffs' hard drives. The cookies and their identification numbers are vital to DoubleClick and meaningless to anyone else. In contrast, virtually all plaintiffs are unaware that the cookies exist, that these cookies have identification numbers, that DoubleClick accesses these identification numbers and that these numbers are critical to DoubleClick's operations.
In this sense, cookie identification numbers are much [*45] akin to computer bar-codes or identification numbers placed on "business reply cards" found in magazines. These bar-codes and identification numbers are meaningless to consumers, but are valuable to companies in compiling data on consumer responses (e.g. from which magazine did the consumer get the card?). Although consumers fill-out business reply cards and return them to companies by mail, the bar-codes and identification numbers that appear on the cards are purely internal administrative data for the companies. The cookie identification numbers are every bit as internal to DoubleClick as the bar-codes and identification numbers are to business reply mailers. Therefore, it seems both sensible to consider the identification numbers to be "of or intended for" DoubleClick and bizarre to describe them as "of or intended for" plaintiffs. Accordingly, because the identification numbers are "of or intended for" DoubleClick, it does not violate Title II for DoubleClick to obtain them from plaintiffs' electronic storage.
To summarize, plaintiffs' GET, POST and GIF submissions are excepted from � 2701(c)(2) because they are "intended for" the DoubleClick-affiliated Web sites who have authorized [*46] DoubleClick's access. The cookie identification numbers sent to DoubleClick from plaintiffs' computers fall outside of Title II's protection because they are not in "electronic storage" and, even if they were, DoubleClick is authorized to access its own communications.
In light of the above findings, we rule that all of plaintiffs' communications accessed by DoubleClick fall under � 2701(c)(2)'s exception or outside Title II and, accordingly, are not actionable. Therefore, plaintiffs' claim under the Title II (Claim I) is dismissed.
Claim II. Wiretap Act
Plaintiffs' second claim is that DoubleClick violated the Federal Wiretap Act ("Wiretap Act"), 18 U.S.C. � 2510, et. seq.. The Wiretap Act provides for criminal punishment and a private right of action against: n22
"any person who-- (a) intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept wire, oral, or electronic communication [except as provided in the statute]." 18 U.S.C. � 2511.
For the purposes of this motion, DoubleClick concedes that its conduct, as pled, violates this prohibition. However, DoubleClick claims that its actions fall under an explicit statutory exception:
"It shall not be unlawful under this chapter for a person not acting under color of law to intercept a wire, oral, or electronic communication where such person is a party to the communication or where one of the parties to the communication has given prior consent to such interception unless such communication is intercepted for the purpose of committing any criminal or tortious act in violation of the Constitution or laws of the United States or any State." 18 U.S.C. � 2511(2)(d) ("� 2511(2)(d)") (emphasis added).
DoubleClick argues once again that the DoubleClick-affiliated Web sites have consented to its interceptions and, accordingly, that its conduct is exempted from the Wiretap Act's general prohibition as it was from the Title II's. Plaintiffs deny that the Web sites have consented and argue that even if the Web sites do consent, the exception does not apply because DoubleClick's purpose is to commit "criminal or tortious act[s]."
As a preliminary matter, we find that the DoubleClick-affiliated Web sites are "parties to the communication[s]" from plaintiffs and have given sufficient consent to DoubleClick to intercept them. In reviewing the case law and legislative histories of Title II and the Wiretap Act, we can find no difference in their definitions of "user" (Title II) and "parties to the communication" (Wiretap Act) or "authorize" (Title II) and "consent" (Wiretap Act) n23 that would make our analysis of the Web sites' consent under Title II inapplicable to the Wiretap Act. See discussion supra Section I(C). Therefore, the issue before us is: assuming that DoubleClick committed every act alleged in the Amended Complaint, could this evince a "criminal or tortious" purpose on DoubleClick's part?
�
In light of the DoubleClick-affiliated Web sites' consent, plaintiffs must allege "either (1) that the primary motivation, or (2) that a determinative factor in the actor's [DoubleClick's] motivation for intercepting the conversation was to commit a criminal [or] tortious. . . act." United States v. Dale, 301 U.S. App. D.C. 110, 991 F.2d 819, 841-42 (D.C. Cir. 1993), cert. denied 510 U.S. 1030, 126 L. Ed. 2d 607, 114 S. Ct. 650 (1993) (quoting United States v. Vest, 639 F. Supp. 899, 904 (D. Mass. 1986),aff'd, 813 F.2d 477 (1st Cir. 1987)). However, in reviewing the sufficiency of plaintiffs' allegations, we bear in mind that the mere existence of [a] lawful purpose alone does not "sanitize a[n interception] that was also made for an illegitimate purpose." Sussman v. ABC, 186 F.3d 1200, 1202 (9th Cir. 1999), cert denied, 528 U.S. 1131, 145 L. Ed. 2d 841, 120 S. Ct. 970 (2000).
Section 2511(2)(d)'s legislative history and caselaw make clear that the "criminal" or "tortious" purpose requirement is to be construed narrowly, covering only acts accompanied by a specific contemporary [*50] intention to commit a crime or tort. The Wiretap Act originally exempted from its prohibition any interception of a wire or oral communication where one of the parties to the communication consented. See 2 U.S.Code Cong. & Ad.News, 90th Cong., 2d Sess., p. 2182 (1968). n24 However, Senator Phillip Hart objected that the exemption was too permissive because it conceivably allowed a party to intercept a communication for the purpose of breaking the law and injuring others. He feared that parties would use secret recordings for "insidious purposes such as blackmail, stealing business secrets, or other criminal or tortious acts in violation of Federal or State laws." Id. at 2236. Senators Hart and McClellan proposed an amendment to narrow the exemption to acts with "criminal, tortious or injurious" purposes, part of which was enacted as � 2511(2)(d). The key distinction Senator Hart suggested should distinguish permissible from impermissible one-party consent recordings by private citizens was whether the defendant's intent in recording was to injure another party. n25 Compare 114 Cong.Rec. 14694-14695 (May 23, 1968) ("Such one-party consent is also prohibited when the [*51] party acts in any way with an intent to injure the other party to the conversation in any other way. . . For example, . . .for the purpose of blackmailing the other party, threatening him, or publicly embarrassing him") with S. Rep. No. 90-1097 (1968) at 2236-37 ("There are, of course, certain situations in which consensual electronic surveillances may be used for legitimate purposes. . . [as with recordings made] without intending in any way to harm the nonconsenting party.") (emphasis added). Thus, the legislative record suggests that the element of "tortious" or "criminal" mens rea is required to establish a prohibited purpose under � 2511(2)(d).
�
Plaintiffs attempt to meet � 2511(2)(d)'s "purpose" requirement by arguing that their six non-Wiretap Act claims against DoubleClick "plead conduct that has underlying it a tortious purpose and/or that translates into tortious acts." Plaintiffs' Brief at 16. In other words, by virtue of its tortious acts, DoubleClick must have had a tortious purpose.
Courts applying � 2511(2)(d) have consistently ruled that a plaintiff cannot establish that a defendant acted with a "criminal or tortious" purpose simply by proving that the defendant committed any tort or crime. Recently, in Sussman v. ABC, 186 F.3d 1200 (9th Cir. 1999) (Kozisnki, J.), the Ninth Circuit addressed a case in which a plaintiff sued the American Broadcasting Companies, Inc. ("ABC") under the Wiretap Act. The plaintiff argued that ABC could not avail itself of � 2511(2)(d) because the recording violated state privacy law and, therefore, ABC's purpose was "tortious." Judge Kozinski, writing for a unanimous panel, rejected plaintiff's argument and dismissed the Wiretap Act claim, explaining,
"Under section 2511, 'the focus is not upon whether the interception itself violated another law; it is [*53] upon whether the purpose for interception--its intended use--was criminal or tortious. . .' [citations omitted] Where the purpose [of a taping] is not illegal or tortious, but the means are, the victims must seek redress elsewhere . . . Although ABC's taping may well have been a tortious invasion under state law, plaintiffs have produced no probative evidence that ABC had an illegal or tortious purpose when it made the tape." Id. at 1202.
The Ninth Circuit ruled similarly in Deteresa v. ABC, 121 F.3d 460 (9th Cir. 1997), holding, "Deteresa [plaintiff] contends that 'Radziwill and ABC [defendants] were by the taping committing the aforesaid crimes and torts.' This argument begs the question. For this claim to survive summary judgment, Deteresa had to come forward with evidence to show that Radziwill taped the conversation for the purpose of violating Cal.Penal Code � 632, for the purpose of invading her privacy, for the purpose of defrauding her, or for the purpose of committing unfair business practices. The record is devoid of any such evidence." Id. at 467, n.4.
�
The Seventh Circuit and Sixth Circuit have reached [*54] the same conclusion. In another case involving ABC, J.H. Desnick v. ABC, 44 F.3d 1345, 1353 (1995)(Posner, J.), the Seventh Circuit dismissed plaintiffs' CFAA claims because they failed to allege that defendants' purpose was tortious. Like Judge Kozisnki, Judge Posner held for a unanimous panel that the commission of a tortious act did not prove a tortious purpose. He found that "the defendants did not order the camera-armed testers into the Desnick Eye Center's premises in order to commit a crime or tort. Maybe the program as it was eventually broadcast was tortious. . . But there is no suggestion that the defendants sent the testers into the Wisconsin and Illinois officers for the purpose of defaming plaintiffs. . . [defendants' allegedly tortious act]"). Id. The Sixth Circuit similarly distinguished tortious conduct from purpose based on mens rea, stating: "'It is the use of the interception with intent to harm rather than the fact of interception that is critical to liability. . . .'" Boddie v. ABC, 881 F.2d 267, 270 (6th Cir. 1989) (emphasis added) (quoting By-Prod Corp. v. Armen-Berry Co., 668 F.2d 956, 960 (7th Cir. 1982).
A number of district courts have interpreted � 2511(2)(d) in the same manner. See, e.g., Medical Lab. Mgmt. Consultants v. ABC, 30 F. Supp. 2d 1182, 1205 (D. Ariz. 1998) ("[Plaintiffs] offer no support for the assertion that Defendants recorded the meeting for the purpose of committing a tort, which, as the statute indicates, is the proper focus of inquiry in a � 2511 claim. Even if Defendants were found liable for fraud, the question is not whether they are ultimately liable for conduct found to be tortious, but whether, at the time the recording took place, they recorded the conversation with the express intent of committing a tort."); U.S. v. Kolovas, 1998 U.S. Dist. LEXIS 12044, *12, 1998 WL 452218, *4 (D. Mass. July 27, 1998) ("Kolovas argues that because the recording itself was made in violation of state law, it was made for the purpose of violating state law. The superficial logic of this argument has been rejected by at least one court [citation omitted] . . . if state law were to render tortious conduct as defined by the very act of recording that Congress sought to permit, the provisions of � 2511(d) would be rendered meaningless."); Roberts v. American Intl., Inc., 883 F. Supp. 499, 503 (E.D.C.A. 1995) [*56] (finding no "tortious purpose" in case where "there is no evidence, nor even any allegations that [defendant's] purpose in tape recording her supervisor was either criminal or tortious outside any allegations of violation of the [state] privacy laws."); Payne v. Norwest Corp., 911 F. Supp. 1299, 1304 (D. Mont. 1995), aff'd in part, rev'd in part and remanded on other grounds, 206 F.3d 92; United States v. DiFelice, 837 F. Supp. 81, 82 (S.D.N.Y. 1993)("Assuming that [the challenged] recordings violated Massachusetts law, that fact by itself does not establish that he intercepted the conversations 'for the purpose of committing [a] criminal or tortious act . . .'").
Plaintiffs seek to distinguish the weight of these precedents from the instant case on the ground that the bulk of the above cases involved news gathering and that Congress and courts have excepted this conduct on First Amendment considerations. Specifically, they point the 1986 amendment of � 2511(2)(d), in which Congress reacted to a Sixth Circuit decision, Boddie v. American Broadcasting Cos., 731 F.2d 333 (6th Cir. 1984). When the Sixth Circuit [*57] decided Boddie, � 2511(2)(d)'s one-party consent exception did not apply to interceptions for the purpose of committing any "criminal, tortious, or other injurious act" (emphasis added). In Boddie, the Sixth Circuit ruled that the clause "other injurious act[s]" could provide a basis for holding defendants civilly liable, even when they had violated no civil or criminal law.Id. at 339. Congress worried that Boddie's broad interpretation of "injurious" could facilitate "attempts by parties to chill the exercise of First Amendment rights through the use of civil remedies under [the Wiretap Act]." S. Rep. No. 99-541, at 17 (1986) (Congress emphasized that it did not want � 2511(2)(d) to be "a stumbling block in the path" of investigative journalists who record conversations). In response, it removed "injurious" from section � 2511(2)(d). Thus, the legislative history supports the contention that Congress struck "injurious" conduct from � 2511(2)(d)'s one-party consent exception partly out of concern for the press. See Medical Lab. Mgmt. Consultants, 30 F. Supp. 2d 1182, 1205-06 (discussing legislative history of � 2511(2)(d) and [*58] Congress' concern with protecting the media); Scott Golde, Media Organizations' Exposure to Liability Under the Federal Wiretapping Act: The Medical Laboratory Management Consultants Case, 76 Wash.U.L.Q. 431, 435 (1998).
However, plaintiffs overreach when they argue that Congress and the courts created a general rule that "tortious purpose" exists wherever an intentional action is later determined to have constituted a tort, save when journalism is involved. Although Congress deleted "injurious" purpose from � 2511(2)(d) partly out of concern for press freedom, it in no way indicated that the press enjoyed special standing under the remaining terms of � 2511(2)(d). Had Congress wished to confer special protection on the press, it could have done so explicitly. Courts interpreting � 2511(2)(d) have drawn no distinction between media defendants and the general public. In cases involving media defendants, they have consistently grounded their demand for specific contemporary tortious or criminal purpose in � 2511(2)(d)'s general language and legislative history, not in an exception for the media. See Sussman v. ABC, 186 F.3d at 1202 ("If the district [*59] court interpreted section 2511 as containing a blanket exemption for journalists, we cannot agree. Congress could have drafted the statute so as to exempt all journalists from its coverage, but did not. Instead, it treated journalists just like any other party who tapes conversations surreptitiously.") (emphasis added); J.H. Desnick v. ABC, 44 F.3d at 1353 (analysis did not rely on fact that recording was made for investigative reporting, only that its purpose was non-tortious)"; Deteresa v. ABC, 121 F.3d 460, 467, n.4 (analysis underlying finding that ABC did not violate � 2511(2)(d) because it had no 'tortious purpose,' in no way distinguished between media and non-media defendants). And in suits not involving journalism, courts have demanded evidence of the same tortious or criminal purpose. See, e.g., Roberts v. American Intl., Inc., 883 F. Supp. at 503(finding no tortious purpose for recording in a employment discrimination action because "the facts do not show at this point that [plaintiff] tape recorded to extort or blackmail her supervisor or company, nor do the facts presently show that she engaged in tape recording to [*60] cause emotional distress."); U.S. v. Kolovas, 1998 U.S. Dist. LEXIS 12044, 1998 WL 452218 at *4 (criminal case with no media party involved); United States v. DiFelice, 837 F. Supp. at 82 (criminal case with no media party involved); see also, Thomas v. Pearl, 998 F.2d 447, 451 (7th Cir. 1993) (in civil suit between basketball player and coach, Seventh Circuit held that "[Plaintiff] must show that [defendant] either intended to break the law or commit a tort against him in order to prove a violation of the federal statute.").
�
In the instant case, plaintiffs clearly allege that DoubleClick has committed a number of torts. However, nowhere have they alleged that DoubleClick's "primary motivation" or a "determining factor" in its actions has been to injure plaintiffs tortiously. The Amended Complaint does not articulate any facts that could support an inference that DoubleClick accessed plaintiffs' electronic communications with the "insidious" intent to harm plaintiffs or others. In fact, everything in the Amended Complaint suggests that DoubleClick has been consciously and purposefully executing a highly-publicized market-financed business model in pursuit [*61] of commercial gain -- a goal courts have found permissible under � 2511(2)(d). n26 Its technology and business strategy have been described, and indeed promoted, in the company's Security and Exchange Commission ("SEC") filings n27 and have been the focus of numerous articles in prominent periodicals and newspapers. n28 Indeed, the intricate details of each proprietary technology challenged by plaintiffs are public record in DoubleClick's patents. See, e.g., U.S. Patent No. 5,948,061(issued September 7, 1999). DoubleClick's purpose has plainly not been to perpetuate torts on millions of Internet users, but to make money by providing a valued service to commercial Web sites. If any of its practices ultimately prove tortious, then DoubleClick may be held liable for the resulting damage. However, a culpable mind does not accompany every tortious act. In light of the abundant evidence that DoubleClick's motivations have been licit and commercial and the utter lack of evidence that its intent has been tortious, we find as a matter of law that plaintiffs have failed to allege that DoubleClick has acted with a "tortious" purpose.
To summarize, we find that the DoubleClick-affiliated Web sites are "parties" to plaintiffs' intercepted communications under the Wiretap Act and that they consent to DoubleClick's interceptions. Furthermore, we find that plaintiffs have failed to allege that DoubleClick has intercepted plaintiffs' communications for a "criminal or tortious" purpose. Accordingly, we find that DoubleClick's actions are exempted from liability under the Wiretap Act by � 2511(2)(d) and, thus, we dismiss Claim II.
Count III. Computer Fraud and Abuse Act
Plaintiffs' final federal claim is under the Computer Fraud and Abuse Act ("CFAA"), 18 U.S.C. � 1030, et. seq. ("� 1030") The CFAA provides:
"[ 18 U.S.C. � 1030](a) - whoever... (2)(c) intentionally accesses a computer without authorization, or exceeds authorized access, and thereby obtains... information from any protected computer if the conduct involved an interstate or foreign communication... shall be punished as provided in subsection (c) of this section.""
The CFAA also provides a civil right of action for victims under 18 U.S.C. � 1030(g) ("� [*64] 1030(g)"):
"(g) Any person who suffers damage or loss by reason of a violation of this section may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief. Damages for violations involving damage as defined in section (e)(8)(A) are limited to economic damages..."
However, section 18 U.S.C. � 1030(e)(8) ("� 1030(e)(8)") limits the "damage" civilly recoverable to the following instances:
"(e)(8) the term 'damage' means any impairment to the integrity or availability of data, a program, a system, or information that - (A) causes loss aggregating at least $ 5,000 in value during any 1-year period to one or more individuals; [B. Impairs medical care; C. Causes physical injury; D. Threatens public health or safety]." (emphasis added).
For the purposes of this motion, DoubleClick does not contest that plaintiffs' computers were "protected" under the CFAA or that its access was unauthorized. Instead, it claims that � 1030(e)(8) creates a $ 5,000 damages threshold for each individual class member and that plaintiffs have failed to plead these damages adequately. [*65] Plaintiffs argue that "loss" under � 1030(g) is distinct from "damage" and, accordingly, is not subject to � 1030(e)(8)'s damage threshold. In the alternative, if � 1030(e)(8)'s damage threshold is found applicable to plaintiffs' claims, plaintiffs argue that they easily meet the threshold by "aggregating" losses for the entire class over "any 1-year period."
�
A. "Loss" pled under 18 U.S.C. � 1030(g) is subject to � 1030(e)(8)'s $ 5,000 statutory minimum damages.
The first issue is whether "loss" pled under � 1030(g) is subject to � 1030(e)(8)'s $ 5,000 statutory minimum damages -- a question of statutory interpretation. The Supreme Court recently reviewed the basic canons of statutory interpretation in Robinson v. Shell Oil Co., 519 U.S. 337, 340-41, 136 L. Ed. 2d 808, 117 S. Ct. 843 (1997). It explained:
"Our first step in interpreting a statute is to determine whether the language at issue has a plain and unambiguous meaning with regard to the particular dispute in the case. Our inquiry must cease if the statutory language is unambiguous and 'the statutory scheme is coherent and consistent.' [citations omitted]. The [*66] plainness or ambiguity of statutory language is determined by reference to the language itself, the specific context in which that language is used, and the broader context of the statute as a whole."
See Washington v. Schriver, 240 F.3d 101, 108 (2d Cir. Jan. 5, 2001). However, where a statute's language conveys no "plain and unambiguous meaning, it is deemed "ambiguous" and a court may look to "legislative history and other extrinsic material" in interpreting it. Oklahoma v. New Mexico, 501 U.S. 221, 235 n. 5, 115 L. Ed. 2d 207, 111 S. Ct. 2281 (1991)(citations omitted); see Washington, 240 F.3d at 108.
Sections 1030(g) and 1030(e)(8)(A)'s language concerning "loss" is plainly inconsistent. On its face, � 1030(e)(8)(A)'s definition of "damage" explicitly includes "loss." See � 1030(e)(8)(A) ("the term 'damage' means any impairment... that - (A) causes loss aggregating at least $ 5,000 in value during any 1-year period to one or more individuals")(emphasis added). In order to find that "loss" under � 1030(g) is not subject to the $ 5,000 "damage" threshold, one would have to accept that Congress created two [*67] definitions of "loss" -- one under � 1030(g) that is not subject to � 1030(e)(8)'s $ 5,000 threshold, and one under � 1030(e)(8) that is clearly subject to the threshold -- without explicitly defining or differentiating either. In contrast, the statute gives a clear definition of "damage" in � 1030(e)(8) to which it explicitly refers in � 1030(g).
Nevertheless, a "cardinal principle of statutory construction [is] that we must 'give effect, if possible, to every clause and word of a statute,'" Williams v. Taylor, 529 U.S. 362, 404, 146 L. Ed. 2d 389, 120 S. Ct. 1495 (2000)(quoting United States v. Menasche, 348 U.S. 528, 538-39, 99 L. Ed. 615, 75 S. Ct. 513 (1955)) and this principle supports two arguments for reading "loss" outside of � 10(e)(8)(A)'s exception. First, the fact that � 1030(g) uses the word "loss" in addition to damage suggests that the words have different meanings. See United States v. Bernier, 954 F.2d 818, 819-20 (2d Cir. 1992) (in interpreting statutory clause "second or subsequent," the Second Circuit ruled that "while it is conceivable that the word 'subsequent' is used as a synonym for the word 'second' [*68] in [the clause], the use of the connector 'or' (rather than 'and'), and the absence of commas around the 'or subsequent' phrase, suggest that each word in the statute was meant to be different; hence the use of different words.") Second, � 1030(g) states that "damages for violations involving damage as defined in subsection (e)(8)(A) are limited to economic damages." The fact that the statute chooses to limit this clause to "violations involving damage as defined in subsection (e)(8)(A)," suggests that it recognizes "damages" outside of subsection (e)(8)(A) as well. Otherwise, the limitation would be meaningless.
In light of the obvious facial contradictions, we find that the CFAA is ambiguous about whether "loss" pled under � 1030(g) is subject to � 1030(e)(8)'s $ 5,000 threshold. Accordingly, we turn to its legislative history for further guidance. The only explanation in the legislative record for why � 1030(g) refers to both "damage" and "loss" is found in the 1996 Senate Report, S. Rep. No. 104-357 (1996). It stated:
"The 1994 amendment [to � 1030(g)] required both 'damage' and 'loss,' but it is not always clear what constitutes 'damage.' For example, intruders often [*69] alter existing log-on programs so that user passwords are copied to a file which the hackers can retrieve later. After retrieving the newly created password file, the intruder restores the altered log-on file to its original condition. Arguably, in such a situation, neither the computer nor its information is damaged. Nonetheless, this conduct allows the intruder to accumulate valid user passwords to the system, requires all system users to change their passwords, and requires the system administrator to devote resources to resecuring the system. Thus, although there is arguably no 'damage,' the victim does suffer 'loss.' If the loss to the victim meets the required monetary threshold, the conduct should be criminal, and the victim should be entitled to relief.
The bill therefore defines 'damage' in new subsection 1030(e)(8), with a focus on the harm that the law seeks to prevent. As in the past, the term 'damage' will require either significant financial losses under section 1030(e)(8)(A), or potential impact on medical treatment under section 1030(e)(8)(B)... Under the bill, damages recoverable in civil actions by victims of computer abuse would be limited to economic losses for violations causing losses of $ 5,000 or more during any 1-year period." (emphasis added).
S. Rep. No. 104-357 seems to make clear that Congress intended the term "loss" to target remedial expenses borne by victims that could not properly be considered direct damage caused by a computer hacker. The term "loss" was not meant to except certain injuries from � 1030(e)(8)(A)'s damages threshold. n29 Indeed, S. Rep. No. 104-357's declaration that "If the loss to the victim meets the required monetary threshold, the conduct should be criminal, and the victim should be entitled to relief" (emphasis added), leaves no doubt but that "loss" under � 1030(g) remains subject to � 1030(e)(8)(A)'s $ 5,000 threshold. This reading is consistent with Congress' general intent to limit federal jurisdiction to cases of substantial computer crimes. n30
Caselaw further supports the conclusion [*72] that all injuries under � 1030(g) are subject to � 1030(e)(8)'s $ 5,000 threshold, whether termed "damage" or "loss." In Letscher v. Swiss Bank Corp., 1996 U.S. Dist. LEXIS 4908 (S.D.N.Y. April 16, 1996), Judge Sand dismissed a former employee's claim that his employer violated the CFAA by allegedly procuring his personal credit report without authorization. Letscher claimed that Swiss Bank's violation "caused him to 'invest[] his time, money, and talent requesting reports, making telephone calls, and writing letters causing him emotional distress and anguish.'" Id. at *7. The "time, money, [] talent, and [efforts]" for which Letscher sought compensation were clearly "losses" to him, not compensation for "damage" to the integrity of his data or computer. Nevertheless, Judge Sand held that Letscher's losses were still subject to � 1030(e)(8)(A)'s $ 5,000 threshold and dismissed his claim finding that these losses were not "economic." Id.
In America Online, Inc. v. LCGM, 46 F. Supp. 2d 444, 451 (E.D.V.A. 1998), America Online, Inc. ("AOL") alleged that LCGM secretly collected AOL members' email addresses without AOL's authorization [*73] and then employed deceptive techniques to "spam" (i.e. to e-mail en masse) AOL members. The facts in AOL v. LCGM are quite similar to the hypothetical in S. Rep No. 101-544 that illustrated the difference between "loss" and "damage" -- there was no "damage" to the function of AOL's system or the data within it, only plaintiff's "loss" from defendant's trespass. Nonetheless, the court required a finding that AOL's losses exceeded the "$ 5,000, the statutory threshold requirement" before it granted summary judgment. Id. at 450. Thus, it is clear that plaintiffs' alleged injuries, whether described as "damage" or "loss," are subject to � 1030(e)(8)(A)'s $ 5,000 threshold.
B. Plaintiffs fail to allege facts that could support a finding that their injuries meet � 1030(e)(8)(A)'s $ 5,000 threshold
Turning to the instant case, plaintiffs seek damages for their "'loss' - an invasion of their privacy, a trespass to their personal property, and the misappropriation of confidential data by DoubleClick... [as well the cost of the] affirmative steps [plaintiffs must take] to negate DoubleClick's wrongful unauthorized access of their computers." Plaintiffs' Opposition [*74] Brief at 23. They argue that in determining whether plaintiffs have met � 1030(e)(8)(A)'s $ 5,000 threshold, damages should be aggregated across all plaintiffs and all of DoubleClick's acts for any given year.
1. Damages and losses under � 1030(e)(8)(A) may only be aggregated across victims and time for a single act.
As a preliminary matter, we find that damages and losses under � 1030(e)(8)(A) may only be aggregated across victims and over time for a single act. The relevant clause states that "the term 'damage' means any impairment to the integrity or availability of data, a program, a system, or information that -- (A) causes loss aggregating at least $ 5,000 in value during any 1-year period to one or more individuals." The fact that � 1030(e)(8)(A) is phrased in the singular ("any impairment to the integrity or availability of data, a program, a system, or information that--(a) causes loss"), rather than the plural (e.g., any impairments to the integrity or availability of data, programs, systems, or information that--(a) cause loss...), indicates that � 1030(e)(8)(A) should only apply to single acts. The legislative history clarifies that this was Congress' intent. The Senate Judiciary Committee's report that accompanied the CFAA, Sen. R. No. 99-132, explains:
"The Committee does not intend that every victim of acts proscribed under [1030(e)(8)(A)] must individually suffer a loss of [then] $ 1,000. Certain types of malicious mischief may cause smaller amounts of damage to numerous individuals, and thereby collectively create a loss of more than $ 1,000. By using 'one of more others' n31, the Committee intends to make clear that losses caused by the same act may be aggregated for the purposes of meeting the [then] $ 1,000 threshold." Id. at 5 (emphasis added).
This interpretation is consistent with Congress' overall intent to limit the CFAA to major crimes. See supra note 31. In contrast, plaintiffs cite no authority to support their reading of � 1030(e)(8)(A). Therefore, we find that � 1030(e)(8)(A) only allows aggregation of damage over victims and time for a single act.
2. Plaintiffs have failed to allege facts that could support a finding that plaintiffs suffered over $ 5,000 in damages and losses from any single act by DoubleClick.
In order to determine plaintiffs' damages and losses stemming from any single prohibited act by DoubleClick, we must first determine what constitutes a single act under � 1030(e)(8)(A). Examining � 1030(a)(2)(C), the relevant subsection, it is apparent that the definition of a prohibited act turns on the perpetrator's access to a particular computer. The prohibition is phrased in the singular: "[whoever] intentionally accesses a computer without authorization.. and thereby obtains... (C)information from any protected computer..." � 1030(a)(2)(C) (emphasis added). n32 Thus, the suggestion that DoubleClick's accessing of cookies on millions of plaintiffs' computers could constitute a single act is refuted by the statute's plain language. Nevertheless, the statute is ambiguous about the scope of a single prohibited act on any one computer. One could reasonably argue from � 1030(a)(2)(C)'s text that DoubleClick commits a violation each time it accesses a cookie on a plaintiff's hard drive. However, [*77] one could also plausibly maintain that DoubleClick's systematic uploading of data from a cookie on a particular computer's hard drive constitutes a single act of "access," even though it occurs over multiple electronic transactions. For the purposes of this motion, we need not choose between these two interpretations because even on the more liberal, plaintiffs fail to plead facts that could meet the damages threshold.
Plaintiffs essentially plead two bases of "damage or loss": (1) their cost in remedying their computers and data in the wake of DoubleClick's access, and (2) the economic value of their attention (to DoubleClick's advertisements) and demographic information. n33 Clearly, any economic losses plaintiffs bore in securing or remedying their systems in the wake of DoubleClick's alleged CFAA violations would count towards � 1030(e)(8)(A)'s damage threshold. See supra note 30 and accompanying text. However, as counsel demonstrated at oral argument, users may easily and at no cost prevent DoubleClick from collecting information by simply selecting options on their browsers or downloading an "opt-out" cookie from DoubleClick's Web site. See Transcript of February 22, 20001 Oral Argument at 15-18. Similarly, they have not pled that DoubleClick caused any damage whatsoever to plaintiffs' computers, systems or data that could require economic remedy. Thus, these remedial economic losses are insignificant if, indeed, they exist at all.
�
Plaintiffs also contend that they have suffered economic damages consisting of the value of: (1) the opportunity to present plaintiffs with advertising; and (2) the demographic information DoubleClick has collected. See Transcript of February 22, 20001 Oral Argument at 47, 54. Essentially, they argue that because companies pay DoubleClick for plaintiffs' attention (to advertisements) and demographic information, the value of these services must, in some part, have rightfully belonged to plaintiffs. They point to AOL in which the court appeared to hold that damage to "reputation and goodwill" counted towards the damage threshold and argue that, by the same logic, the economic value of their attention and demographic information should count as well. See AOL, 46 F. Supp. 2d at 451.
Even assuming that the economic value of plaintiffs' attention and demographic information could be counted towards the monetary threshold -- a dubious assumption n34 -- it would still be insufficient. We do not commonly believe that the economic value of our attention is unjustly taken from us when we choose to watch a television show or read a newspaper with advertisements and we are unaware of any statute or caselaw that holds it is. We see no reason why Web site advertising should be treated any differently. A person who chooses to visit a Web page and is confronted by a targeted advertisement is no more deprived of his attention's economic value than are his off-line peers. Similarly, although demographic information is valued highly (as DoubleClick undoubtedly believed when it paid over one billion dollars for Abacus), the value of its collection has never been considered a economic loss to the subject. Demographic information is constantly collected on all consumers by marketers, mail-order catalogues and retailers. n35 However, we are unaware of any court that has held the value of this collected information constitutes damage to consumers or unjust enrichment to collectors. Therefore, it appears to us that plaintiffs have failed to state any facts that could support a finding of economic loss from DoubleClick's alleged violation of the CFAA.
�
Nevertheless, to the extent that some value could be placed on these losses, we find that the plaintiffs have failed to allege facts that could support the inference that the damages and losses plaintiffs incurred from DoubleClick's access to any particular computer, over one year's time, could meet � 1030(e)(8)(A)'s [*82] damage threshold. Accordingly, Count III of the Amended Complaint is dismissed.
Conclusion Concerning Federal Claims
Plaintiffs' Amended Complaint fails to plead violations of any of the three federal statutes under which they bring suit. The absence of evidence in the legislative or judicial history of any of these Acts to suggest that Congress intended to prohibit conduct like DoubleClick's supports this conclusion. To the contrary, the histories of these statutes reveal specific Congressional goals -- punishing destructive hacking, preventing wiretapping for criminal or tortious purposes, securing the operations of electronic communication service providers -- that are carefully embodied in these criminal statutes and their corresponding civil rights of action.
Furthermore, DoubleClick's practices and consumers' privacy concerns with them are not unknown to Congress. Indeed, Congress is currently considering legislation that specifically recognizes and regulates the online harvesting of user information. For example, the "Consumer Internet Privacy Enhancement Act," H.R. 237, 107th Cong. (2001), now pending before a House Committee, imposes substantial notice and opt-out [*83] requirements on Web site operators who, unlike DoubleClick, compile personally identifiable information from users. See also, The Online Privacy protection Act of 2001, H.R. 89, 107th Cong. (2001); Electronic Privacy Protection Act, H.R. 112, 107th Cong. (2001); Social Security Online Privacy Protection Act, H.R. 91, 107th Cong. (2001); Consumer Privacy Protection Act, S. 2606, 106th Cong. (2000). n36 Although proposed legislation has no formal authoritative weight, it is evidence that Congress is aware of the conduct plaintiffs challenge and is sensitive to the privacy concerns it raises. Where Congress appears to have drawn the parameters of its regulation carefully and is actively engaged in the subject matter, we will not stray from its evident intent.
Counts IV - VII. Remaining State Claims
For the reasons set out above, we have dismissed plaintiffs' federal claims which were the sole predicate for federal jurisdiction. When federal claims are dismissed, retention of state law claims under supplemental jurisdiction is left to the discretion of the trial court. See 28 U.S.C. � 1367(c)(3)(1994)("district courts may decline to exercise supplemental jurisdiction over a claim... if... (3) the district court has dismissed all claims over which it has original jurisdiction."); Purgess v. Sharrock, 33 F.3d 134, 138 (2d Cir.1994); In re Merrill Lynch Ltd. P'ships Litig., 7 F. Supp. 2d 256, 258 (S.D.N.Y. 1997). We decline to exercise supplemental jurisdiction over plaintiffs' state law claims. Accordingly, the remaining counts of plaintiffs' Amended Complaint are dismissed as well.
�
CONCLUSION
For the foregoing reasons, defendant's motion to dismiss is granted and plaintiffs' Amended Complaint is dismissed with prejudice. n37
IT IS SO ORDERED.
5.2 Electronic Communications Privacy Act of 1986: 18 U.S. Code § 2702 - Voluntary disclosure of customer communications or records 5.2 Electronic Communications Privacy Act of 1986: 18 U.S. Code § 2702 - Voluntary disclosure of customer communications or records
5.3 Electronic Communications Privacy Act of 1986: 18 U.S. Code § 2511 - Interception and disclosure of wire, oral, or electronic communications prohibited 5.3 Electronic Communications Privacy Act of 1986: 18 U.S. Code § 2511 - Interception and disclosure of wire, oral, or electronic communications prohibited
5.4 In re Google Inc. Gmail Litigation 5.4 In re Google Inc. Gmail Litigation
This case considers how the ECPA might apply to Gmail's keyword advertising
IN RE: GOOGLE INC. GMAIL LITIGATION
THIS DOCUMENT RELATES TO: ALL ACTIONS.
United States District Court, N.D. California, San Jose Division.
ORDER GRANTING IN PART AND DENYING IN PART DEFENDANT'S MOTION TO DISMISS [REDACTED]
LUCY H. KOH, District Judge.
In this consolidated multi-district litigation, Plaintiffs Keith Dunbar, Brad Scott, Todd Harrington, Matthew Knowles, A.K. (next of friend to Minor J.K.), Brent Matthew Scott, Kristen Brinkman, Robert Fread, and Rafael Carrillo, individually and on behalf of those similarly situated (collectively, "Plaintiffs"), allege that Defendant Google, Inc., has violated state and federal anti-wiretapping laws in its operation of Gmail, an email service. See ECF No. 38-2. Before the Court is Google's Motion to Dismiss Plaintiffs' Consolidated Complaint. See ECF No. 44. For the reasons stated below, the Court DENIES in part and GRANTS in part Google's Motion to Dismiss with leave to amend.
BACKGROUND
A. Factual Allegations
Plaintiffs challenge Googles operation of Gmail under state and federal anti-wiretapping laws. The Consolidated Complaint seeks damages on behalf of a number of classes of Gmail users and non-Gmail users for &ogles; interception of emails over a period of several years. All the class periods span from two years prior to the filing of the actions to the date of class certification, if any. Because the first of these consolidated actions was filed in 2010, the Consolidated Complaint taken as a whole challenges the operation of Gmail from 2008 to the present.
1. Google's Processing of Emails
Google's processing of emails to and from its users has evolved over the putative class periods. Plaintiffs allege, however, that in all iterations of Google's email routing processes since 2008, Google has intercepted, read, and acquired the content of mails that were sent or received by Gmail users while the entails were in transit. Plaintiffs allege that before [REDACTED] 20[REDACTED], a Gmail device intercepted, read, and acquired the content of each email for the purposes of sending an advertisement relevant to that email communication to the recipient, sender, or both. ECF No. 38-2 ¶¶ 26-27.33. According to the Consolidated Complaint, this interception and reading of the email was separate from Google's other processes, including spam and vines filtering. Id. ¶ 5.
After [REDACTED] 20[REDACTED], Plaintiffs allege that Google continued to intercept, read, and acquire content from emails that were in transit even as Google changed the way it transmits mails. Plaintiffs allege that after [REDACTED] 20[REDACTED], Google continued to intercept. read, and acquire content from mails to provide targeted advertising. Id. ¶¶ 62-63. Moreover, Plaintiffs allege that post-[REDACTED] 20[REDACTED]. targeted advertising was not the sole purpose of the interception. Rather, during this time period, Plaintiffs allege that a number of Google devices intercepted the emits, read and collected content as well as affiliated data, and [REDACTED] these cmails and data. Id. ¶¶ 47-56. Plaintiffs further allege that Google used these [REDACTED] data to create user profiles and models. Id.. ¶¶ 74-79. Google then allegedly used the emails, affiliated data, and user profiles to serve their profit interests that were unrelated to providing email services to particular users. Id. ¶¶ 97-98. Accordingly, Plaintiffs allege that Google has, since 20[REDACTED], intercepted emails for the dual purposes of providing advertisements and creating user profiles to advance Google's profit interests.
2. Types of Gmail Services
Gmail implicates several different, but related, systems of email delivery, three of which are at issue here. The first is a free service, which allows any user to register for an account with Google to use Gmail. Id. ¶ 99. This system is supported by advertisements, though users can opt-out of such advertising or access Gmail accounts in ways that do not generate advertising, such as accessing email on a smartphone. Id. ¶ 70.
The second is Google's operation of email on behalf of Internet Service Providers ("ISPs"). Id. ¶ 100. Google, through its Google Apps Partner program, enters into contracts with ISPs, such as Cable One, to provide an email service branded by the ISP. Id. The ISP's customers can register for email addresses from their ISP (such as "@mycableone.com"), but their email is nevertheless powered by Google through Gmail.
Third, Google operates Google Apps for Education, through which Google provides email on behalf of educational organizations for students, faculty, staff, and alumni. Id. ¶ 101. These users receive "@name.institution.edu" email addresses, but their accounts are also powered by Google using Gmail. Id. Universities that are part of Google Apps for Education require their students to use the Gmail-provided service. Id.
Google Apps users, whether through the educational program or the partner program, do not receive content-based ads but can opt in to receiving such advertising. Google processes emails sent and received from all Gmail users,[1] including Google Apps users, in the same way except that emails of users who do not receive advertisements are not processed through Google's advertising infrastructure, which attaches targeted advertisements to emails. Id. ¶¶ 57, 72-73. This means that users who do not receive advertisements would not have been subject to the pre-[REDACTED] 20[REDACTED] interceptions, as during that period, interceptions were for the sole purpose of attaching targeted advertisements to emails. After [REDACTED] 20[REDACTED], Google separated its interception of emails for targeted advertising from its interception of emails for creating user profiles. Id. ¶ 72. As a result, after [REDACTED] 20[REDACTED], emails to and from users who did not receive advertisements are nevertheless intercepted to create user profiles. Id. ¶¶ 73, 85. Accordingly, these post-[REDACTED] 20[REDACTED] interceptions impacted all Gmail and Google Apps users, regardless of whether they received advertisements.
3. Google's Agreements with Users
The operation of the Gmail service implicates several legal agreements. Gmail users were required to agree to one of two sets of Terms of Service during the class periods. The first Terms of Service was in effect from April 16, 2007, to March 1, 2012, and the second has been in effect since March 1, 2012. Id. ¶ 102. The 2007 Terms of Service stated that:
Google reserves the right (but shall have no obligation) to pre-screen, review, flag, filter, modify, refuse or remove any or all Content from any Service. For some Services, Google may provide tools to filter out explicit sexual content. These tools include the SafeSearch preference settings. ... In addition, there are commercially available services and software to limit access to material that you may find objectionable.
Id. ¶ 104. A subsequent section of the 2007 Terms of Service provided that "[s]ome of the Services are supported by advertising revenue and may display advertisements and promotions" and that "[t]hese advertisements may be content-based to the content information stored on the Services, queries made through the Service or other information." Id. ¶¶ 107-08.
The 2012 Terms of Service deleted the above language and stated that users "give Google (and those [Google] work[s] with) a worldwide license to use ..., create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), ... and distribute such content." See ECF No. 46-6 at 3.
Both Terms of Service reference Google's Privacy Policies, which have been amended three times thus far during the putative class periods. See ECF Nos. 46-7, 46-8, 46-9, 46-10. These Policies, which were largely similar, stated that Google could collect information that users provided to Google, cookies, log information, user communications to Google, information that users provide to affiliated sites, and the links that a user follows. See ECF No. 46-7. The Policies listed Google's provision of "services to users, including the display of customized content and advertising" as one of the reasons for the collection of this information. Id.
Google also had in place Legal Notices, which stated that "Google does not claim any ownership in any of the content, including any text, data, information, images, photographs, music, sound, video, or other material, that [users] upload, transmit or store in [their] Gmail account." ECF No. 38-2 ¶ 118. The Notices further stated that Google "will not use any of [users'] content for any purpose except to provide [users] with the service." Id. ¶ 121.
In addition, Google entered into contractual agreements with ISPs and educational institutions as part of its Google Apps Partner and Google Apps for Education programs. These agreements require Google to "protect against unauthorized access to or use of Customer data." Id. ¶¶ 137, 161. In turn, "Customer data" is defined as "data, including email, provided, generated, transmitted, or displayed via the Services by Customers or End Users." Id. ¶¶ 138, 162. Further, the Terms of Service applicable to Google Apps Cable One users states that "Google may access, preserve, and disclose your account information and any Content associated with that account if required to do so by law or in a good faith belief that such access preservation or disclosure is reasonably necessary" to satisfy applicable law, enforce the Terms of Service, detect or prevent fraud, or protect against imminent harm to the rights of Google, its users, or the public. ECF No. 46-2 at 2-3.
Importantly, Plaintiffs who are not Gmail or Google Apps users are not subject to any of Google's express agreements. Because non-Gmail users exchange emails with Gmail users, however, their communications are nevertheless subject to the alleged interceptions at issue in this case.
4. Relief Sought and Class Allegations
Plaintiffs bring these cases alleging that Google, in the operation of its Gmail system, violated federal and state anti-wiretapping laws. ECF No. 38-2 ¶ 216 (federal law), ¶ 288 (California law), ¶ 328 (Maryland law), ¶ 349 (Florida law), ¶ 370 (Pennsylvania law). Plaintiffs seek the certification of several classes, preliminary and permanent injunctive relief, declaratory relief, statutory damages, punitive damages, and attorneys' fees. Plaintiffs seek relief on behalf of the following classes, all of which have a class period starting two years before the relevant complaint was filed and running through the date of class certification, if any:
(1) all Cable One users who sent a message to a Gmail user and received a reply or received an email;
(2) all Google Apps for Education users who have sent a message to a Gmail user and received a reply or received an email;
(3) all U.S. citizen non-Gmail users (except California residents) who have sent a message to a Gmail user and received a reply or received an email from a Gmail user;
(4) all U.S. citizen non-Gmail users who have sent a message to a Gmail user and received a reply or received an email from a Gmail user;
(5) all Pennsylvania non-Gmail users who have sent a message to a Gmail user and received a reply or received an email from a Gmail user;
(6) all Florida non-Gmail users who have sent a message to a Gmail user and received a reply or received an email from a Gmail user;
(7) all Maryland non-Gmail users who have sent a message to a Gmail user and received a reply or received an email from a Gmail user; and
(8) all Gmail users who were under the age of majority and who used Gmail to send an email to or received an email from a non-Gmail user or a Gmail user under the age of majority. Id. ¶¶ 388-92.
B. Procedural History
This case is a consolidated multi-district litigation involving seven individual and class action lawsuits. See ECF No. 38-2. The first of these consolidated actions was filed on November 17, 2010, and transferred from the Eastern District of Texas to the Northern District of California on June 27, 2012. See Dunbar v. Google, Inc., 12-CV-03305 (N.D. Cal.); ECF No. 179. Five other actions involving substantially similar allegations against Google followed in this District and throughout the country. See Scott, et al. v. Google, Inc., No. 12-CV-03413 (N.D. Cal.); Scott v. Google, Inc., No. 12-CV-00614 (N.D. Fla.); A.K. v. Google, Inc., No. 12-CV-01179 (S.D. Ill.); Knowles v. Google, Inc., 12-CV-02022 (D. Md.); Brinkman v. Google, Inc., 12-CV-06699 (E.D. Pa.). On April 1, 2013, the Judicial Panel on Multidistrict Litigation issued a Transfer Order, centralizing these six actions in the Northern District of California before the undersigned judge. See ECF No. 1. On May 6, 2013, this Court related a seventh action, Fread v. Google, Inc., 13-CV-01961 (N.D. Cal.), as part of this multi-district litigation. See ECF No. 29.
Plaintiffs filed an Administrative Motion to file their Consolidated Complaint under seal on May 16, 2013.[2]See ECF No. 38. The Complaint contained five claims alleging violations of: (1) the Wiretap Act, as amended by the Electronic Communications Privacy Act ("ECPA"), 18 U.S.C. §§ 2510, et seq.; (2) the California Invasion of Privacy Act ("CIPA"), Cal. Penal Code §§ 630, et seq.; (3) the Maryland Courts and Judicial Proceedings Code Ann. §§ 10-402, et seq.; (4) Florida Statute §§ 934.03, et seq.; and (5) 18 Pa. Const. Stat. §§ 5701, et seq. See ECF No. 38-2.
Google filed a Motion to Dismiss the Consolidated Complaint on June 13, 2013. See ECF No. 44. On the same day, Google filed two declarations and a request for judicial notice in support of its Motion. See ECF Nos. 45-47. Plaintiffs filed an opposition to Google's request for judicial notice and separate objections to Google's declarations on July 11, 2013. See ECF Nos. 49-50. Google filed a reply in support of its request for judicial notice and Motion to Strike Plaintiffs' objections to Google's declarations on July 29, 2013. ECF No. 58.
Plaintiffs filed their opposition to Google's Motion to Dismiss on July 11, 2013. See ECF No. 53. That same day, Plaintiffs filed a request for judicial notice in support of their opposition. See ECF No. 51. Google filed a reply along with a declaration in support of the reply on July 29, 2013. See ECF No. 56-57. This Court held a hearing on the Motion to Dismiss on September 5, 2013. See ECF No. 64.
II. LEGAL STANDARDS
A. Motion to Dismiss
Pursuant to Federal Rule of Civil Procedure 12(b)(6), a defendant may move to dismiss an action for failure to allege "enough facts to state a claim to relief that is plausible on its face." Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007). "A claim has facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged. The plausibility standard is not akin to a `probability requirement,' but it asks for more than a sheer possibility that a defendant has acted unlawfully." Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (internal citations omitted). For purposes of ruling on a Rule 12(b)(6) motion, the Court "accept[s] factual allegations in the complaint as true and construe[s] the pleadings in the light most favorable to the non-moving party." Manzarek v. St. Paul Fire & Marine Ins. Co., 519 F.3d 1025, 1031 (9th Cir. 2008).
However, a court need not accept as true allegations contradicted by judicially noticeable facts, Shwarz v. United States, 234 F.3d 428, 435 (9th Cir. 2000), and a "court may look beyond the plaintiff's complaint to matters of public record" without converting the Rule 12(b)(6) motion into a motion for summary judgment, Shaw v. Hahn, 56 F.3d 1128, 1129 n.1 (9th Cir. 1995). A court is also not required to "`assume the truth of legal conclusions merely because they are cast in the form of factual allegations.'" Fayer v. Vaughn, 649 F.3d 1061, 1064 (9th Cir. 2011) (per curiam) (quoting W. Min. Council v. Watt, 643 F.2d 618, 624 (9th Cir. 1981)). Mere "conclusory allegations of law and unwarranted inferences are insufficient to defeat a motion to dismiss." Adams v. Johnson, 355 F.3d 1179, 1183 (9th Cir. 2004); accord Iqbal, 556 U.S. at 678. Furthermore, "a plaintiff may plead herself out of court" if she "plead[s] facts which establish that [s]he cannot prevail on h[er] ... claim." Weisbuch v. Cnty. of L.A., 119 F.3d 778, 783 n.1 (9th Cir. 1997) (internal quotation marks and citation omitted).
B. Request for Judicial Notice
The Court generally may not look beyond the four corners of a complaint in ruling on a Rule 12(b)(6) motion, with the exception of documents incorporated into the complaint by reference, and any relevant matters subject to judicial notice. See Swartz v. KPMG LLP, 476 F.3d 756, 763 (9th Cir. 2007); Lee v. City of Los Angeles, 250 F.3d 668, 688-89 (9th Cir. 2001). Under the doctrine of incorporation by reference, the Court may consider on a Rule 12(b)(6) motion not only documents attached to the complaint, but also documents whose contents are alleged in the complaint, provided the complaint "necessarily relies" on the documents or contents thereof, the document's authenticity is uncontested, and the document's relevance is uncontested. Coto Settlement v. Eisenberg, 593 F.3d 1031, 1038 (9th Cir. 2010); see Lee, 250 F.3d at 688-89. The purpose of this rule is to "prevent plaintiffs from surviving a Rule 12(b)(6) motion by deliberately omitting documents upon which their claims are based." Swartz, 476 F.3d at 763 (internal quotation marks omitted).
The Court also may take judicial notice of matters that are either (1) generally known within the trial court's territorial jurisdiction or (2) capable of accurate and ready determination by resort to sources whose accuracy cannot reasonably be questioned. Fed. R. Evid. 201(b). Proper subjects of judicial notice when ruling on a motion to dismiss include legislative history reports, see Anderson v. Holder, 673 F.3d 1089, 1094, n.1 (9th Cir. 2012); court documents already in the public record and documents filed in other courts, see Holder v. Holder, 305 F.3d 854, 866 (9th Cir. 2002); and publically accessible websites, see Caldwell v. Caldwell, 2006 WL 618511, at *4 (N.D. Cal. Mar. 13, 2006); Wible v. Aetna Life Ins. Co., 375 F. Supp. 2d 956, 965-66 (C.D. Cal. 2005).
C. Leave to Amend
If the Court determines that the complaint should be dismissed, it must then decide whether to grant leave to amend. Under Rule 15(a) of the Federal Rules of Civil Procedure, leave to amend "shall be freely given when justice so requires," bearing in mind "the underlying purpose of Rule 15 ... [is] to facilitate decision on the merits, rather than on the pleadings or technicalities." Lopez v. Smith, 203 F.3d 1122, 1127 (9th Cir. 2000) (en banc) (internal quotation marks and citation omitted). Nonetheless, a court "may exercise its discretion to deny leave to amend due to `undue delay, bad faith or dilatory motive on part of the movant, repeated failure to cure deficiencies by amendments previously allowed, undue prejudice to the opposing party ..., [and] futility of amendment.'" Carvalho v. Equifax Info. Servs., LLC, 629 F.3d 876, 892-93 (9th Cir. 2010) (quoting Foman v. Davis, 371 U.S. 178, 182 (1962)) (alterations in original).
III. REQUESTS FOR JUDICIAL NOTICE
In support of their opposition to Google's Motion to Dismiss, Plaintiffs request the Court take judicial notice of (A) a declaration and a motion filed in Sheppard v. Google, Inc., et al, 12-CV-4022 (W.D. Ark.); (B) an excerpt of a November 30, 1985 Senate Judiciary Committee hearing regarding the ECPA; (C) an April 29, 1968 Senate Report; and (D) an order on Google's motion to dismiss in Marquis v. Google, Inc., No. 11-2808, in the Superior Court of Suffolk County, Commonwealth of Massachusetts. See ECF No. 51. Plaintiffs' Exhibits B and C are legislative history reports, and Plaintiffs' Exhibits A and D are documents filed in other courts, already part of the public record. See Anderson, 673 F.3d at 1094, n.1; Holder, 305 F.3d at 866. Google does not oppose any of these requests. The Court takes judicial notice of all four.
Google requests that the Court take judicial notice of (A) a copy of Google's Terms of Service applicable to Google Apps services provided through Cable One, Inc.; (B) a copy of the Google Apps Education Edition Agreement between Google and the University of Hawaii; (C) a copy of the Google Apps Education Edition Agreement between Google and the University of the Pacific; (D) copies of Google's Terms of Service dated April 16, 2007 and March 1, 2012; (E) copies of Google's Privacy Policies dated August 7, 2008, March 11, 2009, October 3, 2010, and March 1, 2012; (F) a copy of the Yahoo! Mail Privacy Policy from June 2013; (G) an excerpt of an October 17, 1986 Senate Report regarding the ECPA; (H) a copy of a May 9, 1995 California Senate Judiciary Committee analysis; and (I) a copy of an April 13, 2010 California Senate Public Safety Committee analysis. See ECF No. 47. Plaintiffs oppose the request for judicial notice with respect to items F, G, H, and I. See ECF No. 49.
The Court takes judicial notice of items A, B, C, D, and E as requested by Google and to which Plaintiffs do not object because Plaintiffs rely upon and reference these documents in the Complaint. See ECF No. 38-2 ¶¶ 102, 144, 185-86, 189, 227-28, 237-38; Coto, 593 F.3d at 1038. The Court further takes judicial notice of items H and I because Plaintiffs "do[] not contest that these are readily available public documents or challenge their authenticity." Zephyr v. Saxon Mortg. Servs., Inc., 873 F. Supp. 2d 1223, 1226 (E.D. Cal. 2012). The Court takes judicial notice of item G because it is a legislative history report for the statute at the heart of Plaintiffs' principal claim. See id.; Anderson, 673 F.3d at 1094, n.1. Finally, the Court denies Google's request for judicial notice of item F, the Yahoo! Mail Privacy Policy. The Policy is not a document "on which the Complaint necessarily relies nor ... whose relevance and authenticity are uncontested" because Plaintiffs contend that the effective dates of the Yahoo! Privacy Policy are unknown. See ECF No. 49 at 2-3; Fraley v. Facebook, Inc., 830 F. Supp. 2d 785, 795 (N.D. Cal. 2011).
Plaintiffs further raise objections to various paragraphs in the declarations supporting Google's Motion to Dismiss and to the requests for judicial notice with respect to some of the exhibits attached to the declarations. See ECF No. 50. The Court strikes these objections pursuant to Civil Local Rule 7-3(a). The Rule requires that any evidentiary objections to a motion be contained within the opposition to the motion itself, but Plaintiffs filed their objections separately from their opposition. See Apple, Inc. v. Samsung Elecs. Co., Ltd., 2011 WL 7036077, at *3 (N.D. Cal. Dec. 2, 2011).
IV. MOTION TO DISMISS
A. The Wiretap Act
The Wiretap Act, as amended by the ECPA, generally prohibits the interception of "wire, oral, or electronic communications." 18 U.S.C. § 2511(1); see also Joffe v. Google, Inc., No. 11-17483, 2013 WL 4793247, at *3 (9th Cir. Sept. 10, 2013). More specifically, the Wiretap Act provides a private right of action against any person who "intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication." 18 U.S.C. § 2511(1)(a); see id. § 2520 (providing a private right of action for violations of § 2511). The Act further defines "intercept" as "the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device." Id. § 2510(4).
Plaintiffs contend that Google violated the Wiretap Act in its operation of the Gmail system by intentionally intercepting the content of emails that were in transit to create profiles of Gmail users and to provide targeted advertising. Google contends that Plaintiffs have not stated a claim with respect to the Wiretap Act for two reasons. First, Google contends that there was no interception because there was no "device." Specifically, Google argues that its reading of any emails would fall within the "ordinary course of business" exception to the definition of device. ECF No. 44 at 6-13. Under that exception, "any telephone or telegraph instrument, equipment or facility, or any component thereof ... being used by a provider of wire or electronic communication service in the ordinary course of its business" is not a "device," and the use of such an instrument accordingly falls outside of the definition of "intercept." 18 U.S.C. § 2510(5)(a)(ii). Second, Google contends that all Plaintiffs have consented to any interception. ECF No. 44 at 13-20. Under the statute, it is not unlawful "to intercept a wire, oral, or electronic communication ... where one of the parties to the communication has given prior consent to such interception." 18 U.S.C. § 2511(2)(d).
1. "Ordinary Course of Business" Exception
Google first contends that it did not engage in an interception because its reading of users' emails occurred in the ordinary course of its business. ECF No. 44 at 6-13. Conversely, Plaintiffs contend that the ordinary course of business exception is narrow and applies only when an electronic communication service provider's actions are "necessary for the routing, termination, or management of the message." See ECF No. 53 at 7. The Court finds that the ordinary course of business exception is narrow. The exception offers protection from liability only where an electronic communication service provider's interception facilitates the transmission of the communication at issue or is incidental to the transmission of such communication. Specifically, the exception would apply here only if the alleged interceptions were an instrumental part of the transmission of email. Plaintiffs have alleged, however, that Google's interception is not an instrumental component of Google's operation of a functioning email system. ECF No. 38-2 ¶ 97. In fact, Google's alleged interception of email content is primarily used to create user profiles and to provide targeted advertising — neither of which is related to the transmission of emails. See id. ¶¶ 26-27, 33, 57, 65, 84, 95. The Court further finds that Plaintiffs' allegations that Google violated Google's own agreements and internal policies with regard to privacy also preclude application of the ordinary course of business exception.
The plain language of the Wiretap Act, 18 U.S.C. § 2510(5)(a), exempts from the definition of "device":
any telephone or telegraph instrument, equipment or facility, or any component thereof,
(i) furnished to the subscriber or user by a provider of wire or electronic communication service in the ordinary course of its business and being used by the subscriber or user in the ordinary course of its business or furnished by such subscriber or user for connection to the facilities of such service and used in the ordinary course of its business; or
(ii) being used by a provider of wire or electronic communication service in the ordinary course of its business, or by an investigative or law enforcement officer in the ordinary course of his duties;
This section includes two "ordinary course of business" exceptions. The first, under subsection (a)(i), is for users or subscribers of electronic communication services, while the second, subsection (a)(ii), applies to the providers of electronic communication services themselves. This case implicates the latter, as Google provides the electronic communication service at issue here, Gmail.
The Sixth Circuit has found that the text of "[t]he two exceptions [is] not altogether clear." Adams v. City of Battle Creek, 250 F.3d 980, 982 (6th Cir. 2001). There is no dispute that Google's interception of Plaintiffs' emails and subsequent use of the information to create user profiles or to provide targeted advertising advanced Google's business interests. But this does not end the inquiry. The Court must give effect to the word "ordinary," which limits "course of business" under both exceptions. The presence of the modifier "ordinary" must mean that not everything Google does in the course of its business would fall within the exception. The task the Court faces at this stage is to determine whether Plaintiffs have adequately alleged that the purported interceptions were not an "ordinary" part of Google's business.
In the context of section 2510(5)(a)(i), courts have held, consistent with the textual limitation that "ordinary" imposes on "course of business," that not everything that a company may want to do falls within the "ordinary course of business" exception. See e.g., Watkins v. L.M. Berry & Co., 704 F.2d 577, 582 (11th Cir. 1983) ("The phrase `in the ordinary course of business' cannot be expanded to mean anything that interests a company."). Rather, the business reasons must be "legitimate." See Arias v. Mut. Cent. Alarm Serv., Inc., 202 F.3d 553, 559 (2d Cir. 2000); see also Berry v. Funk, 146 F.3d 1003, 1009 (D.C. Cir. 1998) (finding that actions are in the ordinary course of business if they are "justified by a valid business purpose" or "shown to be undertaken normally").
This limitation, applied to electronic communication service providers in the context of section 2510(5)(a)(ii), means that the electronic communication service provider engaged in the alleged interception must demonstrate the interception facilitated the communication service or was incidental to the functioning of the provided communication service. For example, in Kirch v. Embarq Management Co., 702 F.3d 1245 (10th Cir. 2012), which Google cites, ECF No. 44 at 9, the Tenth Circuit affirmed a grant of summary judgment in favor of Embarq, an ISP, where Embarq had intercepted only data incidental to its provision of the internet service. In that case, Embarq had granted a third party, NebuAd, permission to conduct a technology test by acquiring information about Embarq's users so that NebuAd could provide targeted advertising to those users. 702 F.3d at 1247. The Tenth Circuit held that Embarq had not violated the ECPA because the ISP could not be liable for NebuAd's interceptions. Id. at 1249. Further, Embarq itself did not review any of the raw data that NebuAd collected. Id. at 1250. Rather, Embarq had no more access than it otherwise would have had as an ISP. Id. Embarq's ordinary course of business as an ISP necessarily required that it would have access to data that was transmitted over its equipment. Id. at 1249. The relationship between Embarq and NebuAd's technology test did not expand the universe of data to which Embarq had access beyond the data Embarq could access in its provision of internet services. Id. at 1250. Accordingly, Embarq's actions fell within its ordinary course of business. Unlike this case, the only information to which Embarq had access was collected by Embarq's devices that provided internet services. Id. In contrast, here, Plaintiffs allege that there are separate devices — aside from the devices related to delivery of email — that intercept users' emails. ECF No. 38-2 ¶ 259(e). Considered practically, Google is more akin to NebuAd, which intercepted data for the purpose of providing targeted advertising — a purpose separate and apart from Embarq's provision of internet service. Cf. Kirch, 702 F.3d at 1248. However, because NebuAd settled with the Plaintiffs in Kirch, the Tenth Circuit's opinion does not deal with NebuAd's liability. Id. at 1248 n. 2, 1249 ("[W]e need not address whether NebuAd intercepted any of the Kirches' electronic communications."). The Court therefore finds that Kirch's discussion of Embarq's liability cuts in favor of a narrow reading of the section 2510(5)(a)(ii) exception and that Kirch stands only for the narrow proposition that interceptions incidental to the provision of the alleged interceptor's internet service fall within the "ordinary course of business" exception.
Hall v. Earthlink Network, Inc., 396 F.3d 500 (2d Cir. 2005), which also addresses the section 2510(5)(a)(ii) exception, further suggests that this Court should narrowly read the "ordinary course of business" exception. There, the Second Circuit affirmed a grant of summary judgment and concluded that Earthlink did not violate the ECPA when Earthlink continued to receive and store emails sent to an address that had been closed. The Second Circuit found that the plaintiff in that case did not present any evidence that Earthlink's continued receipt of emails was outside its ordinary course of business. Id. at 505. The Court noted that Earthlink presented testimony that Earthlink routinely continued to receive and store emails after an account was canceled and more critically that Earthlink "did not have the ability to bounce e-mail back to senders after the termination of an account." Id. Accordingly, in Hall, the email provider's alleged interceptions were a necessary part of its ability to provide email services. In the instant case, by contrast, Plaintiffs have alleged that Google could operate its Gmail system without reading the emails for the purposes of targeted advertising or the creation of user profiles. ECF No. 38-2 ¶ 97. Therefore, unlike Earthlink, the alleged interception in the instant case is not incidental to the operation of the service.[3]
In addition to the text and the case law, the statutory scheme and legislative history also weigh in favor of a narrow reading of the section 2510(5)(a)(ii) exception. Specifically, a separate exception to the Wiretap Act related to electronic service providers states that:
It shall not be unlawful under this chapter for an operator of a switchboard, or an officer, employee, or agent of a provider of wire or electronic communication service, whose facilities are used in the transmission of a wire or electronic communication, to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service, except that a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks.
18 U.S.C. § 2511(2)(a)(i) (emphasis added). The statute explicitly limits the use of service observing or random monitoring by electronic communication service providers to mechanical and service quality control checks. Id. Accordingly, the statutory scheme suggests that Congress did not intend to allow electronic communication service providers unlimited leeway to engage in any interception that would benefit their business models, as Google contends. In fact, this statutory provision would be superfluous if the ordinary course of business exception were as broad as Google suggests. See Duncan v. Walker, 533 U.S. 167, 174 (2001) (stating that in statutory interpretation, courts should "give effect, if possible, to every clause and word of a statute").
The legislative history of section 2511(2)(a)(i), which Google cites, ECF No. 44 at 7, also supports reading the ordinary course of business exception to require that the interception be instrumental to the provision of the service. A U.S. Senate Report regarding the ECPA states that "[t]he provider of electronic communications services may have to monitor a stream of transmissions in order to properly route, terminate, and otherwise manage the individual messages they contain. These monitoring functions, which may be necessary to the provision of an electronic communication service, do not involve humans listening in on voice conversations. Accordingly, they are not prohibited." ECF No. 45-2 at 20. This suggests that Congress intended to protect electronic communication service providers from liability when the providers were monitoring communications for the purposes of ensuring that the providers could appropriately route, terminate, and manage messages. Accordingly, the Court concludes that the legislative history supports a narrow reading of the section 2510(5)(a)(ii) exception, under which an electronic communication service provider must show some link between the alleged interceptions at issue and its ability to operate the communication system. Google's broader reading of the exception would conflict with Congressional intent.
The case law applying the "ordinary course of business" exception in the 2510(5)(a)(i) context also suggests that courts have narrowly construed that phrase. For example, in Arias v. Mutual Central Alarm Service, Inc., the Second Circuit found that it was within an alarm company's ordinary course of business to record all incoming and outgoing calls because maintaining records of the calls was instrumental "to ensure that [the alarm company's] personnel are not divulging sensitive customer information, that events are reported quickly to emergency services, that customer claims regarding events are verifiable, and that the police and other authorities may rely on these records in conducting any investigations." 202 F.3d at 559 (internal quotation marks and alterations omitted). Similarly, the Tenth Circuit found that an employer's installation of a telephone monitoring device on the phone lines in departments where employees interacted with the public was within the employer's ordinary course of business because of "concern by management over abusive language used by irate customers when called upon to pay their bills, coupled with the possible need to give further training and supervision to employees dealing with the public." James v. Newspaper Agency Corp., 591 F.2d 579, 581 (10th Cir. 1979).
The narrow construction of "ordinary course of business" is most evident in section 2510(5)(a)(i) cases where an employer has listened in on employees' phone calls in the workplace. See United States v. Murdock, 63 F.3d 1391, 1396 (6th Cir. 1995) (noting that "[a] substantial body of law has developed on the subject of ordinary course of business in the employment field where employees have sued their employers" and that "[t]hese cases have narrowly construed the phrase `ordinary course of business'"); Watkins, 704 F.2d at 582. These cases suggest that an employer's eavesdropping on an employee's phone call is only permissible where the employer has given notice to the employee. See Adams, 250 F.3d at 984 (finding that the exception generally requires that the use be "(1) for a legitimate business purpose, (2) routine, and (3) with notice"). Further, these cases have suggested that an employer may only listen to an employee's phone call for the narrow purpose of determining whether a call is for personal or business purposes. In Watkins, for example, the court held that an employer "was obliged to cease listening as soon as she had determined that the call was personal, regardless of the contents of the legitimately heard conversation." 704 F.2d at 584. Watkins concerned a situation in which an employer listened in on an employee's personal phone call wherein the employee discussed a job interview. The Eleventh Circuit reversed a grant of summary judgment in favor of the employer notwithstanding the fact that the interception concerned a conversation that was "obviously of interest to the employer." Id. at 583-84.
These cases suggest a narrow reading of "ordinary course of business" under which there must be some nexus between the need to engage in the alleged interception and the subscriber's ultimate business, that is, the ability to provide the underlying service or good. In the instant matter, Plaintiffs explicitly allege that there is no comparable nexus between Google's interceptions and its ability to provide the electronic communication service at issue in this case, email. Specifically, in their Complaint, Plaintiffs state that Google's interceptions are "for [Google's] own benefit in other Google services unrelated to the service of email or the particular user." ECF No. 38-2 ¶ 97.
In light of the statutory text, case law, statutory scheme, and legislative history concerning the ordinary course of business exception, the Court finds that the section 2510(5)(a)(ii) exception is narrow and designed only to protect electronic communication service providers against a finding of liability under the Wiretap Act where the interception facilitated or was incidental to provision of the electronic communication service at issue.[4] Plaintiffs have plausibly alleged that Google's reading of their emails was not within this narrow ordinary course of its business. Specifically, Plaintiffs allege that Google intercepts emails for the purposes of creating user profiles and delivering targeted advertising, which are not instrumental to Google's ability to transmit emails. The Consolidated Complaint alleges that "Google uses the content of the email messages [Google intercepts] and the derivative data it creates for its own benefit in other Google services unrelated to the service of email or the particular user." ECF No. 38-2 ¶¶ 97, 259(g). Plaintiffs support their assertion by suggesting that Google's interceptions of emails for targeting advertising and creating user profiles occurred independently from the rest of the email-delivery system. In fact, according to the Consolidated Complaint, the Gmail system has always had separate processes for spam filtering, antivirus protections, spell checking, language detection, and sorting than the devices that perform alleged interceptions that are challenged in this case. Id. ¶¶ 5, 200, 259(e). As such, the alleged interception of emails at issue here is both physically and purposively unrelated to Google's provision of email services. Id. ¶¶ 74, 259(g). Google's alleged interceptions are neither instrumental to the provision of email services, nor are they an incidental effect of providing these services. The Court therefore finds that Plaintiffs have plausibly alleged that the interceptions fall outside Google's ordinary course of business.
Furthermore, the D.C. Circuit has held in a section 2510(5)(a)(i) case that a defendant's actions may fall outside the "ordinary course of business" exception when the defendant violates its own internal policies. See Berry, 146 F.3d at 1010. In Berry, the court reversed a district court's grant of summary judgment in favor of the government on "ordinary course of business" grounds in part because the interception violated internal policies. That case concerned a Wiretap Act claim brought by a senior State Department officer against State Department Operations Center Watch Officers for monitoring the officer's phone call with another high-ranking officer. Id. at 1005. The D.C. Circuit noted that the "Operations Center Manual in effect at the time of these conversations cautioned that calls between Senior Department Officials ... `should not be monitored unless they so request.'" Id. at 1006. The court held that the "government's position [that this monitoring was within its ordinary course of business] is fatally undermined by the Operations Center guidelines which clearly indicate the norm of behavior the Watch Officers were to follow and which must be regarded as the ordinary course of business for the Center." Id. at 1009-10.
The Court finds that the reasoning of the D.C. Circuit applies equally in the section 2510(5)(a)(ii) context. Here, Plaintiffs allege that Google has violated its own policies and therefore is acting outside the ordinary course of business. Specifically, Plaintiffs allege that Google's Privacy Policies explicitly limit the information that Google may collect to an enumerated list of items, and that this list does not include content of emails. ECF No. 38-2 ¶¶ 187-91. Plaintiffs point to the language of the Privacy Policy that states that Google "may collect the following types of information" and then lists (1) information provided by the user (such as personal information submitted on the sign-up page), (2) information derived from cookies, (3) log information, (4) user communications to Google, (5) personal information provided by affiliated Google services and sites, (6) information from third party applications, (7) location data, and (8) unique application numbers from Google's toolbar. Id. ¶ 187; ECF No. 46-7. Plaintiffs further note that the updated Privacy Policy also stated that Google "collected information in two ways": "(1) information the user gives to Google—the user's personal information; and, (2) information Google obtains from the user's use of Google services, wherein Google lists: (a) the user's device information; (b) the user's log information; (c) the user's location information; (d) the user's unique application number; (e) information stored locally on the user's device; and, (e) [sic] information derived from cookies placed on a user's device." ECF No. 38-2 ¶ 189; ECF No. 46-10. Because content of emails between users or between users and non-users was not part of either list, Plaintiffs allege that Google "violates the express limitations of its Privacy Policies." Id. ¶¶ 191, 195. The Court need not determine at this stage whether Plaintiffs will ultimately be able to prove that the Privacy Policies were intended to comprehensively list the information Google may collect. Rather, Plaintiffs' plausible allegations that the Privacy Policies were exhaustive are sufficient. Because Plaintiffs have alleged that Google exceeded the scope of its own Privacy Policy, the section 2510(5)(a)(ii) exception cannot apply.
Accordingly, the Court DENIES Google's Motion to Dismiss based on the section 2510(5)(a)(ii) exception.[5]
2. Consent
Google's second contention with respect to Plaintiffs' Wiretap Act claim is that all Plaintiffs consented to any interception of emails in question in the instant case. Specifically, Google contends that by agreeing to its Terms of Service and Privacy Policies, all Gmail users have consented to Google reading their emails. ECF No. 44 at 14-16. Google further suggests that even though non-Gmail users have not agreed to Google's Terms of Service or Privacy Policies, all non-Gmail users impliedly consent to Google's interception when non-Gmail users send an email to or receive an email from a Gmail user. Id. at 19-21.
If either party to a communication consents to its interception, then there is no violation of the Wiretap Act. 18 U.S.C. § 2511(2)(d).[6] Consent to an interception can be explicit or implied, but any consent must be actual. See United States v. Van Poyck, 77 F.3d 285, 292 (9th Cir. 1996); U.S. v. Amen, 831 F.2d 373, 378 (2d Cir. 1987); U.S. v. Corona-Chavez. 328 F.3d 974, 978 (8th Cir. 2003). Courts have cautioned that implied consent applies only in a narrow set of cases. See Watkins, 704 F.2d at 581 (holding that consent should not be "cavalierly implied"); In re Pharmatak, 329 F.3d at 20. The critical question with respect to implied consent is whether the parties whose communications were intercepted had adequate notice of the interception. Berry, 146 F.3d at 1011. That the person communicating knows that the interceptor has the capacity to monitor the communication is insufficient to establish implied consent. Id. Moreover, consent is not an all-or-nothing proposition. Rather, "[a] party may consent to the interception of only part of a communication or to the interception of only a subset of its communications." In re Pharmatrack, Inc., 329 F.3d at 19.
In its Motion to Dismiss, Google marshals both explicit and implied theories of consent. Google contends that by agreeing to Google's Terms of Service and Privacy Policies, Plaintiffs who are Gmail users expressly consented to the interception of their emails. ECF No. 44 at 14-16. Google further contends that because of the way that email operates, even non-Gmail users knew that their emails would be intercepted, and accordingly that non-Gmail users impliedly consented to the interception. Id. at 19-20. Therefore, Google argues that in all communications, both parties — regardless of whether they are Gmail users — have consented to the reading of emails. Id. at 13-14. The Court rejects Google's contentions with respect to both explicit and implied consent. Rather, the Court finds that it cannot conclude that any party — Gmail users or non-Gmail users — has consented to Google's reading of email for the purposes of creating user profiles or providing targeted advertising.
Google points to its Terms of Service and Privacy Policies, to which all Gmail and Google Apps users agreed, to contend that these users explicitly consented to the interceptions at issue. The Court finds, however, that those policies did not explicitly notify Plaintiffs that Google would intercept users' emails for the purposes of creating user profiles or providing targeted advertising.
Section 8 of the Terms of Service that were in effect from April 16, 2007, to March 1, 2012, stated that "Google reserves the right (but shall have no obligation) to pre-screen, review, flag, filter, modify, refuse or remove any or all Content from any Service."[7] ECF No. 46-5 at 4. This sentence was followed by a description of steps users could take to avoid sexual and objectionable material. Id. ("For some of the Services, Google may provide tools to filter out explicit sexual content."). Later, section 17 of the Terms of Service stated that "advertisements may be targeted to the content of information stored on the Services, queries made through the Services or other information." Id. at 8.
The Court finds that Gmail users' acceptance of these statements does not establish explicit consent. Section 8 of the Terms of Service suggests that content may be intercepted under a different set of circumstances for a different purpose — to exclude objectionable content, such as sexual material. This does not suggest to the user that Google would intercept emails for the purposes of creating user profiles or providing targeted advertising. Watkins, 704 F.2d at 582 ("[C]onsent within the meaning of section 2511(2)(d) is not necessarily an all or nothing proposition; it can be limited. It is the task of the trier of fact to determine the scope of the consent and to decide whether and to what extent the interception exceeded that consent."); In re Pharmatrack, Inc., 329 F.3d at 19 ("Thus, a reviewing court must inquire into the dimensions of the consent and then ascertain whether the interception exceeded those boundaries.") (internal quotation marks omitted). Therefore, to the extent that section 8 of the Terms of Service establishes consent, it does so only for the purpose of interceptions to eliminate objectionable content. The Consolidated Complaint suggests, however, that Gmail's interceptions for the purposes of targeted advertising and creation of user profiles was separate from screening for any objectionable content. See ECF No. 38-2 ¶¶ 5, 200. Because the two processes were allegedly separate, consent to one does not equate to consent to the other.
Section 17 of the Terms of Service — which states that Google's "advertisements may be targeted to the content of information stored on the Services, queries made through the Services or other information" — is defective in demonstrating consent for a different reason: it demonstrates only that Google has the capacity to intercept communications, not that it will. Berry, 146 F.3d at 1011 (holding that knowledge of defendant's capacity to monitor is insufficient to establish consent). Moreover, the language suggests only that Google's advertisements were based on information "stored on the Services" or "queries made through the Services" — not information in transit via email. Plaintiffs here allege that Google violates the Wiretap Act, which explicitly protects communications in transit, as distinguished from communications that are stored. Furthermore, providing targeted advertising is only one of the alleged reasons for the interceptions at issue in this case. Plaintiffs also allege that Google intercepted emails for the purposes of creating user profiles. See ECF No. 38-2 ¶ 95. Section 17, to the extent that it suggests interceptions, only does so for the purposes of providing advertising, not creating user profiles. Accordingly, the Court finds that neither section of the Terms of Service establishes consent.
The Privacy Policies in effect from August 8, 2008, to October 3, 2010, to which all Gmail users agreed and upon which Google now relies, do not clarify Google's role in intercepting communications between its users. The Policies stated that Google may collect "[i]nformation you provide, [c]ookies[,] [l]og information[,] [u]ser communications to Google[,] [a]ffiliated sites, [l]inks[,] [and] [o]ther sites." See ECF No. 46-7 at 2-3. Google described that it used such information for the purposes of "[p]roviding our services to users, including the display of customized content and advertising." Id. at 3. In 2010, Google later updated the Policy to state that the collected information would be used to "[p]rovide, maintain, protect, and improve our services (including advertising services) and develop new services." See ECF No. 46-9 at 3. Nothing in the Policies suggests that Google intercepts email communication in transit between users, and in fact, the policies obscure Google's intent to engage in such interceptions. The Privacy Policies explicitly state that Google collects "user communications ... to Google." See ECF No. 46-7 at 3 (emphasis added). This could mislead users into believing that user communications to each other or to nonusers were not intercepted and used to target advertising or create user profiles. As such, these Privacy Policies do not demonstrate explicit consent, and in fact suggest the opposite.
After March 1, 2012, Google modified its Terms of Service and Privacy Policy. The new policies are no clearer than their predecessors in establishing consent. The relevant part of the new Terms of Service state that when users upload content to Google, they "give Google (and those [Google] work[s] with) a worldwide license to use ..., create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), ... and distribute such content." See ECF No. 46-6 at 3. The Terms of Service cite the new Privacy Policy, in which Google states to users that Google "may collect information about the services that you use and how you use them, like when you visit a website that uses our advertising services or you view and interact with our ads and content. This information includes: [d]evice information[,] [l]og information[,] [l]ocation information[,] [u]nique application numbers[,] [l]ocal storage[,] [c]ookies[,] and anonymous identifiers." ECF No. 46-10 at 3. The Privacy Policy further states that Google "use[s] the information [it] collect[s] from all [its] services to provide, maintain, protect and improve them, to develop new ones, and to protect Google and [its] users. [Google] also use[s] this information to offer you tailored content — like giving you more relevant search results and ads." See ECF No. 46-10 at 3. These new policies do not specifically mention the content of users' emails to each other or to or from non-users; these new policies are not broad enough to encompass such interceptions. Furthermore, the policies do not put users on notice that their emails are intercepted to create user profiles. The Court therefore finds that a reasonable Gmail user who read the Privacy Policies would not have necessarily understood that her emails were being intercepted to create user profiles or to provide targeted advertisements. Accordingly, the Court finds that it cannot conclude at this phase that the new policies demonstrate that Gmail user Plaintiffs consented to the interceptions.
Finally, Google contends that non-Gmail users — email users who do not have a Gmail account and who did not accept Gmail's Terms of Service or Privacy Policies — nevertheless impliedly consented to Google's interception of their emails to and from Gmail users, and to Google's use of such emails to create user profiles and to provide targeted advertising. ECF No. 44 at 19-20. Google's theory is that all email users understand and accept the fact that email is automatically processed. Id. However, the cases Google cites for this far-reaching proposition hold only that the sender of an email consents to the intended recipients' recording of the email — not, as has been alleged here, interception by a third-party service provider. See State v. Townsend, 57 P.3d 255, 260 (Wash. 2002) (finding consent and therefore no violation of Washington's privacy act when email and instant message communications sent to an undercover police officer were used against criminal defendant); State v. Lott, 879 A.2d 1167, 1172 (N.H. 2005) (same under New Hampshire law); Commonwealth v. Proetto, 771 A.2d 823, 829 (Pa. Super. Ct. 2001) (holding that the Pennsylvania anti-wiretapping law was not violated when the recipient forwarded emails and chat messages to the police). Google has cited no case that stands for the proposition that users who send emails impliedly consent to interceptions and use of their communications by third parties other than the intended recipient of the email. Nor has Google cited anything that suggests that by doing nothing more than receiving emails from a Gmail user, non-Gmail users have consented to the interception of those communications. Accepting Google's theory of implied consent — that by merely sending emails to or receiving emails from a Gmail user, a non-Gmail user has consented to Google's interception of such emails for any purposes — would eviscerate the rule against interception. See Watkins, 704 F.2d at 581 ("It would thwart th[e] policy [of protecting privacy] if consent could routinely be implied from circumstances.").[8] The Court does not find that non-Gmail users who are not subject to Google's Privacy Policies or Terms of Service have impliedly consented to Google's interception of their emails to Gmail users.
Because Plaintiffs have adequately alleged that they have not explicitly or implicitly consented to Google's interceptions, the Court DENIES Google's Motion to Dismiss on the basis of consent.[9]
B. CIPA
CIPA, Cal. Penal Code § 630, et seq., California's anti-wiretapping and anti-eavesdropping statute, prohibits unauthorized interceptions of communications in order "to protect the right of privacy." Cal. Penal Code § 630. The California Legislature enacted CIPA in 1967 in response to "advances in science and technology [that] have led to the development of new devices and techniques for the purpose of eavesdropping upon private communications." Id.
Section 631 prohibits wiretapping or "any other unauthorized connection" with a "wire, line, cable, or instrument." See Cal. Penal Code § 631(a). The California Supreme Court has held that section 631 protects against three distinct types of harms: "intentional wiretapping, willfully attempting to learn the contents or meaning of a communication in transit over a wire, and attempting to use or communicate information obtained as a result of engaging in either of the previous two activities." Tavernetti v. Superior Court, 583 P.2d 737, 741 (Cal. 1978). Section 632 prohibits unauthorized electronic eavesdropping on confidential conversations. See Cal. Penal Code § 632(a). To state a claim under section 632, a plaintiff must allege an electronic recording of or eavesdropping on a confidential communication, and that not all parties consented to the eavesdropping. Flanagan v. Flanagan, 41 P.3d 575, 577 (Cal. 2002).
CIPA also contains a public utility exemption, which applies to claims under both sections 631 and 632. Cal. Penal Code §§ 631(b), 632(e). Neither section applies "to any public utility engaged in the business of providing communications services and facilities, or to the officers, employees, or agents thereof, where the acts otherwise prohibited by this section are for the purpose of construction, maintenance, conduct or operation of the services and facilities of the public utility." Cal. Penal Code §§ 631(b), 632(e).
Plaintiffs allege violations of both section 631 and section 632. See ECF No. 38-2 ¶ 321. Google moves to dismiss on five bases. See ECF No. 44 at 23-24, 27-28. Google contends that Plaintiffs lack standing to allege such violations and that the California law should not apply due to choice of law principles. See id. Google also moves to dismiss Plaintiffs' claims on substantive bases, contending that neither section 631 nor section 632 applies to email and that the public utility exemption applies. See ECF No. 44 at 21-23, ECF No. 56 at 14-15. Finally, Google moves to dismiss Plaintiffs' section 632 claim because the communications at issue in this case were not confidential as defined by that section and because that section is preempted by the ECPA. See ECF No. 44 at 25-27.
1. Standing
Google first contends that Plaintiffs lack standing under Article III to assert a CIPA claim. A federal court must ask whether a plaintiff has suffered sufficient injury to satisfy the "case or controversy" requirement of Article III of the U.S. Constitution. ECF No. 44 at 23-24. To satisfy Article III standing, a plaintiff must allege: (1) injury-in-fact that is concrete and particularized, as well as actual or imminent; (2) wherein injury is fairly traceable to the challenged action of the defendant; and (3) it is likely (not merely speculative) that injury will be redressed by a favorable decision. Friends of the Earth, Inc. v. Laidlaw Envtl. Servs. (TOC), Inc., 528 U.S. 167, 180-81 (2000); Lujan v. Defenders of Wildlife, 504 U.S. 555, 560-61 (1992). A suit brought by a plaintiff without Article III standing is not a "case or controversy," and an Article III federal court therefore lacks subject matter jurisdiction over the suit.
Google's contention is that Plaintiffs have not suffered the "injury" required by Article III to confer standing. ECF No. 44 at 24. Under Ninth Circuit precedent, the injury required by Article III may exist by virtue of "statutes creating legal rights, the invasion of which creates standing." See Edwards v. First Am. Fin. Corp., 610 F.3d 514, 517 (9th Cir. 2010) (quoting Warth v. Seldin, 422 U.S. 490, 500 (1975)). In such cases, the "standing question ... is whether the constitutional or statutory provision on which the claim rests properly can be understood as granting persons in the plaintiff's position a right to judicial relief." Id. (quoting Warth, 422 U.S. at 500). In Edwards, the Ninth Circuit has held that the Real Estate Settlement Procedures Act ("RESPA") conferred standing to a homeowner who sought to challenge the kickback relationship between the title insurer and title agency despite the fact that the homeowner suffered no independent injury, through, for example, overpayment. Id. The court there held that the structure of RESPA was such that independent injury was not needed; a plaintiff's showing that the defendant's conduct violated the statute was sufficient to confer standing. Id.[10]
Applying the Ninth Circuit's decision in Edwards, courts in this district have found that allegations of a Wiretap Act violation are sufficient to establish standing. In In re Facebook Privacy Litigation, 791 F. Supp. 2d 705, 712 (N.D. Cal. 2011), for example, the court held that the "Wiretap Act provides that any person whose electronic communication is `intercepted, disclosed, or intentionally used' in violation of the Act may in a civil action recover from the entity which engaged in that violation." Accordingly, the court found that where the plaintiffs had alleged that their communications had been intercepted, they "alleged facts sufficient to establish that they have suffered the injury required for standing under Article III." Id. at 712; see also In re iPhone Application Litig., 844 F. Supp. 2d 1040, 1055 (N.D. Cal. 2012) ("[A] violation of the Wiretap Act... may serve as a concrete injury for the purposes of Article III injury analysis."); In re Google, Inc. Privacy Policy Litig., 2012 WL 6738343 (N.D. Cal. Dec. 28, 2012) ("[If viable], Plaintiffs' Wiretap Act claim might help [show standing], [because] a violation of the rights provided under the statute may be sufficient by itself to confer standing.")
The reasoning of these cases that find standing when there is an allegation of a Wiretap Act violation applies equally to CIPA. Like the Wiretap Act, CIPA creates a private right of action when a defendant engages in wiretapping or eavesdropping. Compare 18 U.S.C. § 2520(a) ("[A]ny person whose wire, oral, or electronic communication is intercepted, disclosed, or intentionally used in violation of this chapter may in a civil action recover from the person or entity, other than the United States, which engaged in that violation), with Cal. Penal Code § 637.2(a) ("Any person who has been injured by a violation of this chapter may bring an action against the person who committed the violation."). Further, like the Wiretap Act, CIPA authorizes an award of statutory damages any time a defendant violates the provisions of the statute without any need to show actual damages. Compare 18 U.S.C. § 2520(c) (authorizing statutory damages), with Cal. Penal Code § 637.2(a)(1) (same) and Cal. Penal Code § 637.2(c) ("It is not a necessary prerequisite to an action pursuant to this section that the plaintiff has suffered, or be threatened with, actual damages."). Therefore, the Court finds that the allegation of a violation of CIPA, like an allegation of the violation of the Wiretap Act, is sufficient to confer standing without any independent allegation of injury. Like both RESPA and the Wiretap Act, therefore, CIPA creates a statutory right the violation of which confers standing on a plaintiff.
Google relies exclusively on the differences in statutory text between CIPA and the Wiretap Act to contend that CIPA requires an independent allegation of injury even where the Wiretap Act does not. Specifically, Google notes that the provision of CIPA that creates a cause of action states that, "[a]ny person who has been injured by a violation of this chapter may bring an action against the person who committed the violation." Cal. Penal Code § 637.2(a) (emphasis added). Google's contention is that the word "injured" means that Plaintiffs must show some injury independent of the invasion of their statutory rights under CIPA. Google cites no authority for the proposition that section 637.2 requires independent injury or the proposition that the word "injured" triggers an obligation to demonstrate independent injury for the purposes of Article III standing. The California case law on CIPA cuts against Google's contention that "injured" requires independent injury. As the California Court of Appeals has stated, "Section 637.2 is fairly read as establishing that no violation of the Privacy Act [CIPA] is to go unpunished. Any invasion of privacy involves an affront to human dignity which the Legislature could conclude is worth at least $3,000. The right to recover this statutory minimum accrued at the moment the Privacy Act [CIPA] was violated." Friddle v. Epstein, 21 Cal. Rptr. 85, 92 (Cal Ct. App. 1993); see also id. ("Plaintiff invaded defendants' privacy and violated the Privacy Act [CIPA] at the moment he began making his secret recording. No subsequent action or inaction is of consequence to this conclusion."); accord Ribas v. Clark, 38 Cal. 3d 355, 365 (Cal. 1985) ("In view of the manifest legislative purpose to accord every citizen's privacy the utmost sanctity, section 637.2 was intended to provide those who suffer an infringement of this aspect of their personal liberty a means of vindicating their right.").
Accordingly, the Court finds that CIPA and the Wiretap Act are not distinguishable for the purposes of standing. Because courts have, under existing Ninth Circuit authority, consistently held that the invasion of rights under the Wiretap Act is sufficient for Article III standing, this Court concludes that the same is true of CIPA. All Plaintiffs need allege is an invasion of statutory CIPA rights to survive a motion to dismiss on standing grounds. There is no dispute that they have done so here. The Court therefore DENIES Google's Motion to Dismiss the CIPA claims on standing grounds.
2. Choice of Law
Google contends that under choice of law principles, California law should not apply and that the Court should accordingly dismiss Plaintiffs' California claims. ECF No. 44 at 27-30. Plaintiffs contend that the choice of law analysis should wait for later stages of the proceedings. ECF No. 53 at 28. As set forth below, the choice of law inquiry raises complicated, fact-intensive questions better answered at later stages of the litigation. Therefore, the Court DENIES the Motion to Dismiss on choice of law grounds.
To determine which state's law should apply, "[a] federal court ... must look to the forum state's choice of law rules to determine the controlling substantive law." Mazza v. American Honda Motor Co., Inc., 666 F.3d 581, 589 (9th Cir. 2012) (internal quotation marks omitted). Under California law, class action plaintiffs have the burden to "show that California has sufficient contact or sufficient aggregation of contacts to the claims of each class member." Id. at 589-90 (internal quotation marks omitted). If this showing is made, "the burden shifts to the other side to demonstrate that foreign law, rather than California law, should apply to class claims." Id. at 590.
"California courts apply the so-called governmental interest analysis" to determine whether California law should be applied on a class-wide basis." Kearney v. Salomon Smith Barney, Inc., 137 P.3d 914, 917 (Cal. 2006). Under this three-part test: "[1] the court determines whether the relevant law of each of the potentially affected jurisdictions with regard to the particular issue in question is the same or different ... [; 2] if there is a difference, the court examines each jurisdiction's interest in the application of its own law under the circumstances of the particular case to determine whether a true conflict exists ... [; and 3] if the court finds there is a true conflict, it carefully evaluates and compares the nature and strength of the interest of each jurisdiction in the application of its own law ... and then ultimately applies the law of the state whose interest would be more impaired if its law were not applied." Mazza, 666 F.3d at 590 (quoting McCann v. Foster Wheeler, LLC, 225 P.3d 517, 527 (Cal. 2010)).
The Court finds that Plaintiffs have established that their claims are sufficiently related to California to trigger application of the three-part test. The Ninth Circuit has held that sufficient aggregate contacts with California are established in a class action when a defendant's corporate headquarters is located in the state, advertising materials pertaining to representations the company made to class members are created in the state, and one fifth of the class is located in California. Mazza, 666 F.3d at 590. In this case, as Plaintiffs allege, Google is located in California, it developed and implemented the practices at issue in this action in California, and one or more of the physical interceptions at the heart of Plaintiffs' claims occurred in California. ECF No. 38-2 ¶ 290 ("Google's acts in violation of CIPA occurred in the State of California ... . Google's implementation of its business decisions, practices, and standard ongoing policies which violate CIPA took place in the State of California. Google profited in the State of California"); ECF No. 53 at 29. In short, California is the epicenter of the practices at issue in this case for all Plaintiffs. Therefore, the Court finds that Plaintiffs have shown that "California has a constitutionally sufficient aggregation of contacts to the claims of each putative class member." Mazza, 666 F.3d at 590.
Because the Court finds sufficient aggregate contacts, it turns to the first of the three-part inquiry to determine whether California law or the law of another state should apply to the class claims. The Court must determine whether there is a material conflict between the laws of California and those of the Plaintiffs' home states. Google contends that there is a conflict because Alabama and Maryland law are narrower with respect to scope of liability, enforcement mechanisms, and available remedies. ECF No. 44 at 28.
The Court cannot, at this stage, determine whether there are differences with respect to the scope of liability. Google correctly contends that under Alabama and Maryland's law, one party's consent is sufficient to negate an interception, while under California law, both parties must consent. Id. Yet, it is not clear whether this difference in the scope of liability is material, that is whether, it "make[s] a difference in this litigation." Mazza, 666 F.3d at 590. This is because Plaintiffs contend that neither party has consented, while Google contends that all parties have consented. ECF No. 38-2 ¶ 102-97, ECF No. 44 at 13-14. Accordingly, on either party's theory of liability, the difference in state law with respect to the consent standard would not be a material difference.
Therefore, the Court finds that it cannot conduct a meaningful choice of law analysis, such as that contemplated by Mazza, at this early stage of the litigation where the issues of contention are still in flux.[11] As other courts have noted, the rigorous choice of law analysis required by Mazza cannot be conducted at the motion to dismiss stage. See Clancy v. The Bromley Tea Co., 2013 WL 4081632 (N.D. Cal. Aug. 9, 2013) ("Such a detailed choice-of-law analysis is not appropriate at [the motion for judgment on the pleadings] stage of the litigation. Rather, such a fact-heavy inquiry should occur during the class certification stage, after discovery."); In re Clorox Consumer Litig., 894 F. Supp. 2d 1224, 1237 (N.D. Cal. 2012) ("Significantly, Mazza was decided on a motion for class certification, not a motion to strike. At [the motion to dismiss] stage of the instant litigation, a detailed choice-of-law analysis would be inappropriate. Since the parties have yet to develop a factual record, it is unclear whether applying different state consumer protection statutes could have a material impact on the viability of Plaintiffs' claims.") (citation omitted); Donohue v. Apple, Inc., 871 F. Supp. 2d 913, 923 (N.D. Cal. 2012) ("Although Mazza may influence the decision whether to certify the proposed class and subclass, such a determination is premature. At [the motion to dismiss] stage in the litigation—before the parties have submitted briefing regarding either choice-of-law or class certification—plaintiff is permitted to assert claims under the laws of different states in the alternative."); In re Sony Grand Wega KDF-E A10/A20 Series Rear Projection HDTV Television Litig., 758 F. Supp. 2d 1077, 1096 (S.D. Cal. 2010) ("In a putative class action, the Court will not conduct a detailed choice-of-law analysis during the pleading stage.").
Accordingly, the Court defers resolution of the choice of law issues until the class certification phase and DENIES Google's Motion to Dismiss on the basis of choice of law without prejudice to Google raising this argument at a later stage.
3. Section 631
Google contends that even if Plaintiffs' section 631 challenge is not procedurally barred, it is substantively deficient because that section does not apply to emails. ECF No. 44 at 21-23. Further, in its reply brief, Google contends that the public utility exemption applies. ECF No. 56 at 14-15.
a. Application to Email
The Court finds that there is no binding authority with respect to whether section 631 applies to email.[12] The only authority from the California courts is a Superior Court ruling. See Diamond v. Google, Inc., CIV-1202715 (Cal. Super. Ct., Marin Cnty. Aug. 14, 2013) (finding, without providing analysis, that allegations of interception of email communication are sufficient to state a claim under Cal. Penal Code § 631). While two federal courts have been confronted with the application of CIPA to Internet browsing history and emails, those matters were resolved on other grounds before reaching the question of CIPA's application to digital technologies generally or email specifically. Valentine v. NebuAd, Inc., 804 F. Supp. 2d 1022 (N.D. Cal. 2011); Bradley v. Google, 2006 WL 3798134, at *5-6 (N.D. Cal. Dec. 22, 2006).
In the absence of binding authority, this Court must predict what the California Supreme Court would do if confronted with this issue. See Valentine, 804 F. Supp. 2d at 1027. The Court begins by looking to the text. Section 631 establishes liability for:
[a]ny person who, by means of any machine, instrument, or contrivance, or in any other manner, intentionally taps, or makes any unauthorized connection, whether physically, electrically, acoustically, inductively, or otherwise, with any telegraphic or telephone wire, line cable, or instrument, including the wire, line, cable, or instrument of any internal telephonic communication system, or who willfully or without the consent of all parties to the communication, or in any unauthorized manner, reads or attempts to read, or to learn the contents or meaning of any message, report, or communication while the same is in transit or passing over any wire, line or cable, or is being sent from, or received at any place within this state.
Cal. Penal Code § 631. Google contends that the language "reads or attempts to read, or to learn the contents or meaning of any message, report, or communication while the same is in transit or passing over any wire, line or cable" applies only to interception of content on telephone and telegraphic wires, lines, or cables, as the first clause of the statute describes. ECF No. 44 at 21. As a result, Google contends that the second clause, upon which Plaintiffs rely, cannot apply to email since emails are not messages, reports or communications that pass over telephone or telegraphic wires. Id.
The Court rejects Google's reading of the statute. As a threshold matter, the second clause of the statute, which creates liability for individuals who "read[] or attempt[] to read, or to learn the contents or meaning of any message, report, or communication while the same is in transit or passing over any wire, line or cable, or is being sent from, or received at any place within this state[,]" is not limited to communications passing over "telegraphic or telephone" wires, lines, or cables. See Cal. Penal Code § 631 (emphasis added). Furthermore, the Court finds no reason to conclude that the limitation of "telegraphic or telephone" on "wire, line, cable, or instrument" in the first clause of the statute should be imported to the second clause of the statute. The second clause applies only to "wire[s], line[s], or cable[s]" — not "instrument[s,]" which are included in the first clause. The Court finds that this difference in coverage between the first and second clauses suggests that the Legislature intended the two clauses to apply to different types of communications. Accordingly, the Court rejects Google's contention that the limitations in the first clause must also apply to the second clause. The Court therefore finds that the plain language of the statute is broad enough to encompass email.
Further, the California Supreme Court's repeated finding that the California legislature intended for CIPA to establish broad privacy protections supports an expansive reading of the statute. See Flanagan, 41 P.3d at 581 ("In enacting [CIPA], the Legislature declared in broad terms its intent to protect the right of privacy of the people of this state from what it perceived as a serious threat to the free exercise of personal liberties. This philosophy appears to lie at the heart of virtually all the decisions construing [CIPA].") (internal quotation marks and citations omitted); Ribas v. Clark, 696 P.2d 637, 641 (Cal. 1985) (finding it is "probable" that the legislature designed Section 631 as a catch all to "proscrib[e] attempts to circumvent other aspects of the Privacy Act, e.g., by requesting a secretary to secretly transcribe a conversation over an extension, rather than tape recording it in violation of section 632"); Tavernetti v. Superior Court, 583 P.2d 737, 742 (Cal. 1978) ("Th[e] forceful expression of the constitutional stature of privacy rights [in California] reflects a concern previously evinced by the Legislature in enacting the invasion of privacy provisions of the Penal Code.").
Moreover, the California Supreme Court regularly reads statutes to apply to new technologies where such a reading would not conflict with the statutory scheme. For example, in a previous evolution in communications technology, the California Supreme Court interpreted "telegraph" functionally, based on the type of communication it enabled. In Davis v. Pacific Telephone & Telegraph, the Supreme Court held that "telegraph lines" in a criminal law proscribing the cutting of lines included telephone lines because "[t]he idea conveyed by each term is the sending of intelligence to a distance ... [thus] the term `telegraph' means any apparatus for transmitting messages by means of electric currents and signals." Davis v. Pacific Telephone & Telegraph Co., 59 P. 698, 699 (Cal. 1899); see also Apple v. Superior Court, 292 P.2d 883, 887 (Cal. 2013) ("Fidelity to legislative intent does not make it impossible to apply a legal text to technologies that did not exist when the text was created." (internal quotation marks omitted)).
In line with the plain language of the statute, the California Supreme Court's pronouncements regarding the broad legislative intent underlying CIPA to protect privacy, and the California courts' approach to updating obsolete statutes in light of emerging technologies, the Court finds that section 631 of CIPA applies to emails.
b. Public Utility Exemption
Google contends that even if CIPA applies to emails, it is a "public utility" that is exempt from the statute. ECF No. 56 at 14-15. The Court declines to reach this conclusion. California's Constitution defines "public utilities" as "[p]rivate corporations and persons that own, operate, control, or manage a line, plant, or system for ... the transmission of telephone and telegraph messages ... directly or indirectly to or for the public." Cal. Const., art. XII, § 3. The California Public Utility Code further defines this definition of "public utility" as "every common carrier..., telephone corporation [or] telegraph corporation ..., where the service is performed for, or the commodity is delivered to, the public or any portion thereof." Cal. Pub. Util. Code § 216(a). The Public Utility Code further specifies that a "telegraph corporation" is "every corporation or person owning, controlling, operating, or managing any telegraph line for compensation within this State." Id. § 236 (emphasis added). "Telegraph line" is defined as "all conduits, ducts, poles, wires, cables, instruments, and appliances, and all other real estate, fixtures, and personal property owned, controlled, operated, or managed in connection with or to facilitate communication by telegraph, whether such communication is had with or without the use of transmission wires." Id. § 235. The code uses analogous definitions for "telephone corporations" and "telephone lines." Id. §§ 233, 234.
In short, in California, a "public utility" is a precisely defined entity subject to an expansive and exacting regulatory regime. Under the plain language of the statutes, merely operating a service over a telephone or telegraph line does not render a company a public utility. Rather, the critical question is whether the company owns, controls, operates or manages a telephone or telegraph line. Cal. Pub. Util. Code § 236. Nothing in the record suggests that Google owns, controls, operates, or manages a telephone or telegraph lines in California. Accordingly, the Court finds that Google is not a "public utility" and thus does not qualify for the public utility exemption of Cal. Penal Code §§ 631(b). The Court therefore DENIES Google's Motion to Dismiss Plaintiffs' section 631 claims.
4. Section 632
To state a claim under California Penal Code § 632, a plaintiff must prove (1) an electronic recording of or eavesdropping on (2) a "confidential communication" (3) to which all parties did not consent. Flanagan, 41 P.3d at 577. As set forth below, Plaintiffs have not established that the communications at issue are confidential pursuant to section 632. Accordingly, the Court GRANTS without prejudice Google's Motion to Dismiss Plaintiffs' section 632 claim. Because this second element of a section 632 claim is not met, the Court need not address whether email constitutes an electronic recording under the statute nor need it address whether there was consent under California law.[13]
A conversation is "confidential" under section 632 "if a party to that conversation has an objectively reasonable expectation that the conversation is not being overheard or recorded. ... The standard of confidentiality is an objective one defined in terms of reasonableness." Faulkner v. ADT Sec. Servs., Inc., 706 F.3d 1017, 1019 (9th Cir. 2013). "To prevail against a 12(b)(6) motion, then, [the plaintiff] would have to allege facts that would lead to the plausible inference that his was a confidential communication — that is, a communication that he had an objectively reasonable expectation was not being recorded." Id. at 1020.
There is no authority from the California courts addressing whether emails can be confidential communication. Some decisions from the California appellate courts, however, suggest that internet-based communication cannot be confidential. These courts rely on the theory that individuals cannot have a reasonable expectation that their online communications will not be recorded. In People v. Nakai, 107 Cal. Rptr. 3d 402 (Cal. Ct. App. 2010), for example, the California Court of Appeals found that section 632 did not protect instant message communications of a criminal defendant charged with attempting to send harmful matter to a minor with intent to arouse and seduce. There, the defendant, an adult man, had sent sexually explicit material via instant message to a 35-year-old decoy, who was posing as a 12-year-old girl. Id. at 405-07. The appellate court found that while the defendant intended that the communication be kept confidential between himself and the recipient, he could not reasonably expect that the communications would not be recorded. Id. at 418. Specifically, the court found that the fact that the intended recipient could easily forward the information to others militated against finding that there was a reasonable expectation that the instant message would be kept confidential. Id. As the court stated, "it was not reasonable for defendant to expect the communications to be confidential because the circumstances reflect that the communications could have easily been shared or viewed by ... any computer user with whom [the intended recipient] wanted to share the communication." Id.; see also People v. Cho, 2010 WL 4380113 (Cal. Ct. App. Nov. 5, 2010) (holding chat conversations are not confidential under section 632); People v. Griffitt, 2010 WL 5006815 (Cal. Ct. App. Dec. 9, 2010) ("Everyone who uses a computer knows that the recipient of e-mails and participants in chat rooms can print the e-mails and chat logs and share them with whoever they please, forward them or otherwise send them to others.").
The Court finds that Plaintiffs have not alleged facts that lead to the plausible inference that the communication was not being recorded because email by its very nature is more similar to internet chats. Unlike phone conversations, email services are by their very nature recorded on the computer of at least the recipient, who may then easily transmit the communication to anyone else who has access to the internet or print the communications. Thus, Plaintiffs have not plausibly alleged that they had an objectively reasonable expectation that their email communications were "confidential" under the terms of section 632.[14]
Therefore, the Court GRANTS Google's Motion to Dismiss Plaintiffs' section 632 claims. In a case concerning whether a communication was confidential under section 632, the Ninth Circuit affirmed a district court's grant of a defendant's motion to dismiss, but "[i]n an abundance — perhaps an overabundance — of caution" remanded "to the district court for it to consider allowing the plaintiff to amend his complaint in a manner that would satisfy federal pleading standards." Faulkner, 706 F.3d at 1021. Here too this Court in "an abundance of caution" grants Plaintiffs' leave to amend their Consolidated Complaint. Id.; Fed. R. Civ. Proc. 15(a).
C. Other State Law Claims
Plaintiffs also allege that Google violated Pennsylvania, Maryland, and Florida law. With respect to Maryland and Florida law, Google's sole contention in its Motion to Dismiss is that these claims are derivative of Plaintiffs' federal causes of action. See ECF No. 44 at 5. Google expressly acknowledges that the Maryland and Florida anti-wiretapping statutes mirror the ECPA. See id. Therefore, Google's Motion to Dismiss these claims is based on its Motion to Dismiss Plaintiffs' federal claims. Because the Court denies Google's Motion to Dismiss Plaintiffs' federal causes of action, the Court also DENIES Google's Motion to Dismiss Plaintiffs' Maryland and Florida claims.
Google offers an independent basis for dismissing part of Plaintiff's Pennsylvania law cause of action. Specifically, Google contends that Pennsylvania law protects only the sender of communication from wiretapping, not the recipient of that communication. See ECF No. 44 at 13. As a result, Google moves to dismiss Plaintiffs' Pennsylvania law claim brought by those who received emails from Gmail addresses. Id.
Google relies on Klump v. Nazareth Area Sch. Dist., 425 F. Supp. 2d 622, 633 (E.D. Pa. 2006), where the court held that "[a] claimant must demonstrate `that he engaged in [a] communication'. The intended recipient of an intercepted communication, therefore, has no standing to raise claim [sic] under section 5725." See ECF No. 44 at 13. Plaintiffs do not contest that Klump limits the scope of their Pennsylvania cause of action to those who sent emails to Gmail recipients and eliminates their cause of action against those who received emails from Gmail senders. Rather, Plaintiffs contend only that this Court should not follow Klump because that case was wrongly decided. See ECF No. 53 at 11. However, Plaintiffs do not point to any authority from the state or federal courts in Pennsylvania that is contrary to the court's holding in Klump. In the absence of contrary authority, this Court will follow the decision in Klump. Accordingly, the Court GRANTS Google's Motion to Dismiss with respect to the claims under Pennsylvania law raised by Plaintiffs who received emails from Gmail users. In an abundance of caution, however, the Court grants Plaintiffs leave to amend the Consolidated Complaint.
V. CONCLUSION
For the foregoing reasons, the Court hereby GRANTS Google's Motion to Dismiss with leave to amend with respect to Plaintiffs' CIPA section 632 claims and Plaintiffs' Pennsylvania law claim as it relates those who received emails from Gmail users. The Court DENIES Google's Motion to Dismiss with respect to all other claims. Plaintiffs shall file any amended complaint within 21 days of this order. Plaintiffs may not add new causes of action or parties without a stipulation or order of the Court under Rule 15 of the Federal Rules of Civil Procedure. Failure to cure deficiencies will result in dismissal with prejudice.
IT IS SO ORDERED.
[1] In this Order, the Court uses "Gmail users" to refer to individuals who send or receive emails using the free Gmail service or Google apps. "Non-Gmail users" refers to email users who do not themselves use Gmail (through the free service or Google Apps). "Google Apps users" refers to the subset of Gmail users who access Gmail through either the Google Apps Partner Program or Google Apps for Education.
[2] The Court resolves this Administrative Motion through a separate order.
[3] The Court finds that In re Google, Inc. Privacy Policy Litigation, 2012 WL 6738343 (N.D. Cal. Dec. 28, 2012), does not suggest a broader reading of the exception. Google relies on that case for the proposition that as long as Google is using its own devices, Google cannot be intercepting users' information. ECF No. 44 at 9-10. Yet, the court in Privacy Policy explicitly noted that the use of the device must be in the ordinary course of business. See In re Google, Inc. Privacy Policy Litigation, 2012 WL 6738343 at *5-6. Further, unlike that case, the alleged interception in the instant case occurred while the email was in transit, rather than when the material was already in possession of the intended recipient. See id. at *6 (dismissing plaintiffs' cause of action on the basis that they "utterly fail ... to cite any authority that supports either the notion that a provider can intercept information already in its possession by violating limitations imposed by a privacy policy or the inescapably plain language of the Wiretap Act that excludes from the definition of a `device' a provider's own equipment used in the ordinary course of business."). The difference between communications stored in the recipient's possession and those in transit is significant for the purposes of the statutory scheme as discussed infra.
[4] The Court does not find persuasive Google's slippery slope contention that a narrow interpretation of the ordinary course of business exception will make it impossible for electronic communication service providers to provide basic features, such as email searches or spam control. ECF No. 44 at 12-13. Some of these may fall within a narrow definition of "ordinary course of business" because they are instrumental to the provision of email service. Further, a service provider can seek consent to provide features beyond those linked to the provision of the service.
[5] The Court notes that it is not the first court to reject Google's ordinary course of business exception theory on a motion to dismiss a challenge to the operation of Gmail. A federal district court in Texas ruled that it could not decide the question of ordinary course of business at the motion to dismiss phase. See Dunbar v. Google, Inc., No. 10-CV-00194-MHS, ECF No. 61 (E.D. Tex. May 23, 2011). A state court in Massachusetts also rejected a similar claim under state law. Marquis v. Google, Inc., No. 11-2808-BLSI (Mass Super. Ct. Jan. 17, 2012).
[6] However, to establish a consent defense under the state laws at issue in this case, both parties — the sender and the recipient of the communication — must consent to the alleged interception. See Fla. Stat. § 934.03(2)(d); Md. Code, Cts. & Jud. Proc. § 10-402(c)(3); 18 Pa. Cons. Stat. § 5704(4). Because the Court finds that no party has consented to any of the interceptions at issue in this case, the difference between the federal law's one-party consent regime and the state laws' two-party consent regimes is not relevant at this stage.
[7] It is undisputed that the term "Service" throughout Google's Terms of Service includes Gmail.
[8] In their briefs, the parties dispute whether members of the putative class of Gmail users who are minors consented to the interceptions. Google contends that minors are bound by the Terms of Service and Privacy Policies. ECF No. 44 at 16-17. Google argues that the Children's Online Privacy Protection Act, 15 U.S.C. §§ 6501-08, preempts any state law that would have rendered the minors' consent ineffective. The Court need not reach the issue of whether minors are bound by the Terms of Service or the Privacy Policies because the Court concludes that even if the minors are subject to these agreements, the agreements did not establish consent. Similarly, Google contends that Google Apps users are also bound by the Terms of Service and Privacy Policies even though they were required by their educational institutions or ISPs to use Gmail. ECF No. 44 at 17-18. Again, because the Court concludes that the agreements did not establish consent, the Court need not reach the issue of whether Google Apps users are bound by the agreements.
[9] Other courts have also rejected Google's consent defense against state and federal anti-wiretapping challenges to the operation of Gmail. See Dunbar v. Google, Inc., No. 10-cv-00194-MHS, ECF No. 61 (E.D. Tex. May 23, 2011); Marquis v. Google, Inc., No. 11-2808-BLSI (Mass Super. Ct. Jan. 17, 2012).
[10] The United States Supreme Court granted a petition for a writ of certiorari in Edwards on the question of whether statutory injury alone could confer standing under Article III even though the Courts of Appeal that had considered the question had unanimously concluded that allegations of RESPA violations alone sufficed for standing. See First Am. Fin. Corp. v. Edwards, 131 S. Ct. 3022 (2011). After oral argument, however, the Supreme Court dismissed the writ as improvidently granted. See First Am. Fin. Corp. v. Edwards, 132 S. Ct. 2536 (2012). This left in place the Ninth Circuit's decision in Edwards, which remains binding authority that this Court must apply, as it does here.
[11] The Court recognizes that additional conflicts may arise out of California's acknowledgement of a private right of action and/or the remedies California allows under CIPA. However, under California choice of law analysis, differences in remedies alone are not dispositive. The Court may resolve the conflict between California and foreign law by "apply[ing] California law in a restrained manner" with regard to monetary damages. Kearney, 39 Cal. 4th at 100-01. In any case, the Court will resolve all conflict of law questions at the class certification stage.
[12] California courts have, however, applied section 632 to internet communication technologies. See People v. Nakai, 183 Cal. App. 4th 499 (2010); People v. Cho, 2010 WL 4380113 (Cal. Ct. App. Nov. 5, 2010); People v. Griffitt, 2010 WL 5006815 (Cal. Ct. App. Dec. 9, 2010).
[13] The Court also need not address whether the ECPA preempts section 632 of CIPA, as Google contends. See ECF No. 44 at 26-27.
[14] The Court's holding that the emails are not "confidential" under section 632 is consistent with the conclusion that Plaintiffs have nevertheless not consented to Google's interceptions under the Wiretap Act and state analogues. See supra section III.A.2. Determining whether a communication is confidential under section 632 requires the Court to look to whether the intended recipient of the communication is likely to share the communication. In contrast, the question of consent turns on whether Plaintiffs have authorized the third-party interceptor's interference in the communication. In the instant matter, the Court concludes that emails are not likely to be kept confidential by the intended recipients under section 632. Nevertheless, individuals do not consent to third parties' interception of their emails.
5.5 In re Gateway Learning Corp., FTC Docket No. C-4120 (2004) (consent order). 5.5 In re Gateway Learning Corp., FTC Docket No. C-4120 (2004) (consent order).
This consent order is an example of an FTC action levied against a company that misrepresented how it was using data
Page 1 of 7
UNITED STATES OF AMERICA
FEDERAL TRADE COMMISSION
)
In the Matter of ) FILE NO. 042-3047
)
GATEWAY LEARNING CORP., ) AGREEMENT CONTAINING
a corporation. ) CONSENT ORDER
)
The Federal Trade Commission has conducted an investigation of certain acts and
practices of Gateway Learning Corporation, a corporation, (“proposed respondent”). Proposed
respondent, having been represented by counsel, is willing to enter into an agreement containing
a consent order resolving the allegations contained in the attached draft complaint. Therefore,
IT IS HEREBY AGREED by and between Gateway Learning Corporation, by its duly
authorized officers, and counsel for the Federal Trade Commission that:
1. Proposed respondent Gateway Learning Corporation is a Delaware corporation with its
principal office or place of business at 2900 South Harbor Boulevard, Suite 202, Santa
Ana, CA 92704.
2. Proposed respondent admits all the jurisdictional facts set forth in the draft complaint.
3. Proposed respondent waives:
(a) Any further procedural steps;
(b) The requirement that the Commission’s decision contain a statement of findings
of fact and conclusions of law; and
(c) All rights to seek judicial review or otherwise to challenge or contest the validity
of the order entered pursuant to this agreement.
4. This agreement shall not become part of the public record of the proceeding unless and
until it is accepted by the Commission. If this agreement is accepted by the Commission,
it, together with the draft complaint, will be placed on the public record for a period of
thirty (30) days and information about it publicly released. The Commission thereafter
may either withdraw its acceptance of this agreement and so notify proposed respondent,
in which event it will take such action as it may consider appropriate, or issue and serve
its complaint (in such form as the circumstances may require) and decision in disposition
of the proceeding.Page 2 of 7
5. This agreement is for settlement purposes only and does not constitute an admission by
proposed respondent that the law has been violated as alleged in the draft complaint, or
that the facts as alleged in the draft complaint, other than the jurisdictional facts, are true.
6. This agreement contemplates that, if it is accepted by the Commission, and if such
acceptance is not subsequently withdrawn by the Commission pursuant to the provisions
of Section 2.34 of the Commission’s Rules, the Commission may, without further notice
to proposed respondent, (1) issue its complaint corresponding in form and substance with
the attached draft complaint and its decision containing the following order in disposition
of the proceeding, and (2) make information about it public. When so entered, the order
shall have the same force and effect and may be altered, modified, or set aside in the
same manner and within the same time provided by statute for other orders. The order
shall become final upon service. Delivery of the complaint and the decision and order to
proposed respondent’s address as stated in this agreement by any means specified in
Section 4.4(a) of the Commission’s Rules shall constitute service. Proposed respondent
waives any right it may have to any other manner of service. The complaint may be used
in construing the terms of the order. No agreement, understanding, representation, or
interpretation not contained in the order or the agreement may be used to vary or
contradict the terms of the order.
7. Proposed respondent has read the draft complaint and consent order. It understands that
it may be liable for civil penalties in the amount provided by law and other appropriate
relief for each violation of the order after it becomes final.
ORDER
DEFINITIONS
For purposes of this order, the following definitions shall apply:
1. “Personally identifiable information” or “personal information” shall mean individually
identifiable information from or about an individual including, but not limited to: (a) a
first and last name; (b) a home or other physical address, including street name and name
of city or town; (c) an email address or other online contact information, such as an
instant messaging user identifier or a screen name that reveals an individual’s email
address; (d) a telephone number; (e) a Social Security number; (f) a persistent identifier,
such as a customer number held in a “cookie” or processor serial number, that is
combined with other available data that identifies an individual; or (g) any other
information from or about an individual that is combined with any of (a) through (f)
above.Page 3 of 7
2. Unless otherwise specified, “Respondent” shall mean Gateway Learning Corporation and
its successors and assigns and its officers, and its agents, representatives, and employees.
3. “Commerce” shall mean as defined in Section 4 of the Federal Trade Commission Act,
15 U.S.C. § 44.
I.
IT IS ORDERED that Respondent, directly or through any corporation, subsidiary,
division, or other device, in connection with the collection of personal information from or about
an individual, shall not misrepresent in any manner, expressly or by implication:
A. That Respondent will not sell, rent, or loan to third parties such personal
information;
B. That Respondent will not provide to any third party personal information about
children under the age of thirteen;
C. The manner by which Respondent will notify consumers of changes to its privacy
policy; or
D. The manner in which Respondent will collect, use, or disclose personal
information.
II.
IT IS FURTHER ORDERED that Respondent, directly or through any corporation,
subsidiary, division, or other device, shall not disclose to any third party any personal
information collected on the www.hop.com Web site prior to the date Gateway posted its revised
privacy policy permitting third-party sharing (June 20, 2003), unless Respondent obtains the
express affirmative (“opt-in”) consent of the consumers to whom such personal information
relates.
III.
IT IS FURTHER ORDERED that Respondent, in connection with the posting of any
privacy policy that contains a material change from the previous version of the policy, shall not
apply such changes to information collected from or about consumers before the date of the
posting, unless Respondent obtains the express affirmative (“opt-in”) consent of the consumers
to whom such personal information relates.
IV.Page 4 of 7
IT IS FURTHER ORDERED that within five (5) days of the date of service of this order,
Respondent, its successors and assigns, shall pay $4,608 to the United States Treasury as
disgorgement. Such payment shall be by cashier’s check or certified check made payable to the
Treasurer of the United States. In the event of any default in payment, which default continues
for more than ten (10) days beyond the due date of payment, Respondent shall also pay interest
as computed under 28 U.S.C. § 1961, which shall accrue on the unpaid balance from the date of
default until the date the balance is fully paid.
V.
IT IS FURTHER ORDERED that respondent Gateway Learning Corporation and its
successors and assigns shall, for a period of five (5) years after the date of issuance of this order,
maintain and upon request make available to the Federal Trade Commission for inspection and
copying a print or electronic copy of all documents demonstrating their compliance with the
terms and provisions of this order, including, but not limited to:
A. a sample copy of each different privacy statement or communication
relating to the collection of personally identifiable information containing
representations about how personally identifiable information will be used
or disclosed. Each Web page copy shall be dated and contain the full
URL of the Web page where the material was posted online. Electronic
copies shall include all text and graphics files, audio scripts, and other
computer files used in presenting the information on the Web; provided,
however, that after creation of any Web page or screen in compliance with
this order, Respondent shall not be required to retain a print or electronic
copy of any amended Web page or screen to the extent that the
amendment does not affect Respondent’s compliance obligations under
this order;
B. a sample copy of each different document relating to any attempt by
Respondent to obtain the express affirmative (“opt-in”) consent of
consumers and copies of any documents demonstrating such consent
provided by consumers, as required by Parts II and III of this order; and
C. all invoices, communications, and records relating to the disclosure of
personally identifiable information to third parties.
VI.
IT IS FURTHER ORDERED that respondent Gateway Learning Corporation and its
successors and assigns shall deliver a copy of this order to all current and future principals,
officers, directors, and managers, and to all current and future employees, agents, and
representatives having responsibilities with respect to the subject matter of this order.
Respondent shall deliver this order to such current personnel within thirty (30) days after thePage 5 of 7
date of service of this order, and to such future personnel within thirty (30) days after the person
assumes such position or responsibilities.
VII.
IT IS FURTHER ORDERED that respondent Gateway Learning Corporation and its
successors and assigns shall notify the Commission at least thirty (30) days prior to any change
in the corporation(s) that may affect compliance obligations arising under this order, including,
but not limited to, a dissolution, assignment, sale, merger, or other action that would result in the
emergence of a successor corporation; the creation or dissolution of a subsidiary, parent, or
affiliate that engages in any acts or practices subject to this order; the proposed filing of a
bankruptcy petition; or a change in the corporate name or address. Provided, however, that, with
respect to any proposed change in the corporation about which a respondent learns less than
thirty (30) days prior to the date such action is to take place, the respondent shall notify the
Commission as soon as is practicable after obtaining such knowledge. All notices required by
this Part shall be sent by certified mail to the Associate Director, Division of Enforcement,
Bureau of Consumer Protection, Federal Trade Commission, Washington, D.C. 20580.
VIII.
IT IS FURTHER ORDERED that respondent Gateway Learning Corporation and its
successors and assigns shall, within sixty (60) days after service of this order, and at such other
times as the Federal Trade Commission may require, file with the Commission a report, in
writing, setting forth in detail the manner and form in which it has complied with this order.
IX.
This order will terminate twenty (20) years from the date of its issuance, or twenty (20)
years from the most recent date that the United States or the Federal Trade Commission files a
complaint (with or without an accompanying consent decree) in federal court alleging any
violation of the order, whichever comes later; provided, however, that the filing of such a
complaint will not affect the duration of:
A. Any Part in this order that terminates in less than twenty (20) years;
B. This order’s application to any respondent that is not named as a defendant in
such complaint; and
C. This order if such complaint is filed after the order has terminated pursuant to this
Part.
Provided, further, that if such complaint is dismissed or a federal court rules that a respondent
did not violate any provision of the order, and the dismissal or ruling is either not appealed or
upheld on appeal, then the order will terminate according to this Part as though the complaintPage 6 of 7
had never been filed, except that the order will not terminate between the date such complaint is
filed and the later of the deadline for appealing such dismissal or ruling and the date such
dismissal or ruling is upheld on appeal.
Signed this __________day of _____________________________ , 2003.
GATEWAY LEARNING CORPORATION
By: _______________________________________
JEAN MCKENZIE,
President
_______________________________________
D. REED FREEMAN, JR.,
Collier Shannon Scott, PLLC
Counsel for Respondent Gateway Learning
Corporation Page 7 of 7
FEDERAL TRADE COMMISSION
_______________________________________
LAURA MAZZARELLA
LORETTA GARRISON
Counsel for the Federal Trade Commission
APPROVED:
______________________________
JOEL WINSTON
Associate Director
Division of Financial Practices
______________________________
J. HOWARD BEALES, III
Director
Bureau of Consumer Protection
5.6 Columbia Ins. Co. v. seescandy.com 5.6 Columbia Ins. Co. v. seescandy.com
This case examines privacy from a different angle - the anonymity of internet activity
COLUMBIA INSURANCE COMPANY, Plaintiff,
v.
SEESCANDY.COM, Sees Candys, Web Service Provider, Hostmaster DNS, Fluctuate, Foolio, X2, Ticker Talk, Sidney Trayham, Peter Jackson, Robby Kumar, RL, Salu Kalu, and Ravi Kumar, Defendants.
No. C–99–0745 DLJ.
[575] Laura L. Kulhanjian, Robert B. Chickering, Lisa Marie Schull, Flehr, Hohbach, Test, Albritton & Herbert, San Francisco, CA, for Columbia Insurance.
ORDER
JENSEN, District Judge.
On February 22, 1999, plaintiff Columbia Insurance Company filed an motion for a temporary restraining order and an order to show cause why a preliminary injunction should not issue. On March 4, 1999, plaintiff withdrew the motion with respect to defendants the Web Service Provider, Sidney Trayham, and Peter Jackson. The Court hereby denies the motion without prejudice to refiling and orders plaintiff to submit a brief with the Court within 14 days addressing the issue of whether the Court should authorize discovery to establish defendant's identity sufficiently such that he may be served in compliance with the Federal Rules of Civil Procedure.
I. BACKGROUND
A. Factual–Background and Procedural History
On February 22, 1999, plaintiff Columbia Insurance Company ("Columbia") filed this action seeking injunctive relief, damages, and an accounting of profits. Columbia is the assignee of various trademarks related to the operation of See's Candy Shops, Inc. ("See's"). See's is the predecessor in interest to the trademarks at issue in this case and holds a license from Columbia to use the marks.
The domain names "seescandy.com" and "seecandys.com" have been registered with Network Solutions, Inc. ("NSI") by someone other than plaintiff. On the Internet, computers find each other by reference to Internet Protocol (IP) addresses, which are a series of numbers that are used to specify the address of a particular machine connected to the Internet. Domain names are alphanumeric strings that are associated with particular IP addresses. Thus to find the computer at 129.99.135.66, a user might type in uscourts.gov, and would never need to know the actual IP address.
This two-tiered system for locating a particular place on the Internet exists for two reasons: first, alphanumeric strings, such uscourts.gov are easier to remember than, for example, 129.99.135.66; second, domain names can be reassigned to different machines simply. To change the machine with which a domain name is associated, the domain name owner need only change the records on file with the Domain Name System (DNS). The DNS is a database that links domain names to IP addresses. Thus when a user types in a domain name, a message is sent to a name server which accesses the DNS, looks up the domain name, associates it with an IP address, and takes the user to that IP address.
Domain names themselves have at least two parts, usually at least three. For example www.uscourts.gov would be typical. The last part consists of the top level domain. This is the equivalent of a neighborhood in which the domain name owner has chosen to reside. Some of the most common neighborhoods [576] are .gov, for the government, .edu, for educational institutions, .net and . com, both of which are used for commercial and personal domains, and .org, for organizations.
The next portion of the domain name, moving from right to left, is the second level domain name. This is the part of the domain name that is chosen by the domain name registrant when a domain is registered with NSI, which runs the DNS. The ownership information for any given domain name can be looked up in a public database using a "WHOIS" query. Thus in this case the offending act was the registration of seescandy and seescandys as domains within the .com top level domain space. The "WHOIS" records for these two domains reveal the following.
As of September 24, 1998, the seescandy domain name was registered to seescandy.com. The address was given only as "CA, 90706," which is for Bellflower, California. The administrative and billing contacts were listed as Salu Kalu, who could be contacted by e-mail at hostmaster@fluctuate.com. The telephone number given, 408–555–1212, is the local number for information in the San Jose area. The fluctuate.com domain, as of February 21, 1999 is registered to a Ravi Kumar of Artesia, California.
On December 22, 1998, the record was changed to show the owner as R, L of Artesia, California; however, the zip code given, 90706 is for Cerritos, California. The phone number was again given as the number for information, but the area code had been changed from 408 to 714. The contact e-mail address had been changed to RL@fluctuate.com. In addition, the domain was now shown as being hosted by websp.com.
On February 13, 1999, the record was modified again to list the address as P.O. Box 1300, Artesia, California, with the zip code changed from 90706 to 90702, which is an actual zip code for Artesia, California. The telephone number was also changed to (562) 807–0297.
As of January 22, 1999, the domain name seecandys.com was registered to Sees Candys and had the contact listed as Robby Kumar. The address was given as Tustin, California 92782; the e-mail address as dns@fluctuate.com; and the telephone number as (310) 860–0229.
On February 25, 1999, both the seescandy.com and seescandys.com domains were changed from the web host of websp.com to simplenet.net. Simplenet.net is a San Diego, California company.
Plaintiff has sued defendants for (1) infringement of federally registered service and trademarks, in particular "SEE'S," "SEE'S CANDIES," and "FAMOUS OLD TIME"; (2) federal unfair competition; (3) federal trademark dilution; (4) California State dilution under California Business and Professions Code § 14330; (5) unfair and deceptive trade practices under California Business and Professions Code § 17200; (6) California common law trade name, trademark, and service mark infringement and unfair competition; and (7) unjust enrichment.
Plaintiff seeks as relief a temporary, preliminary, and thereafter permanent injunction enjoining defendants from using any of See's marks, for goods or services or as metatags, directory names, other computer addresses, metatags, invisible data, or otherwise engaging in acts or conduct that would cause confusion to the source, sponsorship or affiliation of See's Candies with defendants.
Plaintiff also asks the Court to cancel defendant's registration of the two domains and require NSI to make those domains available for registration by plaintiff. Plaintiff also seeks delivery by defendants to plaintiff for destruction all materials bearing plaintiff's marks. Finally plaintiffs seek an accounting of profits, trebling of damages, punitive damages, costs, and attorney's fees.
B. Legal Standard
1. Temporary Restraining Order
Under Federal Rule of Civil Procedure 65(b)
A temporary restraining order may be granted without written or oral notice to the adverse party or to that party's attorney if (1) it clearly appears from specific facts shown by affidavit or by the verified complaint that immediate an irreparable [577] injury, loss, or damage will result to the applicant before the adverse party or that party's attorney can be heard in opposition, and (2) the applicant's attorney certifies to the court in writing the efforts, if any, which have been made to give the notice and the reasons supporting the claim that notice should not be required.
A party seeking injunctive relief must show either (1) a combination of probable success on the merits and the possibility of irreparable harm, or (2) that serious questions are raised and the balance of hardships tips sharply in the moving party's favor. See Miss World (UK) Ltd. v. Mrs. America Pageants, Inc., 856 F.2d 1445, 1448 (9th Cir.1988); Rodeo Collection, Ltd. v. West Seventh, 812 F.2d 1215, 1217 (9th Cir.1987). "These are not two distinct tests, but rather the opposite ends of a single 'continuum in which the required showing of harm varies inversely with the required showing of meritoriousness.' " Miss World, 856 F.2d at 1448 (quoting Rodeo Collection, 812 F.2d at 1217). However, in any situation, the Court must find that there is some threat of an immediate irreparable injury, even if that injury is not of great magnitude. See Big Country, 868 F.2d at 1088 (citing cases); Oakland Tribune, Inc. v. Chronicle Publishing Co., Inc., 762 F.2d 1374, 1376 (9th Cir.1985) (citing cases).
II. DISCUSSION
The Court will not grant a temporary restraining order against defendants at this time because such a ruling would be futile. Plaintiff has not been able to collect the information necessary to serve the complaint on defendants. As a result any temporary restraining order issued could only be in effect for a limited time and would be unlikely to have any effect on defendant whom plaintiff has not yet located. Once the order expired plaintiff would be unable to obtain a preliminary injunction because such relief cannot be imposed ex parte.
Service of process can pose a special dilemma for plaintiffs in cases like this in which the tortious activity occurred entirely on-line. The dilemma arises because the defendant may have used a fictitious name and address in the commission of the tortious acts. Traditionally, the default requirement in federal court is that the plaintiff must be able to identify the defendant sufficiently that a summons can be served on the defendant. See Fed.R.Civ.P. 4. This requires that the plaintiff be able to ascertain the defendant's name and address.
As a general rule, discovery proceedings take place only after the defendant has been served; however, in rare cases, courts have made exceptions, permitting limited discovery to ensue after filing of the complaint to permit the plaintiff to learn the identifying facts necessary to permit service on the defendant. See e.g., Gillespie v. Civiletti, 629 F.2d 637, 642 (9th Cir.1980) (finding the district court abused its discretion in dismissing the case with respect to the John Doe defendants without requiring the named defendants to answer interrogatories seeking the names and addresses of the supervisors in charge of the relevant facilities during the relevant time period); Estate of Rosenberg by Rosenberg v. Crandell, 56 F.3d 35, 37 (8th Cir.1995) (permitting a suit naming fictitious parties as defendants to go forward because the allegations in the complaint were "specific enough to permit the identity of the party to be ascertained after reasonable discovery"); Maclin v. Paulson, 627 F.2d 83, 87 (7th Cir.1980) (approving of fictitious name pleadings until such time as the identity of the plaintiffs "can be learned through discovery or through the aid of the trial court"). In the even rarer case, a district court has sua sponte issued an order directing revelation of facts necessary to determine the true name of a John Doe defendant. See Bivens v. Six Unknown Named Agents of Fed. Bureau of Narcotics, 403 U.S. 388, 390 n. 2, 91 S.Ct. 1999, 29 L.Ed.2d 619 (1971) (noting that the trial court had ordered the United States attorney to identify "those federal agents who it is indicated by the records of the United States Attorney participated in the ... arrest of the [petitioner]") (quoting the district court's order).
In the Ninth Circuit such exceptions to the general rule have been generally disfavored. See Gillespie, 629 F.2d at 642.[578] However, a district court does have jurisdiction to determine the facts relevant to whether or not it has in personam jurisdiction in a given case. See Wells Fargo & Co. v. Wells Fargo Express Co., 556 F.2d 406, 430 n. 24 (9th Cir.1977). A district court's decision to grant discovery to determine jurisdictional facts is a matter of discretion. See id.
With the rise of the Internet has come the ability to commit certain tortious acts, such as defamation, copyright infringement, and trademark infringement, entirely on-line. The tortfeasor can act pseudonymously or anonymously and may give fictitious or incomplete identifying information. Parties who have been injured by these acts are likely to find themselves chasing the tortfeasor from Internet Service Provider (ISP) to ISP,[1] with little or no hope of actually discovering the identity of the tortfeasor.
In such cases the traditional reluctance for permitting filings against John Doe defendants or fictitious names and the traditional enforcement of strict compliance with service requirements should be tempered by the need to provide injured parties with an forum in which they may seek redress for grievances. However, this need must be balanced against the legitimate and valuable right to participate in online forums anonymously or pseudonymously. People are permitted to interact pseudonymously and anonymously with each other so long as those acts are not in violation of the law. This ability to speak one's mind without the burden of the other party knowing all the facts about one's identity can foster open communication and robust debate. Furthermore, it permits persons to obtain information relevant to a sensitive or intimate condition without fear of embarrassment. People who have committed no wrong should be able to participate online without fear that someone who wishes to harass or embarrass them can file a frivolous lawsuit and thereby gain the power of the court's order to discover their identity.
Thus some limiting principals should apply to the determination of whether discovery to uncover the identity of a defendant is warranted. The following safeguards will ensure that this unusual procedure will only be employed in cases where the plaintiff has in good faith exhausted traditional avenues for identifying a civil defendant pre-service, and will prevent use of this method to harass or intimidate.
First, the plaintiff should identify the missing party with sufficient specificity such that the Court can determine that defendant is a real person or entity who could be sued in federal court. See e.g., Wells Fargo, 556 F.2d at 430 n. 24 (stating that plaintiffs bear the burden of establishing jurisdictional facts). This requirement is necessary to ensure that federal requirements of jurisdiction and justiciability can be satisfied. See Plant v. Does, 19 F.Supp.2d 1316 (S.D.Fla.1998) (refusing to issue a temporary restraining order against unnamed and unserved bootleggers who had not yet committed an offense on the theory that plaintiffs have failed to establish that the Court had jurisdiction over defendants, to provide defendants with due process, and to demonstrate that an actual controversy existed).
[579] Plaintiff's papers establish that the listed defendants who remain in the case after March 4, 1999 appear to be aliases for a person known as Ravi or Robby Kumar of Artesia, California ("the Kumar defendants"). Most of the addresses listed by aliases associated with the Kumar defendants show a California domicile, which indicates that the Court likely has jurisdiction over defendants. Plaintiffs are suing the following aliases, all of which are alleged to be owners or operators of the domain names seescandy.com and seescandys.com: Seescandy.com, Sees Candys, hostmaster dns, fluctuate, foolio, x2, ticker talk, RL, and Salu Kalu. Salu Kalu was listed as the contact for seescandy.com in September of 1998. RL is a person who was listed as the contact person for seescandy.com as of January 16, 1999. Hostmaster DNS is the name of the contact person listed for seescandy.com as of February 8, 1999. It is important to note that Hostmaster DNS is a common generic term used to describe the system operator in charge of running a domain name server. It is thus highly problematic as an identifier of a defendant. However, Hostmaster's e-mail address is dns@foolio.com, which ties this alias to the Kumar defendants. Fluctuate is the second level domain of fluctuate.com, which is listed in the WHOIS as registered to tickertalk, for whom the contact is Robby Kumar. Fluctuate.com is the domain that provides all the mailboxes for the e-mail addresses listed as contacts for the seescandy.com and seescandys.com domains. X2 is the listed registrant of the domain name x2.org, for whom the contact is listed as Ticker Talk with the E-mail address of dns@foolio.com. Foolio is the listed registrant for foolio.com, for whom the contact is Salu Kalu, and which is the domain hosting the E-mail address of the contact, Ticker Talk, for the x2.org domain. Most convincing of all, See's has been in contact by e-mail with a person who goes by the name "Ravi." In his e-mail message, Ravi has indicated a desire to sell the subject domain names to See's and has provided See's with evidence that consumers have been actually confused by these web sites, for which Ravi claims to hold registration rights. The Court finds that there appears to be only one person behind all these registrations, a Ravi or Robby Kumar, who may also be known as Salu Kalu. The Court finds that plaintiff has made a satisfactory showing that there is an actual person behind these acts who would be amenable to suit in federal court.
Second, the party should identify all previous steps taken to locate the elusive defendant. This element is aimed at ensuring that plaintiffs make a good faith effort to comply with the requirements of service of process and specifically identifying defendants. See Plant, 19 F.Supp.2d at 1320 (noting that plaintiffs had failed to explain why they were unable to identify the defendants). Plaintiff's counsel has certified that the following efforts were made to contact defendants: (1) calls were made to the two non-directory information services telephone numbers. One was a non-working number and nobody answered the other one. Simultaneous with the filing of the motion for a temporary restraining order and preliminary injunction plaintiff served its complaint, brief, and all accompanying papers to the official addresses provided to NSI, only one of which was a complete mailing address. Plaintiff also served these documents, sans exhibits, by electronic mail to the e-mail addresses associated with the domains registered by Ravi Kumar, Robby Kumar, RL, Salu Kalu, and Hostmaster DNS. Although such service is not sufficient to comply with the Federal Rules of Civil Procedure, the Court finds that such acts do show that plaintiff has made a good faith effort to specifically identify defendant and to serve notice on defendant.
Third, plaintiff should establish to the Court's satisfaction that plaintiff's suit against defendant could withstand a motion to dismiss. See Gillespie, 629 F.2d at 642. A conclusory pleading will never be sufficient to satisfy this element. Pre-service discovery is akin to the process used during criminal investigations to obtain warrants. The requirement that the government show probable cause is, in part, a protection against the misuse of ex parte procedures to invade the privacy of one who has done no wrong. A similar requirement is necessary here to prevent abuse of this extraordinary application of the discovery process and to ensure that [580]plaintiff has standing to pursue an action against defendant. See e.g., Plant, 19 F.Supp.2d at 1321 n. 2 (commenting that standing was likely absent because defendants were alleging only future acts of infringement, not past acts or patterns of infringement). Thus, plaintiff must make some showing that an act giving rise to civil liability actually occurred and that the discovery is aimed at revealing specific identifying features of the person or entity who committed that act.
Plaintiff has demonstrated that their trademark infringement claim could survive a motion to dismiss and therefore have satisfied this element. The test for infringement of a federally registered trademark (Count I) and for false designation of origin (Count II) under the Lanham Act is whether the alleged infringing act creates a likelihood of confusion. In determining whether or not there is a likelihood of confusion, the Court should consider the following factors: (1) the strength of the mark, (2) proximity of the goods; (3) similarity of the marks; (4) evidence of actual confusion; (5) marketing channels used; (6) type of goods and the degree of care likely to be exercised by the purchaser; (7) defendant's intent in selecting the mark; and (8) likelihood of expansion of the product lines. See AMF, Inc. v. Sleekcraft Boats, 599 F.2d 341 (9th Cir.1979).
Defendants marks, See's Candy and See's Candies, are descriptive. However, it appears that these marks have developed substantial secondary meaning such that the mark has become a strong mark. Both defendants and plaintiff are using the same marketing channel, the World Wide Web, to offer the same apparent service, See's Candy's products. The marks employed by defendants on the web page itself are identical to plaintiff's, not only textually, but in complete figuration, copying the stylized text and pictorial representations of the registered See's marks.
Although plaintiff contends that candy is by definition the type of product on which customers spend little time and care, the Court finds that the premium candy product at issue here is of a type that would result in an enhanced level of care. Where a product is a premium product in its class, purchasers at the premium level are more likely to exercise additional care to ensure that they get the premium product they desire.
However, and most importantly, plaintiff can show actual confusion, courtesy of the 31 e-mails provided by defendant. "[E]vidence of actual confusion is strong proof of the fact of likelihood of confusion." 3 J. Thomas McCarthy, McCarthy on Trademarks and Unfair Competition, § 23:13 at 23–35. Defendant Ravi has informed plaintiff by e-mail that people have requested catalogs and have tried to order candy from the web sites located at seescandy.com and seescandys.com.
Defendants desire to sell the two domains back to See's Candy combined with the use of See's trademark logos, complete down to style and figuration, is a sign that defendants intended to trade on the goodwill associated with the See's marks. The Court also can infer intentional copying and bad faith simply from the similarity of the marks. See The Earth Technology Corp. v. Environmental Research & Tech., Inc., 222 U.S.P.Q. 585, 588–89, 1984 WL 877 (C.D.Cal.1983). Plaintiffs showing is sufficient to demonstrate that the Kumar defendants have committed an unlawful act for which a federal cause of action can subsist.
Lastly, the plaintiff should file a request for discovery with the Court, along with a statement of reasons justifying the specific discovery requested as well as identification of a limited number of persons or entities on whom discovery process might be served and for which there is a reasonable likelihood that the discovery process will lead to identifying information about defendant that would make service of process possible. See Gillespie, 629 F.2d at 642 (stating that discovery should not be permitted if it is not likely to uncover the identity of the defendant). As ordered below, plaintiff has 14 days to make a filing with the Court with respect to the process the Court should consider ordering.
II. CONCLUSION AND ORDER
Plaintiff shall have 14 days from the date of this order to submit a brief with the Court [581] setting forth specifically the forms of discovery process, the justification for such process, and the persons or entities on whom they are to be served that plaintiff expects will achieve the end of providing the missing identifying information necessary for service of process. If plaintiff does not yet have sufficient information to satisfy the Court that such process should be ordered, plaintiff may so indicate and later reapply for such discovery once the facts necessary to make the required showing have been uncovered.
IT IS SO ORDERED.
[1] ISPs provide two basic services to their clients: access and presence. Access services consist of an account through which the client can access the Internet and send e-mail. A presence account generally includes hard drive space that permits the client to have a web page or file transfer site. Persons who wish to run a site at their own domain, rather than at the domain of their service provider, can either make the significant investment in computer hardware, networking hardware, and high-speed access necessary to make their domains available on the Internet or can rent space and services from a service provider. This latter alternative, which is analogous to renting from a landlord who makes available offices in an office complex, is called domain hosting.
Suing the ISP in these case is most often not productive, either because the ISP lacks the knowledge requisite to be held liable for contributory infringement, or is immune pursuant to section 230(c) of the Communications Decency Act. See e.g., Zeran v. America Online, Inc., 129 F.3d 327 (1997) (finding that failure to remove defamatory statements was an act shielded from liability by section 230(c)); Lockheed Martin Corp. v. Network Solutions, Inc.,985 F.Supp. 949 (1997) (finding that the defendant did not have the knowledge necessary to be held liable for contributory trademark infringement); Religious Technology Center v. Netcom On–Line Communication, 907 F.Supp. 1361 (1995) (finding knowledge is required to hold an ISP liable for contributory infringement of a copyright).
5.7 London-Sire Records, Inc. v. Doe 1 et al. 5.7 London-Sire Records, Inc. v. Doe 1 et al.
This case presents a differently framed test for piercing the veil of anonymity. Is it different than Columbia Insurance v. SeesCandy? Note that courts have required varying levels of case strength: 1. Good Faith Basis 2. Motion to Dismiss 3. Prima Facie Evidence 4. Summary Judgment Evidence What should the right level be?
542 F.Supp.2d 153
LONDON-SIRE RECORDS, INC., et al., Plaintiffs,
v.
DOE 1 et al., Defendants.
No. 04cv12434-NG.
United States District Court, D. Massachusetts.
March 31, 2008.
[156] John R. Bauer, Nancy M. Cremins, Robinson & Cole LLP, Boston, MA, Katheryn Jarvis, Moshe D. Rothman, Coggon Holme [157] Roberts & Owen LLP, Denver, CO, Emily A. Berger, San Francisco, CA, for Plaintiffs.
Raymond Sayeg, Jr. Law Office of Raymond Sayeg, Boston, MA, for Defendants.
ORDER ON MOTIONS TO QUASH
GERTNER, District Judge.
This case consists of numerous actions consolidated under London-Sire Records, Inc. v. Does 1-4, Civil Action No. 04-cv-12434. The plaintiffs include several of the country's largest record companies. The defendants,[1] the plaintiffs claim, are individual computer users — mainly college students — who use "peer-to-peer" filesharing software to download and disseminate music without paying for it, infringing the plaintiffs' copyrights.
In these cases, the plaintiffs have been able to infer some infringing file-sharing activity from their investigations, but have not been able to discover the file-sharer's identity. They have an Internet Protocol [158] number ("IP number" or "IP address") identifying the file-sharer's computer, but no more. Consequently, the plaintiffs — with the Court's permission — have served subpoenas on a number of internet service providers ("ISPs"), largely colleges and universities, seeking a name to go with the number. To preserve the rights of those whose identities are sought, the Court has required the ISPs to delay responding to the subpoena until the individual defendants have had an opportunity to move to quash it before their identities are disclosed.[2] Several defendants have done so; those are the motions presently before the Court.
After briefing, argument, and amicus participation, the Court concludes that it has insufficient information to allow the plaintiffs to take expedited discovery under these circumstances. First, the movants are entitled to some First Amendment protection of their anonymity — albeit limited. Second, the defendants may have expectations of privacy with regard to their identity, but that depends on the terms of the internet service agreement they have with Boston University, which has not been provided to the Court. Third, the movants have raised an issue of fact with respect to the number of identities disclosed to the plaintiffs by the expedited discovery. As it currently exists, the plaintiffs' subpoena may invade the anonymity of many non-infringing internet users — anonymity that deserves protection by the Court. Under these circumstances, the best solution is in camera review of the terms of service agreement and the ISP's list of individuals who match the information supplied by the plaintiffs.
The Court will therefore GRANT two of the motions to quash (documents ##104 and 115), at least until the relevant information is obtained.[3] The plaintiffs may renew their motion for expedited discovery, addressing the Court's concerns by modifying the subpoena they seek to serve on Boston University, as discussed below.
I. BACKGROUND
A. Facts
In each of these cases, the facts are substantially identical. Since the defendants' motions are effectively motions to dismiss — there is almost no evidence in the case, and the movants argue, among other things, that the plaintiffs have failed to state a claim upon which relief can be granted — the Court will apply that standard of review to the pleadings. The plaintiffs' pleadings are taken as true, and the Court will draw all reasonable inferences in their favor. See, e.g., Rivera v. Rhode Island, 402 F.3d 27, 33 (1st Cir. 2005) (stating standard for motion to dismiss). To survive a motion to dismiss, the plaintiffs' pleaded facts must "possess enough heft to sho[w] that [they are] entitled to relief." Clark v. Boscher, 514 F.3d 107, 112 (1st Cir.2008) (internal quotation marks omitted) (quoting Bell Atlantic Corp. v. Twombly, ___ U.S. ___, 127 S.Ct. 1955, 1959, 167 L.Ed.2d 929 (2007)) (first alteration in Twombly).
[159] The plaintiffs allege that the defendants used peer-to-peer software to "download and/or distribute to the public certain of the [plaintiffs'] Copyrighted Recordings.... Through his or her continuous and ongoing acts of downloading and/or distributing to the public the Copyrighted Recordings, each Defendant has violated Plaintiffs' exclusive rights of reproduction and distribution." E.g., Compl. at 5 (docket no. 07-cv-10834, document #1). To clarify the issues on which this case turns, the Court will briefly explain the nature of peer-to-peer software and its use.
Peer-to-peer software primarily exists to create decentralized networks of individual computer users. The software allows the users to communicate directly with one another, rather than routing their transmissions through a central server — thus the term "peer-to-peer" architecture, as opposed to "client-server." See, e.g., Metro-Goldwyn-Mayer Studios, Inc. v. Grokster, Ltd., 545 U.S. 913, 919-920 & n. 1, 125 S.Ct. 2764, 162 L.Ed.2d 781 (2005). Each type of architecture has distinct advantages and disadvantages, most of which are not relevant to this case.
What is relevant is that users in a peerto-peer network can remain relatively anonymous or pseudonymous. Because communications between two computers on a peer-to-peer network can take place directly, without passing through a central network server,[4] such transactions are not easily observable by a third party. By the nature of the network and software, then, peer-to-peer users can control what information they display to the world. See Linares Decl. at 4, Ex. A to PI. Mot. Leave to Take Immediate Discovery (docket no. 07-cv-10834, document #5). Moreover, generally speaking, anyone who has the requisite software and internet connection can participate in open peer-to-peer networks, such as the ones the defendants are alleged to have used in this case.
Peer-to-peer users can also transfer files over the network. Many such files are entirely legitimate. See Grokster, 545 U.S. at 920, 125 S.Ct. 2764. However, other files transferred are electronic versions of copyrighted music or video files. Notably, because the files on each user's computer are digital, another computer can make a precise copy of them with no attendant loss in quality. See Linares Decl. at 3-4, Ex. A to PI. Mot. Leave to Take Immediate Discovery (docket no. 07-cv-10834, document #5).
In this case, the plaintiffs allege that each of the defendants has taken part in just such a file transfer. To discover potentially infringing transfers, the plaintiffs (acting through their trade association, the Recording Industry Association of America, or "RIAA") have retained a third-party investigator, MediaSentry, Inc. [160] ("MediaSentry"). Id. at 4-5. MediaSentry essentially functions as an undercover user of the peer-to-peer networks. It connects to the network and searches for the plaintiff record companies' copyrighted files. Upon finding the files, it downloads them. See id. at 5-6. MediaSentry gathers what information it can about the computer from which the files were downloaded (the "sending computer.") Most crucially, that information includes the date and time at which the files were downloaded and the IP number of the sending computer. It can also include the user's name, but if given, the names are usually pseudonymous. See id. After the files are downloaded, the RIAA verifies that they can form the basis for a suit. It reviews a listing of the music files that the user has offered for download in order to determine whether they appear to be copyrighted sound recordings. The RIAA also listens to the downloaded music files from these users in order to confirm that they are, indeed, illegal copies of sound recordings whose copyrights are owned by RIAA members. Id. at 6.[5]
At this point, assuming the plaintiffs wish to sue, they cannot do so; they have only the IP number of the sending computer. An IP number is sometimes called an IP address because it is just that: an address. It serves as a locator declaring the place of a particular piece of electronic equipment so that electronic data may be sent to it, and is usually represented as a series of four numbers between 0 and 255. See, e.g., America Online v. Huang, 106 F.Supp.2d 848, 851 (E.D.Va.2000). (For example, 168.122.128.38 is one of the IP addresses allegedly used by a defendant in this case. See Doe List, Ex. A to Compl. (docket no. 07-cv-10834, document #1).)
But relatively few personal computer users have a specific, set IP address, called a "static" address. Instead, many use their computers to connect to a network provided by their ISP, which uses a certain range of IP addresses — say, all of the numbers between 168.122.1.x to 168.122.100.x. The ISP assigns an address within its range to the user's computer for the user's session, allocating the numbers within its range on an as-needed basis. This process is known as "dynamic" addressing. See, e.g., H. Brian Holland, Tempest in a Teapot or Tidal Wave? Cybersquatting Rights & Remedies Run Amok, 10 J. Tech. L. & Pol'y 301, 305 & nn. 13-18 (2005). This makes the plaintiffs' task of discovering the identity of a particular infringer more difficult. The IP address that they have noted as belonging to a particular user's computer may be assigned to a different user's computer in short order. See id.
However, the plaintiffs are not without leads. The range in which the IP address is assigned may reveal the user's ISP. See Linares Decl. at 7, Ex. A to PI. Mot. Leave to Take Immediate Discovery (docket no. 07-cv-10834, document #5); see also, e.g., Network-Tools.com, http://network-tools. com/default.asp (last visited Mar. 31, 2008) (providing such a service). And ISPs generally keep logs of which IP address is assigned to which user — although it may purge those logs after a certain period of time, which was one of the key facts relied [161] upon by the Court in granting expedited discovery. See Linares Decl. at 9, Ex. A to PI. Mot. Leave to Take Immediate Discovery (docket no. 07-cv-10834, document #5). Thus, the plaintiffs seek, though their subpoena, the opportunity to place their list of IP addresses side-by-side with the ISP's user logs to determine who was using the IP address at the moment of the alleged infringement. The ISPs, particularly colleges and universities, appropriately decline to reveal the identities of their users without a court order. Therefore, the plaintiffs bring "John Doe" lawsuits and seek discovery in order to determine the real identities of the defendants.
B. Procedural History
The plaintiff record companies have brought approximately forty "John Doe" cases in this Court, many-perhaps mostdesignating more than one defendant, grouped by ISP.[6] In each case, the Court has granted expedited discovery and leave to subpoena the ISP, recognizing that the plaintiffs' rights may be irreparably and unfairly prejudiced unless they are allowed to seek the defendants' identities. See, e.g., Order re: Expedited Discovery (Dec. 9, 2004) (document #7). Simultaneously, however, the Court has recognized that the defendants should have the opportunity to combat the subpoena if they desire to do so. Therefore, the Court has ordered that the ISP provide the individual users with notice of the lawsuit and a short statement of some of their rights before revealing their identities to the plaintiffs. Furthermore, the ISP may not respond to the subpoena for 14 days after each defendant has received notice. See id.; see also Appendix A (Court-Directed Notice).
Simultaneous with the grant of expedited discovery, the Court has consolidated each "John Doe" case with the first, London-Sire, No. 04-cv-12434. The cases involve similar, even virtually identical, issues of law and fact: the alleged use of peer-to-peer software to share copyrighted sound recordings and the discovery of defendants' identities through the use of a Rule 45 subpoena to their internet service provider. Consolidating the cases ensures administrative efficiency for the Court, the plaintiffs, and the ISP, and allows the defendants to see the defenses, if any, that other John Does have raised.[7]
In view of the $750 statutory minimum damages per song, 17 U.S.C. § 504(c)(2), most defendants choose to settle. The approximate settlement range appears to be $3,000 to $6,000 per defendant, a considerable amount of money, particularly to the college students who have been caught in the plaintiffs' nets.
Only three of the defendants have elected to fight the subpoena. Two are Doe defendants from the case originally titled Arista Records LLC v. Does 1-21, No. 07cv-10834 (consolidated on May 8, 2007). In that case, the plaintiffs sought discovery from Boston University as the defendants' ISP, and the two Does[8] separately moved [162] to quash the subpoena. Each primarily asserts that the plaintiffs have failed to state a sufficient claim for copyright infringement. See Mem. Supp. Mot. Quash (document #104); Mot. Quash (document #115). Because the two motions are substantively similar, the Court will address them together.
The third defendant to move to quash the subpoena is Doe no. 12 from Warner Brothers Records, Inc. v. Does 1-17, No. 07-cv-10924 (consolidated on May 18, 2007). The Internet Service Provider at issue is the University of Massachusetts. Doe no. 12 argues that she is not subject to personal jurisdiction in Massachusetts. See Mot. Quash (document #113).
The Court held a hearing on the Motions to Quash on January 28, 2008. Shortly thereafter, the Court granted the Electronic Frontier Foundation ("EFF") leave to file an amicus brief supporting the Motion to Quash. See Electronic Order (Feb. 6, 2008). Its brief principally treats the First Amendment implications of the subpoena[9] and the proper sweep of the copyright laws. The Court thanks the amicus for its participation.
The Court will examine first the motions of the two Does in the Boston University case, which argue that the subpoena ought to be denied on substantive grounds. It will then turn to the University of Massachusetts Doe's argument that the subpoena should be quashed for lack of personal jurisdiction.
II. LEGAL STANDARDS
This case is still at a preliminary stage: The plaintiffs seek to learn the identities of the defendants so that, the issue may be properly joined on the merits. Under Federal Rule 45, the Court "shall quash or modify the subpoena if it ... requires disclosure of privileged or other protected matter and no exception or' waiver applies." Fed.R.Civ.P. 45(c)(3)(A)(iii). The substantive inquiry is similar to the one necessary for issuing a protective order. See Micro Motion, Inc. v. Kane Steel Co., 894 F.2d 1318, 1322-23 (Fed.Cir.1990). The party requesting that the subpoena be quashed must show good cause for protection by specifically demonstrating that disclosure will cause a clearly defined and serious harm. See Anderson v. Cryovac, Inc., 805 F.2d 1, 7-8 (1st Cir. 1986); Glenmede Trust Co. v. Thompson, 56 F.3d 476, 483 (3d Cir.1995). The Court balances the harm of disclosure against the harm to the other party of restricting discovery.
The Court must therefore first consider whether the defendants' anonymity is entitled to privilege or other protection. If so, it will turn to the balancing test necessary under Rule 45(c)(3).
III. THE DEFENDANTS' ANONYMITY IS ENTITLED TO SOME FIRST AMENDMENT PROTECTION
The motion to quash raises two First Amendment issues-the right to anonymous speech and the right to whatever creative activity is involved in the defendants' acts. While the Court recognizes some limited First Amendment protection here, that protection only goes so far as to subject the plaintiffs' subpoenas to somewhat heightened scrutiny. Other courts have [163] reached the same conclusion. See, e.g., Sony Music Entm't v. Does 1-40, 326 F.Supp.2d 556, 564 (S.D.N.Y.2004).
As the Supreme Court has repeatedly held, the First Amendment protects anonymous speech. The right to anonymity is an important foundation of the right to speak freely. Indeed, "[a]nonymity is a shield from the tyranny of the majority. It ... exemplifies the purpose behind the Bill of Rights, and of the First Amendment in particular: to protect unpopular individuals from retaliation — and their ideas from suppression — at the hand of an intolerant society." Mclntyre v. Ohio Elections Comm'n, 514 U.S. 334, 357, 115 S.Ct. 1511, 131 L.Ed.2d 426 (1995). See also NAACP v. Alabama ex rel. Patterson, 357 U.S. 449, 460-62, 78 S.Ct. 1163, 2 L.Ed.2d 1488 (1958) (discussing generally the importance of anonymity). Still, the anonymous activity that is being protected must be "speech."
Copyright infringement, per se, is clearly not speech entitled to First Amendment protection. See Harper & Row Publishers, Inc. v. Nation Enters., 471 U.S. 539, 555-57, 560, 105 S.Ct. 2218, 85 L.Ed.2d 588 (1985) (discussing the First Amendment and copyright, and examining whether fair use doctrine applied to alleged act of copyright infringement). But there are some creative aspects of downloading music or making it available to others to copy: the value judgment of what is worthy of being copied; the association of one recording with another by placing them together in the same library; the self-expressive act of identification with a particular recording; the affirmation of joining others listening to the same recording or expressing the same idea. See Rebecca Tushnet, Copy This Essay: How Fair Use Doctrine Harms Free Speech and How Copying Serves It, 114 Yale L.J. 535, 545-47, 562-81 (2004); Jack M. Balkin, Digital Speech and Democratic Culture: A Theory of Freedom of Expression for the Information Society, 79 N.Y.U. L.Rev. 1, 45-46 (2004); cf. Harper & Row, 471 U.S. at 547, 105 S.Ct. 2218 (noting that compilation of pure fact "entails originality" in selection and ordering of the facts). Thus, while the aspect of a file-sharer's act that is infringing is not entitled to First Amendment protection, other aspects of it are. Cf, e.g., Schad v. Mount Ephraim, 452 U.S. 61, 66, 101 S.Ct. 2176, 68 L.Ed.2d 671 (1981) ("[N]ude dancing is not without its First Amendment protections from official regulation."); Eugene Volokh, Crime-Facilitating Speech, 57 Stan. L.Rev. 1095 (2005) (arguing that crime-facilitating speech has "some First Amendment value").
Nevertheless, the fact that there is First Amendment value associated with sharing music over a peer-to-peer network does not insulate the defendants from liability. Rather, the minimal First Amendment protection their activity garners[10] entitles them to some scrutiny of a discovery request that uses the power of the Court to threaten the privilege.[11]
[164] IV. APPLICATION OF THE BALANCING TEST
As to how to balance the harms, the Court finds persuasive the approach of the Southern District of New York in Sony Music, 326 F.Supp.2d 556. In that case, the court reviewed the leading cases on subpoenas seeking disclosure of defendants' identities from their ISP. It isolated five important factors:[12]
(1) a concrete showing of a prima facie claim of actionable harm, (2) specificity of the discovery request, (3) the absence of alternative means to obtain the subpoenaed information, (4) a central need for the subpoenaed information to advance the claim, and (5) the party's expectation of privacy.
Id. at 564-65 (citations omitted).[13] The first factor ensures that the defendants cannot pierce the defendants' anonymity based on an unsupported or legally insufficient pleading. The second, third, and fourth factors ensure that the subpoena is narrowly tailored to reveal no more information about the defendants than necessary, and to ensure that third parties who are not accused of infringement remain anonymous. The fifth factor considers the defendants' expectations of privacy, including whatever service arrangement they might have with their ISP.
The Court considers each factor in turn.
A. Factor One: Prima Facie Claim of Actionable Harm
This factor has three parts. First, the plaintiffs must assert an "actionable harm," a claim upon which relief can be granted. Second, the claim must be supported by prima facie evidence. That standard does not require the plaintiffs to prove their claim. They need only proffer sufficient evidence that, if credited, would support findings in their favor on all facts essential to their claim. See Adelson v. Hananel, 510 F.3d 43, 48 (1st Cir.2007) (discussing prima facie standard for personal jurisdiction). Finally, both the claim and the prima facie evidence supporting it must be "concrete." That is, they must be [165] reasonably grounded in allegations of a specific act of infringement.
The movants and the EFF argue that the plaintiffs have failed to meet their burden under each part of the test. See Mot. Quash at 3-7 (document #104); Mot. Quash at 4-10 (document #115); EFF Br. at 9-24 (document #152). Their arguments involve important and difficult questions of copyright law. Ultimately, however, the Court finds that the plaintiffs have satisfied this factor. Considering as true the facts they have pleaded, and drawing all reasonable inferences in their favor, the plaintiffs have made a concrete showing of a prima facie case of an actionable harm.
1. Whether the Plaintiffs Have Asserted a Claim Upon Which Relief Can Be Granted
A claim for copyright infringement has two elements. First, the plaintiffs must demonstrate that they hold a valid copyright (an issue the defendants do not contest.) Second, the plaintiff must show that the defendant violated of one of the exclusive rights held by a copyright owner. See T-Peg, Inc. v. Vermont Timber Works, Inc., 459 F.3d 97, 108 (1st Cir.2006); see also Feist Publ'ns, Inc. v. Rural Tel. Serv. Co., 499 U.S. 340, 360-61, 111 S.Ct. 1282, 113 L.Ed.2d 358 (1991); 17 U.S.C. § 501(a). The plaintiffs claim that "each [defendant, without the permission or consent of [p]laintiffs, has ... downloaded] or distribut[ed] to the public" music files to which the plaintiff holds the copyright. Compl. at 5 (docket no. 07-cv-10834, document #1). Two rights reserved to the copyright holder are at issue in this case: the right "to reproduce the copyrighted work in copies or phonorecords," 17 U.S.C. § 106(1), and the right "to distribute copies or phonorecords of the copyrighted work to the public by sale or other transfer of ownership, or by rental, lease, or lending," id. § 106(3).
The movants and the amicus present two broad arguments, each of which requires the Court to consider the scope of a copyright holder's exclusive rights under the statutes quoted above. First, they contend that the copyright laws require an actual dissemination of copyrighted material; merely making copyrighted material available for another person to copy, they argue, is only an attempt at infringement — which is not actionable. Mem. Supp. Mot. Quash at 4-6 (document #104); Mot. Quash at 7 (document #115); EFF Br. at 10-15 (document #152). Second, they contend that the scope of the rights given to copyright owners by § 106 is limited by the definition of "phonorecords" as "material objects" in 17 U.S.C. § 101.[14] In their view, the copyright owner's rights are limited to tangible, physical objects, and purely electronic transmissions over the internet fall outside those rights.[15] Suppl. Mem. L. Supp. Mot. Quash at 4-6 (document #149); Mot. Quash at 7 (document #115); EFF Br. at 15-24 (document #152). Both of these broad arguments question whether the plaintiffs have alleged a legally cognizable [166] harm under the copyright statutes. If they have not, then the subpoena must be quashed.
a. Whether the Copyright Holder's Right Extends Only to Actual Distributions
The first question the Court must address is whether the distribution right under 17 U.S.C. § 106(3) requires an actual dissemination to constitute an infringement.[16] It is an important issue, determining in part how to evaluate the proffered evidence in this case. MediaSentry, posing as just another peer-to-peer user, can easily verify that copyrighted material has been made available for download from a certain IP address. Arguably, though, MediaSentry's own downloads are not themselves copyright infringements because it is acting as an agent of the copyright holder, and copyright holders cannot infringe their own rights.[17] If that argument is accepted, MediaSentry's evidence cannot alone demonstrate an infringement.
The plaintiffs suggest two reasons why an actual distribution might not be required. First, the statute reserves to the copyright owner the right "to do and to authorize ... [the distribution of] copies or phonorecords of the copyrighted work to the public." § 106(3) (emphasis added). The language appears to grant two distinct rights: "doing" and "authorizing" a distribution. Making the copyrighted material available over the internet might constitute an actionable "authorization" of a distribution. Second, if mere authorization is not enough, the plaintiffs argue that in appropriate circumstances — including these — "making available" copyrighted material is sufficient to constitute an act of actual distribution. Neither argument has merit.
The First Circuit has squarely considered and rejected the proposition that copyright liability arises where the defendant authorized an infringement, but no actual infringement occurred. See Venegas-Hernandez v. Ass'n De Compositores & Editores de Musica Latinoamericana, 424 F.3d 50, 57-58 (1st Cir.2005). It noted that Congress' intent in adding "authorize" to the statute was to "avoid any questions as to the liability of contributory infringers." Id. at 58 (internal quotation marks omitted) (quoting H.R. Rep. 94-1476 ("House Report") at 52 (1976), reprinted in 1976 U.S.C.C.A.N. 5659, 5674). Authorization is sufficient to give rise to liability, but only if an infringing act occurs after the authorization. See id. at 59; see also Latin Am. Music Co. v. The Archdiocese of San Juan of the Roman Catholic & Apostolic Church, 499 F.3d 32, 46 (1st Cir.2007) (citing and applying Venegas-Hernandez).
Thus, to constitute a violation of the distribution right under § 106(3), the defendants' actions must do more than "authorize" a distribution; they must actually "do" it. The Court therefore moves to [167] the plaintiffs' second argument: Merely making copyrighted works available to the public is enough where, as in this case, the alleged distributor does not need to take any more affirmative steps before an unauthorized copy of the work changes hands. Other courts have split over whether that is a valid reading of the statute. Compare Hotaling v. Church of Jesus Christ of Latter-Day Saints, 118 F.3d 199 (4th Cir. 1997) (holding that making copyrighted material available is sufficient to constitute a distribution), and Arista Records LLC v. Greubel, 453 F.Supp.2d 961, 969-70 (N.D.Tex.2006) (citing and following Hotaling), and Warner Bros. Records, Inc. v. Payne, No. W-06-CA051, 2006 WL 2844415, at *3-*4 (W.D.Tex. July 17, 2006) (same), with In re Napster, Inc. Copyright Litig., 377 F.Supp.2d 796, 802-05 (N.D.Cal.2005) (criticizing Hotaling as being "contrary to the weight of [other] authorities" and "inconsistent with the text and legislative history of the Copyright Act of 1976"), and Natl Car Rental Sys., Inc. v. Computer Assocs. Int'l, Inc., 991 F.2d 426, 434 (8th Cir.1993) (stating that infringement of the distribution right requires the actual dissemination of copies or phonorecords).
To suggest that "making available" may be enough, the plaintiffs rely primarily on the Fourth Circuit's decision in Hotaling.[18] In that case, a library had an unauthorized copy of a book, which it "made available" to the public; the defendant argued that without a showing that any member of the public actually read the book, it could not be liable for "distribution." See id. at 201-02, 203. The district court agreed and granted summary judgment to the defendant. The Fourth Circuit reversed:
When a public library adds a work to its collection, lists the work in its index or catalog system, and makes the work available to the borrowing or browsing public, it has completed all the steps necessary for distribution to the public. At that point, members of the public can visit the library and use the work. Were this not to be considered distribution within the meaning of § 106(3), a copyright holder would be prejudiced by a library that does not keep records of public use, and the library would unjustly profit by its own omission.
Id.; see also id. at 204.
The plaintiffs contend that this case is analogous to Hotaling,[19] and suggest [168] that the Court should reach the same conclusion as the Fourth Circuit. But the EFF correctly points out a lacuna in the Fourth Circuit's reasoning. See EFF Br. at 15 (citing William F. Patry, 4 Patry on Copyright §§ 13:9, 13:11 (2007)). Merely because the defendant has "completed all the steps necessary for distribution" does not necessarily mean that a distribution has actually occurred.[20] It is a "distribution" that the statute plainly requires. See 17 U.S.C. § 106(3).
The plaintiffs encourage the Court to adopt a much more capacious definition of "distribution." They argue that the Supreme Court has held that the "terms `distribution' and `publication' ... [are] synonymous in the Copyright Act." Pls.' Resp. Opp. Amicus Curiae Br. at 2-3 (document #157) (citing Harper & Row, 471 U.S. at 552, 105 S.Ct. 2218).[21] They further note, correctly, that the statutory definition of publication can include offers to distribute. See 17 U.S.C. § 101. And sharing music files on a peer-to-peer network does, at least arguably, constitute an offer to distribute them.
While some lower courts have accepted the equation of publication and distribution, see Greubel, 453 F.Supp.2d at 969; In re Napster, 377 F.Supp.2d at 803, the plaintiffs' argument mischaracterizes the Supreme Court's decision in Harper & Row. The Supreme Court stated only that § 106(3) "recognized for the first time a distinct statutory right of first publication," and quoted the legislative history as establishing that § 106(3) gives a copyright holder "the right to control the first public distribution of an authorized copy ... of his work." Harper & Row, 471 U.S. at 552, 105 S.Ct. 2218 (internal quotation marks omitted) (quoting House Report at 62, reprinted in 1976 U.S.C.C.A.N. at 5675) (alteration in Harper & Row). That is a far cry from squarely holding that publication and distribution are congruent.
To the contrary, even a cursory examination of the statute suggests that the terms are not synonymous. "Distribution" is undefined in the copyright statutes. "Publication," however, is defined, and incorporates "distribution" as part of its definition:
'Publication' is the distribution of copies or phonorecords of a work to the public by sale or other transfer of ownership, or by rental, lease, or lending. The offering to distribute copies or phonorecords to a group of persons for purposes of further distribution, public performance, or public display, constitutes publication. A public performance or display [169] of a work does not of itself constitute publication.
17 U.S.C. § 101. By the plain meaning of the statute, all "distributions ... to the public" are publications. But not all publications are distributions to the public — the statute explicitly creates an additional category of publications that are not themselves distributions. For example, suppose an author has a copy of her (as yet unpublished) novel. If she sells that copy to a member of the public, it constitutes both distribution and publication. If she merely offers to sell it to the same member of the public, that is neither a distribution nor a publication. And if the author offers to sell the manuscript to a publishing house "for purposes of further distribution," but does not actually do so, that is a publication but not a distribution.
Plainly, "publication" and "distribution" are not identical. And Congress' decision to use the latter term when defining the copyright holder's rights in 17 U.S.C. § 106(3) must be given consequence. In this context, that means that the defendants cannot be liable for violating the plaintiffs' distribution right unless a "distribution" actually occurred.
But that does not mean that the plaintiffs' pleadings and evidence are insufficient. The Court can draw from the Complaint and the current record a reasonable inference in the plaintiffs' favor — that where the defendant has completed all the necessary steps for a public distribution, a reasonable fact-finder may infer that the distribution actually took place. As in Hotaling, the defendants have completed the necessary steps for distribution, albeit electronic: Per the plaintiffs' pleadings, each individual Doe defendant connected to the peer-to-peer network in such a way as to allow the public to make copies of the plaintiffs' copyrighted recordings. See Compl. at 5 (docket no. 07-cv-10834, document #1). Through their investigator, the plaintiffs have produced evidence that the files were, in fact, available for download. They have also alleged that sound recordings are illegally copied on a large scale, supporting the inference that the defendants participated in the peer-topeer network with the intent that other users could download from the defendants copies of the plaintiffs' copyrighted material. See Linares Decl. at 3-4, Ex. A to PI. Mot. Leave to Take Immediate Discovery (docket no. 07-cv-10834, document #5). At least at this stage of the proceedings, that is enough. The plaintiffs have pled an actual distribution and provided some concrete evidence to support their allegation.
b. Whether the Distribution Right Is Limited to Physical, Tangible Objects
Next, the movants and the EFF contend that the distribution right under 17 U.S.C. § 106(3) is limited to physical, tangible objects. By its terms, the distribution right only extends to distributions of "phonorecords of the copyrighted work to the public by sale or other transfer of ownership, or by rental, lease or lending." In turn, 17 U.S.C. § 101 defined "phonorecords" as "material objects in which sounds ... are fixed." The movants and the EFF focus on the phrase "material object," as well as the meaning of "sale or other transfer," and conclude that purely electronic file sharing does not fall within the scope of the right. If their argument is accepted, it would mean that the plaintiffs' Complaint is legally insufficient to allege a violation of the distribution right protected by§ 106(3).
The movants' argument is sweeping, carrying substantial implications for a great deal of internet commerce — any involving computer-to-computer electronic transfers of information. Indeed, this case is an exemplar. The plaintiffs have not [170] alleged a physical distribution. To the contrary, it is clear that their harm comes from the purely electronic copying of music files. See Linares Decl. at 3-4, Ex. A to PL Mot. Leave to Take Immediate Discovery (docket no. 07-cv-10834, document #5). After carefully considering the parties' and the EFF's arguments, the Court concludes that § 106(3) confers on copyright owners the right to control purely electronic distributions of their work.
As noted above, 17 U.S.C. § 106(3) applies to the distribution of "phonorecords." And "phonorecords" are defined in full as follows:
'Phonorecords' are material objects in which sounds, other than those accompanying a motion picture or other audiovisual work, are fixed by any method now known or later developed, and from which the sounds can be perceived, reproduced, or otherwise communicated, either directly or with the aid of a machine or device. The term`phonorecords' includes the material object in which the sounds are first fixed.
17 U.S.C. § 101. The movants and the EFF contend that the electronic distribution, if it occurred, did not involve the "distribution" of a material object "by sale or other transfer of ownership, or by rental, lease or lending," as §§ 106(3) and 101 require. The argument has two closely related prongs-first, that no material object actually changed hands, and second, that even if it did, it was not through one of the methods of transfer enumerated in the statute.
Each of those arguments relies on an overly literal definition of "material object," and one that ignores the phrase's purpose in the copyright statutes. Congress intended for the copyright owner to be able to control the public distribution of items that can reproduce the artist's sound recording. It makes no difference that the distribution occurs electronically, or that the items are electronic sequences of data rather than physical objects.
Before squarely addressing the parties' arguments, however, the Court briefly revisits an important foundational issue — whether the electronic files at issue here can constitute "material objects" within the meaning of the copyright statutes. Doing so will help the Court explain the scope of the distribution right and frame the application of the Copyright Act to an electronic world.
(1) Electronic Files Are Material Objects
Understanding Congress' use of "material object" requires returning to a fundamental principle of the Copyright Act of 1976, Pub.L. No. 94-553, 90 Stat. 2541 (codified as amended in 17 U.S.C). Congress drew "a fundamental distinction between the`original work' which is the product of`authorship' and the multitude of material objects in which it can be embodied. Thus, in the sense of the [Copyright Act], a`book' is not a work of authorship, but is a particular kind of`copy.'" House Report at 53, reprinted in 1976 U.S.C.C.A.N. at 5666.[22]
The Copyright Act thus does not use materiality in its most obvious sense — to mean a tangible object with a certain heft, like a book or compact disc. Rather, [171] it refers to materiality as a medium in which a copyrighted work can be "fixed." See 17 U.S.C. § 101 ("A work is`fixed' in a tangible medium of expression when its embodiment in a copy or phonorecord, ... is sufficiently permanent or stable to permit it to be perceived, reproduced, or otherwise communicated for a period of more than transitory duration."). As the Second Circuit cogently explained, "[t]he sole purpose of § 101`s definitions of the words `copies' and`fixed' is to ... define the material objects in which copyrightable and infringing works may be embedded and to describe the requisite fixed nature of that work within the material object." Matthew Bender & Co., Inc. v. West Pub. Co., 158 F.3d 693, 702 (2d Cir.1998). The opposite is true as well. The sole purpose of the term "material object" is to provide a reference point for the terms "phonorecords" and "fixed."[23]
This analysis is borne out in other aspects of the Copyright Act — for example, the Act's abrogation of a common-law presumption regarding the sale of copyrights. At common-law, if an author sold her manuscript, the sale included the author's copyrights in the original work unless the sale agreement specifically excepted them. See, e.g., Yardley v. Houghton Mifflin Co., 108 F.2d 28, 30-31 (2d Cir.1939); Pushman v. New York Graphic Soc'y, Inc., 287 N.Y. 302, 306-07, 39 N.E.2d 249 (1942). Congress specifically abolished that presumption by distinguishing between the abstract, original work on the one hand, which is the source of the copyrights, and its material incarnation on the other, which is protected by the copyrights. See 17 U.S.C. § 202; House Report at 53, 123, reprinted in 1976 U.S.C.C.A.N. at 5666, 5739-40. Because the two are different, the author can freely sell a copy without disturbing the copyrights.
Thus, any object in which a sound recording can be fixed is a "material object." That includes the electronic files at issue here. When a user on a peer-to-peer network downloads a song from another user, he receives into his computer a digital sequence representing the sound recording. That sequence is magnetically encoded on a segment of his hard disk (or likewise written on other media.) With the right hardware and software, the downloader can use the magnetic sequence to reproduce the sound recording. The electronic file (or, perhaps more accurately, the appropriate segment of the hard disk) is therefore a "phonorecord" within the meaning of the statute. See § 101 (defining "fixed" and "phonorecords"); Matthew Bender & Co., 158 F.3d at 703-04. See also New York Times Co. v. Tasini 533 U.S. 483, 490-91, 121 S.Ct. 2381, 150 L.Ed.2d 500 (2001) (appearing to assume that electronic-only distributions constitute material objects); Stenograph LLC v. Bossard Assocs., Inc., 144 F.3d 96, 100 (D.C.Cir.1998) (holding that installation [172] of software onto a computer results in "copying"); Working Group on Intellectual Property Rights, Intellectual Property and the National Information Infrastructure 213 (1995), available at http://www. uspto.gov/go/com/doc/ipnii/ipnii.pdf (noting that electronic transmissions implicate copyright holders' rights and strongly implying that electronic files constitute "material objects").
With that background, the Court turns to the movants' and the EFF's arguments.
(2) The Transmission of an Electronic File Constitutes a "Distribution" Within the Meaning of § 106(3)
The movants and the EFF present two reasons why the Court should decline to find that purely electronic transmissions are a violation of the distribution right. First, they note that the distribution right is limited to "phonorecords of the copyrighted work," 17 U.S.C. § 106(3), and that part of the definition of "phonorecords" is that they are "material objects," id. § 101. They focus on the phrase "material objects" to suggest that a copyright owner's distribution right only extends to "tangible" objects. See EFF Br. at 15-16. Because there was no exchange of tangible objects in this case — no "hand-to-hand" exchange of physical things — they argue that the plaintiffs' distribution right was not infringed by the defendants' actions.
The movants' second argument focuses on a different phrase in § 106(3): "distribution" is limited to exchanges "by sale or other transfer of ownership, or by rental, lease, or lending." They note, correctly, that an electronic download does not divest the sending computer of its file, and therefore does not implicate any ownership rights over the sound file held by the transferor. Therefore, they conclude, an electronic file does not fit within the defined limits of the distribution right.
The movants' two arguments appear to be analytically distinct, but in fact each is the obverse of the other: Any time the transfer of copyrighted material takes place electronically, both contentions at least potentially come into play. Electronic transfers generally involve the reading of data at point A and the replication of that data at point B. Whenever that is true, one person might be stationed at point A and another at point B, obviating the need for a "hand-to-hand" transfer. Similarly, because the data at point A is not necessarily destroyed by the process of reading it, the person at point A might retain ownership over the original, forestalling the need for a "sale or other transfer of ownership," as stated in § 106(3).
Clearly, that description accurately characterizes electronic file transfers. The internet makes it possible for a sending computer in Boston and a downloader in California to communicate quickly and easily; the physical distance between the two, as well as the purely electronic nature of the transfer, makes the movants' argument attractive. But the "point A-to-point B" characterization is no less apt for an older technology, such as a fax transfer over a phone line. And it also applies to cases in which point A and point B are very close together — even in the same room.[24] The movants' argument thus pivots on the nature of the transfer, in which the copyrighted work is read by a machine, translated into data, transmitted (in data form), and re-translated elsewhere.
[173] After carefully considering the parties' and the EFF's arguments, the Court concludes that 17 U.S.C. § 106(3) does reach this kind of transaction. First, while the statute requires that distribution be of "material objects," there is no reason to limit "distribution" to processes in which a material object exists throughout the entire transaction — as opposed to a transaction in which a material object is created elsewhere at its finish. Second, while the statute addresses ownership, it is the newly minted ownership rights held by the transferee that concern it, not whether the transferor gives up his own.
The first point requires that the Court closely examine the scope of the distribution right under § 106(3). The statute provides copyright owners with the exclusive right "to distribute ... phonorecords of the copyrighted work to the public by sale or other transfer of ownership, or by rental, lease, or lending." 17 U.S.C. § 106(3). In turn, phonorecords are defined in part as "material objects in which sounds ... are fixed by any method." Id. § 101. And as discussed above, in the sense of the Copyright Act, "material objects" should not be understood as separating tangible copies from non-tangible copies. Rather, it separates a copy from the abstract original work and from a performance of the work. See supra Section IV.A.l.b.(1).
Read contextually, it is clear that this right was intended to allow the author to control the rate and terms at which copies or phonorecords of the work become available to the public. In that sense, it is closely related to the reproduction right under § 106(1), but it is not the same. As Congress noted, "a printer [who] reproduces copies without selling them [and] a retailer [who] sells copies without having anything to do with their reproduction" invade different rights. House Report at 61, reprinted in 1976 U.S.C.C.A.N. at 5675. Under § 106(3),
[T]he copyright owner [has] the right to control the first public distribution of an authorized copy or phonorecord of his work, whether by sale, gift, loan, or some rental or lease arrangement. Likewise, any unauthorized public distribution of copies or phonorecords that were unlawfully made [is] an infringement. As section 109 makes clear, however, the copyright owner's rights under section 106(3) cease with respect to a particular copy or phonorecord once he has parted with ownership of it.
House Report at 62, reprinted in 1976 U.S.C.C.A.N. at 5675-76. Clearly, § 106(3) addresses concerns for the market for copies or phonorecords of the copyrighted work, and does so more explicitly and directly than the other provisions of § 106.[25]
An electronic file transfer is plainly within the sort of transaction that § 106(3) was intended to reach. Indeed, electronic transfers comprise a growing part of the legitimate market for copyrighted sound recordings. See, e.g., Verne Kopytoff & [174] Ellen Lee, Tech Chronicles, S.F. Chron., Feb. 27, 2008, at CI (reporting that through its iTunes Store, which operates exclusively via electronic file transfer, Apple has sold more than 4 billion songs to 50 million customers).[26] What matters in the marketplace is not whether a material object "changes hands," but whether, when the transaction is completed, the distributee has a material object. The Court therefore concludes that electronic file transfers fit within the definition of "distribution" of a phonorecord.[27]
For similar reasons, the Court concludes that an electronic file transfer can constitute a "transfer of ownership" as that term is used in § 106(3). As noted above, Congress wrote § 106(3) to reach the "unauthorized public distribution of copies or phonorecords that were unlawfully made." House Report at 62, reprinted in 1976 U.S.C.C.A.N. at 5676. That certainly includes situations where, as here, an "original copy" is read at point A and duplicated elsewhere at point B.[28] Since the focus of § 106(3) is the ability of the author to control the market, it is concerned with the ability of a transferor to create ownership in someone else — not the transferor's ability simultaneously to retain his own ownership.
This conclusion is supported by a comparison to the "first sale" doctrine, codified at 17 U.S.C. § 109. The "first sale" doctrine provides that once an author has released an authorized copy or phonorecord of her work, she has relinquished all control over that particular copy or phonorecord. See id. § 109(a); House Report at 79-80, reprinted in 1976 U.S.C.C.A.N. at 5693-94. The person who bought the copy — the "secondary" purchaser — may sell it to whomever she pleases, and at the terms she directs. The market implications are clear. The author controls the volume of copies entering the market, but once there, he has no right to control their secondary and successive redistribution. To be sure, the author retains a certain degree of control over the secondary sale, at least to the extent that he can control that redistributions through the terms in the original sales contract. But he must bring a contract suit, not an infringement action. See id. at 79, reprinted in 1976 U.S.C.C.A.N. at 5693. See also, e.g., Am. Int'l Pictures, Inc. v. Foreman, 576 F.2d 661, 664 (5th Cir.1978) (holding that where copyrighted material is resold subject to restrictions, and the secondary buyer violates those restrictions, no copyright infringement action lies). More often and more practically, however, the author will simply price the new copies or phonorecords to reflect the work's value in a secondary market. See, e.g., Vincent v. City Colleges of Chicago, 485 F.3d 919 (7th Cir.2007) (citing Stanley M. Besen & Sheila N. Kirby, Private Copying, Appropriability & Optimal, Copyright Royalties, 32 J.L. & Econ. 255 (1989)).
Conversely, where ownership is created through an illegal copy, the first [175] sale doctrine does not provide a defense to a distribution suit. See Quality King Distrib.. Inc. v. L'anza Research Int'l, Inc., 523 U.S. 135, 148, 118 S.Ct. 1125, 140 L.Ed.2d 254 (1998). The distinction makes sense: where ownership is created through an illegal copy, the copyright holder has never had the chance to exercise his market rights over the copy. That is precisely the situation here.[29]
2. Whether the Plaintiffs Have Adduced Prima Facie Evidence of Infringement
The second sub-element of the Sony Music test's first factor asks whether the plaintiffs have presented prima facie evidence of infringement. See 326 F.Supp.2d at 564. Just as police cannot invade the privacy of a home without some concrete evidence of wrongdoing inside, plaintiffs should not be able to use the Court to invade others' anonymity on mere allegation. By requiring plaintiffs to make out a prima facie case of infringement, the standard requires plaintiffs to adduce evidence showing that their complaint and subpoena are more than a mere fishing expedition. The plaintiffs need not actually prove their case at this stage; they need only present evidence adequate to allow a reasonable fact-finder to find that each element of their claim is supported. See Adelson, 510 F.3d at 48.' They have done so.
The first element of a copyright infringement suit is a valid copyright. See T-Peg, 459 F.3d at 108. The plaintiffs have asserted, and the defendants have not challenged, that they hold the copyright to each of the sound recordings incorporated into the complaint. See Compl. at 4-5 (docket no. 07-cv-10834, document #1).
The second element is violation of one of the copyright holder's exclusive rights. See T-Peg, 459 F.3d at 108. The movants and the EFF argue that because the plaintiffs have not demonstrated an actual infringement, they have not asserted an actual violation.[30] They reason that the [176] investigator downloading the files from the defendants' computers was an agent of the plaintiffs, and plaintiffs cannot infringe their own copyrights. See Mem. Supp. Mot. Quash at 4-6 (document #149); EFF Br. at 12 n. 8 (document #152).
The Court need not now decide the precise nature of the evidence Media-Sentry gathered. While the parties dispute whether an investigator's download can be a perfected infringement, the downloads are also relevant, as described above, for another purpose: demonstrating that such infringement was technically feasible, thereby demonstrating that distributions could occur.
The plaintiffs have alleged that each defendant shared many, many music files — at least 100, and sometimes almost 700. See Ex. A to Compl. (docket no. 07-cv-10834, document #1) (providing information for each Doe, including number of copyrighted music files shared); Linares Decl. at 4, Ex. A to PI. Mot. Leave to Take Immediate Discovery (docket no. 07-cv-10834, document #5) (attesting to the veracity of the information contained in Exhibit A to the Complaint).[31] As noted above, that evidence supports an inference that the defendants participated in the peer-to-peer network precisely to share copyrighted files. The evidence and allegations, taken together, are sufficient to allow a statistically reasonable inference that at least one copyrighted work was downloaded at least once. That is sufficient to make out a prima facie case for present purposes.[32] Discovery may well reveal other factors relevant to the statistical inference, such as the length of time the defendant used peer-to-peer networks.
The plaintiffs have satisfied their burden for a prima facie case. As noted above, merely exposing music files to the internet is not copyright infringement. The defendants may still argue that they did not know that logging onto the peer-topeer network would allow others to access these particular files, or contest the nature of the files, or present affirmative evidence rebutting the statistical inference that downloads occurred. But these are substantive defenses for a later stage. Plaintiffs need not prove knowledge or intent in order to make out a prima facie case of infringement. See Feist, 499 U.S. at 361, [177] 111 S.Ct. 1282; Data Gen. Corp. v. Grumman Sys. Support Corp., 36 F.3d 1147, 1160 n. 19 (1st Cir.1994). As noted above, they are not required to win their case in order to serve the defendants with process.
3. Whether the Plaintiffs Have Tied Their Allegations and Evidence to Specific Acts of Infringement
The third sub-element of the first Sony Music factor is that the allegations be "concrete" — that they be tied to specific acts of infringement. See 326 F.Supp.2d at 564. The movants argue that the plaintiffs have failed to do so. Mot. Quash at 7-10 (document #115). In considering this question, the Court must keep in mind that transfers on a peer-to-peer network are not observable by outside users. To show infringement,[33] the plaintiffs are obliged to build a chain of inferences. The Court finds that, on this record, the chain is adequately anchored to specific allegations to satisfy this sub-element.
The plaintiffs have alleged that each of the defendants used the peer-to-peer network to distribute copies of specific sound recordings, detailed in Exhibit A to the Complaint. For instance, Doe no. 21, one of the movants here, is alleged to have distributed the song "Clocks," by the artist Coldplay. Capitol Records holds the copyright to that song. See Ex. A to Compl. (docket no. 07-cv-10834, document #1). The plaintiffs allege that the downloading creates a precise copy of the song. And Doe no. 21 is alleged to have "continuously used, and [to] continue[] to use," a peerto-peer network. Compl. at 5 (docket no. 07-cv10834, document #1). Finally, the fact of MediaSentry's download shows that it was, in fact, possible to download "Clocks" from Doe no. 21's computer as of 6:56 a.m. on January 25, 2007. Thus, the plaintiffs have alleged the specific content at issue; the essential nature of the infringement of that content; a rough time period in which the infringement took place; and that at a certain time, the defendant had taken every step necessary for an infringement of Capitol Records's rights in "Clocks" to occur.
While the plaintiffs must eventually prove that an actual infringement of those rights occurred, they may certainly do so through circumstantial proof and inference. And drawing a reasonable inference in the plaintiffs' favor, one did occur. The plaintiffs' current showing is adequate to satisfy both Federal Rule of Civil Procedure 8 and the more exacting standard of Sony Music — even if they could not directly observe, and thus allege, an infringing act. See, e.g., 5 Patry, Patry on Copyright, §§ 19:3 (listing necessary elements to plead a copyright claim), 19:10 (discussing pleading acts of infringement with specificity).
B. Factors Two, Three, and Four: Need and Narrow Tailoring
The second, third, and fourth factors in the Sony Music test are designed to ensure that the subpoena is appropriate to the plaintiffs' needs, their allegations, and' the preliminary evidence they have presented. The Court weighs "(2) specificity of the discovery request, (3) the absence of alternative means to obtain the subpoenaed information, [and] (4) a central need for the subpoenaed information to advance the claim." Sony Music, 326 F.Supp.2d at 565. Thus, the second factor prevents the subpoena from being so overbroad that it unreasonably invades the anonymity of users who are not alleged to have infringed copyright. The third cuts against the subpoena if there is another [178] reasonable and less-intrusive means to gather the same information. And the fourth tests whether the plaintiffs must have the information to proceed. On the circumstances of this case, the third and fourth factors support the disclosure of the defendants' identities. However, the Court is unable to determine on this record whether the plaintiffs' request is adequately specific to satisfy the second factor.
1. Specificity of the Discovery Request
The second Sony Music factor examines the breadth of the information sought by the plaintiffs. It has two aspects: first, the breadth of the information the plaintiffs seek, and second, whether the subpoena requires the ISP to reveal identifying information for numerous non-infringing parties, piercing the First Amendment anonymity to which they are entitled.
Under the Court's Order permitting expedited discovery, the plaintiffs are limited to identifying information: "name, address, telephone number, e-mail address, and Media Access Control addresses for each defendant." Amended Order re: Expedited Discovery at 1 (May 9, 2007) (docket no. 07-cv-10834, document #8).[34] The Court further ordered that "[n]o further information about the Doe defendants shall be revealed." Id. These limits are appropriate because they allow the plaintiffs to discover whom they are suing — the purpose of the expedited discovery — but no more. It does not, for example, permit disclosure of any information regarding the defendant's internet use.
Second, the Court must consider whether the information sought can be reasonably traced to a particular defendant. Generally speaking, according to the plaintiffs, the combination of IP address and date and time of access is sufficient to allow identification of the defendant. See Mem. Supp. Ex Parte Application for Leave To Take Immediate Discovery at 2 (docket no. 07-cv-10834, document #5).
That claim may not always be true. More than one computer may be placed under a single IP number. Thus, it is possible that the ISP may not be able to identify with any specificity which of numerous users is the one in question. See Stengel Decl. at 3 (document #118). If that is the case, giving the plaintiffs a long list of possible infringers would permit precisely the sort of fishing expedition the Sony Music test is designed to avoid. On the other hand, the ISP may frequently be able to narrow the list to a handful of possible users. In that situation, the plaintiffs should be entitled to use discovery to determine the identity of the alleged infringer. While it still might be possible that an unauthorized user was the actual infringer, see id., that is a matter better left for further discovery and presentation of the plaintiffs' claims on their merits.
The problem calls for a pragmatic solution that carefully respects the anonymity [179] of potentially innocent parties. Therefore, the Court will undertake to review particular cases as they come up, based on the number of users at issue and the degree of particularity with which the plaintiffs would be able to pick out the alleged infringer from a list. The subpoena to be served on Boston University shall be modified as discussed below in Section IV.D.
2. Absence of Alternative Means to Obtain Information
The third Sony Music factor requires that the plaintiffs have no other, less-intrusive way of obtaining the information they seek. This factor appears to be met in this case. Only the ISP has any record of which IP addresses were assigned to which users. To other entities online, those users would appear only as their IP addresses. The movants have not suggested any other method of obtaining the defendants' information; nor is the Court aware of any.
3. Central Need to Litigation
Finally, it is evident that the plaintiffs need the information in order to further the litigation. Without names and addresses, the plaintiffs cannot serve process, and the litigation can never progress. Therefore, the plaintiffs do have a central need for this information.
C. Factor Five: The Defendants' Expectations of Privacy
The final Sony Music factor regards the expectation of privacy held by the Doe defendants, as well as other innocent users who may be dragged into the case (for example, because they shared an IP address with an alleged infringer.) See 326 F.Supp.2d at 565.
As discussed above, see Section III, the alleged infringers have only a thin First Amendment protection. See Harper & Row, 471 U.S. at 559-60, 105 S.Ct. 2218.[35] Moreover, many internet service providers require their users to acknowledge as a condition of service that they are forbidden from infringing copyright owners' rights, and that the ISP may be required to disclose their identity in litigation. See, e.g., Sony Music, 326 F.Supp.2d at 559.
The record is unfortunately silent as to Boston University's terms of service agreement, if one exists. That agreement could conceivably make a substantial difference to the expectation of privacy a student has in his or her internet use. The process through which the plaintiffs determine whether a particular user actually used a peer-to-peer network to distribute music files may be much more intrusive than merely obtaining identities. In one case before the Court,[36] the plaintiffs have sought to obtain an image of a defendant's hard disk,[37] allowing a forensic computer [180] expert to inspect it to determine whether the defendant possessed an electronic copy of the plaintiffs' copyrighted material. See Pls.' Mot. Compel Discovery (docket no. 03-cv-11661, document #527).[38]
The Court finds that the terms of service arrangement, if one exists, would be extremely helpful in analyzing the privacy interests at issue. As this is an important factor for the Sony Music test, the Court will require that the subpoena served on Boston University be modified to require that it submit to the Court its terms of service arrangement.
D. Required Modifications to the Subpoenas
For the reasons explained above in Sections IV.B.1 and IV.C, the Court lacks the information to adjudicate whether the plaintiffs have carried their burden in demonstrating a need for expedited discovery under the Sony Music test. Therefore, the Motions to Quash that assert privacy interests (documents ##104 and 115) are GRANTED. The plaintiffs may renew their motion for expedited discovery, but must attach to such motion a copy of the Rule 45 subpoena to be served on Boston University. The subpoena must include the following language or language substantially similar:
The ISP shall submit to the Court, under seal, the information requested by the plaintiffs for its consideration in camera. For any IP address provided by the plaintiffs for which the ISP is unable to determine, to a reasonable degree of technical certainty, the identity of the user, it shall submit a list of all such users and a brief statement explaining the difficulty in selecting among them the alleged infringer.
The ISP shall simultaneously submit to the Court its terms of service agreement with its users, or, if it does not have a terms of service agreement, a statement to that effect.
The submissions by the ISP shall be made no later than 14 days after service of the subpoena.
The ISP shall not disclose to the plaintiffs any information regarding the identities of the defendants unless ordered to do so by this Court.
The Court, with the Sony Music framework thus in place, will consider the plaintiffs' request for expedited discovery as made in their renewed motion.
V. THE MOTION TO QUASH FOR LACK OF PERSONAL JURISDICTION
In addition to the Motions to Quash filed by the Boston University Does, one other Doe has filed a Motion to Quash. She claims that the Court lacks personal jurisdiction over her. She asserts, among other things, that she has never lived in Massachusetts and that "none of [her] visits to the State of Massachusetts had any relationship to the matter for which [she is] being sued, namely [her] alleged use of filesharing systems from [her] home in Maryland." Doe Aff. at 1, Ex. A to Mot. Quash Due to Lack of Personal Jurisdiction (document #113). The Court has the discretion to permit jurisdictional discovery. See, e.g., United States v. Swiss Am. Bank, Ltd., 274 F.3d [181] 610, 626 (1st Cir.2001). It is appropriate to do so in this case.
The only information the Court has before it is Jane Doe's affidavit — signed as Jane Doe — attesting that she is not a Massachusetts resident. On the facts of this case, that is an insufficient basis to disallow jurisdictional discovery. Even taking all of the facts in her affidavit as true, it is possible that the Court properly has personal jurisdiction. The Massachusetts long-arm statute permits jurisdiction to the extent allowed by constitutional limits. Daynard v. Ness, Motley, Loadholt, Richardson & Poole, P.A., 290 F.3d 42, 52 (1st Cir.2002) (quoting 'Automatic' Sprinkler Corp. of Am. v. Seneca Foods Corp., 361 Mass. 441, 280 N.E.2d 423 (1972)). It is a broad license. For example, Jane Doe might well be subject to jurisdiction if she infringed the plaintiffs' copyrights on a trip into Massachusetts. See Mass. Gen. Laws ch. 223A, § 3(c)-(d). It would be premature to adjudicate personal jurisdiction on this record.
The Motion to Quash Due to Lack of Personal Jurisdiction (document #113) is DENIED without prejudice.
VI. CONCLUSION
For the foregoing reasons, the Motions to Quash (document ##103 and 115) are GRANTED. The plaintiffs' Motion for Expedited Discovery may be renewed subject to the requirements on the subpoena set forth above in Section IV.D. Boston University is ORDERED not to destroy the information sought by plaintiffs unless the subpoena is not renewed by April 16, 2008. Furthermore, the Motion to Quash Due to Lack of Personal Jurisdiction (document #113) is DENIED without prejudice.
SO ORDERED.
APPENDIX A
COURT — DIRECTED NOTICE REGARDING ISSUANCE OF SUBPOENA
A subpoena has been issued directing Boston University, your Internet Service Provider ("ISP"), to disclose your name. The subpoena has been issued because you have been sued in the United States District Court for the District of Massachusetts in Boston, Massachusetts, as a "John Doe" by several major record companies. You have been sued for infringing copyrights on the Internet by uploading and/or downloading music. The record companies have identified you only as a "John Doe" and have served a subpoena on your ISP to learn your identity. This notice is intended to inform you of some of your rights and options.
YOUR NAME HAS NOT YET BEEN DISCLOSED. YOUR NAME WILL BE DISCLOSED IN 14 DAYS IF YOU DO NOT CHALLENGE THE SUBPOENA.
Your name has not yet been disclosed. The record companies have given the Court enough information about your alleged infringement to obtain a subpoena to identify you, but the Court has not yet decided whether you are liable for infringement. You can challenge the subpoena in Court. You have 14 days from the date that you receive this notice to file a motion to quash or vacate the subpoena. If you file a motion to quash the subpoena, your identity will not be disclosed until the motion is resolved (and the companies cannot proceed against you until you are identified). The second page of this notice can assist you in locating an attorney, and lists other resources to help you determine how to respond to the subpoena. If you do not file a motion to quash, at the end of the 14 day period, your ISP will send the record [182] company plaintiffs your identification information.
OTHER ISSUES REGARDING THE LAWSUIT AGAINST YOU
To maintain a lawsuit against you in the District Court of Massachusetts, the record companies must establish jurisdiction over you in Massachusetts. If you do not live or work in Massachusetts, or visit the state regularly, you may be able to challenge the Massachusetts court's jurisdiction over you. If your challenge is successful, the case in Massachusetts will be dismissed, but the record companies may be able to file against you in another state where there is jurisdiction.
The record companies may be willing to discuss the possible settlement of their claims against you. The parties may be able to reach a settlement agreement without your name appearing on the public record. You may be asked to disclose your identity to the record companies if you seek to pursue settlement. If a settlement is reached, the case against you will be dismissed. It is possible that defendants who seek to settle at the beginning of a case will be offered more favorable settlement terms by the record companies. You may contact the record companies' representatives by phone at (206) 973-4145, by fax at (206) 242-0905, or by email at infosettlementsupportcenter.com.
You may also wish to find your own lawyer (see resource list below) to help you evaluate whether it is in your interest to try to reach a settlement or to defend against the lawsuit.
RESOURCE LIST
The organizations listed below provide guidance on how to find an attorney. If you live in or near Massachusetts or Boston, the second and third listings below provide referrals for local attorneys.
American Bar Association
http://www.abanet/org/legalservices/ findlegalhelp/home.htm
Massachusetts Bar Association
http://www.massbar.org
Lawyer referral service — (617) 338-0610
Boston Bar Association
http://www.bostonbar.org
Lawyer referral service — (617) 742-0625
The organizations listed below have appeared before other courts around the country in similar lawsuits as "friends of the court" to attempt to protect what they believe to be the due process and First Amendment rights of Doe defendants.
Electronic Frontier Foundation
454 Shotwell Street
San Francisco, California 94110-1914
email: RIAAcases@eff.org
Public Citizen
1600 20th Street, NW
Washington, DC 20009
phone: (202)588-7721
email: litigation@citizen.org
[1] The defendants in this case have not yet been named; the Court simply refers to them as "the defendants." Those who contest the subpoena are "the movants."
[2] Specifically, the Court requires that the plaintiffs attach a "Court-Directed Notice Regarding Issuance of Subpoena," which the ISPs distribute to the individuals in question. The Notice informs the putative defendants that they have the opportunity to move to quash the subpoena, as these defendants have done. See Appendix A (Court-Directed Notice).
[3] Document #115 is styled "Reply Memorandum of Law of Defendant`Doe,' "but the Court has no other related documents. The Court takes the filing as a pro se Motion to Quash, and for clarity's sake, refers to it as such.
[4] This is a small oversimplification. Many popular peer-to-peer networks use a "supernode" architecture. A supernode is a semicentralized computer that operates only to relay search queries and responses within the peer-to-peer network. Once the desired file is located, however, it may be transferred directly from one computer to another. See, e.g., Peter S. Menell & David Nimmer, Legal Realism in Action: Indirect Copyright Liability's Continuing Tort Framework and Sony's De Facto Demise, 55 UCLA L.Rev. 143, 183-84 (2007).
The history of peer-to-peer networks has been one of increasing decentralization, and thus, increasing anonymity. See id. at 179-85 (tracing history of peer-to-peer network technologies through lawsuits asserting contributory copyright liability). Some newer peer-topeer technologies even dispense with supernodes. See, e.g., Grokster, 545 U.S. at 922, 125 S.Ct. 2764; Matthew Helton, Secondary Liability for Copyright Infringement: BitTorrent as a Vehicle for Establishing a New Copyright Definition for Staple Articles of Commerce, 40 Colum. J.L. & Soc. Probs. 1, 20-21 (2006) (discussing new version of software that permits direct peer-to-peer connection without the need for a proxy computer).
[5] At the hearing, the defendants protested that it is impossible to determine whether a sound recording is "illegal" merely by listening to it. See Bestavros Decl. at 2-3 (document #110). True enough. Indeed, one of the key features of digital copyright infringement is that an nth-generation copy is more or less identical to a non-infringing first-generation copy, so there is no drop in sound quality over time. But listening to the files is still important. The defendants must ascertain that what is labeled as a sound recording to which they hold the copyright actually is such a recording (and not, say, a misnamed file or fair use that would not infringe the copyright.)
[6] According to the amicus brief of the Electronic Frontier Foundation, more than 20,000 individuals have been sued nationwide. Amicus Curiae Br. of the Electronic Frontier Foundation ("EFF Br.") at 5-9 (document #152).
[7] For these reasons, insofar as one of the movant Does requests severance, see Mot. Quash at 1-3 (document #115), the motion is DENIED without prejudice. The case against each Doe will be individually considered for purposes of any rulings on the merits, and the movant may renew the severance request before trial if the case proceeds to that stage.
[8] It is not clear which Does are the two movants. The Doe filing one Motion to Quash (document #115) identifies him or herself as Doe no. 21; the Doe filing the other Motion to Quash (document #103) called himself Doe no. 1. Doe no. 1 has been dismissed, however. See Notice of Dismissal (document #122) (dismissing Doe no. 1 from the civil action originally docketed with number 07-cv-10834); Notice of Dismissal (document #136) (same).
[9] The EFF's First Amendment arguments are taken on their merits, contrary to the plaintiffs' contention that no party has raised them. See Pls.' Resp. Opp. Amicus Curiae Br. at 2-3 (document #157). At least one of the motions to quash raises the same issues, albeit in less detail. See Mem. L. Supp. Mot. Quash at 7-8 (document #104).
[10] See Sony Music, 326 F.Supp.2d at 564 (finding file-sharers' activity "qualifies as speech, but only to a degree," because the "real purpose is to obtain music for free"); In re Verizon Internet Svcs., Inc., 257 F.Supp.2d 244, 260 (D.D.C.2003), rev'd on other grounds, Recording Indus. Ass'n of Am., Inc. v. Verizon Internet Svcs., Inc., 351 F.3d 1229 (D.C.Cir. 2003) (holding that file-sharers were entitled to some anonymity on First Amendment grounds, "even though the degree of protection is minimal where alleged copyright infringement is the expression at issue").
[11] Other forms of speech also receive such intermediate valuation. See Florida Bar v. Went For It, Inc., 515 U.S. 618, 623, 115 S.Ct. 2371, 132 L.Ed.2d 541 (noting that commercial speech is entitled to "a limited measure of protection, commensurate with its subordinate position in the scale of First Amendment values" (internal quotation omitted)). The Court need not, and does not, express a view as to the proper place of file-sharing in the speech hierarchy; it is enough for present purposes to determine that it has some First Amendment value.
[12] In doing so, the court subsumed the analysis a number of other leading cases, including, for example, Dendrite International, Inc. v. Doe, 342 N.J.Super. 134, 775 A.2d 756, 760, 772 (2001), a case relied upon by the EFF. See Sony Music, 326 F.Supp.2d at 563-64. Dendrite, like many other cases involving internet speech, is not directly applicable to these facts. In that case, the plaintiff asserted that the anonymous defendant had defamed it on an internet bulletin board — an act much more clearly in the wheelhouse of the First Amendment's protections. See 342 N.J.Super. at 140-41, 775 A.2d at 760. The court in that case therefore sensibly elected to apply a more stringent standard than the one appropriate here. See id., 342 N.J.Super. at 149 — 59, 775 A.2d at 765-72.
[13] A number of other courts have also found the Sony Music approach persuasive, some on substantially different facts. See Best Western Int'l, No. CV-06-1537-DGC, 2006 WL 2091695, at *3-*5 (D.Ariz. July 25, 2006) (posting to internet bulletin boards); Gen. Bd. of Global Ministries of the United Methodist Church v. Cablevision Lightpath, Inc., No. C06-3669-ETB, 2006 WL 3479332, at *4-*5 (E.D.N.Y. Nov.30, 2006) (unauthorized access to email); Elektra Entm't Group v. Does 1-9, No. 04CV2289-RWS, 2004 WL 2095581, at *2-*5 (S.D.N.Y. Sept.8, 2004) (file-sharing and copyright infringement). But see Mobilisa, Inc. v. Doe, 217 Ariz. 103, 170 P.3d 712, 720 (Ariz.App.2007) (declining to apply Sony Music standard in case involving alleged unlawful access to plaintiffs' computer server by anonymous user, and applying a more stringent standard).
[14] The parties refer to "copies." The statute makes clear that where sound recordings are at issue, "phonorecords" is a more precise term. See 17 U.S.C. § 101. The two terms appear to be functionally interchangeable, however, differing only in the nature of the copyrighted work. See H.R. Rep. 94-1476 at 53 (1976), reprinted in 1976 U.S.C.C.A.N. at 5666 (noting that under the copyright statutes, "`copies' and `phonorecords' together will comprise all of the material objects in which copyrightable works are capable of being fixed").
[15] Strictly speaking, much of the parties' briefing on this issue is directed toward the scope of the distribution right under § 106(3), not the reproduction right under § 106(1). But both refer to "copies or phonorecords," so the arguments implicate both rights, though to different degrees.
[16] The plaintiffs have also alleged a violation of their reproduction rights under § 106(1). Under that statute, a copyright owner's rights are infringed whenever an unauthorized person "reproduce[s] the copyrighted work in copies or phonorecords." The plaintiffs have alleged that the defendants downloaded music, as well as distributed it, and that they did not have authorization to do so. See Compl. at 5 (docket no. 07-cv-10834, document #1). At least subject to arguments over the definition of "phonorecords," discussed below, the plaintiffs thus appear to have alleged a legally sufficient harm under § 106(1). It is still appropriate to address briefly the distribution right under § 106(3), however; it was the focus of the parties' briefing and arguably constitutes the crux of the alleged infringement in this case. The Court's analysis may also inform later arguments, such as summary judgment or request for further data from the ISP not authorized by the current scope of the subpoena.
[17] See Mem. Supp. Mot. Quash at 4-6 (document #149); EFF Br. at 12 n. 8 (document #152). The Court need not reach this issue now.
[18] The plaintiffs also cite A & M Records, Inc. v. Napster, Inc., 239 F.3d 1004 (9th Cir.2001). In A & M v. Napster, the Ninth Circuit considered a suit against a provider of peer-to-peer services. The court stated that "Napster users who upload file names to the search index for others to copy violate plaintiffs' distribution rights." Id. at 1014. As the EFF argues, the Ninth Circuit's reasoning is not persuasive here. First, as the district court noted in that case, "it is pretty much acknowledged" that infringement had occurred. Id. (internal quotation marks omitted). Second, because the plaintiffs were suing the peer-topeer network provider rather than any particular user, they did not need to show that any particular copyright was infringed. It was enough to show that approximately 70% of the available material infringed the plaintiffs' copyrights. See id. at 1013. Finally, the court's very statement may betray a slight misunderstanding about the way the technology worked — it was not the "file names" that were copied, as the court's statement seems to imply, but the actual files themselves. Indeed, merely "upload[ing] file names" does not even constitute making the files themselves available. But see Motown Record Co., LP v. DePietro, No. 04-CV-2246, 2007 WL 576284, at *3 & n. 38 (E.D.Pa. Feb. 16, 2007) (finding A & M v. Napster persuasive on facts similar to those in the case at bar).
[19] Indeed, this case is closer to the facts of Hotaling than were the facts in the Napster litigation. In In re Napster, the court considered an "indexing" system in which central computer servers kept a record of which peerto-peer users had which files, somewhat analogous to the supernodes used by the peer-topeer system at issue here. See supra note 4. In rejecting the plaintiffs' theory, the court noted that the index was only an index-not the actual file containing the sound recording. See In re Napster, 377 F.Supp.2d at 803. In this case, the individual peer-to-peer users are alleged to have had the electronic files on their hard disks, not merely a reference. See also Perfect 10, Inc. v. Amazon.com, Inc., 508 F.3d 1146, 1162-63 (9th Cir.2007) (distinguishing Google's process of indexing images and providing thumbnails to users on similar grounds).
[20] The First Circuit's decisions in Venegas-Hernandez, 424 F.3d at 57-59, and Latin American Music Co., 499 F.3d at 46, appear to support this distinction.
[21] Before the Copyright Act was passed in 1976, "publication" determined the date on which statutory protection of the copyright began. See 17 U.S.C. § 24 (1970), repealed by Copyrights Act of 1976, ch. 3, § 302, 90 Stat. 2541. It occurred when "`the original or tangible copies of a work [were] ... made available to the general public'" Bartok v. Boosey & Hawkes, Inc., 523 F.2d 941, 945 (2d Cir.1975) (quoting Melville B. Nimmer, Nimmer on Copyright § 49 at 194-95 (1974)). It did not include the mere public performance of a work. See Ferris v. Frohman, 223 U.S. 424, 435-36, 32 S.Ct. 263, 56 L.Ed. 492 (1912).
[22] The term "material object" also distinguishes a tangible copy of a work from its performance. Compare 17 U.S.C. § 101 (defining "copies"), with id. (defining "perform"). Clearly, different copyrights are implicated by the ownership of a phonorecord and by a public performance of the sound recording physically embodied in that phonorecord. Compare 17 U.S.C. § 106(1), with id. § 106(3), and with id. §§ 106(4), 106(6). While this seems an elementary distinction, it is important to the scope of the distribution right, discussed more extensively below.
[23] This point of view is supported by Congress' abrogation of one judicial doctrine concerning the nature of a "copy." In White-Smith Music Publishing Co. v. Apollo Co., 209 U.S. 1, 28 S.Ct. 319, 52 L.Ed. 655 (1908), the Supreme Court rejected the argument that the copyright for a piece of music applied to the perforated sheets used to instruct a player piano, holding that it was limited to sheet music from which a person could read and reproduce the music. Because the perforated sheets were not intelligible to a person, the Court held, they were not "copies." Id. at 17, 28 S.Ct. 319. Congress rightly rejected this "artificial and largely unjustifiable distinction[]," House Report at 52, reprinted in 1976 U.S.C.C.A.N. at 5665, by expanding the definition of "fixed" to include methods that required machines. Concurrently, Congress sought to broaden the definition of the medium in which copyrighted material could be fixed. See id. at 52-53, reprinted in 1976 U.S.C.C.A.N. at 5665-66. A "material object" is thus largely, if not entirely, a vehicle for the fixation requirement.
[24] Suppose someone has a copy of a copyrighted poem on a single sheet of paper. He announces, "I'm going to be at the copy machine with the poem pressing the`Copy' button, but I'm not going to touch the new copies that come out in the tray." If another person takes one of the new copies, no hand-to-hand transfer of a tangible object has occurred, and the person who presses the copy button has not been divested of ownership in his original.
[25] The House Report does not specifically address the distribution right as a protection of the copyright owner's right to control the market, but it is an inescapable inference from the nature of the right. See, e.g., Harper & Row, 471 U.S. at 558, 105 S.Ct. 2218 ("By establishing a marketable right to the use of one's expression, copyright supplies the economic incentive to create and disseminate ideas."); cf. House Report at 62-63, reprinted in 1976 U.S.C.C.A.N. at 5676 (noting that too broad an exception to performance rights for non-profit users could allow free displays and performances to "supplant markets for printed copies"); id. at 80, reprinted in 1976 U.S.C.C.A.N. at 5694 (expressing concern that illegitimate fair use could affect the copyright owner's market for distribution of copies). The Court does not express a view as to the extent to which peer-to-peer file sharing actually does cause economic damage to copyright owners.
[26] It is perhaps in recognition of this fact of internet-era life — and in recognition of the fact that copyrighted material can be "distributed" electronically — that Congress has made available compulsory licenses "to distribute [phonorecords] to the public for private use, including by means of a digital phonorecord delivery." 17 U.S.C. § 115.
[27] The reading is not a stretch. The dictionary definition of "to distribute" includes, inter alia, "to disperse through a space ...; spread; scatter[;] to promote, sell, and ship or deliver ... to individual customers ... [;] to pass out or deliver ... to intended recipients." Random House Unabridged Dictionary 572 (2d ed.1993). An electronic file transfer fits comfortably within each.
[28] It is irrelevant that such an action may also infringe the reproduction right secured to the copyright holder under 17 U.S.C. § 106(1). A single action can infringe more than one right held under § 106.
[29] The EFF's reliance on Age v. Paramount Communications, 59 F.3d 317, 325 (2d Cir. 1995), is misplaced. The plaintiff in Agee claimed the violation of several different rights after Paramount used his music as a soundtrack to a video without authorization; most relevantly, the plaintiff claimed violation of the distribution right protected by § 106(3). The video traveled from Paramount to local affiliate television stations, and from there to the public. The court concluded that the broadcast, as it traveled from the affiliate stations to the public, was a public performance, not the distribution of a copy. The affiliates were only the intermediaries through which Paramount's right to perform was exercised. See Agee, 59 F.3d at 325; see also 17 U.S.C. § 112(e)(1) (permitting retention of "ephemeral recordings" for retransmission). A key fact was that the transmission was designed to be transitory. Electronic files, such as those transferred here, are not.
The Court recognizes that electronic copies can be of varying permanence, see MAI Sys. Corp. v. Peak Computer, Inc., 991 F.2d 511, 518-19 (9th Cir. 1993) (discussing whether loading copyrighted software into temporary random access memory constitutes a "copy" under the Copyright Act), and it is not clear that all of them should be treated equally under the copyright statutes. But this is a clear case, at one end of the spectrum. The files at issue here were downloaded precisely to be copies, indefinitely replayable and transferable. The Court has no need to consider modes of electronic transmission beyond transfers over peer-to-peer networks.
[30] Counsel for one movant also represents that none of the movant's music files were unlicensed. See Suppl. Mem. Supp. Mot. Quash at 9-10 (document #149). While that may be the case, it is not clear why it is relevant to allegations of unlicensed distribution under 17 U.S.C. § 106(3). And insofar as it is relevant to allegations of unlicensed copying under 17 U.S.C. § 106(1), it is a matter better left for after discovery, when counsel's representation can be supported by evidence.
The same movant further contends that the Linares affidavit, which forms the basis of some of the plaintiffs' prima facie case, should be stricken. The movant claims that MediaSentry, the private investigator who downloaded the files from the Does and recorded their IP addresses, see Linares Decl. at 4-6, Ex. A to PL Mot. Leave to Take Immediate Discovery (docket no. 07-cv 10834, document #5), does not have the license to undertake private investigations required by Massachusetts General Laws ch. 147, §§ 23-25. The Court has no evidence properly before it as to whether or not MediaSentry has a license, how MediaSentry gathers its information, or whether that information is publicly available. It therefore declines to reach the issue on this record; the movant may refile a motion to strike.
[31] From the Linares Declaration, it is easily inferred how this information is gained. MediaSentry, on finding an alleged infringer, requests through the peer-to-peer software a list of all the files available to be shared on the sending computer. It then culls through the resulting list of files to isolate (and count) the plaintiffs' copyrighted sound recordings. See Linares Decl. at 5-6, Ex. A to PI. Mot. Leave to Take Immediate Discovery (docket no. 07-cv-10834, document #5).
[32] This general inference of infringement is not inconsistent with the "concrete" criterion discussed below. It bears re-emphasis that this is a preliminary stage of the litigation; the plaintiffs need only show that some infringement was likely and that they have specifically identified at least some of the copyrighted material at issue. This protects the defendants from a fishing expedition in which plaintiffs only wish to investigate specific behavior — for example, the large use of bandwidth by a single user continuously over a long period of time or the mere use of a peerto-peer network.
[33] At least, absent MediaSentry's downloads — again, the Court does not decide whether those downloads can constitute direct evidence of actual infringements.
[34] The Media Access Control ("MAC") number is a unique identifier embedded in most network adaptors — the physical piece of hardware that permits a user to connect to a network, and thus to the internet. The MAC address is used by the ISP in routing information through the network and is specific to the user's computer; it is therefore uniquely relevant in allowing a fact-finder to determine whether the defendant was, in fact, infringing the plaintiff's copyright. Although sophisticated users can use software to make MAC addresses appear otherwise than they actually are — a process called "spoofing" — the addresses are still highly probative evidence in this litigation. See, e.g., Daniel Kamitaki, Note, Beyond E-Mail: Threats to Network Security and Privileged Information for the Modem Law Firm, 15 S. Cal. Interdisc. L.J. 307, 312 & nn. 30-34 (2006) (discussing MAC addresses generally); United States v. Carter, No. 07-CR-00184-RLH, 2008 WL 623600, at *12 (D.Nev. Mar.6, 2008) (noting possibility of spoofing).
[35] Insofar as the defendants wish to assert a more substantial First Amendment value — fair use, for example — that is a matter better left for later in the litigation.
[36] The Court may take judicial notice of related proceedings. See, e.g., Anderson v. Rochester-Genesee Reg'l Transp. Auth., 337 F.3d 201, 205 n. 4 (2d Cir.2003).
[37] That is, a precise copy of the hard drive, exactly as it is in the defendant's computer. This allows the plaintiffs not only to see what is obviously present on the user's computer, but also deleted or concealed files. "`Deleting a file does not actually erase that data from the computer's storage devices. Rather, it simply finds the data's entry in the disk directory and changes it to a`not used' status — thus permitting the computer to write over the`deleted' data. Until the computer writes over the`deleted' data, however, it may be recovered by searching the disk itself rather than the disk's directory. Accordingly, many files are recoverable long after they have been deleted' — even if neither the computer user nor the computer itself is aware of their existence." Shira A. Scheindlin & Jeffrey Rabkin, Electronic Discovery in Federal Civil Litigation: Is Rule 34 Up to the Task?, 41 B.C. L.Rev. 327, 337 (2000) (footnotes omitted).
[38] Of course, even an infringer's non-infringing information is entitled to some protection. But the situation is more serious where the defendant asked to permit an image of her computer may not be an infringer at all.
5.8 Privacy Statutes 5.8 Privacy Statutes
5.8.1 Right to Financial Privacy Act of 1978: 12 U.S. Code § 3402 - Access to financial records by Government authorities prohibited; exceptions 5.8.1 Right to Financial Privacy Act of 1978: 12 U.S. Code § 3402 - Access to financial records by Government authorities prohibited; exceptions
5.8.2 Right to Financial Privacy Act of 1978: 12 U.S. Code § 3403 - Confidentiality of financial records 5.8.2 Right to Financial Privacy Act of 1978: 12 U.S. Code § 3403 - Confidentiality of financial records
5.8.3 Right to Financial Privacy Act of 1978: 12 U.S. Code § 3412 - Use of information 5.8.3 Right to Financial Privacy Act of 1978: 12 U.S. Code § 3412 - Use of information
(a)
Transfer of financial records to other agencies or departments; certification
(b)
Mailing of copy of certification and notice to customer
(c)
Court-ordered delays in mailing
(d)
Exchanges of examination reports by supervisory agencies; transfer of financial records to defend customer action; withholding of information
(e)
Exchange of records, reports, or other information
(f)
Transfer to Attorney General or Secretary of the Treasury
(1)
In general
(A)
there is reason to believe that the records may be relevant to a violation of Federal criminal law; and
(B)
the records were obtained in the exercise of the agency’s or department’s supervisory or regulatory functions.
(2)
Limitation on use
[1] See References in Text note below.
[2] So in original. Probably should be “section”.
5.8.4 Right to Financial Privacy Act of 1978: 12 U.S. Code § 3417 - Civil penalties 5.8.4 Right to Financial Privacy Act of 1978: 12 U.S. Code § 3417 - Civil penalties
5.8.5 Fair Credit Reporting Act: 15 U.S. Code § 1681b - Permissible purposes of consumer reports 5.8.5 Fair Credit Reporting Act: 15 U.S. Code § 1681b - Permissible purposes of consumer reports
[1] See References in Text note below.
[2] So in original. No subpar. (B) has been enacted.
5.8.6 Fair Credit Reporting Act: 15 U.S. Code § 1681m - Requirements on users of consumer reports 5.8.6 Fair Credit Reporting Act: 15 U.S. Code § 1681m - Requirements on users of consumer reports
5.8.7 Gramm-Leach-Bliley Act of 1999: 15 U.S.C. §§ 6801 - Protection of nonpublic personal information 5.8.7 Gramm-Leach-Bliley Act of 1999: 15 U.S.C. §§ 6801 - Protection of nonpublic personal information
5.8.8 Gramm-Leach-Bliley Act of 1999: 15 U.S.C. § 6802 - Obligations with respect to disclosures of personal information 5.8.8 Gramm-Leach-Bliley Act of 1999: 15 U.S.C. § 6802 - Obligations with respect to disclosures of personal information
[1] So in original. Probably should be followed by a comma.
5.8.9 Painting the Landscape – An Introduction 5.8.9 Painting the Landscape – An Introduction
International law, scholarship and practice in international law mainly evolved in Universities and in Government. Most of the work done related to professors and practionners, diplomats and government lawyers, Judges were instrumental and lawyers arguing cases, albeit to a lesser degree with a number of exceptions active on the international stage. A few institutions emerged the work of which is mainly or exclusively dedicated to international law teaching and studies beyond chairs at Universities. Again, Geneva assumes a leading role, given the neighbourhood of these institutions to the headquarters of the League of Nations and today one of the European headquarters of the United Nations, hosting inter alia the International Law Commission and the Human Rights Council, as well as the headquarters of the International Red Cross. The Graduate Institute of International and Development Studies excels as a centre of international law studies, with a permanent international faculty and attracting students from all over the World. Equally, Geneva hosts the World Economic Forum. While mainly focusing on business and international relations, the studies undertaken are of importance to the development of international law, as much as the themes annually discussed at the Davos World Economic Forum. In German speaking Switzerland, institutions dealing mainly with public international law are essentially limited to the World Trade Institute, an interdisciplinary centre at the University of Bern, focussing on international trade regulation with a particular emphasis on the law of the World Trade Organization. The Centre for Human Rights a the University of Zurich particularly focuses on the role of the private sector in the process of implementing and realizing human rights in international economic relations. Both in Zurich and St. Gallen, master programmes exist which combine international law and economic law with a view to train lawyers and practionners in the field.
International Law, Editor Thomas Cottier, Isabel Kölliker and Jack Williams.
5.8.10 Electronic Communications Privacy Act of 1986: 18 U.S. Code § 2707 - Civil action 5.8.10 Electronic Communications Privacy Act of 1986: 18 U.S. Code § 2707 - Civil action
5.8.11 Telecommunications Act of 1996: 47 U.S.C. § 222 5.8.11 Telecommunications Act of 1996: 47 U.S.C. § 222
5.8.12 Painting the Landscape – An Introduction 5.8.12 Painting the Landscape – An Introduction
International law, scholarship and practice in international law mainly evolved in Universities and in Government. Most of the work done related to professors and practionners, diplomats and government lawyers, Judges were instrumental and lawyers arguing cases, albeit to a lesser degree with a number of exceptions active on the international stage. A few institutions emerged the work of which is mainly or exclusively dedicated to international law teaching and studies beyond chairs at Universities. Again, Geneva assumes a leading role, given the neighbourhood of these institutions to the headquarters of the League of Nations and today one of the European headquarters of the United Nations, hosting inter alia the International Law Commission and the Human Rights Council, as well as the headquarters of the International Red Cross. The Graduate Institute of International and Development Studies excels as a centre of international law studies, with a permanent international faculty and attracting students from all over the World. Equally, Geneva hosts the World Economic Forum. While mainly focusing on business and international relations, the studies undertaken are of importance to the development of international law, as much as the themes annually discussed at the Davos World Economic Forum. In German speaking Switzerland, institutions dealing mainly with public international law are essentially limited to the World Trade Institute, an interdisciplinary centre at the University of Bern, focussing on international trade regulation with a particular emphasis on the law of the World Trade Organization. The Centre for Human Rights a the University of Zurich particularly focuses on the role of the private sector in the process of implementing and realizing human rights in international economic relations. Both in Zurich and St. Gallen, master programmes exist which combine international law and economic law with a view to train lawyers and practionners in the field.
International Law, Editor Thomas Cottier, Isabel Kölliker and Jack Williams.
5.8.13 General Education Provisions Act: 20 U.S. Code § 1232h - Protection of pupil rights 5.8.13 General Education Provisions Act: 20 U.S. Code § 1232h - Protection of pupil rights
5.8.14 Family Education Rights and Privacy Act of 1974: 20 U.S.C. § 1232g 5.8.14 Family Education Rights and Privacy Act of 1974: 20 U.S.C. § 1232g
5.8.15 Driver’s Privacy Protection Act of 1974: 18 U.S.C. § 2721-25 5.8.15 Driver’s Privacy Protection Act of 1974: 18 U.S.C. § 2721-25
5.8.16 2.47 U.S. and Allied Efforts to Recover and Restore Gold and Other Assets Stolen or Hidden by Germany During World War II (Stuart E. Eizenstat) 5.8.16 2.47 U.S. and Allied Efforts to Recover and Restore Gold and Other Assets Stolen or Hidden by Germany During World War II (Stuart E. Eizenstat)
a) Background
The process of Americanization of Swiss law and legal culture after World War II was marked by other conflicts, which go way beyond the series of post war conflicts of jurisdictions like the case study of the UBS-case (see texts 2.50 – 2.53)) In the nineties, fifty years after the end of the war, the United States spearheaded a general international analysis of still unsolved issues in connection with the atrocity of the Holocaust. The United States were devising a complex international action plan to attempt to redress those calamities. This brought Switzerland’s behaviour during and after World War II and the behaviour of some enterprises such as banks and insurance companies to the center of world public attention.
The issues confronted Switzerland and Swiss enterprises with the dark sides of their alleged and actual behaviour, beyond issues of strict legality and involvement, from long before until after World War II. The sudden upsurge of the Holocaust issues in the nineties caught Switzerland and Swiss enterprises off guard and forced them to participate in the international attempt to search for solutions that were politically, legally and morally acceptable to the world community. This issue faced Switzerland with strong convictions ingrained in American law and lawyers in government which at the outset led to a cultural and legal clash and disconnection. Switzerland and Swiss enterprises had difficulties in dealing with the issue, which only partly and certainly not primarily were marked by issues of law. The United States unexpectedly and forcefully used a mix of historic, political, media and legal instruments as instruments of foreign policy. Switzerland and Swiss enterprises at the outset of the conflict were victims of their legalistic posture, and their inabilities to face the thrust of the overriding moral dimensions (See the assessment in retrospect by historian Thomas Maissen 2.49).
The US effort was personalised and spearheaded by Stuart E. Eizenstat, a powerful and experienced representative of the US government. Eizenstat is a lawyer and a member of the Jewish community who is very experienced in global and particularly European matters. During a decade and a half of public service in three US administrations, Ambassador Eizenstat has held a number of key senior positions, including chief White House domestic policy adviser to President Jimmy Carter (1977-1981); U.S. Ambassador to the European Union, Under Secretary of Commerce for International Trade, Under Secretary of State for Economic, Business and Agricultural Affairs, and Deputy Secretary of the Treasury in the Clinton Administration (1993-2001). During the Clinton Administration, he had a prominent role in the development of key international initiatives, including the negotiations of the Transatlantic Agenda with the European Union (establishing what remains of the framework for the US relationship with the EU); the development of the Transatlantic Business Dialogue (TABD) among European and US CEOs; the negotiation of agreements with the European Union regarding the Helms-Burton Act and the Iran-Libya Sanctions Act; the negotiation of the Japan Port Agreement with the Japanese government; and the negotiation of the Kyoto Protocol on global warming, where he led the US delegation.
Much of the interest in providing belated justice for victims of the Holocaust and other victims of Nazi tyranny during World War II was the result of Stuart Eizenstat’s leadership of the Clinton Administration as Special Representative of the President and Secretary of State on Holocaust-Era Issues. He successfully negotiated major agreements with among others the Swiss, Germans, Austrians and French, covering restitution of property, payment for slave and forced labourers, recovery of looted art, bank accounts, and payment of insurance policies.
For this anthology dealing with the Americanization of Swiss law and legal culture we consciously chose the text of ambassador Eizenstat’s – revered and feared – personal Foreword to the extensive preliminary studies with the title “U.S. and Allied Efforts to Recover and Restore Gold and Other Assets Stolen or Hidden by Germany During World War II”, Prepared by William Z. Slany, The Historian State. This effort was coordinated by Stuart E. Eizenstat in his function as special Representative of the President and the Secretary of State. The report henceforward was called Eizenstat I report.
The text at hand is an official document by the United States with far reaching effects on the conduct of the handling of the contents of the issue. It has been said that the foreword in part is not in conformity with some parts of the report and selectively singles out Switzerland as the main target and topic to be taken on in redressing the calamities of World War II. It is the opening move in a transatlantic quest of high intensity and high determination with the US government leading the late attempt to solve this unfinished business of World War II.
b) Summary
The foreword is a nine pages personal summary and appreciation of Stuart EIzenstat of the report, specific weight being given to certain findings and to specific political intentions of the US government. For the readers and users attention: The overall report, which has 204 pages, consists of a series of documents, the table of contents of which reads as follows: I. Wartime Efforts To Halt Commerce With Germany and Prevent the Flight Abroad of German Assets, II. The Safehaven Program, III. Potsdam Heads of Government Meeting and the Paris Reparations Conference, IV. The Allied-Swiss Negotiations at Washington, March- May 1946 , V. Five-Power Conference on Reparation for Non-Repatriable Victims of Germany, June 1946 , VI. Implementation of the May 1946 Allied-Swiss Accord , VII. Allied Negotiations With the Other Neutral Countries , VIII. U.S. Army Involvement With the Acquisition, Accountability, and Security of German Monetary Gold and Related Assets Following World War II , IX. Disposal by the United States of Captured Gold Looted by Germany From Individual Victims of Nazi Persecution and From European Central Banks , X. The Tripartite Commission for the Restitution of Monetary Gold , XI. Bank for International Settlements , XII. Disposition of Heirless Assets, 1946- 1963
The Forword of Stuart Eizenstat contains a part Introduction, a part Major Conclusions and Policy Implications and a part Challenges For Action.
For the purpose of this summary of a summary we chose a series of citations showing among others the possible strategy and the tactics of the author – vis a vis – the Swiss government and Swiss enterprises.
“This report addresses a vital but relatively neglected dimension of the history of the Second World War and its aftermath, one that became the focus of intense political, diplomatic and media attention over the last year. It is a study of the past with implications for the future.” …
“It is in the context of this mandate that the report catalogues the role of neutral countries, whose acceptance of the stolen gold in exchange for critically important goods and raw materials helped sustain the Nazi regime and prolong its war effort. This role continued, despite several warnings by the Allies, even long past the time when these countries had any legitimate reason to fear German invasion.” …
“Among the neutral countries, Switzerland receives the most attention in the report. We have no desire to single out a country that is a robust democracy, a generous contributor to humanitarian efforts, and a valued partner of the United States today. But Switzerland figures prominently in any history of the fate of Nazi gold and other assets during and after World War II because the Swiss were the principal bankers and financial brokers for the Nazis, handling vast sums of gold and hard currency.”…
“The picture which emerges from these pages, particularly of the neutral nations, is often harsh and unflattering. Many profited handsomely from their economic cooperation with Nazi Germany, while the Allied nations were sacrificing blood and treasure to fight one of the most powerful forces of evil in the annals of history. At the same time, our team knew that if we were going to shine the bright light of history on other nations, we also had to look carefully at America’s role, and the study does so.” …
“Many of the neutrals had a rational fear that their own independence was only a Panzer division away from extinction. But if self-defense and fear were factors in that rationale for neutrality, so too were profit in all neutral countries and outright Nazi sympathy in some. The neutrals ignored repeated Allied entreaties to end their dealings with Nazi Germany. Whatever their motivation, the fact that they pursued vigorous trade with the Third Reich had the clear effect of supporting and prolonging Nazi Germany’s capacity to wage war.” …
“As late as the end of 1944, Secretary of State Stettinius and his State Department colleagues concluded that, on balance, Switzerland’s neutrality had been more a positive than a negative for the Allies during the War. This relatively benign judgment was not shared by other agencies, from the War Department and Treasury Department to the Office of Strategic Services (OSS) and the Justice Department.” …
“Switzerland’s “business as usual” attitude persisted in the post-war negotiations, and it is this period which is most inexplicable. The Swiss team were obdurate negotiators, using legalistic positions to defend their every interest, regardless of the moral issues also at stake. Initially, for instance, they opposed returning any Nazi gold to those from whom it was stolen, and they denied having received any looted gold. The Swiss contended they had purchased it in good faith, that it was part of war booty obtained in accordance with international legal principles by the Third Reich during its victorious campaigns, and that there was no international legal principle which would entitle the Allies to recover and redistribute Nazi assets. Finally, after long, contentious and difficult bargaining, agreement was reached in the form of the 1946 Allied-Swiss Washington Accord.” …
“But the other part of the Accord, the liquidation of hundreds of millions of dollars in German assets, was neither promptly nor ever fully implemented. The Swiss raised one objection after another, arguing over exchange rates, insisting that German debt settlements be included, and demanding that the U.S. unblock assets from German companies seized during the War but which the Bern government claimed were actually Swiss-owned.” …
“Over a six-year period, before the final 1952 settlement, the Swiss government had made only a token 20 million Swiss franc advance ($4.7 million then or $31 million today) for resettlement of stateless victims. Finally, in 1952, after a lengthy and frustrating effort, Switzerland and the Allies agreed to a total payment of only $28 millionOver a six-year period, before the final 1952 settlement, the Swiss government had made only a token 20 million Swiss franc advance ($4.7 million then or $31 million today) for resettlement of stateless victims. Finally, in 1952, after a lengthy and frusttes of around $250 million. …
“It was not until 1962 that Switzerland began to comply with its 1946 side letter agreement to the Washington Accord “to look sympathetically” at using heirless assets for the benefit of Holocaust survivors. After long denying the possession of any heirless assets, some Swiss banks then found over $2 million in bank accounts, most of which was not transferred to Jewish and other relief organizations until the 1970s. In a renewed effort in 1996, they indicated they had located around $32 million in dormant accounts in various banks. Over the years, the inflexibility of the Swiss Bankers’ Association and other Swiss banks made it extremely difficult for surviving family members of Nazi victims to successfully file claims to secure bank records and other assets. This overall pattern of apparent Swiss bankers’ indifference to the needs of the victims of the Holocaust and their heirs persisted until the current international pressures came to bear and, for instance, the appointment of an Ombudsman in 1996.” …
“Fifth, the report also deals with the hotly debated issue of whether some victim gold was sent to Switzerland and other neutral countries, and whether it was also included in the TGC Gold Pool. This was the Pool into which looted central bank gold was placed for redistribution by the TGC to the governments from which it was stolen during the War. This study concludes that both occurred. The Reichsbank or its agents smelted gold taken from concentration camp internees, persecutees and other civilians, and turned it into ingots. There is clear evidence that these ingots were incorporated into Germany’s official gold reserves, along with the gold confiscated from central banks of the countries the Third Reich occupied. Although there is no evidence that Switzerland or other neutral countries knowingly accepted victim gold, the study provides clear evidenceccepted victim gold, the study provides clear evidencepersecutees and other civilians, and turned it into ingots.
And finally on a positive note:
“Among the neutral countries, Switzerland has taken the lead. It has established two separate commissions. Among the neutral countries, Switzerland has taken the lead. It has established two separate commissions establishing an endowment to generate income for survivors and for other humanitarian causes. Private groups, including churches and high school students, have collected over 500,000 Swiss francs (about $350,000) for Holocaust survivors. The United States welcomes and applauds these significant gestures.”
This Forword was considered by some as a wakeup call and by others as a battle cry facing Switzerland and Swiss enterprises with an unexpected and forceful mix of historic, political media and legal instruments of foreign policy deployed by the United States.
This led to a bitter confrontation of Switzerland with American law and legal culture.
c) Text
You can find a scan (PDF) of the original text here:
A_2.47_EIZENSTAT_US and Allied Efforts