NovelPoster v. Javitch Canfield Group et al
Filing
93
ORDER GRANTING DEFENDANTS' MOTION FOR JUDGMENT ON THE PLEADINGS by Hon. William H. Orrick granting #60 Motion for Judgment on the Pleadings. NovelPoster is granted leave to amend its complaint with respect to the four causes of action that are the subject of this Order within 15 days. (jmdS, COURT STAFF) (Filed on 8/4/2014)
<![CDATA[
1
2
3
4
UNITED STATES DISTRICT COURT
5
NORTHERN DISTRICT OF CALIFORNIA
6
7
NOVELPOSTER,
Case No. 13-cv-05186-WHO
Plaintiff,
8
v.
9
10
JAVITCH CANFIELD GROUP, et al.,
ORDER GRANTING DEFENDANTS’
MOTION FOR JUDGMENT ON THE
PLEADINGS
Re: Dkt. No. 60
Defendants.
United States District Court
Northern District of California
11
12
13
14
INTRODUCTION
This case involves the soured relationship between the owners of the plaintiff company,
15
NovelPoster, and the defendant company engaged to operate it, Javitch Canfield Group. Javitch
16
Canfield Group’s owners, Mark Javitch and Daniel Canfield, are also defendants. NovelPoster
17
asserts various causes of action under both federal and state law based on the defendants’
18
allegedly unlawful access of NovelPoster’s email and other electronic accounts during the start,
19
breakdown, and wake of the parties’ relationship.
20
The defendants filed this limited Motion for Judgment on the Pleadings, arguing that
21
NovelPoster’s allegations as pleaded in the Complaint fail to support the First through Fourth
22
Causes of Action for violations of the federal Computer Fraud and Abuse Act, the federal
23
Electronic Communications Privacy Act, California’s Comprehensive Computer Data Access and
24
Fraud Act, and California’s Invasion of Privacy Act. The motion is GRANTED. NovelPoster
25
fails to adequately plead loss to support its causes of action under the Computer Fraud and Abuse
26
Act and California’s Comprehensive Computer Data Access and Fraud Act and fails to plead that
27
the defendants “intercepted” any electronic communications under the Electronic Communications
28
Privacy Act and California’s Invasion of Privacy Act.
FACTUAL BACKGROUND
1
2
The Complaint alleges the following facts:
3
Plaintiff NovelPoster is an online retailer that designs, sells, and distributes text-based
4
poster products. Compl. (Dkt. No. 1) ¶¶ 4, 9. NovelPoster has no physical presence and is
5
accessible only through its website and other online internet portals. Compl. ¶ 10. Owners Alex
6
Yancher and Matt Grinberg founded the company in 2011. Compl. ¶ 9. From NovelPoster’s
7
inception, Yancher and Grinberg planned to develop and then sell the company. Compl. ¶ 14.
8
NovelPoster has accounts with internet companies to conduct its advertising,
9
communications, and sales transactions, including with online payment “gateways,” such as
PayPal and Stripe; online marketing platforms, such as Google Adwords; the website platform
11
United States District Court
Northern District of California
10
Goodsie; retail sites, such as Etsy and Storenvy; and social media platforms, such as Facebook,
12
Twitter, and Mailchimp. Compl. ¶¶ 11, 38.
13
NovelPoster’s email capabilities are hosted by Google’s services for small-business
14
accounts, through which NovelPoster has the email accounts Contact@NovelPoster.com,
15
Matt@NovelPoster.com, and Alex@NovelPoster.com. Compl. ¶ 11(a).
16
Contact@NovelPoster.com is the administrative account for NovelPoster’s overall Google
17
account, and access to it allows a user to control Matt@NovelPoster.com and
18
Alex@NovelPoster.com, which are the individual email accounts of Grinberg and Yancher,
19
respectively. Compl. ¶¶ 11(a), 22. Grinberg and Yancher each used his NovelPoster email
20
account to manage the company’s relationships with customers and business partners. Compl.
21
¶ 11(a). They also used these individual email accounts to store contact information for designers,
22
wholesalers, suppliers, and marketers. Compl. ¶ 13. The contract between NovelPoster and the
23
defendants was negotiated through these email accounts, and the contract itself is electronically
24
stored there. Compl. ¶ 11(a).
25
NovelPoster first came into contact with the defendants through Yancher, who met David
26
Canfield at a March 2013 social event in San Francisco. Compl. ¶ 15. Yancher and Canfield
27
agreed to meet and discuss forming a business relationship between NovelPoster and Javitch
28
Canfield Group, which Canfield founded with Mark Javitch, to take over NovelPoster operations
2
1
“until it could be sold.” Compl. ¶¶ 5, 15. Over the next few months, Yancher and Grinberg met
2
with Canfield and Javitch several times to discuss this arrangement. Compl. ¶ 16.
Disagreement about the reach of the defendants’ control of the company began even before
3
4
the parties agreed to the terms governing their relationship. On May 8, 2013, Grinberg emailed
5
the defendants to voice his concern that they had changed the passwords to NovelPoster’s PayPal
6
and Stripe accounts and to state that he and Yancher must “maintain access to all NovelPoster
7
accounts.”1 Compl. ¶ 18.
In the same email, Grinberg proposed contract terms to the defendants consisting of the
8
9
following points:
10
The Javitch Canfield Group would “take over all aspects of operations except for
United States District Court
Northern District of California
11
poster design,” for which NovelPoster would be responsible for creating one new
12
poster design per month.
13
Operations include “[f]ulfilling posters or subcontracting fulfillment
14
responsibilities”; inventory management; marketing through Google Adwords,
15
Facebook ads, etc.; customer service; outbound sales calls to distributors;
16
maintenance of NovelPoster’s website and social media presence; and financial and
17
accounting record keeping.
18
“NovelPoster continues to have ownership of all NovelPoster related accounts.”
19
The Javitch Canfield Group receives 80 percent of sales and a 10 percent equity
share to vest over two years.
20
21
Compl. ¶ 17. Canfield accepted these terms on behalf of the defendants via email on May 9,
22
2013.2 Compl. ¶ 21.
23
24
25
26
27
28
1
Although not pleaded in the Complaint, NovelPoster states in its opposition brief that it provided
the defendants with the passwords to its Contact@NovelPoster.com, AdWords, PayPal, Goodsie,
MailChimp, Twitter, Stripe, and Facebook accounts on May 3, 2013, because it was “optimistic
that it would finalize an[ ] agreement” with the defendants. Opp’n (Dkt. No. 64) 1-2. The brief
further states that on May 8, 2013, the defendants changed the passwords and access levels to
some of these accounts without providing NovelPoster with the new passwords. Opp’n 2.
2
According to the opposition brief, in response to requests from NovelPoster regarding account
access, the defendants provided login credentials for certain accounts to Yancher and Grinberg on
May 13, 2013. Opp’n 2.
3
1
On June 6, 2013, the defendants accessed Yancher’s and Grinberg’s individual
2
NovelPoster email accounts and changed their passwords without authorization from or notice to
3
Yancher or Grinberg. Compl. ¶ 22. Canfield responded to a complaint from Yancher that
4
Yancher was not able to access his individual account by stating that “a server change” had made
5
Yancher’s account “inaccessible,” but that Canfield could forward emails from these accounts to
6
Yancher and Grinberg. Compl. ¶ 22.
7
On June 10, 2013, Yancher emailed Canfield and Javitch, stating that he knew the
8
defendants had accessed the individual NovelPoster email accounts and read emails without
9
permission. Compl. ¶ 23. Javitch responded and suggested that the group meet to discuss the
situation; Yancher agreed, but reiterated that the defendants did not have authority to access the
11
United States District Court
Northern District of California
10
individual email accounts or change their passwords because they were “personal email accounts.”
12
Compl. ¶ 24.
13
The parties met on June 13, 2013, during which time Yancher and Grinberg told the
14
defendants that the business relationship “was not working” and NovelPoster wanted to terminate
15
the contract. Compl. ¶ 25. The defendants refused the termination, “insisting they would
16
relinquish their unauthorized control only for a fee.” Compl. ¶ 25. NovelPoster refused. Compl.
17
¶ 25. Grinberg sent an email to Canfield on June 14, 2013, saying that the defendants were in
18
material breach of the contract and that NovelPoster was terminating their contract; Grinberg also
19
stated that NovelPoster was demanding return of its entire business and an inventory estimate as of
20
May 10, 2013. Compl. ¶ 26. Javitch responded by email, pointing out that there was no clause in
21
the contract regarding termination, and so NovelPoster’s attempt to terminate the contract was
22
invalid. Compl. ¶ 27.
23
Through the time the Complaint was filed, the defendants continued to operate all aspects
24
of NovelPoster and routinely accessed, without authorization, all accounts related to NovelPoster.
25
Compl. ¶ 36. From the time they took control of NovelPoster, the defendants marketed
26
NovelPoster merchandise simultaneously with other brands that the defendants were promoting.
27
Compl. ¶ 34. While doing so, they “misrepresented to vendors and business partners” that they
28
were authorized to bind NovelPoster to business agreements. Compl. ¶ 35.
4
This dispute caused NovelPoster to lose prospective buyers. In July 2013, a prospective
1
2
buyer withdrew interest after learning about NovelPoster’s conflict with the defendants. Compl.
3
¶ 29. Afterwards, NovelPoster’s business broker told Yancher and Grinberg that he would not
4
help them sell the company until they and the defendants resolved this dispute. Compl. ¶ 30.
5
Without the business broker, NovelPoster was unable to respond to a second interested buyer in
6
October 2013. Compl. ¶¶ 31, 32.
On November 4, 2013, NovelPoster’s counsel wrote the defendants and demanded that
7
8
they return full control of NovelPoster to Yancher and Grinberg, but that has not occurred.
9
Compl. ¶¶ 33, 36. The defendants’ actions caused NovelPoster to suffer damages greater than
10
$5,000.00 in 2012 and damages continue to accrue. Compl. ¶ 44.
PROCEDURAL HISTORY
United States District Court
Northern District of California
11
NovelPoster filed this action on November 6, 2013, charging the following: (i) violation
12
13
of the federal Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. §§ 1030(a)(2)(c),
14
1030(a)(5)(c); (ii) violation of the federal Wiretap Act, 18 U.S.C. § 25113; (iii) violation of
15
California’s Comprehensive Computer Data Access and Fraud Act (“CDAFA”), CAL. PENAL
16
CODE §§ 502(c)(1)-(5), 502(c)(7); (iv) violation of California’s Invasion of Privacy Act (“CIPA”),
17
CAL. PENAL CODE §§ 630 et seq.; (v) conversion; (vi) breach of contract; (vii) breach of the
18
implied covenant of good faith and fair dealing; (viii) violation of California’s Unfair Competition
19
Law, CAL BUS. & PROF. CODE §§ 17200 et seq.; and (ix) unjust enrichment.
The defendants filed motions to dismiss on December 4, 2013, and January 13, 2014, both
20
21
of which I denied. Dkt. Nos. 16, 24, 46. On June 6, 2014, the defendants filed this limited Motion
22
for Judgment on the Pleadings on the First through Fourth Causes of Action. Mot. (Dkt. No. 60).
23
NovelPoster opposes the motion and has stated that it plans to move to file an Amended
24
Complaint. Opp’n (Dkt. No. 64) 7. I heard argument on July 9, 2014.
25
3
26
27
28
Although NovelPoster designates its Second Cause of Action as a violation of the Electronic
Communications Privacy Act, because that act both amended the Wiretap Act, 18 U.S.C. §§ 251022, and created the Stored Communications Act, 18 U.S.C. §§ 2701-12, and because NovelPoster
brings its Second Cause of Action under 18 U.S.C. § 2511, this Order will refer to the Second
Cause of Action as alleging a violation of the Wiretap Act to avoid any confusion. See Compl.
¶¶ 47, 50; Opp’n 20.
5
LEGAL STANDARD
1
The standard for a motion for judgment on the pleadings under “Rule 12(c) is ‘functionally
2
identical’ to [the standard for a motion under] Rule 12(b)(6).” Cafasso, United States ex rel. v.
4
Gen. Dynamics C4 Sys., Inc., 637 F.3d 1047, 1055 n.4 (9th Cir. 2011). When deciding such a
5
motion, “the allegations of the non-moving party must be accepted as true, while the allegations of
6
the moving party which have been denied are assumed to be false.” Hal Roach Studios, Inc. v.
7
Richard Feiner & Co., Inc., 896 F.2d 1542, 1550 (9th Cir. 1989). All reasonable inferences from
8
the alleged facts must be construed in favor of the responding party. Fleming v. Pickard, 581 F.3d
9
922, 925 (9th Cir. 2009). “Judgment on the pleadings should be granted when, accepting all
10
factual allegations in the complaint as true, there is no issue of material fact in dispute and the
11
United States District Court
Northern District of California
3
moving party is entitled to judgment as a matter of law.” Chavez v. United States, 683 F.3d 1102,
12
1108 (9th Cir. 2012) (internal citations and quotations omitted).
DISCUSSION
13
14
I.
FIRST CAUSE OF ACTION: CFAA VIOLATION
15
A. Applicable Law
16
Sections 1030(a)(2)(C) and 1030(a)(5)(C) of Title 18 respectively state that one who
17
“intentionally accesses a computer without authorization or exceeds authorized access, and
18
thereby obtains . . . information from any protected computer” and one who “intentionally
19
accesses a protected computer without authorization, and as a result of such conduct, causes
20
damage and loss” can be subject to a fine or imprisonment. 18 U.S.C. §§ 1030(a)(2)(C),
21
1030(a)(5)(C). The CFAA “targets the unauthorized procurement or alteration of information, not
22
its misuse or misappropriation.” United States v. Nosal, 676 F.3d 854, 863 (9th Cir. 2012)
23
(“Nosal I”) (brackets omitted). Any person may bring a civil cause of action under the CFAA for
24
damages and equitable relief if he or she suffers damages or loss as a result of a violation of its
25
provisions. 18 U.S.C. § 1030(g).
26
The term “without authorization” is undefined in the CFAA, but the Ninth Circuit has held
27
that “a person uses a computer ‘without authorization’ under §§ 1030(a)(2) [ ] when the person has
28
not received permission to use the computer for any purpose (such as when a hacker accesses
6
someone’s computer without any permission), or when the [computer’s owner] has rescinded
2
permission to access the computer and the defendant uses the computer anyway.” LVRC Holdings
3
LLC v. Brekka, 581 F.3d 1127, 1135 (9th Cir. 2009). Even where authorization is given to access
4
a protected computer, the CFAA may be violated if that authorization is exceeded. To exceed
5
authorized access “means to access a computer with authorization and to use such access to obtain
6
or alter information in the computer that the accesser is not entitled so to obtain or alter.” 18
7
U.S.C. § 1030(e)(6); see also Brekka, 581 F.3d at 1133 (“an individual who is authorized to use a
8
computer for certain purposes but goes beyond those limitations is considered by the CFAA as
9
someone who has ‘exceed[ed] authorized access’”). It generally “refer[s] to someone who’s
10
authorized to access only certain data or files but accesses unauthorized data or files—what is
11
United States District Court
Northern District of California
1
colloquially known as ‘hacking.’” Nosal I, 676 F.3d at 856-58 (“we find Nosal’s narrower
12
[definition] more plausible”). The Ninth Circuit has emphasized that “the CFAA is limited to
13
violations of restrictions on access to information, and not restrictions on its use.” Id. at 864
14
(original emphasis).
B. The Defendants Fail To Show That They Did Not Act Without Authorization Or
15
Did Not Exceed Authorization As A Matter Of Law.
16
The parties dispute whether the pleadings show that the defendants acted without
17
18
authorization or exceeded authorization by accessing and taking exclusive control of
19
NovelPoster’s accounts during the parties’ alleged contract period, and continuing to do so after
20
the contract allegedly terminated on June 14, 2013.4
The defendants argue that they are entitled to judgment on the pleadings for this cause of
21
22
action because NovelPoster provided the defendants with “unrestricted access” to all of
23
NovelPoster’s accounts when the parties agreed that the defendants would “take over all aspects of
24
operation” of NovelPoster, and because NovelPoster provided the defendants with certain
25
passwords, including the password for the Google administrative account. Mot. 9-12; Reply (Dkt.
26
4
27
28
Under the CFAA, a “protected computer” is a computer “used in or affecting interstate or foreign
commerce or communication.” 18 U.S.C. § 1030(e)(2)(B). The parties do not seriously dispute
that NovelPoster’s online accounts are “protected computers” under the statute. Compl. ¶ 39;
Mot. 6; Opp’n 12.
7
1
No. 76) 3-4 (quoting Compl. ¶ 17). In doing so, NovelPoster “failed to retain any technical
2
control or legal right to exclusive access” of the accounts. Reply 10. With regard to the individual
3
email accounts, though Yancher and Grinberg call them “personal email accounts,” the defendants
4
point out that NovelPoster admits that those accounts “are, in effect, the customer relationship
5
management [ ] tool” Yancher and Grinberg use to “manag[e] relations between a company and a
6
customer.” Mot. 9-10 (quoting Compl. ¶ 11(a)). But because NovelPoster’s Complaint admits
7
that the defendants were charged with operating “all aspects” of NovelPoster, the defendants argue
8
that their access of those accounts at all times was neither unauthorized nor in excess of
9
authorization. See generally Mot. 9-14.
10
The defendants further argue that the alleged violations are not within the scope of the
United States District Court
Northern District of California
11
CFAA, which they emphasize deals with hacking. Mot. 16. They attempt to characterize
12
NovelPoster’s cause of action as one merely concerning a “disputed business arrangement” and a
13
simple “breach of contract” claim. Mot. 15-16. In particular, the defendants assert that
14
NovelPoster complains of nothing more than the misappropriation of information, which the
15
CFAA does not cover, but lacks allegations that the defendants wrongfully circumvented a
16
“technological access barrier,” which they say the statute requires, because NovelPoster “willingly
17
transferred its website domain and all accounts” to the defendants. Mot. 3-4, 16 (citing Nosal I,
18
676 F.3d at 863 (holding that the CFAA targets “the circumvention of technological access
19
barriers—not misappropriation of trade secrets”)); Reply 4.
20
NovelPoster responds that their allegations against the defendants do not involve mere
21
misuse or misappropriation; rather, it asserts that the defendants both exceeded any authorization
22
by accessing and changing the passwords to the relevant accounts when the parties had a formal
23
business relationship, and acted without any authorization after NovelPoster says the contract was
24
terminated, which thus rescinded any authorization to access any of the accounts. Opp’n 8-11.
25
NovelPoster argues that neither “hacking” nor “circumventing technological access barriers”
26
appears in the CFAA, and neither is a requirement for establishing unauthorized access of
27
information. See Opp’n 4, 8 (citing United States v. Nosal, 930 F. Supp. 2d 1051, 1060 (N.D. Cal.
28
2013) (“Nosal II”) (“Nowhere does the [Ninth Circuit’s] opinion in Nosal [I] hold that the
8
1
government is additionally required to allege that a defendant circumvented technological access
2
barriers in bringing charges under § 1030(a)(4)”); NetApp, Inc. v. Nimble Storage, Inc., No. 13-cv-
3
5058-LHK, 2014 WL 1903639, at *10 (N.D. Cal. May 12, 2014) (“a nontechnological barrier can
4
revoke authorization”)).
NovelPoster contends that this case is analogous to NetApp, Inc. v. Nimble Storage, Inc., in
5
6
which the court refused to dismiss a CFAA cause of action based on an allegation that the
7
defendant exceeded the authorization given to him to use his former employer’s computer systems
8
when he repeatedly accessed the systems and took confidential data from them after his
9
employment ceased. See Opp’n 8-9 (discussing NetApp, 2014 WL 1903639, at *11). There, the
court rejected the argument that the CFAA requires pleading circumvention of a technological
11
United States District Court
Northern District of California
10
access barrier. NetApp, 2014 WL 1903639, at *11.
The defendants have not carried their burden of showing that they are entitled to judgment
12
13
on the pleadings regarding the issue of whether they exceeded, or acted without, authorization.
14
Based on the pleadings, issues of fact remain concerning whether the defendants truly had
15
authorization to access NovelPoster’s various accounts and change the passwords during the
16
business relationship and, if they did, to continue to access the accounts after the contract
17
supposedly terminated. In other words, the defendants’ contention that NovelPoster gave them
18
“unrestricted” access to the accounts is not as “clearly demonstrate[d]” as they assert. See Reply
19
3, 5.
20
Throughout the Complaint, NovelPoster has alleged that (i) Yancher’s and Grinberg’s
21
individual email accounts were “personal email accounts associated with their business”; (ii) the
22
defendants accessed those and other accounts and changed the passwords without providing the
23
new passwords to NovelPoster; (iii) NovelPoster never gave the defendants permission to take any
24
of the accused actions; (iv) Yancher and Grinberg expressed concern about the defendants’ actions
25
before entering the agreement; (v) the defendants refused to turn over the new passwords to
26
NovelPoster despite its demand that they do so; and (vi) the defendants continued to access the
27
accounts after the agreement purportedly ended. See Compl. ¶¶ 22-24, 36. That NovelPoster’s
28
owners “expressed concern that Defendants had changed the passwords” and asked to retain
9
1
access to all of its accounts the same day it proposed contract terms weakens the defendants’
2
argument that they did not access NovelPoster’s accounts “without authorization.” See Compl.
3
¶ 18. Indeed, NovelPoster’s attempts to restore its exclusive control of the individual NovelPoster
4
email accounts and to terminate its contract with the defendants further cuts against the
5
defendants’ assertion that they had, and continue to have, unrestricted authorization. This is a case
6
where “whether authorization existed may require a factual inquiry beyond the scope of the
7
threshold motion stage.” Global Policy Partners, LLC v. Yessin, 686 F. Supp. 2d 631, 636 (E.D.
8
Va. 2009).
9
Contrary to the defendants’ argument, the pleadings do not establish that NovelPoster
granted them “unrestricted access” to the accounts at issue. See Reply 3-4. Though the parties’
11
United States District Court
Northern District of California
10
agreement states that the defendants shall “take over all aspects of operations except for poster
12
design,” Compl. ¶ 17, that does not unambiguously entail unrestricted access to all accounts,
13
especially those accounts that NovelPoster has characterized as Yancher’s and Grinberg’s
14
“personal email account[s],” Compl. ¶ 22. While NovelPoster admits that the individual email
15
accounts were “in effect, the customer relationship management [ ] tool for Mr. Grinberg and Mr.
16
Yancher,” Compl. ¶ 11(a) (emphasis added), it is not apparent that those email accounts were the
17
exclusive means for NovelPoster to reach customers such that it would have impossible for the
18
defendants to operate NovelPoster without access to the individual email accounts.
19
Notably, the Complaint does not allege, and the defendants do not argue, that NovelPoster
20
gave the defendants the passwords to the individual email accounts. And though NovelPoster
21
gave the defendants the password to the Contact@NovelPoster.com account, which conferred on
22
the defendants the ability to access the individual email accounts and change their passwords, that
23
does not mean that the defendants were authorized to do so, especially in the face of Yancher and
24
Grinberg’s complaints when the defendants exercised that ability. NovelPoster may have simply
25
intended that the defendants have capabilities limited to the administrative account only but not
26
the individual accounts. The pleadings are silent on this point and it is a factual issue
27
inappropriate for decision on this motion. But the fact that Yancher and Grinberg protested that
28
the defendants changed the passwords to two NovelPoster accounts and stated that they “would
10
1
need to maintain access to all NovelPoster accounts” before the agreement was confirmed
2
indicates that the scope of the defendants’ authorization with regard to NovelPoster’s accounts
3
may have been more circumscribed than the defendants assert. See Compl. ¶ 18 (emphasis
4
added).
5
The defendants’ argument that their actions may constitute misuse or misappropriation, but
6
do not fall under the CFAA as a matter of law, is unpersuasive. The Complaint focuses primarily
7
on the defendants’ access to the accounts, not what the defendants did with the information stored
8
in those accounts, so the defendants are incorrect to argue that this case is merely about
9
misappropriation or misuse of information. The defendants suggest that, as in Nosal I, in which
the court dismissed a CFAA cause of action where an employee accessed a company database and
11
United States District Court
Northern District of California
10
transferred source lists to a competitor because the accused activity constituted misuse rather than
12
unauthorized access, they did not access any protected computer “without authorization” and, at
13
most, engaged in misappropriation. See Mot. 15-16 (citing Nosal I, 676 F.3d at 863). Nosal I is
14
different from this case, however, because the defendants there undoubtedly had permission to
15
access the company files but were accused of misusing those files to start a competing business.
16
See Nosal I, 676 F.3d at 856. Here, there remains a question of whether the defendants were
17
allowed to access the accounts at issue at all.
18
The defendants argue that NovelPoster fails to plead that they circumvented a
19
“technological access barrier” and that “the Complaint [does not] show that Plaintiff made any
20
efforts to erect a ‘technological access barrier,’” such as by revoking the defendants’ password
21
access. See Mot. 5, 7, 14 (“Nowhere in Plaintiff’s Complaint is there any allegation that
22
Defendants’ password access was ever rescinded”), 21-22. The defendants further reject
23
NovelPoster’s argument that it does not need to plead circumvention of a technological access
24
barrier by distinguishing cases in which courts have said there is no such requirement from this
25
case because those cases “involve former employees gaining access to the employer’s computer
26
system on false pretenses, post-termination,” whereas this case involves a failed business
27
relationship. Reply 7 (original emphasis); see also Mot. 21 (“Plaintiffs failed to allege that
28
Defendants overcame a technical barrier”).
11
1
The defendants’ arguments are unconvincing. As Judge Koh cogently explained:
2
“The [Ninth Circuit] did not . . . explicitly hold that the CFAA is limited to hacking crimes,
or discuss the implications of so limiting the statute. . . . Hacking was only a shorthand
term used as common parlance by the court to describe the general purpose of the CFAA,
and its use of the phase ‘circumvention of technological access barriers’ was an aside that
does not appear to have been intended as having some precise definitional force.”5
3
4
5
Nosal II, 930 F. Supp. 2d at 1060-61. Moreover, to the extent that the defendants fault
6
NovelPoster for not erecting a technological access barrier, it was the defendants’ own alleged
7
actions that prevented NovelPoster from doing so after they purportedly exceeded and acted
8
without authorization concerning the accounts: by changing the passwords on the various
9
accounts and refusing to turn over the new passwords to NovelPoster despite its demands that they
do so, the defendants kept NovelPoster from taking the precise action they now assert it failed to
11
United States District Court
Northern District of California
10
take.
12
The defendants make much of the fact that the parties are not in an employer-employee
13
relationship, noting that many of the CFAA cases cited by NovelPoster involve such a
14
relationship. Reply 4-5; see also Mot. 5 (“Plaintiff’s use of the CFAA is novel in other ways as
15
well. Most CFAA cases in the Ninth Circuit deal with a former employee accessing an
16
employer’s computer with adverse interests to the employer . . . .”). They do not explain why this
17
is relevant—no authority cited states that a CFAA violation can only occur in an employment
18
context. Though many cases dealing with exceeding authorization involve employers and
19
employees, as NovelPoster correctly observes, “While the Nosal and Brekka cases dealt with an
20
employer authorizing its employee to access its protected computers, the rule applies equally to
21
other situations as it is the owner of the protected computer that decides whether someone is
22
authorized to access its computer’s [sic] or not.” Opp’n 11. Regardless of whether an
23
employment relationship was involved, the relevant question is whether authorization to access a
24
protected computer was absent or exceeded, and NovelPoster has raised an issue of fact in that
25
regard.
26
The defendants also raised a number of issues about the scope of the parties’ contract itself
27
5
28
To be clear, NovelPoster also accuses the defendants of exceeding authorization, a context in
which circumventing a technological access barrier makes little sense.
12
1
and whether it was effectively terminated when NovelPoster claims to have done so. For example,
2
the defendants assert that any of NovelPoster’s and its owners’ statements outside of the contract
3
cannot modify what the contract explicitly states. Reply 5-6. They also assert that NovelPoster
4
did not have the unilateral authority to terminate the agreement. Mot. 3-4.
5
As the defendants rightly recognize, “this dispute is entirely about two parties with
6
differing interpretations of the terms of a business relationship,” Opp’n 4, but the “terms” of that
7
business relationship include the extent to which the defendants could access the accounts at issue.
8
The scope of those terms remain issues of fact. Though the defendants argue that the language of
9
the contract is clear and nothing NovelPoster, Yancher, or Grinberg said or did could modify its
terms, they are incorrect. As the Supreme Court of California has said, “rational interpretation [of
11
United States District Court
Northern District of California
10
a contract] requires at least a preliminary consideration of all credible evidence offered to prove
12
the intention of the parties,” and this evidence includes the “circumstances surrounding the making
13
of the agreement . . . so that the court can place itself in the same situation in which the parties
14
found themselves at the time of contracting.” Pac. Gas & Elec. Co. v. G. W. Thomas Drayage &
15
Rigging Co., 69 Cal. 2d 33, 39-40 (1968) (internal quotation marks and citations omitted). The
16
scope of NovelPoster’s authorization is in dispute and the defendants are not entitled to judgment
17
on the pleadings on this basis.
18
C. NovelPoster Fails To Adequately Plead Loss.
19
The parties dispute whether NovelPoster has alleged losses sufficient to sustain a claim
20
under the CFAA. “Damage” under the CFAA includes “any impairment to the integrity or
21
availability of data, a program, a system, or information.” 18 U.S.C. § 1030(e)(8). “Loss” under
22
the CFAA includes “any reasonable cost to any victim, including the cost of responding to an
23
offense, conducting a damage assessment, and restoring the data, program, system, or information
24
to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential
25
damages incurred because of interruption of service.” 18 U.S.C. § 1030(e)(11). “[D]istrict courts
26
in the Ninth Circuit have held that it is not necessary for data to be physically changed or erased to
27
constitute damage to that data. . . . It is sufficient to show that there has been an impairment to the
28
integrity of data, as when an intruder retrieves password information from a computer and the
13
1
rightful computer owner must take corrective measures ‘to prevent the infiltration and gathering of
2
confidential information.’” Multiven, Inc. v. Cisco Sys., Inc., 725 F. Supp. 2d 887, 894-95 (N.D.
3
Cal. 2010) (Ware, J.) (citations omitted). The cost of investigating unauthorized access and
4
securing a computer network constitutes losses. Kimberlite Corp. v. Does 1-20, No. 08-cv-2147-
5
TEH, 2008 WL 2264485, at *2, (N.D. Cal. June 2, 2008).
The defendants assert that NovelPoster cannot meet the CFAA’s loss requirement because
7
NovelPoster’s claim of loss is too vague. Mot. 18. Regarding loss, NovelPoster’s sole allegation
8
is that, “[a]s a result of Defendants’ conduct, [NovelPoster] has suffered damages and/or loss in
9
excess of $5,000 in the year preceding the date of this filing, but the damages grow each day that
10
Defendants refuse to acknowledge termination of the Agreement.” Compl. ¶ 44. The defendants
11
United States District Court
Northern District of California
6
point out that NovelPoster claims a loss of business, but not that customers were impeded from
12
making purchases while NovelPoster’s owners could not access its email accounts. Mot. 18;
13
Reply 12.
14
The defendants also maintain that NovelPoster cannot bring a CFAA claim because it does
15
not have standing to allege loss to “protected computers” that it does not actually own, operate, or
16
maintain. Mot. 18-19 (citing Nexans Wires S.A. v. Sark-USA, Inc., 319 F. Supp. 2d 468, 475
17
(S.D.N.Y. 2004) (defining “loss” as the “cost of investigating or remedying damage to a computer,
18
or a cost incurred because the computer’s service was interrupted”)). They reason that because
19
NovelPoster’s business is conducted on third-party software programs, NovelPoster does not
20
actually own, operate, or maintain these “computers” and, thus, cannot be said to have suffered
21
any loss to those computers.
22
NovelPoster alleges that the defendants caused harm amounting to greater than $5,000, and
23
damages continue to accumulate. Compl. ¶ 44. It claims damages based on the attorney’s fees
24
and costs supposedly needed to investigate the alleged misconduct and to prosecute this lawsuit, as
25
well as “lost sales opportunities, unjust enrichment via cross-marketing, and loss of access to
26
data.” Opp’n 13-14. NovelPoster contends this it “is not required to literally own the servers or
27
host computers that have been wrongfully accessed” in order to maintain a CFAA cause of action.
28
Opp’n 12 (quoting Theofel v. Farey-Jones, 359 F.3d 1066, 1078 (9th Cir. 2004) (“The civil
14
1
remedy extends to any person who suffers damage . . . . Individuals other than the computer’s
2
owner may be proximately harmed by unauthorized access, particularly if they have rights to data
3
stored on it.”) (brackets and emphasis omitted)). NovelPoster further responds that NovelPoster’s
4
inability to access the email accounts for which the defendants changed passwords constitutes an
5
“interruption of service” because NovelPoster could not reach or use the data and information
6
contained in the accounts. Opp’n 14.
The defendants are entitled to judgment as a matter of law on the CFAA cause of action
7
8
because NovelPoster fails to adequately allege loss or damages. Its sole allegation in this regard—
9
that NovelPoster “has suffered damages and/or loss in excess of $5,000 in the year preceding the
date of this filing, but the damages grow each day that Defendants refuse to acknowledge
11
United States District Court
Northern District of California
10
termination of the Agreement,” Compl. ¶ 44—is nothing more than a “conclusory allegation[ ] of
12
harm” insufficient to sustain a CFAA claim. See NetApp, 2014 WL 1903639, at *13. With
13
respect to damage, NovelPoster does not plead any “any impairment to the integrity or availability
14
of data, a program, a system, or information.” 18 U.S.C. § 1030(e)(8); see also NetApp, 2014 WL
15
1903639, at *12-13 (“[the plaintiff] alleges only that [the defendant] accessed its databases
16
without permission, not that he damaged any systems or destroyed any data”). With respect to
17
loss, NovelPoster’s allegation “set[s] forth only a bare legal conclusion, couched as fact, that [it]
18
incurred costs.” In re Google Android Consumer Privacy Litig., No. 11-md-2264-JSW, 2013 WL
19
1283236, at *7 (N.D. Cal. Mar. 26, 2013). Its “assessment of loss” is “entirely speculative”
20
because it is “devoid of any specific details from which a factfinder could calculate an amount of
21
loss.” Doyle v. Taylor, No. 09-cv-158, 2010 WL 2163521, at *3 (E.D. Wash. May 24, 2010),
22
aff’d sub nom. Doyle v. Chase, 434 F. App’x 656 (9th Cir. 2011). NovelPoster itself appears to
23
recognize that its pleading is lacking because it requests several times in its opposition brief leave
24
to amend its complaint. As the Complaint now reads, NovelPoster’s CFAA claim is deficient and
25
the defendants are entitled to judgment on the pleadings for that cause of action.6, 7
26
6
27
28
The defendants are incorrect to assert that NovelPoster must “own” the protected computers at
issue in order to have standing to bring a CFAA claim. See Theofel, 359 F.3d at 1078 (“The
district court erred by reading an ownership or control requirement into the Act.”).
7
The defendants argue that the rule of lenity weighs in their favor with respect to this cause of
15
1
II.
THIRD CAUSE OF ACTION: CDAFA VIOLATION
2
NovelPoster alleges that the defendants violated the CDAFA, California’s corollary to the
3
CFAA. Compl. ¶¶ 57-59. As with the CFAA claim, the parties dispute the existence or extent of
4
the defendants’ authorization to access and use NovelPoster’s accounts.
5
6
7
8
9
10
United States District Court
Northern District of California
11
12
13
14
15
The relevant provision of the CDAFA provides that a person is liable who:
(1) Knowingly accesses and without permission alters, damages,
deletes, destroys, or otherwise uses any data, computer, computer
system, or computer network in order to either (A) devise or execute
any scheme or artifice to defraud, deceive, or extort, or (B)
wrongfully control or obtain money, property, or data. (2)
Knowingly accesses and without permission takes, copies, or makes
use of any data from a computer, computer system, or computer
network, or takes or copies any supporting documentation, whether
existing or residing internal or external to a computer, computer
system, or computer network.
(3) Knowingly and without
permission uses or causes to be used computer services. (4)
Knowingly accesses and without permission adds, alters, damages,
deletes, or destroys any data, computer software, or computer
programs which reside or exist internal or external to a computer,
computer system, or computer network. (5) Knowingly and without
permission disrupts or causes the disruption of computer services or
denies or causes the denial of computer services to an authorized
user of a computer, computer system, or computer network. . . . (7)
Knowingly and without permission accesses or causes to be
accessed any computer, computer system, or computer network.
16
CAL. PENAL CODE § 502(c)(1)-(5), (7). Parties act “without permission” when they “circumvent[ ]
17
technical or code-based barriers in place to restrict or bar a user’s access.” Facebook v. Power
18
Ventures, Inc., 844 F. Supp. 2d 1025, 1036 (N.D. Cal. 2012) (Ware, J.). An individual “who
19
suffers damage or loss by reason of a violation” may bring a private action for damages and
20
equitable relief. CAL. PENAL CODE § 502(e)(1). “[T]he necessary elements of Section 502 do not
21
22
23
24
25
26
27
28
action. The rule of lenity does not weigh in the defendants’ favor. “It is well established that
‘ambiguity concerning the ambit of criminal statutes should be resolved in favor of lenity.’”
United States v. Carr, 513 F.3d 1164, 1168 (9th Cir. 2008) (citation omitted). The rule is equally
relevant in the civil context if the statute at issue is also criminal. Brekka, 581 F.3d at 1134. But
as the Ninth Circuit has said in the context of considering how the rule of lenity applied to the
CFAA in a civil case, “we hold that a person uses a computer ‘without authorization’ under
§§ 1030(a)(2) and (4) when the person has not received permission to use the computer for any
purpose (such as when a hacker accesses someone’s computer without any permission), or when
the [computer’s owner] has rescinded permission to access the computer and the defendant uses
the computer anyway.” Brekka, 581 F.3d at 1135. The pleadings accuse the defendants of doing
exactly that. The defendants identify no other ambiguity warranting application of the rule.
Accordingly, the rule of lenity is not a bar to holding the defendants liable under the CFAA if
NovelPoster’s allegations prove true. In any event, this issue is mooted by this Order.
16
1
differ materially from the necessary elements of the CFAA . . . .” Multiven, 725 F. Supp. 2d at
2
895; see also New Show Studios LLC v. Needle, No. 14-cv-1250, 2014 WL 2988271, at *7 (C.D.
3
Cal. June 30, 2014) (disposing of CFAA and CDAFA claims jointly); Integral Dev. Corp. v. Tolat,
4
No. 12-cv-6575-JSW, 2013 WL 5781581, at *3-4 (N.D. Cal. Oct. 25, 2013) (same).8
The defendants’ motion for judgment on the pleadings for the CDAFA cause of action
5
6
succeeds for the same reason their motion succeeds with regard to the CFAA claim: while
7
whether the defendants acted “without permission” remains in dispute,9 the complaint does not
8
adequately plead that NovelPoster “suffer[ed] damage or loss by reason of a violation.” CAL.
9
PENAL CODE § 502(e)(1); see also Perkins v. LinkedIn Corp., No. 13-cv-4303-LHK, 2014 WL
2751053, at *18 (N.D. Cal. June 12, 2014) (requiring plaintiffs to plead that they “have suffered
11
United States District Court
Northern District of California
10
[ ] tangible harm from the alleged Section 502 violations”).
12
III.
SECOND CAUSE OF ACTION: WIRETAP ACT VIOLATION
The Wiretap Act makes liable any person who “intentionally intercepts, endeavors to
13
14
intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or
15
electronic communication.” 18 U.S.C. § 2511(1)(a). A civil cause of action is available to “any
16
person whose wire, oral, or electronic communication is intercepted, disclosed, or intentionally
17
used in violation of this [law].” 18 U.S.C. § 2520(a). The statute defines “intercept” as “the aural
18
or other acquisition of the contents of any wire, electronic, or oral communication through the use
19
of any electronic, mechanical, or other device.” 18 U.S.C. § 2510(4). “Such acquisition occurs
20
‘when the contents of a wire communication are captured or redirected in any way.’” Noel v. Hall,
21
568 F.3d 743, 749 (9th Cir. 2009) (citation omitted). “[E]lectronic, mechanical, or other device”
22
includes:
any device or apparatus which can be used to intercept a wire, oral,
23
24
8
25
26
27
28
However, under the CDAFA, a plaintiff must also allege that the defendant “overc[a]me some
technical or code barrier.” Enki Corp. v. Freedman, No. 13-cv-2201-PSG, 2014 WL 261798, at
*3 (N.D. Cal. Jan. 23, 2014).
9
The defendants correctly note that California Penal Code Section 502(h) contains an exception
for acts committed within the scope of employment, and they argue the exception should apply to
them even though the parties were not technically in an employment relationship. Mot. 21-22
(citing CAL. PENAL CODE § 502(h)). As discussed above, the existence and scope of authorization
remains a disputed issue of fact, so this exception would not help them.
17
or electronic communication other than [ ] any telephone or
telegraph instrument, equipment or facility, or any component
thereof, [ ] furnished to the subscriber or user by a provider of wire
or electronic communication service in the ordinary course of its
business and being used by the subscriber or user in the ordinary
course of its business or furnished by such subscriber or user for
connection to the facilities of such service and used in the ordinary
course of its business.
1
2
3
4
5
18 U.S.C. § 2510(5)(a). It is not unlawful, however, for a “party to the communication” “to
6
intercept a wire, oral, or electronic communication . . . where one of the parties to the
7
communication has given prior consent to such interception.” 18 U.S.C. § 2511(2)(d). Consent to
8
an interception can be explicit or implied. See United States v. Van Poyck, 77 F.3d 285, 292 (9th
9
Cir. 1996).
A further limitation to the Wiretap Act is described in Konop v. Hawaii Airlines, Inc.,
11
United States District Court
Northern District of California
10
where the Ninth Circuit held that for a communication “to be ‘intercepted’ in violation of the
12
Wiretap Act, it must be acquired during transmission, not while it is in electronic storage.” 302
13
F.3d 868, 878 (9th Cir. 2002). The court explained that “[t]his conclusion is consistent with the
14
ordinary meaning of ‘intercept,’ which is ‘to stop, seize, or interrupt in progress or course before
15
arrival.’” Id. (quoting WEBSTER’S NINTH NEW COLLEGIATE DICTIONARY 630 (1985)). In other
16
words, “acquisition of email messages stored on an electronic [ ] system, but not yet retrieved by
17
the intended recipients, [i]s not an ‘interception’ under the Wiretap Act.” Id. at 876 (endorsing
18
Steve Jackson Games, Inc. v. United States Secret Serv., 36 F.3d 457, 460 (5th Cir. 1994)).
19
Given the speed of email, the Wiretap Act’s application to that form of electronic
20
communication is undoubtedly limited. In adopting the Ninth Circuit’s reasoning in Konop, the
21
Eleventh Circuit quoted from a law review article which explained,
22
23
24
25
26
27
28
There is only a narrow window during which an E-mail interception may occur—the
seconds or mili-seconds before which a newly composed message is saved to any
temporary location following a send command. Therefore, unless some type of automatic
routing software is used (for example, a duplicate of all of an employee’s messages are
automatically sent to the employee’s boss), interception of E-mail within the prohibition of
the Wiretap Act is virtually impossible.
United States v. Steiger, 318 F.3d 1039, 1050 (11th Cir. 2003) (quoting Jarrod J. White, E–Mail
@Work.com: Employer Monitoring of Employee E-Mail, 48 ALA. L. REV. 1079, 1083 (1997)
(brackets omitted)). The Ninth Circuit has therefore observed that “the existing statutory
18
1
framework is ill-suited to address modern forms of communication.” Konop, 302 F.3d at 874.
2
Nonetheless, courts have almost uniformly applied this understanding of the statute. Pure Power
3
Boot Camp v. Warrior Fitness Boot Camp, 587 F. Supp. 2d 548, 555 (S.D.N.Y. 2008) (“The
4
majority of courts which have addressed the issue have determined that e-mail stored on an
5
electronic communication service provider’s systems after it has been delivered, as opposed to e-
6
mail stored on a personal computer, is a stored communication [not subject to the Wiretap Act].”);
7
see also Fraser v. Nationwide Mut. Ins. Co., 352 F.3d 107, 113 (3d Cir. 2003) (“While Congress’s
8
definition of ‘intercept’ does not appear to fit with its intent to extend protection to electronic
9
communications, it is for Congress to cover the bases untouched.”).
10
Courts have explained that, for a Wiretap Act violation to occur, the defendants’ actions
United States District Court
Northern District of California
11
must “halt the transmission of the messages to their intended recipients.” Exec. Sec. Mgmt., Inc. v.
12
Dahl, 830 F. Supp. 2d 883, 904 (C.D. Cal. 2011) (quoting Bunnell v. Motion Picture Ass’n of Am.,
13
567 F. Supp. 2d 1148, 1154 (C.D. Cal. 2007)). Thus, reading emails that have already been
14
received in an email account’s inbox does not constitute “intercept[ion]” under the statute. See
15
Mintz v. Mark Bartelstein & Assocs. Inc., 906 F. Supp. 2d 1017, 1031 (C.D. Cal. 2012) (granting
16
summary judgment to defendants where “[t]he undisputed facts [ ] show that Defendants did not
17
access, disclose, or use any emails that had been acquired during transmission. Rather, the emails
18
Defendants viewed were stored on Gmail.”); see also Yessin, 686 F. Supp. 2d at 638 (“a qualifying
19
‘intercept’ under the [Wiretap Act] . . . can only occur where an e-mail communication is accessed
20
at some point between the time the communication is sent and the time it is received by the
21
destination server”). Nor does it matter if the intended recipient had not read the emails intended
22
to reach that recipient before it was allegedly intercepted. Pure Power Boot Camp, Inc. v. Warrior
23
Fitness Boot Camp, LLC, 759 F. Supp. 2d 417, 431 (S.D.N.Y. 2010) (“there was no evidence that
24
the emails were intercepted at the same time they were transmitted, and [ ] the evidence indicated
25
instead that the emails were accessed after they had been delivered . . . electronic communications
26
cannot be intercepted for purposes of the [Wiretap Act] after they have been delivered”); Yessin,
27
686 F. Supp. 2d at 638 (“Irrespective of whether Mrs. Yessin read the e-mail messages in
28
question, they had reached their destination server. Accordingly, they were no longer in
19
1
2
transmission by the time Mr. Yessin allegedly accessed them.”).
The defendants contend that this cause of action cannot be proved on the facts alleged.
3
They argue that they were authorized to use the accounts as part of their “take over” of
4
NovelPoster’s operations. Mot. 8. As the Complaint alleges, the individual NovelPoster accounts
5
were tools for customer relations used by Yancher and Grinberg before the defendants assumed
6
control of the business. Mot. 23-24. Accordingly, the defendants argue, as the operators of
7
NovelPoster, they qualify for the exemption in the Wiretap Act for any “party to the
8
communication” at issue. Mot. 24 (citing 18 U.S.C. § 2511(2)(c)). Furthermore, the defendants
9
assert that because they did not use a “device” to access the emails in the individual NovelPoster
accounts other than Microsoft Outlook or Gmail, they did not “intercept” them under the Act.
11
United States District Court
Northern District of California
10
Mot. 23-24; see also Crowley v. Cybersource Corp. & Amazon, Inc., 166 F. Supp. 2d 1263, 1269
12
(N.D. Cal. 2001) (holding that the plaintiff failed to demonstrate the defendant had intercepted the
13
communication “because [the defendant] did not acquire it using a device other than the drive or
14
server on which the e-mail was received”).
15
NovelPoster argues the defendants intentionally intercepted and used emails from the
16
individual email accounts without authorization “to unjustly retain money from NovelPoster, and
17
to aid in the marketing of other products [the defendants] sell that are unrelated to NovelPoster.”
18
Opp’n 21-21 (citing Compl. ¶¶ 22-24, 34). It asserts that the defendants were not authorized to
19
use the individual email accounts merely because they were charged with NovelPoster’s
20
operation—the accounts were the customer relationship management tools for Yancher and
21
Grinberg individually. Opp’n 21-22. It states that the defendants’ wrongful access of the
22
individual email accounts and redirection of emails constitutes use of a “device” under the statute.
23
Opp’n 22. And it contends that, regardless of any rights the defendants may have had prior to the
24
alleged contract termination, the defendants were not a party to any NovelPoster communications
25
after that termination and any consent to view such communications was immediately revoked.
26
Opp’n 23.
27
None of NovelPoster’s arguments make the Wiretap Act applicable. While the Complaint
28
alleges that the defendants wrongfully accessed the accounts at issue and, by changing passwords,
20
1
prevented NovelPoster from accessing certain ones, nowhere does the Complaint allege that the
2
defendants “intercepted” any “electronic communication” as understood under the Wiretap Act.10
3
The Ninth Circuit and other courts have consistently explained that any “interception” under the
4
meaning of the statute must occur during transmission of the communication. Konop, 302 F.3d at
5
878. Though NovelPoster claims that Yancher and Grinberg were never able to access their email
6
accounts due to the defendants’ alleged actions, any subsequent reading or forwarding of those
7
emails by the defendants does not constitute an illegal “interception.” Pure Power Boot Camp,
8
759 F. Supp. 2d at 431. Accordingly, based on the pleadings, NovelPoster is unable to allege a
9
violation of the Wiretap Act.
10
IV.
To support their arguments for judgment on the pleadings for the CIPA cause of action, the
11
United States District Court
Northern District of California
FOURTH CAUSE OF ACTION: CIPA VIOLATION11
12
parties rely upon the arguments they raised with regard to the Wiretap Act claim. Mot. 24-25;
13
Opp’n 23.
The analysis for a violation of CIPA is the same as that under the federal Wiretap Act. See
14
15
Opperman v. Path, No. 13-cv-453-JST, 2014 WL 1973378, at *30 (N.D. Cal. May 14, 2014)
16
(summarily dismissing CIPA claim for the same reasons the Wiretap Act claim was dismissed);
17
Hernandez v. Path, Inc., No. 12-cv-1515-YGR, 2012 WL 5194120, at *5 (N.D. Cal. Oct. 19,
18
2012) (same); Bradley v. Google, Inc., No. 06-cv-5289-WHA, 2006 WL 3798134, at *5-6 (N.D.
19
Cal. Dec. 22, 2006) (finding lack of “interception” fatal to CIPA claim). Based on the pleadings,
20
because NovelPoster is unable to allege a violation of the Wiretap Act, it is also unable to allege a
21
violation of CIPA.
CONCLUSION
22
For the reasons above, the Motion for Judgment on the Pleadings is GRANTED.
23
24
25
26
27
28
10
11
Neither of the parties briefed this issue. However, it is dispositive.
At least one court has held that CIPA is preempted by the Wiretap Act. See, e.g., Bunnell v.
Motion Picture Ass’n of Am., 567 F. Supp. 2d 1148, 1154-55 (C.D. Cal. 2007). Neither party
raised this issue, but judges on this Court have rejected that conclusion. See, e.g., Shively v.
Carrier IQ, Inc., No. 12-cv-290-EMC, 2012 WL 3026553, at *10 (N.D. Cal. July 24, 2012);
Valentine v. NebuAd, Inc., 804 F. Supp. 2d 1022, 1029 (N.D. Cal. 2011) (Henderson, J.); see also
Leong v. Carrier IQ Inc., No. 12-cv-1562, 2012 WL 1463313, at *1 (C.D. Cal. Apr. 27, 2012). In
any event, the issue is moot because of this Order’s holding.
21
1
I will grant NovelPoster leave to amend its complaint with respect to the four causes of
2
action that are the subject of this Order within 15 days of the date below. I caution that, for the
3
reasons described above, amendment is likely to be futile with regard to the Second and Fourth
4
Causes of Action. In that regard I remind counsel of their obligations under Rule 11(b) of the
5
Federal Rules of Civil Procedure. If NovelPoster wishes to allege any additional causes of action,
6
it shall seek leave of Court before doing so.
7
8
9
10
IT IS SO ORDERED.
Dated: August 4, 2014
______________________________________
WILLIAM H. ORRICK
United States District Judge
United States District Court
Northern District of California
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
22
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
