Elvey v. TD Ameritrade, Inc.

Filing 31

Reply Memorandum re 11 MOTION for Preliminary Injunction and for Class Certification filed byMatthew Elvey, Gadgetwiz.com, Inc.. (Attachments: # 1 Declaration of Ethan Preston)(Himmelfarb, Alan) (Filed on 9/4/2007)

Download PDF

Elvey v. TD Ameritrade, Inc. Doc. 31 Case 3:07-cv-02852-MJJ Document 31 Filed 09/04/2007 Page 1 of 21 1 Alan Himmelfarb LAW OFFICES OF ALAN HIMMELFARB 2 2757 Leonis Blvd Los Angeles, CA 90058 3 Telephone: (323) 585-8696 Fax: (323) 585-8198 4 consumerlaw1@earthlink.net 5 Scott A. Kamber Ethan Preston 6 KAMBER & ASSOCIATES, LLC 11 Broadway, 22d Floor 7 New York, NY 10004 Telephone: (212) 920-3072 8 Fax: (212) 202-6364 skamber@kolaw.com 9 epreston@kolaw.com 10 11 12 13 Counsel for Plaintiffs IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF CALIFORNIA SAN FRANCISCO DIVISION No. C 07 2852 MJJ Judge Martin J. Jenkins PLAINTIFFS' REPLY TO DEFENDANT'S OPPOSITION TO THE MOTION FOR PRELIMINARY INJUNCTION Date: September 18, 2007 Time: 9:30 a.m. Location: Courtroom 11, 19th Floor 450 Golden Gate Ave. San Francisco, CA 94102 MATTHEW ELVEY, an individual, and 14 GADGETWIZ, INC., an Arizona corporation, on their own behalf and on behalf of all 15 others similarly situated, 16 17 v. Plaintiffs 18 TD AMERITRADE, INC., a New York corporation, and DOES 1 to 100, 19 Defendants. 20 21 22 23 24 25 26 27 28 Plaintiffs' Reply to Defendant's Opposition to the Motion for Preliminary Injunction No. C 07 2852 MJJ Dockets.Justia.com Case 3:07-cv-02852-MJJ Document 31 Filed 09/04/2007 Page 2 of 21 1 2 3 I. 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 I II . I I. Table of Contents Page Ameritrade Fails to Present Viable Objection to the Proposed Prohibitory Relief ..............................................................................................................................1 Plaintiffs Are Entitled to Injunction for Corrective Disclosure and an Accounting.....................................................................................................................3 A. Ameritrade Fails to Rebut the Reasonable Inference That a Security Breach Exposed Accountholders' Social Security Numbers ............................................3 Disclosure of Email Addresses to Spammers Alone Creates Risk of Irreparable Harm Sufficient to Justify Injunction ..................................................................5 The Basis of Plaintiffs' Claims Is Ameritrade's Failure to Disclose the Security Breach, Not the Security Breach Itself ................................................................6 Plaintiffs Are Entitled to the Proposed Corrective Notice ...................................7 Plaintiffs Are Entitled an Accounting ..................................................................9 B. C. D. E. Plaintiffs Are Entitled to Injunction Warning Against the Purchase of SpamTouted Stock................................................................................................................11 Ameritrade Makes Ad Hominen Attacks on Elvey to Distract Attention From Its Own Misconduct .........................................................................................................13 The Court Should Not Hesitate to Grant Class Certification, If It Is Required ....15 IV. V. 2 1 Co nc l us i o n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 5 22 23 24 25 26 27 28 Plaintiffs' Reply to Defendant's Opposition to the Motion for Preliminary Injunction ii No. C 07 2852 MJJ Case 3:07-cv-02852-MJJ Document 31 Filed 09/04/2007 Page 3 of 21 1 2 Federal Cases Table of Authorities Page 3 Alsup v. Montgomery Ward & Co., 57 F.R.D. 89 (N.D. Cal. 1972) ..................................2 & n.2 4 Blackie v. Barrack, 524 F.2d 891 (9th Cir. 1975) .....................................................................15 5 California v. ARC Am. Corp., 490 U.S. 93 (1989) ...................................................................12 6 Cobell v. Kempthorne, 455 F.3d 301 (D.C. Cir. 2006) .....................................................4 & n.5 7 County of Los Angeles v. Davis, 440 U.S. 625 (1979) ...............................................................2 8 Credit Suisse First Boston Corp. v. Grunwald, 400 F.3d 1119 (9th Cir. 2005) ..................13 n.9 9 Crosby v. Nat'l Foreign Trade Council, 530 U.S. 363 (2000) .............................................11-12 10 CTS Corp. v. Dynamics Corp. of Am., 481 U.S. 69 (1987) ......................................................12 11 De Beers Consol. Mines, Ltd. v. United States, 325 U.S. 212 (1945) .....................................7-8 12 Dimick v. Schiedt, 293 U.S. 474 (1935) ...............................................................................9 n.8 13 Fair Hous. of Marin v. Combs, 285 F.3d 899 (9th Cir. 2002)...................................................15 14 FTC v. Affordable Media, LLC, 179 F.3d 1228 (9th Cir. 1999)..................................................2 15 Geier v. Am. Honda Motor Co., 529 U.S. 861 (2000) ........................................................13 n.9 16 Jaffee v. Redmond, 518 U.S. 1 (1996) ..................................................................................9 n.8 17 Kaiser Aetna v. United States, 444 U.S. 164 (1979) ................................................................11 18 Key v. DSW, Inc., 454 F. Supp. 2d 684 (S.D. Ohio 2006).....................................................4 n.5 19 Matsushita Elec. Indus. Co. v. Epstein, 516 U.S. 367 (1996) ..................................................12 20 In re Niles, 106 F.3d 1456 (9th Cir. 1997) ......................................................................9-10, 11 21 OpenTV v. Liberate Techs., 219 F.R.D. 474 (N.D. Cal. 2003)..................................................10 22 Oxygenated Fuels Ass'n v. Davis, 331 F.3d 665 (9th Cir. 2003) ..............................................12 23 Pepsico, Inc. v. Cal. Sec. Cans, 238 F. Supp. 2d 1172 (C.D. Cal. 2002) ....................................2 24 Polo Fashions, Inc. v. Dick Bruhn, Inc., 793 F.2d 1132 (9th Cir. 1986)..................................2-3 25 Randolph v. ING Life Ins. & Annuity Co., 486 F. Supp. 2d 1 (D.D.C. 2007) .......................4 n.5 26 In re Sulfuric Acid Antitrust Litig., 230 F.R.D. 527 (N.D. Ill. 2005)........................................10 27 United States v. Gourde, 440 F.3d 1065 (9th Cir. 2006)...................................................3, 4, 11 28 Walters v. Reno, 145 F.3d 1032 (9th Cir. 1998) ......................................................................5-6 Plaintiffs' Reply to Defendant's Opposition to the Motion for Preliminary Injunction iii No. C 07 2852 MJJ Case 3:07-cv-02852-MJJ Document 31 Filed 09/04/2007 Page 4 of 21 1 2 Federal Rules Table of Authorities Page 3 Fed. R. Civ. P. 26 .....................................................................................................................10 4 Fed. R. Civ. P. 30 .....................................................................................................................10 5 Fed. R. Civ. P. 33 .....................................................................................................................10 6 California Cases Page 7 Colgan v. Leatherman Tool Group, Inc., 135 Cal. App. 4th 663, 38 Cal. Rptr. 3d 36 (Cal. Ct. App. 2006)......................................................................................................................7 8 Consumer Advocates v. Echostar Satellite Corp., 113 Cal. App. 4th 1351, 8 Cal. Rptr. 3d 22 9 (Cal. Ct. App. 2003)........................................................................................................2 10 Cortez v. Purolator Air Filtration Prods. Co., 23 Cal. 4th 163, 999 P.2d 706 (2000) ................2 11 Kasky v. Nike, Inc., 27 Cal. 4th 939, 45 P.3d 243 (2002) ...........................................................7 12 McAdams v. Monier, Inc., 151 Cal. App. 4th 667, 60 Cal. Rptr. 3d 111 (Cal. Ct. App. 2007)................................14 13 Mfrs. Life Ins. Co. v. Superior Court, 10 Cal. 4th 257, 895 P.2d 56 (1995) ...............................9 14 California Statutes Page 15 Cal. Civ. Code � 1785.11.2 (2007).............................................................................................8 16 Cal. Civ. Code � 1798.82 (2007) ............................................................................................8-9 17 Cal. Civ. Code � 1798.84 (2007) ...............................................................................................9 18 Miscellaneous Page 19 Alessandro Acquisti et al., Is There A Cost to Privacy Breaches? An Event Study, 5 Econ. 20 Info. Security (2006), at http://weis2006.econinfosec.org/docs/40.pdf ....................6 n.7 21 H.R. Rep. No. 109-522 (2006).............................................................................................3 n.3 22 Ethan Preston & Paul Turner, The Global Rise of a Duty to Disclose Information Security Breaches, 22 J. Marshall J. Computer & Info. L. 457 (2004) .........................................6 23 Stuart E. Schechter & Michael D. Smith, How Much Security is Enough to Stop a Thief? The 24 Economics of Outsider Theft via Computer Systems and Networks, 7 Int'l Fin. Cryptography Conf. (2003), at 25 http://www.eecs.harvard.edu/~stuart/papers/fc03.pdf ............................................7-6 n.7 26 S. Rep. No. 108-102 (2003) .....................................................................................................14 27 U.S. Dep't of Justice, Six Defendants Plead Guilty in Internet Identity Theft and Credit Card Fraud Conspiracy, at 28 http://www.cybercrime.gov/mantovaniPlea.htm (Nov. 17, 2005) .............................3 n.3 Plaintiffs' Reply to Defendant's Opposition to the Motion for Preliminary Injunction iv No. C 07 2852 MJJ Case 3:07-cv-02852-MJJ Document 31 Filed 09/04/2007 Page 5 of 21 1 2 Miscellaneous Table of Authorities Page 3 U.S. Equal Employment Opportunity Commission, EEOC NOTICE No. 915.002, at http://www.eeoc.gov/policy/docs/testers.html (May 22, 1996).....................................15 4 U.S. General Accounting Office, Personal Information: Data Breaches Are Frequent, but 5 Evidence of Resulting Identity Theft Is Limited; However, the Full Extent Is Unknown (GAO-07-737 2007)..............................................................................................5 & n.6 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Plaintiffs' Reply to Defendant's Opposition to the Motion for Preliminary Injunction v No. C 07 2852 MJJ Case 3:07-cv-02852-MJJ Document 31 Filed 09/04/2007 Page 6 of 21 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 PLAINTIFFS' REPLY TO TD AMERITRADE'S OPPOSITION TO THE MOTION FOR PRELIMINARY INJUNCTION Plaintiffs Matthew Elvey ("Elvey") and Gadgetwiz, Inc. ("Gadgetwiz"), respectfully file this Reply to TD AMERTRADE, Inc.'s ("Ameritrade") Opposition to the Motion for Preliminary Injunction. Ameritrade's Opposition does not advance any argument that undermines the urgency of the relief Plaintiffs seek or their right to that relief. Ameritrade rehashes its arguments from its Motion to Dismiss the Plaintiffs' First Amended Complaint ("FAC"). (Id. 6-9.) Plaintiffs' Opposition to the Motion to Dismiss discredited these arguments.1 Rather, Ameritrade's Opposition reveals its fundamental misunderstandings about Plaintiffs' claims and the injunctive relief they seek. These misunderstandings lead to many irrelevant arguments that either do not address Plaintiffs' claims, misstate Plaintiffs' requested relief, or devolve into meritless ad hominen attacks on Plaintiffs. Plaintiffs' claims do not arise from Ameritrade's security breach itself, but from its failure to give accountholders adequate notice of the security breach. The relief Plaintiffs seek is not necessarily geared towards correcting Ameritrade's security, but to ensure Ameritrade provides consumers accurate information about the security of data provided to it. I. Ameritrade Fails to Present Viable Objection to the Proposed Prohibitory Relief Plaintiffs seek injunctive relief prohibiting Ameritrade from 1) disclosing its customers' personal information, including their email addresses, in a manner inconsistent with the Privacy Statement, and 2) directing its customers to delete spam. (Pl.s' Mot. iii.) 1 This Reply confines itself to those arguments Ameritrade developed more in the Opposition than its Motion to Dismiss: its arguments concerning Cal. Civ. Code � 1798.82 (addressed in Section II.D, on pages 8-9) and its arguments concerning implied preemption (addressed in Section III, on pages 12-13). With respect to the other arguments which Ameritrade references, Plaintiffs refer to their Opposition to the Motion to Dismiss: Elvey's claims are not preempted under the Securities Litigation Uniform Standards Act because they are not "in connection with" securities transactions, nor are they a "covered class action," nor do they concern "covered securities." (Pl.s' Opp. Mot. Dismiss 3-5.) The Nebraska choice of law clause in Ameritrade's Client Agreement is unenforceable, because it would impair Elvey's right under California law to bring a class action. (Id. 1-3.) Further, the FAC does allege damages: Elvey lost the benefit of the bargain on his transaction fees and maintenance of his account balance because of the misleading representations in the Privacy Statement. (Id. 1112.) Nor can Ameritrade evade its fiduciary duty to its customers, where it expressly promised not to disclose their personal information. (Id. 15-16.) Plaintiffs' Reply to Defendant's Opposition to the Motion for Preliminary Injunction 1 No. C 07 2852 MJJ Case 3:07-cv-02852-MJJ Document 31 Filed 09/04/2007 Page 7 of 21 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 Ameritrade claims this relief is unwarranted and improper under Alsup v. Montgomery Ward & Co., 57 F.R.D. 89 (N.D. Cal. 1972), because it avers it never "intentionally disclosed any of its accountholders' e-mail addresses or other information to any unauthorized third parties," and it has ceased telling accountholders to delete spam. (Def.'s Opp. 21.)2 Ameritrade does not present sufficient evidence to support its arguments. Ameritrade does not deny that it discloses accountholder email addresses, contrary to the representations in the Privacy Statement. That this disclosure is unintentional is no defense to the proposed injunction. Cortez v. Purolator Air Filtration Prods. Co., 23 Cal. 4th 163, 181, 999 P.2d 706, 717 (2000) (UCL imposes "strict liability"); Consumer Advocates v. Echostar Satellite Corp., 113 Cal. App. 4th 1351, 1360, 8 Cal. Rptr. 3d 22, 29 (Cal. Ct. App. 2003) (UCL and CLRA share the same "consumer confusion" liability standard). To the extent Ameritrade proves it is unable to stop disclosure of email addresses "categorically and in detail," it can mount a defense against civil contempt for violating the injunction. FTC v. Affordable Media, LLC, 179 F.3d 1228, 1239, 1241 (9th Cir. 1999). Ameritrade advances no excuse not to prohibit the disclosure of its customers' personal information. Ameritrade's assertion that it has stopped directing customers to delete spam is not sufficient enough to foreclose the injunction, either. "[T]he standard for determining whether a case has been rendered moot by the defendant's voluntary conduct is stringent"; it must be "absolutely clear" the conduct cannot be reasonably expected to recur. Pepsico, Inc. v. Cal. Sec. Cans, 238 F. Supp. 2d 1172, 1178 (C.D. Cal. 2002). Ameritrade's voluntary cessation of this conduct can only moot the injunction where "interim relief or events have completely and irrevocably eradicated the effects of the alleged violation." County of Los Angeles v. Davis, 440 U.S. 625, 631 (1979) (punctuation, citations omitted). Some spam has doubtlessly been deleted, and so the loss of that evidence cannot be irrevocably eradicated. Ameritrade ignored Elvey's requests to stop its conduct until Elvey brought suit in federal district court; Plaintiffs should not [be] require[d] . . . also to introduce concrete evidence that 2 Not surprisingly, Alsup is not on point � it merely declined to certify a class action under 28 Rule 23(b)(2), in part, because the defendant corrected its statutory violations. Alsup v. Montgomery Ward & Co., 57 F.R.D. 89, 92 (N.D. Cal. 1972). Plaintiffs' Reply to Defendant's Opposition to the Motion for Preliminary Injunction 2 No. C 07 2852 MJJ Case 3:07-cv-02852-MJJ Document 31 Filed 09/04/2007 Page 8 of 21 1 2 [Ameritrade is] likely to [engage in the conduct] again. If the [Ameritrade] sincerely intend not to [resume its conduct], the injunction harms [it] little; if [it does], it gives [Plaintiffs] . . . protection . . ." 3 Polo Fashions, Inc. v. Dick Bruhn, Inc., 793 F.2d 1132, 1135-36 (9th Cir. 1986) (reversing 4 denial of injunction prohibiting trademark infringement based on voluntary cessation). (Cf. 5 FAC �� 34-35.) 6 II. 7 Plaintiffs Are Entitled to Injunction for Corrective Disclosure and an Accounting Plaintiffs also seek an injunction requiring 1) Ameritrade to provide a notice of the 8 probable security breach and 2) provide an accounting of any of its records systems which 9 store accountholders' personal information. (Pl.s' Mot. iii-iv.) Ameritrade does not present any 10 argument that justifies denying this relief. 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 A. Ameritrade Fails to Rebut the Reasonable Inference That a Security Breach Exposed Accountholders' Social Security Numbers Ameritrade does not contest that spammers obtained its accountholders' email addresses, and admits that it is now investigating into the "unauthorized acquisition" of these email addresses "from [its] computer systems." (Hale Decl. � 5; Ex. H to Pl.'s Mot. Prelim. Inj. (email disclosing investigation).) It is reasonable to infer that the spammers who accessed and downloaded email addresses from those computer systems also downloaded other data stored on those systems. United States v. Gourde, 440 F.3d 1065, 1070-71 (9th Cir. 2006) (criminal defendant had access to website with illegal images and intent to view such images: inference that defendant downloaded illegal images was reasonable, "common sense"). Likewise, it is reasonable to infer that spammers who used the email addresses to spam Ameritrade customers would also abuse other personal information obtained in the security breach � especially where black markets exist for both email addresses and Social Security numbers.3 Although Ameritrade asserts there is no evidence of possible identity theft, it advances no evidence or argument to counter these inferences.4 (Def.'s Opp. 2, 4, 10.) The uncontested evidence that 1) email addresses were obtained in a security breach at 3 See H.R. Rep. No. 109-522, at 5-6 (2006); U.S. Dep't of Justice, Six Defendants Plead 27 Guilty in Internet Identity Theft and Credit Card Fraud Conspiracy, at http://www.cybercrime.gov/mantovaniPlea.htm (Nov. 17, 2005). 28 4 Ameritrade has not, for instance, produced any evidence that its computer systems segregated access to email addresses from access to Social Security numbers. Plaintiffs' Reply to Defendant's Opposition to the Motion for Preliminary Injunction 3 No. C 07 2852 MJJ Case 3:07-cv-02852-MJJ Document 31 Filed 09/04/2007 Page 9 of 21 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Ameritrade and 2) these email addresses were used to spam accountholders dispositively distinguishes Elvey's claims from each and every security breach case cited by Ameritrade. (Def.'s Opp. 11-12.) In those cases, the plaintiffs only alleged that a security breach occurred, but not that any evidence the information stolen in the security breach was ever misused by the parties responsible.5 (Cobell v. Kempthorne, 455 F.3d 301 (D.C. Cir. 2006), is particularly inapplicable, as the injunction in that case required the defendant to completely disconnect from the Internet � here, Plaintiffs seek only a corrective notice and an accounting.) Ameritrade does not contest that someone obtained Elvey's email addresses and misused it � the only question is whether that person also obtained his Social Security number. The reasonable, common sense inference is that it was. Gourde, 440 F.3d at 1070-71. Ameritrade also tries to argue that the absence of consumer complaints about identity theft linked to Ameritrade's security breach is evidence that there was no "identity theft linked in any way to [Ameritrade,] although it has been nearly one year since Plaintiffs claim that they began receiving stock spam." (Def.'s Opp. 4-5, 10.) The fact that consumers cannot link identity theft incidents back to Ameritrade is not evidence that the security breach did not expose Social Security numbers to criminals. Unlike email addresses, consumers cannot provide unique Social Security numbers that allow them to trace identity theft back to a security breach at a particular firm � and Social Security numbers stolen in a security breach 5 In Randolph v. ING Life Ins. & Annuity Co., 486 F. Supp. 2d 1, 3 (D.D.C. 2007), the 21 plaintiffs did not allege that the theft of computers containing their information "was anything other than a common burglary or that it was undertaken for the purpose of accessing" their 22 information. Id. at 3. The Randolph plaintiffs did not present any evidence that their information had been misused. Id. at 4. In Key v. DSW, Inc., 454 F. Supp. 2d 684 (S.D. Ohio 23 2006), the plaintiff did not allege that anyone used her personal information for identity theft or, indeed, allege any "evidence that a third party intends to make unauthorized use of her 24 financial information or of her identity." Id. at 688, 690. Likewise, Cobell v. Kempthorne, 455 F.3d 301 (D.C. Cir. 2006) dissolved a preliminary injunction on the grounds that there was no 25 evidence that anyone had "tak[en] advantage of [the Department of] Interior's security flaws, nor that such actions are imminent" and that the preliminary injunction 26 was not tailored to protect the integrity of the specific data Interior will need to perform an accounting. While the class members may face some risk of harm if 27 [financial data] housed on Interior's computers were compromised, we have not been shown that this possibility is likely, nor that it would substantially harm 28 the class members' ability to receive an accounting. Id. at 315, 317. Plaintiffs' Reply to Defendant's Opposition to the Motion for Preliminary Injunction 4 No. C 07 2852 MJJ Case 3:07-cv-02852-MJJ Document 31 Filed 09/04/2007 Page 10 of 21 1 2 3 4 5 6 7 8 9 10 11 "may be held for up to a year or more before being used to commit identity theft."6 Ameritrade also attempts to discount Elvey's own allegations of identity theft are "disingenuous" because the identity theft "occurred before he began receiving stock spam. " (Id. 1) First, Elvey was an accountholder at Ameritrade long before he gave Ameritrade his first unique email address in October 2006. (Cf. Elvey Decl. Mot. Prelim. Injunct. �� 1-2.) Elvey has no way of knowing whether Ameritrade first disclosed his email address prior to October 2006. Secondly, Ameritrade presents no reason to think that identity thieves had to wait to use Elvey's Social Security number until after spamming him. B. Disclosure of Email Addresses to Spammers Alone Creates Risk of Irreparable Harm Sufficient to Justify Injunction Ameritrade also argues that the "de minimis" damage caused by spam is not sufficient 12 irreparable harm to justify a preliminary injunction. (Def.'s Opp. 12-13.) Again, the law does 13 not support Ameritrade. (Pl.'s Opp. 13, 14-15.) Putting aside Ameritrade's cavalier attitude, it 14 misunderstands the irreparable harm proffered in the Motion. The irreparable harm is not the 15 spam itself, but the disclosure of email addresses to spammers � once spammers have those 16 email addresses, they will never be spam-free again. (Pl.s' Mot. 8.) Again, Ameritrade 17 overlooks the fact that the injunction not only protect Plaintiffs' email addresses from 18 disclosure, but also protects other Class members' email addresses. The damages from this 19 disclosure are not de minimis simply because they are difficult to calculate � but the difficulty 20 in calculating and collecting the damages from the spam does constitute irreparable harm. 21 Walters v. Reno, 145 F.3d 1032, 1048 (9th Cir. 1998) (when movant for preliminary injunction 22 cannot calculate its damages, movant "has no adequate legal remedies and irreparable harm 23 6 U.S. General Accounting Office, Personal Information: Data Breaches Are Frequent, but 24 Evidence of Resulting Identity Theft Is Limited; However, the Full Extent Is Unknown 29 (GAO-07-737 2007). 25 Determining the link between data breaches and identity theft is challenging for several reasons. First, identity theft victims often do not know how their 26 personal information was obtained. . . . Second, victims may misattribute how their data were obtained. . . . Further, once stolen data have been sold or posted 27 on the Web, fraudulent use of that information may continue for years. As a result, [measurements of the] harm resulting from data breaches cannot 28 necessarily rule out all future harm. Id. at 28-29 Plaintiffs' Reply to Defendant's Opposition to the Motion for Preliminary Injunction 5 No. C 07 2852 MJJ Case 3:07-cv-02852-MJJ Document 31 Filed 09/04/2007 Page 11 of 21 1 2 3 4 5 exists"). The risk of irreparable harm from disclosure of email addresses alone justifies the proposed notice. C. The Basis of Plaintiffs' Claims Is Ameritrade's Failure to Disclose the Security Breach, Not the Security Breach Itself Ameritrade contends that its information security is reasonable (or passes regulatory 6 muster) and that perfect security is impossible. (Def.'s Opp. 4.) Ameritrade also claims the 7 Privacy Statement never guaranteed that "customer data never could be acquired or used 8 without authorization." (Def.'s Opp. 6.) These arguments are entirely besides the point: 9 Elvey's claims relate to Ameritrade's failure to disclose the ongoing security breach to its 10 customers � which rendered the Privacy Statement misleading and actionable under the CLRA 11 and UCL. To put it in terms Ameritrade understands, if consumers have access to accurate 12 information about security breaches � which they are entitled under the UCL and CLRA, 13 consumers will demand secure businesses and create market incentives for businesses to 14 secure their computer systems: 15 16 17 18 19 20 21 22 23 24 25 Requiring businesses to disclose information security violations provides [firms] with a market incentive to ensure that their security is adequate. . . . Customers will be reluctant to transact with businesses that fail to adequately secure their databases. . . .Disclosure permits . . . customers to identify and avoid businesses that do not take their computer security seriously or are unable to do so. Ethan Preston & Paul Turner, The Global Rise of a Duty to Disclose Information Security Breaches, 22 J. Marshall J. Computer & Info. L. 457, 460 (2004). Conversely, Ameritrade distorts the market for security by concealing information about the security breach. In this light, Ameritrade's expressed concerns that disclosure "could seriously damage [its] business and reputation," harm its "goodwill" and cause the loss of customers are precisely the point. (Def.'s Opp. 2, 20.) There cannot be a healthy information security market without market incentives to avoid disclosing security breaches.7 7 Ameritrade doubtlessly exaggerates the harms the disclosure will cause. One empirical study 26 of privacy incidents and breach data indicates that the impact on stock price caused by disclosure of security breaches is "is significant and negative, although it is short-lived." 27 Alessandro Acquisti et al., Is There A Cost to Privacy Breaches? An Event Study, 5 Econ. Info. Security 18 (2006), at http://weis2006.econinfosec.org/docs/40.pdf . Likewise, 28 Ameritrade underestimates the deterrence benefits it can reap through providing a full disclosure. Stuart E. Schechter & Michael D. Smith, How Much Security is Enough to Stop a Plaintiffs' Reply to Defendant's Opposition to the Motion for Preliminary Injunction 6 No. C 07 2852 MJJ Case 3:07-cv-02852-MJJ Document 31 Filed 09/04/2007 Page 12 of 21 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 The Privacy Statement represents that "TD AMERITRADE does not . . . disclose your personal information to any third party for any reason . . ." (FAC � 21.) Despite this statement, Ameritrade argues that the UCL and CLRA do not "impose an independent duty" to notify customers that it disclosed their email addresses because it did not promise to do so in the Privacy Statement. Contrary to Ameritrade's strained reading, the UCL and CLRA prohibit any representation which "although true, is either actually misleading or which has a capacity, likelihood or tendency to deceive or confuse the public." Kasky v. Nike, Inc., 27 Cal. 4th 939, 951, 45 P.3d 243, 250 (2002). One could reasonably believe, under the Privacy Statement, that Ameritrade did not have any specific knowledge or evidence of a security breach which disclosed customer email addresses to spammers. It is Ameritrade's failure to correct that misleading impression which violates the CLRA and UCL. Ameritrade rehashes its argument that the statement "no security system is absolutely impenetrable" renders the Privacy Statement not misleading. This argument is undermined by Ameritrade's own arguments about the potential costs of Plaintiffs' proposed security notice. (Def.'s Opp. 20.) If Ameritrade had truly disclosed the security breach, there would be no further consequences security breach notice sought in the Motion for Preliminary Injunction. (The Opposition to the Motion to Dismiss provides Plaintiffs' complete argument that the statement above only warns about the general possibility of a future security breach � failing to disclose the specific, ongoing security breach. (Pl.s' Opp. 9-11.)) D. Plaintiffs Are Entitled to the Proposed Corrective Notice As Ameritrade concedes, corrective disclosures are available as injunctive relief under the CLRA and UCL. Colgan v. Leatherman Tool Group, Inc., 135 Cal. App. 4th 663, 677-78, 38 Cal. Rptr. 3d 36, 44-45 (Cal. Ct. App. 2006). Ameritrade still seeks to deny its customers an accurate disclosure of its security breach, arguing that the "final injunction" for a corrective disclosure in Colgan does not support "a preliminary injunction" here. (Def.'s Opp. 14, 19.) (emphasis in original). Once again, Ameritrade's arguments are contrary to the law. "A Thief? The Economics of Outsider Theft via Computer Systems and Networks, 7 Int'l Fin. 28 Cryptography Conf. 8, 11 (2003), at http://www.eecs.harvard.edu/~stuart/papers/fc03.pdf (sharing information about attacks makes firms less attractive targets). Plaintiffs' Reply to Defendant's Opposition to the Motion for Preliminary Injunction 7 No. C 07 2852 MJJ Case 3:07-cv-02852-MJJ Document 31 Filed 09/04/2007 Page 13 of 21 1 2 3 4 5 6 7 8 9 10 preliminary injunction is always appropriate to grant intermediate relief of the same character as that which may be granted finally." De Beers Consol. Mines, Ltd. v. United States, 325 U.S. 212, 220 (1945) (emphasis added). Although Ameritrade calls the proposed security notice "misleading, alarmist, and speculative," (Def.'s Opp. 20), it accurately reflects the facts underlying this dispute: ALERT: AMERITRADE'S INFORMATION SYSTEMS ARE NOT NECESSARILY SECURE AND WE CANNOT ASSURE THE SECURITY OF YOUR PERSONAL INFORMATION. THERE IS EVIDENCE THAT SOME ACCOUNTHOLDERS' EMAIL ADDRESSES HAVE LEAKED FROM AMERITRADE'S COMPUTER SYSTEMS TO SPAMMERS. AMERITRADE HAS AN ONGOING INVESTIGATION INTO THIS SITUATION. YOUR NAME, SOCIAL SECURITY NUMBER, AND YOUR EMAIL ADDRESS MAY HAVE BEEN LEAKED AS WELL. 11 (Pl.s' Mot. iv.) Ameritrade does not contest that it has disclosed its accountholders' email 12 addresses, and concedes it is investigating a security breach relating to these disclosures. 13 Ameritrade cannot contest the the statement that accountholders' names and Social Security 14 numbers may have been leaked either, because Ameritrade itself claims that the representation 15 in the Privacy Statement that "no security system is absolutely impenetrable" already 16 discloses the possibility "that customer data . . . could be acquired or used without 17 authorization." (Def.'s Opp. 6.) 18 Given that the security breach notice set forth above is entirely accurate, the potential 19 loss of goodwill and reputation of which Ameritrade complains are not cognizable costs. (Id. 20 20.) Ameritrade also argues, however, the notice would cause "many accountholders to 21 undertake . . . burdensome steps to protect themselves from identity theft." (Def.'s Opp. 20.) 22 Ameritrade at once downplays the risk of identity theft without a sound basis for doing so, as 23 it exaggerates the costs of responding to identity theft to consumers. Consumers can place a 24 security freeze on their credit report by simply sending a written request to consumer credit 25 reporting agencies by certified mail. Cal. Civ. Code � 1785.11.2(a) (2007). This is not the 26 onerous procedure Ameritrade makes it seem. 27 Finally, Ameritrade emphatically argues that Cal. Civ. Code � 1798.82 represents the 28 outer limit of any obligation to disclose a security breach. Ameritrade cannot use section Plaintiffs' Reply to Defendant's Opposition to the Motion for Preliminary Injunction 8 No. C 07 2852 MJJ Case 3:07-cv-02852-MJJ Document 31 Filed 09/04/2007 Page 14 of 21 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 1798.82 to circumvent its liability for misleading omissions in the Privacy Statement under the UCL and CLRA. First, the three different statutes regulate two different matters: the UCL and the CLRA prohibit the misleading omissions in Ameritrade's Privacy Statement. Section 1798.82 requires disclosures in situations where there is no contractual obligation or applicable privacy policy. Cal. Civ. Code � 1798.82(a) (2007). Section 1782.92 is merely cumulative to the CLRA and UCL, and does not displace them. See Mfrs. Life Ins. Co. v. Superior Court, 10 Cal. 4th 257, 263, 284, 895 P.2d 56, 58, 72 (1995) (California Unfair Insurance Practices Act did not create exemption to UCL). The legislation explicitly confirms this conclusion. The remedy for violations of section 1798.82 is found at Cal. Civ. Code � 1798.84. Section 1798.84 expressly provides that the "rights and remedies available under this section are cumulative . . . to any other rights and remedies available under law." Cal. Civ. Code � 1798.84(g) (2007) (emphasis added). Ameritrade's interpretation would violate California's statutory construction rules by rendering section 1798.84(g) meaningless. Mfrs. Life, 10 Cal. 4th at 274, 895 P.2d at 65.8 E. Plaintiffs Are Entitled an Accounting While the proposed notice is uncontestably accurate as far as it goes, both Ameritrade and accountholders are served best by an accurate, detailed account of the security breach. This is why Plaintiffs seek an accounting � to provide a public that report accurately and completely discloses the security breach to Ameritrade accountholders. (Pl.s' Mot. iii.) Ameritrade's assertion that Plaintiffs' "need for additional information can be satisfied through [ordinary] discovery" is wrong. (Def.'s Opp. 17.) Ameritrade, as a fiduciary, bears the burden of rendering the accounting after it breached its duties by concealing material information from its accountholders. In re Niles, 106 F.3d 1456, 1461 (9th Cir. 1997). The burden that the common law places on the fiduciary to account is more than a shifting of the burden of coming forward with evidence. . . . By failing to 8 To the extent that Plaintiffs' proposed accounting is truly unprecedented, that is not, by itself, any reason not to grant the accounting. "[T]he common law is susceptible of growth and 27 adaptation to new circumstances and situations . . ." Dimick v. Schiedt, 293 U.S. 474, 487 (1935). "[T]he common law is not immutable but flexible, and by its own principles adapts 28 itself to varying conditions." Jaffee v. Redmond, 518 U.S. 1, 8 (1996) (citation, quotation omitted). Plaintiffs' Reply to Defendant's Opposition to the Motion for Preliminary Injunction 9 No. C 07 2852 MJJ Case 3:07-cv-02852-MJJ Document 31 Filed 09/04/2007 Page 15 of 21 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 keep and submit accounts, [the fiduciary assumes the burden of repelling the presumption and disproving negligence and faithlessness. Id. at 1462. Likewise, Plaintiffs should not be obliged to run down the details of the security breach: as a fiduciary, Ameritrade is obliged to provide them to Plaintiffs in the accounting. Discovery is therefore not an acceptable substitute for an accounting. The Federal Rules place quantitative limits on discovery. See Fed. R. Civ. P. 26(b)(2)(B) (limiting production of documents identified "as not reasonably accessible because of undue burden or cost"); 30(a)(2) (limiting number of depositions to 10, and restricting redeposing deponents); 30(d)(2) (depositions limited to one day of seven hours); 33(a) (limiting the number of interrogatories to 25). These quantitative limits necessitate that "especially in complex cases, . . . almost all [discovery] will be under-inclusive." In re Sulfuric Acid Antitrust Litig., 230 F.R.D. 527, 532 (N.D. Ill. 2005) (discussing time limit on depositions). Moreover, the cost of producing documents can shift to requesting parties. OpenTV v. Liberate Techs., 219 F.R.D. 474, 476-79 (N.D. Cal. 2003) (partly fixing costs of computer production on requesting party). Any trial court will recognize that gamesmanship in discovery is a terrible temptation to which even the most serious-minded litigants may fall prey. By shifting the burden of proof and production, an accounting eliminates that temptation and ensures that Ameritrade will provide its accountholders the precise and detailed description of the security breach that they deserve. Ameritrade argues that the proposed accounting does not adequately specify which "particular information would be required by the requested accounting of records systems." (Def.'s Mot. 18.) The accounting dovetails snugly with the proof of impossibility required to defend a contempt charge on the injunction prohibiting the disclosure of accountholder information. Under either the accounting or the injunction prohibiting the disclosure of accountholder information, Ameritrade must prove that it is unable to stop disclosure of email addresses. Plaintiffs cannot be asked to identify exactly what information is needed to discharge Ameritrade's fiduciary obligations when they do not have access to the underlying evidence. Ameritrade marches a parade of horribles before the Court to argue against the accounting: it complains that the public report "would only encourage future attempts by Plaintiffs' Reply to Defendant's Opposition to the Motion for Preliminary Injunction 10 No. C 07 2852 MJJ Case 3:07-cv-02852-MJJ Document 31 Filed 09/04/2007 Page 16 of 21 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 hackers" and "expose proprietary and confidential information," and that the security measures that may be proposed by Plaintiffs' counsel after the accounting are too indefinite under Rule 65. (Def.'s Mot. 18.) Ameritrade conveniently ignores that Plaintiffs' requested relief must be "approved by the Court upon completion of the accounting." (Pl.s' Mot. iv.) (emphasis added). Both these remedies will be fully briefed and approved by the Court after the accounting and will fully comply with Rule 65. In combination with the parties' imminent protective order, Ameritrade will have all the protection it needs. Ameritrade claims that "there is no basis for ordering a system-wide accounting" where Plaintiffs only have evidence that email addresses were disclosed in the security breach. (Def.'s Opp. 17.) The accounting sought by Plaintiffs is not system-wide, but limited to Ameritrade records systems which store personal information of Plaintiffs or the accountholder class members. (Pl.s' Mot. iii.) Again, it is reasonable to presume that if the spammers responsible had access to the email addresses stored on these systems, they had access to any other information stored on those systems. Gourde, 440 F.3d at 1070-71. Ameritrade finally argues that the equitable remedy of an accounting is strictly limited to a financial statement, and that the accounting of Ameritrade's information systems Plaintiffs' seek is "literally unprecedented." (Def.'s Opp. 18.) Ameritrade mischaracterizes the relief Plaintiffs seek yet again. This lawsuit only concerns Ameritrade's information system to the extent they store Plaintiffs' personal information. "[T]he obligation to render an accounting is triggered by proof that the plaintiff entrusted property to the defendant in a fiduciary relationship." In re Niles, 106 F.3d at 1462 n.4. Here, Plaintiffs entrusted personal information to Ameritrade and had vested property rights to that information under the terms of the Privacy Statement. Kaiser Aetna v. United States, 444 U.S. 164, 176 (1979) ("one of the most essential sticks in the bundle of rights that are commonly characterized as property [is] the right to exclude others"). III. Plaintiffs Are Entitled to Injunction Warning Against the Purchase of SpamTouted Stock Plaintiffs seek an injunction requiring Ameritrade to provide a notice before Plaintiffs' Reply to Defendant's Opposition to the Motion for Preliminary Injunction 11 No. C 07 2852 MJJ Case 3:07-cv-02852-MJJ Document 31 Filed 09/04/2007 Page 17 of 21 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 accountholders purchase stock that has been touted by spam that the stock has been so touted, and that its value may be manipulated. (Pl.s' Mot. iii.) Ameritrade's implied preemption argument is at its zenith here, and it still fails. (Def.'s Opp. 7.) Implied preemption applies only where "the challenged state law stands as an obstacle to the accomplishment and execution of the full purposes and objectives of Congress." Crosby v. Nat'l Foreign Trade Council, 530 U.S. 363, 373 (2000). There is no "federal policy against States imposing liability in addition to that imposed by federal law. [S]tate causes of action are not pre-empted solely because they impose liability over and above that authorized by federal law . . ." California v. ARC Am. Corp., 490 U.S. 93, 105 (1989). Ameritrade argues that the stock notice sought in Plaintiffs' Motion "would frustrate the orderly functioning of the nation's securities markets . . ." (Def.'s Opp. 15.) Although Ameritrade notes that "spam-based pump-and-dump schemes are the focus of ongoing SEC regulatory and enforcement efforts," it fails to produce any evidence or argument that Plaintiffs' proposed remedy would actually interfere with the SEC's efforts. (Id.) Ameritrade does not establish a implied preemption defense without "overcom[ing] the pre-sumption against finding pre-emption of state law in areas traditionally regulated by the States . . ." ARC Am. Corp., 490 U.S. at 101. This includes securities law. "Congress plainly contemplated the possibility of dual litigation in state and federal courts relating to securities transactions." Matsushita Elec. Indus. Co. v. Epstein, 516 U.S. 367, 383 (1996). See also CTS Corp. v. Dynamics Corp. of Am., 481 U.S. 69, 83 (1987) (no implied preemption where Indiana securities law "furthers the federal policy of investor protection"). Ameritrade's burden of proof is high: implied preemption can be found "[o]nly where there is "clear evidence" that Congress meant to assert federal control . . ." Oxygenated Fuels Ass'n v. Davis, 331 F.3d 665, 673 (9th Cir. 2003). Plaintiffs' proposed remedy (that Ameritrade provide truthful information prior to the purchase of spam-touted stock) does not conflict with the SEC's activities (halting trading on spam-touted stocks). (Def.'s Opp. 15, 16-17.) Ameritrade's generalized objections that the remedies sought will "frustrate the orderly functioning of the nation's securities Plaintiffs' Reply to Defendant's Opposition to the Motion for Preliminary Injunction 12 No. C 07 2852 MJJ Case 3:07-cv-02852-MJJ Document 31 Filed 09/04/2007 Page 18 of 21 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 markets" does not carry that burden where Ameritrade utterly fails to demonstrate how, precisely, Plaintiffs' remedies would disrupt the SEC's efforts in this area.9 Nor do Ameritrade other arguments against the stock notice hold water. Ameritrade claims that purchases of spam-touted stock do not threaten irreparable harm as accountholders "could seek full compensation in the form of money damages." (Id. 13.) This damages remedy is illusory because accountholders will generally be unable to establish causation, and therefore unable to calculate their damages � rendering the harm irreparable. Ameritrade also argues that the stock notice is unnecessary because "they do not trade spam-touted stocks and they know all about the dangers of spam-based manipulation." (Id. 15.) Clearly, spammers would not engage in pump-and-dump schemes if the spam was entirely unsuccessful. Moreover, Ameritrade entirely discounts investors � including Plaintiffs � who may purchase a stock without being aware that it is being manipulated by stock spam. While investors who make decisions based on stock spam may not heed the stock notice proposed by Plaintiffs, that does not mean Plaintiffs' proposed remedy cannot assist other investors. Ameritrade also urges that the burden of "detect[ing] spam sent to its accountholders and . . . identify[ing] stocks touted by such spam" would be "enormous." (Pl.s' Mot. iii; Def.'s Opp. 16.) This argument should be taken with a grain of salt: Ameritrade's declarant does not actually quantify the costs of complying with the injunction. Further, Ameritrade has particularized knowledge of the stock spam sent to its accountholders (who forward their spam to Ameritrade), and can easily seed its database with controlled, unique email addresses to obtain the same spam sent to its accountholders (and only that spam). Lastly, the cost of presenting a single, additional pop-up screen to Ameritrade's accountholders cannot be great. IV. Ameritrade Makes Ad Hominen Attacks on Elvey to Distract Attention From Its Own Misconduct Finally, Ameritrade uses its Opposition to mount meritless personal attacks on 26 Plaintiffs. Ameritrade's inflammatory rhetoric is a desperate attempt to deflect attention from 27 In contrast, Ameritrade's cases involved close statutory analysis and concrete examples of how the state laws at issue undermined federal policy. (Cf. Def.'s Opp. 15, citing Geier v. Am. 28 Honda Motor Co., 529 U.S. 861 (2000); Credit Suisse First Boston Corp. v. Grunwald, 400 F.3d 1119 (9th Cir. 2005). Plaintiffs' Reply to Defendant's Opposition to the Motion for Preliminary Injunction 13 No. C 07 2852 MJJ 9 Case 3:07-cv-02852-MJJ Document 31 Filed 09/04/2007 Page 19 of 21 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 its own misconduct. Ameritrade calls Elvey "disingenuous" because he waited seven months to file this lawsuit. (Id. 1.) Elvey first alerted Ameritrade to the spam issue in November 2006.10 (Pl.s' Opp. Mot. Extension for Time 4.) Ameritrade responded by email and indicated it was investigating the matter. After Elvey waited for the resolution of Ameritrade's investigation until February 2007, he set up a separate hard drive with a separate operating system to log onto Ameritrade's website and checking his email "[t]o ensure that he was not responsible for leaking" his email addresses. (Id. (quoting FAC � 24.)) While Ameritrade shamelessly demonizes Elvey as a professional plaintiff, Elvey took due diligence to ensure he was not at fault and delayed seeking legal counsel until he understood that his grievances were suitable for the legal system. (Id.) Even after he decided to retain counsel, Elvey needed time to locate legal assistance willing to represent him in a case like this on a contingency fee � and his counsel required some time to take due diligence on his claims and draft his complaint. (Id.) Elvey should not be penalized for carefully investigating his claims, nor for lacking the means to immediately procure counsel. Elvey is not a billion-dollar corporation with instant access to multinational law firms, and cannot be expected to act like one. Finally, in its argument against class certification, Ameritrade states that Elvey deliberately "subject[ed] [himself] to spam in order to bring this suit" and that "it is unlikely that [he was] deceived by any alleged misrepresentation in the . . . Privacy Statement." (Def.'s Opp. 23.)11 The FAC alleges damages � which necessarily incorporates an allegation of reliance in the CLRA. McAdams v. Monier, Inc., 151 Cal. App. 4th 667, 672, 60 Cal. Rptr. 3d 111, 113 (Cal. Ct. App. 2007). Moreover, Ameritrade should not be heard to complain about the use of unique email addresses when it would have been impossible to detect Ameritrade's disclosure of email addresses otherwise. See S. Rep. No. 108-102, at 5 (2003) (90 percent of 10 Elvey first received spam in November 2007, not in October 2007, as Ameritrade's 25 Opposition claims. (FAC � 23; Elvey Decl. Opp. Mot. Extension for Time � 2 (first spam received on November 11, 2006).) 26 11 Ameritrade justifies this outrageous statement by blaming Elvey for not changing his email address or closing his account. (Preston Decl. � 3.) Neither of these measures would have 27 stemmed the flow of spam to Elvey's email servers or reduced the risk of identity theft once his email address and/or Social Security number were disclosed. As of 6:30 pm PST of the 28 date of filing, Ameritrade has not provided Plaintiffs' counsel with a factual basis for the statement that Plaintiffs were not deceived by the Privacy Statement. (Id. �� 4-5.) Plaintiffs' Reply to Defendant's Opposition to the Motion for Preliminary Injunction 14 No. C 07 2852 MJJ Case 3:07-cv-02852-MJJ Document 31 Filed 09/04/2007 Page 20 of 21 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 all of spam is ``untraceable'' to its actual source). Damages exist even when investigative techniques are needed to prove liability: persons who test for discrimination, but do not intend to accept the tested facilities, "who are subjected to unlawful [discrimination] may be entitled to compensatory and punitive damages . . ." U.S. Equal Employment Opportunity Commission, EEOC NOTICE No. 915.002, at http://www.eeoc.gov/policy/docs/testers.html (May 22, 1996). See also Fair Hous. of Marin v. Combs, 285 F.3d 899, 903 (9th Cir. 2002) (testers suffer damages because testers devotes "resources . . . to identifying and counteracting [statutory violations], and this diversion of resources frustrate[s]" the tester's other activities). V. The Court Should Not Hesitate to Grant Class Certification, If It Is Required Plaintiffs are not seeking to slip into class certification through the back door, and the parties agree that class certification is unnecessary here, where a preliminary injunction "for the named plaintiffs would, as a practical matter extend to all purported class members." (Def.'s Opp. 21-22.) However, Plaintiffs are mindful that this does not mean the Court will agree. Ameritrade argues the record does not allow the "rigorous analysis" required of class certification. (Def.'s Opp. 23.) Ameritrade exaggerates the evidentiary basis required for class certification. Class certification is "necessarily bound to some degree of speculation by the uncertain state of the record on which [the court] must rule. An extensive evidentiary showing . . . is not required." Blackie v. Barrack, 524 F.2d 891, 901 (9th Cir. 1975). All that is required is sufficient evidence "to form a reasonable judgment as to each requirement of class certification" under Rule 23. Id. There is sufficient evidence before the Court to sustain class certification for the limited purposes for which it may be required.12 CONCLUSION Plaintiffs respectfully asks that the Court grant their Motions for a Preliminary Injunction and for Class Certification. 12 Ameritrade has refused to conclude the parties' Rule 26(f) conference: Ameritrade should 28 not be able to defeat class certification, and thus a preliminary injunction, by withholding the conclusion of the Rule 26(f) conference. Plaintiffs' Reply to Defendant's Opposition to the Motion for Preliminary Injunction 15 No. C 07 2852 MJJ Case 3:07-cv-02852-MJJ Document 31 Filed 09/04/2007 Page 21 of 21 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Dated: September 4, 2007 By:/s/Alan Himmelfarb Alan Himmelfarb LAW OFFICES OF ALAN HIMMELFARB 2757 Leonis Blvd Los Angeles, CA 90058 Telephone: (323) 585-8696 Fax: (323) 585-8198 consumerlaw1@earthlink.net Scott A. Kamber Ethan Preston KAMBER & ASSOCIATES, LLC 11 Broadway, 22d Floor New York, NY 10004 Telephone: (212) 920-3072 Fax: (212) 202-63640 skamber@kolaw.com epreston@kolaw.com Plaintiffs' Reply to Defendant's Opposition to the Motion for Preliminary Injunction 16 No. C 07 2852 MJJ

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.

Why Is My Information Online?